RubyGems - nexpose_sccm - Versions diffs - 0.4.0 - Mend

nexpose_sccm 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

checksums.yaml +7 -0
data/Gemfile +14 -0
data/MIT-LICENSE +21 -0
data/README.md +212 -0
data/bin/encrypt_settings.rb +135 -0
data/bin/nexpose_sccm +69 -0
data/bin/vuln_ids.csv +7 -0
data/conf/logging.yml +8 -0
data/conf/nexpose.yml +8 -0
data/conf/postgres.yml +8 -0
data/conf/queries.yml +87 -0
data/conf/sccm.yml +30 -0
data/conf/secret.yml +4 -0
data/lib/nexpose_sccm.rb +294 -0
data/lib/nexpose_sccm/collection.rb +42 -0
data/lib/nexpose_sccm/connection.rb +165 -0
data/lib/nexpose_sccm/data_source.rb +67 -0
data/lib/nexpose_sccm/deployment_package.rb +37 -0
data/lib/nexpose_sccm/device.rb +11 -0
data/lib/nexpose_sccm/helpers/nexpose_helper.rb +65 -0
data/lib/nexpose_sccm/helpers/pg_helper.rb +26 -0
data/lib/nexpose_sccm/powershell.rb +111 -0
data/lib/nexpose_sccm/remediation_item.rb +5 -0
data/lib/nexpose_sccm/software_update_group.rb +54 -0
data/lib/nexpose_sccm/utilities/nx_logger.rb +171 -0
data/lib/nexpose_sccm/utilities/utility_config.rb +59 -0
data/lib/nexpose_sccm/version.rb +5 -0
data/lib/nexpose_sccm/wql.rb +35 -0
data/nexpose_sccm.gemspec +35 -0
metadata +128 -0

data/lib/nexpose_sccm/remediation_item.rb ADDED

@@ -0,0 +1,5 @@
+class RemediationItem
+  def initialize(solution_id, vuln_ids)
+  end
+end

data/lib/nexpose_sccm/software_update_group.rb ADDED

@@ -0,0 +1,54 @@
+require 'winrm'
+require_relative 'powershell'
+module NexposeSCCM
+  # Configuration settings for creating a Software Update Group
+  #
+  # * *Args*    :
+  #   - +name+ -  A String identifying the display name of the Software Update Group
+  #   - +description+ - A String identifying the description of the Software Update Group
+  #   - +ci_ids+ - An Array identifying the list of ci_ids to add to a Software Update Group
+  #
+  class SoftwareUpdateGroup
+    attr_accessor :name, :description, :ci_ids
+    def initialize(name, description, ci_ids, ci_id=nil)
+      @name = name
+      @description = description
+      @ci_ids = ci_ids
+      @ci_id = ci_id
+    end
+    def save(conn)
+      if @ci_id.nil?
+        if @ci_ids.length > 0
+          Powershell.run(conn.conn,
+                         :create_software_update_group,
+                         conn.namespace,
+                         conn.host,
+                         @name,
+                         @description,
+                         @ci_ids.join(','))
+        else
+          NexposeSCCM.logger.debug('No CI_IDs to add to Software Update Group, going to next...')
+          return false
+        end
+      else
+        if @ci_ids.length > 0
+          Powershell.run(conn.conn,
+                         :update_software_update_group,
+                         conn.namespace,
+                         conn.host,
+                         @ci_id,
+                         @ci_ids.join(','))
+        else
+          Powershell.run(conn.conn,
+                         :update_software_update_group_empty,
+                         conn.namespace,
+                         conn.host,
+                         @ci_id)
+        end
+      end
+    end
+  end
+end

