diff --git a/go.mod b/go.mod index 6fa284f..1c6fdb6 100644 --- a/go.mod +++ b/go.mod @@ -2,7 +2,7 @@ module github.com/autonubil/go-wazuh require ( github.com/coreos/go-semver v0.3.0 - github.com/deepmap/oapi-codegen v1.10.1 + github.com/deepmap/oapi-codegen v1.11.0 github.com/google/martian v2.1.0+incompatible github.com/joncrlsn/dque v0.0.0-20211108142734-c2ef48c5192a github.com/matishsiao/goInfo v0.0.0-20210923090445-da2e3fa8d45f @@ -10,7 +10,7 @@ require ( github.com/tklauser/go-sysconf v0.3.10 // indirect go.uber.org/ratelimit v0.2.0 go.uber.org/zap v1.21.0 - golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122 + golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e ) require ( @@ -20,25 +20,31 @@ require ( github.com/iancoleman/strcase v0.2.0 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.12.2 + github.com/urfave/cli v1.22.9 ) require ( + github.com/CycloneDX/cyclonedx-go v0.6.0 // indirect github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect + github.com/cpuguy83/go-md2man/v2 v2.0.1 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/golang/protobuf v1.5.2 // indirect + github.com/google/go-cmp v0.5.8 // indirect github.com/google/uuid v1.3.0 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect github.com/prometheus/client_model v0.2.0 // indirect - github.com/prometheus/common v0.32.1 // indirect + github.com/prometheus/common v0.35.0 // indirect github.com/prometheus/procfs v0.7.3 // indirect - github.com/tklauser/numcpus v0.4.0 // indirect + github.com/russross/blackfriday/v2 v2.1.0 // indirect + github.com/stretchr/testify v1.7.2 // indirect + github.com/tklauser/numcpus v0.5.0 // indirect github.com/yusufpapurcu/wmi v1.2.2 // indirect go.uber.org/atomic v1.9.0 // indirect go.uber.org/multierr v1.8.0 // indirect - golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 // indirect + golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c // indirect google.golang.org/protobuf v1.28.0 // indirect ) diff --git a/go.sum b/go.sum index 4951940..478ba2f 100644 --- a/go.sum +++ b/go.sum @@ -38,6 +38,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53/go.mod h1:+3IMCy2vIlbG1XG/0ggNQv0SvxCAIpPM5b1nCz56Xno= github.com/CloudyKit/jet/v3 v3.0.0/go.mod h1:HKQPgSJmdK8hdoAbKUUWajkHyHo4RaU5rMdUywE7VMo= +github.com/CycloneDX/cyclonedx-go v0.6.0 h1:SizWGbZzFTC/O/1yh072XQBMxfvsoWqd//oKCIyzFyE= +github.com/CycloneDX/cyclonedx-go v0.6.0/go.mod h1:nQCiF4Tvrg5Ieu8qPhYMvzPGMu5I7fANZkrSsJjl5mg= github.com/Joker/hpp v1.0.0/go.mod h1:8x5n+M1Hp5hC0g8okX3sR3vFQwynaX/UgSOM9MeBKzY= github.com/Shopify/goreferrer v0.0.0-20181106222321-ec9c9a553398/go.mod h1:a1uqRtAwp2Xwc6WNPJEufxJ7fx3npB4UV/JOLmbu5I0= github.com/ajg/form v1.5.1/go.mod h1:uL1WgH+h2mgNtvBq0339dVnzXdBETtL2LeUXaIv25UY= @@ -56,6 +58,7 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= +github.com/bradleyjkemp/cupaloy/v2 v2.7.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE= @@ -71,7 +74,11 @@ github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8Nz github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= +github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= +github.com/cpuguy83/go-md2man/v2 v2.0.1 h1:r/myEWzV9lfsM1tFLgDyu0atFtJ1fXn261LKYj/3DxU= +github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -80,8 +87,8 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.1/go.mod h1:hyedUtir6IdtD/7lIxGeCxkaw7y45JueMRL4DIyJDKs= -github.com/deepmap/oapi-codegen v1.10.1 h1:xybuJUR6D8l7P+LAuxOm5SD7nTlFKHWvOPl31q+DDVs= -github.com/deepmap/oapi-codegen v1.10.1/go.mod h1:TvVmDQlUkFli9gFij/gtW1o+tFBr4qCHyv2zG+R0YZY= +github.com/deepmap/oapi-codegen v1.11.0 h1:f/X2NdIkaBKsSdpeuwLnY/vDI0AtPUrmB5LMgc7YD+A= +github.com/deepmap/oapi-codegen v1.11.0/go.mod h1:k+ujhoQGxmQYBZBbxhOZNZf4j08qv5mC+OH+fFTnKxM= github.com/dgraph-io/badger v1.6.0/go.mod h1:zwt7syl517jmP8s94KqSxTlM6IMsdhYy6psNgSztDR4= github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= @@ -110,9 +117,11 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= +github.com/go-kit/log v0.2.0/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A= +github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-martini/martini v0.0.0-20170121215854-22fa46961aab/go.mod h1:/P9AEU963A2AYjv4d1V5eVL1CQbEJq6aCNHDDjibzu8= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= @@ -125,12 +134,12 @@ github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA= github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4= -github.com/go-playground/validator/v10 v10.10.