def main(argv):
"""Main."""
del argv # Unused.
# Initialise flows and config_lib
server_startup.Init()
if not flags.FLAGS.target:
store_names = ", ".join(sorted(blob_store.REGISTRY.keys()))
print("Missing --target. Use one or multiple of: {}.".format(
store_names))
exit(1)
stores = [
_MakeBlobStore(blobstore_name) for blobstore_name in flags.FLAGS.target
]
with io.open("/dev/urandom", "rb") as random_fd:
for blobstore_name, bs in zip(flags.FLAGS.target, stores):
print()
print(blobstore_name)
print("size\ttotal\tnum\tqps\t b/sec\tp50\tp90\tp95\tp99")
for size in flags.FLAGS.sizes:
size_b = rdfvalue.ByteSize(size)
durations = _RunBenchmark(
bs, size_b, flags.FLAGS.per_size_duration_seconds,
random_fd)
_PrintStats(size, size_b, durations)
def main(argv):
del argv # Unused.
if not flags.FLAGS.ignore_test_context:
config.CONFIG.AddContext(contexts.TEST_CONTEXT,
"Context for running tests.")
server_startup.Init()
for handler in logging.getLogger().handlers:
handler.addFilter(E2ELogFilter())
handler.setLevel(logging.INFO)
test_runner = runner.E2ETestRunner(
api_endpoint=flags.FLAGS.api_endpoint,
api_user=flags.FLAGS.api_user,
api_password=flags.FLAGS.api_password,
run_only_tests=flags.FLAGS.run_only_tests,
skip_tests=flags.FLAGS.skip_tests,
manual_tests=flags.FLAGS.manual_tests,
upload_test_binaries=flags.FLAGS.upload_test_binaries)
test_runner.Initialize()
results, _ = test_runner.RunTestsAgainstClient(flags.FLAGS.client_id)
# Exit with a non-0 error code if one of the tests failed.
for r in results.values():
if r.errors or r.failures:
sys.exit(1)
def main(_):
"""Run the main test harness."""
if flags.FLAGS.version:
print("GRR Admin UI {}".format(
config_server.VERSION["packageversion"]))
return
config.CONFIG.AddContext(
contexts.ADMIN_UI_CONTEXT,
"Context applied when running the admin user interface GUI.")
server_startup.Init()
if not config.CONFIG["AdminUI.headless"] and (not os.path.exists(
os.path.join(config.CONFIG["AdminUI.document_root"],
"dist/grr-ui.bundle.js")) or not os.path.exists(
os.path.join(
config.CONFIG["AdminUI.document_root"],
"dist/grr-ui.bundle.css"))):
raise RuntimeError("Can't find compiled JS/CSS bundles. "
"Please reinstall the PIP package using "
"\"pip install -e .\" to rebuild the bundles.")
server = wsgiapp.MakeServer(multi_threaded=True)
server_startup.DropPrivileges()
server.serve_forever()
def main(argv):
del argv # Unused.
if not flags.FLAGS.ignore_test_context:
config.CONFIG.AddContext(contexts.TEST_CONTEXT,
"Context for running tests.")
server_startup.Init()
for handler in logging.getLogger().handlers:
handler.addFilter(E2ELogFilter())
data_store.default_token = access_control.ACLToken(
username=getpass.getuser(), reason="End-to-end tests")
test_runner = runner.E2ETestRunner(
api_endpoint=flags.FLAGS.api_endpoint,
api_user=flags.FLAGS.api_user,
api_password=flags.FLAGS.api_password,
whitelisted_tests=flags.FLAGS.whitelisted_tests,
blacklisted_tests=flags.FLAGS.blacklisted_tests,
manual_tests=flags.FLAGS.manual_tests,
upload_test_binaries=flags.FLAGS.upload_test_binaries)
test_runner.Initialize()
results, _ = test_runner.RunTestsAgainstClient(flags.FLAGS.client_id)
# Exit with a non-0 error code if one of the tests failed.
for r in results.values():
if r.errors or r.failures:
sys.exit(1)
def main(argv=None):
del argv # Unused.
config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT)
config.CONFIG.AddContext(
contexts.CONSOLE_CONTEXT,
"Context applied when running the console binary.")
server_startup.Init()
fleetspeak_connector.Init()
username = flags.FLAGS.username
if not username:
username = os.environ["USER"]
if not username:
print("Username has to be specified with either --username flag or "
"USER environment variable.")
sys.exit(1)
grrapi = api.GrrApi(connector=api_shell_raw_access_lib.RawConnector(
token=access_control.ACLToken(username=username),
page_size=flags.FLAGS.page_size))
if flags.FLAGS.exec_code and flags.FLAGS.exec_file:
print("--exec_code --exec_file flags can't be supplied together.")
sys.exit(1)
elif flags.FLAGS.exec_code:
# pylint: disable=exec-used
exec(flags.FLAGS.exec_code, dict(grrapi=grrapi))
# pylint: enable=exec-used
elif flags.FLAGS.exec_file:
api_shell_lib.ExecFile(flags.FLAGS.exec_file, grrapi)
else:
api_shell_lib.IPShell([sys.argv[0]], user_ns=dict(grrapi=grrapi))
def main(argv):
"""Sets up all the component in their own threads."""
if flags.FLAGS.version:
print("GRR server {}".format(config_server.VERSION["packageversion"]))
return
# We use .startswith so that multiple copies of services can easily be
# created using systemd as worker1 worker2 ... worker25 etc.
if not flags.FLAGS.component:
raise ValueError("Need to specify which component to start.")