data/lib/nexpose_sccm/utilities/nx_logger.rb ADDED

@@ -0,0 +1,171 @@
+require 'fileutils'
+require 'json'
+require 'net/http'
+require 'singleton'
+module NexposeSCCM
+  class NxLogger
+    include Singleton
+    LOG_PATH = "../logs/rapid7_%s.log"
+    KEY_FORMAT = "external.integration.%s"
+    PRODUCT_FORMAT = "%s_%s"
+    DEFAULT_LOG = 'integration'
+    PRODUCT_RANGE = 4..30
+    KEY_RANGE = 3..15
+    ENDPOINT = '/data/external/statistic/'
+    def initialize()
+      create_calls
+      @logger_file = get_log_path @product
+      setup_logging(true, 'info')
+    end
+    def setup_statistics_collection(vendor, product_name, gem_version)
+      begin
+        @statistic_key = get_statistic_key vendor
+        @product = get_product product_name, gem_version
+      rescue => e
+        #Continue
+      end
+    end
+    def setup_logging(enabled,
+                      log_level = 'info',
+                      stdout=false,
+                      rotation='weekly',
+                      log_size=nil)
+      @stdout = stdout
+      log_message('Logging disabled.') unless enabled || @log.nil?
+      @enabled = enabled
+      return unless @enabled
+      @logger_file = get_log_path @product
+      require 'logger'
+      directory = File.dirname(@logger_file)
+      FileUtils.mkdir_p(directory) unless File.directory?(directory)
+      io = IO.for_fd(IO.sysopen(@logger_file, 'a'), 'a')
+      io.autoclose = false
+      io.sync = true
+      @log = Logger.new(io, rotation, log_size)
+      @log.level = if log_level.to_s.casecmp('info') == 0
+                     Logger::INFO
+                   else
+                     Logger::DEBUG
+                   end
+      log_message("Logging enabled at level <#{log_level}>")
+    end
+    def create_calls
+      levels = [:info, :debug, :error, :warn]
+      levels.each do |level|
+        method_name = "log_#{level.to_s}_message"
+        define_singleton_method(method_name) do |message|
+          puts message if @stdout
+          @log.send(level, message) unless !@enabled || @log.nil?
+        end
+        singleton_class.send(:alias_method, level, method_name.to_sym)
+      end
+    end
+    def log_message(message)
+      log_info_message message
+    end
+    def log_stat_message(message)
+    end
+    def get_log_path(product)
+      product.downcase! unless product.nil?
+      File.join(File.dirname(__FILE__), LOG_PATH % (product || DEFAULT_LOG))
+    end
+    def get_statistic_key(vendor)
+      if vendor.nil? || vendor.length < KEY_RANGE.min
+        log_stat_message("Vendor length is below minimum of <#{KEY_RANGE}>")
+        return nil
+      end
+      vendor.gsub!('-', '_')
+      vendor.slice! vendor.rindex('_') until vendor.count('_') <= 1
+      vendor.delete! "^A-Za-z0-9\_"
+      KEY_FORMAT % vendor[0...KEY_RANGE.max].downcase
+    end
+    def get_product(product, version)
+      return nil if ((product.nil? || product.empty?) ||
+                     (version.nil? || version.empty?))
+      product.gsub!('-', '_')
+      product.slice! product.rindex('_') until product.count('_') <= 1
+      product.delete! "^A-Za-z0-9\_"
+      version.delete! "^A-Za-z0-9\.\-"
+      product = (PRODUCT_FORMAT % [product, version])[0...PRODUCT_RANGE.max]
+      product.slice! product.rindex(/[A-Z0-9]/i)+1..-1
+      if product.length < PRODUCT_RANGE.min
+        log_stat_message("Product length below minimum <#{PRODUCT_RANGE.min}>.")
+        return nil
+      end
+      product.downcase
+    end
+    def generate_payload(statistic_value='')
+      product_name, separator, version = @product.to_s.rpartition('_')
+      payload_value = {'version' => version}.to_json
+      payload = {'statistic-key' => @statistic_key.to_s,
+                 'statistic-value' => payload_value,
+                 'product' => product_name}
+      JSON.generate(payload)
+    end
+    def send(nexpose_address, nexpose_port, session_id, payload)
+      header = {'Content-Type' => 'application/json',
+                'nexposeCCSessionID' => session_id,
+                'Cookie' => "nexposeCCSessionID=#{session_id}"}
+      req = Net::HTTP::Put.new(ENDPOINT, header)
+      req.body = payload
+      http_instance = Net::HTTP.new(nexpose_address, nexpose_port)
+      http_instance.use_ssl = true
+      http_instance.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      response = http_instance.start { |http| http.request(req) }
+      log_stat_message "Received code #{response.code} from Nexpose console."
+      log_stat_message "Received message #{response.msg} from Nexpose console."
+      log_stat_message 'Finished sending statistics data to Nexpose.'
+      response.code
+    end
+    def on_connect(nexpose_address, nexpose_port, session_id, value)
+      log_stat_message 'Sending statistics data to Nexpose'
+      if @product.nil? || @statistic_key.nil?
+        log_stat_message('Invalid product name and/or statistics key.')
+        log_stat_message('Statistics collection not enabled.')
+        return
+      end
+      begin
+        payload = generate_payload value
+        send(nexpose_address, nexpose_port, session_id, payload)
+      rescue => e
+        #Let the program continue
+      end
+    end
+    #Used by net library for debugging
+    def <<(value)
+      log_debug_message(value)
+    end
+  end
+end

