tcell_agent 0.2.2

data/lib/tcell_agent/api.rb

@@ -0,0 +1,101 @@
+# encoding: utf-8
+# See the file "LICENSE" for the full license governing this code.
+require 'rest-client'
+require 'tcell_agent/logger'
+require 'tcell_agent/configuration'
+require 'tcell_agent/version'
+require 'date'
+
+module TCellAgent
+  class TCellApi
+
+    def initialize
+    end
+
+    def pollAPI(last_timestamp=nil)
+      if !TCellAgent.configuration || !TCellAgent.configuration.tcell_api_url || !TCellAgent.configuration.app_id
+        raise "Config Information Not Found, can't poll tCell service"
+      end
+      full_url = TCellAgent.configuration.tcell_api_url + "/app/" + TCellAgent.configuration.app_id + "/update"
+      if (last_timestamp && last_timestamp != "")
+        full_url = full_url + "?last_timestamp=" + last_timestamp.to_s
+      end
+      TCellAgent.logger.debug "tCell.io API Request: " + full_url
+      request_headers = {
+        :Authorization => 'Bearer ' + TCellAgent.configuration.api_key
+      }
+      begin
+        request_headers[:TCellAgent] = "RubyAgent " + TCellAgent::VERSION
+      rescue Exception => e
+        TCellAgent.logger.debug("tCell.io Could not add agent string: " + e.message)
+      end
+      response = RestClient.get full_url,request_headers
+      new_timestamp = last_timestamp
+      TCellAgent.logger.debug "tCell.io API Response: " + response
+      response_json = JSON.parse(response)
+      if (response_json && response_json.has_key?("result"))
+        return response_json["result"]
+      end
+      # else result was null and no new information exists...
+      return nil
+    end
+
+    def pollOldAPI(last_timestamp=nil)
+      if !TCellAgent.configuration || !TCellAgent.configuration.tcell_api_url || !TCellAgent.configuration.app_id
+        raise "Config Information Not Found, can't poll tCell service"
+      end
+      full_url = TCellAgent.configuration.tcell_api_url + "/api/" + TCellAgent.configuration.app_id + "/csp/poll"
+      TCellAgent.logger.debug "tCell.io API Request: " + full_url
+      full_url = full_url + "/" + TCellAgent.configuration.api_key
+      if (last_timestamp && last_timestamp != "")
+        full_url = full_url + "?last_timestamp=" + last_timestamp.to_s
+      end
+      TCellAgent.logger.debug("tCell.io Old API Request: " + full_url)
+      response = RestClient.get full_url
+      TCellAgent.logger.debug "tCell.io API Response: " + response
+      response_json = JSON.parse(response)
+      if (response_json && response_json.has_key?("result"))
+        return response_json["result"]
+      end
+      # else result was null and no new information exists...
+      return nil
+    end
+
+    def sendEventSet(events)
+      if !TCellAgent.configuration || !TCellAgent.configuration.tcell_input_url || !TCellAgent.configuration.app_id
+        raise "Config Information Not Found, can't send events"
+      end
+      current_time = DateTime.now.to_time.to_i
+      if (events)
+        events.each { |event| event.calculateOffset(current_time) }
+      else
+        events = []
+      end
+      eventset = { "uuid"=>TCellAgent.configuration.uuid,
+                   "hostname"=>TCellAgent.configuration.host_identifier,
+                   "events"=>events }
+      TCellAgent.logger.debug("Sending #{eventset.to_json}")
+      full_url = TCellAgent.configuration.tcell_input_url + "/app/" + TCellAgent.configuration.app_id + "/server_agent"
+
+      TCellAgent.logger.debug("tCell.io SendEvents API Request: " + full_url)
+      request_headers = {
+        :Authorization => 'Bearer ' + TCellAgent.configuration.api_key, 
+        :content_type => :json, 
+        :accept => :json,
+      }
+      begin
+        request_headers[:TCellAgent] = "RubyAgent " + TCellAgent::VERSION
+      rescue Exception => e
+        TCellAgent.logger.debug("tCell.io Could not add agent string: " + e.message)
+      end
+      response = RestClient.post full_url, eventset.to_json, request_headers
+      TCellAgent.logger.debug("tCell.io SendEvents API Response: " + response.code.to_s)
+      return response.code == 200
+    end
+
+    def valid_header?(str)
+        return true if (/^[\p{L}\w\d\-_ :\/,;.'\"%?@#=$]*$/).match(str)
+        return false
+    end
+  end
+end

