nexpose_sccm 0.4.0

data/lib/nexpose_sccm/collection.rb

@@ -0,0 +1,42 @@
+module NexposeSCCM
+  class Collection
+    attr_reader :name, :collection_id, :member_count
+    attr_accessor :current_members, :members
+
+    def initialize(name, collection_id=nil, member_count=0)
+      @name = name
+      @collection_id = collection_id
+      @member_count = member_count
+      @current_members = Set.new
+      @members = Set.new
+    end
+
+    def save(conn)
+      if @collection_id.nil?
+        NexposeSCCM.logger.info("Creating collection #{@name} prior to populating")
+        Powershell.run(conn.conn, :create_collection, conn.location, @name)
+
+        @collection_id = conn.get_collection_id_by_name(@name)
+      end
+
+      #Devices to be added
+      NexposeSCCM.logger.debug("Adding #{(@members - @current_members).length} devices to #{@name} collection")
+      (@members - @current_members).each do |member|
+        Powershell.run(conn.conn,
+                       :add_device_to_collection,
+                       conn.location,
+                       @collection_id,
+                       member.resource_id)
+      end
+      #Devices to be removed
+      NexposeSCCM.logger.debug("Removing #{(@current_members - @members).length} devices from #{@name} collection")
+      (@current_members - @members).each do |member|
+        Powershell.run(conn.conn,
+                       :remove_device_from_collection,
+                       conn.location,
+                       @collection_id,
+                       member.resource_id)
+      end
+    end
+  end
+end

