Multiple changes.

* Update version to 3.4.5.1. * Update fleetspeak binary dependency. * Adding more logging to proto deserialization. * Add tests for title in Netstat results. * Fleetspeak server wrapper: remove obsolete config initialization. * Config updater: add support for rotating fleetspeak certificate. * Use material table for displaying Netstat results. * Format NetworkConnectionFamily and NetworkConnectionType in Netstat Results table. * MSI: MSI templates can't be bulk signed. * Increasing min time between stop checks to 30 seconds.
google · Aug 18, 2021 · 3adbc6b · 3adbc6b
1 parent e178e55
commit 3adbc6b
Show file tree

Hide file tree

Showing 20 changed files with 412 additions and 87 deletions.
diff --git a/grr/client/setup.py b/grr/client/setup.py
@@ -138,7 +138,7 @@ def run(self):
         PYTSK3,
         "retry==0.9.2",
         "libfsntfs-python==20210503",
-        "fleetspeak-client-bin==0.1.9",
+        "fleetspeak-client-bin==0.1.11",
     ],
     extras_require={
         # The following requirements are needed in Windows.

diff --git a/grr/client_builder/grr_response_client_builder/client_build.py b/grr/client_builder/grr_response_client_builder/client_build.py
@@ -328,7 +328,10 @@ def RepackTemplates(self,
               passwd = self.GetWindowsPassphrase()
               repack_args.append("--sign")
             else:
-              bulk_sign_installers = True
+              if template.endswith(".msi.zip"):
+                repack_args.append("--sign")
+              else:
+                bulk_sign_installers = True
             if signed_template:
               repack_args.append("--signed_template")
           elif template.endswith(".rpm.zip"):

diff --git a/grr/client_builder/setup.py b/grr/client_builder/setup.py
@@ -68,7 +68,7 @@ def make_release_tree(self, base_dir, files):
         "grr-response-client==%s" % VERSION.get("Version", "packagedepends"),
         "grr-response-core==%s" % VERSION.get("Version", "packagedepends"),
         "PyInstaller==3.6",
-        "fleetspeak-client-bin==0.1.9",
+        "fleetspeak-client-bin==0.1.11",
         "olefile==0.46",
     ],
 

diff --git a/grr/core/grr_response_core/lib/rdfvalues/structs.py b/grr/core/grr_response_core/lib/rdfvalues/structs.py
@@ -1750,8 +1750,8 @@ def FromSerializedBytes(cls, value: bytes):
     try:
       ReadIntoObject(value, 0, instance)
     except ValueError:
-      logging.error("Error in ReadIntoObject for bytes, extract: %r",
-                    value[:1000])
+      logging.error("Error in ReadIntoObject. %d bytes, extract: %r",
+                    len(value), value[:1000])
       raise
 
     instance.dirty = True
@@ -1879,7 +1879,7 @@ def Get(self, attr, allow_set_default=True):
       The attribute's value, or the attribute's type's default value, if unset.
     """
     entry = self._data.get(attr)
-    # We dont have this field, try the defaults.
+    # We don't have this field, try the defaults.
     if entry is None:
       type_descriptor = self._GetTypeDescriptor(attr)
       default = type_descriptor.GetDefault(container=self)

diff --git a/grr/proto/grr_response_proto/sysinfo.proto b/grr/proto/grr_response_proto/sysinfo.proto
@@ -321,8 +321,15 @@ message WindowsServiceInformation {
     SERVICE_KERNEL_DRIVER = 0x1;
     SERVICE_FILE_SYSTEM_DRIVER = 0x2;
     SERVICE_ADAPTER_ARGS = 0x4;
+    SERVICE_RECOGNIZER_DRIVER = 0x8;
     SERVICE_WIN32_OWN_PROCESS = 0x10;
     SERVICE_WIN32_SHARE_PROCESS = 0x20;
+    SERVICE_USER_OWN_PROCESS = 0x50;
+    SERVICE_USER_SHARE_PROCESS = 0x60;
+    SERVICE_INTERACTIVE_PROCESS = 0x100;
+    SERVICE_INSTANCE_USER_SHARE_PROCESS = 0xe0;
+    SERVICE_INTERACTIVE_WIN32_OWN_PROCESS = 0x110;
+    SERVICE_INTERACTIVE_WIN32_SHARE_PROCESS = 0x120;
   }
 
