anamo 0.9.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 504309d5a14cbe13c3b572643afb38c3e960b423
+  data.tar.gz: 09b8f9233c8d961164c53aedead7a42cb68dad62
+SHA512:
+  metadata.gz: 08b1b18913fa75be9774a94604cc3e92d4476e8f0d5b4ef06716f9545af6a00e3b1a3354c07347514c1889ca637069a6da6fb00d756faef073c586ea52766d0f
+  data.tar.gz: 74dd5c4e06451d488a49a0534a6cd268c7a28e673c2a73b35ab6cf346782f7ff1bb56c94530a24f995f20a0f76186be471139b72346c68fa38c6f8e866eb6abd

data/LICENSE

@@ -0,0 +1,16 @@
+1. General. All code in this repository is the intellectual property of US ProTech, Inc (hereafter “USPT”) and is referred to herein as the "Software." The Software (whether on disk, in read only memory, on any other media or in any other form) is licensed, not sold, to you by USPT for use only under the terms of this License, and USPT reserves all rights not expressly granted to you. The rights granted herein are limited to USPT’s intellectual property rights in the USPT Software and do not include any other patents or intellectual property rights. You own the media on which the USPT Software is recorded but USPT and/or USPT’s licensor(s) retain ownership of the Software itself.
+
+2. Permitted License Uses and Restrictions. This License allows you to install and use one (1) copy of the Software on a single device or computer at a time. This License does not allow the Software to exist on more than one such device or computer at a time, and you may not make the Software available over a network where it could be used by multiple devices or multiple computers at the same time.
+
+3. Except as and only to the extent expressly permitted in this License or by applicable law, you may not copy, distrubute, or make commercially available to any party, for any purpose, the source code or create derivative works of the Software or any part thereof. Any attempt to do so is a violation of the rights of USPT and any of its licensors of the Software which may from time to time exist. If you breach this restriction, you may be subject to prosecution and damages under Title 17 of the United States Code and other applicable state and federal laws.
+
+4. The Software is not intended for any use in which the failure of the Software could lead to death, personal injury, emotional distress, or severe physical or environmental damage. 
+
+5. You may not rent, lease, lend or sublicense the Software to any party, for any purpose, without the express, written consent of USPT.
+
+6. This License is effective until terminated. Your rights under this License will terminate automatically without notice from USPT if you fail to comply with any term(s) of this License. Upon the termination of this License, you shall cease all use of the USPT Software and destroy all copies, full or partial, of the USPT Software.
+
+7. Limitation of Liability: TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT SHALL USPT BE LIABLE FOR PERSONAL INJURY, OR ANY INCIDENTAL, SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES WHATSOEVER, INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES, ARISING OUT OF OR RELATED TO YOUR USE OR INABILITY TO USE THE SOFTWARE, HOWEVER CAUSED, REGARDLESS OF THE THEORY OF LIABILITY (CONTRACT, TORT OR OTHERWISE) AND EVEN IF DANGER HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THE LIMITATION OF LIABILITY FOR PERSONAL INJURY, OR OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS LIMITATION MAY NOT APPLY TO YOU. In no event shall USPT’s total liability to you for all damages (other than as may be required by applicable law in cases involving personal injury) exceed the amount of twenty dollars ($20.00) in United States currency. The foregoing limitations will apply even if the above stated remedy fails of its essential purpose.
+
+8. Controlling Law and Severability and Choice of Forum. This License will be governed by and construed in accordance with the laws of the State of California, as applied to agreements entered into and to be performed entirely within California between California residents, without giving any effect to the choice of laws provisions of the State of California. Furthermore, you hereby agree that all matters relating to your access to, and use of, all portions and features of the Software, including all legal disputes and complaints (including those involving this License), shall be governed by the laws of the United States and by the laws of the State of California without regard to its conflicts of laws provisions. This License shall not be governed by the United Nations Convention on Contracts for the International Sale of Goods, the application of which is expressly excluded. If for any reason a court of competent jurisdiction finds any provision, or portion thereof, to be unenforceable, the remainder of this License shall continue in full force and effect. You agree that the only courts in which you will bring lawsuits concerning the application or enforcement of this License are courts of competent jurisdiction located in the State of California in the County of Orange and you consent to the exercise of jurisdiction by any such court. You hereby hereby agree to the personal jurisdiction by, and venue in, the state and federal courts in Orange County, California, and waive any legal objection to such jurisdiction and venue. You irrevocably waive any objection on the grounds of venue, forum non-conveniens, fairness, notice, or any similar grounds and irrevocably consent to service of process by mail or in any other manner permitted by applicable law and consent to the jurisdiction of the aforementioned courts. You agree that USPT shall have the option, in the event of a dispute arising out of or relating to this License, to submit any such dispute(s) to arbitration in Orange County, California, pursuant to the rules of the American Arbitration Association. You agree that the decision of the Arbitrator shall be final and binding on you and that judgment upon the award may be entered in any of the aforementioned courts.
+