data/lib/nexpose_sccm/connection.rb

@@ -0,0 +1,165 @@
+require 'winrm'
+require_relative 'collection'
+require_relative 'device'
+require_relative 'powershell'
+require_relative 'software_update_group'
+require_relative 'wql'
+
+module NexposeSCCM
+  # Connection object to interact with SCCM and SCCM utilities
+  #
+  # * *Args*    :
+  #   - +protocol+ -  A String identifying HTTP or HTTPS for the SCCM web service
+  #   - +host+ - A String identifying the target host SCCM is running on
+  #   - +port+ - A String identifying port for the SCCM web service
+  #   - +path+ - A String identifying the URL path for the SCCM web service
+  #   - +location+ - A String identifying the SCCM location for running PS commands on filesystem
+  #   - +user+ -  A String identifying username for the SCCM web service
+  #   - +pass+ - A String identifying the password for the SCCM web service
+  #   - +namespace+ - A String identifying the namespace for the SCCM server
+  #   - +staging+ - A String identifying the directory to keep downloaded content updates for SCCM
+  #
+  class Connection
+    attr_reader :conn, :host, :namespace, :location, :staging
+
+    def initialize(protocol='http', host='localhost', port=5985, path='wsman', location=nil, user=nil, pass=nil,
+                   namespace=nil, staging=nil, no_ssl_peer_verification=false, ssl_peer_fingerprint=nil)
+      @endpoint = "#{protocol}://#{host}:#{port}/#{path}"
+      @user = user
+      @password = pass
+      @namespace = namespace
+      @host = host
+      @location = location
+      @staging = staging.nil? ? nil : staging.chomp("\\")
+      @no_ssl_peer_verification = no_ssl_peer_verification
+      @ssl_peer_fingerprint = ssl_peer_fingerprint
+    end
+
+    def login
+      NexposeSCCM.logger.info("Logging into SCCM via WINRM: #{@endpoint}")
+      @conn = WinRM::Connection.new(endpoint: @endpoint,
+                                    user: @user,
+                                    password: @password,
+                                    no_ssl_peer_verification: @no_ssl_peer_verification,
+                                    ssl_peer_fingerprint: @ssl_peer_fingerprint)
+      #get_info
+    end
+
+    def get_info
+      begin
+        results = Powershell.run(@conn, :get_sccm_info)
+        info_match = ['Version','Full Version','CU Level']
+        results.each do |result|
+          if info_match.any?{|word| result.include?(word)}
+            NexposeSCCM.logger.info("SCCM #{result.strip.gsub(/\s+/, ' ')}")
+          end
+        end
+      rescue Exception=>e
+        NexposeSCCM.logger.error("Unable to retrieve SCCM version details: #{e}")
+      end
+    end
+
+    def get_ci_id(ldn)
+      NexposeSCCM.logger.debug("Getting CI IDs for solution: #{ldn}")
+      ci_ids = []
+      results = Wql.run(@conn, @namespace, :get_ci_ids, ldn)
+      results.each do |r|
+        ci_ids.push(r[:ci_id]) unless ci_ids.include?(r[:ci_id])
+      end
+      ci_ids
+    end
+
+    def get_software_update_groups
+      NexposeSCCM.logger.debug('Getting names and CI IDs for all Rapid7 Software Update Groups')
+      groups = []
+      results = Wql.run(@conn, @namespace, :get_sups)
+      results = results.map {|r| {:ci_id => r[:ci_id], :name => r[:localized_display_name], :description => r[:localized_description]}}
+      results.each do |r|
+        sup = SoftwareUpdateGroup.new(r[:name], r[:description], nil, r[:ci_id])
+        groups.push(sup)
+      end
+      groups
+    end
+
+    def get_collection_id_by_name(collection_name)
+      results = Wql.run(@conn, @namespace, :get_collection_by_name, collection_name)
+
+      collection_id = nil
+      results.each do |result|
+        collection_id = result[:collection_id]
+      end
+      collection_id
+    end
+
+    def get_collections(sccm_devices)
+      NexposeSCCM.logger.debug('Getting name of collections for all existing Rapid7 Collections')
+      collections = []
+      results = Wql.run(@conn, @namespace, :get_collections)
+      results.each do |result|
+        NexposeSCCM.logger.debug("Getting device membership for #{result[:name]} collection")
+        collection = Collection.new(result[:name],result[:collection_id],result[:member_count])
+
+        collection.current_members = get_collection_devices(collection.collection_id,sccm_devices)
+
+        collections << collection
+      end
+      collections
+    end
+
+    def get_collection_devices(collection_id, sccm_devices)
+      NexposeSCCM.logger.debug("Getting devices for collection ID: #{collection_id}")
+      devices = Set.new
+      members = Wql.run(@conn, @namespace, :get_collection_members, collection_id)
+      members.each do |member|
+        device = sccm_devices.select{|device| device.resource_id.eql?(member[:resource_id])}.first
+        devices.add(device) unless device.nil?
+      end
+      devices
+    end
+
+    def get_devices
+      NexposeSCCM.logger.debug('Getting devices known to SCCM with details')
+      devices = []
+      members = Wql.run(@conn, @namespace, :get_devices)
+      members.each do |member|
+        if member[:ip_addresses].is_a?(Nori::StringWithAttributes)
+          ips = [member[:ip_addresses]]
+        else
+          ips = member[:ip_addresses]
+        end
+        device = Device.new(ips,member[:netbios_name],member[:resource_id])
+        devices << device
+      end
+      devices
+    end
+
+    def get_deployment_package(name)
+      Wql.run(@conn, @namespace, :get_deployment_package, name)
+    end
+
+    def download_patches(sup_name, ci_ids)
+      NexposeSCCM.logger.info("Downloading Software Update Patches for Deployment Packages.")
+      contentIds = []
+      ## Need to get ContentID using ci_id
+      ci_ids.each do |c|
+        results = Wql.run(@conn, @namespace, :ci_to_contentid, c)
+        results.each do |r|
+          contentIds.push(r[:content_id]) unless contentIds.include?(r[:content_id])
+        end
+      end
+      ## Need to get content info using ContentId
+      contentIds.each do |c|
+        NexposeSCCM.logger.debug("Working on Content Update: #{c}")
+        results = Wql.run(@conn, @namespace, :get_update_url, c)
+        results.each do |r|
+          res = Powershell.run(@conn, :download_content, r[:source_url], "#{@staging}\\#{sup_name}", c, r[:file_name])
+          if res
+            NexposeSCCM.logger.debug("Successfully downloaded content update: #{c}")
+          else
+            NexposeSCCM.logger.error("There was an error downloading content update: #{c}")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/nexpose_sccm/data_source.rb