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU= +github.com/go-playground/validator/v10 v10.11.0/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/gobwas/httphead v0.0.0-20180130184737-2c6c146eadee/go.mod h1:L0fX3K22YWvt/FAX9NnzrNzcI4wNYi9Yku4O0LKYflo= github.com/gobwas/pool v0.2.0/go.mod h1:q8bcK0KcYlCgd9e7WYLm9LpyS+YeLd8JVDW6WezmKEw= github.com/gobwas/ws v1.0.2/go.mod h1:szmBTxLgaFppYjEmNtny/v3w89xOydFnnZMcgRRu/EM= -github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gofrs/flock v0.7.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= @@ -177,8 +186,9 @@ github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5 h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.8 h1:e6P7q2lk1O+qJJb4BtCQXlK8vWEO8V1ZeuEdJNOqZyg= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= @@ -260,7 +270,7 @@ github.com/lestrrat-go/blackmagic v1.0.1/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx v1.2.23/go.mod h1:sAXjRwzSvCN6soO4RLoWWm1bVPpb8iOuv0IYfH8OWd8= +github.com/lestrrat-go/jwx v1.2.24/go.mod h1:zoNuZymNl5lgdcu6P7K6ie2QRll5HVfF4xwxBBK1NxY= github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -279,8 +289,9 @@ github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2y github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= -github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= +github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= +github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mediocregopher/radix/v3 v3.4.2/go.mod h1:8FL3F6UQRXHXIBSPUs5h0RybMF8i4n7wVopoX3x7Bv8= github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= @@ -312,6 +323,7 @@ github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXP github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= +github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34= github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= @@ -322,8 +334,9 @@ github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= -github.com/prometheus/common v0.32.1 h1:hWIdL3N2HoUx3B8j3YN9mWor0qhY/NlEKZEaXxuIRh4= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= +github.com/prometheus/common v0.35.0 h1:Eyr+Pw2VymWejHqCugNaQXkAi6KayVNxaHeu6khmFBE= +github.com/prometheus/common v0.35.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= @@ -334,7 +347,11 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= +github.com/russross/blackfriday v1.5.2 h1:HyvC0ARfnZBqnXwABFeSZHpKvJHJJfPz81GNueLj0oo= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/schollz/closestmatch v2.1.0+incompatible/go.mod h1:RtP1ddjLong6gTkbtmuhtR2uUrrJOpYzYRvbcPAid+g= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= @@ -360,17 +377,21 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.2 h1:4jaiDzPyXQvSd7D0EjG45355tLlV3VOECpq10pLC+8s= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/tklauser/go-sysconf v0.3.10 h1:IJ1AZGZRWbY8T5Vfk04D9WOA5WSejdflXxP03OUqALw= github.com/tklauser/go-sysconf v0.3.10/go.mod h1:C8XykCvCb+Gn0oNCWPIlcb0RuglQTYaQ2hGm7jmxEFk= -github.com/tklauser/numcpus v0.4.0 h1:E53Dm1HjH1/R2/aoCtXtPgzmElmn51aOkhCFSuZq//o= github.com/tklauser/numcpus v0.4.0/go.mod h1:1+UI3pD8NW14VMwdgJNJ1ESk2UnwhAnz5hMwiKKqXCQ= +github.com/tklauser/numcpus v0.5.0 h1:ooe7gN0fg6myJ0EKoTAf5hebTZrH52px3New/D9iJ+A= +github.com/tklauser/numcpus v0.5.0/go.mod h1:OGzpTxpcIMNGYQdit2BYL1pvk/dSOaJWjKoflh+RQjo= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY= github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY= +github.com/urfave/cli v1.22.9 h1:cv3/KhXGBGjEXLC4bH0sLuJ9BewaAbpk5oyMOveu4pw= +github.com/urfave/cli v1.22.9/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/valyala/fasthttp v1.6.0/go.mod h1:FstJa9V+Pj9vQ7OJie2qMHdwemEDaDiSdBnvPM1Su9w= @@ -421,10 +442,10 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122 h1:NvGWuYG8dkDHFSKksI1P9faiVJ9rayE6l0+ouWVIDs8= -golang.org/x/crypto