def get_filtered_params_to_log(block_id, block_dict, extra_args=None):
"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': {'host_ip': '127.0.0.1',
'host_port': 443},
'status': True},
'caller': 'Audit'}
"""
log.debug('get_filtered_params_to_log for id: {0}'.format(block_id))
chain_args = extra_args.get('chaining_args') if extra_args else None
endpoint_chained = runner_utils.get_chained_param(chain_args)
if endpoint_chained:
host_ip = endpoint_chained.get('host_ip')
host_port = endpoint_chained.get('host_port')
else:
host_ip = runner_utils.get_param_for_module(block_id, block_dict,
'host_ip')
host_port = runner_utils.get_param_for_module(block_id, block_dict,
'host_port')
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
if path:
return {'path': path}
return {'host_ip': host_ip, 'host_port': host_port}
def get_filtered_params_to_log(block_id, block_dict, extra_args=None):
"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': {'cmdline': 'app --config-file=test test'}, 'status': True},
'caller': 'Audit'}
"""
log.debug('get_filtered_params_to_log for id: {0}'.format(block_id))
chained_param = runner_utils.get_chained_param(extra_args)
command_line = None
if chained_param:
command_line = chained_param.get('cmdline')
if not command_line:
# get it from args
command_line = runner_utils.get_param_for_module(
block_id, block_dict, 'cmdline')
key_aliases = runner_utils.get_param_for_module(block_id, block_dict,
'key_aliases')
delimiter = runner_utils.get_param_for_module(block_id, block_dict,
'delimiter')
return {
'command_line': command_line,
'key_aliases': key_aliases,
'delimiter': delimiter
}
def get_filtered_params_to_log(block_id, block_dict, extra_args=None):
"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Chained argument dictionary, (If any)
Example: {'chaining_args': {'result': {"name": "LogFileName", "value_type": "public"}, 'status': True},
'caller': 'Audit'}
"""
log.debug('get_filtered_params_to_log for win_firewall and id: {0}'.format(
block_id))
# fetch required param
chained_result = runner_utils.get_chained_param(extra_args)
if chained_result:
name = chained_result.get('name')
value_type = chained_result.get('value_type')
else:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
value_type = runner_utils.get_param_for_module(block_id, block_dict,
'value_type')
return {'name': name, 'value_type': value_type}
def validate_params(block_id, block_dict, extra_args=None):
"""
Validate all mandatory params required for this module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': '/some/path', 'status': True},
'caller': 'Audit'}
Raises:
HubbleCheckValidationError: For any validation error
"""
log.debug(
'Module: readfile Start validating params for check-id: {0}'.format(
block_id))
filepath = runner_utils.get_param_for_module(block_id, block_dict, 'path')
file_format = runner_utils.get_param_for_module(block_id, block_dict,
'format')
error = {}
if not filepath:
error['path'] = 'No filepath provided'
if not file_format:
error['format'] = 'No file format provided'
if error:
raise HubbleCheckValidationError(error)
log.debug('Validation success for check-id: {0}'.format(block_id))
def _handle_string_file(block_id, block_dict, extra_args=None):
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
chained_param = runner_utils.get_chained_param(extra_args)
encode_b64 = runner_utils.get_param_for_module(block_id, block_dict,
'encode_b64')
return _readfile_string(block_id, path, encode_b64, chained_param)
def _handle_file(file_format, block_id, block_dict, extra_args=None):
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
chained_param = runner_utils.get_chained_param(extra_args)
subkey = runner_utils.get_param_for_module(block_id, block_dict, 'subkey')
sep = runner_utils.get_param_for_module(block_id, block_dict, 'sep')
return _handle_file_helper(file_format, block_id, path, subkey, sep,
chained_param)
def _get_key(block_id, block_dict, extra_args):
"""
Given a dictionary, return an element by ``key``.
block_id:
Block id
block_dict:
key: (Mandatory)
Key value to get
starting_dict: (Optional)
Starting dictionary param
extend_chained: (Default True)
By default, ``chained`` will have ``.update()`` called on it with
``starting_dict`` as the only argument. Set ``extend_chained`` to False
to ignore ``starting_dict``.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the key is found, and
False othewise. The second argument will be the value found by the key or
None if the key is not present in the dictionary.
