fix 0xrawsec#106: OSQuery deployment

api/adminapi_test.go

@@ -22,7 +22,7 @@ import (
 var (
 	testAdminUser = &AdminAPIUser{
 		Identifier: "test",
-		Key:        KeyGen(DefaultKeySize),
+		Key:        utils.UnsafeKeyGen(DefaultKeySize),
 	}
 )
 
@@ -132,7 +132,7 @@ func getEndpointUUID() string {
 func prepareTest() (m *Manager, c *ManagerClient) {
 	var err error
 
-	key := KeyGen(DefaultKeySize)
+	key := utils.UnsafeKeyGen(DefaultKeySize)
 
 	if m, err = NewManager(&mconf); err != nil {
 		panic(err)

api/api_client.go

@@ -21,8 +21,9 @@ import (
 	"github.com/0xrawsec/golang-utils/fsutil"
 	"github.com/0xrawsec/golang-utils/log"
 	"github.com/0xrawsec/whids/hids/sysinfo"
-	edrOS "github.com/0xrawsec/whids/os"
+	edrOS "github.com/0xrawsec/whids/los"
 	"github.com/0xrawsec/whids/sysmon"
+	"github.com/0xrawsec/whids/tools"
 	"github.com/0xrawsec/whids/utils"
 )
 
@@ -652,6 +653,72 @@ func (m *ManagerClient) GetSysmonConfig(schemaVersion string) (c *sysmon.Config,
 	return
 }
 
+func (m *ManagerClient) ListTools() (t map[string]*tools.Tool, err error) {
+	var req *http.Request
+	var resp *http.Response
+
+	if auth, _ := m.IsServerAuthenticated(); !auth {
+		return nil, ErrServerUnauthenticated
+	}
+
+	if req, err = m.Prepare("GET", EptAPITools, nil); err != nil {
+		return
+	}
+
+	requestAddURLParam(req, qpOS, edrOS.OS)
+
+	if resp, err = m.HTTPClient.Do(req); err != nil {
+		return
+	}
+
+	defer resp.Body.Close()
+
+	if err = ValidateRespStatus(resp, http.StatusOK); err == nil {
+		dec := json.NewDecoder(resp.Body)
+		err = dec.Decode(&t)
+	}
+
+	return
+}
+
+func (m *ManagerClient) GetTool(hash string) (t *tools.Tool, err error) {
+	var req *http.Request
+	var resp *http.Response
+	var tools map[string]*tools.Tool
+
+	if auth, _ := m.IsServerAuthenticated(); !auth {
+		return nil, ErrServerUnauthenticated
+	}
+
+	if req, err = m.Prepare("GET", EptAPITools, nil); err != nil {
+		return
+	}
+
+	requestAddURLParam(req, qpOS, edrOS.OS)
+	requestAddURLParam(req, qpHash, hash)
+	requestAddURLParam(req, qpBinary, "true")
+
+	if resp, err = m.HTTPClient.Do(req); err != nil {
+		return
+	}
+
+	defer resp.Body.Close()
+
+	if err = ValidateRespStatus(resp, http.StatusOK); err == nil {
+		dec := json.NewDecoder(resp.Body)
+		err = dec.Decode(&tools)
+		if len(tools) > 0 {
+			for _, tool := range tools {
+				t = tool
+				break
+			}
+
+		}
+	}
+
+	return
+}
+
 // Close closes idle connections from underlying transport
 func (m *ManagerClient) Close() {
 	m.HTTPClient.CloseIdleConnections()

api/api_client_test.go

@@ -14,7 +14,7 @@ import (
 	"github.com/0xrawsec/golang-utils/fsutil/fswalker"
 	"github.com/0xrawsec/toast"
 	"github.com/0xrawsec/whids/ioc"
-	"github.com/0xrawsec/whids/os"
+	"github.com/0xrawsec/whids/los"
 	"github.com/0xrawsec/whids/sysmon"
 	"github.com/0xrawsec/whids/utils"
 )
@@ -80,8 +80,8 @@ func TestClientContainer(t *testing.T) {
 	niocs := 1000
 	iocs := make([]ioc.IOC, 0, niocs)
 	del := 0
-	guuid := UUIDGen().String()
-	toDelGuuid := UUIDGen().String()
+	guuid := utils.UnsafeUUIDGen().String()
+	toDelGuuid := utils.UnsafeUUIDGen().String()
 	for i := 0; i < niocs; i++ {
 		key := guuid
 		if rand.Int()%3 == 0 {
@@ -90,7 +90,7 @@ func TestClientContainer(t *testing.T) {
 		}
 
 		iocs = append(iocs, ioc.IOC{
-			Uuid:      UUIDGen().String(),
+			Uuid:      utils.UnsafeUUIDGen().String(),
 			GroupUuid: key,
 			Source:    "Test",
 			Value:     fmt.Sprintf("%d.random.com", i),
@@ -223,7 +223,7 @@ func TestClientSysmonConfig(t *testing.T) {
 	// preparing sysmon config structure
 	cfg := &sysmon.Config{}
 	tt.CheckErr(xml.Unmarshal([]byte(sysmonXMLConfig), &cfg))
-	cfg.OS = os.OS
+	cfg.OS = los.OS
 	cfgSha256, err := cfg.Sha256()
 	tt.CheckErr(err)
 

api/command.go

@@ -42,12 +42,14 @@ type Command struct {
 	ExpectJSON bool                     `json:"expect-json"`
 	Timeout    time.Duration            `json:"timeout"`
 	SentTime   time.Time                `json:"sent-time"`
-	runnable   bool
+
+	runnable bool
+	path     []string
 }
 
