tcell_agent 1.1.10 → 2.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +25 -97
- data/bin/tcell_agent +26 -14
- data/lib/tcell_agent.rb +16 -10
- data/lib/tcell_agent/agent.rb +78 -97
- data/lib/tcell_agent/agent/route_manager.rb +0 -16
- data/lib/tcell_agent/agent/static_agent.rb +9 -30
- data/lib/tcell_agent/authlogic.rb +3 -6
- data/lib/tcell_agent/config/unknown_options.rb +4 -7
- data/lib/tcell_agent/configuration.rb +39 -118
- data/lib/tcell_agent/devise.rb +25 -27
- data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
- data/lib/tcell_agent/instrument_servers.rb +25 -0
- data/lib/tcell_agent/instrumentation.rb +12 -10
- data/lib/tcell_agent/instrumentation/cmdi.rb +19 -15
- data/lib/tcell_agent/instrumentation/lfi.rb +73 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +163 -0
- data/lib/tcell_agent/logger.rb +50 -114
- data/lib/tcell_agent/patches.rb +6 -7
- data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
- data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
- data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
- data/lib/tcell_agent/policies/headers_policy.rb +25 -0
- data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
- data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
- data/lib/tcell_agent/policies/local_file_access.rb +28 -0
- data/lib/tcell_agent/policies/login_policy.rb +43 -0
- data/lib/tcell_agent/policies/patches_policy.rb +27 -0
- data/lib/tcell_agent/policies/policies_manager.rb +68 -0
- data/lib/tcell_agent/policies/policy_polling.rb +58 -0
- data/lib/tcell_agent/policies/policy_types.rb +14 -0
- data/lib/tcell_agent/policies/system_enablements.rb +27 -0
- data/lib/tcell_agent/rails/auth/authlogic.rb +43 -68
- data/lib/tcell_agent/rails/auth/devise.rb +20 -23
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +63 -74
- data/lib/tcell_agent/rails/csrf_exception.rb +2 -2
- data/lib/tcell_agent/rails/dlp.rb +35 -19
- data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
- data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +0 -1
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
- data/lib/tcell_agent/rails/on_start.rb +32 -31
- data/lib/tcell_agent/rails/routes.rb +10 -9
- data/lib/tcell_agent/rails/routes/grape.rb +1 -3
- data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
- data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
- data/lib/tcell_agent/rails/start_agent_after_initializers.rb +12 -0
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +6 -4
- data/lib/tcell_agent/rust/agent_config.rb +49 -0
- data/lib/tcell_agent/rust/libtcellagent-4.18.0.dylib +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-1.3.1.so → libtcellagent-4.18.0.so} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.1.so → libtcellagent-alpine-4.18.0.so} +0 -0
- data/lib/tcell_agent/rust/models.rb +0 -55
- data/lib/tcell_agent/rust/native_agent.rb +531 -0
- data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
- data/lib/tcell_agent/rust/native_library.rb +68 -0
- data/lib/tcell_agent/rust/tcellagent-4.18.0.dll +0 -0
- data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
- data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
- data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
- data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
- data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
- data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
- data/lib/tcell_agent/servers/passenger.rb +1 -28
- data/lib/tcell_agent/servers/puma.rb +3 -21
- data/lib/tcell_agent/servers/rails_server.rb +1 -1
- data/lib/tcell_agent/servers/thin.rb +2 -2
- data/lib/tcell_agent/servers/unicorn.rb +19 -80
- data/lib/tcell_agent/servers/webrick.rb +1 -1
- data/lib/tcell_agent/settings_reporter.rb +24 -24
- data/lib/tcell_agent/sinatra.rb +14 -16
- data/lib/tcell_agent/tcell_context.rb +56 -30
- data/lib/tcell_agent/utils/headers.rb +14 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -18
- data/spec/lib/tcell_agent/configuration_spec.rb +4 -140
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +159 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +105 -0
- data/spec/lib/tcell_agent/patches_spec.rb +25 -43
- data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
- data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
- data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
- data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
- data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
- data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +127 -153
- data/spec/spec_helper.rb +1 -1
- data/spec/support/builders.rb +104 -0
- data/spec/support/force_logger_mocking.rb +38 -0
- data/spec/support/resources/lfi_sample_file.txt +2 -0
- data/spec/support/static_agent_overrides.rb +0 -15
- metadata +64 -74
- data/lib/tcell_agent/agent/event_processor.rb +0 -326
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
- data/lib/tcell_agent/agent/policy_manager.rb +0 -219