data/README.md

@@ -0,0 +1,98 @@
+The `anamo` gem provides a beacon that collects system telemetry for a client and delivers it to Anamo for analysis.
+
+This gem requires **Ruby 2.2+** and is compatible with **RPM-based** and **Debian-based** systems.
+
+## Requirements
+
+The Anamo beacon has the following requirements:
+
+* RPM-based or Debian-based System
+* Ruby 2.2+
+* Bundler
+
+For full effectiveness, `netstat` or `nmap` should be installed.
+
+## Setup
+
+To setup the beacon, run the following:
+
+```
+anamo setup
+```
+
+The output should be:
+```
+[root@localhost bin]# anamo setup
+The Anamo configuration setup tool will walk you through the process
+of defining your configuration for:
+
+    /etc/anamo.conf.yml
+
+What is your Anamo API key?
+ [User Note: input your company's API Key here, which you may find at: https://anamo.io/settings/licenses/api-keys]
+
+Your configuration file:
+
+---
+api_key: [User-supplied API key]
+
+Would you like to save this file now? ("y" to save) y
+Configurated saved at: /etc/anamo.conf.yml
+```
+
+Upon completion, a configuration file will be written to `/etc/anamo.conf.yml`.
+
+For provisioned systems, one may also directly write `/etc/anamo.conf.yml`, minimally with:
+
+```
+---
+api_key: YOUR_API_KEY
+```
+
+A valid API key is required in order to send data to `anamo.io`.
+
+## Usage
+
+To start the Anamo beacon:
+
+```
+# anamo start
+```
+
+To check the status of the Anamo beacon:
+
+```
+# anamo status
+```
+
+To stop the Anamo beacon:
+
+```
+# anamo stop
+```
+
+A full set of options:
+
+```
+Usage: anamo <command> <options> -- <application options>
+
+* where <command> is one of:
+  start         start an instance of the application
+  stop          stop all instances of the application
+  restart       stop all instances and restart them afterwards
+  reload        send a SIGHUP to all instances of the application
+  run           start the application and stay on top
+  zap           set the application to a stopped state
+  status        show status (PID) of application instances
+
+* and where <options> may contain several of the following:
+
+    -t, --ontop                      Stay on top (does not daemonize)
+    -s, --shush                      Silent mode (no output to the terminal)
+    -f, --force                      Force operation
+    -n, --no_wait                    Do not wait for processes to stop
+
+Common options:
+    -h, --help                       Show this message
+        --version                    Show version
+```

data/bin/anamo

@@ -0,0 +1,47 @@
+#!/usr/bin/env ruby
+
+require 'daemons'
+
+# check for "anamo start -- /path/to/config.yml"
+if ARGV[2]
+  path = ARGV[2]
+# otherwise use system path
+else
+  path = '/etc/anamo.conf.yml'
+end
+
+unless ARGV[0] == 'setup'
+
+    if File.exists? path
+
+      Daemons.run "#{File.dirname File.dirname __FILE__}/lib/anamo/runner.rb",
+        app_name: 'anamo',
+        multiple: false,
+        monitor: true,
+        log_output: true,
+        dir: '/var/log/anamo',
+        force_kill_waittime: 15,
+        dir_mode: :system
+
+    else
+
+      $stderr.puts ""
+      $stderr.puts "No configuration file defined at `#{path}`. "
+      $stderr.puts ""
+      $stderr.puts "To configure this file, use:"
+      $stderr.puts ""
+      $stderr.puts "  anamo setup -- #{path}"
+      $stderr.puts ""
+
+    end
+
+else
+
+  require 'anamo/thor'
+
+  cmd = ::Anamo::Node::Thor.new
+  cmd.options = {}
+  cmd.set_config_file_path path
+  cmd.configure
+
+end