data/lib/tcell_agent/appsensor.rb

@@ -0,0 +1,42 @@
+# encoding: utf-8
+# See the file "LICENSE" for the full license governing this code.
+
+require 'tcell_agent/appsensor/xss'
+require 'tcell_agent/appsensor/sqli'
+require 'tcell_agent/appsensor/cmdi'
+require 'tcell_agent/appsensor/path_traversal'
+
+module TCellAgent
+    class AppSensor
+ 
+        GENERALLY_SAFE_REGEX = /^[a-zA-Z0-9_\s\r\n\t]*$/
+        NULL_CHARS_REGEX=/\0/
+        RETURN_CHARS_REGEX=/(\n|\r)/
+ 
+        def self.generallySafe(value)
+            if !value.instance_of? String
+                return false
+            end
+            return (value.match(AppSensor::GENERALLY_SAFE_REGEX)!=nil)
+        end
+        def self.containsNull(value)
+            if !value.instance_of? String
+                return false
+            end
+            if value.match(AppSensor::NULL_CHARS_REGEX)
+                return true
+            end
+            return false
+        end
+        def self.containsReturnChars(value)
+            if !value.instance_of? String
+                return false
+            end
+            if value.match(AppSensor::RETURN_CHARS_REGEX)
+                return true
+            end
+            return false
+        end
+    end
+end
+

data/lib/tcell_agent/appsensor/cmdi.rb

@@ -0,0 +1,32 @@
+# encoding: utf-8
+# See the file "LICENSE" for the full license governing this code.
+
+require 'tcell_agent/sensor_events/util/sanitizer_utilities'
+
+
+# Some Rules Originate from ModSecurity
+#   ModSecurity for Apache 2.x, http://www.modsecurity.org/
+#   Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) 
+
+module TCellAgent
+    class AppSensor
+        CMDI_PATTERNS = [
+            /(?i:(?:[\;\|\`]\W*?\bcc|\b(wget|curl))\b|\/cc(?:[\'\"\|\;\`\-\s]|$))/,
+            /(?:\b(?:(?:n(?:et(?:\b\W+?\blocalgroup|\.exe)|(?:map|c)\.exe)|t(?:racer(?:oute|t)|elnet\.exe|clsh8?|ftp)|(?:w(?:guest|sh)|rcmd|ftp)\.exe|echo\b\W*?\by+)\b|c(?:md(?:(?:\.exe|32)\b|\b\W*?\\\/c)|d(?:\b\W*?[\\\/]|\W*?\.\.)|hmod.{0,40}?\+.{0,3}x))|[\;\|\`]\W*?\b(?:(?:c(?:h(?:grp|mod|own|sh)|md|pp)|p(?:asswd|ython|erl|ing|s)|n(?:asm|map|c)|f(?:inger|tp)|(?:kil|mai)l|(?:xte)?rm|ls(?:of)?|telnet|uname|echo|id)\b|g(?:\+\+|cc\b)))/
+        ]
+        def self.isCmdi(value)
+            if !value.instance_of? String
+                return false
+            end
+            if generallySafe(value)
+                return false
+            end
+            CMDI_PATTERNS.each do |cmdi_pattern|
+                if value.match(cmdi_pattern)
+                    return true
+                end
+            end
+            false
+        end
+    end
+end