- data/lib/tcell_agent/agent/policy_types.rb +0 -30
- data/lib/tcell_agent/api.rb +0 -91
- data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
- data/lib/tcell_agent/config/child_process_events.rb +0 -8
- data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
- data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
- data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
- data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
- data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
- data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
- data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
- data/lib/tcell_agent/policies/rust_policies.rb +0 -110
- data/lib/tcell_agent/rails.rb +0 -40
- data/lib/tcell_agent/rust/libtcellagent-1.3.1.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-1.3.1.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +0 -308
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
- data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
- data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
- data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
- data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
- data/lib/tcell_agent/sensor_events/patches.rb +0 -21
- data/lib/tcell_agent/start_background_thread.rb +0 -55
- data/lib/tcell_agent/system_info.rb +0 -11
- data/lib/tcell_agent/utils/io.rb +0 -38
- data/lib/tcell_agent/utils/passwords.rb +0 -28
- data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
- data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
- data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
- data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
- data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
- data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
- data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
- data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
- data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
- data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
- data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fef169c3426eb04bcf907ba86a06b56508b3510b5a460dd20bdd0e859c773832
|
4
|
+
data.tar.gz: c60696ff6d4058537d8162cc28c5f956340a5b5a533bf1df7b805f1f8b208f90
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ffaeef09c1dbf616146f6407abdcd5c53c292098c9e6e3bb9ab32602c8f5cb94ac69e2d958e00ef6fd58b6c1c6e133104935617fd06410752f704132eaa78d81
|
7
|
+
data.tar.gz: 77a9ab760568d411be5535f0c9842376289667892b39b88bed4bfc6646a496d8cf26a1d6704e78c644d7564aa4fc9e1955d6cbbf36ec40a91ff01d3ad37807c1
|
data/README.md
CHANGED
@@ -1,120 +1,48 @@
|
|
1
|
-
#
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
## Release Process Checklist
|
6
|
-
|
7
|
-
Open a jira with the following checklist (sample: https://jira.tcell.io/browse/RA-98)
|
8
|
-
|
9
|
-
|
10
|
-
[ X ] unit tests pass
|
11
|
-
[ X ] integration tests pass
|
12
|
-
[ X ] test-kit tests pass (all variants)
|
13
|
-
[ X ] check test-kit logs for any unexpected errors
|
14
|
-
[ X ] performance tests pass (https://github.com/tcellio/load-testing/tree/master/agents)
|
15
|
-
[ X ] update changelog and version (sample https://github.com/tcellio/rubyagent-tcell/pull/275)
|
16
|
-
|
17
|
-
[ X ] manual install verified working (`make build`, install gem globally: `gem install tcell_agent-x.x.x.gem` works properly)
|
18
|
-
[ X ] run `tcell_agent test` command (might not be needed, since this is run in test-kit for every test-app)
|
19
|
-
|
20
|
-
[ X ] Update Master Branch
|
21
|
-
|
22
|
-
[ X ] ensure unknown_options accounts for any new keys (check `lib/tcell_agent/config/unknown_options.rb` file for logic)
|
23
|
-
[ X ] update support page in wiki with any new support (https://tcellio.atlassian.net/wiki/spaces/EN/pages/54460460/Server+Agent+Support)
|
24
|
-
|
25
|
-
Repeat if any bugs are found and patched
|
1
|
+
# RubyAgent
|
2
|
+
A Ruby security agent to instrument Ruby web applications. Additional docs can be found [here](https://docs.tcell.io/docs/ruby-agent-install)
|
3
|
+
## Installation
|
26
4
|
|
27
|
-
|
5
|
+
Add this line to your Gemfile to install the gem directly from [RubyGems](https://rubygems.org)
|
28
6
|
|
29
|
-
|
30
|
-
[ X ] run `make build` on release branch (`gem unpack tcell_agent-x.x.x.gem` and manually inspect .gem file to make sure no files are missing and no extra files are included)
|
31
|
-
[ X ] upload to rubygems (`gem push tcell_agent-x.x.x.gem`)
|
32
|
-
[ X ] confirm upload worked by running a test app that installs latest version from rubygems and smoke test
|
7
|
+
$ gem 'tcell_agent'
|
33
8
|
|
34
|
-
|
9
|
+
or to use a local version directly,
|
35
10
|
|
36
|
-
|
11
|
+
$ gem 'tcell_agent', :path => '<path-to-gem-repo'
|
37
12
|
|
38
|
-
|
13
|
+
and to install the gem,
|
39
14
|
|
40
|
-
|
15
|
+
$ bundle install
|
41
16
|
|
42
|
-
|
17
|
+
## Usage
|
43
18
|
|
44
|
-
|
19
|
+
Download the config file from the tCell dashboard and move it to the `config` directory of the application.
