nexpose_sourcefire 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 66a0bd838b05bf5c28eb153bc0189f16709555c3
-  data.tar.gz: f546f226efeb05c8c57b726b64354b6df78019f4
+  metadata.gz: a2f5744e61ccd40b64f0f2b51ae0b96b467e2056
+  data.tar.gz: 149e36d48a20550630d33c66ccb2f5cdef0816d4
 SHA512:
-  metadata.gz: ac24ce75871839767af860c5168ac9b87d54c2253e7ab302cb4e23bda9adab55cc6235d04811c76c06758227d2f9b27b925cc2f8e7590864ab41b063008f139c
-  data.tar.gz: eb4de1ee51d40cdb57e843ada389d28b98700511065984472bbd54bbbf4c1450315084fa1f1791a8a08a586dc587198eb04d4eb707ac8f5d1efed07be9ba4205
+  metadata.gz: 58788431b85aaed7a17990098515c197ba3d71ba9cb5eb7a28588db46cdc9cf6419e626653cc41219fff7de6901befcde5948806563996f4fd1f7049ecd8ec76
+  data.tar.gz: c41092ca68dcadc0383328a857d53784e0b015ff25ac87f864ca77953efd44ea6b7047333beb826b23ddc88876926a4ddc6d5c27668fb10de88624be3176590a

data/README.md

@@ -1,11 +1,14 @@
-# SourcefireRuby
+# SourceFireRuby
 
-## Installation
+This is the official gem package for the Nexpose Cisco SourceFire Integration.  
+
+For assistance with using the gem, documentation, or issues, please email the Rapid7 support team at support@rapid7.com, including description of issues and log files.
 
+## Installation
 Add this line to your application's Gemfile:
 
 ```ruby
-gem 'sourcefire_ruby'
+gem 'nexpose_sourcefire'
 ```
 
 And then execute:
@@ -14,15 +17,45 @@ And then execute:
 
 Or install it yourself as:
 
-    $ gem install sourcefire_ruby
+    $ gem install nexpose_sourcefire  
 
-## Changelog
 
-### 0.2.0
-Host OS information is now uploaded, if available.
+## Configuration
+1. Please follow the SourceFire documentation to generate a PKCS12 certificate to use in the integration.  
 
-### 0.1.0
-Initial release
+2. Set up the necessary environment variables as detailed in the documentation, or use the provided configuration file *nexpose_sourcefire.config*.  
+
+In the configuration file the siteID and pkcs12 location values **must** be filled in.
+
+## Operation
+The gem can be manually executed from within the 'bin' folder with the command:
+
+	 nexpose_sourcefire
+		
+## Encryption Settings
+
+The usernames and passwords within the configuration files are automatically encrypted when the integration runs. The key and IV files used during encryption/decryption are saved within the config folder by default.
+
+#### Setting Custom Locations for Encryption Files
+
+To set custom locations for the key and IV files, update the following values within the encryption.config file:
+
+ - key_filename - The absolute path to where the key file will be created.
+ - iv_file - The absolute path to where the IV file will be created.
+
+To set a custom path after the integration has already executed, the files must be moved to the new location manually.
+
+#### Encrypting the Configuration without running the Integration
+The Nexpose SourceFire integration can encrypt its configuration file without running the gem. This allows users to secure their login information for future use e.g for use in a cron-schedule. 
+ 
+The command to do so is:  
+```
+nexpose_sourcefire -e
+```  
+or  
+```
+nexpose_sourcefire --encrypt_config
+```
 
 ## Development
 
@@ -39,3 +72,23 @@ Bug reports and pull requests are welcome on GitHub at https://github.com/[USERN
 
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
 
+## Changelog
+
+### 0.2.2
+User now has the option to configure the gem using a configuration file as well as with environment variables. Nexpose and Sourcefire options have been added to the configuration file.
+
+Added an encryption configuration file. Usernames and passwords within the configuration file are now encrypted when the application runs.
+  
+Command line options have been added to the gem. Several are common to all Nexpose gem integrations. Call the gem with '-h' or '--help' to view these options.
+
+*Breaking change*: Environment variables **NEXPOSE_URL** and **SOURCEFIRE_ADDR** have been renamed to **NEXPOSE_ADDRESS** and **SOURCEFIRE_ADDRESS** respectively.
+
+### 0.2.1
+Implemented batching of large datasets for uploading to Sourcefire.
+
+### 0.2.0
+Host OS information is now uploaded, if available.
+
+### 0.1.0
+Initial release.
+

data/bin/nexpose_sourcefire

@@ -1,41 +1,33 @@
 #!/usr/bin/env ruby
 require 'sourcefire_connector'
-require 'sourcefire/nx_logger'
+require 'sourcefire/utilities/config_parser'
+require 'sourcefire/utilities/nx_logger'
+require 'sourcefire/utilities/gem_options'
 require 'sourcefire/version'
-require 'yaml'
 