"""
chained = runner_utils.get_chained_param(extra_args)
key = runner_utils.get_param_for_module(block_id, block_dict, 'key')
starting_dict = runner_utils.get_param_for_module(block_id, block_dict,
'starting_dict')
update_chained = runner_utils.get_param_for_module(block_id, block_dict,
'update_chained', True)
if update_chained and starting_dict:
try:
chained.update(starting_dict)
except (TypeError, ValueError):
log.error("Arguments should be of type dict.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
try:
ret = chained[key]
except KeyError:
log.error("Key not found: %s", key, exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'key_not_found')
return False, None
except TypeError:
log.error("Arguments should be of type dict.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
status = bool(ret)
if not status:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(block_id, ret)
def _sort(block_id, block_dict, extra_args):
"""
Given a target sequence, sort it and return the sorted result.
block_id:
Block id
block_dict:
seq: (Optional)
Input sequence to be sorted
lexico: (Optional) (Default False)
Set to True if the sorting thould be in lexicographical order.
desc: (Optional) (Default False)
Set to True if the sorting should be in descending order.
extend_chained: (Default True)
By default, ``chained`` will have ``.extend()`` or
``.update()`` or ``.format()``
called on it with ``seq`` as the only argument.
Set ``extend_chained`` to False to ignore ``seq``.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the sort is successful, and
False othewise. The second argument will be the sorted sequence.
"""
chained = runner_utils.get_chained_param(extra_args)
extend_chained = runner_utils.get_param_for_module(block_id, block_dict,
'extend_chained', True)
lexico = runner_utils.get_param_for_module(block_id, block_dict, 'lexico',
False)
desc = runner_utils.get_param_for_module(block_id, block_dict, 'desc',
False)
seq = runner_utils.get_param_for_module(block_id, block_dict, 'seq')
if extend_chained and seq:
try:
if isinstance(chained, (dict, set)):
chained.update(seq)
elif isinstance(chained, list):
chained.extend(seq)
elif isinstance(chained, str):
chained = seq.format(chained)
except (AttributeError, TypeError, ValueError):
log.error("Invalid arguments type.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
ret = _sort_helper(chained, desc, lexico)
status = bool(ret)
if not status:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(block_id, ret)
def _join(block_id, block_dict, extra_args):
"""
Given a list of strings, join them into a string, using ``sep`` as delimiter.
block_id:
Block id
block_dict:
words: (Mandatory)
List of string
sep: (Optional)
Separator, Default: ''
extend_chained: (Default True)
By default, ``chained`` will have ``.extend()`` called on it with
``words`` as the only argument.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the join was successful, and
False othewise. The second argument will be the output of the ``join``
command.
``extend_chained`` is set to True when ``chained`` should be extended with ``words``.
If set to False, ``words`` is ignored.
"""
chained = runner_utils.get_chained_param(extra_args)
extend_chained = runner_utils.get_param_for_module(block_id, block_dict,
'extend_chained', True)
sep = runner_utils.get_param_for_module(block_id, block_dict, 'sep', '')
words = runner_utils.get_param_for_module(block_id, block_dict, 'words',
None)
if extend_chained and words:
try:
chained.extend(words)
except (AttributeError, TypeError):
log.error("Arguments should be of type list.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
try:
ret = sep.join(chained)
except (TypeError, AttributeError):
log.error("Invalid arguments type.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
status = bool(ret)
if not status:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(block_id, ret)
def _get_index(block_id, block_dict, extra_args):
"""
Given a list list, return the item found at ``index``.
block_id:
Block id
block_dict:
index: (Mandatory)
Index value for which value is needed
starting_list: (Optional)
Starting list param
extend_chained: (Default True)
By default, ``chained`` will have ``.extend()`` called on it with
``starting_list`` as the only argument.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the return was successful, and
False othewise. The second argument will be the requested list element.