data/lib/nexpose_sccm/utilities/utility_config.rb ADDED

@@ -0,0 +1,59 @@
+module UtilityConfig
+  def self.load_config(settings_locations, settings_dir=nil)
+    # Load settings.yml from -s option or parse known locations for configuration file
+    begin
+      settings_dir = settings_dir.nil? ? settings_locations : [settings_dir]
+      settings = nil
+      settings_dir.each do |dir|
+        Dir.glob(File.join(dir, '*.yml')) do |yml_file|
+          tmp_settings = YAML::load_file(yml_file)
+          next if tmp_settings.nil?
+          settings = settings.nil? ? tmp_settings.dup : settings.merge(tmp_settings.to_h)
+        end
+      end
+    rescue Exception => e
+      abort("Could not parse or load settings file: #{e}")
+    end
+    settings
+  end
+  def self.load_encrypt(settings)
+    # Load encrypted settings if defined
+    begin
+      if settings[:secret]
+        priv_key = OpenSSL::PKey::RSA.new(File.read(File.join(settings[:secret][:encrypt_key_dir], 'rsa_key')))
+        dec_buf = priv_key.private_decrypt(Base64.decode64(File.read(settings[:secret][:encrypt_cred_file])))
+        YAML::load(dec_buf).each do |key,value|
+          value.each do |k,v|
+            if v.class == String
+              settings[key][k] = v
+            elsif v.class == Hash
+              v.each do |k2,v2|
+                settings[key][k][k2] = v2
+              end
+            end
+          end
+        end
+      end
+      return settings
+    rescue Exception => e
+      abort("Could not parse or load encrypted file #{settings[:secret][:encrypt_cred_file]} : #{e}")
+    end
+  end
+  def self.save_encrypt(settings_locations, settings_dir=nil)
+    begin
+      settings_dir = settings_dir.nil? ? settings_locations : [settings_dir]
+      settings_dir.each do |dir|
+        Dir.glob(File.join(dir, '*.yml')) do |yml_file|
+          text = File.read(yml_file)
+          new_contents = text.gsub(/:\s+[\'\"]\(enc\).*[\'\"][\r\n]*/, ": 'secret'\n")
+          File.open(yml_file, "w") {|file| file.puts new_contents}
+        end
+      end
+    rescue Exception => e
+      abort("Could not parse or save settings file: #{e}")
+    end
+  end
+end

data/lib/nexpose_sccm/version.rb ADDED

@@ -0,0 +1,5 @@
+module NexposeSCCM
+  VERSION = '0.4.0'
+  VENDOR = 'Microsoft'
+  PRODUCT = 'SCCM'
+end

data/lib/nexpose_sccm/wql.rb ADDED

@@ -0,0 +1,35 @@
+require 'winrm'
+module NexposeSCCM
+  module Wql
+    @queries = {
+      :get_ci_ids => "SELECT ci_id FROM SMS_SoftwareUpdate WHERE CI_UniqueID=\"%s\"",
+      :get_sups => "SELECT ci_id, localizeddisplayname, localizeddescription FROM SMS_AuthorizationList WHERE LocalizedDisplayName like \"Rapid7%%\"",
+      :get_collections => "SELECT * FROM SMS_Collection WHERE Name LIKE \"Rapid7%%\"",
+      :get_collection_by_name => "SELECT * FROM SMS_Collection WHERE Name = \"%s\"",
+      :get_collection_members => "SELECT * FROM SMS_FullCollectionMembership WHERE CollectionId=\"%s\"",
+      :get_devices => "SELECT * FROM SMS_R_System WHERE client IS NOT NULL",
+      :get_device_by_id => "SELECT * FROM SMS_R_System WHERE ResourceID = \"%s\"",
+      :get_asset_mac => "SELECT * FROM SMS_R_System WHERE MACAddresses = \"%s\"",
+      :get_asset_ip => "SELECT * FROM SMS_R_System WHERE IPAddresses = \"%s\"",
+      :get_asset_hostname => "SELECT * FROM SMS_R_System WHERE Name = \"%s\"",
+      :get_update_url => "SELECT FileName,SourceURL from SMS_CIContentfiles WHERE ContentID=\"%s\"",
+      :ci_to_contentid => "SELECT contentid FROM SMS_CIToContent WHERE ci_id = \"%s\"",
+      :get_deployment_package => "SELECT * FROM SMS_SoftwareUpdatesPackage WHERE Name = \"%s\""
+    }
+    def self.run(conn, namespace, query, *args)
+      unless @queries.key?(query)
+        NexposeSCCM.logger.error("Invalid query supplied: #{query}")
+      end
+      wql = @queries[query] % [*args]
+      results = []
+      conn.run_wql(wql, "#{namespace.gsub('\\','/')}/*") do |_, item|
+        item = item.inject({}){|i,(k,v)| i[k.to_sym] = v; i}
+        results.push(item)
+      end
+      results
+    end
+  end
+end