v0.0.0-20220507011949-2cf3adece122/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220513210258-46612604a0f9/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e h1:T8NU3HyQ8ClP4SEE+KbFlg6n0NhuTsN4MyznaarGsZM= +golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -494,13 +515,16 @@ golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211008194852-3b03d305991f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20220418201149-a630d4f3e7a2/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220513224357-95641704303c/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -565,9 +589,10 @@ golang.org/x/sys v0.0.0-20211103235746-7861aae1554b/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220114195835-da31bd327af9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6 h1:nonptSpoQ4vQjyraW20DXPAglgQfVnM9ZC6MmNLMR60= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220513210249-45d2b4557a2a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c h1:aFV+BgZ4svzjfabn8ERpuB4JI4N6/rdy1iusx77G3oU= +golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -631,7 +656,6 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f h1:GGU+dLjvlC3qDwqYgL6UgRmHXhOOgns0bZu2Ty5mm6U= golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= @@ -731,8 +755,9 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20191120175047-4206685974f2/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/ossec/agent.go b/ossec/agent.go index c5bcd52..52eaaa8 100644 --- a/ossec/agent.go +++ b/ossec/agent.go @@ -41,10 +41,9 @@ const ( SendRateLimit = 450 // time between server pings - NotifyTime = 10 - SysinfoIntervall = 60 // each 60th ping -> 1/h - - WazuhVersion = "4.3.0" + NotifyTime = 10 + SysinfoInterval = 60 // each 60th ping -> 1/h + WazuhVersion = "4.3.0" ) const ( @@ -77,11 +76,46 @@ const ( POSTGRESQL_MQ = 'b' AUTH_MQ = 'c' SYSCOLLECTOR_MQ = 'd' + CISCAT_MQ = 'e' + WIN_EVT_MQ = 'f' RIDS_DIR = "rids" REMOTE_DIR = "remote" WM_SYS_LOCATION = "syscollector" + STATS_MODULE = 11 + FTS_MODULE = 12 + SYSCHECK_MODULE = 13 + HOSTINFO_MODULE = 15 + + ROOTCHECK_MOD = "rootcheck" + HOSTINFO_NEW = "hostinfo_new" + HOSTINFO_MOD = "hostinfo_modified" + FIM_MOD = "syscheck_integrity_changed" + FIM_NEW = "syscheck_new_entry" + FIM_DEL = "syscheck_deleted" + FIM_REG_KEY_MOD = "syscheck_registry_key_modified" + FIM_REG_KEY_NEW = "syscheck_registry_key_added" + FIM_REG_KEY_DEL = "syscheck_registry_key_deleted" + FIM_REG_VAL_MOD = "syscheck_registry_value_modified" + FIM_REG_VAL_NEW = "syscheck_registry_value_added" + FIM_REG_VAL_DEL = "syscheck_registry_value_deleted" + SYSCOLLECTOR_MOD = "syscollector" + CISCAT_MOD = "ciscat" + WINEVT_MOD = "windows_eventchannel" + SCA_MOD = "sca" + + /* Types of events (from decoders) */ + UNKNOWN = 0 + SYSLOG = 1 /* syslog message */ + IDS = 2 /* IDS alert */ + FIREWALL = 3 /* Firewall event */ + WEBLOG = 7 /* Apache log */ + SQUID = 8 /* Squid log */ + DECODER_WINDOWS = 9 /* Windows log */ + HOST_INFO = 10 /* Host information log (from nmap or similar) */ + OSSEC_RL = 11 /* OSSEC rule */ + maxBufferSize = 1024 * 1024 * 10 ReadWaitTimeout = time.Duration(30 * time.Second) ReadImmediateTimeout = time.Duration(1 * time.Second) @@ -93,6 +127,13 @@ type Client struct { Server string Port uint16 UDP bool + EncryptionMethod EncryptionMethod + ClientName string + ClientVersion string + ConfigHash string + RemoteFiles map[string]RemoteFileInfo + CurrentRemoteFile *RemoteFileInfo + Scanner *SysCollector basePath string remotePath string ridsPath string @@ -108,10 +149,6 @@ type Client struct { sentBytesTotal uint64 receivedBytes uint64 receivedBytesTotal uint64 - EncryptionMethod EncryptionMethod - ClientName string - ClientVersion string - ConfigHash string ctx context.Context conn net.Conn mx sync.Mutex @@ -119,8 +156,6 @@ type Client struct { connected bool rateLimit ratelimit.Limiter outChannel chan interface{} - RemoteFiles map[string]RemoteFileInfo - CurrentRemoteFile *RemoteFileInfo un *goInfo.GoInfoObject osInfo *sysinfo.OS } @@ -280,6 +315,8 @@ func NewAgent(server string, agentID string, agentName string, agentKey string, osInfo: sysinfo.GetOSInfo(), } + a.Scanner = NewScanner(a) + // mutate agent and add all optional params for _, o := range opts { if err := o(a); err != nil { @@ -329,6 +366,10 @@ func (a *Client) IsConencted() bool { return a.connected } +func (a *Client) GetBasePath() string { + return a.basePath +} + // WriteClientCounter persist current counters func (a *Client) WriteClientCounter() error { ridsFile := filepath.Join(a.ridsPath, a.AgentID) @@ -897,10 +938,18 @@ func itemBuilder() interface{} { func (a *Client) openQueue(ctx context.Context) (chan *QueuePosting, *dque.DQue, error) { q, err := dque.NewOrOpen("event-queue", a.basePath, 500, itemBuilder) + queuePath := a.basePath + "/event-queue" + if err != nil && strings.HasPrefix(err.Error(), "unable to create queue segment in "+queuePath) { + a.logger.Warn("drop corrupt queue", zap.String("path", queuePath), zap.Error(err)) + os.RemoveAll(queuePath) + q, err = dque.NewOrOpen("event-queue", a.basePath, 500, itemBuilder) + } if err != nil { return nil, nil, err } + a.logger.Info("queue opened", zap.String("path", queuePath), zap.Error(err)) + input := make(chan *QueuePosting, 100) go func() { @@ -966,7 +1015,7 @@ func (a *Client) AgentLoop(ctx context.Context, closeOnError bool) (chan *QueueP q.Close() }() - nextSysinfoUpdate := SysinfoIntervall + nextSysinfoUpdate := -1 for { if a.CurrentRemoteFile != nil { @@ -1043,8 +1092,10 @@ func (a *Client) AgentLoop(ctx context.Context, closeOnError bool) (chan *QueueP var wireMsg string if msg.TargetQueue == LOCALFILE_MQ { wireMsg = fmt.Sprintf("%c:%s:%s %s %s:%s", msg.TargetQueue, msg.Location, msg.Timestamp.UTC().Format("Jan 02 15:04:05"), a.AgentName, msg.ProgramName, string(b)) + } else if msg.TargetQueue == SECURE_MQ { + wireMsg = fmt.Sprintf("%c:%s->%s", msg.TargetQueue, msg.Location, string(b)) } else { - wireMsg = fmt.Sprintf("%c:%s", msg.TargetQueue, string(b)) + wireMsg = fmt.Sprintf("%c:%s:%s", msg.TargetQueue, msg.Location, string(b)) } err = a.WriteMessage(wireMsg) @@ -1083,14 +1134,13 @@ func (a *Client) AgentLoop(ctx context.Context, closeOnError bool) (chan *QueueP } } } + if !a.IsConencted() { // abort any open download if a.CurrentRemoteFile != nil { a.CurrentRemoteFile = nil } - tries := 0 - a.logger.Info("tryReconnect", zap.Any("agentId", a.AgentID)) for err = a.Connect(false); err != nil; { time.Sleep(time.Second * 2) @@ -1104,9 +1154,9 @@ func (a *Client) AgentLoop(ctx context.Context, closeOnError bool) (chan *QueueP } else { err = a.PingServer() nextSysinfoUpdate-- - if nextSysinfoUpdate == 0 { - // TODO: a.PostSysinfo(input) - nextSysinfoUpdate = SysinfoIntervall + if nextSysinfoUpdate <= 0 { + a.Scanner.PostSysinfo(input) + nextSysinfoUpdate = SysinfoInterval } } } diff --git a/ossec/agent_keys.go b/ossec/agent_keys.go index 0793e74..fcd5827 100644 --- a/ossec/agent_keys.go +++ b/ossec/agent_keys.go @@ -55,7 +55,7 @@ func GetAgentKey(filename string) (*AgentKey, error) { key := &AgentKey{ AgentID: agentID, AgentName: agentName, - AgentHashedKey: agentKey, + AgentKey: agentKey, AgentAllowedIPs: agentIP, } return key, nil diff --git a/ossec/syscollector.go b/ossec/syscollector.go new file mode 100644 index 0000000..b759cdd --- /dev/null +++ b/ossec/syscollector.go @@ -0,0 +1,706 @@ +package ossec + +// See: https://documentation.wazuh.com/current/user-manual/capabilities/syscollector.html +// See: https://github.com/wazuh/wazuh/blob/master/src/analysisd/decoders/syscollector.c +// See: https://github.com/wazuh/wazuh/blob/master/framework/wazuh/core/syscollector.py + +import ( + "encoding/gob" + "net" + "net/url" + "os" + "os/user" + "path/filepath" + "regexp" + "runtime" + "strconv" + "strings" + "sync" + "time" + + // https://www.socketloop.com/tutorials/golang-get-hardware-information-such-as-disk-memory-and-cpu-usage + "github.com/shirou/gopsutil/cpu" + "github.com/shirou/gopsutil/mem" + + cdx "github.com/CycloneDX/cyclonedx-go" +) + +type SysCollector struct { + agent *Client + scanId int64 + localPorts map[string]*PortInfo + scanTime string + mxScan sync.Mutex +} + +var Scanner *SysCollector + +func NewScanner(client *Client) *SysCollector { + return &SysCollector{ + scanId: int64(time.Now().Unix()), + agent: client, + localPorts: make(map[string]*PortInfo), + } +} + +func