"""
chained = runner_utils.get_chained_param(extra_args)
index = runner_utils.get_param_for_module(block_id, block_dict, 'index', 0)
starting_list = runner_utils.get_param_for_module(block_id, block_dict,
'starting_list')
extend_chained = runner_utils.get_param_for_module(block_id, block_dict,
'extend_chained', True)
if extend_chained and starting_list:
try:
chained.extend(starting_list)
except (AttributeError, TypeError):
log.error("Invalid argument type", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
try:
ret = chained[index]
except IndexError:
log.error('List index out of range %d', index, exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
except TypeError:
log.error('Arguments should be of type list', exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
status = bool(ret)
if status:
return runner_utils.prepare_positive_result_for_module(block_id, ret)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_result')
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing FDG Connector module for id: {0}'.format(block_id))
fdg_file = runner_utils.get_chained_param(extra_args)
if not fdg_file:
fdg_file = runner_utils.get_param_for_module(block_id, block_dict,
'fdg_file')
# read other params for fdg connector module
starting_chained = runner_utils.get_param_for_module(
block_id, block_dict, 'starting_chained')
use_status = runner_utils.get_param_for_module(block_id, block_dict,
'use_status', False)
consolidation_operator = runner_utils.get_param_for_module(
block_id, block_dict, 'consolidation_operator', 'and')
try:
# fdg runner class
fdg_runner = runner_factory.get_fdg_runner()
fdg_runner.init_loader()
# Handover to fdg_runner
_, fdg_run = fdg_runner.execute(fdg_file,
{'starting_chained': starting_chained})
except Exception as e:
raise HubbleCheckValidationError(
'fdg_runner raised {0}: in file {1}, {2}'.format(
e.__class__, fdg_file, e))
if not isinstance(fdg_run, tuple):
log.debug("consolidation_operator is %s", consolidation_operator)
fdg_run = _get_consolidated_result(fdg_run, consolidation_operator)
fdg_result, fdg_status = fdg_run
if isinstance(fdg_result, dict) and 'error' in (k.lower()
for k in fdg_result):
return runner_utils.prepare_negative_result_for_module(block_id, False)
check_value = fdg_status if use_status else bool(fdg_result)
if check_value:
return runner_utils.prepare_positive_result_for_module(block_id, True)
return runner_utils.prepare_negative_result_for_module(block_id, False)
def _dict_convert_none(block_id, block_dict, extra_args):
"""
Given a target sequence, look for dictionary keys that have empty string values
and replace them with None.
block_id:
Block id
block_dict:
starting_seq: (Optional)
Initial dictionary
extend_chained: (Default True)
By default, ``chained`` will have ``.extend()`` or ``.update()`` called on it with
``starting_seq`` as the only argument.
Set ``extend_chained`` to False to ignore ``starting_seq``.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the replacing is successful, and
False othewise. The second argument will be the updated sequence.
"""
chained = runner_utils.get_chained_param(extra_args)
extend_chained = runner_utils.get_param_for_module(block_id, block_dict,
'extend_chained', True)
starting_seq = runner_utils.get_param_for_module(block_id, block_dict,
'starting_seq')
if extend_chained and starting_seq:
try:
if isinstance(chained, (set, dict)):
chained.update(starting_seq)
elif isinstance(chained, list):
chained.extend(starting_seq)
except (AttributeError, TypeError, ValueError):
log.error("Invalid type of arguments", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
if isinstance(chained, dict):
ret = _dict_convert_none_helper(chained)
elif isinstance(chained, (set, list, tuple)):
ret = _seq_convert_none_helper(chained)
else:
log.error("Invalid arguments type - dict or sequence expected")
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_error')
status = bool(ret)
if not status:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(block_id, ret)
def validate_params(block_id, block_dict, extra_args=None):
"""
Validate all mandatory params required for this module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': {'host_ip': '127.0.0.1',
'host_port': 443},
'status': True},
'caller': 'Audit'}
Raises:
HubbleCheckValidationError: For any validation error
"""
log.debug(
'Module: ssl_certificate Start validating params for check-id: {0}'.
