nexpose_pxgrid 0.1.5-java → 0.1.6-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +50 -7
- data/bin/{pxnx.rb → nexpose_pxgrid} +19 -10
- data/lib/pxnx_jruby/config/encryption.config +20 -0
- data/lib/pxnx_jruby/config/pxnx.config +5 -0
- data/lib/pxnx_jruby/connection.rb +1 -1
- data/lib/pxnx_jruby/nexpose_connection.rb +15 -6
- data/lib/pxnx_jruby/utilities/config_parser.rb +141 -0
- data/lib/pxnx_jruby/utilities/gem_options.rb +91 -0
- data/lib/pxnx_jruby/{nx_logger.rb → utilities/nx_logger.rb} +0 -0
- data/lib/pxnx_jruby/version.rb +1 -1
- metadata +47 -29
- data/.gitignore +0 -12
- data/.travis.yml +0 -4
- data/Rakefile +0 -31
- data/pxnx.gemspec +0 -28
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9f3dd786f91f67ebfedddc7e245d0dc91342a81f
|
4
|
+
data.tar.gz: 7e347687d3a930eb6ce1b6f8bcd0542cdb06b167
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8dfe8962967e0b7fe97418862db36686ef384e18c946f235abe6118eb1502a5d958a370a9c0739837240723ce389bc6edbdfedbb43c2457d0ed378fff4a7c3dd
|
7
|
+
data.tar.gz: 32eeb3cb67ec67f6679f7b168bb1eaea355a88626ec586ad01ec63dabd97abed26d7520b823a1dd9f141a0a7402c145723985801fa8f46c0845824657f704def
|
data/README.md
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
This is the official gem package for the Nexpose Cisco PxGrid Integration.
|
4
4
|
|
5
|
-
For assistance with using the gem please email the Rapid7
|
5
|
+
For assistance with using the gem please email the Rapid7 support team at support@rapid7.com.
|
6
6
|
|
7
7
|
## Installation
|
8
8
|
|
@@ -37,18 +37,48 @@ Also, the user must be part of the EPS group.
|
|
37
37
|
|
38
38
|
## Usage
|
39
39
|
|
40
|
-
To use the PxGrid integration after installing the gem and configuring the Cisco ISE:
|
41
|
-
|
42
|
-
*
|
43
|
-
|
40
|
+
To use the PxGrid integration after installing the gem and configuring the Cisco ISE:
|
41
|
+
|
42
|
+
* Set up the KeyStore and TrustStore using certificates from the machine running the integration as well as the Cisco ISE installation.
|
43
|
+
Please request documentation for this integration from support if you require more information on how set up the certificate stores, or see the Cisco PxGrid documentation.
|
44
|
+
* Edit the pxnx.config file under the gem config folder and add the necessary data.
|
45
|
+
* Set up the necessary Environment variables, containing information on the ISE instance, as listed in the documentation.
|
46
|
+
* Run the nexpose_pxgrid file from within the bin folder.
|
47
|
+
If the gem was installed via RubyGems, calling the command `jruby nexpose_pxgrid` should suffice.
|
48
|
+
|
49
|
+
Note: The gem is usually installed under
|
44
50
|
|
45
|
-
Note: Gem is usually installed under
|
46
51
|
* Windows: C:\Ruby\<version\>\lib\ruby\gems\version\gems
|
47
|
-
* Linux: /var/lib/gems/\<version\>/gems/
|
52
|
+
* Linux: /var/lib/gems/\<version\>/gems/
|
48
53
|
Please refer to your particular Ruby documentation for actual installation folder.
|
49
54
|
|
50
55
|
A logger is also implemented by default, and the log can be found under `/var/lib/logs/`; please refer to the log file in case of an error.
|
51
56
|
|
57
|
+
### Encryption Settings
|
58
|
+
|
59
|
+
The usernames and passwords within the configuration files are automatically encrypted when the integration runs. The key and IV files used during encryption/decryption are saved within the config folder by default.
|
60
|
+
|
61
|
+
#### Setting Custom Locations for Encryption Files
|
62
|
+
|
63
|
+
To set custom locations for the key and IV files, update the following values within the encryption.config file:
|
64
|
+
|
65
|
+
- key_filename - The absolute path to where the key file will be created.
|
66
|
+
- iv_file - The absolute path to where the IV file will be created.
|
67
|
+
|
68
|
+
To set a custom path after the integration has already executed, the files must be moved to the new location manually.
|
69
|
+
|
70
|
+
#### Encrypting the Configuration without running the Integration
|
71
|
+
The Nexpose PxGrid integration can encrypt its configuration file without running the gem. This allows users to secure their login information for future use e.g for use in a cron-schedule.