# Start as a worker.
if flags.FLAGS.component.startswith("worker"):
worker.main([argv])
# Start as a frontend that clients communicate with.
elif flags.FLAGS.component.startswith("frontend"):
server_startup.Init()
if config.CONFIG["Server.fleetspeak_enabled"]:
fleetspeak_frontend.main([argv])
else:
frontend.main([argv])
# Start as an AdminUI.
elif flags.FLAGS.component.startswith("admin_ui"):
admin_ui.main([argv])
# Raise on invalid component.
else:
raise ValueError("No valid component specified. Got: "
"%s." % flags.FLAGS.component)
def main(argv):
"""Main."""
del argv # Unused.
if flags.FLAGS.version:
print("GRR console {}".format(config_server.VERSION["packageversion"]))
return
banner = ("\nWelcome to the GRR console\n")
config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT)
config.CONFIG.AddContext(
contexts.CONSOLE_CONTEXT,
"Context applied when running the console binary.")
server_startup.Init()
fleetspeak_connector.Init()
# To make the console easier to use, we make a default token which will be
# used in StartFlow operations.
data_store.default_token = access_control.ACLToken(
username=getpass.getuser(), reason=flags.FLAGS.reason)
locals_vars = {
"__name__": "GRR Console",
"l": Lister,
"lc": GetChildrenList,
"o": aff4.FACTORY.Open,
# Bring some symbols from other modules into the console's
# namespace.
"StartFlowAndWait": flow_utils.StartFlowAndWait,
"StartFlowAndWorker": console_utils.StartFlowAndWorker,
}
locals_vars.update(globals()) # add global variables to console
if flags.FLAGS.client is not None:
locals_vars["client"], locals_vars["token"] = console_utils.OpenClient(
client_id=flags.FLAGS.client)
if flags.FLAGS.code_to_execute:
logging.info("Running code from flag: %s", flags.FLAGS.code_to_execute)
exec(flags.FLAGS.code_to_execute) # pylint: disable=exec-used
elif flags.FLAGS.command_file:
logging.info("Running code from file: %s", flags.FLAGS.command_file)
with open(flags.FLAGS.command_file, "r") as filedesc:
exec(filedesc.read()) # pylint: disable=exec-used
if (flags.FLAGS.exit_on_complete
and (flags.FLAGS.code_to_execute or flags.FLAGS.command_file)):
return
else: # We want the normal shell.
locals_vars.update(globals()) # add global variables to console
ipshell.IPShell(argv=[], user_ns=locals_vars, banner=banner)
def FinalizeConfigInit(config,
admin_password: Optional[Text] = None,
redownload_templates: bool = False,
repack_templates: bool = True,
prompt: bool = True):
"""Performs the final steps of config initialization."""
config.Set("Server.initialized", True)
print("\nWriting configuration to %s." % config["Config.writeback"])
config.Write()
print("Initializing the datastore.")
# Reload the config and initialize the GRR database.
server_startup.Init()
print("\nStep 3: Adding GRR Admin User")
try:
CreateUser("admin", password=admin_password, is_admin=True)
except UserAlreadyExistsError:
if prompt:
# pytype: disable=wrong-arg-count
if ((input("User 'admin' already exists, do you want to "
"reset the password? [yN]: ").upper() or "N") == "Y"):
UpdateUser("admin", password=admin_password, is_admin=True)
# pytype: enable=wrong-arg-count
else:
UpdateUser("admin", password=admin_password, is_admin=True)
print("\nStep 4: Repackaging clients with new configuration.")
if prompt:
redownload_templates = RetryBoolQuestion(
"Server debs include client templates. Re-download templates?",
False)
repack_templates = RetryBoolQuestion("Repack client templates?", True)
if redownload_templates:
InstallTemplatePackage()
# Build debug binaries, then build release binaries.
if repack_templates:
repacking.TemplateRepacker().RepackAllTemplates(upload=True)
print("\nGRR Initialization complete! You can edit the new configuration "
"in %s.\n" % config["Config.writeback"])
if prompt and os.geteuid() == 0:
restart = RetryBoolQuestion(
"Restart service for the new configuration "
"to take effect?", True)
if restart:
for service in ("grr-server", "fleetspeak-server"):
try:
print(f"Restarting service: {service}.")
subprocess.check_call(["service", service, "restart"])
except subprocess.CalledProcessError as e:
print(f"Failed to restart: {service}.")
print(e, file=sys.stderr)
else:
print("Please restart the service for the new configuration to take "
"effect.\n")
def FinalizeConfigInit(config, token):
"""Performs the final steps of config initialization."""
config.Set("Server.initialized", True)
print("\nWriting configuration to %s." % config["Config.writeback"])
config.Write()
print("Initializing the datastore.")