 // NewCommand creates a new Command to run on an endpoint
 func NewCommand() *Command {
-	id := UUIDGen()
+	id := utils.UnsafeUUIDGen()
 	cmd := &Command{
 		UUID:     id.String(),
 		Drop:     make([]*EndpointFile, 0),
@@ -78,7 +80,7 @@ func (c *Command) AddDropFile(filename, filepath string) error {
 	var err error
 
 	ef := EndpointFile{
-		UUID: UUIDGen().String(),
+		UUID: utils.UnsafeUUIDGen().String(),
 		Name: filename}
 	if ef.Data, err = ioutil.ReadFile(filepath); err != nil {
 		return fmt.Errorf("failed at reading file to drop: %w", err)
@@ -97,7 +99,7 @@ func (c *Command) AddDropFileFromPath(path string) error {
 
 // AddFetchFile adds a file to fetch from the endpoint.
 func (c *Command) AddFetchFile(filepath string) {
-	c.Fetch[filepath] = &EndpointFile{UUID: UUIDGen().String()}
+	c.Fetch[filepath] = &EndpointFile{UUID: utils.UnsafeUUIDGen().String()}
 }
 
 func (c *Command) FromExecCmd(cmd *exec.Cmd) {
@@ -170,6 +172,7 @@ func (c *Command) Run() (err error) {
 		} else {
 			cmd = command.Command(c.Name, c.Args...)
 		}
+
 		defer cmd.Terminate()
 
 		// ToDo consider removing that !

api/endpoint.go

@@ -21,6 +21,7 @@ type Endpoint struct {
 	Score          float64             `json:"score"`
 	Status         string              `json:"status"`
 	SystemInfo     *sysinfo.SystemInfo `json:"system-info,omitempty"`
+	LastEvent      time.Time           `json:"last-event"`
 	LastDetection  time.Time           `json:"last-detection"`
 	LastConnection time.Time           `json:"last-connection"`
 }

api/forwarder_test.go

@@ -168,7 +168,7 @@ func TestForwarderBasic(t *testing.T) {
 	//defer clean(&mconf, &fconf)
 
 	nevents := 1000
-	key := KeyGen(DefaultKeySize)
+	key := utils.UnsafeKeyGen(DefaultKeySize)
 	testfile := "Testlog.gz"
 	mconf.Logging.LogBasename = testfile
 
@@ -211,7 +211,7 @@ func TestCollectorAuthFailure(t *testing.T) {
 
 	nevents := 1000
 	testfile := "TestServerAuthFailure.log.gz"
-	key := KeyGen(DefaultKeySize)
+	key := utils.UnsafeKeyGen(DefaultKeySize)
 	serverKey := "rogueserver"
 	mconf.Logging.LogBasename = testfile
 
@@ -227,7 +227,7 @@ func TestCollectorAuthFailure(t *testing.T) {
 	defer r.Shutdown()
 
 	fconf.Client.Key = key
-	fconf.Client.ServerKey = KeyGen(DefaultKeySize)
+	fconf.Client.ServerKey = utils.UnsafeKeyGen(DefaultKeySize)
 	f, err := NewForwarder(&fconf)
 	if err != nil {
 		t.Errorf("Failed to create collector: %s", err)
@@ -258,8 +258,8 @@ func TestCollectorAuthSuccess(t *testing.T) {
 
 	nevents := 1000
 	testfile := "TestServerAuthSuccess.log.gz"
-	key := KeyGen(DefaultKeySize)
-	serverKey := KeyGen(DefaultKeySize)
+	key := utils.UnsafeKeyGen(DefaultKeySize)
+	serverKey := utils.UnsafeKeyGen(DefaultKeySize)
 	mconf.Logging.LogBasename = testfile
 	mconf.EndpointAPI.ServerKey = serverKey
 
@@ -310,7 +310,7 @@ func TestForwarderParallel(t *testing.T) {
 	nclients, nevents := 1000, 1000
 	wg := sync.WaitGroup{}
 	testfile := "TestCollectorParallel.log.gz"
-	key := KeyGen(DefaultKeySize)
+	key := utils.UnsafeKeyGen(DefaultKeySize)
 	mconf.Logging.LogBasename = testfile
 
 	r, err := NewManager(&mconf)
@@ -361,7 +361,7 @@ func TestForwarderQueueBasic(t *testing.T) {
 	//outfile := fmt.Sprintf("%s.1", testfile)
 
 	// Initialize the receiver
-	key := KeyGen(DefaultKeySize)
+	key := utils.UnsafeKeyGen(DefaultKeySize)
 	mconf.Logging.LogBasename = testfile
 	clean(&mconf, &fconf)