data/lib/tcell_agent/appsensor/path_traversal.rb

@@ -0,0 +1,33 @@
+# encoding: utf-8
+# See the file "LICENSE" for the full license governing this code.
+
+require 'tcell_agent/sensor_events/util/sanitizer_utilities'
+
+
+# Some Rules Originate from ModSecurity
+#   ModSecurity for Apache 2.x, http://www.modsecurity.org/
+#   Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) 
+
+module TCellAgent
+    class AppSensor
+        PATH_TRAVERSAL_REGEXES = [
+            Regexp.new("(?:(?:\\\/|\\\\)?\\.+(\\\/|\\\\)(?:\\.+)?)|(?:\\w+\\.exe\\??\\s)|(?:;\\s*\\w+\\s*\\\/[\\w*-]+\\\/)|(?:\\d\\.\\dx\\|)|(?:%(?:c0\\.|af\\.|5c\\.))|(?:\\\/(?:%2e){2})"),
+            Regexp.new("(?:%c0%ae\\\/)|(?:(?:\\\/|\\\\)(home|conf|usr|etc|proc|opt|s?bin|local|dev|tmp|kern|[br]oot|sys|system|windows|winnt|program|%[a-z_-]{3,}%)(?:\\\/|\\\\))|(?:(?:\\\/|\\\\)inetpub|localstart\\.asp|boot\\.ini)"),
+            Regexp.new("(?:etc\\\/\\W*passwd)")
+        ]
+        def self.isPathTraversal(value)
+            if !value.instance_of? String
+                return false
+            end
+            if generallySafe(value)
+                return false
+            end
+            PATH_TRAVERSAL_REGEXES.each do |pattern|
+                if value.match(pattern)
+                    return true
+                end
+            end
+            false
+        end
+    end
+end