# Reload the config and initialize the GRR database.
server_startup.Init()
print("\nStep 3: Adding GRR Admin User")
try:
maintenance_utils.AddUser("admin",
labels=["admin"],
token=token,
password=flags.FLAGS.admin_password)
except maintenance_utils.UserError:
if flags.FLAGS.noprompt:
maintenance_utils.UpdateUser("admin",
password=flags.FLAGS.admin_password,
add_labels=["admin"],
token=token)
else:
# pytype: disable=wrong-arg-count
if ((builtins.input("User 'admin' already exists, do you want to "
"reset the password? [yN]: ").upper()
or "N") == "Y"):
maintenance_utils.UpdateUser("admin",
password=True,
add_labels=["admin"],
token=token)
# pytype: enable=wrong-arg-count
print("\nStep 4: Repackaging clients with new configuration.")
redownload_templates = False
repack_templates = False
if flags.FLAGS.noprompt:
redownload_templates = flags.FLAGS.redownload_templates
repack_templates = not flags.FLAGS.norepack_templates
else:
redownload_templates = RetryBoolQuestion(
"Server debs include client templates. Re-download templates?",
False)
repack_templates = RetryBoolQuestion("Repack client templates?", True)
if redownload_templates:
InstallTemplatePackage()
# Build debug binaries, then build release binaries.
if repack_templates:
repacking.TemplateRepacker().RepackAllTemplates(upload=True,
token=token)
print("\nGRR Initialization complete! You can edit the new configuration "
"in %s.\n" % config["Config.writeback"])
print("Please restart the service for the new configuration to take "
"effect.\n")
def main(argv: Any) -> None:
"""Main."""
del argv # Unused.
if flags.FLAGS.version:
print(f"GRRafana server {config_server.VERSION['packageversion']}")
return
config.CONFIG.AddContext(contexts.GRRAFANA_CONTEXT,
"Context applied when running GRRafana server.")
server_startup.Init()
fleetspeak_connector.Init()
werkzeug_serving.run_simple(config.CONFIG["GRRafana.bind"],
config.CONFIG["GRRafana.port"], Grrafana())
def main(argv):
"""Main."""
del argv # Unused.
config.CONFIG.AddContext(contexts.WORKER_CONTEXT,
"Context applied when running a worker.")
# Initialise flows and config_lib
server_startup.Init()
fleetspeak_connector.Init()
token = access_control.ACLToken(username="******").SetUID()
worker_obj = worker_lib.GRRWorker(token=token)
worker_obj.Run()
def main(argv):
"""Main."""
del argv # Unused.
config.CONFIG.AddContext("HTTPServer Context")
server_startup.Init()
httpd = CreateServer()
server_startup.DropPrivileges()
try:
httpd.serve_forever()
except KeyboardInterrupt:
print("Caught keyboard interrupt, stopping")
def main(argv):
"""Main."""
del argv # Unused.
server_startup.Init()
filename = flags.FLAGS.filename
if not os.path.exists(filename):
print("File %s does not exist" % filename)
return
with aff4.FACTORY.Create(filestore.NSRLFileStore.PATH,
filestore.NSRLFileStore,
mode="rw",
token=aff4.FACTORY.root_token) as store:
imported = ImportFile(store, filename, flags.FLAGS.start)
data_store.DB.Flush()
print("Imported %d hashes" % imported)
def main(argv):
"""Main."""
del argv # Unused.
if flags.FLAGS.version:
print("GRR worker {}".format(config_server.VERSION["packageversion"]))
return
config.CONFIG.AddContext(contexts.WORKER_CONTEXT,
"Context applied when running a worker.")
# Initialise flows and config_lib
server_startup.Init()
fleetspeak_connector.Init()
worker_obj = worker_lib.GRRWorker()
worker_obj.Run()
def main(argv):
del argv # Unused.
config.CONFIG.AddContext(contexts.TEST_CONTEXT,
"Context for running tests.")
server_startup.Init()
for handler in logging.getLogger().handlers:
handler.addFilter(E2ELogFilter())
data_store.default_token = access_control.ACLToken(
username=getpass.getuser(), reason="End-to-end tests")
test_runner = runner.E2ETestRunner(
api_endpoint=flags.FLAGS.api_endpoint,
api_user=flags.FLAGS.api_user,
api_password=flags.FLAGS.api_password,
whitelisted_tests=flags.FLAGS.whitelisted_tests,
blacklisted_tests=flags.FLAGS.blacklisted_tests,
upload_test_binaries=flags.FLAGS.upload_test_binaries)
test_runner.Initialize()
test_runner.RunTestsAgainstClient(flags.FLAGS.client_id)
def main(argv):
"""Main."""
del argv # Unused.
if flags.FLAGS.version:
print("GRR console {}".format(config_server.VERSION["packageversion"]))
return
banner = ("\nWelcome to the GRR console\n")
config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT)
config.CONFIG.AddContext(
contexts.CONSOLE_CONTEXT,
"Context applied when running the console binary.")