data/bin/anamo_cli

@@ -0,0 +1,5 @@
+#!/usr/bin/env ruby
+
+require 'anamo/thor'
+
+::Anamo::Thor.start

data/lib/anamo/api.rb

@@ -0,0 +1,93 @@
+require "net/http"
+require 'net/http/post/multipart'
+require 'yaml'
+
+module Anamo
+  class Api
+
+    def initialize
+      @api_base_url = 'https://anamo.io/api'
+      @config = YAML.load_file "/etc/anamo.conf.yml"
+      @client_key = File.exists?("/etc/anamo.client.key") ? File.open("/etc/anamo.client.key", 'rb') { |f| f.read } : nil
+    end
+
+    def make_url path
+      "#{@api_base_url}/#{path}"
+    end
+
+    def make_uri path
+      URI.parse make_url path
+    end
+
+    def do_post path, &block
+      uri = make_uri path
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+      request = Net::HTTP::Post.new(uri.request_uri)
+      request['X-UPTB-Client-Key'] = @client_key if @client_key
+      instance_exec request, http, &block
+      http.request(request)
+    end
+
+    def do_multipart_post path, files
+      uri = make_uri path
+      request = Net::HTTP::Post::Multipart.new uri.path, files
+      request['X-UPTB-Client-Key'] = @client_key if @client_key
+      Net::HTTP.start(uri.host, uri.port, :use_ssl => true) do |http|
+        http.request(request)
+      end
+    end
+
+    def post_fstree data_files
+      response = do_multipart_post 'fstree', data_files
+      raise 'Send failure' if !response.is_a?(Net::HTTPOK)
+      response
+    end
+
+    def post_users data
+      response = do_post 'users' do |request|
+        request.body = data
+        request["Content-Type"] = "text/plain"
+      end
+      raise 'Send failure' if !response.is_a?(Net::HTTPOK)
+      response
+    end
+
+    def post_groups data
+      response = do_post 'groups' do |request|
+        request.body = data
+        request["Content-Type"] = "text/plain"
+      end
+      raise 'Send failure' if !response.is_a?(Net::HTTPOK)
+      response
+    end
+
+    def post_ports data
+      response = do_post 'ports' do |request|
+        request.body = data
+        request["Content-Type"] = "application/json"
+      end
+      raise 'Send failure' if !response.is_a?(Net::HTTPOK)
+      response
+    end
+
+    def post_pkgver data
+      response = do_post 'pkgver' do |request|
+        request.body = data
+        request["Content-Type"] = "application/json"
+      end
+      raise 'Send failure' if !response.is_a?(Net::HTTPOK)
+      response
+    end
+
+    def post_node data
+      response = do_post 'node' do |request|
+        request.body = data
+        request["Content-Type"] = "application/json"
+      end
+      #raise 'Send failure' if !response.is_a?(Net::HTTPOK)
+      response
+    end
+
+  end
+end