data/lib/tcell_agent/appsensor/sqli.rb

@@ -0,0 +1,55 @@
+# encoding: utf-8
+# See the file "LICENSE" for the full license governing this code.
+
+require 'tcell_agent/sensor_events/util/sanitizer_utilities'
+
+
+# Some Rules Originate from ModSecurity
+#   ModSecurity for Apache 2.x, http://www.modsecurity.org/
+#   Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) 
+
+module TCellAgent
+    class AppSensor
+        SQLI_PATTERNS = [
+            /(?i:(?i:\d[\"'`´’‘]\s+[\"'`´’‘]\s+\d)|(?:^admin\s*?[\"'`´’‘]|(\/\*)+[\"'`´’‘]+\s?(?:--|#|\/\*|{)?)|(?:[\"'`´’‘]\s*?\b(x?or|div|like|between|and)\b\s*?[+<>=(),-]\s*?[\d\"'`´’‘])|(?:[\"'`´’‘]\s*?[^\w\s]?=\s*?[\"'`´’‘])|(?:[\"'`´’‘]\W*?[+=]+\W*?[\"'`´’‘])|(?:[\"'`´’‘]\s*?[!=|][\d\s!=+-]+.*?[\"'`´’‘(].*?$)|(?:[\"'`´’‘]\s*?[!=|][\d\s!=]+.*?\d+$)|(?:[\"'`´’‘]\s*?like\W+[\w\"'`´’‘(])|(?:\sis\s*?0\W)|(?:where\s[\s\w\.,-]+\s=)|(?:[\"'`´’‘][<>~]+[\"'`´’‘]))/,
+            #Hex Evasion (ModSecurity)
+            #/(?i:(?:\A|[^\d])0x[a-f\d]{3,}[a-f\d]*)+/,
+            #Order By (ModSecurity)
+            /\b(?i:having)\b\s+(\d{1,10}|'[^=]{1,10}')\s*?[=<>]|(?i:\bexecute(\s{1,5}[\w\.$]{1,5}\s{0,3})?\()|\bhaving\b ?(?:\d{1,10}|[\'\"][^=]{1,10}[\'\"]) ?[=<>]+|(?i:\bcreate\s+?table.{0,20}?\()|(?i:\blike\W*?char\W*?\()|(?i:(?:(select(.*?)case|from(.*?)limit|order\sby)))|exists\s(\sselect|select\Sif(null)?\s\(|select\Stop|select\Sconcat|system\s\(|\b(?i:having)\b\s+(\d{1,10})|'[^=]{1,10}')/,
+            # (ModSecurity)
+            #/(?i:([\s'\"`´’‘\(\)]*?)\b([\d\w]++)([\s'\"`´’‘\(\)]*?)(?:(?:=|<=>|r?like|sounds\s+like|regexp)([\s'\"`´’‘\(\)]*?)\2\b|(?:!=|<=|>=|<>|<|>|\^|is\s+not|not\s+like|not\s+regexp)([\s'\"`´’‘\(\)]*?)(?!\2)([\d\w]+)\b))/,
+            # Tautaulogy (ModSecurity)
+            /([';]--|--[\s\r\n\v\f]|(?:--[^-]*?-)|([^\-&])#.*?[\s\r\n\v\f]|;?\\x00)/,
+            /(?i:(?:@.+=\s*?\(\s*?select)|(?:\d+\s*?(x?or|div|like|between|and)\s*?\d+\s*?[\-+])|(?:\/\w+;?\s+(?:having|and|x?or|div|like|between|and|select)\W)|(?:\d\s+group\s+by.+\()|(?:(?:;|#|--)\s*?(?:drop|alter))|(?:(?:;|#|--)\s*?(?:update|insert)\s*?\w{2,})|(?:[^\w]SET\s*?@\w+)|(?:(?:n?and|x?x?or|div|like|between|and|not |\|\||\&\&)[\s(]+\w+[\s)]*?[!=+]+[\s\d]*?[\"'`´’‘=()]))/,
+            /(?i:(?:in\s*?\(+\s*?select)|(?:(?:n?and|x?x?or|div|like|between|and|not |\|\||\&\&)\s+[\s\w+]+(?:regexp\s*?\(|sounds\s+like\s*?[\"'`´’‘]|[=\d]+x))|([\"'`´’‘]\s*?\d\s*?(?:--|#))|(?:[\"'`´’‘][\%&<>^=]+\d\s*?(=|x?or|div|like|between|and))|(?:[\"'`´’‘]\W+[\w+-]+\s*?=\s*?\d\W+[\"'`´’‘])|(?:[\"'`´’‘]\s*?is\s*?\d.+[\"'`´’‘]?\w)|(?:[\"'`´’‘]\|?[\w-]{3,}[^\w\s.,]+[\"'`´’‘])|(?:[\"'`´’‘]\s*?is\s*?[\d.]+\s*?\W.*?[\"'`´’‘]))/,
+            /(?i:(?:[\"'`´’‘]\s*?\*.+(?:x?or|div|like|between|and|id)\W*?[\"'`´’‘]\d)|(?:\^[\"'`´’‘])|(?:^[\w\s\"'`´’‘-]+(?<=and\s)(?<=or|xor|div|like|between|and\s)(?<=xor\s)(?<=nand\s)(?<=not\s)(?<=\|\|)(?<=\&\&)\w+\()|(?:[\"'`´’‘][\s\d]*?[^\w\s]+\W*?\d\W*?.*?[\"'`´’‘\d])|(?:[\"'`´’‘]\s*?[^\w\s?]+\s*?[^\w\s]+\s*?[\"'`´’‘])|(?:[\"'`´’‘]\s*?[^\w\s]+\s*?[\W\d].*?(?:#|--))|(?:[\"'`´’‘].*?\*\s*?\d)|(?:[\"'`´’‘]\s*?(x?or|div|like|between|and)\s[^\d]+[\w-]+.*?\d)|(?:[()\*<>%+-][\w-]+[^\w\s]+[\"'`´’‘][^,]))/,