server_startup.Init()
fleetspeak_connector.Init()
locals_vars = {
"__name__": "GRR Console",
# Bring some symbols from other modules into the console's
# namespace.
"StartFlowAndWait": flow_utils.StartFlowAndWait,
}
locals_vars.update(globals()) # add global variables to console
if flags.FLAGS.code_to_execute:
logging.info("Running code from flag: %s", flags.FLAGS.code_to_execute)
exec(flags.FLAGS.code_to_execute) # pylint: disable=exec-used
elif flags.FLAGS.command_file:
logging.info("Running code from file: %s", flags.FLAGS.command_file)
with open(flags.FLAGS.command_file, "r") as filedesc:
exec(filedesc.read()) # pylint: disable=exec-used
if (flags.FLAGS.exit_on_complete
and (flags.FLAGS.code_to_execute or flags.FLAGS.command_file)):
return
else: # We want the normal shell.
locals_vars.update(globals()) # add global variables to console
ipshell.IPShell(argv=[], user_ns=locals_vars, banner=banner)
def main(argv):
del argv # Unused.
config.CONFIG.AddContext("FleetspeakFrontend Context")
server_startup.Init()
server_startup.DropPrivileges()
fleetspeak_connector.Init()
fsd = GRRFSServer()
fleetspeak_connector.CONN.Listen(fsd.Process)
logging.info("Serving through Fleetspeak ...")
try:
while True:
time.sleep(600)
except KeyboardInterrupt:
print("Caught keyboard interrupt, stopping")
def FinalizeConfigInit(config,
admin_password=None,
redownload_templates=False,
repack_templates=True,
prompt=True):
"""Performs the final steps of config initialization."""
config.Set("Server.initialized", True)
print("\nWriting configuration to %s." % config["Config.writeback"])
config.Write()
print("Initializing the datastore.")
# Reload the config and initialize the GRR database.
server_startup.Init()
print("\nStep 3: Adding GRR Admin User")
try:
CreateUser("admin", password=admin_password, is_admin=True)
except UserAlreadyExistsError:
if prompt:
# pytype: disable=wrong-arg-count
if ((input("User 'admin' already exists, do you want to "
"reset the password? [yN]: ").upper() or "N") == "Y"):
UpdateUser("admin", password=admin_password, is_admin=True)
# pytype: enable=wrong-arg-count
else:
UpdateUser("admin", password=admin_password, is_admin=True)
print("\nStep 4: Repackaging clients with new configuration.")
if prompt:
redownload_templates = RetryBoolQuestion(
"Server debs include client templates. Re-download templates?",
False)
repack_templates = RetryBoolQuestion("Repack client templates?", True)
if redownload_templates:
InstallTemplatePackage()
# Build debug binaries, then build release binaries.
if repack_templates:
repacking.TemplateRepacker().RepackAllTemplates(upload=True)
print("\nGRR Initialization complete! You can edit the new configuration "
"in %s.\n" % config["Config.writeback"])
print("Please restart the service for the new configuration to take "
"effect.\n")
def main(argv):
"""Main."""
del argv # Unused.
if flags.FLAGS.version:
print("GRR frontend {}".format(
config_server.VERSION["packageversion"]))
return
config.CONFIG.AddContext("HTTPServer Context")
server_startup.Init()
httpd = CreateServer()
server_startup.DropPrivileges()
try:
httpd.serve_forever()
except KeyboardInterrupt:
print("Caught keyboard interrupt, stopping")
def AddUsers(token=None):
# Now initialize with our modified config.
server_startup.Init()
print("\nStep 3: Adding Admin User")
try:
maintenance_utils.AddUser("admin",
labels=["admin"],
token=token,
password=flags.FLAGS.admin_password)
except maintenance_utils.UserError:
if flags.FLAGS.noprompt:
maintenance_utils.UpdateUser("admin",
password=flags.FLAGS.admin_password,
add_labels=["admin"],
token=token)
else:
if ((input("User 'admin' already exists, do you want to "
"reset the password? [yN]: ").upper() or "N") == "Y"):
maintenance_utils.UpdateUser("admin",
password=True,
add_labels=["admin"],
token=token)
def main(argv):
del argv # Unused.
server_startup.Init()
MigrateArtifacts()
def main(argv):
"""Main."""
del argv # Unused.
if flags.FLAGS.subparser_name == "version":
version = config_server.VERSION["packageversion"]
print("GRR configuration updater {}".format(version))
return
token = config_updater_util.GetToken()
grr_config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT)
grr_config.CONFIG.AddContext(contexts.CONFIG_UPDATER_CONTEXT)
if flags.FLAGS.subparser_name == "initialize":
config_lib.ParseConfigCommandLine()
if flags.FLAGS.noprompt:
config_updater_util.InitializeNoPrompt(grr_config.CONFIG,
token=token)
else:
config_updater_util.Initialize(grr_config.CONFIG, token=token)
return
server_startup.Init()
try:
print("Using configuration %s" % grr_config.CONFIG)
except AttributeError:
raise RuntimeError("No valid config specified.")
