nexpose_sccm 0.4.0

data/lib/nexpose_sccm/remediation_item.rb

@@ -0,0 +1,5 @@
+class RemediationItem
+  def initialize(solution_id, vuln_ids)
+
+  end
+end

data/lib/nexpose_sccm/software_update_group.rb

@@ -0,0 +1,54 @@
+require 'winrm'
+require_relative 'powershell'
+
+module NexposeSCCM
+  # Configuration settings for creating a Software Update Group
+  #
+  # * *Args*    :
+  #   - +name+ -  A String identifying the display name of the Software Update Group
+  #   - +description+ - A String identifying the description of the Software Update Group
+  #   - +ci_ids+ - An Array identifying the list of ci_ids to add to a Software Update Group
+  #
+  class SoftwareUpdateGroup
+    attr_accessor :name, :description, :ci_ids
+
+    def initialize(name, description, ci_ids, ci_id=nil)
+      @name = name
+      @description = description
+      @ci_ids = ci_ids
+      @ci_id = ci_id
+    end
+
+    def save(conn)
+      if @ci_id.nil?
+        if @ci_ids.length > 0
+          Powershell.run(conn.conn,
+                         :create_software_update_group,
+                         conn.namespace,
+                         conn.host,
+                         @name,
+                         @description,
+                         @ci_ids.join(','))
+        else
+          NexposeSCCM.logger.debug('No CI_IDs to add to Software Update Group, going to next...')
+          return false
+        end
+      else
+        if @ci_ids.length > 0
+          Powershell.run(conn.conn,
+                         :update_software_update_group,
+                         conn.namespace,
+                         conn.host,
+                         @ci_id,
+                         @ci_ids.join(','))
+        else
+          Powershell.run(conn.conn,
+                         :update_software_update_group_empty,
+                         conn.namespace,
+                         conn.host,
+                         @ci_id)
+        end
+      end
+    end
+  end
+end