+            #Probing (ModSecurity)
+            #/(^[\"'`´’‘;]+|[\"'`´’‘;]+$)/,
+            #SQL Ops (ModSecurity)
+            #/(?i:(\!\=|\&\&|\|\||>>|<<|>=|<=|<>|<=>|xor|rlike|regexp|isnull)|(?:not\s+between\s+0\s+and)|(?:is\s+null)|(like\s+null)|(?:(?:^|\W)in[+\s]*\([\s\d\"]+[^()]*\))|(?:xor|<>|rlike(?:\s+binary)?)|(?:regexp\s+binary))/,
+            #Database strings (ModSecurity)
+            #/(?i:(?:m(?:s(?:ysaccessobjects|ysaces|ysobjects|ysqueries|ysrelationships|ysaccessstorage|ysaccessxml|ysmodules|ysmodules2|db)|aster\.\.sysdatabases|ysql\.db)|s(?:ys(?:\.database_name|aux)|chema(?:\W*\(|_name)|qlite(_temp)?_master)|d(?:atabas|b_nam)e\W*\(|information_schema|pg_(catalog|toast)|northwind|tempdb))/,
+            #Blind (ModSecurity)
+            #/(?i:(?:\b(?:(?:s(?:ys\.(?:user_(?:(?:t(?:ab(?:_column|le)|rigger)|object|view)s|c(?:onstraints|atalog))|all_tables|tab)|elect\b.{0,40}\b(?:substring|users?|ascii))|m(?:sys(?:(?:queri|ac)e|relationship|column|object)s|ysql\.(db|user))|c(?:onstraint_type|harindex)|waitfor\b\W*?\bdelay|attnotnull)\b|(?:locate|instr)\W+\()|\@\@spid\b)|\b(?:(?:s(?:ys(?:(?:(?:process|tabl)e|filegroup|object)s|c(?:o(?:nstraint|lumn)s|at)|dba|ibm)|ubstr(?:ing)?)|user_(?:(?:(?:constrain|objec)t|tab(?:_column|le)|ind_column|user)s|password|group)|a(?:tt(?:rel|typ)id|ll_objects)|object_(?:(?:nam|typ)e|id)|pg_(?:attribute|class)|column_(?:name|id)|xtype\W+\bchar|mb_users|rownum)\b|t(?:able_name\b|extpos\W+\()))/,
+            # (ModSecurity)
+            /(?i:(?i:\d[\"'`´’‘]\s+[\"'`´’‘]\s+\d)|(?:^admin\s*?[\"'`´’‘]|(\/\*)+[\"'`´’‘]+\s?(?:--|#|\/\*|{)?)|(?:[\"'`´’‘]\s*?\b(x?or|div|like|between|and)\b\s*?[+<>=(),-]\s*?[\d\"'`´’‘])|(?:[\"'`´’‘]\s*?[^\w\s]?=\s*?[\"'`´’‘])|(?:[\"'`´’‘]\W*?[+=]+\W*?[\"'`´’‘])|(?:[\"'`´’‘]\s*?[!=|][\d\s!=+-]+.*?[\"'`´’‘(].*?$)|(?:[\"'`´’‘]\s*?[!=|][\d\s!=]+.*?\d+$)|(?:[\"'`´’‘]\s*?like\W+[\w\"'`´’‘(])|(?:\sis\s*?0\W)|(?:where\s[\s\w\.,-]+\s=)|(?:[\"'`´’‘][<>~]+[\"'`´’‘]))/
+            # (ModSecurity)
+            #/(?i:(?:\sexec\s+xp_cmdshell)|(?:[\"'`´’‘]\s*?!\s*?[\"'`´’‘\w])|(?:from\W+information_schema\W)|(?:(?:(?:current_)?user|database|schema|connection_id)\s*?\([^\)]*?)|(?:[\"'`´’‘];?\s*?(?:select|union|having)\s*?[^\s])|(?:\wiif\s*?\()|(?:exec\s+master\.)|(?:union select @)|(?:union[\w(\s]*?select)|(?:select.*?\w?user\()|(?:into[\s+]+(?:dump|out)file\s*?[\"'`´’‘]))/
+        ]
+        def self.isSqli(value)
+            if !value.instance_of? String
+                return false
+            end
+            if generallySafe(value)
+                return false
+            end
+            SQLI_PATTERNS.each do |sqli_pattern|
+                if value.match(sqli_pattern)
+                    return true
+                end
+            end
+            false
+        end
+    end
+end
+