if flags.FLAGS.subparser_name == "generate_keys":
try:
config_updater_util.GenerateKeys(
grr_config.CONFIG, overwrite_keys=flags.FLAGS.overwrite_keys)
except RuntimeError as e:
# GenerateKeys will raise if keys exist and overwrite_keys is not set.
print("ERROR: %s" % e)
sys.exit(1)
grr_config.CONFIG.Write()
elif flags.FLAGS.subparser_name == "repack_clients":
upload = not flags.FLAGS.noupload
repacking.TemplateRepacker().RepackAllTemplates(upload=upload,
token=token)
elif flags.FLAGS.subparser_name == "show_user":
if flags.FLAGS.username:
print(config_updater_util.GetUserSummary(flags.FLAGS.username))
else:
print(config_updater_util.GetAllUserSummaries())
elif flags.FLAGS.subparser_name == "update_user":
config_updater_util.UpdateUser(flags.FLAGS.username,
password=flags.FLAGS.password,
is_admin=flags.FLAGS.admin)
elif flags.FLAGS.subparser_name == "delete_user":
config_updater_util.DeleteUser(flags.FLAGS.username)
elif flags.FLAGS.subparser_name == "add_user":
config_updater_util.CreateUser(flags.FLAGS.username,
password=flags.FLAGS.password,
is_admin=flags.FLAGS.admin)
elif flags.FLAGS.subparser_name == "upload_python":
config_updater_util.UploadSignedBinary(
flags.FLAGS.file,
rdf_objects.SignedBinaryID.BinaryType.PYTHON_HACK,
flags.FLAGS.platform,
upload_subdirectory=flags.FLAGS.upload_subdirectory,
token=token)
elif flags.FLAGS.subparser_name == "upload_exe":
config_updater_util.UploadSignedBinary(
flags.FLAGS.file,
rdf_objects.SignedBinaryID.BinaryType.EXECUTABLE,
flags.FLAGS.platform,
upload_subdirectory=flags.FLAGS.upload_subdirectory,
token=token)
elif flags.FLAGS.subparser_name == "set_var":
config = grr_config.CONFIG
print("Setting %s to %s" % (flags.FLAGS.var, flags.FLAGS.val))
if flags.FLAGS.val.startswith("["): # Allow setting of basic lists.
flags.FLAGS.val = flags.FLAGS.val[1:-1].split(",")
config.Set(flags.FLAGS.var, flags.FLAGS.val)
config.Write()
elif flags.FLAGS.subparser_name == "upload_artifact":
yaml.load(open(flags.FLAGS.file, "rb")) # Check it will parse.
try:
artifact.UploadArtifactYamlFile(
open(flags.FLAGS.file, "rb").read(),
overwrite=flags.FLAGS.overwrite_artifact)
except rdf_artifacts.ArtifactDefinitionError as e:
print("Error %s. You may need to set --overwrite_artifact." % e)
elif flags.FLAGS.subparser_name == "delete_artifacts":
artifact_list = flags.FLAGS.artifact
if not artifact_list:
raise ValueError("No artifact to delete given.")
artifact_registry.DeleteArtifactsFromDatastore(artifact_list,
token=token)
print("Artifacts %s deleted." % artifact_list)
elif flags.FLAGS.subparser_name == "download_missing_rekall_profiles":
print("Downloading missing Rekall profiles.")
s = rekall_profile_server.GRRRekallProfileServer()
s.GetMissingProfiles()
elif flags.FLAGS.subparser_name == "rotate_server_key":
print("""
You are about to rotate the server key. Note that:
- Clients might experience intermittent connection problems after
the server keys rotated.
- It's not possible to go back to an earlier key. Clients that see a
new certificate will remember the cert's serial number and refuse
to accept any certificate with a smaller serial number from that
point on.
""")
if builtins.input("Continue? [yN]: ").upper() == "Y":
if flags.FLAGS.keylength:
keylength = int(flags.FLAGS.keylength)
else:
keylength = grr_config.CONFIG["Server.rsa_key_length"]
maintenance_utils.RotateServerKey(cn=flags.FLAGS.common_name,
keylength=keylength)
def setUpClass(cls):
super(CronJobRegistryTest, cls).setUpClass()
testing_startup.TestInit()
with test_lib.ConfigOverrider({"Server.initialized": True}):
server_startup.Init()
def main(args):
"""Main."""
grr_config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT)
grr_config.CONFIG.AddContext(contexts.CONFIG_UPDATER_CONTEXT)
if args.subparser_name == "initialize":
config_lib.ParseConfigCommandLine()
if args.noprompt:
config_updater_util.InitializeNoPrompt(
grr_config.CONFIG,
external_hostname=args.external_hostname,
admin_password=args.admin_password,
mysql_hostname=args.mysql_hostname,
mysql_port=args.mysql_port,
mysql_username=args.mysql_username,
mysql_password=args.mysql_password,
mysql_db=args.mysql_db,
mysql_client_key_path=args.mysql_client_key_path,
mysql_client_cert_path=args.mysql_client_cert_path,
mysql_ca_cert_path=args.mysql_ca_cert_path,
redownload_templates=args.redownload_templates,
repack_templates=not args.norepack_templates)
else:
config_updater_util.Initialize(
grr_config.CONFIG,
external_hostname=args.external_hostname,
admin_password=args.admin_password,
redownload_templates=args.redownload_templates,
repack_templates=not args.norepack_templates)
return
server_startup.Init()
try:
print("Using configuration %s" % grr_config.CONFIG)
except AttributeError:
raise RuntimeError("No valid config specified.")