data/lib/nexpose_sccm/utilities/nx_logger.rb

@@ -0,0 +1,171 @@
+require 'fileutils'
+require 'json'
+require 'net/http'
+require 'singleton'
+
+module NexposeSCCM
+  class NxLogger
+    include Singleton
+    LOG_PATH = "../logs/rapid7_%s.log"
+    KEY_FORMAT = "external.integration.%s"
+    PRODUCT_FORMAT = "%s_%s"
+
+    DEFAULT_LOG = 'integration'
+    PRODUCT_RANGE = 4..30
+    KEY_RANGE = 3..15
+
+    ENDPOINT = '/data/external/statistic/'
+
+    def initialize()
+      create_calls
+      @logger_file = get_log_path @product
+      setup_logging(true, 'info')
+    end
+
+    def setup_statistics_collection(vendor, product_name, gem_version)
+      begin
+        @statistic_key = get_statistic_key vendor
+        @product = get_product product_name, gem_version
+      rescue => e
+        #Continue
+      end
+    end
+
+    def setup_logging(enabled,
+                      log_level = 'info',
+                      stdout=false,
+                      rotation='weekly',
+                      log_size=nil)
+      @stdout = stdout
+
+      log_message('Logging disabled.') unless enabled || @log.nil?
+      @enabled = enabled
+      return unless @enabled
+
+      @logger_file = get_log_path @product
+
+      require 'logger'
+      directory = File.dirname(@logger_file)
+      FileUtils.mkdir_p(directory) unless File.directory?(directory)
+      io = IO.for_fd(IO.sysopen(@logger_file, 'a'), 'a')
+      io.autoclose = false
+      io.sync = true
+      @log = Logger.new(io, rotation, log_size)
+      @log.level = if log_level.to_s.casecmp('info') == 0 
+                     Logger::INFO 
+                   else
+                     Logger::DEBUG
+                   end
+      log_message("Logging enabled at level <#{log_level}>")
+    end
+
+    def create_calls
+      levels = [:info, :debug, :error, :warn]
+      levels.each do |level|
+        method_name = "log_#{level.to_s}_message"
+        define_singleton_method(method_name) do |message|
+          puts message if @stdout
+          @log.send(level, message) unless !@enabled || @log.nil?
+        end
+        singleton_class.send(:alias_method, level, method_name.to_sym)
+      end
+    end
+
+    def log_message(message)
+      log_info_message message
+    end
+
+    def log_stat_message(message)
+    end
+
+    def get_log_path(product)
+      product.downcase! unless product.nil?
+      File.join(File.dirname(__FILE__), LOG_PATH % (product || DEFAULT_LOG))
+    end
+
+    def get_statistic_key(vendor)
+      if vendor.nil? || vendor.length < KEY_RANGE.min
+        log_stat_message("Vendor length is below minimum of <#{KEY_RANGE}>")
+        return nil
+      end
+
+      vendor.gsub!('-', '_')
+      vendor.slice! vendor.rindex('_') until vendor.count('_') <= 1
+
+      vendor.delete! "^A-Za-z0-9\_"
+
+      KEY_FORMAT % vendor[0...KEY_RANGE.max].downcase
+    end
+
+    def get_product(product, version)
+      return nil if ((product.nil? || product.empty?) || 
+                     (version.nil? || version.empty?))
+
+      product.gsub!('-', '_')
+      product.slice! product.rindex('_') until product.count('_') <= 1
+
+      product.delete! "^A-Za-z0-9\_"
+      version.delete! "^A-Za-z0-9\.\-"
+
+      product = (PRODUCT_FORMAT % [product, version])[0...PRODUCT_RANGE.max]
+
+      product.slice! product.rindex(/[A-Z0-9]/i)+1..-1
+
+      if product.length < PRODUCT_RANGE.min
+        log_stat_message("Product length below minimum <#{PRODUCT_RANGE.min}>.")
+        return nil
+      end
+      product.downcase
+    end
+
+    def generate_payload(statistic_value='')
+      product_name, separator, version = @product.to_s.rpartition('_')
+      payload_value = {'version' => version}.to_json
+
+      payload = {'statistic-key' => @statistic_key.to_s,
+                 'statistic-value' => payload_value,
+                 'product' => product_name}
+      JSON.generate(payload)
+    end
+
+    def send(nexpose_address, nexpose_port, session_id, payload)
+      header = {'Content-Type' => 'application/json',
+                'nexposeCCSessionID' => session_id,
+                'Cookie' => "nexposeCCSessionID=#{session_id}"}
+      req = Net::HTTP::Put.new(ENDPOINT, header)
+      req.body = payload
+      http_instance = Net::HTTP.new(nexpose_address, nexpose_port)
+      http_instance.use_ssl = true
+      http_instance.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      response = http_instance.start { |http| http.request(req) }
+      log_stat_message "Received code #{response.code} from Nexpose console."
+      log_stat_message "Received message #{response.msg} from Nexpose console."
+      log_stat_message 'Finished sending statistics data to Nexpose.'
+
+      response.code
+    end
+
+    def on_connect(nexpose_address, nexpose_port, session_id, value)
+      log_stat_message 'Sending statistics data to Nexpose'
+
+      if @product.nil? || @statistic_key.nil?
+        log_stat_message('Invalid product name and/or statistics key.')
+        log_stat_message('Statistics collection not enabled.')
+        return
+      end
+      
+      begin
+        payload = generate_payload value
+        send(nexpose_address, nexpose_port, session_id, payload)
+      rescue => e
+        #Let the program continue
+      end
+    end
+
+    #Used by net library for debugging 
+    def <<(value)
+      log_debug_message(value)
+    end
+
+  end
+end

