ssh_scan 0.0.19 → 0.0.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +3 -6
  3. data/bin/ssh_scan +19 -19
  4. data/lib/ssh_scan/version.rb +1 -1
  5. metadata +2 -8
  6. data/bin/ssh_scan_worker +0 -14
  7. data/config/worker/config.yml +0 -22
  8. data/lib/ssh_scan/worker.rb +0 -119
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: d1f38d061727ec16f24abe9fa799d74d928764ca
4
- data.tar.gz: 1c6e40fa5041aaa45dbaa3fc7a1586ffb19a63f1
3
+ metadata.gz: 7ed1c774b96d1bb34de978e7c39e82d2206e340f
4
+ data.tar.gz: 873692c2cd13f0aac4e1bc7842deb2cc6858af7e
5
5
  SHA512:
6
- metadata.gz: 6504a3a993c90eafdad3be8bd6d63cc11d1dae76260e38e9608939d2525ea6602d7ef24eda0ee43f762bfcf48a08a2b2bdead68f083d946a71f6f234283d93fc
7
- data.tar.gz: b21c3e244f176cee08ea1d817e842dbb7cb5effeda59136777b81f0364478d30e2b8e8b209e9b68cd66a334ac1043b062808cd183e3c765997d7819692dd9efc
6
+ metadata.gz: 25227d81b0b50a3576b8be8266a76fb70e7cac3d72b5c0ac3a764e57b0532fa2541e025e2322139517a1e4661dc049c26af6b6629090402783cf58819a7dcf4d
7
+ data.tar.gz: fb790b5ddccedcc27d781b9795b5c49b3ad51546fbb9e68b7d434239f5d58047d97e0e02a7c59a15a5f536b32aad7d92d8b981bf97b02e4886321f97566aa509
data/.travis.yml CHANGED
@@ -11,16 +11,13 @@ matrix:
11
11
  - LABEL=unit_tests
12
12
  after_success:
13
13
  - coveralls
14
- - rvm: 2.3.0
15
- env:
16
- - LABEL=unit_tests
17
- - rvm: 2.2.0
14
+ - rvm: 2.4.1
18
15
  env:
19
16
  - LABEL=unit_tests
20
- - rvm: 2.1.3
17
+ - rvm: 2.3.0
21
18
  env:
22
19
  - LABEL=unit_tests
23
- - rvm: 2.0.0
20
+ - rvm: 2.2.0
24
21
  env:
25
22
  - LABEL=unit_tests
26
23
  - rvm: 2.3.0
data/bin/ssh_scan CHANGED
@@ -226,25 +226,25 @@ unless File.exist?(options["policy"])
226
226
  end
227
227
 
228
228
  # Check to see if we're running the latest released version
229
- if !options["suppress_update_status"]
230
- update = SSHScan::Update.new
231
- if update.newer_gem_available?
232
- options["logger"].warn(
233
- "You're NOT using the latest version of ssh_scan, try 'gem update \
234
- ssh_scan' to get the latest"
235
- )
236
- else
237
- if update.errors.any?
238
- update.errors.each do |error|
239
- options["logger"].error(error)
240
- end
241
- else
242
- options["logger"].info(
243
- "You're using the latest version of ssh_scan #{SSHScan::VERSION}"
244
- )
245
- end
246
- end
247
- end
229
+ #if !options["suppress_update_status"]
230
+ # update = SSHScan::Update.new
231
+ # if update.newer_gem_available?
232
+ # options["logger"].warn(
233
+ # "You're NOT using the latest version of ssh_scan, try 'gem update \
234
+ #ssh_scan' to get the latest"
235
+ # )
236
+ # else
237
+ # if update.errors.any?
