def get_content(self, content_name, index=None):
env = Environment(loader=FileSystemLoader(Const.TEMPLATE_VIEW_DIR))
template = env.get_template(content_name)
try:
lib.utility.SystemUtility.cache['db_cache_server_list']
except KeyError as e:
self.logger.info('Cannot get server list cache. Create cache...')
server_list = []
session = Session()
servers = session.query(Server).all()
for e in servers:
server_list.append({
'ip': e.ip,
'hostname': e.hostname,
'rolename': e.rolename,
'type_cd': e.type_cd,
'group_cd': e.group_cd,
'region': e.region,
'zone': e.zone,
'description': e.description
})
self.logger.info(e)
lib.utility.SystemUtility.cache[
'db_cache_server_list'] = server_list
finally:
index['menu_servers'] = lib.utility.SystemUtility.cache[
'db_cache_server_list']
return template.render(index)
def on_post(self, req, resp):
resp.status = falcon.HTTP_200
index = {
'title': 'Search User',
'users': [],
'roles': get_role(),
'input_account': '',
'input_username': '',
'input_nickname': '',
'input_mail': ''
}
index['input_account'] = req.get_param('form-input-account')
index['input_password'] = req.get_param('form-input-password')
index['input_username'] = req.get_param('form-input-username')
index['input_nickname'] = req.get_param('form-input-nickname')
index['input_mail'] = req.get_param('form-input-mail')
self.logger.debug("input_account: {0}".format(index['input_account']))
self.logger.debug("input_username: {0}".format(
index['input_username']))
self.logger.debug("input_nickname: {0}".format(
index['input_nickname']))
self.logger.debug("input_mail: {0}".format(index['input_mail']))
try:
session = Session()
query = session.query(User, Role).join(
Role, User.role_id == Role.id)
if len(index['input_account']) > 0:
query = query.filter(User.account.like(
'%{0}%'.format(index['input_account'])))
if len(index['input_username']) > 0:
query = query.filter(User.username.like(
'%{0}%'.format(index['input_username'])))
if len(index['input_nickname']) > 0:
query = query.filter(User.nickname.like(
'%{0}%'.format(index['input_nickname'])))
if len(index['input_mail']) > 0:
query = query.filter(User.mail.like(
'%{0}%'.format(index['input_mail'])))
users = query.order_by(User.id).limit(100).all()
for user in users:
self.logger.debug(user)
index['users'].append(
{
'id': user[0].id,
'account': user[0].account,
'role': user[1].role_type,
'username': user[0].username,
'nickname': user[0].nickname,
'mail': user[0].mail
}
)
except Exception as e:
self.logger.error(e)
resp.status = falcon.HTTP_500
raise falcon.HTTP_INTERNAL_SERVER_ERROR
finally:
session.close()
resp.body = self.get_content('user_search.html.j2', index)
def get_role():
try:
SystemUtility.cache['db_cache_role_list']
except KeyError as e:
role_list = []
session = Session()
roles = session.query(Role).all()
for e in roles:
role_list.append({
'id': e.id,
'role_type': e.role_type
})
SystemUtility.cache['db_cache_role_list'] = role_list
finally:
return SystemUtility.cache['db_cache_role_list']
def on_get(self, req, resp, hostname):
resp.status = falcon.HTTP_200
body = SystemUtility.get_response_base_with_body(Version.VERSION_1)
session = Session()
try:
info = session.query(Application, Server).join(
Server, Server.id == Application.server_id).filter(
Server.hostname == hostname)
self.logger.debug("data")
self.logger.debug(info)
body['data']['ip'] = info[0][1].ip
body['data']['hostname'] = info[0][1].hostname
body['data']['key'] = ['category', 'value', 'note']
body['data']['data'] = list(
map(
lambda x: {
'category': x[0].application_name,
'value': x[0].application_desc,
'note': x[0].note
}, list(info)))
except Exception as e:
self.logger.error(e)
session.rollback()
resp.status = falcon.HTTP_500
SystemUtility.set_response_metadata(
Version.VERSION_1, body, Message.RESPONSE_NG,
Message.RESPONSE_DATABASE_CONNECTION_ERROR)
finally:
session.close()
resp.body = json.dumps(body, cls=CustomJSONEncoder)
def on_get(self, req, resp, target):
resp.status = falcon.HTTP_200
body = SystemUtility.get_response_base_with_body(Version.VERSION_1)
session = Session()
try:
if target == 'server':
servers = session.query(Server).all()
body['data']['data'] = []
for server in servers:
body['data']['data'].append({
'hostname': server.hostname,
'ip': server.ip,
'role': server.rolename,
'region': server.region,
'zone': server.zone
})
else:
resp.status = falcon.HTTP_400
SystemUtility.set_response_metadata(
Version.VERSION_1, body, Message.RESPONSE_NG,
Message.RESPONSE_REQUEST_URL_ERROR)
except Exception as e:
self.logger.error(e)
session.rollback()
resp.status = falcon.HTTP_500
SystemUtility.set_response_metadata(
Version.VERSION_1, body, Message.RESPONSE_NG,
Message.RESPONSE_DATABASE_CONNECTION_ERROR)
finally:
session.close()
resp.body = json.dumps(body, cls=CustomJSONEncoder)
def main():
global system_config, system_logger
signal.signal(signal.SIGINT, signal_handler)
signal.signal(signal.SIGTERM, signal_handler)
init()
system_logger.info('[START] Collector started.')