data/lib/nexpose_sccm/utilities/utility_config.rb

@@ -0,0 +1,59 @@
+module UtilityConfig
+  def self.load_config(settings_locations, settings_dir=nil)
+    # Load settings.yml from -s option or parse known locations for configuration file
+    begin
+      settings_dir = settings_dir.nil? ? settings_locations : [settings_dir]
+      settings = nil
+
+      settings_dir.each do |dir|
+        Dir.glob(File.join(dir, '*.yml')) do |yml_file|
+          tmp_settings = YAML::load_file(yml_file)
+          next if tmp_settings.nil?
+          settings = settings.nil? ? tmp_settings.dup : settings.merge(tmp_settings.to_h)
+        end
+      end
+    rescue Exception => e
+      abort("Could not parse or load settings file: #{e}")
+    end
+    settings
+  end
+
+  def self.load_encrypt(settings)
+    # Load encrypted settings if defined
+    begin
+      if settings[:secret]
+        priv_key = OpenSSL::PKey::RSA.new(File.read(File.join(settings[:secret][:encrypt_key_dir], 'rsa_key')))
+        dec_buf = priv_key.private_decrypt(Base64.decode64(File.read(settings[:secret][:encrypt_cred_file])))
+        YAML::load(dec_buf).each do |key,value|
+          value.each do |k,v|
+            if v.class == String
+              settings[key][k] = v
+            elsif v.class == Hash
+              v.each do |k2,v2|
+                settings[key][k][k2] = v2
+              end
+            end
+          end
+        end
+      end
+      return settings
+    rescue Exception => e
+      abort("Could not parse or load encrypted file #{settings[:secret][:encrypt_cred_file]} : #{e}")
+    end
+  end
+
+  def self.save_encrypt(settings_locations, settings_dir=nil)
+    begin
+      settings_dir = settings_dir.nil? ? settings_locations : [settings_dir]
+      settings_dir.each do |dir|
+        Dir.glob(File.join(dir, '*.yml')) do |yml_file|
+          text = File.read(yml_file)
+          new_contents = text.gsub(/:\s+[\'\"]\(enc\).*[\'\"][\r\n]*/, ": 'secret'\n")
+          File.open(yml_file, "w") {|file| file.puts new_contents}
+        end
+      end
+    rescue Exception => e
+      abort("Could not parse or save settings file: #{e}")
+    end
+  end
+end

data/lib/nexpose_sccm/version.rb

@@ -0,0 +1,5 @@
+module NexposeSCCM
+  VERSION = '0.4.0'
+  VENDOR = 'Microsoft'
+  PRODUCT = 'SCCM'
+end

data/lib/nexpose_sccm/wql.rb

@@ -0,0 +1,35 @@
+require 'winrm'
+
+module NexposeSCCM
+  module Wql
+
+    @queries = {
+      :get_ci_ids => "SELECT ci_id FROM SMS_SoftwareUpdate WHERE CI_UniqueID=\"%s\"",
+      :get_sups => "SELECT ci_id, localizeddisplayname, localizeddescription FROM SMS_AuthorizationList WHERE LocalizedDisplayName like \"Rapid7%%\"",
+      :get_collections => "SELECT * FROM SMS_Collection WHERE Name LIKE \"Rapid7%%\"",
+      :get_collection_by_name => "SELECT * FROM SMS_Collection WHERE Name = \"%s\"",
+      :get_collection_members => "SELECT * FROM SMS_FullCollectionMembership WHERE CollectionId=\"%s\"",
+      :get_devices => "SELECT * FROM SMS_R_System WHERE client IS NOT NULL",
+      :get_device_by_id => "SELECT * FROM SMS_R_System WHERE ResourceID = \"%s\"",
+      :get_asset_mac => "SELECT * FROM SMS_R_System WHERE MACAddresses = \"%s\"",
+      :get_asset_ip => "SELECT * FROM SMS_R_System WHERE IPAddresses = \"%s\"",
+      :get_asset_hostname => "SELECT * FROM SMS_R_System WHERE Name = \"%s\"",
+      :get_update_url => "SELECT FileName,SourceURL from SMS_CIContentfiles WHERE ContentID=\"%s\"",
+      :ci_to_contentid => "SELECT contentid FROM SMS_CIToContent WHERE ci_id = \"%s\"",
+      :get_deployment_package => "SELECT * FROM SMS_SoftwareUpdatesPackage WHERE Name = \"%s\""
+    }
+
+    def self.run(conn, namespace, query, *args)
+      unless @queries.key?(query)
+        NexposeSCCM.logger.error("Invalid query supplied: #{query}")
+      end
+      wql = @queries[query] % [*args]
+      results = []
+      conn.run_wql(wql, "#{namespace.gsub('\\','/')}/*") do |_, item|
+        item = item.inject({}){|i,(k,v)| i[k.to_sym] = v; i}
+        results.push(item)
+      end
+      results
+    end
+  end
+end