if args.subparser_name == "generate_keys":
try:
config_updater_keys_util.GenerateKeys(
grr_config.CONFIG, overwrite_keys=args.overwrite_keys)
except RuntimeError as e:
# GenerateKeys will raise if keys exist and overwrite_keys is not set.
print("ERROR: %s" % e)
sys.exit(1)
grr_config.CONFIG.Write()
elif args.subparser_name == "repack_clients":
upload = not args.noupload
repacking.TemplateRepacker().RepackAllTemplates(upload=upload)
elif args.subparser_name == "show_user":
if args.username:
print(config_updater_util.GetUserSummary(args.username))
else:
print(config_updater_util.GetAllUserSummaries())
elif args.subparser_name == "update_user":
config_updater_util.UpdateUser(args.username,
password=args.password,
is_admin=args.admin)
elif args.subparser_name == "delete_user":
config_updater_util.DeleteUser(args.username)
elif args.subparser_name == "add_user":
config_updater_util.CreateUser(args.username,
password=args.password,
is_admin=args.admin)
elif args.subparser_name == "upload_python":
config_updater_util.UploadSignedBinary(
args.file,
rdf_objects.SignedBinaryID.BinaryType.PYTHON_HACK,
args.platform,
upload_subdirectory=args.upload_subdirectory)
elif args.subparser_name == "upload_exe":
config_updater_util.UploadSignedBinary(
args.file,
rdf_objects.SignedBinaryID.BinaryType.EXECUTABLE,
args.platform,
upload_subdirectory=args.upload_subdirectory)
elif args.subparser_name == "set_var":
var = args.var
val = args.val
config = grr_config.CONFIG
print("Setting %s to %s" % (var, val))
if val.startswith("["): # Allow setting of basic lists.
val = val[1:-1].split(",")
config.Set(var, val)
config.Write()
elif args.subparser_name == "switch_datastore":
config_updater_util.SwitchToRelDB(grr_config.CONFIG)
grr_config.CONFIG.Write()
elif args.subparser_name == "upload_artifact":
with io.open(args.file, "r") as filedesc:
source = filedesc.read()
try:
artifact.UploadArtifactYamlFile(source,
overwrite=args.overwrite_artifact)
except rdf_artifacts.ArtifactDefinitionError as e:
print("Error %s. You may need to set --overwrite_artifact." % e)
elif args.subparser_name == "delete_artifacts":
artifact_list = args.artifact
if not artifact_list:
raise ValueError("No artifact to delete given.")
artifact_registry.DeleteArtifactsFromDatastore(artifact_list)
print("Artifacts %s deleted." % artifact_list)
elif args.subparser_name == "rotate_server_key":
print("""
You are about to rotate the server key. Note that:
- Clients might experience intermittent connection problems after
the server keys rotated.
- It's not possible to go back to an earlier key. Clients that see a
new certificate will remember the cert's serial number and refuse
to accept any certificate with a smaller serial number from that
point on.
""")
if input("Continue? [yN]: ").upper() == "Y":
if args.keylength:
keylength = int(args.keylength)
else:
keylength = grr_config.CONFIG["Server.rsa_key_length"]
maintenance_utils.RotateServerKey(cn=args.common_name,
keylength=keylength)
def main(argv):
del argv # Unused.
config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT,
"Context applied for all command line tools")
server_startup.Init()
if fuse is None:
logging.fatal("""Could not start!
fusepy must be installed to run fuse_mount.py!
Try to run:
pip install fusepy
inside your virtualenv.
""")
sys.exit(1)
if not flags.FLAGS.mountpoint:
Usage()
sys.exit(1)
# We multiple inherit from GRRFuse and fuse.Operations. In the
# case that fuse is present, we run the actual FUSE layer, since we have
# fuse.Operations. In the case that fuse is not present, we have already
# exited by now if we were run from the command line, and if we were not run
# from the command line, we've been imported, and we run the tests using a
# mock fuse.
class FuseOperation(GRRFuse, fuse.Operations):
pass
root = flags.FLAGS.aff4path
username = flags.FLAGS.username or getpass.getuser()
data_store.default_token = access_control.ACLToken(
username=username, reason=flags.FLAGS.reason or "fusemount")
logging.info("fuse_mount.py is mounting %s at %s....", root,
flags.FLAGS.mountpoint)
refresh_policy = flags.FLAGS.refresh_policy
if refresh_policy == "always":
max_age_before_refresh = datetime.timedelta(0)
elif refresh_policy == "never":
# Set the max age to be the maximum possible time difference.
max_age_before_refresh = datetime.timedelta.max
elif refresh_policy == "if_older_than_max_age":
max_age_before_refresh = datetime.timedelta(
seconds=flags.FLAGS.max_age_before_refresh)
else:
# Otherwise, a flag outside the enum was given and the flag validator threw
# an execption.
pass
fuse_operation = FuseOperation(
root=root,
token=data_store.default_token,
max_age_before_refresh=max_age_before_refresh,
ignore_cache=flags.FLAGS.ignore_cache,
force_sparse_image=flags.FLAGS.force_sparse_image,
sparse_image_threshold=flags.FLAGS.sparse_image_threshold,
timeout=flags.FLAGS.timeout)
fuse.FUSE(fuse_operation,
flags.FLAGS.mountpoint,
foreground=not flags.FLAGS.background)
def main(argv):
"""Main."""