threads = []
now = datetime.now()
session = Session()
try:
servers = session.query(Server).all()
for server in servers:
thread = Thread(target=insert_os_log,
args=(session, document, server, now))
thread.setDaemon(True)
threads.append(thread)
thread.start()
for thread in threads:
thread.join()
except:
session.rollback()
raise
finally:
session.close()
system_logger.info('[END] Collector end.')
def count_lines(self):
lines = 0
fingerprint = (sha256(
self.username.lower().strip().encode()).hexdigest().encode())
self.display.info("Reading wordlist ...")
with io.open(self.passlist_path, mode="rb") as f:
for data in f:
lines += 1
chunk = sha256(data).hexdigest().encode()
fingerprint = sha256(fingerprint + chunk).hexdigest().encode()
self.fingerprint = fingerprint
self.session = Session(self.fingerprint)
return lines
def on_get(self, req, resp, hostname):
resp.status = falcon.HTTP_200
body = SystemUtility.get_response_base_with_body(Version.VERSION_1)
doc_db = DocumentUtility.get_document()
session = Session()
try:
info = session.query(Server, Specification, Os).join(
Specification, Server.id == Specification.server_id).join(
Os, Specification.os_id == Os.id).filter(
Server.hostname == hostname).first()
self.logger.debug(info)
body['data']['ip'] = info[0].ip
body['data']['hostname'] = info[0].hostname
body['data']['key'] = ['category', 'value', 'note']
body['data']['data'] = [{
'category': 'OS',
'value': info[2].os_version,
'note': ''
}, {
'category': 'CPUs',
'value': info[1].cpu_core,
'note': ''
}, {
'category':
'Memory',
'value':
"{0:.2f}GB".format(info[1].memory / 1024**2),
'note':
''
}, {
'category':
'Swap',
'value':
"{0:.2f}GB".format(info[1].swap / 1024**2),
'note':
''
}, {
'category':
'Storage',
'value':
"{0:.2f}GB".format(info[1].system_storage / 1024**2),
'note':
''
}]
except Exception as e:
self.logger.error(e)
session.rollback()
resp.status = falcon.HTTP_500
SystemUtility.set_response_metadata(
Version.VERSION_1, body, Message.RESPONSE_NG,
Message.RESPONSE_DATABASE_CONNECTION_ERROR)
finally:
session.close()
resp.body = json.dumps(body, cls=CustomJSONEncoder)
def on_get(self, req, resp, hostname):
resp.status = falcon.HTTP_200
body = SystemUtility.get_response_base_with_body(Version.VERSION_1)
session = Session()
try:
info = session.query(Server).filter(
Server.hostname == hostname).first()
self.logger.debug(info)
body['data']['ip'] = info.ip
body['data']['hostname'] = info.hostname
body['data']['key'] = ['category', 'value', 'note']
body['data']['data'] = [{
'category': 'Hostname',
'value': info.hostname,
'note': ''
}, {
'category': 'IP',
'value': info.ip,
'note': ''
}, {
'category': 'Role',
'value': info.rolename,
'note': ''
}, {
'category': 'Region',
'value': info.region,
'note': ''
}, {
'category': 'Zone',
'value': info.zone,
'note': ''
}]
except Exception as e:
self.logger.error(e)
session.rollback()
resp.status = falcon.HTTP_500
SystemUtility.set_response_metadata(
Version.VERSION_1, body, Message.RESPONSE_NG,
Message.RESPONSE_DATABASE_CONNECTION_ERROR)
finally:
session.close()
resp.body = json.dumps(body, cls=CustomJSONEncoder)
def on_post(self, req, resp):
security_config = dict(SystemUtility.get_config())[
ConfigKey.CONF_KEY_SYSTEM][ConfigKey.CONF_KEY_SYSTEM_SECURITY]
session_id = req.get_cookie_values('session_id')[0]
self.logger.debug(session_id)
input_account = req.get_param('account')
input_password = req.get_param('password')
if security_config[ConfigKey.CONF_KEY_SYSTEM_SECURITY_MODE] == Const.AUTHENTICATION_MODE_DEBUG:
# DEBUG mode.
if input_account == security_config[ConfigKey.CONF_KEY_SYSTEM_SECURITY_USER] and input_password == security_config[ConfigKey.CONF_KEY_SYSTEM_SECURITY_PASSWORD]:
session_service = SessionUtility.get_session_service()
session_data = session_service.createUserSession(
security_config[ConfigKey.CONF_KEY_SYSTEM_SECURITY_USER],
Const.ROLE_ADMIN,
'Administrator',
'Adam',
datetime.now()
)
session_service.set_session(session_id, session_data)
self.logger.info(
"Login success. account: {0}, session_id: {1}".format(input_account, session_id))
raise falcon.HTTPFound('/')
else:
resp.status = falcon.HTTP_200
resp.body = self.get_content(
'login.html.j2', {'title': 'Login', 'error_message': 'Access denied.'})
self.logger.info(
'Login denied. Account: {0}'.format(input_account))
else:
# Product mode.
resp.status = falcon.HTTP_200
try:
session = Session()
user = session.query(User).filter_by(
account=input_account).first()
self.logger.debug(str(user))
if checkpw(input_password.encode('utf-8'), user.password.encode('utf-8')):
session_service = SessionUtility.get_session_service()
session_data = session_service.createUserSession(
user.account,
user.role_id,
user.username,
user.nickname,
datetime.now()
)
session_service.set_session(session_id, session_data)
self.logger.info(
"Login success. account: {0}, session_id: {1}".format(input_account, session_id))
raise falcon.HTTPFound('/')
else:
resp.body = self.get_content(
'login.html.j2', {'title': 'Login', 'error_message': 'Access denied.'})
self.logger.info(
'Login denied. Account: {0}'.format(input_account))
except falcon.HTTPFound as e:
raise e
except Exception as e:
resp.body = self.get_content(
'login.html.j2', {'title': 'Login', 'error_message': 'Access denied.'})
self.logger.info(
'Login denied. Account: {0}, message: {1}'.format(input_account, str(e)))
finally:
session.close()
class PasswordManager(object):
def __init__(self, username, passlist_path, max_passwords, display):
self.passlist = []
self.session = None
self.resume = False
self.is_alive = True
self.is_read = False
self.display = display
self.fingerprint = None
self.username = username
self.passwords_removed = 0
self.passlist_path = passlist_path
self.max_passwords = max_passwords
Display.total_lines = self.count_lines()
@property
def list_size(self):
return len(self.passlist)
def list_add(self, password):
if not password in self.passlist:
self.passlist.append(password)
def list_remove(self, password):
if password in self.passlist:
self.attempts += 1
self.passlist.pop(self.passlist.index(password))
self.session.write(self.attempts, self.passlist)
def count_lines(self):
lines = 0
fingerprint = (sha256(
self.username.lower().strip().encode()).hexdigest().encode())
self.display.info("Reading wordlist ...")