 #Set the encoding for external CSV files.
 Encoding.default_external=Encoding.find("UTF-8")
 
-CONFIG_PATH =  File.join(File.dirname(__FILE__), '../lib/sourcefire/config/rapid7_sourcefire.config')
+CONFIG_PATH =  File.join(File.dirname(__FILE__), 
+	                       '../lib/sourcefire/config/rapid7_sourcefire.config')
+config_path = File.expand_path(CONFIG_PATH)
 
-# Obtain Nexpose settings from Environment Variables.
-configuration_settings = begin
-  YAML.load_file(CONFIG_PATH)
-rescue ArgumentError => e
-  raise "Could not parse YAML #{CONFIG_PATH} : #{e.message}"
-end
+# Setup CLI Options
+GemOptions.create_parser
+    .with_banner_and_options('nexpose_sourcefire')
+    .with_configuration_encryption([config_path])
+    .with_help_and_version('Nexpose SourceFire', Sourcefire::VERSION)
+    .parse
 
-raise 'Must configure nexpose settings before starting' if ENV['NEXPOSE_URL'].nil? || 
-														   ENV['NEXPOSE_USERNAME'].nil? || 
-														   ENV['NEXPOSE_PASSWORD'].nil?
-raise 'Must configure SourceFire settings before starting' if ENV['SOURCEFIRE_ADDR'].nil? || 
-                                                              ENV['SOURCEFIRE_PORT'].nil? ||
-                                                              ENV['SOURCEFIRE_PKCS12_PASSWORD'].nil?
+configuration_settings = ConfigParser.get_config(config_path)
 
 log = Sourcefire::NxLogger.instance
-log.setup_statistics_collection(Sourcefire::PRODUCT, Sourcefire::VENDOR, Sourcefire::VERSION)
+log.setup_statistics_collection(Sourcefire::PRODUCT, 
+	                              Sourcefire::VENDOR, 
+	                              Sourcefire::VERSION)
 log.setup_logging(configuration_settings[:options][:logging_enabled], 
 				  configuration_settings[:options][:log_level])
 
-configuration_settings[:nexpose_address] = ENV['NEXPOSE_URL']
-configuration_settings[:nexpose_username] = ENV['NEXPOSE_USERNAME']
-configuration_settings[:nexpose_password] = ENV['NEXPOSE_PASSWORD']
-configuration_settings[:nexpose_port] = ENV['NEXPOSE_PORT']
-configuration_settings[:sourcefire_address] = ENV['SOURCEFIRE_ADDR']
-configuration_settings[:sourcefire_port] = ENV['SOURCEFIRE_PORT']
-configuration_settings[:sourcefire_pkcs12_password] = ENV['SOURCEFIRE_PKCS12_PASSWORD']
-
 # Initialize and start the integration
 r7sfc = Sourcefire::Rapid7SourceFireConnector.new
 r7sfc.setup(configuration_settings)

data/lib/sourcefire/config/encryption.config

@@ -0,0 +1,20 @@
+#
+# Symmetric Encryption for Ruby
+#
+---
+production:
+  # Since the encryption key must NOT be stored along with the
+  # source code, only store the key encryption key here.
+  private_rsa_key:
+
+  # List Symmetric Key Ciphers in the order of current / newest first
+  ciphers:
+    -
+      # Name of the file containing the encrypted key and iv.
+      key_filename: <absolute/path/to/filename>.key
+      iv_filename: <absolute/path/to/filename>.iv
+
+      cipher: aes-256-cbc
+      encoding: base64strict
+      version: 1
+      always_add_header: true

data/lib/sourcefire/config/rapid7_sourcefire.config

@@ -16,4 +16,25 @@
   # Absolute location of the SourceFire pkcs12 file
   :p12_location: '/an/absolute/location/file.pkcs12'
   # Timeout in seconds. The number of seconds the GEM waits for a response from Nexpose before exiting.
-  :timeout: 10800
+  :timeout: 10800
+:nexpose_options:
+  # (M) Nexpose console hostname.
+  :nexpose_address: 127.0.0.1
+  # (M) Nexpose username.
+  :nexpose_username: nxadmin
+  # (M) Nexpose password.
+  :nexpose_password: nxadmin
+  # (M) The port Nexpose listens on. Default is 3780
+  :nexpose_port: 3780
+:sourcefire_options:
+  # (M) SourceFire Instance hostname.
+  :sourcefire_address: 127.0.0.1
+  # (M) The server port on which Sourcefire may be contacted. Default is 8307
+  :sourcefire_port: 8307
+  # (M) The password associated with the generated ‘.pkcs12’ file.
+  :sourcefire_pkcs12_password: password
+# Encryption options
+:encryption_options:
+  # (M) Path to the encryption.config file
+  :directory: ../../config/encryption.config  
+