@@ -0,0 +1,67 @@
+module NexposeSCCM
+  module DataSource
+    # Connection object to interact with SCCM and SCCM utilities
+    #
+    # * *Args*    :
+    #   - +data_source+ -  A String identifying 'nsc' or 'dwh' for the source of Nexpose data
+    #   - +pg+ - A Hash identifying the Postgres connection settings
+    #   - +nx+ - A Hash identifying the Nexpose connection settings
+    #
+    class Connection
+      def initialize(data_source='nsc', pg=nil, nx=nil)
+        connection_type = data_source
+
+        if connection_type.casecmp('dwh') == 0
+          @connection_type = :dwh
+          unless pg.nil?
+            require_relative 'helpers/pg_helper'
+            @conn = Helpers::PGHelper::Connection.new(pg)
+          end
+        else
+          @connection_type = :nsc
+          unless nx.nil?
+            require_relative 'helpers/nexpose_helper'
+            @conn = Helpers::NexposeHelper::Connection.new(nx)
+          end
+        end
+      end
+
+      def fetch_data(query)
+        res = @conn.get_data(query)
+        Data.new(res, @connection_type)
+      end
+    end
+
+    # Universal Data object to send back to client and makes the data source transparent
+    #
+    # * *Args*    :
+    #   - +data+ -  A resultset, either using the pg_helper or nexpose_helper
+    #   - +connection_type+ - A symbol representing whether to use postgres or nexpose
+    #
+    class Data
+      def initialize(data, connection_type)
+        @data = data
+        @connection_type = connection_type
+      end
+
+      def each
+        @data.each do |p|
+          sym_p = p.inject({}){|res,(k,v)| res[k.to_sym] = v; res}
+          yield sym_p
+        end
+      end
+
+      def length
+        case @connection_type
+          when :dwh
+            @data.cmd_tuples
+          when :nsc
+            @data.length
+          else
+            NexposeSCCM.logger.error("An invalid connection type made it's way in here, exiting...")
+            exit 1
+        end
+      end
+    end
+  end
+end

data/lib/nexpose_sccm/deployment_package.rb

@@ -0,0 +1,37 @@
+module NexposeSCCM
+  class DeploymentPackage
+    attr_reader :name, :sug_name, :path
+    attr_accessor :id, :collection_name
+
+    def initialize(name,sug_name,path,id=nil,collection_name=nil,deployment_type='Available')
+      @name = name
+      @id = id
+      @sug_name = sug_name
+      @path = path
+      @collection_name = collection_name
+      @deployment_type = deployment_type
+    end
+
+    def save(conn)
+      NexposeSCCM.logger.info("Created Deployment Package: #{@name}")
+      NexposeSCCM.logger.debug("Deployment package has path [#{@path}]")
+      Powershell.run(conn.conn,
+                     :create_deployment_package,
+                     conn.namespace,
+                     conn.host,
+                     @name,
+                     @name,
+                     @path)
+    end
+
+    def download_updates(conn)
+      NexposeSCCM.logger.debug("Downloading updates for #{sug_name}")
+      Powershell.run(conn.conn,
+                     :download_software_updates,
+                     conn.location,
+                     @name,
+                     @sug_name,
+                     @path)
+    end
+  end
+end

data/lib/nexpose_sccm/device.rb

@@ -0,0 +1,11 @@
+class Device
+  attr_accessor :remediation_items
+  attr_reader :ip_address, :host_name, :resource_id
+
+  def initialize(ip_address, host_name, resource_id)
+    @ip_address = ip_address
+    @host_name = host_name
+    @resource_id = resource_id
+    @remediation_items = Set.new
+  end
+end

