zscams 2.0.1__py2.py3-none-any.whl

zscams/agent/src/services/system_monitor.py

@@ -0,0 +1,264 @@
+import asyncio
+import os
+import sys
+import datetime
+import psutil
+import logging
+import logging.handlers
+import json
+import socket
+import platform
+from zscams.agent.src.support.logger import get_logger
+from http.client import BadStatusLine, HTTPConnection, HTTPException
+logger = get_logger("system_monitor")
+
+# Load service-specific params from environment
+params_env = os.environ.get("SERVICE_PARAMS")
+if not params_env:
+    logger.error("SERVICE_PARAMS environment variable not set")
+    sys.exit(1)
+
+params = json.loads(params_env)
+# -----------------------------
+# Configuration
+# -----------------------------
+SYSLOG_HOST = params.get("remote_host", "localhost")  # remote rsyslog host
+SYSLOG_PORT = params.get("remote_port", 514)  # TCP syslog port
+EQUIPMENT_NAME = params.get("equipment_name", "connector")
+EQUIPMENT_TYPE = params.get("equipment_type", "zpa")
+SERVICE_NAME = params.get("service_name", "Zscaler-AppConnector")
+HOSTNAME = platform.node()
+
+
+
+
+def network():
+    """
+    Collect network interfaces and their statistics.
+    Returns a dictionary with per-interface
+    """
+    ifaces = {}
+    for iface, stats in psutil.net_io_counters(pernic=True).items():
+        ifaces[iface] = {
+            "in": {
+                "bytes": stats.bytes_recv,
+                "packets": stats.packets_recv,
+                "errors": getattr(stats, "errin", 0),
+                "dropped": getattr(stats, "dropin", 0),
+            },
+            "out": {
+                "bytes": stats.bytes_sent,
+                "packets": stats.packets_sent,
+                "errors": getattr(stats, "errout", 0),
+                "dropped": getattr(stats, "dropout", 0),
+            },
+        }
+    if "lo" in ifaces:
+        del ifaces["lo"]
+    return ifaces
+
+
+def memory():
+    """
+    Get memory and swap usage
+    Returns a dictionary with total, used, free, and swap info.
+    """
+    mem = psutil.virtual_memory()
+    swap = psutil.swap_memory()
+    mem_remain = mem.total - mem.available
+    output_memory = {
+        "actual": {
+            "free": mem.available,
+            "used": {
+                "pct": round(mem_remain / mem.total, 4),
+                "bytes": mem_remain,
+            },
+        },
+        "total": mem.total,
+        "used": {
+            "pct": round(mem.percent / 100, 4),
+            "bytes": mem.total - mem.available,
+        },
+        "free": mem.available,
+        "swap": {
+            "total": swap.total,
+            "used": {
+                "pct": swap.percent / 100,
+                "bytes": swap.used,
+            },
+            "free": swap.free,
+        },
+    }
+    return output_memory
+
+
+def cpu():
+    """
+    Get CPU usage
+    Returns a dictionary with total, user, system, idle, and core count.
+    """
+    times = psutil.cpu_times()
+    total = sum(times)
+    used = total - times.idle
+    cpu_total_pct = round(used / total, 4)
+    return {
+        "total": {"pct": cpu_total_pct},
+        "system": {"pct": round(times.system / total, 4)},
+        "user": {"pct": round(times.user / total, 4)},
+        "idle": {"pct": round(times.idle / total, 4)},
+        "cores": psutil.cpu_count(),
+        "iowait": {"pct": round(getattr(times, "iowait", 0) / total, 4)},
+        "irq": {"pct": round(getattr(times, "irq", 0) / total, 4)},
+        "softirq": {"pct": round(getattr(times, "softirq", 0) / total, 4)},
+        "nice": {"pct": round(getattr(times, "nice", 0) / total, 4)},
+        "steal": {"pct": round(getattr(times, "steal", 0) / total, 4)},
+    }
+
+
+def load():
+    """
+    Get CPU load averages over 1, 5, and 15 minutes.
+    Returns a dictionary with normalized load per CPU core.
+    """
+    load1, load5, load15 = psutil.getloadavg()
+    cores = psutil.cpu_count()
+    cores = float(cores) if cores else 1.0
+    return {
+        "1": load1,
+        "5": load5,
+        "15": load15,
+        "cores": cores,
+        "norm": {
+            "1": load1 / cores,
+            "5": load5 / cores,
+            "15": load15 / cores,
+        },
+    }
+
+
+def uptime():
+    """
+    Return system boot time in seconds since the epoch.
+    """
+    return {"duration": {"seconds": int(psutil.boot_time())}}
+
+
+def disk():
+    """
+    Get disk usage metrics for the root filesystem.
+    Returns a dictionary with total, used, and free bytes.
+    """
+    disk = psutil.disk_usage("/")
+    return {"total": disk.total, "used": disk.used, "free": disk.free}
+
+
+def process(process_names=None):
+    """
+    Get metrics about running processes by name.
+    Default: ["zpa-connector", "zpa-service-edge"]
+    Returns a list of dictionaries with process info.
+    """
+    if process_names is None:
+        process_names = ["zpa-connector", "zpa-service-edge"]
+
+    output = []
+    for proc in psutil.process_iter(
+        [
+            "name",
+            "pid",
+            "ppid",
+            "username",
+            "memory_info",
+            "cpu_times",
+            "cmdline",
+            "status",
+            "create_time",
+        ]
+    ):
+        try:
+            if proc.info["name"] in process_names:
+                mem = proc.info["memory_info"]
+                cpu_pct = proc.cpu_percent(interval=0.1)
+                output.append(
+                    {
+                        "name": proc.info["name"],
+                        "pid": proc.info["pid"],
+                        "ppid": proc.info["ppid"],
+                        "username": proc.info["username"],
+                        "memory": {
+                            "rss": mem.rss,
+                            "vms": mem.vms,
+                            "percent": round(proc.memory_percent(), 2),
+                        },
+                        "cpu": {
+                            "percent": cpu_pct,
+                            "start_time": datetime.datetime.fromtimestamp(
+                                proc.info["create_time"]
+                            ).isoformat(),
+                        },
+                        "cmdline": proc.info["cmdline"],
+                        "status": proc.info["status"],
+                    }
+                )
+        except (psutil.NoSuchProcess, psutil.AccessDenied):
+            continue
+    return output
+
+
+def collect_all():
+    """
+    Collect all metrics in a single dictionary.
+    """
+    return {
+        "network": network(),
+        "memory": memory(),
+        "cpu": cpu(),
+        "load": load(),
+        "uptime": uptime(),
+        "disk": disk(),
+        "processes": process(),
+    }
+
+
+def log():
+    return {
+        "system": collect_all(),
+        "beat": {
+            "name": EQUIPMENT_NAME,
+            "type": EQUIPMENT_TYPE,
+            "hostname": HOSTNAME,
+        },
+        "host": HOSTNAME,
+    }
+
+
+
+# -----------------------------
+# Helper function to log JSON
+# -----------------------------
+async def send_json_log(payload: dict):
+    """
+    Send a JSON-formatted log to syslog via TCP
+    """
+    conn = HTTPConnection(SYSLOG_HOST, SYSLOG_PORT, timeout=10)
+    conn.request(
+        "POST", "/", json.dumps(payload), headers={"Content-type": "application/json"}
+    )
+    conn.close()
+    logger.info("Metrices collected and sent successfully.")
+
+
+async def schedule_task(interval):
+    while (True):
+        try:
+            await send_json_log(log())
+        except Exception as exception:
+            print(exception)
+        await asyncio.sleep(interval)
+
+if __name__ == "__main__":
+    try:
+        asyncio.run(schedule_task(30))
+    except KeyboardInterrupt:
+        logger.info("Exiting system_monitor.py")
+        sys.exit(0)

zscams/agent/src/support/configuration.py

@@ -0,0 +1,53 @@
+"""
+Configuration loader module
+"""
+
+import os
+from pathlib import Path
+from typing import TypedDict
+
+import yaml
+
+
+config = {}
+
+ROOT_PATH = Path(__file__).parent.parent.parent
+
+CONFIG_PATH = os.path.join(ROOT_PATH.absolute(), "config.yaml")
+
+
+class RemoteConfig(TypedDict):
+    """Type definition for remote configuration."""
+
+    host: str
+    port: str
+    verify_cert: bool
+    client_key: str
+    ca_cert: str
+    ca_chain: str
+
+
+def load_config():
+    """
+    Load and parse the YAML configuration file.
+
+    Returns:
+        dict: Configuration dictionary containing remote settings and forwards.
+    """
+    with open(CONFIG_PATH, "r") as f:
+        config = yaml.safe_load(f)
+        return config
+
+
+def get_config():
+    """
+    Get the loaded configuration.
+
+    Returns:
+        dict: Configuration dictionary containing remote settings and forwards.
+    """
+
+    if not config:
+        return load_config()
+
+    return config

zscams/agent/src/support/filesystem.py

@@ -0,0 +1,41 @@
+"""
+Path utilities for TLS Tunnel Client
+"""
+
+import os
+from typing import Optional
+
+
+def resolve_path(path: Optional[str], base_dir: Optional[str] = None) -> Optional[str]:
+    """
+    Resolve a file path relative to a base directory.
+
+    Args:
+        path (str): Path to resolve (absolute or relative)
+        base_dir (str, optional): Directory to resolve relative paths from.
+            Defaults to None (current working directory)
+
+    Returns:
+        str: Absolute path
+    """
+    if path is None:
+        return None
+    if not os.path.isabs(path) and base_dir:
+        return os.path.join(base_dir, path)
+    return path
+
+
+def ensure_dir(path: str):
+    """Ensure a directory exists."""
+
+    os.makedirs(path, exist_ok=True)
+
+
+def is_file_exists(path, logger):
+    """Check if file exists."""
+    if os.path.exists(path):
+        logger.debug(f"File exists: {path}")
+        return True
+
+    logger.error(f"File not found: {path}")
+    return False

zscams/agent/src/support/logger.py

@@ -0,0 +1,40 @@
+"""
+Logger module for TLS Tunnel Client
+"""
+
+import logging
+import sys
+
+from zscams.agent.src.support.configuration import get_config
+
+
+loggers: dict[str, logging.Logger] = {}
+
+
+def get_logger(name: str = "tls_tunnel") -> logging.Logger:
+    """Create a singleton instance for that logger name"""
+
+    if name in loggers:
+        return loggers[name]
+
+    logger = logging.getLogger(name)
+
+    level = get_config().get("logging", {}).get("level", 10)
+
+    logger.setLevel(level)
+    logger.propagate = False
+
+    if logger.hasHandlers():
+        logger.handlers.clear()
+
+    console_handler = logging.StreamHandler(sys.stdout)
+    console_handler.setLevel(level)
+
+    console_formatter = logging.Formatter(
+        "%(asctime)s [%(levelname)s] %(name)s: %(message)s", "%Y-%m-%d %H:%M:%S"
+    )
+    console_handler.setFormatter(console_formatter)
+    logger.addHandler(console_handler)
+
+    loggers[name] = logger
+    return logger

zscams/agent/src/support/mac.py

@@ -0,0 +1,18 @@
+"""Module to retrieve the MAC address of the primary network interface."""
+
+from zscams.libs.getmac import get_mac_address as gma
+
+
+class MacAddressError(Exception):
+    """Exception raised when MAC address cannot be retrieved."""
+
+    pass
+
+
+def get_mac_address() -> str:
+    """Get the MAC address of the primary network interface."""
+
+    mac_addr = gma()
+    if not mac_addr:
+        raise MacAddressError("Could not retrieve MAC address.")
+    return mac_addr

zscams/agent/src/support/network.py

@@ -0,0 +1,49 @@
+"""
+Network utilities for TLS Tunnel Client
+"""
+
+import socket
+
+
+def is_port_open(host, port, logger):
+    """Check if TCP port is open."""
+    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
+        sock.settimeout(1)
+        try:
+            sock.connect((host, port))
+            logger.debug(f"Port {port} on {host} is open.")
+            return True
+        except (ConnectionRefusedError, OSError):
+            logger.error(f"Port {port} on {host} is not open.")
+            return False
+        except Exception as err:
+            logger.error("Port check failed for %s:%s. Error: %s", host, port, err)
+            return False
+
+
+def is_service_running(service_name, running_services, logger):
+    """Wait for another service to be marked as running."""
+    if service_name in running_services:
+        logger.debug(f"Service {service_name} is running.")
+        return True
+
+    logger.error(f"Service {service_name} is not running.")
+    return False
+
+
+def get_local_ip_address():
+    """Get the local IP address of the machine."""
+    with socket.socket(socket.AF_INET, socket.SOCK_DGRAM) as s:
+        try:
+            # The IP used here doesn't need to be reachable
+            s.connect(("8.8.8.8", 80))
+            ip = s.getsockname()[0]
+        except Exception:
+            ip = "127.0.0.1"
+        return ip
+
+
+def get_local_hostname():
+    """Get the local hostname of the machine."""
+
+    return socket.gethostname()

zscams/agent/src/support/openssl.py

@@ -0,0 +1,100 @@
+"""
+This module provides a simple interface for generating RSA key pairs
+"""
+
+from cryptography import x509
+from cryptography.hazmat.primitives.asymmetric import rsa
+from cryptography.x509.oid import NameOID
+from cryptography.hazmat.primitives import hashes, serialization
+from cryptography.hazmat.backends import default_backend
+
+
+def generate_private_key(key_path: str):
+    """Generate a new RSA private key and save it to a file."""
+
+    private_key = rsa.generate_private_key(
+        public_exponent=65537,
+        key_size=4096,
+    )
+
+    pem_private_key = private_key.private_bytes(
+        encoding=serialization.Encoding.PEM,
+        format=serialization.PrivateFormat.PKCS8,
+        encryption_algorithm=serialization.NoEncryption(),
+    )
+
+    with open(key_path, "wb") as f:
+        f.write(pem_private_key)
+
+    return pem_private_key
+
+
+# pylint: disable=too-many-arguments,too-many-positional-arguments
+def generate_csr_from_private_key(
+    private_key_content: bytes,
+    country: str,
+    state: str,
+    locality: str,
+    organization: str,
+    common_name: str,
+) -> str:
+    """
+    Generate a CSR (Certificate Signing Request) from an existing private key.
+    Returns:
+        str: The generated CSR in PEM format.
+    """
+
+    private_key = serialization.load_pem_private_key(
+        private_key_content,
+        password=None,
+        backend=default_backend(),
+    )
+
+    csr_builder = x509.CertificateSigningRequestBuilder()
+    csr_builder = csr_builder.subject_name(
+        x509.Name(
+            [
+                x509.NameAttribute(NameOID.COUNTRY_NAME, country),
+                x509.NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, state),
+                x509.NameAttribute(NameOID.LOCALITY_NAME, locality),
+                x509.NameAttribute(NameOID.ORGANIZATION_NAME, organization),
+                x509.NameAttribute(NameOID.COMMON_NAME, common_name),
+            ]
+        )).add_extension(
+                x509.BasicConstraints(ca=False, path_length=None),
+                critical=False,).add_extension(
+                x509.UnrecognizedExtension(
+                    x509.ObjectIdentifier("2.16.840.1.113730.1.1"),
+                    b"SSL Client, S/MIME",
+                ),
+                critical=False,).add_extension(
+                x509.UnrecognizedExtension(
+                    x509.ObjectIdentifier("2.16.840.1.113730.1.13"),
+                    b"Generated by OBS/OCD",
+                ),
+                critical=False,
+            ).add_extension(
+                x509.KeyUsage(
+                    digital_signature=True,
+                    crl_sign=False,
+                    key_encipherment=True,
+                    content_commitment=True,
+                    data_encipherment=False,
+                    key_agreement=False,
+                    key_cert_sign=False,
+                    encipher_only=False,
+                    decipher_only=False,
+                ),
+                critical=True,
+            ).add_extension(
+                x509.ExtendedKeyUsage(
+                    [
+                        x509.ExtendedKeyUsageOID.CLIENT_AUTH,
+                        x509.ExtendedKeyUsageOID.EMAIL_PROTECTION,
+                    ]
+                ),
+                critical=False,
+            )
+
+    csr = csr_builder.sign(private_key, hashes.SHA256())
+    return csr.public_bytes(serialization.Encoding.PEM).decode("utf-8")

zscams/libs/getmac/__init__.py

@@ -0,0 +1,3 @@
+from .getmac import __version__, get_mac_address
+
+__all__ = ["get_mac_address"]

zscams/libs/getmac/__main__.py

@@ -0,0 +1,123 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+
+from __future__ import print_function
+
+import argparse
+import logging
+import sys
+
+from . import getmac
+
+
+def main():  # type: () -> None
+    parser = argparse.ArgumentParser(
+        "getmac",
+        description="Get the MAC address of system network "
+        "interfaces or remote hosts on the LAN",
+    )
+    parser.add_argument(
+        "--version", action="version", version="getmac %s" % getmac.__version__
+    )
+    parser.add_argument(
+        "-v", "--verbose", action="store_true", help="Enable output messages"
+    )
+    parser.add_argument(
+        "-d",
+        "--debug",
+        action="count",
+        help="Enable debugging output. Add characters to "
+        "increase verbosity of output, e.g. '-dd'.",
+    )
+    parser.add_argument(
+        "-N",
+        "--no-net",
+        "--no-network-requests",
+        action="store_true",
+        dest="NO_NET",
+        help="Do not use arping or send a UDP packet to refresh the ARP table",
+    )
+    parser.add_argument(
+        "--override-port",
+        type=int,
+        metavar="PORT",
+        help="Override the default UDP port used to refresh the ARP table "
+        "if network requests are enabled and arping is unavailable",
+    )
+    parser.add_argument(
+        "--override-platform",
+        type=str,
+        default=None,
+        metavar="PLATFORM",
+        help="Override the platform detection with the given value "
+        "(e.g. 'linux', 'windows', 'freebsd', etc.'). "
+        "Any values returned by platform.system() are valid.",
+    )
+    parser.add_argument(
+        "--force-method",
+        type=str,
+        default=None,
+        metavar="METHOD",
+        help="Force a specific method to be used, e.g. 'IpNeighborShow'. "
+        "This will be used regardless of it's method type or platform "
+        "compatibility, and Method.test() will NOT be checked!",
+    )
+
+    group = parser.add_mutually_exclusive_group(required=False)
+    group.add_argument(
+        "-i",
+        "--interface",
+        type=str,
+        default=None,
+        help="Name of a network interface on the system",
+    )
+    group.add_argument(
+        "-4", "--ip", type=str, default=None, help="IPv4 address of a remote host"
+    )
+    group.add_argument(
+        "-6", "--ip6", type=str, default=None, help="IPv6 address of a remote host"
+    )
+    group.add_argument(
+        "-n", "--hostname", type=str, default=None, help="Hostname of a remote host"
+    )
+
+    args = parser.parse_args()
+
+    if args.debug or args.verbose:
+        logging.basicConfig(
+            format="%(levelname)-8s %(message)s", level=logging.DEBUG, stream=sys.stderr
+        )
+
+    if args.debug:
+        getmac.DEBUG = args.debug
+
+    if args.override_port:
+        port = int(args.override_port)
+        getmac.log.debug(
+            "Using UDP port %d (overriding the default port %d)", port, getmac.PORT
+        )
+        getmac.PORT = port
+
+    if args.override_platform:
+        getmac.OVERRIDE_PLATFORM = args.override_platform.strip().lower()
+
+    if args.force_method:
+        getmac.FORCE_METHOD = args.force_method.strip().lower()
+
+    mac = getmac.get_mac_address(
+        interface=args.interface,
+        ip=args.ip,
+        ip6=args.ip6,
+        hostname=args.hostname,
+        network_request=not args.NO_NET,
+    )
+
+    if mac is not None:
+        print(mac)  # noqa: T001, T201
+        sys.exit(0)  # Exit success!
+    else:
+        sys.exit(1)  # Exit with error since it failed to find a MAC
+
+
+if __name__ == "__main__":
+    main()