data/nexpose_sccm.gemspec

@@ -0,0 +1,35 @@
+# coding: utf-8
+
+require_relative './lib/nexpose_sccm/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'nexpose_sccm'
+  spec.version       = NexposeSCCM::VERSION
+  spec.authors       = ['Ben Glass', 'Zac Youtz', 'Adam Robinson']
+  spec.email         = ['support@rapid7.com']
+  spec.summary       = %q{Ruby Gem for Nexpose SCCM Integration}
+  spec.description   = %q{This gem pulls data from InsightVM/Nexpose and creates content in SCCM for remediation}
+  spec.homepage      = 'http://www.rapid7.com/'
+  spec.license       = 'MIT'
+
+  spec.files         = Dir.glob("{bin,conf,lib}/**/*")
+  spec.files         += Dir['README.md', 'nexpose_sccm.gemspec', 'MIT-LICENSE', 'Gemfile']
+  spec.files.reject! { |f| f.match(%r{(logs)/}) }
+  spec.require_paths = ['lib']
+  spec.executables   = ['nexpose_sccm']
+  spec.bindir        = 'bin'
+
+  # Prevent pushing this gem to RubyGems.org by setting 'allowed_push_host', or
+  # delete this section to allow pushing this gem to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = 'https://rubygems.org'
+  else
+    raise 'RubyGems 2.0 or newer is required to protect against public gem pushes.'
+  end
+
+  spec.add_runtime_dependency 'nexpose', '~> 7.2'
+  spec.add_runtime_dependency 'pg', '~> 0.21.0'
+  spec.add_runtime_dependency 'winrm', '~> 2.2', '>= 2.2.3'
+
+  spec.required_ruby_version = ['>= 2.3.1', '< 2.5.0']
+end

metadata

@@ -0,0 +1,128 @@
+--- !ruby/object:Gem::Specification
+name: nexpose_sccm
+version: !ruby/object:Gem::Version
+  version: 0.4.0
+platform: ruby
+authors:
+- Ben Glass
+- Zac Youtz
+- Adam Robinson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-04-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nexpose
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '7.2'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.21.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.21.0
+- !ruby/object:Gem::Dependency
+  name: winrm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.3
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.2'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.2.3
+description: This gem pulls data from InsightVM/Nexpose and creates content in SCCM
+  for remediation
+email:
+- support@rapid7.com
+executables:
+- nexpose_sccm
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- MIT-LICENSE
+- README.md
+- bin/encrypt_settings.rb
+- bin/nexpose_sccm
+- bin/vuln_ids.csv
+- conf/logging.yml
+- conf/nexpose.yml
+- conf/postgres.yml
+- conf/queries.yml
+- conf/sccm.yml
+- conf/secret.yml
+- lib/nexpose_sccm.rb
+- lib/nexpose_sccm/collection.rb
+- lib/nexpose_sccm/connection.rb
+- lib/nexpose_sccm/data_source.rb
+- lib/nexpose_sccm/deployment_package.rb
+- lib/nexpose_sccm/device.rb
+- lib/nexpose_sccm/helpers/nexpose_helper.rb
+- lib/nexpose_sccm/helpers/pg_helper.rb
+- lib/nexpose_sccm/powershell.rb
+- lib/nexpose_sccm/remediation_item.rb
+- lib/nexpose_sccm/software_update_group.rb
+- lib/nexpose_sccm/utilities/nx_logger.rb
+- lib/nexpose_sccm/utilities/utility_config.rb
+- lib/nexpose_sccm/version.rb
+- lib/nexpose_sccm/wql.rb
+- nexpose_sccm.gemspec
+homepage: http://www.rapid7.com/
+licenses:
+- MIT
+metadata:
+  allowed_push_host: https://rubygems.org
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.3.1
+  - - "<"
+    - !ruby/object:Gem::Version
+      version: 2.5.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.6.11
+signing_key: 
+specification_version: 4
+summary: Ruby Gem for Nexpose SCCM Integration
+test_files: []