data/lib/nexpose_sccm/helpers/nexpose_helper.rb

@@ -0,0 +1,65 @@
+require 'nexpose'
+require 'csv'
+
+module NexposeSCCM
+  module DataSource
+    module Helpers
+      module NexposeHelper
+        class Connection
+          def initialize(settings)
+            nexpose_ip = settings[:host]
+            nexpose_un = settings[:user]
+            nexpose_pw = settings[:pass]
+            nexpose_pt = settings[:port]
+            nexpose_silo = settings[:silo]
+            nexpose_timeout = settings[:timeout]
+            @nexpose_query_timeout = settings[:query_timeout]
+
+            ## New Nexpose Connection -> Requirements are Device IP, Username, Password, Port with optional Silo ID
+            @nsc = Nexpose::Connection.new(nexpose_ip, nexpose_un, nexpose_pw, nexpose_pt, nexpose_silo)
+            login(nexpose_timeout)
+            register_metrics(nexpose_ip, nexpose_pt, {})
+          end
+
+          def login(timeout=120)
+            @nsc.login
+
+            # Check for a valid session.
+            unless @nsc.session_id
+              NexposeSCCM.logger.error("Login Failed")
+              exit 1
+            end
+
+            at_exit do
+              NexposeSCCM.logger.debug("Logging out")
+              @nsc.logout if @nsc.session_id
+            end
+
+            ## Set the http read timeout.
+            NexposeSCCM.logger.info("Setting the web session timeout to #{timeout}")
+            @nsc.timeout = timeout.to_i
+          end
+
+          def get_data(query)
+            report_config = Nexpose::AdhocReportConfig.new(nil, 'sql')
+            report_config.add_filter('version', '2.3.0')
+            report_config.add_filter('query', query)
+
+            NexposeSCCM.logger.info("Running SQL report for a list of windows vulnerabilities.")
+            report_output = report_config.generate(@nsc, @nexpose_query_timeout)
+
+            CSV.parse(report_output.chomp, {:headers => :first_row})
+          end
+
+          def register_metrics(hostname, port, payload)
+            NexposeSCCM.logger.debug("Sending_Stats")
+            NexposeSCCM.logger.on_connect(hostname,
+                                          port,
+                                          @nsc.session_id,
+                                          payload)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/nexpose_sccm/helpers/pg_helper.rb

@@ -0,0 +1,26 @@
+require 'pg'
+
+module NexposeSCCM
+  module DataSource
+    module Helpers
+      module PGHelper
+        class Connection
+          def initialize(settings)
+            host = settings[:host]
+            port = settings[:port]
+            user = settings[:user]
+            pass = settings[:pass]
+            db = settings[:db]
+            sslmode = settings[:sslmode]
+
+            @conn = PG::Connection.open(:host => host, :dbname => db, :port => port, :user => user, :password => pass, :sslmode => sslmode)
+          end
+
+          def get_data(query)
+            @conn.exec(query)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/nexpose_sccm/powershell.rb