|
45
20
|
|
46
|
-
|
21
|
+
$ cp ~/Downloads/tcell_agent.config config/
|
47
22
|
|
48
|
-
|
23
|
+
When the server is started, tCell will be running. The log files will be created in the `tcell` directory of the project.
|
49
24
|
|
25
|
+
Alternatively, Rails initializers can be used instead of adding the `tcell_agent.config` file. The values for the fields can be found in `tcell_agent.config`. Here's a sample `config/initializers/tcell.rb`:
|
50
26
|
```
|
51
27
|
if defined?(TCellAgent)
|
52
28
|
TCellAgent.configure do |config|
|
53
29
|
config.app_id = "---APP_ID---"
|
54
30
|
config.api_key = "---API_KEY---"
|
55
|
-
config.agent_log_dir = "
|
56
|
-
config.agent_home_dir = "
|
57
|
-
config.tcell_api_url = "
|
58
|
-
config.tcell_input_url = "
|
31
|
+
config.agent_log_dir = "---path-to-logs-dir---"
|
32
|
+
config.agent_home_dir = "--path-to-tcell-dir---"
|
33
|
+
config.tcell_api_url = ""
|
34
|
+
config.tcell_input_url = ""
|
59
35
|
config.allow_payloads = true
|
60
|
-
# Removed for ruby 2.0
|
61
|
-
# config.agent_home_owner = "boris"
|
62
|
-
config.enabled = true
|
63
|
-
config.logging_options = {"enabled" => true, "level" => "DEBUG"}
|
64
|
-
config.host_identifier = "foomyserver"
|
65
|
-
config.log_tag = "TCELL_LOGS"
|
66
|
-
# Removed for ruby 2.0
|
67
|
-
# config.logger can no longer be supported after rubyagent v1.1.4 since logging is now handled by libtcellagent
|
68
|
-
# config.logger = Rails.logger
|
69
|
-
# or
|
70
|
-
# config.logger = ActiveSupport::TaggedLogging.new(ActiveSupport::Logger.new(STDOUT))
|
71
36
|
end
|
72
37
|
end
|
73
38
|
```
|
74
39
|
|
75
|
-
|
76
|
-
|
77
|
-
Log Tag (see above for example `log_tag` set in config) - Since rubyagent log can be printed to STDOUT along with all the other logging, `log_tag` is a custom string added to every log line to be able to filter just tcell log lines.
|
78
|
-
|
79
|
-
Logger object - Up until rubyagent v1.1.4 you could set a Rails.logger for the rubyagent to use for its logging. With the migration to have libtcellagent handle logging, that use case can no longer be supported. This feature was mainly used to get the rubyagent to log to STDOUT in heroku deployments. So as long as the agent supports some config to allow to log to STDOUT, this won't be missed.
|
80
|
-
|
81
|
-
## Installation
|
82
|
-
|
83
|
-
Download the GEM file and unpack it:
|
40
|
+
## Troubleshooting
|
84
41
|
|
85
|
-
|
86
|
-
|
87
|
-
In your rails directory
|
88
|
-
|
89
|
-
$ mv tcell_agent-0.2.0.gem vendor/cache/
|
90
|
-
$ bundle install
|
91
|
-
|
92
|
-
Add this line to your application's Gemfile:
|
93
|
-
|
94
|
-
|
95
|
-
```ruby
|
96
|
-
gem 'tcell_agent', '0.2.0'
|
97
|
-
```
|
98
|
-
or if you're using the repository directly.
|
99
|
-
```ruby
|
100
|
-
gem "tcell_agent", :path => "<path to your tcell_agent repo>"
|
42
|
+
Log level can be customized in `tcell_agent.config` by adding a block such as:
|
101
43
|
```
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
## Usage
|
108
|
-
|
109
|
-
You can download the config file from the Agents section of the application then move it to the config directory
|
110
|
-
|
111
|
-
$ cp ~/Downloads/tcell_agent.config config/
|
112
|
-
|
113
|
-
Or run the helper command
|
114
|
-
|
115
|
-
$ bundle exec tcell_agent setup
|
116
|
-
|
117
|
-
Or if running from the repo:
|
118
|
-
|
119
|
-
$ bundle exec <path to repo>/rubyagent-tcell/bin/tcell_agent
|
120
|
-
|
44
|
+
"logging_options": {
|
45
|
+
"enabled": true,
|
46
|
+
"level": "INFO"
|
47
|
+
}
|
48
|
+
```
|
data/bin/tcell_agent
CHANGED
@@ -257,33 +257,45 @@ elsif command == 'test'
|
|
257
257
|
|
258
258
|
printf '%-50s', 'Requiring configuration library... '
|
259
259
|
require 'tcell_agent/configuration'
|
260
|
-
require 'tcell_agent/api'
|
261
260
|
puts 'passed'
|
262
261
|
|
263
|
-
printf '%-50s', '
|
264
|
-
|
265
|
-
|
266
|
-
puts 'passed'
|
267
|
-
else
|
262
|
+
printf '%-50s', 'Loading native library... '
|
263
|
+
require 'tcell_agent/rust/native_library'
|
264
|
+
unless TCellAgent::Rust::NativeLibrary.common_lib_available?
|
268
265
|
puts 'failed'
|
269
266
|
Kernel.exit(1)
|
270
267
|
end
|
268
|
+
puts 'passed'
|
271
269
|
|
272
|
-
printf '%-50s', '
|
273
|
-
|
274
|
-
|
270
|
+
printf '%-50s', 'Make test API call for policies... '
|
271
|
+
require 'tcell_agent/rust/native_agent'
|
272
|
+
errors = TCellAgent::Rust::NativeAgent.test_policies
|
273
|
+
if !errors.empty?
|
275
274
|
puts 'failed'
|
275
|
+
puts errors
|
276
276
|
Kernel.exit(1)
|
277
|
+
else
|
278
|
+
puts 'passed'
|
277
279
|
end
|
278
|
-
puts 'passed'
|
279
280
|
|
280
|
-
printf '%-50s', '
|
281
|
-
require 'tcell_agent/
|
282
|
-
|
281
|
+
printf '%-50s', 'Sending a Test event... '
|
282
|
+
require 'tcell_agent/logger'
|
283
|
+
require 'tcell_agent/sensor_events/server_agent'
|
284
|
+
errors = TCellAgent::Rust::NativeAgent.test_event_sender(
|
285
|
+
[
|
286
|
+
TCellAgent::SensorEvents::ServerAgentDetailsLanguageEvent.new(
|
287
|
+
'Ruby',
|
288
|
+
RUBY_VERSION
|
289
|
+
)
|
290
|
+
]
|
291
|
+
)
|
292
|
+
if !errors.empty?
|
283
293
|
puts 'failed'
|
294
|
+
puts errors
|
284
295
|
Kernel.exit(1)
|
296
|
+
else
|
297
|
+
puts 'passed'
|
285
298
|
end
|
286
|
-
puts 'passed'
|
287
299
|
|
288
300
|
puts
|
289
301
|
puts 'all tests passed, looks good.'
|
data/lib/tcell_agent.rb
CHANGED
@@ -1,20 +1,26 @@
|
|
1
1
|
# See the file "LICENSE" for the full license governing this code.
|
2
2
|
|
3
|
-
require 'tcell_agent/utils/passwords'
|
4
|
-
require 'tcell_agent/utils/strings'
|
5
|
-
require 'tcell_agent/utils/io'
|
6
3
|
require 'tcell_agent/logger'
|
4
|
+
require 'tcell_agent/utils/strings'
|
7
5
|
require 'tcell_agent/configuration'
|
8
6
|
|
9
7
|
require 'tcell_agent/agent'
|
10
8
|
|
11
|
-
require 'tcell_agent/policies/http_tx_policy'
|
12
|
-
require 'tcell_agent/policies/http_redirect_policy'
|
13
|
-
require 'tcell_agent/policies/login_fraud_policy'
|
14
|
-
require 'tcell_agent/policies/dataloss_policy'
|
15
|
-
|
16
|
-
require 'tcell_agent/sensor_events/dlp'
|
17
9
|
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
18
10
|
|
19
11
|
require 'tcell_agent/instrumentation'
|
20
|
-
|
12
|
+
|
13
|
+
require 'tcell_agent/instrument_servers'
|
14
|
+
|
15
|
+
if !TCellAgent.configuration.disable_all && TCellAgent.configuration.should_instrument?
|
16
|
+
require 'tcell_agent/instrumentation/cmdi'
|
17
|
+
require 'tcell_agent/instrumentation/lfi'
|
18
|
+
require 'tcell_agent/instrumentation/monkey_patches/io'
|
19
|
+
require 'tcell_agent/instrumentation/monkey_patches/file'
|
20
|
+
require 'tcell_agent/instrumentation/monkey_patches/kernel'
|
21
|
+
|
22
|
+
require 'tcell_agent/hooks/login_fraud'
|
23
|
+
require 'tcell_agent/rails/on_start' if defined?(Rails)
|
24
|
+
# sinatra used to be supported, but dropped support due to no customers using it
|
25
|
+
# require 'tcell_agent/sinatra' if defined?(Sinatra)
|
26
|
+
end
|
data/lib/tcell_agent/agent.rb
CHANGED
@@ -2,120 +2,44 @@
|
|
2
2
|
|
3
3
|
require 'tcell_agent/logger'
|
4
4
|
require 'tcell_agent/version'
|
5
|
-
require 'tcell_agent/api'
|
6
5
|
require 'tcell_agent/configuration'
|
7
6
|
|
8
7
|
require 'tcell_agent/sensor_events/server_agent'
|
9
|
-
require 'tcell_agent/utils/queue_with_timeout'
|
10
8
|
|
11
|
-
require 'tcell_agent/
|
12
|
-
require 'tcell_agent/
|
9
|
+
require 'tcell_agent/policies/policy_types'
|
10
|
+
require 'tcell_agent/policies/policies_manager'
|
11
|
+
require 'tcell_agent/policies/policy_polling'
|
13
12
|
require 'tcell_agent/agent/static_agent'
|
14
|
-
require 'tcell_agent/agent/policy_types'
|
15
13
|
require 'tcell_agent/agent/route_manager'
|
16
|
-
require 'tcell_agent/agent/fork_pipe_manager'
|
17
14
|
|
18
15
|
require 'tcell_agent/routes/table'
|
19
16
|
|
20
|
-
require '
|
21
|
-
require '
|
22
|
-
|
17
|
+
require 'tcell_agent/settings_reporter'
|
18
|
+
require 'tcell_agent/rust/native_agent'
|
19
|
+
|
23
20
|
require 'json'
|
24
|
-
require 'monitor'
|
25
21
|
|
26
22
|
module TCellAgent
|
27
23
|
class Agent
|
28
|
-
|
29
|
-
attr_accessor :event_queue
|
30
|
-
|
31
|
-
attr_accessor :fork_event_queue
|
32
|
-
attr_accessor :fork_event_thread
|
33
|
-
attr_accessor :fork_event_thread_mutex
|
34
|
-
|
35
|
-
attr_accessor :metrics_event_queue
|
36
|
-
attr_accessor :metrics_event_thread
|
37
|
-
attr_accessor :metrics_event_thread_mutex
|
38
|
-
|
39
|
-
attr_accessor :policies
|
40
|
-
attr_accessor :eventProcessorThread
|
41
|
-
attr_accessor :response_time_table
|
42
|
-
attr_accessor :route_table
|
43
|
-
|
44
|
-
attr_accessor :event_processor_thread
|
45
|
-
attr_accessor :event_processor
|
46
|
-
attr_accessor :worker_mutex
|
47
|
-
|
48
|
-
attr_accessor :policy_polling_thread
|
49
|
-
attr_accessor :policy_polling_worker_mutex
|
50
|
-
|
51
|
-
attr_accessor :event_queue_monitor
|
52
|
-
attr_accessor :event_dispatch_monitor
|
53
|
-
|
54
|
-
attr_accessor :stop_agent
|
55
|
-
attr_accessor :complete_policy_cache
|
56
|
-
|
57
|
-
def initialize(start_pid = Process.pid)
|
58
|
-
@start_pid = start_pid
|
59
|
-
@dispatch_events_timeout = TCellAgent.configuration.event_time_limit_seconds || 55
|
60
|
-
@dispatch_events_limit = TCellAgent.configuration.event_batch_size_limit || 20
|
61
|
-
@worker_mutex = Mutex.new
|
62
|
-
@policy_polling_worker_mutex = Mutex.new
|
63
|
-
@@policy_tapi = TCellApi.new
|
64
|
-
|
65
|
-
# Agent request thread
|
66
|
-
@policies = {
|
67
|
-
TCellAgent::PolicyTypes::RUST => TCellAgent::Policies::RustPolicies.new
|
68
|
-
}
|
69
|
-
@lock = Monitor.new
|
70
|
-
|
71
|
-
initialize_processor_variables
|
72
|
-
|
73
|
-
if TCellAgent.configuration.preload_policy_filename
|
74
|
-
TCellAgent.logger.info('Preloading a policy file')
|
75
|
-
begin
|
76
|
-
policy_file = File.open(TCellAgent.configuration.preload_policy_filename).read
|
77
|
-
policy_jsons = JSON.parse(policy_file)
|
78
|
-
policy_jsons = policy_jsons['result'] if policy_jsons.key?('result')
|
79
|
-
process_policy_json(policy_jsons, false)
|
80
|
-
rescue StandardError => e
|
81
|
-
TCellAgent.logger.error(e.message)
|
82
|
-
end
|
83
|
-
end
|
84
|
-
cached_policies = policies_from_cachefile
|
85
|
-
process_policy_json(cached_policies, false) if cached_policies
|
86
|
-
end
|
24
|
+
include TCellAgent::ModuleLoggerAccess
|
87
25
|
|
88
|
-
|
89
|
-
|
26
|
+
attr_accessor :route_table,
|
27
|
+
:stop_agent,
|
28
|
+
:safe_to_check_cmdi
|
90
29
|
|
30
|
+
def initialize
|
91
31
|
@stop_agent = false
|
32
|
+
@native_agent = nil
|
92
33
|
@route_table = TCellAgent::Routes::RouteTable.new
|
93
|
-
|
94
|
-
@
|
95
|
-
@event_dispatch_monitor = Monitor.new
|
96
|
-
@mutex = Monitor.new
|
97
|
-
|
98
|
-
@response_time_table = {}
|
99
|
-
@sessions_metrics = TCellAgent::SensorEvents::SessionsMetric.new
|
100
|
-
@sessions_metrics_mutex = Monitor.new
|
101
|
-
|
102
|
-
@dispatch_events = []
|
103
|
-
@event_queue = BoundedQueue.new(200)
|
104
|
-
|
105
|
-
@fork_event_queue = Queue.new
|
106
|
-
@fork_event_thread_mutex = Monitor.new
|
107
|
-
|
108
|
-
@metrics_event_queue = Queue.new
|
109
|
-
@metrics_event_thread_mutex = Monitor.new
|
34
|
+
@safe_to_check_cmdi = false
|
35
|
+
@policies_manager = PoliciesManager.new(nil)
|
110
36
|
end
|
111
37
|
|
112
|
-
def
|
113
|
-
@start_pid == Process.pid
|
114
|
-
end
|
115
|
-
|
116
|
-
def start
|
38
|
+
def validate_config
|
117
39
|
if TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.api_key) ||
|
118
|
-
TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.app_id)
|
40
|
+
TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.app_id) ||
|
41
|
+
TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.tcell_input_url) ||
|
42
|
+
TCellAgent::Utils::Strings.blank?(TCellAgent.configuration.tcell_api_url)
|
119
43
|
puts ' ********* ********* ********* *********'
|
120
44
|
puts '* tCell.io *'
|
121
45
|
puts '* Configuration info is missing, you may *'
|
@@ -123,13 +47,70 @@ module TCellAgent
|
|
123
47
|
puts '* it in the config/ directory *'
|
124
48
|
puts ' ********* ********* ********* *********'
|
125
49
|
TCellAgent.configuration.enabled = false
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
def start(server_name)
|
54
|
+
TCellAgent.thread_agent.validate_config
|
55
|
+
return unless TCellAgent.configuration.should_instrument?
|
56
|
+
|
57
|
+
@native_agent = TCellAgent::Rust::NativeAgent.create_agent(
|
58
|
+
TCellAgent.configuration
|
59
|
+
)
|
60
|
+
if @native_agent.nil?
|
61
|
+
TCellAgent.configuration.enabled = false
|
126
62
|
return
|
127
63
|
end
|
128
64
|
|
129
|
-
TCellAgent.
|
65
|
+
TCellAgent.native_agent = @native_agent
|
66
|
+
@policies_manager = PoliciesManager.new(@native_agent)
|
67
|
+
# if preload_policy_filename is used and policy polling is
|
68
|
+
# disabled, need to call poll policies to make sure
|
69
|
+
# ruby policies are in sync with native agent enablements
|
70
|
+
result = @native_agent.poll_new_policies
|
71
|
+
policies_and_enablements = result['new_policies_and_enablements'] || {}
|
72
|
+
@policies_manager.process_policy_json(
|
73
|
+
policies_and_enablements['enablements'],
|
74
|
+
policies_and_enablements['policies']
|
75
|
+
)
|
76
|
+
|
77
|
+
@policy_polling = PolicyPolling.new(@policies_manager, @native_agent)
|
78
|
+
|
79
|
+
module_logger.info("Starting thread agent: #{server_name}")
|
80
|
+
|
81
|
+
@safe_to_check_cmdi = true
|
82
|
+
|
83
|
+
TCellAgent.report_settings
|
84
|
+
TCellAgent::Instrumentation::Rails.send_framework_info
|
85
|
+
TCellAgent::Instrumentation::Rails.send_settings
|
86
|
+
rescue StandardError => standard_error
|
87
|
+
TCellAgent.configuration.enabled = false
|
88
|
+
module_logger.error("Error starting agent: (#{standard_error.class}) #{standard_error.message}")
|
89
|
+
module_logger.exception(standard_error)
|
90
|
+
end
|
91
|
+
|
92
|
+
def policies
|
93
|
+
@policies_manager.policies
|
94
|
+
end
|
95
|
+
|
96
|
+
def report_metrics(request_time, tcell_context)
|
97
|
+
@native_agent.report_metrics(
|
98
|
+
request_time, tcell_context
|
99
|
+
)
|
100
|
+
rescue StandardError => standard_error
|
101
|
+
module_logger.error("Error reporting metric: (#{standard_error.class}) #{standard_error.message}")
|
102
|
+
module_logger.exception(standard_error)
|
103
|
+
end
|
104
|
+
|
105
|
+
def queue_sensor_event(event)
|
106
|
+
return unless @native_agent
|
130
107
|
|
131
|
-
|
132
|
-
|
108
|
+
@native_agent.send_sanitized_events(
|
109
|
+
[event]
|
110
|
+
)
|
111
|
+
rescue StandardError => standard_error
|
112
|
+
module_logger.error("Error sending event: (#{standard_error.class}) #{standard_error.message}")
|
113
|
+
module_logger.exception(standard_error)
|
133
114
|
end
|
134
115
|
end
|
135
116
|
end
|