238
+ # update.errors.each do |error|
239
+ # options["logger"].error(error)
240
+ # end
241
+ # else
242
+ # options["logger"].info(
243
+ # "You're using the latest version of ssh_scan #{SSHScan::VERSION}"
244
+ # )
245
+ # end
246
+ # end
247
+ #end
248
248
 
249
249
  # Limit scope of fingerprints DB to (per scan)
250
250
  if options["fingerprint_database"] && File.exists?(options["fingerprint_database"])
data/lib/ssh_scan/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SSHScan
2
- VERSION = '0.0.19'
2
+ VERSION = '0.0.20'
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ssh_scan
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.19
4
+ version: 0.0.20
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jonathan Claudius
@@ -12,7 +12,7 @@ authors:
12
12
  autorequire:
13
13
  bindir: bin
14
14
  cert_chain: []
15
- date: 2017-04-18 00:00:00.000000000 Z
15
+ date: 2017-05-12 00:00:00.000000000 Z
16
16
  dependencies:
17
17
  - !ruby/object:Gem::Dependency
18
18
  name: bindata
@@ -144,8 +144,6 @@ description: A Ruby-based SSH scanner for configuration and policy scanning
144
144
  email: jclaudius@mozilla.com
145
145
  executables:
146
146
  - ssh_scan
147
- - ssh_scan_worker
148
- - ssh_scan_worker_example_config.yml
149
147
  extensions: []
150
148
  extra_rdoc_files: []
151
149
  files:
@@ -157,11 +155,8 @@ files:
157
155
  - README.md
158
156
  - Rakefile
159
157
  - bin/ssh_scan
160
- - bin/ssh_scan_worker
161
- - bin/ssh_scan_worker_example_config.yml
162
158
  - config/policies/mozilla_intermediate.yml
163
159
  - config/policies/mozilla_modern.yml
164
- - config/worker/config.yml
165
160
  - data/README
166
161
  - data/ssh-badkeys/LICENSE
167
162
  - data/ssh-badkeys/README.md
@@ -391,7 +386,6 @@ files:
391
386
  - lib/ssh_scan/target_parser.rb
392
387
  - lib/ssh_scan/update.rb
393
388
  - lib/ssh_scan/version.rb
394
- - lib/ssh_scan/worker.rb
395
389
  - lib/string_ext.rb
396
390
  - ssh_scan.gemspec
397
391
  homepage: http://rubygems.org/gems/ssh_scan
data/bin/ssh_scan_worker DELETED
@@ -1,14 +0,0 @@
1
- #!/usr/bin/env ruby
2
- $:.unshift File.join(File.dirname(__FILE__), "../lib")
3
-
4
- require 'ssh_scan'
5
-
6
- # Get the worker config from command-line or via an example location
7
- config_file = ARGV[0] ||
8
- File.join(
9
- File.dirname(__FILE__),
10
- "../config/worker/config.yml"
11
- )
12
-
13
- worker = SSHScan::Worker.from_config_file(config_file)
14
- worker.run!
data/config/worker/config.yml DELETED
@@ -1,22 +0,0 @@
1
- # The location of the API server
2
- server: 127.0.0.1
3
-
4
- # The port of the API server
5
- port: 8000
6
-
7
- # Scheme (http/https)
8
- # http - useful for development
9
- # https - recommended for production
10
- scheme: http
11
-
12
- # SSL/TLS verify - has no effect is scheme is not set to https
13
- # false - don't verify SSL/TLS (useful for development)
14
- # true - verify SSL/TLS (recommended for production)
15
- verify: false
16
-
17
- # Where to send worker logs to (default: STDOUT)
18
- #logger: ./bin/ssh_scan_worker.log
19
-
20
- # Authentication - if using authentication on the API, you'll
21
- # need to have an auth token with matches in the API configuration
22
- # auth_token: INSERT_WORKER_TOKEN
data/lib/ssh_scan/worker.rb DELETED
@@ -1,119 +0,0 @@
1
- require 'ssh_scan/scan_engine'
2
- require 'openssl'
3
- require 'net/https'
4
-
5
- module SSHScan
6
- class Worker
7
- def initialize(opts = {})
8
- @server = opts["server"] || "127.0.0.1"
9
- @scheme = opts["scheme"] || "http"
10
- @verify = opts["verify"] || "false"
11
- @port = opts["port"] || 8000
12
- @logger = setup_logger(opts["logger"])
13
- @poll_interval = 5 # seconds
14
- @worker_id = SecureRandom.uuid
15
- @verify_ssl = false
16
- @auth_token = opts["auth_token"] || nil
17
- end
18
-
19
- def setup_logger(logger)
20
- case logger
21
- when Logger
22
- return logger
23
- when String
24
- return Logger.new(logger)
25
- end
26
-
27
- return Logger.new(STDOUT)
28
- end
29
-
30
- def self.from_config_file(file_string)
31
- opts = YAML.load_file(file_string)
32
- SSHScan::Worker.new(opts)
33
- end
34
-
35
- def run!