data/nexpose_sccm.gemspec ADDED

@@ -0,0 +1,35 @@
+# coding: utf-8
+require_relative './lib/nexpose_sccm/version'
+Gem::Specification.new do |spec|
+  spec.name          = 'nexpose_sccm'
+  spec.version       = NexposeSCCM::VERSION
+  spec.authors       = ['Ben Glass', 'Zac Youtz', 'Adam Robinson']
+  spec.email         = ['support@rapid7.com']
+  spec.summary       = %q{Ruby Gem for Nexpose SCCM Integration}
+  spec.description   = %q{This gem pulls data from InsightVM/Nexpose and creates content in SCCM for remediation}
+  spec.homepage      = 'http://www.rapid7.com/'
+  spec.license       = 'MIT'
+  spec.files         = Dir.glob("{bin,conf,lib}/**/*")
+  spec.files         += Dir['README.md', 'nexpose_sccm.gemspec', 'MIT-LICENSE', 'Gemfile']
+  spec.files.reject! { |f| f.match(%r{(logs)/}) }
+  spec.require_paths = ['lib']
+  spec.executables   = ['nexpose_sccm']
+  spec.bindir        = 'bin'
+  # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
+  # delete this section to allow pushing this gem to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = 'https://rubygems.org'
+  else
+    raise 'RubyGems 2.0 or newer is required to protect against public gem pushes.'
+  end
+  spec.add_runtime_dependency 'nexpose', '~> 7.2'
+  spec.add_runtime_dependency 'pg', '~> 0.21.0'
+  spec.add_runtime_dependency 'winrm', '~> 2.2', '>= 2.2.3'
+  spec.required_ruby_version = ['>= 2.3.1', '< 2.5.0']
+end

metadata ADDED

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: nexpose_sccm
+version: !ruby/object:Gem::Version
+  version: 0.4.0
+platform: ruby
+authors:
+- Ben Glass
+- Zac Youtz
+- Adam Robinson
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2018-04-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nexpose
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.2'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.21.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.21.0
+- !ruby/object:Gem::Dependency
+  name: winrm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.3
+description: This gem pulls data from InsightVM/Nexpose and creates content in SCCM
+  for remediation
+email:
+- support@rapid7.com
+executables:
+- nexpose_sccm
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- MIT-LICENSE
+- README.md
+- bin/encrypt_settings.rb
+- bin/nexpose_sccm
+- bin/vuln_ids.csv
+- conf/logging.yml
+- conf/nexpose.yml
+- conf/postgres.yml
+- conf/queries.yml
+- conf/sccm.yml
+- conf/secret.yml
+- lib/nexpose_sccm.rb
+- lib/nexpose_sccm/collection.rb
+- lib/nexpose_sccm/connection.rb
+- lib/nexpose_sccm/data_source.rb
+- lib/nexpose_sccm/deployment_package.rb
+- lib/nexpose_sccm/device.rb
+- lib/nexpose_sccm/helpers/nexpose_helper.rb
+- lib/nexpose_sccm/helpers/pg_helper.rb
+- lib/nexpose_sccm/powershell.rb
+- lib/nexpose_sccm/remediation_item.rb
+- lib/nexpose_sccm/software_update_group.rb
+- lib/nexpose_sccm/utilities/nx_logger.rb
+- lib/nexpose_sccm/utilities/utility_config.rb
+- lib/nexpose_sccm/version.rb
+- lib/nexpose_sccm/wql.rb
+- nexpose_sccm.gemspec
+homepage: http://www.rapid7.com/
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.1
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.11
+signing_key:
+specification_version: 4
+summary: Ruby Gem for Nexpose SCCM Integration
+test_files: []