with io.open(self.passlist_path, mode="rb") as f:
for data in f:
lines += 1
chunk = sha256(data).hexdigest().encode()
fingerprint = sha256(fingerprint + chunk).hexdigest().encode()
self.fingerprint = fingerprint
self.session = Session(self.fingerprint)
return lines
def read(self):
attempts = 0
with io.open(self.passlist_path, mode="rt",
encoding="utf-8") as passlist:
for password in passlist:
if not self.is_alive:
break
if self.resume:
self.attempts, self.passlist = self.session.read()
if attempts < (self.attempts + self.list_size):
attempts += 1
continue
else:
self.resume = False
password = (password.replace("\n",
"").replace("\r",
"").replace("\t", ""))
if self.list_size < self.max_passwords:
self.list_add(password)
else:
while (self.list_size >= self.max_passwords
and self.is_alive):
sleep(0.5)
if self.is_alive:
self.list_add(password)
self.session.write(self.attempts, self.passlist)
if self.is_alive:
self.is_read = True
@property
def attempts(self):
return self.passwords_removed
@attempts.setter
def attempts(self, n):
self.passwords_removed = n
def start(self):
self.read()
def stop(self):
self.is_alive = False
def test_create_master(init_db):
os_types = [
{
"os_type": "Linux",
"os_version": "Ubuntu 16.04"
},
{
"os_type": "Linux",
"os_version": "Ubuntu 18.04"
}
]
servers = [
{
'common': {
'ip' : '192.168.3.4',
'hostname' : 'iris',
'rolename' : 'Infra Server#1',
'type_cd' : 'infra',
'group_cd' : '1',
'region' : 'east_japan',
'zone' : 'rack_1',
'description' : ''
},
'spec': {
'os_id' : "Ubuntu 18.04",
'cpu_core' : 4,
'memory' : 32*1024**2,
'swap' : 8*1024**2,
'system_storage' : 500*1024**2,
'data_storage_1' : None,
'data_storage_2' : None,
'data_storage_3' : None,
'data_storage_4' : None,
'nic_type_1' : None,
'nic_type_2' : None,
'nic_type_3' : None,
'nic_type_4' : None,
'ext_device_1' : None,
'ext_device_2' : None,
'ext_device_3' : None,
'ext_device_4' : None
},
'app':[
{'name':'Hypervisor', 'desc':'KVM', 'note':''}
]
},
{
'common': {
'ip' : '192.168.3.10',
'hostname' : 'rose',
'rolename' : 'Docker Server#1',
'type_cd' : 'ap',
'group_cd' : '2',
'region' : 'east_japan',
'zone' : 'rack_1',
'description' : ''
},
'spec': {
'os_id' : "Ubuntu 18.04",
'cpu_core' : 2,
'memory' : 8*1024**2,
'swap' : 2*1024**2,
'system_storage' : 50*1024**2,
'data_storage_1' : None,
'data_storage_2' : None,
'data_storage_3' : None,
'data_storage_4' : None,
'nic_type_1' : None,
'nic_type_2' : None,
'nic_type_3' : None,
'nic_type_4' : None,
'ext_device_1' : None,
'ext_device_2' : None,
'ext_device_3' : None,
'ext_device_4' : None
},
'app':[
{'name':'Container', 'desc':'Docker', 'note':''},
{'name':'Database', 'desc':'PostgreSQL', 'note':''},
{'name':'Database', 'desc':'MongoDB', 'note':''},
{'name':'Database', 'desc':'Elasticsearch', 'note':''}
]
},
{
'common': {
'ip' : '192.168.3.2',
'hostname' : 'lily',
'rolename' : 'Network Server#1',
'type_cd' : 'nw',
'group_cd' : '1',
'region' : 'east_japan',
'zone' : 'rack_1',
'description' : ''
},
'spec': {
'os_id' : "Ubuntu 18.04",
'cpu_core' : 1,
'memory' : 2*1024**2,
'swap' : 2*1024**2,
'system_storage' : 30*1024**2,
'data_storage_1' : None,
'data_storage_2' : None,
'data_storage_3' : None,
'data_storage_4' : None,
'nic_type_1' : None,
'nic_type_2' : None,
'nic_type_3' : None,
'nic_type_4' : None,
'ext_device_1' : None,
'ext_device_2' : None,
'ext_device_3' : None,
'ext_device_4' : None
},
'app':[
{'name':'Proxy', 'desc':'nginx', 'note':''}
]
},
{
'common': {
'ip' : '192.168.3.5',
'hostname' : 'lotus',
'rolename' : 'NFS Server#1',
'type_cd' : 'nw',
'group_cd' : '1',