del argv # Unused.
if flags.FLAGS.subparser_name == "version":
version = config_server.VERSION["packageversion"]
print("GRR configuration updater {}".format(version))
return
token = config_updater_util.GetToken()
grr_config.CONFIG.AddContext(contexts.COMMAND_LINE_CONTEXT)
grr_config.CONFIG.AddContext(contexts.CONFIG_UPDATER_CONTEXT)
if flags.FLAGS.subparser_name == "initialize":
config_lib.ParseConfigCommandLine()
if flags.FLAGS.noprompt:
config_updater_util.InitializeNoPrompt(grr_config.CONFIG,
token=token)
else:
config_updater_util.Initialize(grr_config.CONFIG, token=token)
return
server_startup.Init()
try:
print("Using configuration %s" % grr_config.CONFIG)
except AttributeError:
raise RuntimeError("No valid config specified.")
if flags.FLAGS.subparser_name == "generate_keys":
try:
config_updater_util.GenerateKeys(
grr_config.CONFIG, overwrite_keys=flags.FLAGS.overwrite_keys)
except RuntimeError as e:
# GenerateKeys will raise if keys exist and overwrite_keys is not set.
print("ERROR: %s" % e)
sys.exit(1)
grr_config.CONFIG.Write()
elif flags.FLAGS.subparser_name == "repack_clients":
upload = not flags.FLAGS.noupload
repacking.TemplateRepacker().RepackAllTemplates(upload=upload,
token=token)
elif flags.FLAGS.subparser_name == "show_user":
maintenance_utils.ShowUser(flags.FLAGS.username, token=token)
elif flags.FLAGS.subparser_name == "update_user":
try:
maintenance_utils.UpdateUser(flags.FLAGS.username,
flags.FLAGS.password,
flags.FLAGS.add_labels,
flags.FLAGS.delete_labels,
token=token)
except maintenance_utils.UserError as e:
print(e)
elif flags.FLAGS.subparser_name == "delete_user":
maintenance_utils.DeleteUser(flags.FLAGS.username, token=token)
elif flags.FLAGS.subparser_name == "add_user":
labels = []
if not flags.FLAGS.noadmin:
labels.append("admin")
if flags.FLAGS.labels:
labels.extend(flags.FLAGS.labels)
try:
maintenance_utils.AddUser(flags.FLAGS.username,
flags.FLAGS.password,
labels,
token=token)
except maintenance_utils.UserError as e:
print(e)
elif flags.FLAGS.subparser_name == "upload_python":
python_hack_root_urn = grr_config.CONFIG.Get("Config.python_hack_root")
content = open(flags.FLAGS.file, "rb").read(1024 * 1024 * 30)
aff4_path = flags.FLAGS.dest_path
platform = flags.FLAGS.platform
if not aff4_path:
aff4_path = python_hack_root_urn.Add(platform.lower()).Add(
os.path.basename(flags.FLAGS.file))
if not str(aff4_path).startswith(str(python_hack_root_urn)):
raise ValueError("AFF4 path must start with %s." %
python_hack_root_urn)
context = ["Platform:%s" % platform.title(), "Client Context"]
maintenance_utils.UploadSignedConfigBlob(content,
aff4_path=aff4_path,
client_context=context,
token=token)
elif flags.FLAGS.subparser_name == "upload_exe":
content = open(flags.FLAGS.file, "rb").read(1024 * 1024 * 30)
context = [
"Platform:%s" % flags.FLAGS.platform.title(), "Client Context"
]
if flags.FLAGS.dest_path:
dest_path = rdfvalue.RDFURN(flags.FLAGS.dest_path)
else:
dest_path = grr_config.CONFIG.Get(
"Executables.aff4_path",
context=context).Add(os.path.basename(flags.FLAGS.file))
# Now upload to the destination.
maintenance_utils.UploadSignedConfigBlob(content,
aff4_path=dest_path,
client_context=context,
token=token)
print("Uploaded to %s" % dest_path)
elif flags.FLAGS.subparser_name == "set_var":
config = grr_config.CONFIG
print("Setting %s to %s" % (flags.FLAGS.var, flags.FLAGS.val))
if flags.FLAGS.val.startswith("["): # Allow setting of basic lists.
flags.FLAGS.val = flags.FLAGS.val[1:-1].split(",")
config.Set(flags.FLAGS.var, flags.FLAGS.val)
config.Write()
elif flags.FLAGS.subparser_name == "upload_raw":
if not flags.FLAGS.dest_path:
flags.FLAGS.dest_path = aff4.ROOT_URN.Add("config").Add("raw")
uploaded = config_updater_util.UploadRaw(flags.FLAGS.file,
flags.FLAGS.dest_path,
token=token)
print("Uploaded to %s" % uploaded)
elif flags.FLAGS.subparser_name == "upload_artifact":
yaml.load(open(flags.FLAGS.file, "rb")) # Check it will parse.