|
72
|
+
|
73
|
+
The command to do so is:
|
74
|
+
```
|
75
|
+
nexpose_pxgrid -e
|
76
|
+
```
|
77
|
+
or
|
78
|
+
```
|
79
|
+
nexpose_pxgrid --encrypt_config
|
80
|
+
```
|
81
|
+
|
52
82
|
## Development
|
53
83
|
|
54
84
|
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake false` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
@@ -63,3 +93,16 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERN
|
|
63
93
|
|
64
94
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
65
95
|
|
96
|
+
## Changelog
|
97
|
+
|
98
|
+
### 0.1.6
|
99
|
+
Implemented encryption for the configuration file, removing the storage of clear text passwords. Usernames and passwords within the configuration files are now encrypted when the application runs.
|
100
|
+
|
101
|
+
Command line options have been added to the gem. Several are common to all Nexpose gem integrations. Call the gem with '-h' or '--help' to view these options.
|
102
|
+
|
103
|
+
### 0.1.5
|
104
|
+
Added option to allow the port of the Nexpose Console to be chosen.
|
105
|
+
Fixed an issue where devices were not correctly being quarantined.
|
106
|
+
|
107
|
+
### 0.1.4
|
108
|
+
Added option to allow the scan type to be chosen when assessing assets joining the network. (Zac Youtz)
|
@@ -1,22 +1,30 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
require 'pxnx_jruby'
|
3
|
-
require '
|
4
|
-
require 'pxnx_jruby/nx_logger'
|
3
|
+
require 'pxnx_jruby/utilities/config_parser'
|
4
|
+
require 'pxnx_jruby/utilities/nx_logger'
|
5
|
+
require 'pxnx_jruby/utilities/gem_options'
|
5
6
|
require 'pxnx_jruby/version'
|
6
7
|
|
7
8
|
begin
|
8
|
-
# Path to the pxnx Configuration file.
|
9
|
+
# Path to the pxnx Configuration file.
|
9
10
|
PXNX_CONFIG_PATH = File.join(File.dirname(__FILE__),
|
10
11
|
'../lib/pxnx_jruby/config/pxnx.config')
|
12
|
+
config_path = File.expand_path(PXNX_CONFIG_PATH)
|
13
|
+
|
14
|
+
# Setup CLI Options
|
15
|
+
GemOptions.create_parser
|
16
|
+
.with_banner_and_options('nexpose_pxgrid')
|
17
|
+
.with_configuration_encryption([config_path])
|
18
|
+
.with_help_and_version('Nexpose Cisco PxGrid', PxnxJruby::VERSION)
|
19
|
+
.parse
|
20
|
+
|
11
21
|
# Read in pxnx options from pxnx.config.
|
12
|
-
pxnx_options =
|
13
|
-
YAML.load_file(PXNX_CONFIG_PATH)
|
14
|
-
rescue ArgumentError => e
|
15
|
-
raise "Could not parse YAML #{PXNX_CONFIG_PATH} : #{e.message}"
|
16
|
-
end
|
22
|
+
pxnx_options = ConfigParser.get_config(config_path)
|
17
23
|
|
18
24
|
log = PxnxJruby::NxLogger.instance
|
19
|
-
log.setup_statistics_collection(PxnxJruby::VENDOR,
|
25
|
+
log.setup_statistics_collection(PxnxJruby::VENDOR,
|
26
|
+
PxnxJruby::PRODUCT,
|
27
|
+
PxnxJruby::VERSION)
|
20
28
|
log.setup_logging(pxnx_options[:logging_enabled],
|
21
29
|
pxnx_options[:log_level] || 'info')
|
22
30
|
|
@@ -27,7 +35,8 @@ begin
|
|
27
35
|
pxnx_options[:grid_connection] = connection
|
28
36
|
PxnxJruby::ConnectionManager.instance.setup(pxnx_options)
|
29
37
|
# Subscribes to SessionDirectoryNotification!
|
30
|
-
Java::com.cisco.pxgrid.stub.identity
|
38
|
+
Java::com.cisco.pxgrid.stub.identity
|
39
|
+
.SessionDirectoryFactory.registerNotification(connection.grid, handler)
|
31
40
|
# TODO: Exception handling.
|
32
41
|
rescue java.lang.IllegalStateException => e
|
33
42
|
puts("Error when executing pxnx! The error was <#{e.message}> and backtrace was <#{e.backtrace.join("\n")}>.")
|
@@ -0,0 +1,20 @@
|
|
1
|
+
#
|
2
|
+
# Symmetric Encryption for Ruby
|
3
|
+
#
|
4
|
+
---
|
5
|
+
production:
|
6
|
+
# Since the encryption key must NOT be stored along with the
|
7
|
+
# source code, only store the key encryption key here.
|
8
|
+
private_rsa_key:
|
9
|
+
|
10
|
+
# List Symmetric Key Ciphers in the order of current / newest first
|
11
|
+
ciphers:
|
12
|
+
-
|
13
|
+
# Name of the file containing the encrypted key and iv.
|
14
|
+
key_filename: <absolute/path/to/filename>.key
|
15
|
+
iv_filename: <absolute/path/to/filename>.iv
|
16
|
+
|
17
|
+
cipher: aes-256-cbc
|
18
|
+
encoding: base64strict
|
19
|
+
version: 1
|
20
|
+
always_add_header: true
|
@@ -25,6 +25,8 @@
|
|
25
25
|
:scan_timeout: 3600
|
26
26
|
# (M) Nexpose scan template ID to be used while creating temporary Site for scanning.
|
27
27
|
:scan_template_id: full-audit
|
28
|
+
# (M) The port Nexpose listens on. Default is 3780
|
29
|
+
:nexpose_port: 3780
|
28
30
|
# Cisco pxGrid options. Note all of these options can be set through environment variables of the same capitalised name e.g. ISE_URL instead of :ise_url
|
29
31
|
:pxg_data:
|
30
32
|
# Cisco Identity Services Engine hostname/ip.
|
@@ -39,4 +41,7 @@
|
|
39
41
|
# :keystore_password: nxadmin
|
40
42
|
# Truststore passphrase (Truststore located at pxnx/truststore.jks)
|
41
43
|
# :truststore_password: nxadmin
|
44
|
+
:encryption_options:
|
45
|
+
# (M) Path to the encryption.config file. Generally should not be modified.
|
46
|
+
:directory: '../../config/encryption.config'
|
42
47
|
|
@@ -49,7 +49,7 @@ module PxnxJruby
|
|
49
49
|
def get_option(option)
|
50
50
|
value = ENV[option.to_s.upcase]
|
51
51
|
value ||= (@options[:pxg_data] || {})[option] unless @options.nil?
|
52
|
-
@log.info(
|
52
|
+
@log.info("No configuration value found for #{option}") if value.nil?
|
53
53
|
value
|
54
54
|
end
|
55
55
|
|
@@ -1,6 +1,6 @@
|
|
1
1
|
module PxnxJruby
|
2
2
|
class NexposeConnection
|
3
|
-
|
3
|
+
require 'pxnx_jruby/utilities/nx_logger'
|
4
4
|
require 'nexpose'
|
5
5
|
require 'waitutil'
|
6
6
|
require 'java'
|
@@ -13,10 +13,12 @@ module PxnxJruby
|
|
13
13
|
|
14
14
|
def initialize(ips, options = {})
|
15
15
|
@log = LoggerFactory.getLogger(NexposeConnection.become_java!)
|
16
|
-
@nsc = Nexpose::Connection.new(options[:nexpose_data][:nxconsole],
|
16
|
+
@nsc = Nexpose::Connection.new(options[:nexpose_data][:nxconsole],
|
17
|
+
options[:nexpose_data][:nxuser],
|
18
|
+
ENV['NEXPOSE_PASSWORD'],
|
19
|
+
options[:nexpose_data][:nexpose_port])
|
17
20
|
@log.info("Connecting to nexpose console: #{options[:nexpose_data][:nxconsole]}.")
|
18
|
-
@nsc.login
|
19
|
-
PxnxJruby::NxLogger.instance.on_connect(options[:nexpose_data][:nxconsole], 3780, @nsc.session_id, "{}")
|
21
|
+
@nsc.login
|
20
22
|
@ip_list = ips
|
21
23
|
@options = options
|
22
24
|
end
|
@@ -60,9 +62,16 @@ module PxnxJruby
|
|
60
62
|
end
|
61
63
|
|
62
64
|
def self.is_valid_scan_template(options)
|
63
|
-
nsc = Nexpose::Connection.new(options[:nexpose_data][:nxconsole],
|
65
|
+
nsc = Nexpose::Connection.new(options[:nexpose_data][:nxconsole],
|
66
|
+
options[:nexpose_data][:nxuser],
|
67
|
+
ENV['NEXPOSE_PASSWORD'],
|
68
|
+
options[:nexpose_data][:nexpose_port])
|
64
69
|
nsc.login
|
70
|
+
PxnxJruby::NxLogger.instance.on_connect(options[:nexpose_data][:nxconsole],
|
71
|
+
options[:nexpose_data][:nexpose_port],
|
72
|
+
nsc.session_id,
|
73
|
+
"{}")
|
65
74
|
return nsc.list_scan_templates.select{|template_summary| template_summary.id.eql?(options[:nexpose_data][:scan_template_id])}.any?
|
66
75
|
end
|
67
76
|
end
|
68
|
-
end
|
77
|
+
end
|
@@ -0,0 +1,141 @@
|
|
1
|
+
require 'erb'
|
2
|
+
require 'yaml'
|
3
|
+
require 'fileutils'
|
4
|
+
require 'symmetric-encryption'
|
5
|
+
|
6
|
+
class ConfigParser
|
7
|
+
ENCRYPTED_FORMAT = '<%%= SymmetricEncryption.try_decrypt "%s" %%>'
|
8
|
+
PLACEHOLDER = '<absolute/path/to/filename>'
|
9
|
+
# The environment to use, defined within the encryption config
|
10
|
+
STANZA = 'production'
|
11
|
+
# The line width of the YAML file before line-wrapping occurs
|
12
|
+
WIDTH = 120
|
13
|
+
|
14
|
+
# Encrypts a configuration file and returns the unencrypted hash.
|
15
|
+
def self.get_config(config_path, enc_path=nil)
|
16
|
+
# Try to load a path from the provided config
|
17
|
+
custom_enc_path = get_enc_directory(config_path)
|
18
|
+
enc_path = custom_enc_path unless custom_enc_path.nil?
|
19
|
+
|
20
|
+
enc_path = File.expand_path(enc_path, __FILE__)
|
21
|
+
config_path = File.expand_path(config_path)
|
22
|
+
|
23
|
+
|
24
|
+
generate_keys(enc_path, config_path)
|
25
|
+
encrypt_config(enc_path, config_path)
|
26
|
+
decrypt_config(enc_path, config_path)
|
27
|
+
end
|
28
|
+
|
29
|
+
# Writes the YAML to file with custom formatting options
|
30
|
+
def self.save_config(config_details, config_path)
|
31
|
+
yaml = config_details.to_yaml(line_width: WIDTH)
|
32
|
+
File.open(config_path, 'w') {|f| f.write yaml }
|
33
|
+
end
|
34
|
+
|
35
|
+
def self.encrypt_field(value)
|
36
|
+
encrypted_value = SymmetricEncryption.encrypt value
|
37
|
+
ENCRYPTED_FORMAT % encrypted_value
|
38
|
+
end
|
39
|
+
|
40
|
+
# Retrieves the custom directory of the encryption config
|
41
|
+
def self.get_enc_directory(config_path)
|
42
|
+
settings = YAML.load_file(config_path)
|
43
|
+
return nil if settings[:encryption_options].nil?
|
44
|
+
|
45
|
+
enc_dir = settings[:encryption_options][:directory]
|
46
|
+
return nil if (enc_dir.nil? || enc_dir == '')
|
47
|
+
|
48
|
+
File.expand_path(enc_dir, __FILE__)
|
49
|
+
end
|
50
|
+
|
51
|
+
# Generates the RSA key, associated files and directories.
|
52
|
+
def self.generate_keys(enc_path, config_path)
|
53
|
+
settings = YAML.load_file(enc_path)
|
54
|
+
key = settings[STANZA]['private_rsa_key']
|
55
|
+
|
56
|
+
# Recognise an existing key
|
57
|
+
return unless (key.nil? || key == '')
|
58
|
+
|
59
|
+
# Generate a new RSA key and store the details
|
60
|
+
new_rsa_key = SymmetricEncryption::KeyEncryptionKey.generate
|
61
|
+
settings[STANZA]['private_rsa_key'] = new_rsa_key
|
62
|
+
save_config(settings, enc_path)
|
63
|
+
|
64
|
+
# Populate the placeholder values within the config
|
65
|
+
populate_ciphers(enc_path, config_path)
|
66
|
+
|
67
|
+
# Need to create a folder (specified by the user) to store the key files
|
68
|
+
dir = File.dirname(settings[STANZA]['ciphers'].first['key_filename'])
|
69
|
+
|
70
|
+
begin
|
71
|
+
unless File.directory?(dir) || PLACEHOLDER.include?(dir)
|
72
|
+
puts "Creating folder: #{dir}"
|
73
|
+
FileUtils::mkdir_p dir
|
74
|
+
end
|
75
|
+
rescue Exception => e
|
76
|
+
msg = "Unable to create the folders used to store encryption details.\n"\
|
77
|
+
'Please ensure the user has permissions to create folders in the ' \
|
78
|
+
"path specified in the encryption config: #{enc_path}\n"
|
79
|
+
handle_error(msg, e)
|
80
|
+
end
|
81
|
+
|
82
|
+
SymmetricEncryption.generate_symmetric_key_files(enc_path, STANZA)
|
83
|
+
end
|
84
|
+
|
85
|
+
# Replace placeholder values for the key and iv file paths,
|
86
|
+
# placing them in the config folder by default.
|
87
|
+
def self.populate_ciphers(enc_path, config_path)
|
88
|
+
settings = YAML.load_file(enc_path)
|
89
|
+
ciphers = settings[STANZA]['ciphers'].first
|
90
|
+
config_folder = File.dirname(config_path)
|
91
|
+
config_name = File.basename(config_path, File.extname(config_path))
|
92
|
+
|
93
|
+
%w(key iv).each do |file|
|
94
|
+
label = "#{file}_filename"
|
95
|
+
file_path = ciphers[label]
|
96
|
+
next unless file_path.include? PLACEHOLDER
|
97
|
+
|
98
|
+
filename = ".#{config_name}.#{file}"
|
99
|
+
ciphers[label] = File.join(config_folder, filename)
|
100
|
+
end
|
101
|
+
|
102
|
+
save_config(settings, enc_path)
|
103
|
+
end
|
104
|
+
|
105
|
+
def self.encrypt_config(enc_path, config_path)
|
106
|
+
SymmetricEncryption.load!(enc_path, STANZA)
|
107
|
+
|
108
|
+
# Read the config in as an array of strings
|
109
|
+
f = File.open(config_path)
|
110
|
+
config_lines = f.readlines
|
111
|
+
f.close
|
112
|
+
|
113
|
+
# Define the regex that can find relevant fields
|
114
|
+
regex = /^(?<label>\s*:?\w*(passw|pwd|user|usr)\w*:?\s)(?<value>.*)$/
|
115
|
+
|
116
|
+
# Line by line, write the line to file, encrypting sensitive fields
|
117
|
+
File.open(config_path, 'w+') do |f|
|
118
|
+
config_lines.each do |l|
|
119
|
+
matches = l.match(regex)
|
120
|
+
|
121
|
+
# Encrypt fields with username/password labels that are in plaintext
|
122
|
+
unless matches.nil? || matches['value'].include?('SymmetricEncryption')
|
123
|
+
l = "#{matches['label']}#{encrypt_field(matches['value'])}"
|
124
|
+
end
|
125
|
+
|
126
|
+
f.puts l
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
130
|
+
|
131
|
+
# Returns a hash containing the decrypted details from a config file.
|
132
|
+
def self.decrypt_config(enc_path, config_path)
|
133
|
+
SymmetricEncryption.load!(enc_path, STANZA)
|
134
|
+
return YAML.load(ERB.new(File.new(config_path).read).result)
|
135
|
+
end
|
136
|
+
|
137
|
+
def self.handle_error(message, error)
|
138
|
+
puts message
|
139
|
+
raise error
|
140
|
+
end
|
141
|
+
end
|
@@ -0,0 +1,91 @@
|
|
1
|
+
require 'optparse'
|
2
|
+
|
3
|
+
class GemOptions
|
4
|
+
|
5
|
+
@parser
|
6
|
+
|
7
|
+
def self.create_parser
|
8
|
+
@parser = OptionParser.new
|
9
|
+
self
|
10
|
+
end
|
11
|
+
|
12
|
+
# How the gem is used e.g 'nexpose ticketing jira [options]'
|
13
|
+
def self.with_banner(gem_usage_string)
|
14
|
+
@parser.banner = "Usage: #{gem_usage_string} [options]"
|
15
|
+
@parser.separator ''
|
16
|
+
self
|
17
|
+
end
|
18
|
+
|
19
|
+
# Header for options list
|
20
|
+
def self.with_options
|
21
|
+
@parser.separator 'Options:'
|
22
|
+
self
|
23
|
+
end
|
24
|
+
|
25
|
+
# Creates banner and options
|
26
|
+
def self.with_banner_and_options(gem_usage_string)
|
27
|
+
with_banner(gem_usage_string)
|
28
|
+
with_options
|
29
|
+
self
|
30
|
+
end
|
31
|
+
|
32
|
+
# For setting encryption switch. Can be set to work with two configurations
|
33
|
+
# Config_paths is an array
|
34
|
+
def self.with_configuration_encryption(config_paths, enc_path = nil)
|
35
|
+
@parser.on('-e',
|
36
|
+
'--encrypt_config',
|
37
|
+
'Encrypt the configuration file(s) without running the gem') do |e|
|
38
|
+
ConfigParser.get_config(config_paths.first, enc_path) unless enc_path.nil?
|
39
|
+
ConfigParser.get_config(config_paths.last)
|
40
|
+
puts "\nConfiguration File(s) Encrypted"
|
41
|
+
exit
|
42
|
+
end
|
43
|
+
self
|
44
|
+
end
|
45
|
+
|
46
|
+
def self.with_help
|
47
|
+
@parser.on_tail('-h', '--help', 'Show this message') do |h|
|
48
|
+
puts @parser
|
49
|
+
exit
|
50
|
+
end
|
51
|
+
self
|
52
|
+
end
|
53
|
+
|
54
|
+
def self.with_version(gem, version)
|
55
|
+
@parser.on_tail('--version', 'Version Information') do |v|
|
56
|
+
puts "#{gem} #{version}"
|
57
|
+
exit
|
58
|
+
end
|
59
|
+
self
|
60
|
+
end
|
61
|
+
|
62
|
+
def self.with_help_and_version(gem, version)
|
63
|
+
with_help
|
64
|
+
with_version(gem, version)
|
65
|
+
self
|
66
|
+
end
|
67
|
+
|
68
|
+
# Method to allow integrations to create own options, with both short and long
|
69
|
+
# switches and description.
|
70
|
+
# Handler is the block to run when option is called.
|
71
|
+
def self.with_other_option(short_switch, long_switch, description, &handler)
|
72
|
+
@parser.on("-#{short_switch}", "--#{long_switch}", description) do |opt|
|
73
|
+
handler.call
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
# Method to allow integrations to create own options, with only one size of
|
78
|
+
# switch and description.
|
79
|
+
# '-' for short switches and '--' for long switches is required.
|
80
|
+
# Handler is the block to run when option is called.
|
81
|
+
def self.with_single_switch_option(identifier, switch, description, &handler)
|
82
|
+
@parser.on("#{identifier}#{switch}", description) do |opt|
|
83
|
+
handler.call
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
# Parses the options to make them available
|
88
|
+
def self.parse
|
89
|
+
@parser.parse!
|
90
|
+
end
|
91
|
+
end
|
File without changes
|
data/lib/pxnx_jruby/version.rb
CHANGED
metadata
CHANGED
@@ -1,47 +1,46 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nexpose_pxgrid
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.6
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Damian Finol
|
8
8
|
- JJ Cassidy
|
9
9
|
- Gary Robinson
|
10
|
-
autorequire:
|
10
|
+
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2017-
|
13
|
+
date: 2017-06-01 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
|
-
name: bundler
|
17
16
|
requirement: !ruby/object:Gem::Requirement
|
18
17
|
requirements:
|
19
18
|
- - "~>"
|
20
19
|
- !ruby/object:Gem::Version
|
21
20
|
version: '1.10'
|
22
|
-
|
21
|
+
name: bundler
|
23
22
|
prerelease: false
|
23
|
+
type: :development
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
25
25
|
requirements:
|
26
26
|
- - "~>"
|
27
27
|
- !ruby/object:Gem::Version
|
28
28
|
version: '1.10'
|
29
29
|
- !ruby/object:Gem::Dependency
|
30
|
-
name: rake
|
31
30
|
requirement: !ruby/object:Gem::Requirement
|
32
31
|
requirements:
|
33
32
|
- - "~>"
|
34
33
|
- !ruby/object:Gem::Version
|
35
34
|
version: '10.0'
|
36
|
-
|
35
|
+
name: rake
|
37
36
|
prerelease: false
|
37
|
+
type: :development
|
38
38
|
version_requirements: !ruby/object:Gem::Requirement
|
39
39
|
requirements:
|
40
40
|
- - "~>"
|
41
41
|
- !ruby/object:Gem::Version
|
42
42
|
version: '10.0'
|
43
43
|
- !ruby/object:Gem::Dependency
|
44
|
-
name: rspec
|
45
44
|
requirement: !ruby/object:Gem::Requirement
|
46
45
|
requirements:
|
47
46
|
- - "~>"
|
@@ -50,8 +49,9 @@ dependencies:
|
|
50
49
|
- - ">="
|
51
50
|
- !ruby/object:Gem::Version
|
52
51
|
version: 3.2.0
|
53
|
-
|
52
|
+
name: rspec
|
54
53
|
prerelease: false
|
54
|
+
type: :development
|
55
55
|
version_requirements: !ruby/object:Gem::Requirement
|
56
56
|
requirements:
|
57
57
|
- - "~>"
|
@@ -61,79 +61,95 @@ dependencies:
|
|
61
61
|
- !ruby/object:Gem::Version
|
62
62
|
version: 3.2.0
|
63
63
|
- !ruby/object:Gem::Dependency
|
64
|
-
name: nexpose
|
65
64
|
requirement: !ruby/object:Gem::Requirement
|
66
65
|
requirements:
|
67
66
|
- - "~>"
|
68
67
|
- !ruby/object:Gem::Version
|
69
68
|
version: 0.9.0
|
70
|
-
|
69
|
+
name: nexpose
|
71
70
|
prerelease: false
|
71
|
+
type: :runtime
|
72
72
|
version_requirements: !ruby/object:Gem::Requirement
|
73
73
|
requirements:
|
74
74
|
- - "~>"
|
75
75
|
- !ruby/object:Gem::Version
|
76
76
|
version: 0.9.0
|
77
77
|
- !ruby/object:Gem::Dependency
|
78
|
-
name: rufus-scheduler
|
79
78
|
requirement: !ruby/object:Gem::Requirement
|
80
79
|
requirements:
|
81
80
|
- - "~>"
|
82
81
|
- !ruby/object:Gem::Version
|
83
82
|
version: '3.1'
|
84
|
-
|
83
|
+
name: rufus-scheduler
|
85
84
|
prerelease: false
|
85
|
+
type: :runtime
|
86
86
|
version_requirements: !ruby/object:Gem::Requirement
|
87
87
|
requirements:
|
88
88
|
- - "~>"
|
89
89
|
- !ruby/object:Gem::Version
|
90
90
|
version: '3.1'
|
91
91
|
- !ruby/object:Gem::Dependency
|
92
|
-
name: thread_safe
|
93
92
|
requirement: !ruby/object:Gem::Requirement
|
94
93
|
requirements:
|
95
94
|
- - "~>"
|
96
95
|
- !ruby/object:Gem::Version
|
97
96
|
version: '0.3'
|
98
|
-
|
97
|
+
name: thread_safe
|
99
98
|
prerelease: false
|
99
|
+
type: :runtime
|
100
100
|
version_requirements: !ruby/object:Gem::Requirement
|
101
101
|
requirements:
|
102
102
|
- - "~>"
|
103
103
|
- !ruby/object:Gem::Version
|
104
104
|
version: '0.3'
|
105
105
|
- !ruby/object:Gem::Dependency
|
106
|
-
name: waitutil
|
107
106
|
requirement: !ruby/object:Gem::Requirement
|
108
107
|
requirements:
|
109
108
|
- - "~>"
|
110
109
|
- !ruby/object:Gem::Version
|
111
110
|
version: '0.2'
|
112
|
-
|
111
|
+
name: waitutil
|
113
112
|
prerelease: false
|
113
|
+
type: :runtime
|
114
114
|
version_requirements: !ruby/object:Gem::Requirement
|
115
115
|
requirements:
|
116
116
|
- - "~>"
|
117
117
|
- !ruby/object:Gem::Version
|
118
118
|
version: '0.2'
|
119
|
-
|
120
|
-
|
119
|
+
- !ruby/object:Gem::Dependency
|
120
|
+
requirement: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '3.9'
|
125
|
+
- - ">="
|
126
|
+
- !ruby/object:Gem::Version
|
127
|
+
version: 3.9.0
|
128
|
+
name: symmetric-encryption
|
129
|
+
prerelease: false
|
130
|
+
type: :runtime
|
131
|
+
version_requirements: !ruby/object:Gem::Requirement
|
132
|
+
requirements:
|
133
|
+
- - "~>"
|
134
|
+
- !ruby/object:Gem::Version
|
135
|
+
version: '3.9'
|
136
|
+
- - ">="
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: 3.9.0
|
139
|
+
description: This JRuby Gem allows Nexpose to scan IPs detected by Cisco pxGrid and apply quarantines.
|
121
140
|
email:
|
122
141
|
- integrations@rapid7.com
|
123
142
|
executables: []
|
124
143
|
extensions: []
|
125
144
|
extra_rdoc_files: []
|
126
145
|
files:
|
127
|
-
- ".gitignore"
|
128
|
-
- ".travis.yml"
|
129
146
|
- Gemfile
|
130
147
|
- LICENCE.APACHE
|
131
148
|
- LICENSE.MIT
|
132
149
|
- README.md
|
133
150
|
- RadiusSimulator.jar
|
134
|
-
- Rakefile
|
135
151
|
- bin/logback.xml
|
136
|
-
- bin/
|
152
|
+
- bin/nexpose_pxgrid
|
137
153
|
- bin/pxnx_daemon.rb
|
138
154
|
- keystore.jks
|
139
155
|
- lib/java_libs/FastInfoset-1.2.12.jar
|
@@ -178,25 +194,27 @@ files:
|
|
178
194
|
- lib/java_libs/wsdl4j-1.6.2.jar
|
179
195
|
- lib/java_libs/xmlschema-core-2.0.3.jar
|
180
196
|
- lib/pxnx_jruby.rb
|
197
|
+
- lib/pxnx_jruby/config/encryption.config
|
181
198
|
- lib/pxnx_jruby/config/pxnx.config
|
182
199
|
- lib/pxnx_jruby/connection.rb
|
183
200
|
- lib/pxnx_jruby/connection_manager.rb
|
184
201
|
- lib/pxnx_jruby/eps_broker.rb
|
185
202
|
- lib/pxnx_jruby/nexpose_connection.rb
|
186
|
-
- lib/pxnx_jruby/nx_logger.rb
|
187
203
|
- lib/pxnx_jruby/session_directory_notification.rb
|
188
204
|
- lib/pxnx_jruby/spoon/README
|
189
205
|
- lib/pxnx_jruby/spoon/pxnx_daemon_unix.rb
|
190
206
|
- lib/pxnx_jruby/spoon/pxnx_daemon_windows.rb
|
191
207
|
- lib/pxnx_jruby/spoon/pxnx_runner.rb
|
208
|
+
- lib/pxnx_jruby/utilities/config_parser.rb
|
209
|
+
- lib/pxnx_jruby/utilities/gem_options.rb
|
210
|
+
- lib/pxnx_jruby/utilities/nx_logger.rb
|
192
211
|
- lib/pxnx_jruby/version.rb
|
193
|
-
- pxnx.gemspec
|
194
212
|
- truststore.jks
|
195
213
|
homepage: http://www.rapid7.com
|
196
214
|
licenses:
|
197
215
|
- MIT
|
198
216
|
metadata: {}
|
199
|
-
post_install_message:
|
217
|
+
post_install_message:
|
200
218
|
rdoc_options: []
|
201
219
|
require_paths:
|
202
220
|
- lib
|
@@ -211,9 +229,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
211
229
|
- !ruby/object:Gem::Version
|
212
230
|
version: '0'
|
213
231
|
requirements: []
|
214
|
-
rubyforge_project:
|
215
|
-
rubygems_version: 2.
|
216
|
-
signing_key:
|
232
|
+
rubyforge_project:
|
233
|
+
rubygems_version: 2.4.8
|
234
|
+
signing_key:
|
217
235
|
specification_version: 4
|
218
236
|
summary: Nexpose - pxGrid Node implementation.
|
219
237
|
test_files: []
|
data/.gitignore
DELETED
data/.travis.yml
DELETED
data/Rakefile
DELETED
@@ -1,31 +0,0 @@
|
|
1
|
-
#require "bundler/gem_tasks"
|
2
|
-
require 'rake'
|
3
|
-
require 'ipaddr'
|
4
|
-
require 'bundler'
|
5
|
-
require 'pxnx_jruby'
|
6
|
-
|
7
|
-
namespace :pxnx do
|
8
|
-
task :default => :simulate
|
9
|
-
# TODO. (!) Read the parameters from arg/config/env/etc.
|
10
|
-
desc 'Authenticate and connect through Radius'
|
11
|
-
task :simulate, [:ip] => [:authenticate, :connect] do |t, args|
|
12
|
-
puts 'Sent Radius packets. Check log file.'
|
13
|
-
end
|
14
|
-
|
15
|
-
desc 'Authenticate to Radius'
|
16
|
-
task :authenticate, :ip do |t, args|
|
17
|
-
args.with_defaults(ip: PxnxJruby.random_ip)
|
18
|
-
@ip = args[:ip]
|
19
|
-
sh "java -cp #{File.expand_path File.dirname(__FILE__)}/RadiusSimulator.jar -DUSERNAME=dfinol -DPASSWORD=Nexpose4lyfe -DCALLING_STATION_ID=11:22:33:44:55:66 -DAUDIT_SESSION_ID=1001 -DFRAMED_IP_ADDRESS=#{@ip} -DRADIUS_SECRET=nxadmin -DFRAMED_IP_MASK=255.255.255.255 RadiusAuthentication 10.4.91.100"
|
20
|
-
end
|
21
|
-
|
22
|
-
desc 'Start accounting'
|
23
|
-
task :connect, :ip do |t, args|
|
24
|
-
sh "java -cp #{File.expand_path File.dirname(__FILE__)}/RadiusSimulator.jar -DUSERNAME=dfinol -DPASSWORD=Nexpose4lyfe -DCALLING_STATION_ID=11:22:33:44:55:66 -DAUDIT_SESSION_ID=1001 -DFRAMED_IP_ADDRESS=#{@ip} -DRADIUS_SECRET=nxadmin -DFRAMED_IP_MASK=255.255.255.255 RadiusAccountingStart 10.4.91.100"
|
25
|
-
end
|
26
|
-
|
27
|
-
desc 'Stop accounting'
|
28
|
-
task :stop, :ip do |t, args|
|
29
|
-
sh "java -cp #{File.expand_path File.dirname(__FILE__)}/RadiusSimulator.jar -DUSERNAME=dfinol -DPASSWORD=Nexpose4lyfe -DCALLING_STATION_ID=11:22:33:44:55:66 -DAUDIT_SESSION_ID=1001 -DFRAMED_IP_ADDRESS=#{@ip} -DRADIUS_SECRET=nxadmin -DFRAMED_IP_MASK=255.255.255.255 RadiusAccountingStop 10.4.91.100"
|
30
|
-
end
|
31
|
-
end
|
data/pxnx.gemspec
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
# coding: utf-8
|
2
|
-
lib = File.expand_path('../lib', __FILE__)
|
3
|
-
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
-
require 'pxnx_jruby/version'
|
5
|
-
|
6
|
-
Gem::Specification.new do |spec|
|
7
|
-
spec.name = 'nexpose_pxgrid'
|
8
|
-
spec.version = PxnxJruby::VERSION
|
9
|
-
spec.authors = ['Damian Finol', 'JJ Cassidy', 'Gary Robinson']
|
10
|
-
spec.email = ['integrations@rapid7.com']
|
11
|
-
spec.summary = %q{Nexpose - pxGrid Node implementation.}
|
12
|
-
spec.description = %q{This JRuby Gem allows Nexpose to scan IPs detected by Cisco pxGrid and apply quarantines.}
|
13
|
-
spec.homepage = 'http://www.rapid7.com'
|
14
|
-
spec.license = 'MIT'
|
15
|
-
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features|logs|releases)/}) }
|
16
|
-
spec.bindir = 'bin'
|
17
|
-
spec.platform = 'java'
|
18
|
-
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
19
|
-
spec.require_paths = ['lib']
|
20
|
-
spec.add_development_dependency 'bundler', '~> 1.10'
|
21
|
-
spec.add_development_dependency 'rake', '~> 10.0'
|
22
|
-
spec.add_development_dependency 'rspec', '~> 3.2', '>= 3.2.0'
|
23
|
-
# Can't use >= 1.0 because JRuby is not compatible with Ruby >= 2.
|
24
|
-
spec.add_runtime_dependency 'nexpose', '~>0.9.0'
|
25
|
-
spec.add_runtime_dependency 'rufus-scheduler', '~>3.1'
|
26
|
-
spec.add_runtime_dependency 'thread_safe', '~>0.3'
|
27
|
-
spec.add_runtime_dependency 'waitutil', '~>0.2'
|
28
|
-
end
|