data/lib/sourcefire/nexpose_helper.rb

@@ -1,7 +1,7 @@
 module Sourcefire
  class ReportOps
-   require_relative 'nx_logger'
-   require_relative 'queries'
+   require 'sourcefire/utilities/nx_logger'
+   require 'sourcefire/queries'
    require 'nexpose'
    require 'csv'
    include Nexpose

data/lib/sourcefire/utilities/config_parser.rb

@@ -0,0 +1,141 @@
+require 'erb'
+require 'yaml'
+require 'fileutils'
+require 'symmetric-encryption'
+
+class ConfigParser
+  ENCRYPTED_FORMAT = '<%%= SymmetricEncryption.try_decrypt "%s" %%>'
+  PLACEHOLDER = '<absolute/path/to/filename>'
+  # The environment to use, defined within the encryption config
+  STANZA = 'production'
+  # The line width of the YAML file before line-wrapping occurs
+  WIDTH = 120
+
+  # Encrypts a configuration file and returns the unencrypted hash.
+  def self.get_config(config_path, enc_path=nil)
+    # Try to load a path from the provided config
+    custom_enc_path = get_enc_directory(config_path)
+    enc_path = custom_enc_path unless custom_enc_path.nil?
+
+    enc_path = File.expand_path(enc_path, __FILE__)
+    config_path = File.expand_path(config_path)
+
+
+    generate_keys(enc_path, config_path)
+    encrypt_config(enc_path, config_path)
+    decrypt_config(enc_path, config_path)
+  end
+
+  # Writes the YAML to file with custom formatting options
+  def self.save_config(config_details, config_path)
+    yaml = config_details.to_yaml(line_width: WIDTH)
+    File.open(config_path, 'w') {|f| f.write yaml }
+  end
+
+  def self.encrypt_field(value)
+    encrypted_value = SymmetricEncryption.encrypt value
+    ENCRYPTED_FORMAT % encrypted_value
+  end
+
+  # Retrieves the custom directory of the encryption config
+  def self.get_enc_directory(config_path)
+    settings = YAML.load_file(config_path)
+    return nil if settings[:encryption_options].nil?
+
+    enc_dir = settings[:encryption_options][:directory]
+    return nil if (enc_dir.nil? || enc_dir == '')
+
+    File.expand_path(enc_dir, __FILE__)
+  end
+
+  # Generates the RSA key, associated files and directories.
+  def self.generate_keys(enc_path, config_path)
+    settings = YAML.load_file(enc_path)
+    key = settings[STANZA]['private_rsa_key']
+
+    # Recognise an existing key
+    return unless (key.nil? || key == '')
+
+    # Generate a new RSA key and store the details
+    new_rsa_key = SymmetricEncryption::KeyEncryptionKey.generate
+    settings[STANZA]['private_rsa_key'] = new_rsa_key
+    save_config(settings, enc_path)
+
+    # Populate the placeholder values within the config
+    populate_ciphers(enc_path, config_path)
+
+    # Need to create a folder (specified by the user) to store the key files
+    dir = File.dirname(settings[STANZA]['ciphers'].first['key_filename'])
+
+    begin
+      unless File.directory?(dir) || PLACEHOLDER.include?(dir)
+        puts "Creating folder: #{dir}"
+        FileUtils::mkdir_p dir
+      end
+    rescue Exception => e
+      msg = "Unable to create the folders used to store encryption details.\n"\
+            'Please ensure the user has permissions to create folders in the ' \
+            "path specified in the  encryption config: #{enc_path}\n"
+      handle_error(msg, e)
+    end
+
+    SymmetricEncryption.generate_symmetric_key_files(enc_path, STANZA)
+  end
+
+  # Replace placeholder values for the key and iv file paths,
+  # placing them in the config folder by default.
+  def self.populate_ciphers(enc_path, config_path)
+    settings = YAML.load_file(enc_path)
+    ciphers = settings[STANZA]['ciphers'].first
+    config_folder = File.dirname(config_path)
+    config_name = File.basename(config_path, File.extname(config_path))
+
+    %w(key iv).each do |file|
+      label = "#{file}_filename"
+      file_path = ciphers[label]
+      next unless file_path.include? PLACEHOLDER
+
+      filename = ".#{config_name}.#{file}"
+      ciphers[label] = File.join(config_folder, filename)
+    end
+
+    save_config(settings, enc_path)
+  end
+
+  def self.encrypt_config(enc_path, config_path)
+    SymmetricEncryption.load!(enc_path, STANZA)
+
+    # Read the config in as an array of strings
+    f = File.open(config_path)
+    config_lines = f.readlines
+    f.close
+
+    # Define the regex that can find relevant fields
+    regex = /^(?<label>\s*:?\w*(passw|pwd|user|usr)\w*:?\s)(?<value>.*)$/
+
+    # Line by line, write the line to file, encrypting sensitive fields
+    File.open(config_path, 'w+') do |f|
+      config_lines.each do |l|
+        matches = l.match(regex)
+
+        # Encrypt fields with username/password labels that are in plaintext
+        unless matches.nil? || matches['value'].include?('SymmetricEncryption')
+          l = "#{matches['label']}#{encrypt_field(matches['value'])}"
+        end
+
+        f.puts l
+      end
+    end
+  end
+
+  # Returns a hash containing the decrypted details from a config file.
+  def self.decrypt_config(enc_path, config_path)
+    SymmetricEncryption.load!(enc_path, STANZA)
+    return YAML.load(ERB.new(File.new(config_path).read).result)
+  end
+
+  def self.handle_error(message, error)
+    puts message
+    raise error
+  end
+end