data/lib/anamo/fstree/thor.rb

@@ -0,0 +1,226 @@
+require 'thor'
+require 'benchmark'
+require 'zlib'
+require 'fileutils'
+require 'anamo/api'
+
+module Anamo
+  module Fstree
+
+    class Writer
+
+      def initialize path = '.', prefix = nil, base_path = '/'
+        @row_count = 0
+        @previous_row = nil
+        @handle = nil
+        @files_per_file = 1000000
+        @path = path
+        @prefix = prefix
+        @base_path = base_path
+        init_handle
+      end
+
+      def init_handle
+        @handle = Zlib::GzipWriter.open("#{@path}/#{@prefix ? "#{@prefix}-" : ""}#{(@row_count/@files_per_file).round}.gz")
+        @handle.write "[#{@base_path}]\n"
+      end
+
+      def close_handle
+        @handle.close if @handle
+      end
+
+      def reinit_handle
+        close_handle
+        GC.start
+        init_handle
+      end
+
+      def add_row row
+        reinit_handle if @row_count > 0 && @row_count % @files_per_file == 0
+        [0,2,3,4,5].each { |i| row[i] = '' if @previous_row[i] == row[i] } if @previous_row
+        @handle.write "#{row.join(',')}\n"
+        @row_count = @row_count + 1
+        @previous_row = row
+      end
+
+      def close
+        @handle.close
+      end
+
+    end
+
+    class Traverser
+
+      attr_reader :base_path
+
+      def initialize base_path = '/', writer = Writer.new, max_depth = 2, exclusions = []
+        @max_depth = max_depth
+        @base_path = base_path
+        @writer = writer
+        @exclusions = exclusions
+      end
+
+      def compute
+        walk_path @base_path
+        @writer.close
+      end
+
+      private
+
+      def walk_path path, parent_data = {}, depth = 0
+
+        begin
+          return if @exclusions.include? File.realpath(path) # path is in excluded set
+        rescue
+          return # path does not exist
+        end
+
+        begin
+          stat = File.stat(path)
+        rescue
+          stat = nil
+        end
+
+        # TODO: escape base name!!!!
+        data = [depth, File.basename(path)]
+
+        open_as_directory = false
+
+        if File.symlink? path
+          data << 'sym'
+        elsif File.directory? path
+          open_as_directory = true
+          data << 'd'
+        elsif File.file? path
+          data << 'f'
+        elsif File.socket? path
+          data << 'soc'
+        elsif File.blockdev? path
+          data << 'bd'
+        elsif File.chardev? path
+          data << 'cd'
+        end
+
+        begin
+          data << stat.uid
+        rescue
+          data << '-'
+        end
+
+        begin
+          data << stat.gid
+        rescue
+          data << '-'
+        end
+
+        begin
+          data << stat.mode
+        rescue
+          data << '-'
+        end
+
+        @writer.add_row data
+
+        if open_as_directory
+          sub_depth = depth + 1
+          return if sub_depth > @max_depth
+          Dir["#{path}/*"].each do |sub_path|
+            walk_path sub_path, data, sub_depth
+          end
+        end
+
+      end
+
+    end
+
+    class Thor < ::Thor
+
+      description = "Inspect the file system tree and send the results"
+      desc "fstree exec", description
+      long_desc description
+
+      def exec
+
+        inspect
+        send
+
+      end
+
+      description = "Inspect the file system tree"
+      desc "fstree inspect", description
+      long_desc description
+
+      def inspect
+
+        FileUtils.rm_rf temp_folder
+        FileUtils.mkdir_p temp_folder
+
+        idx = 0
+
+        paths.each do |path, depth|
+          traverser = Traverser.new(path, Writer.new(temp_folder, idx, path), depth, exclusions)
+          traverser.compute
+          idx = idx + 1
+        end
+
+      end
+
+      description = "Send the last version of the file system tree from inspect command to the API"
+      desc "fstree send", description
+      long_desc description
+
+      def send
+
+        files = {}
+        Dir["#{temp_folder}/*"].each do |file|
+          files[File.basename(file, '.*')] = UploadIO.new(File.new(file), "application/gzip", File.basename(file))
+        end
+
+        ::Anamo::Api.new.post_fstree files
+
+      end
+
+      no_commands do
+
+        def set_paths paths
+          @paths = paths
+        end
+
+        def paths
+          if defined? @paths
+            @paths
+          else
+            return {
+              '/' => 2
+            }
+          end
+        end
+
+        def set_exclusions paths
+          @exclusions = paths
+        end
+
+        def exclusions
+          if defined? @exclusions
+            @exclusions
+          else
+            return [
+              '/proc',
+              '/tmp',
+              '/dev',
+              '/run'
+            ]
+          end
+        end
+
+      end
+
+      private
+
+      def temp_folder
+        "/tmp/anamo/fstree"
+      end
+
+    end
+  end
+end