36
- loop do
37
- begin
38
- response = retrieve_work
39
- if response["work"]
40
- job = response["work"]
41
- results = perform_work(job)
42
- post_results(results, job)
43
- else
44
- @logger.info("No jobs available (waiting 5 seconds)")
45
- sleep 5
46
- next
47
- end
48
- rescue Errno::ECONNREFUSED
49
- @logger.error("Cannot reach API endpoint, waiting 5 seconds")
50
- sleep 5
51
- rescue RuntimeError => e
52
- @logger.error(e.inspect)
53
- end
54
- end
55
- end
56
-
57
- def retrieve_work
58
- (Net::HTTP::SSL_IVNAMES << :@ssl_options).uniq!
59
- (Net::HTTP::SSL_ATTRIBUTES << :options).uniq!
60
-
61
- Net::HTTP.class_eval do
62
- attr_accessor :ssl_options
63
- end
64
-
65
- uri = URI(
66
- "#{@scheme}://#{@server}:#{@port}/api/v#{SSHScan::API_VERSION}/\
67
- work?worker_id=#{@worker_id}"
68
- )
69
- http = Net::HTTP.new(uri.host, uri.port)
70
-
71
- if @scheme == "https"
72
- http.use_ssl = true
73
- http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false
74
- options_mask =
75
- OpenSSL::SSL::OP_NO_SSLv2 +
76
- OpenSSL::SSL::OP_NO_SSLv3 +
77
- OpenSSL::SSL::OP_NO_COMPRESSION
78
- http.ssl_options = options_mask
79
- end
80
-
81
- request = Net::HTTP::Get.new(uri.path)
82
- request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil?
83
- response = http.request(request)
84
- JSON.parse(response.body)
85
- end
86
-
87
- def perform_work(job)
88
- @logger.info("Started job: #{job["uuid"]}")
89
- scan_engine = SSHScan::ScanEngine.new
90
- results = scan_engine.scan(job)
91
- @logger.info("Completed job: #{job["uuid"]}")
92
- return results
93
- end
94
-
95
- def post_results(results, job)
96
- uri = URI(
97
- "#{@scheme}://#{@server}:#{@port}/api/v#{SSHScan::API_VERSION}/\
98
- work/results/#{@worker_id}/#{job["uuid"]}"
99
- )
100
- http = Net::HTTP.new(uri.host, uri.port)
101
-
102
- if @scheme == "https"
103
- http.use_ssl = true
104
- http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false
105
- options_mask =
106
- OpenSSL::SSL::OP_NO_SSLv2 +
107
- OpenSSL::SSL::OP_NO_SSLv3 +
108
- OpenSSL::SSL::OP_NO_COMPRESSION
109
- http.ssl_options = options_mask
110
- end
111
-
112
- request = Net::HTTP::Post.new(uri.path)
113
- request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil?
114
- request.body = results.to_json
115
- http.request(request)
116
- @logger.info("Posted job: #{job["uuid"]}")
117
- end
118
- end
119
- end