format(block_id))
error = {}
endpoint_chained = runner_utils.get_chained_param(extra_args)
if endpoint_chained:
host_ip = endpoint_chained.get('host_ip')
host_port = endpoint_chained.get('host_port')
else:
host_ip = runner_utils.get_param_for_module(block_id, block_dict,
'host_ip')
host_port = runner_utils.get_param_for_module(block_id, block_dict,
'host_port')
ssl_timeout = runner_utils.get_param_for_module(block_id, block_dict,
'ssl_timeout', 0)
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
endpoint_present = bool(host_ip and host_port)
if not endpoint_present and not path:
error[
'endpoint'] = 'Mandatory parameter: host_ip, host_port or path not found for id: %s' % (
block_id)
if endpoint_present and path:
error[
'endpoint'] = 'Only one of either endpoint data or path is required not both. Only one certificate per check for id: %s' % (
block_id)
if ssl_timeout < 0:
error['ssl_timeout'] = 'Incorrect value provided for ssl_timeout'
if error:
raise HubbleCheckValidationError(error)
log.debug('Validation success for check-id: {0}'.format(block_id))
def validate_params(block_id, block_dict, extra_args=None):
"""
Validate all mandatory params required for this module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
Raises:
HubbleCheckValidationError: For any validation error
"""
log.debug('Module: grep Start validating params for check-id: {0}'.format(
block_id))
error = {}
filepath = None
chaining_file_mode = runner_utils.get_param_for_module(
block_id, block_dict, 'chain_filepath', False)
if chaining_file_mode:
# in chain_filepath mode, filepath from chaining is mandatory
filepath = runner_utils.get_chained_param(extra_args)
if not filepath:
error[
'path'] = 'Mandatory parameter: path not found for id: %s' % (
block_id)
else:
# fetch required param
file_content = runner_utils.get_chained_param(extra_args)
if not file_content:
filepath = runner_utils.get_param_for_module(
block_id, block_dict, 'path')
if not file_content and not filepath:
error[
'path'] = 'Mandatory parameter: path not found for id: %s' % (
block_id)
pattern_val = runner_utils.get_param_for_module(block_id, block_dict,
'pattern')
if not pattern_val:
error[
'pattern'] = 'Mandatory parameter: pattern not found for id: %s' % (
block_id)
if error:
raise HubbleCheckValidationError(error)
log.debug('Validation success for check-id: {0}'.format(block_id))
def _split(block_id, block_dict, extra_args):
"""
Given a ``phrase`` string, split it into a list of words by a ``sep`` delimiter.
block_id:
Block id
block_dict:
phrase: (Mandatory)
Input Phrase(string) to be split.
sep: (Optional)
Separator to split by. It can either be a delimiter or a regex.
If it's None it will split by whitespace.
regex: (Optional) (Default False)
Set to True if ``sep`` should be treated as a regex instead of a delimiter.
format_chained: (Default True)
By default, the ``phrase`` will have ``.format()`` called on it with
``chained`` as the only argument. (So, use ``{0}`` in your phrase to
substitute the chained value.) If you want to avoid having to escape
curly braces, set ``format_chained=False``.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be True if the delimiter is found and
the splitting is successful, and False othewise. The second argument will be
the output of the ``split`` command.