'region' : 'east_japan',
'zone' : 'rack_1',
'description' : ''
},
'spec': {
'os_id' : "Ubuntu 18.04",
'cpu_core' : 1,
'memory' : 2*1024**2,
'swap' : 2*1024**2,
'system_storage' : 30*1024**2,
'data_storage_1' : None,
'data_storage_2' : None,
'data_storage_3' : None,
'data_storage_4' : None,
'nic_type_1' : None,
'nic_type_2' : None,
'nic_type_3' : None,
'nic_type_4' : None,
'ext_device_1' : None,
'ext_device_2' : None,
'ext_device_3' : None,
'ext_device_4' : None
},
'app':[
{'name':'nfs', 'desc':'samba', 'note':''}
]
},
{
'common': {
'ip' : '192.168.3.21',
'hostname' : 'daisy',
'rolename' : 'Gitlab Server#1',
'type_cd' : 'ap',
'group_cd' : '2',
'region' : 'east_japan',
'zone' : 'rack_1',
'description' : ''
},
'spec': {
'os_id' : "Ubuntu 18.04",
'cpu_core' : 1,
'memory' : 6*1024**2,
'swap' : 2*1024**2,
'system_storage' : 30*1024**2,
'data_storage_1' : None,
'data_storage_2' : None,
'data_storage_3' : None,
'data_storage_4' : None,
'nic_type_1' : None,
'nic_type_2' : None,
'nic_type_3' : None,
'nic_type_4' : None,
'ext_device_1' : None,
'ext_device_2' : None,
'ext_device_3' : None,
'ext_device_4' : None
},
'app':[
{'name':'Application', 'desc':'Gitlab', 'note':''}
]
}
]
nic_types = [
{
'type_name' : '10BASE-T',
'link_speed' : 10
},
{
'type_name' : '100BASE-T',
'link_speed' : 100
},
{
'type_name' : '1000BASE-T',
'link_speed' : 1000
},
{
'type_name' : '10GBASE-T',
'link_speed' : 10000
},
{
'type_name' : '802.11b_11',
'link_speed' : 11
},
{
'type_name' : '802.11b_22',
'link_speed' : 22
},
{
'type_name' : '802.11a',
'link_speed' : 54
},
{
'type_name' : '802.11g',
'link_speed' : 54
},
{
'type_name' : '802.11n_150',
'link_speed' : 150
},
{
'type_name' : '802.11n_300',
'link_speed' : 300
},
{
'type_name' : '802.11n_450',
'link_speed' : 450
},
{
'type_name' : '802.11ac_433',
'link_speed' : 433
},
{
'type_name' : '802.11ac_866',
'link_speed' : 866
},
{
'type_name' : '802.11ac_1300',
'link_speed' : 1300
},
{
'type_name' : '802.11ac_1733',
'link_speed' : 1733
},
{
'type_name' : '802.11ac_2600',
'link_speed' : 2600
},
{
'type_name' : '802.11ac_3467',
'link_speed' : 3467
},
{
'type_name' : '802.11ac_6933',
'link_speed' : 6933
},
{
'type_name' : '802.11ax_*',
'link_speed' : 0
}
]
session = Session()
try:
session.query(Server).delete()
session.query(Specification).delete()
session.query(NicType).delete()
session.query(Os).delete()
session.query(Application).delete()
for e in os_types:
os_type = Os(os_type=e['os_type'], os_version=e['os_version'])
session.add(os_type)
for e in nic_types:
nic_type = NicType(type_name=e['type_name'], link_speed=e['link_speed'])
session.add(nic_type)
for sv in servers:
common = sv["common"]
spec = sv["spec"]
server = Server(ip=common['ip'], hostname=common['hostname'], rolename=common['rolename'], type_cd=common['type_cd'], group_cd=common['group_cd'], region=common['region'], zone=common['zone'], description=common['description'])
session.add(server)
t_server = session.query(Server).filter_by(hostname=common['hostname']).first()
t_os = session.query(Os).filter_by(os_version=spec['os_id']).first()
spec = Specification(server_id=t_server.id, os_id=t_os.id, cpu_core=spec['cpu_core'], memory=spec['memory'], swap=spec['swap'], system_storage=spec['system_storage'], data_storage_1=spec['data_storage_1'], data_storage_2=spec['data_storage_2'], data_storage_3=spec['data_storage_3'], data_storage_4=spec['data_storage_4'], nic_type_1=spec['nic_type_1'], nic_type_2=spec['nic_type_2'], nic_type_3=spec['nic_type_3'], nic_type_4=spec['nic_type_4'], ext_device_1=spec['ext_device_1'], ext_device_2=spec['ext_device_2'], ext_device_3=spec['ext_device_3'], ext_device_4=spec['ext_device_4'])