data/lib/anamo/groups/thor.rb

@@ -0,0 +1,52 @@
+require 'etc'
+require 'thor'
+require "net/http"
+require 'anamo/api'
+
+module Anamo
+  module Groups
+
+    class Thor < ::Thor
+
+      description = "Inspect the groups list and send the results"
+      desc "groups exec", description
+      long_desc description
+
+      def exec
+
+        data = inspect false
+        response = ::Anamo::Api.new.post_groups data
+
+      end
+
+      description = "Inspect the groups list"
+      desc "groups inspect", description
+      long_desc description
+
+      def inspect output = true
+
+        un_to_uid = {};
+        gids_from_passwd = {}
+        Etc.passwd do |u|
+          un_to_uid[u.name] = u.uid
+          gids_from_passwd[u.gid] = [] unless gids_from_passwd.has_key? u.gid
+          gids_from_passwd[u.gid] << u.uid unless gids_from_passwd[u.gid].include? u.uid
+        end
+
+        ret = CSV.generate do |csv|
+          Etc.group do |g|
+            uids_in_group = g.mem.map { |un| un_to_uid[un] }
+            uids_in_group += gids_from_passwd[g.gid] if gids_from_passwd.has_key? g.gid
+            csv << [g.gid, g.name, "[#{uids_in_group.uniq.join(',')}]"]
+          end
+        end
+
+        puts ret if output
+
+        ret
+
+      end
+
+    end
+  end
+end

data/lib/anamo/node/thor.rb

@@ -0,0 +1,107 @@
+require 'multi_json'
+require 'thor'
+require 'anamo/api'
+require 'socket'
+require 'yaml'
+
+module Anamo
+  module Node
+
+    class Thor < ::Thor
+
+      description = "Inspect the node, send the results and maintain node state"
+      desc "users exec", description
+      long_desc description
+
+      def exec
+
+        data = inspect false
+        response = ::Anamo::Api.new.post_node MultiJson.dump data
+
+        response_data = MultiJson.load response.body
+        if response_data.respond_to?(:has_key?) and response_data.has_key?('client_key')
+          File.open(key_file, 'w') { |file| file.write response_data['client_key'] }
+          File.chmod(0600, key_file)
+        end
+
+      end
+
+      description = "Inspect the node"
+      desc "node inspect", description
+      long_desc description
+
+      def inspect output = true
+
+        ret = {}
+
+        config = YAML.load_file "/etc/anamo.conf.yml"
+
+        ret['api_key'] = config['api_key']
+        ret['beacon_modules'] = config['modules']
+        ret['node'] = {}
+        ret['node']['hostname'] = Socket.gethostname
+        ret['node']['ips'] = Socket.ip_address_list.map(){ |entry| entry.ip_address }.uniq
+
+        puts ret if output
+
+        ret
+
+      end
+
+      description = "Setup configuration on the node"
+      desc "node configure", description
+      long_desc description
+
+      def configure
+
+        configuration = {}
+
+        say "The Anamo configuration setup tool will walk you through the process\nof defining your configuration for:\n\n", [:green, :bold]
+        say "    #{config_file_path}\n\n", :green
+
+        configuration['api_key'] = ''
+        until configuration['api_key'].strip.length > 0 do
+          configuration['api_key'] = ask "What is your Anamo API key?\n", :bold
+        end
+
+        say "\nYour configuration file:\n\n", [:green, :bold]
+
+        configuration_yaml = YAML.dump configuration
+
+        say configuration_yaml
+
+        if ['yes', 'y'].include? ask("\nWould you like to save this file now? (\"y\" to save)", :bold).downcase
+          File.open(config_file_path, 'w') { |file| file.write configuration_yaml }
+          File.chmod(0600, config_file_path)
+          say "Configurated saved at: #{config_file_path}", [:cyan, :bold]
+        else
+          say 'Configuration not saved.', [:red, :bold]
+        end
+
+      end
+
+      no_commands do
+
+        def set_config_file_path path
+          @config_file_path = path
+        end
+
+        def config_file_path
+          if defined? @config_file_path
+            @config_file_path
+          else
+            return '/etc/anamo.conf.yml'
+          end
+        end
+
+      end
+
+      private
+
+      def key_file
+        "/etc/anamo.client.key"
+      end
+
+    end
+  end
+end