"""
chained = runner_utils.get_chained_param(extra_args)
format_chained = runner_utils.get_param_for_module(block_id, block_dict,
'format_chained', True)
phrase = runner_utils.get_param_for_module(block_id, block_dict, 'phrase')
sep = runner_utils.get_param_for_module(block_id, block_dict, 'sep')
regex = runner_utils.get_param_for_module(block_id, block_dict, 'regex',
False)
if format_chained and chained:
try:
phrase = phrase.format(chained)
except AttributeError:
log.error("Invalid attributes type.", exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
ret = _split_helper(phrase, sep, regex)
status = bool(ret) and len(ret) > 1
if not status:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(block_id, ret)
def execute(block_id, block_dict, extra_args=None):
"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': {'host_ip': '127.0.0.1',
'host_port': 443},
'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
start_time = time.time()
log.debug('Executing ssl_certificate module for id: {0}'.format(block_id))
endpoint_chained = runner_utils.get_chained_param(extra_args)
if endpoint_chained:
host_ip = endpoint_chained.get('host_ip')
host_port = endpoint_chained.get('host_port')
else:
host_ip = runner_utils.get_param_for_module(block_id, block_dict,
'host_ip')
host_port = runner_utils.get_param_for_module(block_id, block_dict,
'host_port')
ssl_timeout = runner_utils.get_param_for_module(block_id, block_dict,
'ssl_timeout', 3)
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
cert = _get_cert(host_ip, host_port,
ssl_timeout=ssl_timeout) if host_ip else _get_cert(
path, from_file=True)
if not cert:
return runner_utils.prepare_negative_result_for_module(
block_id, 'unable_to_load_certificate')
log.debug("ssl_certificate - cert found, parsing certificate")
cert_details = _parse_cert(cert, host_ip, host_port, path)
if 'error' in cert_details:
log.debug('Error in parsing certificate. {0}'.format(
cert_details['error']))
return runner_utils.prepare_negative_result_for_module(
block_id, 'unable_to_parse_certificate')
stop_time = time.time()
cert_details['execution_time'] = stop_time - start_time
return runner_utils.prepare_positive_result_for_module(
block_id, cert_details)
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Chained argument dictionary, (If any)
Example: {'chaining_args': {'result': {"name": "LogFileName", "value_type": "public"}, 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing win_firewall module for id: {0}'.format(block_id))
__firewalldata__ = _import_firewall()
if not __firewalldata__:
return runner_utils.prepare_negative_result_for_module(
block_id, "firewall data couldn't be fetched")
chained_result = runner_utils.get_chained_param(extra_args)
if chained_result:
name = chained_result.get('name')
value_type = chained_result.get('value_type')
else:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
value_type = runner_utils.get_param_for_module(block_id, block_dict,
'value_type')
try:
setting_value = __firewalldata__.get(value_type).get(name).lower()
except Exception as e:
log.debug(
"for block id %s, setting name %s and value type %s is not "
"found in firewall data", block_id, name, value_type)
setting_value = "Not Found"
result = {
"name": name,
"value_type": value_type,
"setting_value": setting_value
}
log.debug("win_firewall module output for block_id %s, is %s", block_id,
result)
if not result:
return runner_utils.prepare_negative_result_for_module(
block_id, "firewall setting couldn't be fetched")
return runner_utils.prepare_positive_result_for_module(block_id, result)
def _print_string(block_id, block_dict, extra_args):
"""
Given a string, return it.
block_id:
Block id
block_dict:
starting_string: (Optional)
Initial string
format_chained: (Default True)
By default, ``starting_string`` will have ``.format()`` called on it
with ``chained`` as the only argument. (So, use ``{0}`` in your pattern to
substitute the chained value.) If you want to avoid having to escape curly braces,
set ``format_chained=False``.
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "Output", 'status': True},
'caller': 'Audit'}
The first return value (status) will be False only if an error will occur.