init() { + gob.Register(Sysinfo{}) + gob.Register(OS{}) + gob.Register(Hardware{}) + gob.Register(Package{}) + gob.Register(Network{}) + gob.Register(Process{}) + gob.Register(Port{}) +} + +const ( + TYPE_OS = "OS" + TYPE_HARDWARE = "hardware" + TYPE_NETWORK = "network" + TYPE_NETWORK_END = "network_end" + TYPE_PROCESS = "process" + TYPE_PROCESS_END = "process_end" + TYPE_PORT = "port" + TYPE_PORT_END = "port_end" + TYPE_PACKAGE = "program" + TYPE_PACKAGE_END = "program_end" +) + +func (s *SysCollector) PostSysinfo(input chan *QueuePosting) { + s.mxScan.Lock() + defer s.mxScan.Unlock() + s.scanId++ + s.scanTime = getScanTime() + + input <- &QueuePosting{ + Location: SYSCOLLECTOR_MOD, + TargetQueue: SYSCOLLECTOR_MQ, + Timestamp: time.Now(), + Raw: s.NewOS(), + } + + input <- &QueuePosting{ + Location: SYSCOLLECTOR_MOD, + TargetQueue: SYSCOLLECTOR_MQ, + Timestamp: time.Now(), + Raw: s.NewHardware(), + } + + s.sendNetworks(input) + s.sendPorts(input) + s.sendPackages(input) + + input <- &QueuePosting{ + Location: SYSCOLLECTOR_MOD, + TargetQueue: SYSCOLLECTOR_MQ, + Timestamp: time.Now(), + Raw: s.NewProcess(TYPE_PROCESS), + } + + input <- &QueuePosting{ + Location: SYSCOLLECTOR_MOD, + TargetQueue: SYSCOLLECTOR_MQ, + Timestamp: time.Now(), + Raw: &Process{Sysinfo: s.NewSysinfo(TYPE_PROCESS_END)}, + } + +} + +func (s *SysCollector) sendPackages(input chan *QueuePosting) { + pwd, _ := os.Getwd() + for _, searchPath := range []string{"/", pwd, s.agent.GetBasePath()} { + filepath.Walk(searchPath, func(path string, info os.FileInfo, err error) error { + if err != nil { + return err + } + if info.IsDir() { + return nil + } + if matched, err := filepath.Match("*.sbom", filepath.Base(path)); err != nil { + return err + } else if matched { + s.sendSBOM(input, path) + } + return nil + }) + } +} + +func (s *SysCollector) sendSBOM(input chan *QueuePosting, path string) { + file, err := os.Open(path) + if err != nil { + return + } + defer file.Close() + + bom := new(cdx.BOM) + decoder := cdx.NewBOMDecoder(file, cdx.BOMFileFormatJSON) + if err = decoder.Decode(bom); err != nil { + return + } + + for _, component := range *bom.Components { + pkg := s.NewPackageFromComponent(component) + if pkg != nil { + input <- &QueuePosting{ + Location: SYSCOLLECTOR_MOD, + TargetQueue: SYSCOLLECTOR_MQ, + Timestamp: time.Now(), + Raw: pkg, + } + } + } + + input <- &QueuePosting{ + Location: SYSCOLLECTOR_MOD, + TargetQueue: SYSCOLLECTOR_MQ, + Timestamp: time.Now(), + Raw: &Package{Sysinfo: s.NewSysinfo(TYPE_PACKAGE_END)}, + } + +} + +func (s *SysCollector) sendPorts(input chan *QueuePosting) { + for _, pi := range s.localPorts { + input <- &QueuePosting{ + Location: SYSCOLLECTOR_MOD, + TargetQueue: SYSCOLLECTOR_MQ, + Timestamp: time.Now(), + Raw: &Port{Sysinfo: s.NewSysinfo(TYPE_PORT), PortInfo: s.NewPortInfo(pi)}, + } + } + + input <- &QueuePosting{ + Location: SYSCOLLECTOR_MOD, + TargetQueue: SYSCOLLECTOR_MQ, + Timestamp: time.Now(), + Raw: &Port{Sysinfo: s.NewSysinfo(TYPE_PORT_END)}, + } +} + +func (s *SysCollector) sendNetworks(input chan *QueuePosting) { + ifaces, err := net.Interfaces() + if err != nil { + return + } + + for _, iface := range ifaces { + net, isLocal := s.NewNetwork(iface) + if !isLocal { + input <- &QueuePosting{ + Location: SYSCOLLECTOR_MOD, + TargetQueue: SYSCOLLECTOR_MQ, + Timestamp: time.Now(), + Raw: net, + } + } + } + input <- &QueuePosting{ + Location: SYSCOLLECTOR_MOD, + TargetQueue: SYSCOLLECTOR_MQ, + Timestamp: time.Now(), + Raw: &Network{Sysinfo: s.NewSysinfo(TYPE_NETWORK_END)}, + } + +} + +type Sysinfo struct { + // ScanTime string `json:"scan_time,omitempty"` + Type string `json:"type"` + Checksum *string `json:"checksum,omitempty"` + ID int64 `json:"ID,omitempty"` + ItemID *int64 `json:"item_id,omitempty"` + ScanTime string `json:"timestamp"` +} + +func getScanTime() string { + return time.Now().Format("2006/01/02 03:04:05") +} + +func (s SysCollector) NewSysinfo(typ string) *Sysinfo { + return &Sysinfo{ + Type: typ, + ID: s.scanId, + ScanTime: s.scanTime, + } +} + +type HardwareInventory struct { + BoardSerial *string `json:"board_serial,omitempty"` + CPUName *string `json:"cpu_name,omitempty"` + CPUCores *int `json:"cpu_cores,omitempty"` + CPUMhz *float64 `json:"cpu_mhz,omitempty"` + RamFree *uint64 `json:"ram_free,omitempty"` + RamTotal *uint64 `json:"ram_total,omitempty"` + RamUsage *float64 `json:"ram_usage,omitempty"` +} + +type Hardware struct { + // R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); + *Sysinfo + Inventory HardwareInventory `json:"inventory"` +} + +func (s *SysCollector) NewHardware() *Hardware { + cpuStat, _ := cpu.Info() + vmStat, _ := mem.VirtualMemory() + ramFree := vmStat.Free / 1024 + ramTotal := vmStat.Total / 1024 + ramUsage := vmStat.UsedPercent / 1024 + + numCpu := runtime.NumCPU() + hw := &Hardware{ + Sysinfo: s.NewSysinfo(TYPE_HARDWARE), + Inventory: HardwareInventory{ + CPUName: &cpuStat[0].ModelName, + CPUCores: &numCpu, + CPUMhz: &cpuStat[0].Mhz, + RamFree: &ramFree, + RamTotal: &ramTotal, + RamUsage: &ramUsage, + }, + } + return hw +} + +type OSInventory struct { + OSName *string `json:"os_name,omitempty"` + OSVersion *string `json:"os_version,omitempty"` + OSCodename *string `json:"os_codename,omitempty"` + OSMajor *string `json:"os_major,omitempty"` + OSMinor *string `json:"os_minor,omitempty"` + OSBuild *string `json:"os_build,omitempty"` + Hostname *string `json:"hostname,omitempty"` + OSRelease *string `json:"os_release,omitempty"` + Architecture *string `json:"architecture,omitempty"` +} +type OS struct { + // R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); + *Sysinfo + Inventory OSInventory `json:"inventory"` +} + +func (s *SysCollector) NewOS() *OS { + arch := runtime.GOARCH + os := &OS{ + Sysinfo: s.NewSysinfo(TYPE_OS), + Inventory: OSInventory{ + OSName: &s.agent.osInfo.Name, + OSVersion: &s.agent.osInfo.Version, + Hostname: &s.agent.un.Hostname, + OSRelease: &s.agent.osInfo.Release, + Architecture: &arch, + }, + } + return os +} + +// R"([{"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":"411","source":"xorg","version":"1:7.7+19ubuntu14","os_patch":""},{"hotfix":"KB4586786"}])"))); + +type ProcessEntry struct { + Name *string `json:"name,omitempty"` + Cmd *string `json:"cmd,omitempty"` + ArgVs []string `json:"argvs,omitempty"` + EGroup *string `json:"egroup,omitempty"` + EUser *string `json:"euser,omitempty"` + FGroup *string `json:"fgroup,omitempty"` + RGroup *string `json:"rgroup,omitempty"` + RUser *string `json:"ruser,omitempty"` + SGroup *int `json:"sgroup,omitempty"` + SUser *int `json:"suser,omitempty"` + State *string `json:"state,omitempty"` + Nice *int `json:"nice,omitempty"` + NLWP *int `json:"nlwp,omitempty"` + PGrp *int `json:"pgrp,omitempty"` + PID *int `json:"pid,omitempty"` + PPID *int `json:"ppid,omitempty"` + Priority int `json:"priority"` + Processor *int `json:"processor,omitempty"` + Resident *int `json:"resident,omitempty"` + Session *int `json:"session,omitempty"` + Share *int `json:"share,omitempty"` + Size *uint64 `json:"size,omitempty"` + STime *int `json:"stime,omitempty"` + TGID *int `json:"tgid,omitempty"` + TTY *int `json:"tty,omitempty"` + UTime *int `json:"utime,omitempty"` + VMSize *uint64 `json:"vm_size,omitempty"` +} + +type Process struct { + // R"([{"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":431625,"ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0}])"))); + + // CREATE TABLE sys_processes ( scan_id INTEGER, + // scan_time TEXT, pid TEXT, name TEXT, state TEXT, ppid INTEGER, utime INTEGER, stime INTEGER, cmd TEXT, argvs TEXT, euser TEXT, ruser TEXT, suser TEXT, egroup TEXT, rgroup TEXT, sgroup TEXT, fgroup TEXT, priority INTEGER, nice INTEGER, size INTEGER, vm_size INTEGER, resident INTEGER, share INTEGER, start_time INTEGER, pgrp INTEGER, session INTEGER, nlwp INTEGER, tgid INTEGER, tty INTEGER, processor INTEGER, + // checksum TEXT NOT NULL CHECK (checksum <> ''), PRIMARY KEY (scan_id, pid)); + + *Sysinfo + ProcessDetails *ProcessEntry `json:"process,omitempty"` +} + +func (s *SysCollector) NewProcess(typ string) *Process { + var euser string + var egroup string + name := filepath.Base(os.Args[0]) + cmd := os.Args[0] + pid := os.Getpid() + ppid := os.Getppid() + + uid := os.Geteuid() + euser = strconv.Itoa(uid) + eUser, err := user.LookupId(euser) + if err == nil { + euser = eUser.Name + } + + egid := os.Getegid() + egroup = strconv.Itoa(egid) + eGroup, err := user.LookupGroupId(egroup) + if err == nil { + egroup = eGroup.Name + } + state := "R" + var mStats runtime.MemStats + runtime.ReadMemStats(&mStats) + + p := &Process{ + Sysinfo: s.NewSysinfo(typ), + ProcessDetails: &ProcessEntry{ + Name: &name, + Cmd: &cmd, + ArgVs: os.Args[1:], + EGroup: &egroup, + EUser: &euser, + PID: &pid, + Session: &pid, + PPID: &ppid, + State: &state, + Size: &mStats.Alloc, + VMSize: &mStats.HeapAlloc, + Priority: 0, + }, + } + return p +} + +// R"([{"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":"411","source":"xorg","version":"1:7.7+19ubuntu14","os_patch":""},{"hotfix":"KB4586786"}])"))); +type PackageDetails struct { + Format *string `json:"format,omitempty"` + Name *string `json:"name,omitempty"` + Priority *string `json:"priority,omitempty"` + Group *string `json:"group,omitempty"` + Size *int64 `json:"size,omitempty"` + Vendor *string `json:"vendor,omitempty"` + Version *string `json:"version,omitempty"` + Architecture *string `json:"architecture,omitempty"` + MultiArch *string `json:"multi-arch,omitempty"` + Source *string `json:"source,omitempty"` + Description *string `json:"description,omitempty"` + InstallTime *string `json:"install_time,omitempty"` + Location *string `json:"location,omitempty"` + + Triaged *string `json:"triaged,omitempty"` // read only + CPE *string `json:"cpe,omitempty"` // read only +} +type Package struct { + // R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); + *Sysinfo + Package *PackageDetails `json:"program"` +} + +type NetworkInterface struct { + Name *string `json:"name,omitempty"` + Adapter *string `json:"adapter,omitempty"` + Type *string `json:"type,omitempty"` + State *string `json:"state,omitempty"` + MAC *string `json:"mac,omitempty"` + TXPackets *int64 `json:"tx_packets,omitempty"` + RXPackets *int64 `json:"rx_packets,omitempty"` + TXBytes *int64 `json:"tx_bytes,omitempty"` + RXBytes *int64 `json:"rx_bytes,omitempty"` + TXErrors *int64 `json:"tx_errors,omitempty"` + RXErrors *int64 `json:"rx_errors,omitempty"` + TXDropped *int64 `json:"tx_dropped,omitempty"` + RXDropped *int64 `json:"rx_dropped,omitempty"` + MTU *int `json:"mtu,omitempty"` + IPv4 *IPAddressInfo `json:"IPv4,omitempty"` + IPv6 *IPAddressInfo `json:"IPv6,omitempty"` +} + +type IPv4Address struct { +} +type IPAddressInfo struct { + Address []string `json:"address,omitempty"` + Netmask []string `json:"netmask,omitempty"` + Broadcast []string `json:"broadcast,omitempty"` + Gateway *string `json:"gateway,omitempty"` + // DHCP can be 'enabled', 'disabled', 'unknown', 'BOOTP' + DHCP string `json:"dhcp,omitempty"` + Metric *int64 `json:"metric,omitempty"` +} + +type Network struct { + // R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); + *Sysinfo + Interface *NetworkInterface `json:"iface,omitempty"` +} + +func (s *SysCollector) NewNetwork(intf net.Interface) (*Network, bool) { + isLocal := false + eth := "ethernet" + state := "down" + if intf.Flags|net.FlagUp == intf.Flags { + state = "up" + } + network := &Network{ + Sysinfo: s.NewSysinfo(TYPE_NETWORK), + Interface: &NetworkInterface{ + Name: &intf.Name, + MTU: &intf.MTU, + Type: ð, + State: &state, + }, + } + addrs, err := intf.Addrs() + if err == nil { + ipv4 := &IPAddressInfo{DHCP: "unknown"} + ipv6 := &IPAddressInfo{DHCP: "unknown"} + for _, a := range addrs { + if ipa, ok := a.(*net.IPNet); ok { + if len(ipa.Mask) == 4 { + ipv4.Address = append(ipv4.Address, ipa.IP.String()) + isLocal = isLocal || (strings.HasPrefix(ipa.IP.String(), "127.0.0.")) + ipv4.Netmask = append(ipv4.Netmask, net.IP(ipa.Mask).String()) + ipv4.Broadcast = append(ipv4.Broadcast, "") + } else { + ipv6.Address = append(ipv6.Address, ipa.IP.String()) + ipv6.Netmask = append(ipv6.Netmask, net.IP(ipa.Mask).String()) + ipv6.Broadcast = append(ipv6.Broadcast, "") + } + } + } + if len(ipv4.Address) > 0 { + network.Interface.IPv4 = ipv4 + } + if len(ipv6.Address) > 0 { + network.Interface.IPv6 = ipv6 + } + } + + if len(intf.HardwareAddr) > 0 { + hwaddr := intf.HardwareAddr.String() + network.Interface.MAC = &hwaddr + } + return network, isLocal +} + +type PortInfo