   optional ServiceType service_type = 12 [(sem_type) = {

diff --git a/grr/server/grr_response_server/bin/config_updater.py b/grr/server/grr_response_server/bin/config_updater.py
@@ -411,6 +411,11 @@ def main(args):
       maintenance_utils.RotateServerKey(
           cn=args.common_name, keylength=keylength)
 
+      if grr_config.CONFIG["Server.fleetspeak_enabled"]:
+        config_updater_util.FleetspeakConfig().RotateKey()
+        print("Fleetspeak server key rotated, "
+              "please restart fleetspeak-server.")
+
 
 def Run():
   app.run(main, flags_parser=lambda argv: parser.parse_args(argv[1:]))

diff --git a/grr/server/grr_response_server/bin/config_updater_util.py b/grr/server/grr_response_server/bin/config_updater_util.py
@@ -2,6 +2,7 @@
 """Utilities for modifying the GRR server configuration."""
 
 import argparse
+import datetime
 import getpass
 import os
 import re
@@ -372,6 +373,18 @@ def Write(self, config):
     else:
       self._WriteDisabled(config)
 
+  def RotateKey(self):
+    now_str = datetime.datetime.now().isoformat()
+    # Move the old server keys
+    for cert_file in ("server_cert.pem", "server_cert_key.pem"):
+      old_file = f"old_{now_str}_{cert_file}"
+      os.rename(self._ConfigPath(cert_file), self._ConfigPath(old_file))
+    # Run fleetspeak-config to regenerate them
+    subprocess.check_call([
+        self._fleetspeak_config_command_path, "-config",
+        self._ConfigPath("fleetspeak_config.config")
+    ])
+
   def _ConfigPath(self, *path_components: str) -> str:
     return os.path.join(self.config_dir, *path_components)
 
@@ -482,12 +495,13 @@ def _WriteEnabled(self, config):
     cp.darwin_client_configuration_file = self._ConfigPath(
         "darwin_client.config")
 
-    p = subprocess.Popen(
-        [self._fleetspeak_config_command_path, "-config", "/dev/stdin"],
-        stdin=subprocess.PIPE)
-    p.communicate(input=text_format.MessageToString(cp).encode())
-    if p.wait() != 0:
-      raise RuntimeError("fleetspeak-config command failed.")
+    with open(self._ConfigPath("fleetspeak_config.config"), "w") as f:
+      f.write(text_format.MessageToString(cp))
+
+    subprocess.check_call([
+        self._fleetspeak_config_command_path, "-config",
+        self._ConfigPath("fleetspeak_config.config")
+    ])
 
     # These modules don't exist on Windows, so importing locally.
     # pylint: disable=g-import-not-at-top

diff --git a/grr/server/grr_response_server/bin/fleetspeak_server_wrapper.py b/grr/server/grr_response_server/bin/fleetspeak_server_wrapper.py
@@ -15,7 +15,6 @@
 
 from absl import app
 
-from grr_response_core.lib import config_lib
 from grr_response_core.lib import package
 
 
@@ -24,7 +23,6 @@ class Error(Exception):
 
 
 def main(argv):
-  config_lib.ParseConfigCommandLine()
   config_dir = package.ResourcePath(
       "fleetspeak-server-bin", "fleetspeak-server-bin/etc/fleetspeak-server")
   if not os.path.exists(config_dir):

diff --git a/grr/server/grr_response_server/gui/ui/components/flow_details/helpers/module.ts b/grr/server/grr_response_server/gui/ui/components/flow_details/helpers/module.ts
@@ -10,6 +10,7 @@ import {BrowserAnimationsModule} from '@angular/platform-browser/animations';
 import {RouterModule} from '@angular/router';
 import {ExpandableHashModule} from '@app/components/expandable_hash/module';
 import {FileModePipe} from '@app/components/flow_details/helpers/file_mode_pipe';
+import {NetworkConnectionFamilyPipe, NetworkConnectionTypePipe} from '@app/components/flow_details/helpers/network_connection_pipes';
 import {HumanReadableSizeModule} from '@app/components/human_readable_size/module';
 import {TimestampModule} from '@app/components/timestamp/module';
 
@@ -46,6 +47,8 @@ import {ResultAccordion} from './result_accordion';
   declarations: [
     FileResultsTable,
     FileModePipe,
+    NetworkConnectionFamilyPipe,
+    NetworkConnectionTypePipe,
     OsqueryResultsTable,
     ResultAccordion,
     LoadFlowResultsDirective,
@@ -54,6 +57,8 @@ import {ResultAccordion} from './result_accordion';
   exports: [
     FileResultsTable,
     FileModePipe,
+    NetworkConnectionFamilyPipe,
+    NetworkConnectionTypePipe,
     OsqueryResultsTable,
     ResultAccordion,
     LoadFlowResultsDirective,

diff --git a/...er/grr_response_server/gui/ui/components/flow_details/helpers/network_connection_pipes.ts b/...er/grr_response_server/gui/ui/components/flow_details/helpers/network_connection_pipes.ts
@@ -0,0 +1,46 @@
+import {Pipe, PipeTransform} from '@angular/core';
+
+import {NetworkConnectionFamily, NetworkConnectionType} from '../../../lib/api/api_interfaces';
+
+const NETWORK_CONNECTION_FAMILY_MAP:
+    ReadonlyMap<NetworkConnectionFamily, string> = new Map([
+      [NetworkConnectionFamily.INET, 'IPv4'],
+      [NetworkConnectionFamily.INET6, 'IPv6'],
+      [NetworkConnectionFamily.INET6_WIN, 'IPv6'],
+      [NetworkConnectionFamily.INET6_OSX, 'IPv6'],
+    ]);
+
+const NETWORK_CONNECTION_TYPE_MAP: ReadonlyMap<NetworkConnectionType, string> =
+    new Map([
+      [NetworkConnectionType.UNKNOWN_SOCKET, '?'],
+      [NetworkConnectionType.SOCK_STREAM, 'TCP'],
+      [NetworkConnectionType.SOCK_DGRAM, 'UDP'],
+    ]);
+
+/**
+ * Converts a given NetworkConnectionFamily (IP Version) enum to a more
+ * human readable format.
+ */
+@Pipe({name: 'networkConnectionFamily'})
+export class NetworkConnectionFamilyPipe implements PipeTransform {
+  transform(family: NetworkConnectionFamily|undefined): string {
+    if (family === undefined) {
+      return '-';
+    }
+    return NETWORK_CONNECTION_FAMILY_MAP.get(family) ?? '-';
+  }
+}
+
+/**
+ * Converts a given NetworkConnectionType (IP Version) enum to a more
+ * human readable format.
+ */
+@Pipe({name: 'networkConnectionType'})
+export class NetworkConnectionTypePipe implements PipeTransform {
+  transform(type: NetworkConnectionType|undefined): string {
+    if (type === undefined) {
+      return '-';
+    }
+    return NETWORK_CONNECTION_TYPE_MAP.get(type) ?? '-';
+  }
+}
diff --git a/...r_response_server/gui/ui/components/flow_details/helpers/network_connection_pipes_test.ts b/...r_response_server/gui/ui/components/flow_details/helpers/network_connection_pipes_test.ts
@@ -0,0 +1,81 @@
+import {Component, Type} from '@angular/core';
+import {TestBed, waitForAsync} from '@angular/core/testing';
+import {initTestEnvironment} from '@app/testing';
+
+import {HelpersModule} from './module';
+
+
+
+@Component({template: '{{ value | networkConnectionFamily }}'})
+class TestFamilyComponent {
+  value: string|undefined;
+}
+
+@Component({template: '{{ value | networkConnectionType }}'})
+class TestTypeComponent {
+  value: string|undefined;
+}
+
+initTestEnvironment();
+
+describe('Network Connection Pipes', () => {
+  beforeEach(waitForAsync(() => {
+    TestBed
+        .configureTestingModule({
+          imports: [
+            HelpersModule,
+          ],
+          declarations: [
+            TestFamilyComponent,
+            TestTypeComponent,
+          ],
+
+          providers: []
+        })
+        .compileComponents();
+  }));
+
+  function render(
+      component: Type<TestFamilyComponent|TestTypeComponent>, value?: string) {
+    const fixture = TestBed.createComponent(component);
+    fixture.componentInstance.value = value;
+    fixture.detectChanges();
+    return fixture.nativeElement.innerText.trim();
+  }
+
+  it('Family - undefined', () => {
+    expect(render(TestFamilyComponent, undefined)).toBe('-');
+  });
+
+  it('Family - INET', () => {
+    expect(render(TestFamilyComponent, 'INET')).toBe('IPv4');
+  });
+
+  it('Family - INET6', () => {
+    expect(render(TestFamilyComponent, 'INET6')).toBe('IPv6');
+  });
+
+  it('Family - INET6_WIN', () => {
+    expect(render(TestFamilyComponent, 'INET6_WIN')).toBe('IPv6');
+  });
+
+  it('Family - INET6_OSX', () => {
+    expect(render(TestFamilyComponent, 'INET6_OSX')).toBe('IPv6');
+  });
+
+  it('Type - undefined', () => {
+    expect(render(TestTypeComponent, undefined)).toBe('-');
+  });
+
+  it('Type - UNKNOWN_SOCKET', () => {
+    expect(render(TestTypeComponent, 'UNKNOWN_SOCKET')).toBe('?');
+  });
+
+  it('Type - SOCK_STREAM', () => {
+    expect(render(TestTypeComponent, 'SOCK_STREAM')).toBe('TCP');
+  });
+
+  it('Type - SOCK_DGRAM', () => {
+    expect(render(TestTypeComponent, 'SOCK_DGRAM')).toBe('UDP');
+  });
+});
diff --git a/grr/server/grr_response_server/gui/ui/components/flow_details/plugins/module.ts b/grr/server/grr_response_server/gui/ui/components/flow_details/plugins/module.ts
@@ -1,3 +1,4 @@
+import {ClipboardModule} from '@angular/cdk/clipboard';
 import {CdkTreeModule} from '@angular/cdk/tree';
 import {CommonModule} from '@angular/common';
 import {NgModule} from '@angular/core';
@@ -12,6 +13,7 @@ import {MatInputModule} from '@angular/material/input';
 import {MatMenuModule} from '@angular/material/menu';
 import {MatProgressBarModule} from '@angular/material/progress-bar';
 import {MatProgressSpinnerModule} from '@angular/material/progress-spinner';
+import {MatTableModule} from '@angular/material/table';
 import {MatTreeModule} from '@angular/material/tree';
 import {BrowserAnimationsModule} from '@angular/platform-browser/animations';
 import {RouterModule} from '@angular/router';
@@ -53,6 +55,7 @@ const COMPONENTS = [
     ApiModule,
     BrowserAnimationsModule,
     CdkTreeModule,
+    ClipboardModule,
     CommonModule,
     FormsModule,
     HelpersModule,
@@ -67,6 +70,7 @@ const COMPONENTS = [
     MatMenuModule,
     MatProgressBarModule,
     MatProgressSpinnerModule,
+    MatTableModule,
     MatTreeModule,
     ReactiveFormsModule,
     RouterModule,