data/lib/tcell_agent/appsensor/xss.rb

@@ -0,0 +1,40 @@
+# encoding: utf-8
+# See the file "LICENSE" for the full license governing this code.
+
+require 'tcell_agent/sensor_events/util/sanitizer_utilities'
+
+
+# Some Rules Originate from ModSecurity
+#   ModSecurity for Apache 2.x, http://www.modsecurity.org/
+#   Copyright (c) 2004-2013 Trustwave Holdings, Inc. (http://www.trustwave.com/) 
+
+module TCellAgent
+    class AppSensor
+        XSS_PATTERNS = [
+                Regexp.new("<(script|iframe|embed|frame|frameset|object|img|applet|body|html|style|layer|link|ilayer|meta|bgsound)"),
+                Regexp.new("(alert|on\\w+|function\\s+\\w+)\\s*\\(\\s*(['+\\d\\w](,?\\s*['+\\d\\w]*)*)*\\s*\\)"),
+                Regexp.new("(?:\"[^\"]*[^-]?>)|(?:[^\\w\\s]\\s*\\/>)|(?:>\")"),
+                Regexp.new("(?:\"+.*[<=]\\s*\"[^\"]+\")|(?:\"\\s*\\w+\\s*=)|(?:>\\w=\\/)|(?:#.+\\)[\"\\s]*>)|(?:\"\\s*(?:src|style|on\\w+)\\s*=\\s*\")|(?:[^\"]?\"[,;\\s]+\\w*[\\[\\(])"),
+                Regexp.new("(?:^>[\\w\\s]*<\\/?\\w{2,}>)"),
+                Regexp.new("(?:with\\s*\\(\\s*.+\\s*\\)\\s*\\w+\\s*\\()|(?:(?:do|while|for)\\s*\\([^)]*\\)\\s*\\{)|(?:\\/[\\w\\s]*\\[\\W*\\w)"),
+                Regexp.new("(?:[=(].+\\?.+:)|(?:with\\([^)]*\\)\\))|(?:\\.\\s*source\\W)"),
+                Regexp.new("(?:[\".]script\\s*\\()|(?:\\$\\$?\\s*\\(\\s*[\\w\"])|(?:\\/[\\w\\s]+\\/\\.)|(?:=\\s*\\/\\w+\\/\\s*\\.)|(?:(?:this|window|top|parent|frames|self|content)\\[\\s*[(,\"]*\\s*[\\w\\$])|(?:,\\s*new\\s+\\w+\\s*[,;)])"),
+                Regexp.new("(?:=\\s*\\w+\\s*\\+\\s*\")|(?:\\+=\\s*\\(\\s\")|(?:!+\\s*[\\d.,]+\\w?\\d*\\s*\\?)|(?:=\\s*\\[s*\\])|(?:\"\\s*\\+\\s*\")|(?:[^\\s]\\[\\s*\\d+\\s*\\]\\s*[;+])|(?:\"\\s*[&|]+\\s*\")|(?:\\/\\s*\\?\\s*\")|(?:\\/\\s*\\)\\s*\\[)|(?:\\d\\?.+:\\d)|(?:\\]\\s*\\[\\W*\\w)|(?:[^\\s]\\s*=\\s*\\/)"),
+                Regexp.new("<iframe.*")
+        ]
+        def self.isXss(value)
+            if !value.instance_of? String
+                return false
+            end
+            if generallySafe(value) 
+                return false
+            end
+            XSS_PATTERNS.each do |xss_pattern|
+                if value.match(xss_pattern)
+                    return true
+                end
+            end
+            false
+        end
+    end
+end

data/lib/tcell_agent/authlogic.rb

@@ -0,0 +1,26 @@
+# See the file "LICENSE" for the full license governing this code.
+
+require 'tcell_agent/userinfo'
+require 'tcell_agent/logger'
+require 'tcell_agent/sensor_events/honeytokens'
+
+module TCellAgent
+  if defined?(Authlogic)
+    TCellAgent::UserInformation.class_eval do
+      class << self
+        alias_method :original_getUserFromRequest, :getUserFromRequest
+        def getUserFromRequest(request)
+          orig_user_id = original_getUserFromRequest(request)
+          begin
+            if request.session and request.session.has_key?("user_credentials_id")
+              return request.session["user_credentials_id"].to_s
+            end
+          rescue Exception => e
+            return orig_user_id
+          end
+          return orig_user_id
+        end
+      end
+    end
+  end
+end