try:
artifact.UploadArtifactYamlFile(
open(flags.FLAGS.file, "rb").read(),
overwrite=flags.FLAGS.overwrite_artifact)
except rdf_artifacts.ArtifactDefinitionError as e:
print("Error %s. You may need to set --overwrite_artifact." % e)
elif flags.FLAGS.subparser_name == "delete_artifacts":
artifact_list = flags.FLAGS.artifact
if not artifact_list:
raise ValueError("No artifact to delete given.")
artifact_registry.DeleteArtifactsFromDatastore(artifact_list,
token=token)
print("Artifacts %s deleted." % artifact_list)
elif flags.FLAGS.subparser_name == "download_missing_rekall_profiles":
print("Downloading missing Rekall profiles.")
s = rekall_profile_server.GRRRekallProfileServer()
s.GetMissingProfiles()
elif flags.FLAGS.subparser_name == "set_global_notification":
notification = aff4_users.GlobalNotification(
type=flags.FLAGS.type,
header=flags.FLAGS.header,
content=flags.FLAGS.content,
link=flags.FLAGS.link)
if flags.FLAGS.show_from:
notification.show_from = rdfvalue.RDFDatetime(
).ParseFromHumanReadable(flags.FLAGS.show_from)
if flags.FLAGS.duration:
notification.duration = rdfvalue.Duration().ParseFromHumanReadable(
flags.FLAGS.duration)
print("Setting global notification.")
print(notification)
with aff4.FACTORY.Create(
aff4_users.GlobalNotificationStorage.DEFAULT_PATH,
aff4_type=aff4_users.GlobalNotificationStorage,
mode="rw",
token=token) as storage:
storage.AddNotification(notification)
elif flags.FLAGS.subparser_name == "rotate_server_key":
print("""
You are about to rotate the server key. Note that:
- Clients might experience intermittent connection problems after
the server keys rotated.
- It's not possible to go back to an earlier key. Clients that see a
new certificate will remember the cert's serial number and refuse
to accept any certificate with a smaller serial number from that
point on.
""")
if builtins.input("Continue? [yN]: ").upper() == "Y":
if flags.FLAGS.keylength:
keylength = int(flags.FLAGS.keylength)
else:
keylength = grr_config.CONFIG["Server.rsa_key_length"]
maintenance_utils.RotateServerKey(cn=flags.FLAGS.common_name,
keylength=keylength)
def main(_):
"""Run the main test harness."""
if flags.FLAGS.version:
print("GRR Admin UI {}".format(config_server.VERSION["packageversion"]))
return
config.CONFIG.AddContext(
contexts.ADMIN_UI_CONTEXT,
"Context applied when running the admin user interface GUI.")
server_startup.Init()
if not config.CONFIG["AdminUI.headless"] and (not os.path.exists(
os.path.join(config.CONFIG["AdminUI.document_root"],
"dist/grr-ui.bundle.js")) or not os.path.exists(
os.path.join(config.CONFIG["AdminUI.document_root"],
"dist/grr-ui.bundle.css"))):
raise RuntimeError("Can't find compiled JS/CSS bundles. "
"Please reinstall the PIP package using "
"\"pip install -e .\" to rebuild the bundles.")
# Start up a server in another thread
bind_address = config.CONFIG["AdminUI.bind"]
ip = ipaddr.IPAddress(bind_address)
if ip.version == 4:
# Address looks like an IPv4 address.
ThreadedServer.address_family = socket.AF_INET
max_port = config.CONFIG.Get("AdminUI.port_max",
config.CONFIG["AdminUI.port"])
for port in range(config.CONFIG["AdminUI.port"], max_port + 1):
# Make a simple reference implementation WSGI server
try:
server = simple_server.make_server(
bind_address,
port,
wsgiapp.AdminUIApp().WSGIHandler(),
server_class=ThreadedServer)
break
except socket.error as e:
if e.errno == socket.errno.EADDRINUSE and port < max_port:
logging.info("Port %s in use, trying %s", port, port + 1)
else:
raise
proto = "HTTP"
if config.CONFIG["AdminUI.enable_ssl"]:
cert_file = config.CONFIG["AdminUI.ssl_cert_file"]
if not cert_file:
raise ValueError("Need a valid cert file to enable SSL.")
key_file = config.CONFIG["AdminUI.ssl_key_file"]
server.socket = ssl.wrap_socket(
server.socket, certfile=cert_file, keyfile=key_file, server_side=True)
proto = "HTTPS"
# SSL errors are swallowed by the WSGIServer so if your configuration does
# not work, uncomment the line below, point your browser at the gui and look
# at the log file to see why SSL complains:
# server.socket.accept()
sa = server.socket.getsockname()
logging.info("Serving %s on %s port %d ...", proto, sa[0], sa[1])
server_startup.DropPrivileges()
server.serve_forever()