session.add(spec)
for app in sv["app"]:
t_app = Application(server_id=t_server.id, application_name=app['name'], application_desc=app['desc'], note=app['note'])
session.add(t_app)
session.commit()
except:
session.rollback()
raise
finally:
session.close()
assert True
def test_create_user(init_db):
user_roles = [
{
"role_type": "admin"
},
{
"role_type": "user"
}
]
users = [
{
"account": "admin",
"password": "******",
"username": "******",
"nickname": "admin",
"role_id": "admin",
"mail": "*****@*****.**",
},
{
"account": "test1",
"password": "******",
"username": "******",
"nickname": "test1",
"role_id": "user",
"mail": "*****@*****.**",
},
{
"account": "test2",
"password": "******",
"username": "******",
"nickname": "test2",
"role_id": "user",
"mail": "*****@*****.**",
}
]
session = Session()
try:
session.query(Role).delete()
session.query(User).delete()
for e in user_roles:
role = Role(role_type=e['role_type'])
session.add(role)
for e in users:
salt = bcrypt.gensalt(rounds=10, prefix=b'2a')
role = session.query(Role).filter_by(role_type=e['role_id']).first()
user = User(account=e['account'], password=bcrypt.hashpw(e['password'].encode('utf-8'), salt).decode(), username=e['username'], nickname=e['nickname'], role_id=role.id, mail=e['mail'])
session.add(user)
session.commit()
except:
session.rollback()
raise
finally:
session.close()
assert True
def on_post(self, req, resp):
resp.status = falcon.HTTP_200
index = {
'title': 'Search User',
'users': [],
'roles': get_role(),
'input_account': '',
'input_username': '',
'input_nickname': '',
'input_mail': '',
'error_message': ''
}
index['input_account'] = req.get_param('form-input-account')
index['input_selected_role'] = req.get_param('form-select-role')
index['input_password'] = req.get_param('form-input-password')
index['input_username'] = req.get_param('form-input-username')
index['input_nickname'] = req.get_param('form-input-nickname')
index['input_mail'] = req.get_param('form-input-mail')
self.logger.debug(index['input_account'])
self.logger.debug(index['input_selected_role'])
self.logger.debug(index['input_password'])
self.logger.debug(index['input_username'])
self.logger.debug(index['input_nickname'])
self.logger.debug(index['input_mail'])
if len(index['input_password']) < 8:
index['error_message'] = Message.RESPONSE_REQUEST_INPUT_PASSWORD_LENGTH_ERROR
resp.body = self.get_content('user_add.html.j2', index)
return
try:
session = Session()
role = session.query(Role).filter_by(
id=index['input_selected_role']).first()
hashed_password = bcrypt.hashpw(index['input_password'].encode(
'utf-8'), bcrypt.gensalt(rounds=10, prefix=b'2a'))
user = User(account=index['input_account'], password=hashed_password.decode(
), username=index['input_username'], nickname=index['input_nickname'], role_id=role.id, mail=index['input_mail'])
session.add(user)
session.commit()
except IntegrityError as e:
self.logger.warning(e)
index['error_message'] = Message.RESPONSE_DATABASE_DUPLICATE_COMMIT_ERROR
except Exception as e:
self.logger.error(e)
resp.status = falcon.HTTP_500
raise falcon.HTTP_INTERNAL_SERVER_ERROR
finally:
session.close()
index['error_message'] = '{0} :[{1}]'.format(
Message.RESPONSE_USER_CREATED, index['input_account'])
index['input_account'] = ''
index['input_selected_role'] = 0
index['input_password'] = ''
index['input_username'] = ''
index['input_nickname'] = ''
index['input_mail'] = ''
resp.body = self.get_content('user_add.html.j2', index)