"""
chained = runner_utils.get_chained_param(extra_args)
format_chained = runner_utils.get_param_for_module(block_id, block_dict,
'format_chained', True)
starting_string = runner_utils.get_param_for_module(
block_id, block_dict, 'starting_string')
if format_chained:
try:
starting_string = starting_string.format(chained)
except AttributeError:
log.error("Invalid type for starting_string - has to be string.",
exc_info=True)
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
if not isinstance(starting_string, str):
log.error('Invalid arguments - starting_string should be a string')
return runner_utils.prepare_negative_result_for_module(
block_id, 'invalid_format')
if not bool(starting_string):
return runner_utils.prepare_negative_result_for_module(
block_id, 'unknown_error')
return runner_utils.prepare_positive_result_for_module(
block_id, starting_string)
def get_filtered_params_to_log(block_id, block_dict, extra_args=None):
"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Chained argument dictionary, (If any)
Example: {'chaining_args': {'result': "Local Administrator Password Solution", 'status': True},
'caller': 'Audit'}
"""
log.debug(
'get_filtered_params_to_log for win_pkg and id: {0}'.format(block_id))
# fetch required param
chained_result = runner_utils.get_chained_param(extra_args)
if chained_result:
pkg_name = chained_result
else:
pkg_name = runner_utils.get_param_for_module(block_id, block_dict,
'name')
return {'name': pkg_name}
def validate_params(block_id, block_dict, extra_args=None):
"""
Validate all mandatory params required for this module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': [{'name': 'CentOS Linux', 'platform': 'rhel', 'version': 'CentOS Linux release 7.8.2003 (Core)'}], 'status': True},
'caller': 'FDG'}
Raises:
HubbleCheckValidationError: For any validation error
"""
log.debug(
'Module: osquery Start validating params for check-id: {0}'.format(
block_id))
query = runner_utils.get_param_for_module(block_id, block_dict, 'query')
if not query:
raise HubbleCheckValidationError(
'Mandatory parameter: {0} not found for id: {1}'.format(
'query', block_id))
log.debug('Validation success for check-id: {0}'.format(block_id))
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing pkg module for id: {0}'.format(block_id))
# fetch required param
name = runner_utils.get_chained_param(extra_args)
if not name:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
installed_pkgs_dict = __mods__['pkg.list_pkgs']()
filtered_pkgs_list = fnmatch.filter(installed_pkgs_dict, name)
result_dict = {}
for package in filtered_pkgs_list:
result_dict[package] = installed_pkgs_dict[package]
return runner_utils.prepare_positive_result_for_module(
block_id, result_dict)
def get_failure_reason(block_id, block_dict, extra_args=None):
"""
The function is used to find the action that was performed during the audit check
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
:return:
"""
function_name = runner_utils.get_param_for_module(block_id, block_dict,
'function')
url = runner_utils.get_param_for_module(block_id, block_dict, 'url')
return "Making {0} request on {1}".format(function_name, url)
def validate_params(block_id, block_dict, extra_args=None):
"""
Validate all mandatory params required for this module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
Raises:
HubbleCheckValidationError: For any validation error
"""
log.debug('Module: pkg Start validating params for check-id: {0}'.format(
block_id))
error = {}
name = runner_utils.get_chained_param(extra_args)
if not name:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
if not name:
error['name'] = 'Mandatory parameter: name not found for id: %s' % (
block_id)
if error:
raise HubbleCheckValidationError(error)
log.debug('Validation success for check-id: {0}'.format(block_id))
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "vm.zone_reclaim_mode", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing sysctl module for id: {0}'.format(block_id))
# fetch required param
name = runner_utils.get_chained_param(extra_args)
if not name:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
sysctl_res = __mods__['sysctl.get'](name)
result = {name: sysctl_res}
if not sysctl_res or "No such file or directory" in sysctl_res:
return runner_utils.prepare_negative_result_for_module(
block_id, "Could not find attribute %s in the kernel" % (name))
if sysctl_res.lower().startswith("error"):
return runner_utils.prepare_negative_result_for_module(
block_id, "An error occurred while reading the value "
"of kernel attribute %s" % (name))
return runner_utils.prepare_positive_result_for_module(block_id, result)
def get_failure_reason(block_id, block_dict, extra_args=None):
"""
The function is used to find the action that was performed during the audit check
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': '/some/path', 'status': True},
'caller': 'Audit'}
:return:
"""
subkey = runner_utils.get_param_for_module(block_id, block_dict, 'subkey')
path = runner_utils.get_param_for_module(block_id, block_dict, 'path')
return "Fetching subkey '{0}' in file {1}".format(subkey, path)
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing stat module for id: {0}'.format(block_id))
# fetch required param
filepath = runner_utils.get_chained_param(extra_args)
if filepath and isinstance(filepath, dict):
# in case, the result is a dictionary. Fetch the path
for key, value in filepath.items():
filepath = value
if not filepath:
filepath = runner_utils.get_param_for_module(block_id, block_dict, 'path')
# check filepath existence
if not os.path.exists(filepath):
return runner_utils.prepare_negative_result_for_module(block_id, 'file_not_found')
stat_res = __mods__['file.stats'](filepath)
return runner_utils.prepare_positive_result_for_module(block_id, stat_res)
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': '/some/path', 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing readfile module for id: {0}'.format(block_id))
file_format = runner_utils.get_param_for_module(block_id, block_dict,
'format')
if file_format in ['json', 'yaml']:
return _handle_file(file_format, block_id, block_dict, extra_args)
elif file_format == 'config':
return _handle_config_file(block_id, block_dict, extra_args)
elif file_format == 'string':
return _handle_string_file(block_id, block_dict, extra_args)
else:
return runner_utils.prepare_negative_result_for_module(
block_id, 'Unknown file format')
def execute(block_id, block_dict, extra_args=None):
"""
Execute the module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "/some/path/file.txt", 'status': True},
'caller': 'Audit'}
returns:
tuple of result(value) and status(boolean)
"""
log.debug('Executing stat module for id: {0}'.format(block_id))
# fetch required param
name = runner_utils.get_chained_param(extra_args)
if not name:
name = runner_utils.get_param_for_module(block_id, block_dict, 'name')
result = []
matched_services = fnmatch.filter(__mods__['service.get_all'](), name)
for matched_service in matched_services:
service_status = __mods__['service.status'](matched_service)
is_enabled = __mods__['service.enabled'](matched_service)
result.append({
"name": matched_service,
"running": service_status,
"enabled": is_enabled
})
return runner_utils.prepare_positive_result_for_module(block_id, result)
def validate_params(block_id, block_dict, extra_args=None):
"""
Validate all mandatory params required for this module
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Extra argument dictionary, (If any)
Example: {'chaining_args': {'result': "True", 'status': True},
'caller': 'Audit'}
Raises:
HubbleCheckValidationError: For any validation error
"""
log.debug('Module: bexpr Start validating params for check-id: {0}'.format(
block_id))
error = {}
# check for calling module. Ony Audit is allowed.
if extra_args.get('caller') == Caller.FDG:
error['bexpr'] = 'Module: bexpr called from FDG !!!!'
# fetch required param
expr = runner_utils.get_param_for_module(block_id, block_dict, 'expr')
if not expr:
error[
'expr'] = 'Mandatory parameter: expr not found for id: %s' % block_id
if error:
raise HubbleCheckValidationError(error)
log.debug('Validation success for check-id: {0}'.format(block_id))
def get_filtered_params_to_log(block_id, block_dict, extra_args=None):
r"""
For getting params to log, in non-verbose logging
:param block_id:
id of the block
:param block_dict:
parameter for this module
:param extra_args:
Chained argument dictionary, (If any)
Example: {'chaining_args': {'result': "HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\EventLog\Application\MaxSize", 'status': True},
'caller': 'Audit'}
"""
log.debug(
"get_filtered_params_to_log for win_reg and id: {0}".format(block_id))
# fetch required param
chained_result = runner_utils.get_chained_param(extra_args)
if chained_result:
reg_name = chained_result
else:
reg_name = runner_utils.get_param_for_module(block_id, block_dict,
"name")
return {"name": reg_name}