data/lib/sourcefire/utilities/gem_options.rb

@@ -0,0 +1,91 @@
+require 'optparse'
+
+class GemOptions
+
+  @parser
+
+  def self.create_parser
+    @parser = OptionParser.new
+    self
+  end
+
+  # How the gem is used e.g 'nexpose ticketing jira [options]'
+  def self.with_banner(gem_usage_string)
+    @parser.banner = "Usage: #{gem_usage_string} [options]"
+    @parser.separator ''
+    self
+  end
+
+  # Header for options list
+  def self.with_options
+    @parser.separator 'Options:'
+    self
+  end
+
+  # Creates banner and options
+  def self.with_banner_and_options(gem_usage_string)
+    with_banner(gem_usage_string)
+    with_options
+    self
+  end
+
+  # For setting encryption switch. Can be set to work with two configurations
+  # Config_paths is an array
+  def self.with_configuration_encryption(config_paths, enc_path = nil)
+    @parser.on('-e',
+            '--encrypt_config',
+            'Encrypt the configuration file(s) without running the gem') do |e|
+      ConfigParser.get_config(config_paths.first, enc_path) unless enc_path.nil?
+      ConfigParser.get_config(config_paths.last)
+      puts "\nConfiguration File(s) Encrypted"
+      exit
+    end
+    self
+  end
+
+  def self.with_help
+    @parser.on_tail('-h', '--help', 'Show this message') do |h|
+      puts @parser
+      exit
+    end
+    self
+  end
+
+  def self.with_version(gem, version)
+    @parser.on_tail('--version', 'Version Information') do |v|
+      puts "#{gem} #{version}"
+      exit
+    end
+    self
+  end
+
+  def self.with_help_and_version(gem, version)
+    with_help
+    with_version(gem, version)
+    self
+  end
+
+  # Method to allow integrations to create own options, with both short and long
+  # switches and description.
+  # Handler is the block to run when option is called.
+  def self.with_other_option(short_switch, long_switch, description, &handler)
+    @parser.on("-#{short_switch}", "--#{long_switch}", description) do |opt|
+      handler.call
+    end
+  end
+
+  # Method to allow integrations to create own options, with only one size of
+  # switch and description.
+  # '-' for short switches and '--' for long switches is required.
+  # Handler is the block to run when option is called.
+  def self.with_single_switch_option(identifier, switch, description, &handler)
+    @parser.on("#{identifier}#{switch}", description) do |opt|
+      handler.call
+    end
+  end
+
+  # Parses the options to make them available
+  def self.parse
+    @parser.parse!
+  end
+end

data/lib/sourcefire/{nx_logger.rb → utilities/nx_logger.rb}

@@ -6,7 +6,7 @@ require 'singleton'
 module Sourcefire
   class NxLogger
     include Singleton
-    LOG_PATH = "./logs/rapid7_%s.log"
+    LOG_PATH = "../logs/rapid7_%s.log"
     KEY_FORMAT = "external.integration.%s"
     PRODUCT_FORMAT = "%s_%s"
 