data/lib/anamo/pkgver/thor.rb

@@ -0,0 +1,111 @@
+require 'thor'
+require 'net/http'
+require 'systemu'
+require 'rubygems'
+require 'multi_json'
+require 'anamo/api'
+
+module Anamo
+  module Pkgver
+
+    class Thor < ::Thor
+
+      description = "Inspect installed packages and their versions and send the results"
+      desc "pkgver exec", description
+      long_desc description
+
+      def exec
+
+        data = inspect false
+        ::Anamo::Api.new.post_pkgver MultiJson.dump data
+
+      end
+
+      description = "Inspect installed packages and their versions"
+      desc "pkgver inspect", description
+      long_desc description
+
+      def inspect output = true
+
+        rpm_packages = []
+        status, stdout, stderr = systemu "rpm -qa --qf '%{NAME} %{VERSION} %{RELEASE} %{ARCH}\n'"
+        if status.success?
+          stdout.split("\n").each do |package|
+            package = package.split(' ')
+            rpm_packages << {
+              'n' => package[0],
+              'v' => package[1],
+              'r' => package[2],
+              'a' => package[3]
+            }
+          end
+        else
+          rpm_packages = nil
+        end
+
+        deb_packages = []
+        status, stdout, strerr = systemu "dpkg-query -W -f='${Package} ${Version} ${Architecture}\n'"
+        if status.success?
+          stdout.split("\n").each do |package|
+            package = package.split(' ')
+            deb_packages << {
+              'n' => package[0],
+              'v' => package[1],
+              'a' => package[2]
+            }
+          end
+        else
+          deb_packages = nil
+        end
+
+        gem_packages = []
+        begin
+          Gem::Specification.all = nil # TODO: fix for Debian (can't use all=)
+          Gem::Specification.each do |a|
+            gem_packages << {
+              'n' => a.name,
+              'v' => a.version.to_s
+            }
+          end
+          Gem::Specification.reset
+        rescue
+        end
+
+        npm_packages = nil
+        status, stdout, strerr = systemu "npm list --global --json"
+        if status.success?
+          npm_packages = MultiJson.load(stdout)
+        end
+
+        pip_packages = []
+        status, stdout, strerr = systemu "pip list"
+        if status.success?
+          stdout.split("\n").each do |l|
+            match_data = /(.*) \((.*)\)/.match(l)
+            pip_packages << {
+              'n' => match_data[1],
+              'v' => match_data[2]
+            } if match_data
+          end
+        else
+          pip_packages = nil
+        end
+
+        data = {
+          'gem_packages' => gem_packages
+        }
+
+        data['rpm_packages'] = rpm_packages if rpm_packages
+        data['deb_packages'] = deb_packages if deb_packages
+        data['npm_packages'] = npm_packages if npm_packages
+        data['pip_packages'] = pip_packages if pip_packages
+
+        puts data if output
+
+        data
+
+      end
+
+    end
+  end
+end

data/lib/anamo/ports/thor.rb

@@ -0,0 +1,100 @@
+require 'thor'
+require 'net/http'
+require 'systemu'
+require 'rubygems'
+require 'multi_json'
+require 'anamo/api'
+
+module Anamo
+  module Ports
+
+    class Thor < ::Thor
+
+      description = "Inspect listening ports and send the results"
+      desc "ports exec", description
+      long_desc description
+
+      def exec
+
+        data = inspect false
+        ::Anamo::Api.new.post_ports MultiJson.dump data
+
+      end
+
+      description = "Inspect listening ports"
+      desc "ports inspect", description
+      long_desc description
+
+      def inspect output = true
+
+        netstat_results = nil
+        nmap_results = nil
+
+        status, stdout, stderr = systemu "netstat -lnutp"
+        if status.success?
+          netstat_results = []
+          stdout.split("\n").drop(2).each do |line|
+            cols = line.gsub(/\s+/m, ' ').strip.split(" ")
+            cols.delete_at(5) if cols.length == 7
+            process = cols[5].match(/^([^\/]*)\/(.*)$/)
+            netstat_results << {
+              'proto' => cols[0],
+              'l_addr' => cols[3].split(':')[0],
+              'l_port' => cols[3].split(':')[1],
+              'f_addr' => cols[4].split(':')[0],
+              'f_port' => cols[4].split(':')[1],
+              'p_id' => process[1],
+              'p_name' => process[2]
+            }
+          end
+        end
+
+        l_addr = "127.0.0.1"
+
+        # tcp scan
+        status, stdout, stderr = systemu "nmap -sS --open -p1-65535 #{l_addr}"
+        if status.success?
+          nmap_results = [] unless nmap_results
+          stdout.split("\n").each do |line|
+            cols = line.gsub(/\s+/m, ' ').strip.split(" ")
+            next unless cols.length > 0
+            port_col = cols[0].match(/([^\/]*)\/tcp/)
+            next unless port_col
+            nmap_results << {
+              'proto' => 'tcp',
+              'l_addr' => l_addr,
+              'l_port' => port_col[1]
+            }
+          end
+        end
+
+        status, stdout, stderr = systemu "nmap -sU --open -p1-65535 #{l_addr}"
+        if status.success?
+          nmap_results = [] unless nmap_results
+          stdout.split("\n").each do |line|
+            cols = line.gsub(/\s+/m, ' ').strip.split(" ")
+            next unless cols.length > 0
+            port_col = cols[0].match(/([^\/]*)\/udp/)
+            next unless port_col
+            nmap_results << {
+              'proto' => 'udp',
+              'l_addr' => l_addr,
+              'l_port' => port_col[1]
+            }
+          end
+        end
+
+        data = {}
+
+        data['nmap'] = nmap_results if nmap_results
+        data['netstat'] = netstat_results if netstat_results
+
+        puts data if output
+
+        data
+
+      end
+
+    end
+  end
+end

data/lib/anamo/runner.rb

@@ -0,0 +1,136 @@
+require 'anamo/thor'
+require 'yaml'
+
+if ARGV[0]
+  path = ARGV[0]
+else
+  path = '/etc/anamo.conf.yml'
+end
+
+config = YAML.load_file(path)
+
+unless config.has_key? 'modules'
+  config['modules'] = {
+    'node' => {
+      'frequency' => 60
+    },
+    'fstree' => {
+      'frequency' => 240,
+      'paths' => {
+        '/' => 4
+      },
+      'exclude' => [
+        '/proc',
+        '/tmp',
+        '/dev',
+        '/run'
+      ]
+    },
+    'pkgver' => {
+      'frequency' => 60
+    },
+    'ports' => {
+      'frequency' => 60
+    }
+  }
+end
+
+minutes_running = 0
+
+Dir.chdir(File.dirname File.dirname __FILE__) do
+
+  # initial node setup
+  cmd = ::Anamo::Node::Thor.new
+  cmd.options = {}
+  cmd.exec
+
+  loop do
+
+    if config.has_key?('modules') and config['modules'].has_key?('node')
+
+      frequency = config['modules']['node'].has_key?('frequency') ? config['modules']['node']['frequency'] : 30
+
+      if minutes_running % frequency == 0
+
+        begin
+
+          cmd = ::Anamo::Node::Thor.new
+          cmd.options = {}
+          cmd.exec
+
+        rescue; end
+
+      end
+
+    end
+
+    if config.has_key?('modules') and config['modules'].has_key?('fstree')
+
+      frequency = config['modules']['fstree'].has_key?('frequency') ? config['modules']['fstree']['frequency'] : 30
+
+      if minutes_running % frequency == 0
+
+        begin
+
+          cmd = ::Anamo::Groups::Thor.new
+          cmd.options = {}
+          cmd.exec
+
+          cmd = ::Anamo::Users::Thor.new
+          cmd.options = {}
+          cmd.exec
+
+          cmd = ::Anamo::Fstree::Thor.new
+          cmd.options = {}
+          cmd.set_paths(config['modules']['fstree']['paths']) if config['modules']['fstree'].has_key?('paths')
+          cmd.set_exclusions(config['modules']['fstree']['exclude']) if config['modules']['fstree'].has_key?('exclude')
+          cmd.exec
+
+        rescue; end
+
+      end
+
+    end
+
+    if config.has_key?('modules') and config['modules'].has_key?('pkgver')
+
+      frequency = config['modules']['pkgver'].has_key?('frequency') ? config['modules']['pkgver']['frequency'] : 30
+
+      if minutes_running % frequency == 0
+
+        begin
+
+          cmd = ::Anamo::Pkgver::Thor.new
+          cmd.options = {}
+          cmd.exec
+
+        rescue; end
+
+      end
+
+    end
+
+    if config.has_key?('modules') and config['modules'].has_key?('ports')
+
+      frequency = config['modules']['ports'].has_key?('frequency') ? config['modules']['ports']['frequency'] : 30
+
+      if minutes_running % frequency == 0
+
+        begin
+
+          cmd = ::Anamo::Ports::Thor.new
+          cmd.options = {}
+          cmd.exec
+
+        rescue; end
+
+      end
+
+    end
+
+    minutes_running = minutes_running + 1
+    sleep 60 # wait one minute
+
+  end
+
+end

data/lib/anamo/thor.rb

@@ -0,0 +1,31 @@
+require 'thor'
+require 'anamo/fstree/thor'
+require 'anamo/groups/thor'
+require 'anamo/node/thor'
+require 'anamo/pkgver/thor'
+require 'anamo/ports/thor'
+require 'anamo/users/thor'
+
+module Anamo
+  class Thor < ::Thor
+
+    desc "fstree SUBCOMMAND ...ARGS", "File system tree"
+    subcommand "fstree", ::Anamo::Fstree::Thor
+
+    desc "groups SUBCOMMAND ...ARGS", "Groups"
+    subcommand "groups", ::Anamo::Groups::Thor
+
+    desc "node SUBCOMMAND ...ARGS", "Node"
+    subcommand "node", ::Anamo::Node::Thor
+
+    desc "pkgver SUBCOMMAND ...ARGS", "Package versions"
+    subcommand "pkgver", ::Anamo::Pkgver::Thor
+
+    desc "ports SUBCOMMAND ...ARGS", "Ports"
+    subcommand "ports", ::Anamo::Ports::Thor
+
+    desc "users SUBCOMMAND ...ARGS", "Users"
+    subcommand "users", ::Anamo::Users::Thor
+
+  end
+end

data/lib/anamo/users/thor.rb

@@ -0,0 +1,42 @@
+require 'etc'
+require 'thor'
+require 'csv'
+require 'anamo/api'
+
+module Anamo
+  module Users
+
+    class Thor < ::Thor
+
+      description = "Inspect the user list and send the results"
+      desc "users exec", description
+      long_desc description
+
+      def exec
+
+        data = inspect false
+        ::Anamo::Api.new.post_users data
+
+      end
+
+      description = "Inspect the user list"
+      desc "users inspect", description
+      long_desc description
+
+      def inspect output = true
+
+        ret = CSV.generate do |csv|
+          Etc.passwd do |u|
+            csv << [u.uid, u.gid, u.name, u.gecos, u.dir, u.shell]
+          end
+        end
+
+        puts ret if output
+
+        ret
+
+      end
+
+    end
+  end
+end

data/lib/anamo/version.rb

@@ -0,0 +1,3 @@
+module Anamo
+  VERSION = "0.9.2"
+end

metadata

@@ -0,0 +1,144 @@
+--- !ruby/object:Gem::Specification
+name: anamo
+version: !ruby/object:Gem::Version
+  version: 0.9.2
+platform: ruby
+authors:
+- US ProTech
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-08-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: multipart-post
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: systemu
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: multi_json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: daemons
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Anamo client beacon
+email:
+- alex@usprotech.com
+executables:
+- anamo
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE
+- README.md
+- bin/anamo
+- bin/anamo_cli
+- lib/anamo/api.rb
+- lib/anamo/fstree/thor.rb
+- lib/anamo/groups/thor.rb
+- lib/anamo/node/thor.rb
+- lib/anamo/pkgver/thor.rb
+- lib/anamo/ports/thor.rb
+- lib/anamo/runner.rb
+- lib/anamo/thor.rb
+- lib/anamo/users/thor.rb
+- lib/anamo/version.rb
+homepage: http://anamo.io
+licenses:
+- Nonstandard
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.5.1
+signing_key: 
+specification_version: 4
+summary: This gem provides a beacon that collects system telemetry for a client and
+  delivers it to Anamo for analysis.
+test_files: []