struct { + Protocol string `json:"protocol,omitempty"` + LocalIP *string `json:"local_ip,omitempty"` + RemoteIP *string `json:"remote_ip,omitempty"` + State *string `json:"state,omitempty"` + Pid *int `json:"PID,omitempty"` + Process *string `json:"process,omitempty"` + LocalPort *uint16 `json:"local_port,omitempty"` + RemotePort *uint16 `json:"remote_port,omitempty"` + TXQueue *uint `json:"tx_queue,omitempty"` + RXQueue *uint `json:"rx_queue,omitempty"` + Inode *uint `json:"inode,omitempty"` +} + +type Port struct { + // R"({"ports":[{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}]})"))); + *Sysinfo + PortInfo *PortInfo `json:"port,omitempty"` +} + +func (s *SysCollector) NewPort(pi *PortInfo) *Port { + cmd := os.Args[0] + pid := os.Getpid() + + pi.Pid = &pid + pi.Process = &cmd + + port := &Port{ + Sysinfo: s.NewSysinfo(TYPE_PORT), + PortInfo: pi, + } + return port +} + +func (s *SysCollector) NewPortInfo(pi *PortInfo) *PortInfo { + cmd := os.Args[0] + pid := os.Getpid() + + pi.Pid = &pid + pi.Process = &cmd + + return pi +} + +func getPackage(component cdx.Component) *string { + // + if component.Type == cdx.ComponentTypeLibrary { + if strings.HasPrefix(component.BOMRef, "pkg:") { + typ := strings.Split(component.BOMRef[4:], "/")[0] + switch typ { + case "pacman": + return &typ + case "deb": + return &typ + case "rpm": + return &typ + case "win": + return &typ + case "pkg": + return &typ + default: + // fmt.Println(typ) + // return &typ + } + } + + } + return nil +} + +func (s *SysCollector) NewPackageFromComponent(component cdx.Component) *Package { + arch := runtime.GOARCH + // 0|2022/02/15 19:43:23|deb|libgssapi-krb5-2|optional|libs|426|Ubuntu Developers ||1.17-6ubuntu4.1|amd64|same|krb5|MIT Kerberos runtime libraries - krb5 GSS-API Mechanism||1|||ca498815b5cf037988ce8a1e9ffe8183ae83e4f9|00d7743f300b6ade5f6eb75b2667ce30043b69a6 + // scan_id INTEGER, scan_time TEXT, format TEXT NOT NULL CHECK (format IN ('pacman', 'deb', 'rpm', 'win', 'pkg')), name TEXT, priority TEXT, section TEXT, size INTEGER CHECK (size >= 0), vendor TEXT, install_time TEXT, version TEXT, architecture TEXT, multiarch TEXT, source TEXT, description TEXT, location TEXT, triaged INTEGER(1), cpe TEXT, msu_name TEXT, checksum TEXT NOT NULL CHECK (checksum <> ''), + + // fmt.Printf("%v\n", component) + pkg := getPackage(component) + if pkg == nil { + return nil + } + + var vendor *string + if component.CPE != "" { + cpe := ParseCPE(component.CPE) + vendor = &cpe.Vendor + } + + var description *string + if component.Description != "" { + description = &component.Description + } + size := int64(0) + + if component.Properties != nil { + for _, prop := range *component.Properties { + if prop.Name == "syft:metadata:installedSize" { + s, err := strconv.Atoi(prop.Value) + if err == nil { + size = int64(s) + } + } + } + } + + return &Package{ + Sysinfo: s.NewSysinfo(TYPE_PACKAGE), + Package: &PackageDetails{ + Architecture: &arch, + Name: &component.Name, + Format: pkg, + Size: &size, + Version: &component.Version, + Vendor: vendor, + Description: description, + }, + } +} + +func (s *SysCollector) SetPort(name string, port *PortInfo) { + s.mxScan.Lock() + defer s.mxScan.Unlock() + s.localPorts[name] = port +} + +func (s *SysCollector) RemovePort(name string) { + s.mxScan.Lock() + defer s.mxScan.Unlock() + delete(s.localPorts, name) +} + +var CpeNamePattern = regexp.MustCompile(`^[c][pP][eE]:(2\.3:|/)([AHOaho])?(.*)$`) + +type CPE struct { + Name string `xml:"name,attr" json:"name,omitempty"` + CpeVersion float32 `json:"cpe_version,omitempty"` + Part string `json:"part,omitempty"` + Vendor string `json:"vendor,omitempty"` + Product string `json:"product,omitempty"` + Version string `json:"version,omitempty"` + Update string `json:"update,omitempty"` + Edition string `json:"edition,omitempty"` + Language string `json:"language,omitempty"` + SoftwareEdition string `json:"software_edition,omitempty"` + TargetSoftware string `json:"target_software,omitempty"` + TargetHardware string `json:"target_hardware,omitempty"` + Other string `json:"other,omitempty"` + Deprecated bool `xml:"deprecated,attr,omitempty" json:"deprecated,omitempty"` + