def Platform(self, responses): """Stores information about the platform.""" if responses.success: response = responses.First() client = self.state.client client.os_release = response.release client.os_version = response.version client.kernel = response.kernel client.arch = response.machine client.knowledge_base.os = response.system # Store these for later, there might be more accurate data # coming in from the artifact collector. self.state.fqdn = response.fqdn self.state.os = response.system existing_client = data_store.REL_DB.ReadClientSnapshot( self.client_id) if existing_client is None: # This is the first time we interrogate this client. In that case, we # need to store basic information about this client right away so # follow up flows work properly. data_store.REL_DB.WriteClientSnapshot(self.state.client) try: # Update the client index client_index.ClientIndex().AddClient(client) except db.UnknownClientError: pass # No support for OS X cloud machines as yet. if response.system in ["Linux", "Windows"]: self.CallClient(server_stubs.GetCloudVMMetadata, rdf_cloud.BuildCloudMetadataRequests(), next_state=compatibility.GetName( self.CloudMetadata)) known_system_type = True else: # We failed to get the Platform info, maybe there is a stored # system we can use to get at least some data. client = data_store.REL_DB.ReadClientSnapshot(self.client_id) known_system_type = client and client.knowledge_base.os self.Log("Could not retrieve Platform info.") if known_system_type: # We will accept a partial KBInit rather than raise, so pass # require_complete=False. self.CallFlow(artifact.KnowledgeBaseInitializationFlow.__name__, require_complete=False, lightweight=self.args.lightweight, next_state=compatibility.GetName( self.ProcessKnowledgeBase)) else: self.Log( "Unknown system type, skipping KnowledgeBaseInitializationFlow" )
def Platform(self, responses): """Stores information about the platform.""" if responses.success: response = responses.First() # AFF4 client. # These need to be in separate attributes because they get searched on in # the GUI with self._OpenClient(mode="rw") as client: # For backwards compatibility. client.Set(client.Schema.HOSTNAME(response.fqdn)) client.Set(client.Schema.SYSTEM(response.system)) client.Set(client.Schema.OS_RELEASE(response.release)) client.Set(client.Schema.OS_VERSION(response.version)) client.Set(client.Schema.KERNEL(response.kernel)) client.Set(client.Schema.FQDN(response.fqdn)) # response.machine is the machine value of platform.uname() # On Windows this is the value of: # HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session # Manager\Environment\PROCESSOR_ARCHITECTURE # "AMD64", "IA64" or "x86" client.Set(client.Schema.ARCH(response.machine)) client.Set( client.Schema.UNAME( "%s-%s-%s" % (response.system, response.release, response.version))) # Update the client index client_index.CreateClientIndex( token=self.token).AddClient(client) # rdf_objects.ClientSnapshot. client = self.state.client client.os_release = response.release client.os_version = response.version client.kernel = response.kernel client.arch = response.machine # Store these for later, there might be more accurate data # coming in from the artifact collector. self.state.fqdn = response.fqdn self.state.os = response.system if data_store.RelationalDBWriteEnabled(): try: # Update the client index client_index.ClientIndex().AddClient(client) except db.UnknownClientError: pass if response.system == "Windows": with aff4.FACTORY.Create(self.client_id.Add("registry"), standard.VFSDirectory, token=self.token) as fd: fd.Set( fd.Schema.PATHSPEC, fd.Schema.PATHSPEC( path="/", pathtype=rdf_paths.PathSpec.PathType.REGISTRY)) # No support for OS X cloud machines as yet. if response.system in ["Linux", "Windows"]: self.CallClient(server_stubs.GetCloudVMMetadata, rdf_cloud.BuildCloudMetadataRequests(), next_state="CloudMetadata") known_system_type = True else: # We failed to get the Platform info, maybe there is a stored # system we can use to get at least some data. if data_store.RelationalDBReadEnabled(): client = data_store.REL_DB.ReadClientSnapshot( self.client_id.Basename()) known_system_type = client and client.knowledge_base.os else: client = self._OpenClient() known_system_type = client.Get(client.Schema.SYSTEM) self.Log("Could not retrieve Platform info.") if known_system_type: # We will accept a partial KBInit rather than raise, so pass # require_complete=False. self.CallFlow(artifact.KnowledgeBaseInitializationFlow.__name__, require_complete=False, lightweight=self.args.lightweight, next_state="ProcessKnowledgeBase") else: self.Log( "Unknown system type, skipping KnowledgeBaseInitializationFlow" )