data/lib/tcell_agent/configuration.rb

@@ -0,0 +1,148 @@
+# See the file "LICENSE" for the full license governing this code.
+require 'fileutils'
+require 'json'
+require 'socket'
+require 'securerandom'
+
+module TCellAgent
+  class << self
+    attr_accessor :configuration
+  end
+
+  def self.configure
+    self.configuration ||= Configuration.new
+    yield(configuration)
+  end
+
+  class Configuration
+    attr_accessor :version, :app_id, :api_key, :hmac_key, 
+      :tcell_api_url, :tcell_input_url,
+      :enabled, :logging_options,
+      :fetch_policies_from_tcell, :instrument_for_events,
+      :preload_policy_filename,
+      :proxy_host, :proxy_port, :proxy_username, :proxy_password,
+      :use_websockets, :host_identifier, :session_cookie_names,
+      :uuid,
+      :company,
+      :event_batch_size_limit, :event_time_limit_seconds,
+      :default_log_filename,
+      :base_dir,
+      :cache_filename,
+      :js_agent_api_base_url,
+      :js_agent_url
+
+    attr_accessor :exp_config_settings
+
+
+    def initialize(filename="config/tcell_agent.config", useapp=nil)
+      @version = 0
+      @exp_config_settings = true
+
+
+      @fetch_policies_from_tcell = true
+      @instrument_for_events = true
+      @enabled = true
+      @cache_filename = "tcell/tcell_agent.cache"
+      @default_log_filename = "tcell/tcell_agent.log"
+      read_config_using_env
+      read_config_from_file(filename)
+
+      @tcell_api_url ||= "https://api.tcell.io/api/v1"
+      @tcell_input_url ||= "https://input.tcell.io/api/v1"
+      @js_agent_api_base_url ||= nil
+      @js_agent_url ||= "https://api.tcell.io/tcellagent.min.js"
+      @event_batch_size_limit = 25
+      @event_time_limit_seconds = 30
+
+      begin
+        @host_identifier = (Socket.gethostname() || "localhost")
+      rescue Exception => e 
+        @host_identifier = "host_identifier_not_found"
+      end
+      @uuid = SecureRandom.uuid
+      
+      FileUtils::mkdir_p File.dirname(@cache_filename)
+      if @logging_options and @logging_options["filename"]
+        FileUtils::mkdir_p File.dirname(@logging_options["filename"])
+      else
+        FileUtils::mkdir_p File.dirname(@default_log_filename)
+      end
+    end
+    def read_config_using_env
+      @app_id = ENV["TCELL_APP_ID"]
+      @api_key = ENV["TCELL_API_KEY"]
+      @hmac_key = ENV["TCELL_HMAC_KEY"]
+      @tcell_api_url = ENV["TCELL_API_URL"]
+      @tcell_input_url = ENV["TCELL_INPUT_URL"]
+    end
+    def read_config_from_file(filename)
+      if File.file?(filename)
+        #puts "tCell.io: Loading from file"
+        begin
+          config_text = open(filename).read
+          config = JSON.parse(config_text)
+          if (config["version"] == 1)
+            # Required
+            app_data = config["applications"][0] #Default
+            @version = 1
+            @app_id ||= app_data["app_id"]
+            @app_id ||= app_data["name"]
+            @api_key ||= app_data["api_key"]
+           
+            # Optional
+            @enabled = app_data.fetch("enabled", true)
+            @preload_policy_filename = app_data.fetch("preload_policy_filename", nil)
+            @fetch_policies_from_tcell = app_data.fetch("fetch_policies_from_tcell", @fetch_policies_from_tcell)
+            @instrument_for_events = app_data.fetch("instrument_for_events", @instrument_for_events)
+
+            @logging_options = app_data.fetch("logging_options", {})
+
+            @tcell_api_url = app_data.fetch("tcell_api_url", @tcell_api_url)
+            @tcell_input_url = app_data.fetch("tcell_input_url", @tcell_input_url)
+
+            @proxy_host = app_data["proxy_host"]
+            @proxy_port = app_data["proxy_port"]
+            @proxy_username = app_data["proxy_username"]
+            @proxy_password = app_data["proxy_password"]
+
+            @use_websockets = app_data["use_websockets"]
+            @host_identifier = app_data["host_identifier"]
+            if (@host_identifier == nil)
+              @host_identifier = (Socket.gethostname() || "localhost")
+            end
+            @hmac_key ||= app_data["hmac_key"] # if not already set
+            @session_cookie_names = app_data["session_cookie_names"]
+            @uuid = SecureRandom.uuid
+            if (@uuid == nil)
+              @uuid = "secure-random-failed"
+            end
+
+            if app_data.key?("js_agent_api_base_url")
+              @js_agent_api_base_url = app_data["js_agent_api_base_url"]
+            end
+            if app_data.key?("js_agent_url")
+              @js_agent_url = app_data["js_agent_url"]
+            end
+
+            # Causes old event url to be used
+            @company = app_data["company"]
+
+
+          else            
+            puts " ********* ********* ********* *********"
+            puts "* tCell.io                               *"
+            puts "* Unsupported config file version        *"
+            puts " ********* ********* ********* *********"
+          end
+        rescue Exception => e
+          puts " ********* ********* ********* *********"
+          puts "* tCell.io                               *"
+          puts "* Could not load config file             *"
+          puts " ********* ********* ********* *********"
+          puts e
+        end #begin
+      end # filename exist
+    end #def read
+  end # class
+  TCellAgent.configuration ||= TCellAgent::Configuration.new
+end