@@ -0,0 +1,111 @@
+require 'winrm'
+
+module NexposeSCCM
+  module Powershell
+
+    @cmds = {
+        :get_sccm_info => <<~COMMAND,
+            Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\SMS\\Setup
+        COMMAND
+        :download_content => <<~COMMAND,
+            $url = "%s"
+            $content = "%s\\%s"
+            If(!(test-path $content))
+            {
+              New-Item -ItemType Directory -Force -Path $content
+              $output = "$content\\%s"
+              $wc = New-Object System.Net.WebClient
+              $wc.DownloadFile($url, $output)
+            }
+        COMMAND
+        :sccm_download_content => <<~COMMAND,
+
+        COMMAND
+        :create_software_update_group => <<~COMMAND,
+            $PSDefaultParameterValues =@{"get-wmiobject:namespace"="%s";"get-WMIObject:computername"="%s"}
+            $class = Get-WmiObject -Class SMS_CI_LocalizedProperties -list
+            $LocalizedProperties = $class.CreateInstance()
+            $LocalizedProperties.DisplayName="%s"
+            $LocalizedProperties.Description="%s"
+            $class = $class = Get-WmiObject -Class SMS_AuthorizationList -list
+            $UpdateGroup = $class.CreateInstance()
+            $UpdateGroup.LocalizedInformation = $LocalizedProperties
+            $UpdateGroup.Updates = %s
+            $UpdateGroup.put()
+        COMMAND
+        :update_software_update_group => <<~COMMAND,
+            $PSDefaultParameterValues =@{"get-wmiobject:namespace"="%s";"get-WMIObject:computername"="%s"}
+            $UpdateGroup = Get-WmiObject -Class SMS_AuthorizationList | Where-Object -Property CI_ID -EQ "%s"
+            $UpdateGroup.Updates = %s
+            $UpdateGroup.put()
+        COMMAND
+        :update_software_update_group_empty => <<~COMMAND,
+            $PSDefaultParameterValues =@{"get-wmiobject:namespace"="%s";"get-WMIObject:computername"="%s"}
+            $UpdateGroup = Get-WmiObject -Class SMS_AuthorizationList | Where-Object -Property CI_ID -EQ "%s"
+            $UpdateGroup.Updates = @()
+            $UpdateGroup.put()
+        COMMAND
+        :create_collection => <<~COMMAND,
+            Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\\..\\ConfigurationManager.psd1"
+            Set-Location %s
+            New-CMDeviceCollection -Name "%s" -LimitingCollectionName "All Systems"
+        COMMAND
+        :add_device_to_collection => <<~COMMAND,
+            Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\\..\\ConfigurationManager.psd1"
+            Set-Location %s
+            Add-CMDeviceCollectionDirectMembershipRule -CollectionId "%s" -ResourceId "%s"
+        COMMAND
+        :remove_device_from_collection => <<~COMMAND,
+            Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\\..\\ConfigurationManager.psd1"
+            Set-Location %s
+            Remove-CMDeviceCollectionDirectMembershipRule -CollectionId "%s" -ResourceId "%s" –Force
+        COMMAND
+        :create_deployment_package => <<~COMMAND,
+            $PSDefaultParameterValues =@{"get-wmiobject:namespace"="%s";"get-WMIObject:computername"="%s"}
+            $class = Get-WmiObject -Class SMS_SoftwareUpdatesPackage -List
+            $DeployPackage = $class.CreateInstance()
+            $DeployPackage.Name = "%s"
+            $DeployPackage.Description = "%s Updates"
+            $DeployPackage.PkgSourcePath = "%s"
+            $DeployPackage.PkgSourceFlag = [int32]2
+            $DeployPackage.put()
+        COMMAND
+        :delete_deployment_package => <<~COMMAND,
+            Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\\..\\ConfigurationManager.psd1"
+            Set-Location %s
+            Remove-CMSoftwareUpdateDeploymentPackage -Name %s -Force
+        COMMAND
+        :download_software_updates => <<~COMMAND,
+            Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\\..\\ConfigurationManager.psd1"
+            Set-Location %s
+            Save-CMSoftwareUpdate -DeploymentPackageName "%s" -SoftwareUpdateGroupName "%s" -SoftwareUpdateLanguage English
+        COMMAND
+        :deploy_package => <<~COMMAND,
+            Import-Module "$($ENV:SMS_ADMIN_UI_PATH)\\..\\ConfigurationManager.psd1"
+            Set-Location %s
+            New-CMSoftwareUpdateDeployment -SoftwareUpdateGroupName %s -CollectionName %s -DeploymentName %s -DeploymentType %s
+        COMMAND
+    }
+
+    def self.run(conn, cmd, *args)
+      unless @cmds.key?(cmd)
+        NexposeSCCM.logger.error("Invalid command supplied: #{cmd}")
+      end
+      cmd = @cmds[cmd] % [*args]
+      result = []
+      conn.shell(:powershell) do |shell|
+        err = nil
+        output = shell.run(cmd) do |response, stderr|
+          result << response
+          err = stderr
+        end
+        if output.exitcode != 0
+          NexposeSCCM.logger.error(err)
+          result = nil
+          break
+        end
+      end
+      result
+    end
+  end
+end