@@ -163,4 +163,4 @@ module Sourcefire
     end
 
   end
-end
+end

data/lib/sourcefire/version.rb

@@ -1,5 +1,5 @@
 module Sourcefire
   PRODUCT = 'Sourcefire'
-  VENDOR = 'Sourcefire'
-  VERSION = "0.2.1"
+  VENDOR = 'Cisco'
+  VERSION = "0.2.2"
 end

data/lib/sourcefire_connector.rb

@@ -1,6 +1,6 @@
-require_relative 'sourcefire/nx_logger'
-require_relative 'sourcefire/p12_utils'
-require_relative 'sourcefire/nexpose_helper'
+require 'sourcefire/utilities/nx_logger'
+require 'sourcefire/p12_utils'
+require 'sourcefire/nexpose_helper'
 require 'openssl'
 require 'socket'
 require 'csv'
@@ -9,8 +9,21 @@ module Sourcefire
   class Rapid7SourceFireConnector
 
     def setup(config_options)
-      @config = config_options
+      @config = {}
       @log = Sourcefire::NxLogger.instance
+      set_variables(config_options[:nexpose_options])
+      set_variables(config_options[:sourcefire_options])
+      @config[:options] = config_options[:options]
+
+      if @config[:nexpose_address].nil? || @config[:nexpose_username].nil? || 
+         @config[:nexpose_password].nil?
+        raise 'Must configure Nexpose settings before starting'
+      end
+
+      if @config[:sourcefire_address].nil? || @config[:sourcefire_port].nil? || 
+         @config[:sourcefire_pkcs12_password].nil?
+        raise 'Must configure SourceFire settings before starting'
+      end
     end
 
     def start
@@ -19,15 +32,16 @@ module Sourcefire
       # Create a new Nexpose connection
       nxro = Sourcefire::ReportOps.new
       nxro.login(@config[:nexpose_address],@config[:nexpose_username],
-           @config[:nexpose_password], @config[:options][:timeout],
-           @config[:nexpose_port])
+                 @config[:nexpose_password], @config[:options][:timeout],
+                 @config[:nexpose_port])
       
       #Generate the required data from Nexpose
       time = Time.now.to_i
       report_file = File.open("nexpose_report_#{time}.csv", 'w')
       puts "Site ID: #{@config[:options][:sites].join(', ')}"
       puts 'Generating report.'
-      nxro.generate_sourcefire_nexpose_report(report_file, @config[:options][:sites])
+      nxro.generate_sourcefire_nexpose_report(report_file, 
+                                              @config[:options][:sites])
       puts 'Report generation complete.'
 
       #Process the Nexpose results.report("name:") { TESTS.times {  } }ort into SourceFire format
@@ -49,6 +63,15 @@ module Sourcefire
       @log.log_message('Finished processing. Exiting...')
     end
 
+    def set_variables(options)
+      options.each_key do |key|
+        value = ENV[key.to_s.upcase]
+        value ||= options[key]
+        @log.log_message('No configuration value found for #{key}') if value.nil?
+        @config[key] = value
+      end
+    end
+
     def get_assets(report_file)
       assets = []
       current_asset = nil
@@ -305,6 +328,6 @@ module Sourcefire
           retry
         end
       end
-    end
+    end    
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_sourcefire
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - JJ Cassidy
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-07-15 00:00:00.000000000 Z
+date: 2017-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -46,14 +46,34 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '3.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '0.9'
+        version: '3.2'
+- !ruby/object:Gem::Dependency
+  name: symmetric-encryption
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.9.0
 description: This GEM allows enables the importing of Nexpose host and vulnerability
   data into SourceFire
 email:
@@ -69,11 +89,14 @@ files:
 - README.md
 - Rakefile
 - bin/nexpose_sourcefire
+- lib/sourcefire/config/encryption.config
 - lib/sourcefire/config/rapid7_sourcefire.config
 - lib/sourcefire/nexpose_helper.rb
-- lib/sourcefire/nx_logger.rb
 - lib/sourcefire/p12_utils.rb
 - lib/sourcefire/queries.rb
+- lib/sourcefire/utilities/config_parser.rb
+- lib/sourcefire/utilities/gem_options.rb
+- lib/sourcefire/utilities/nx_logger.rb
 - lib/sourcefire/version.rb
 - lib/sourcefire_connector.rb
 homepage: http://www.rapid7.com
@@ -96,9 +119,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.3
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Nexpose SourceFire Integration GEM
 test_files: []
-has_rdoc: