tcell_agent 1.1.12 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/bin/tcell_agent +45 -137
- data/lib/tcell_agent.rb +12 -14
- data/lib/tcell_agent/agent.rb +108 -97
- data/lib/tcell_agent/agent/route_manager.rb +0 -16
- data/lib/tcell_agent/agent/static_agent.rb +9 -30
- data/lib/tcell_agent/config_initializer.rb +66 -0
- data/lib/tcell_agent/configuration.rb +69 -345
- data/lib/tcell_agent/hooks/login_fraud.rb +30 -33
- data/lib/tcell_agent/instrument_servers.rb +23 -0
- data/lib/tcell_agent/instrumentation.rb +12 -10
- data/lib/tcell_agent/instrumentation/cmdi.rb +29 -25
- data/lib/tcell_agent/instrumentation/lfi.rb +84 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/file.rb +25 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/io.rb +131 -0
- data/lib/tcell_agent/instrumentation/monkey_patches/kernel.rb +102 -0
- data/lib/tcell_agent/logger.rb +49 -114
- data/lib/tcell_agent/patches.rb +6 -7
- data/lib/tcell_agent/policies/appfirewall_policy.rb +26 -0
- data/lib/tcell_agent/policies/command_injection_policy.rb +28 -0
- data/lib/tcell_agent/policies/dataloss_policy.rb +44 -44
- data/lib/tcell_agent/policies/headers_policy.rb +25 -0
- data/lib/tcell_agent/policies/http_redirect_policy.rb +13 -79
- data/lib/tcell_agent/policies/js_agent_policy.rb +27 -0
- data/lib/tcell_agent/policies/local_file_access.rb +28 -0
- data/lib/tcell_agent/policies/login_policy.rb +43 -0
- data/lib/tcell_agent/policies/patches_policy.rb +27 -0
- data/lib/tcell_agent/policies/policies_manager.rb +68 -0
- data/lib/tcell_agent/policies/policy_polling.rb +58 -0
- data/lib/tcell_agent/policies/policy_types.rb +14 -0
- data/lib/tcell_agent/policies/system_enablements.rb +27 -0
- data/lib/tcell_agent/rails/auth/authlogic.rb +46 -75
- data/lib/tcell_agent/rails/auth/authlogic_helper.rb +20 -0
- data/lib/tcell_agent/rails/auth/devise.rb +100 -105
- data/lib/tcell_agent/rails/auth/devise_helper.rb +29 -0
- data/lib/tcell_agent/rails/auth/doorkeeper.rb +62 -76
- data/lib/tcell_agent/{userinfo.rb → rails/auth/userinfo.rb} +0 -0
- data/lib/tcell_agent/rails/csrf_exception.rb +2 -10
- data/lib/tcell_agent/rails/dlp.rb +35 -23
- data/lib/tcell_agent/rails/dlp_handler.rb +1 -2
- data/lib/tcell_agent/rails/js_agent_insert.rb +12 -13
- data/lib/tcell_agent/rails/middleware/body_filter_middleware.rb +4 -25
- data/lib/tcell_agent/rails/middleware/context_middleware.rb +2 -12
- data/lib/tcell_agent/rails/middleware/global_middleware.rb +1 -2
- data/lib/tcell_agent/rails/middleware/headers_middleware.rb +14 -34
- data/lib/tcell_agent/{rails.rb → rails/railties/tcell_agent_railties.rb} +11 -16
- data/lib/tcell_agent/rails/railties/tcell_agent_unicorn_railties.rb +8 -0
- data/lib/tcell_agent/rails/routes.rb +10 -12
- data/lib/tcell_agent/rails/routes/grape.rb +4 -14
- data/lib/tcell_agent/rails/routes/route_id.rb +3 -1
- data/lib/tcell_agent/rails/settings_reporter.rb +23 -36
- data/lib/tcell_agent/rails/tcell_body_proxy.rb +5 -4
- data/lib/tcell_agent/rust/agent_config.rb +60 -0
- data/lib/tcell_agent/rust/{libtcellagent-alpine-1.3.2.so → libtcellagent-5.0.2.dylib} +0 -0
- data/lib/tcell_agent/rust/{libtcellagent-1.3.2.so → libtcellagent-5.0.2.so} +0 -0
- data/lib/tcell_agent/rust/libtcellagent-alpine-5.0.2.so +0 -0
- data/lib/tcell_agent/rust/models.rb +6 -52
- data/lib/tcell_agent/rust/native_agent.rb +549 -0
- data/lib/tcell_agent/rust/native_agent_response.rb +42 -0
- data/lib/tcell_agent/rust/native_library.rb +69 -0
- data/lib/tcell_agent/rust/tcellagent-5.0.2.dll +0 -0
- data/lib/tcell_agent/sensor_events/agent_setting_event.rb +12 -0
- data/lib/tcell_agent/sensor_events/{app_config.rb → app_config_setting_event.rb} +0 -6
- data/lib/tcell_agent/sensor_events/dlp.rb +2 -6
- data/lib/tcell_agent/sensor_events/sensor.rb +0 -62
- data/lib/tcell_agent/sensor_events/server_agent.rb +13 -18
- data/lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb +0 -108
- data/lib/tcell_agent/sensor_events/util/utils.rb +0 -2
- data/lib/tcell_agent/servers/passenger.rb +1 -28
- data/lib/tcell_agent/servers/puma.rb +3 -21
- data/lib/tcell_agent/servers/rails_server.rb +1 -2
- data/lib/tcell_agent/servers/thin.rb +2 -2
- data/lib/tcell_agent/servers/unicorn.rb +19 -80
- data/lib/tcell_agent/servers/webrick.rb +1 -2
- data/lib/tcell_agent/settings_reporter.rb +11 -90
- data/lib/tcell_agent/sinatra.rb +14 -16
- data/lib/tcell_agent/tcell_context.rb +40 -14
- data/lib/tcell_agent/utils/headers.rb +14 -0
- data/lib/tcell_agent/version.rb +1 -1
- data/spec/lib/tcell_agent/configuration_spec.rb +55 -346
- data/spec/lib/tcell_agent/hooks/login_fraud_spec.rb +46 -173
- data/spec/lib/tcell_agent/instrumentation/cmdi/io_cmdi_spec.rb +504 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi/kernel_cmdi_spec.rb +435 -0
- data/spec/lib/tcell_agent/instrumentation/cmdi_spec.rb +201 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/file_lfi_spec.rb +326 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/io_lfi_spec.rb +562 -0
- data/spec/lib/tcell_agent/instrumentation/lfi/kernel_lfi_spec.rb +264 -0
- data/spec/lib/tcell_agent/instrumentation/lfi_spec.rb +150 -0
- data/spec/lib/tcell_agent/patches_spec.rb +25 -43
- data/spec/lib/tcell_agent/policies/appfirewall_policy_spec.rb +183 -0
- data/spec/lib/tcell_agent/policies/clickjacking_policy_spec.rb +57 -0
- data/spec/lib/tcell_agent/policies/command_injection_policy_spec.rb +84 -773
- data/spec/lib/tcell_agent/policies/content_security_policy_spec.rb +161 -0
- data/spec/lib/tcell_agent/policies/dataloss_policy_spec.rb +9 -9
- data/spec/lib/tcell_agent/policies/http_redirect_policy_spec.rb +243 -198
- data/spec/lib/tcell_agent/policies/js_agent_policy_spec.rb +75 -0
- data/spec/lib/tcell_agent/policies/login_policy_spec.rb +165 -33
- data/spec/lib/tcell_agent/policies/patches_policy_spec.rb +84 -277
- data/spec/lib/tcell_agent/policies/policies_manager_spec.rb +104 -0
- data/spec/lib/tcell_agent/policies/policy_polling_spec.rb +6 -0
- data/spec/lib/tcell_agent/policies/secure_headers_policy_spec.rb +56 -0
- data/spec/lib/tcell_agent/rails/csrf_exception_spec.rb +9 -18
- data/spec/lib/tcell_agent/rails/js_agent_insert_spec.rb +13 -30
- data/spec/lib/tcell_agent/rails/logger_spec.rb +27 -7
- data/spec/lib/tcell_agent/rails/middleware/tcell_body_proxy_spec.rb +17 -12
- data/spec/lib/tcell_agent/rails/routes/routes_spec.rb +14 -14
- data/spec/lib/tcell_agent/rust/agent_config_spec.rb +27 -0
- data/spec/lib/tcell_agent/sensor_events/util/sanitizer_utilities_spec.rb +0 -35
- data/spec/lib/tcell_agent/settings_reporter_spec.rb +56 -155
- data/spec/spec_helper.rb +1 -1
- data/spec/support/builders.rb +103 -0
- data/spec/support/force_logger_mocking.rb +38 -0
- data/spec/support/resources/lfi_sample_file.txt +2 -0
- data/spec/support/static_agent_overrides.rb +0 -15
- metadata +72 -83
- data/lib/tcell_agent/agent/event_processor.rb +0 -326
- data/lib/tcell_agent/agent/fork_pipe_manager.rb +0 -113
- data/lib/tcell_agent/agent/policy_manager.rb +0 -219
- data/lib/tcell_agent/agent/policy_types.rb +0 -30
- data/lib/tcell_agent/api.rb +0 -91
- data/lib/tcell_agent/appsensor/injections_reporter.rb +0 -24
- data/lib/tcell_agent/authlogic.rb +0 -26
- data/lib/tcell_agent/config/child_process_events.rb +0 -8
- data/lib/tcell_agent/config/unknown_options.rb +0 -123
- data/lib/tcell_agent/devise.rb +0 -35
- data/lib/tcell_agent/instrumentation/cmdi/backtick.rb +0 -10
- data/lib/tcell_agent/instrumentation/cmdi/exec.rb +0 -14
- data/lib/tcell_agent/instrumentation/cmdi/popen.rb +0 -28
- data/lib/tcell_agent/instrumentation/cmdi/spawn.rb +0 -11
- data/lib/tcell_agent/instrumentation/cmdi/system.rb +0 -11
- data/lib/tcell_agent/policies/http_tx_policy.rb +0 -60
- data/lib/tcell_agent/policies/login_fraud_policy.rb +0 -45
- data/lib/tcell_agent/policies/rust_policies.rb +0 -110
- data/lib/tcell_agent/rails/on_start.rb +0 -41
- data/lib/tcell_agent/rust/libtcellagent-1.3.2.dylib +0 -0
- data/lib/tcell_agent/rust/tcellagent-1.3.2.dll +0 -0
- data/lib/tcell_agent/rust/whisperer.rb +0 -308
- data/lib/tcell_agent/sensor_events/appsensor_event.rb +0 -52
- data/lib/tcell_agent/sensor_events/appsensor_meta_event.rb +0 -45
- data/lib/tcell_agent/sensor_events/command_injection.rb +0 -75
- data/lib/tcell_agent/sensor_events/honeytokens.rb +0 -16
- data/lib/tcell_agent/sensor_events/login_fraud.rb +0 -60
- data/lib/tcell_agent/sensor_events/metrics.rb +0 -123
- data/lib/tcell_agent/sensor_events/patches.rb +0 -21
- data/lib/tcell_agent/start_background_thread.rb +0 -55
- data/lib/tcell_agent/system_info.rb +0 -11
- data/lib/tcell_agent/utils/io.rb +0 -38
- data/lib/tcell_agent/utils/passwords.rb +0 -28
- data/lib/tcell_agent/utils/queue_with_timeout.rb +0 -142
- data/spec/lib/tcell_agent/agent/fork_pipe_manager_spec.rb +0 -100
- data/spec/lib/tcell_agent/agent/policy_manager_spec.rb +0 -535
- data/spec/lib/tcell_agent/agent/static_agent_spec.rb +0 -133
- data/spec/lib/tcell_agent/api/api_spec.rb +0 -39
- data/spec/lib/tcell_agent/appsensor/injections_reporter_spec.rb +0 -187
- data/spec/lib/tcell_agent/cmdi_spec.rb +0 -736
- data/spec/lib/tcell_agent/config/unknown_options_spec.rb +0 -213
- data/spec/lib/tcell_agent/instrumentation_spec.rb +0 -225
- data/spec/lib/tcell_agent/policies/appsensor_policy_spec.rb +0 -517
- data/spec/lib/tcell_agent/policies/http_tx_policy_spec.rb +0 -22
- data/spec/lib/tcell_agent/rails/middleware/appsensor_middleware_spec.rb +0 -293
- data/spec/lib/tcell_agent/rails/middleware/dlp_middleware_spec.rb +0 -198
- data/spec/lib/tcell_agent/rails/middleware/global_middleware_spec.rb +0 -180
- data/spec/lib/tcell_agent/rails/middleware/redirect_middleware_spec.rb +0 -116
- data/spec/lib/tcell_agent/rust/models_spec.rb +0 -120
- data/spec/lib/tcell_agent/rust/whisperer_spec.rb +0 -704
- data/spec/lib/tcell_agent/sensor_events/appsensor_meta_event_spec.rb +0 -45
- data/spec/lib/tcell_agent/sensor_events/sessions_metric_spec.rb +0 -272
- data/spec/lib/tcell_agent/utils/bounded_queue_spec.rb +0 -52
- data/spec/lib/tcell_agent/utils/passwords_spec.rb +0 -143
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 4874ce28005d00849139d7ff1620e5eb0969a6a4626a2b005936ebb429be7064
|
4
|
+
data.tar.gz: bb009ff4896aecb87e92ea17c57273a4b9bee02f0ef211a51f45f72ed96dbc04
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 960aa5847e382e2ef19f3d5ef615113a3c042a1f567bdc0cbf9231d5662b7bc140275177103de97b7967408329f1ac90d7702e9606adb8c19117e4dee691eb4c
|
7
|
+
data.tar.gz: 8ff116f37231cd8d045ecd634b01446250293520318a0aedbe10c79adcb49ae318e966e67c3576df9fa364152c06b71546a6caf35583d82e9f7e0856908a6472
|
data/bin/tcell_agent
CHANGED
@@ -1,25 +1,11 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
require 'fileutils'
|
6
|
-
require 'json'
|
3
|
+
require 'tcell_agent'
|
7
4
|
require 'optparse'
|
8
5
|
|
6
|
+
CONFIG_DIR = 'config'.freeze
|
7
|
+
CONFIG_FILE = 'config/tcell_agent.config'.freeze
|
9
8
|
options = {}
|
10
|
-
|
11
|
-
subtext = <<HELP
|
12
|
-
Commonly used command are:
|
13
|
-
setup : Setup new config file
|
14
|
-
test : Run diagnostics classes and config
|
15
|
-
loglevel : Set the loglevel of the tcell agent
|
16
|
-
enable : Enable the agent
|
17
|
-
disable : Disable the agent
|
18
|
-
|
19
|
-
See 'tcell_agent COMMAND --help' for more information on a specific command.
|
20
|
-
|
21
|
-
HELP
|
22
|
-
|
23
9
|
def yesno(default = true)
|
24
10
|
begin
|
25
11
|
system('stty raw -echo')
|
@@ -34,74 +20,59 @@ def yesno(default = true)
|
|
34
20
|
default
|
35
21
|
end
|
36
22
|
|
37
|
-
|
38
|
-
|
23
|
+
subtext = <<HELP
|
24
|
+
Commonly used commands are:
|
25
|
+
test : Run diagnostics and test event sending
|
26
|
+
HELP
|
39
27
|
|
40
28
|
global = OptionParser.new do |opts|
|
41
|
-
opts.banner = 'Usage: tcell_agent [options] [subcommand
|
29
|
+
opts.banner = 'Usage: tcell_agent [options] [subcommand]'
|
30
|
+
|
42
31
|
opts.on('--version', 'Print version') do |_v|
|
43
|
-
|
44
|
-
puts "TCell.io Ruby Agent (Version #{TCellAgent::VERSION})"
|
32
|
+
puts "tCell Ruby Agent Version #{TCellAgent::VERSION}"
|
45
33
|
Kernel.exit(1)
|
46
34
|
end
|
47
|
-
|
48
|
-
|
35
|
+
|
36
|
+
opts.on('test', 'Run diagnostics and test event sending') do |_v|
|
49
37
|
end
|
50
38
|
opts.separator ''
|
51
39
|
opts.separator subtext
|
52
40
|
end
|
53
41
|
|
54
42
|
subcommands = {
|
55
|
-
'
|
56
|
-
opts.banner = 'Usage:
|
43
|
+
'test' => OptionParser.new do |opts|
|
44
|
+
opts.banner = 'Usage: test'
|
57
45
|
end,
|
58
46
|
'loglevel' => OptionParser.new do |opts|
|
59
47
|
opts.banner = 'Usage: loglevel [options] error|warn|info|debug'
|
60
48
|
opts.on('-o', '--off', 'turn logging off ') do |v|
|
61
49
|
options[:off] = v
|
62
50
|
end
|
63
|
-
end
|
64
|
-
'preload' => OptionParser.new do |opts|
|
65
|
-
opts.banner = 'Usage: loglevel [options] [preload_filename]'
|
66
|
-
opts.on('-o', '--off', 'turn preloading filename off ') do |v|
|
67
|
-
options[:off] = v
|
68
|
-
end
|
69
|
-
end,
|
70
|
-
'demomode' => OptionParser.new do |opts|
|
71
|
-
opts.banner = 'Usage: loglevel [options]'
|
72
|
-
opts.on('-o', '--off', 'turn preloading filename off ') do |v|
|
73
|
-
options[:off] = v
|
74
|
-
end
|
75
|
-
end,
|
76
|
-
'enable' => OptionParser.new do |opts|
|
77
|
-
opts.banner = 'Usage: enable'
|
78
|
-
end,
|
79
|
-
'disable' => OptionParser.new do |opts|
|
80
|
-
opts.banner = 'Usage: disable'
|
81
|
-
end,
|
82
|
-
'test' => OptionParser.new do |opts|
|
83
|
-
opts.banner = 'Usage: test'
|
84
|
-
# opts.on("-q", "--[no-]quiet", "quietly run ") do |v|
|
85
|
-
# options[:quiet] = v
|
86
|
-
# end
|
87
|
-
end
|
51
|
+
end
|
88
52
|
}
|
89
53
|
|
90
54
|
global.order!
|
91
55
|
command = ARGV.shift
|
92
|
-
|
56
|
+
deprecated_commands = %w[setup loglevel preload demomode enable disable]
|
57
|
+
if command.nil?
|
58
|
+
puts global
|
59
|
+
Kernel.exit(1)
|
60
|
+
elsif subcommands[command]
|
61
|
+
subcommands[command].order!
|
62
|
+
elsif !deprecated_commands.include?(command)
|
93
63
|
puts global
|
94
64
|
Kernel.exit(1)
|
95
65
|
end
|
96
|
-
subcommands[command].order!
|
97
66
|
|
98
67
|
if command == 'setup'
|
68
|
+
puts '[WARN] tcell_agent setup is deprecated and will be removed in the future.'
|
69
|
+
puts ' Please download the config file from the tCell dashboard'
|
99
70
|
unless File.directory?(CONFIG_DIR)
|
100
71
|
print "Directory 'config' not found, create? [Y/n]"
|
101
72
|
answer = yesno
|
102
73
|
print "\n"
|
103
74
|
unless answer
|
104
|
-
puts 'ERROR
|
75
|
+
puts '[ERROR] Could not create config'
|
105
76
|
Kernel.exit(1)
|
106
77
|
end
|
107
78
|
FileUtils.mkdir_p CONFIG_DIR
|
@@ -132,6 +103,7 @@ if command == 'setup'
|
|
132
103
|
puts 'done.'
|
133
104
|
|
134
105
|
elsif command == 'loglevel'
|
106
|
+
puts '[WARN] tcell_agent loglevel is deprecated and will be removed in the future.'
|
135
107
|
file = File.read(CONFIG_FILE)
|
136
108
|
config_hash = JSON.parse(file)
|
137
109
|
logging_options = config_hash['applications'][0].fetch('logging_options', {})
|
@@ -158,6 +130,7 @@ elsif command == 'loglevel'
|
|
158
130
|
puts 'done.'
|
159
131
|
|
160
132
|
elsif command == 'preload'
|
133
|
+
puts '[WARN] tcell_agent preload is deprecated and will be removed in the future.'
|
161
134
|
file = File.read(CONFIG_FILE)
|
162
135
|
config_hash = JSON.parse(file)
|
163
136
|
|
@@ -175,6 +148,7 @@ elsif command == 'preload'
|
|
175
148
|
puts 'done.'
|
176
149
|
|
177
150
|
elsif command == 'enable'
|
151
|
+
puts '[WARN] tcell_agent enable is deprecated and will be removed in the future.'
|
178
152
|
file = File.read(CONFIG_FILE)
|
179
153
|
config_hash = JSON.parse(file)
|
180
154
|
config_hash['applications'][0].delete('enabled')
|
@@ -182,6 +156,7 @@ elsif command == 'enable'
|
|
182
156
|
puts 'Enabled, you will need to restart the server.'
|
183
157
|
|
184
158
|
elsif command == 'disable'
|
159
|
+
puts '[WARN] tcell_agent disable is deprecated and will be removed in the future.'
|
185
160
|
file = File.read(CONFIG_FILE)
|
186
161
|
config_hash = JSON.parse(file)
|
187
162
|
config_hash['applications'][0]['enabled'] = false
|
@@ -189,6 +164,7 @@ elsif command == 'disable'
|
|
189
164
|
puts 'Disabled, you will need to restart the server.'
|
190
165
|
|
191
166
|
elsif command == 'demomode'
|
167
|
+
puts '[WARN] tcell_agent demomode is deprecated and will be removed in the future.'
|
192
168
|
file = File.read(CONFIG_FILE)
|
193
169
|
config_hash = JSON.parse(file)
|
194
170
|
if options[:off] == true
|
@@ -200,92 +176,24 @@ elsif command == 'demomode'
|
|
200
176
|
puts 'done.'
|
201
177
|
|
202
178
|
elsif command == 'test'
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
puts 'passed'
|
210
|
-
|
211
|
-
printf '%-50s', 'Config valid json... '
|
212
|
-
file = File.read(CONFIG_FILE)
|
213
|
-
config_hash = JSON.parse(file)
|
214
|
-
puts 'passed'
|
215
|
-
|
216
|
-
printf '%-50s', 'Config file has valid version... '
|
217
|
-
if config_hash.fetch('version') != 1
|
218
|
-
puts 'failed'
|
219
|
-
Kernel.exit(1)
|
220
|
-
end
|
221
|
-
puts 'passed'
|
222
|
-
|
223
|
-
printf '%-50s', 'Config file has application...'
|
224
|
-
if config_hash.fetch('applications').empty?
|
225
|
-
puts 'failed'
|
226
|
-
Kernel.exit(1)
|
227
|
-
end
|
228
|
-
puts 'passed'
|
229
|
-
|
230
|
-
printf '%-50s', 'Application has app_id... '
|
231
|
-
tcell_application = config_hash.fetch('applications')[0]
|
232
|
-
if !tcell_application.key?('app_id') && !ENV['TCELL_AGENT_APP_ID']
|
233
|
-
puts 'failed'
|
234
|
-
Kernel.exit(1)
|
235
|
-
end
|
236
|
-
puts 'passed'
|
237
|
-
|
238
|
-
printf '%-50s', 'Application has api_key... '
|
239
|
-
tcell_application = config_hash.fetch('applications')[0]
|
240
|
-
if !tcell_application.key?('api_key') && !ENV['TCELL_AGENT_API_KEY']
|
241
|
-
puts 'failed'
|
242
|
-
Kernel.exit(1)
|
243
|
-
end
|
244
|
-
puts 'passed'
|
245
|
-
|
246
|
-
printf '%-50s', 'Check for unknown settings... '
|
247
|
-
require 'tcell_agent/config/unknown_options'
|
248
|
-
messages = TCellAgent::Config::Validate.get_unknown_options(config_hash)
|
249
|
-
unless messages.empty?
|
250
|
-
puts 'failed'
|
251
|
-
messages.each do |message|
|
252
|
-
puts message
|
179
|
+
Dir[Dir.pwd + '/config/initializers/*.rb'].sort.each do |f|
|
180
|
+
begin
|
181
|
+
require f
|
182
|
+
rescue NameError # rubocop: disable Lint/HandleExceptions
|
183
|
+
rescue StandardError => e
|
184
|
+
puts "[ERROR] Loading initializers failed. #{e}"
|
253
185
|
end
|
254
|
-
Kernel.exit(1)
|
255
|
-
end
|
256
|
-
puts 'passed'
|
257
|
-
|
258
|
-
printf '%-50s', 'Requiring configuration library... '
|
259
|
-
require 'tcell_agent/configuration'
|
260
|
-
require 'tcell_agent/api'
|
261
|
-
puts 'passed'
|
262
|
-
|
263
|
-
printf '%-50s', 'Make test API call for policies... '
|
264
|
-
api = TCellAgent::TCellApi.new
|
265
|
-
if api.poll_api
|
266
|
-
puts 'passed'
|
267
|
-
else
|
268
|
-
puts 'failed'
|
269
|
-
Kernel.exit(1)
|
270
186
|
end
|
271
187
|
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
|
276
|
-
Kernel.exit(1)
|
188
|
+
require 'tcell_agent/rust/native_library'
|
189
|
+
unless TCellAgent::Rust::NativeLibrary.common_lib_available?
|
190
|
+
puts '[ERROR] Native Library is unavailable'
|
191
|
+
return
|
277
192
|
end
|
278
|
-
puts 'passed'
|
279
193
|
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
end
|
286
|
-
puts 'passed'
|
287
|
-
|
288
|
-
puts
|
289
|
-
puts 'all tests passed, looks good.'
|
290
|
-
puts 'done.'
|
194
|
+
puts "tCell Ruby Agent Version #{TCellAgent::VERSION}"
|
195
|
+
TCellAgent::Rust::NativeAgent.test_agent(
|
196
|
+
TCellAgent.initializer_configuration ||
|
197
|
+
TCellAgent.configuration
|
198
|
+
)
|
291
199
|
end
|
data/lib/tcell_agent.rb
CHANGED
@@ -1,20 +1,18 @@
|
|
1
1
|
# See the file "LICENSE" for the full license governing this code.
|
2
|
-
|
3
|
-
require 'tcell_agent/utils/passwords'
|
4
|
-
require 'tcell_agent/utils/strings'
|
5
|
-
require 'tcell_agent/utils/io'
|
6
|
-
require 'tcell_agent/logger'
|
7
2
|
require 'tcell_agent/configuration'
|
8
3
|
|
9
|
-
|
4
|
+
unless TCellAgent.configuration.disable_all
|
5
|
+
require 'tcell_agent/logger'
|
6
|
+
require 'tcell_agent/utils/strings'
|
7
|
+
require 'tcell_agent/agent'
|
10
8
|
|
11
|
-
require 'tcell_agent/
|
12
|
-
require 'tcell_agent/policies/http_redirect_policy'
|
13
|
-
require 'tcell_agent/policies/login_fraud_policy'
|
14
|
-
require 'tcell_agent/policies/dataloss_policy'
|
9
|
+
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
15
10
|
|
16
|
-
require 'tcell_agent/
|
17
|
-
require 'tcell_agent/sensor_events/util/sanitizer_utilities'
|
11
|
+
require 'tcell_agent/instrumentation'
|
18
12
|
|
19
|
-
require 'tcell_agent/
|
20
|
-
require 'tcell_agent/
|
13
|
+
require 'tcell_agent/instrument_servers'
|
14
|
+
require 'tcell_agent/hooks/login_fraud'
|
15
|
+
require 'tcell_agent/rails/railties/tcell_agent_railties' if defined?(Rails)
|
16
|
+
# sinatra used to be supported, but dropped support due to no customers using it
|
17
|
+
# require 'tcell_agent/sinatra' if defined?(Sinatra)
|
18
|
+
end
|
data/lib/tcell_agent/agent.rb
CHANGED
@@ -2,134 +2,145 @@
|
|
2
2
|
|
3
3
|
require 'tcell_agent/logger'
|
4
4
|
require 'tcell_agent/version'
|
5
|
-
require 'tcell_agent/api'
|
6
5
|
require 'tcell_agent/configuration'
|
7
6
|
|
8
7
|
require 'tcell_agent/sensor_events/server_agent'
|
9
|
-
require 'tcell_agent/utils/queue_with_timeout'
|
10
8
|
|
11
|
-
require 'tcell_agent/
|
12
|
-
require 'tcell_agent/
|
9
|
+
require 'tcell_agent/policies/policy_types'
|
10
|
+
require 'tcell_agent/policies/policies_manager'
|
11
|
+
require 'tcell_agent/policies/policy_polling'
|
13
12
|
require 'tcell_agent/agent/static_agent'
|
14
|
-
require 'tcell_agent/agent/policy_types'
|
15
13
|
require 'tcell_agent/agent/route_manager'
|
16
|
-
require 'tcell_agent/agent/fork_pipe_manager'
|
17
14
|
|
18
15
|
require 'tcell_agent/routes/table'
|
19
16
|
|
20
|
-
require '
|
21
|
-
require '
|
22
|
-
|
17
|
+
require 'tcell_agent/settings_reporter'
|
18
|
+
require 'tcell_agent/rust/native_agent'
|
19
|
+
|
23
20
|
require 'json'
|
24
|
-
require 'monitor'
|
25
21
|
|
26
22
|
module TCellAgent
|
27
23
|
class Agent
|
28
|
-
|
29
|
-
attr_accessor :event_queue
|
30
|
-
|
31
|
-
attr_accessor :fork_event_queue
|
32
|
-
attr_accessor :fork_event_thread
|
33
|
-
attr_accessor :fork_event_thread_mutex
|
34
|
-
|
35
|
-
attr_accessor :metrics_event_queue
|
36
|
-
attr_accessor :metrics_event_thread
|
37
|
-
attr_accessor :metrics_event_thread_mutex
|
38
|
-
|
39
|
-
attr_accessor :policies
|
40
|
-
attr_accessor :eventProcessorThread
|
41
|
-
attr_accessor :response_time_table
|
42
|
-
attr_accessor :route_table
|
43
|
-
|
44
|
-
attr_accessor :event_processor_thread
|
45
|
-
attr_accessor :event_processor
|
46
|
-
attr_accessor :worker_mutex
|
47
|
-
|
48
|
-
attr_accessor :policy_polling_thread
|
49
|
-
attr_accessor :policy_polling_worker_mutex
|
50
|
-
|
51
|
-
attr_accessor :event_queue_monitor
|
52
|
-
attr_accessor :event_dispatch_monitor
|
53
|
-
|
54
|
-
attr_accessor :stop_agent
|
55
|
-
attr_accessor :complete_policy_cache
|
56
|
-
|
57
|
-
def initialize(start_pid = Process.pid)
|
58
|
-
@start_pid = start_pid
|
59
|
-
@dispatch_events_timeout = TCellAgent.configuration.event_time_limit_seconds || 55
|
60
|
-
@dispatch_events_limit = TCellAgent.configuration.event_batch_size_limit || 20
|
61
|
-
@worker_mutex = Mutex.new
|
62
|
-
@policy_polling_worker_mutex = Mutex.new
|
63
|
-
@@policy_tapi = TCellApi.new
|
64
|
-
|
65
|
-
# Agent request thread
|
66
|
-
@policies = {
|
67
|
-
TCellAgent::PolicyTypes::RUST => TCellAgent::Policies::RustPolicies.new
|
68
|
-
}
|
69
|
-
@lock = Monitor.new
|
70
|
-
|
71
|
-
initialize_processor_variables
|
72
|
-
|
73
|
-
if TCellAgent.configuration.preload_policy_filename
|
74
|
-
TCellAgent.logger.info('Preloading a policy file')
|
75
|
-
begin
|
76
|
-
policy_file = File.open(TCellAgent.configuration.preload_policy_filename).read
|
77
|
-
policy_jsons = JSON.parse(policy_file)
|
78
|
-
policy_jsons = policy_jsons['result'] if policy_jsons.key?('result')
|
79
|
-
process_policy_json(policy_jsons, false)
|
80
|
-
rescue StandardError => e
|
81
|
-
TCellAgent.logger.error(e.message)
|
82
|
-
end
|
83
|
-
end
|
84
|
-
cached_policies = policies_from_cachefile
|
85
|
-
process_policy_json(cached_policies, false) if cached_policies
|
86
|
-
end
|
24
|
+
include TCellAgent::ModuleLoggerAccess
|
87
25
|
|
88
|
-
|
89
|
-
|
26
|
+
attr_accessor :route_table,
|
27
|
+
:stop_agent
|
90
28
|
|
29
|
+
def initialize
|
91
30
|
@stop_agent = false
|
31
|
+
@native_agent = nil
|
92
32
|
@route_table = TCellAgent::Routes::RouteTable.new
|
33
|
+
@policies_manager = PoliciesManager.new(nil)
|
34
|
+
end
|
35
|
+
|
36
|
+
def instrument_auth_frameworks
|
37
|
+
if defined?(Devise) && TCellAgent.configuration.should_instrument?('devise')
|
38
|
+
module_logger.info('Instrumenting Devise authentication framework')
|
39
|
+
require 'tcell_agent/rails/auth/devise'
|
40
|
+
require 'tcell_agent/rails/auth/devise_helper'
|
41
|
+
end
|
42
|
+
|
43
|
+
if defined?(Authlogic) && TCellAgent.configuration.should_instrument?('authlogic')
|
44
|
+
module_logger.info('Instrumenting Authlogic authentication framework')
|
45
|
+
require 'tcell_agent/rails/auth/authlogic'
|
46
|
+
require 'tcell_agent/rails/auth/authlogic_helper'
|
47
|
+
end
|
48
|
+
|
49
|
+
if defined?(Doorkeeper) && TCellAgent.configuration.should_instrument?('doorkeeper') # rubocop:disable Style/GuardClause
|
50
|
+
module_logger.info('Instrumenting Doorkeeper authentication framework')
|
51
|
+
require 'tcell_agent/rails/auth/doorkeeper'
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def instrument_built_ins
|
56
|
+
require 'tcell_agent/instrumentation/cmdi'
|
57
|
+
require 'tcell_agent/instrumentation/lfi'
|
58
|
+
|
59
|
+
if TCellAgent.configuration.should_instrument?('io')
|
60
|
+
module_logger.info('Instrumenting Ruby Class: IO')
|
61
|
+
require 'tcell_agent/instrumentation/monkey_patches/io'
|
62
|
+
end
|
93
63
|
|
94
|
-
|
95
|
-
|
96
|
-
|
64
|
+
if TCellAgent.configuration.should_instrument?('file')
|
65
|
+
module_logger.info('Instrumenting Ruby Class: File')
|
66
|
+
require 'tcell_agent/instrumentation/monkey_patches/file'
|
67
|
+
end
|
68
|
+
|
69
|
+
if TCellAgent.configuration.should_instrument?('kernel') # rubocop:disable Style/GuardClause
|
70
|
+
module_logger.info('Instrumenting Ruby Module: Kernel')
|
71
|
+
require 'tcell_agent/instrumentation/monkey_patches/kernel'
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
def manage_policies
|
76
|
+
@policies_manager = PoliciesManager.new(@native_agent)
|
77
|
+
|
78
|
+
result = {}
|
79
|
+
unless TCellAgent.configuration.should_start_policy_poll?
|
80
|
+
result = @native_agent.poll_new_policies
|
81
|
+
end
|
97
82
|
|
98
|
-
|
99
|
-
@sessions_metrics = TCellAgent::SensorEvents::SessionsMetric.new
|
100
|
-
@sessions_metrics_mutex = Monitor.new
|
83
|
+
policies_and_enablements = result['new_policies_and_enablements'] || {}
|
101
84
|
|
102
|
-
@
|
103
|
-
|
85
|
+
@policies_manager.process_policy_json(
|
86
|
+
policies_and_enablements['enablements'],
|
87
|
+
policies_and_enablements['policies']
|
88
|
+
)
|
104
89
|
|
105
|
-
@
|
106
|
-
|
90
|
+
@policy_polling = PolicyPolling.new(@policies_manager, @native_agent)
|
91
|
+
end
|
92
|
+
|
93
|
+
def policies
|
94
|
+
@policies_manager.policies
|
95
|
+
end
|
96
|
+
|
97
|
+
def queue_sensor_event(event)
|
98
|
+
return unless @native_agent
|
107
99
|
|
108
|
-
@
|
109
|
-
|
100
|
+
@native_agent.send_sanitized_events(
|
101
|
+
[event]
|
102
|
+
)
|
103
|
+
rescue StandardError => standard_error
|
104
|
+
module_logger.error("Error sending event: (#{standard_error.class}) #{standard_error.message}")
|
105
|
+
module_logger.exception(standard_error)
|
110
106
|
end
|
111
107
|
|
112
|
-
def
|
113
|
-
@
|
108
|
+
def report_metrics(request_time, tcell_context)
|
109
|
+
@native_agent.report_metrics(
|
110
|
+
request_time, tcell_context
|
111
|
+
)
|
112
|
+
rescue StandardError => standard_error
|
113
|
+
module_logger.error("Error reporting metric: (#{standard_error.class}) #{standard_error.message}")
|
114
|
+
module_logger.exception(standard_error)
|
114
115
|
end
|
115
116
|
|
116
|
-
def start
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
puts '* it in the config/ directory *'
|
124
|
-
puts ' ********* ********* ********* *********'
|
117
|
+
def start(server_name)
|
118
|
+
@native_agent = TCellAgent::Rust::NativeAgent.create_agent(
|
119
|
+
TCellAgent.initializer_configuration ||
|
120
|
+
TCellAgent.configuration
|
121
|
+
)
|
122
|
+
|
123
|
+
if @native_agent.nil?
|
125
124
|
TCellAgent.configuration.enabled = false
|
126
125
|
return
|
127
126
|
end
|
128
127
|
|
129
|
-
TCellAgent.
|
128
|
+
TCellAgent.native_logger = @native_agent
|
129
|
+
|
130
|
+
module_logger.info('Rails initializer overriding default agent configuration') unless TCellAgent.initializer_configuration.nil?
|
131
|
+
|
132
|
+
instrument_auth_frameworks
|
133
|
+
instrument_built_ins
|
134
|
+
manage_policies
|
130
135
|
|
131
|
-
|
132
|
-
|
136
|
+
module_logger.info("Started thread agent: #{server_name}")
|
137
|
+
TCellAgent.report_settings
|
138
|
+
TCellAgent::Instrumentation::Rails.send_framework_info
|
139
|
+
TCellAgent::Instrumentation::Rails.send_settings
|
140
|
+
rescue StandardError => standard_error
|
141
|
+
TCellAgent.configuration.enabled = false
|
142
|
+
module_logger.error("Error starting agent: (#{standard_error.class}) #{standard_error.message}")
|
143
|
+
module_logger.exception(standard_error)
|
133
144
|
end
|
134
145
|
end
|
135
146
|
end
|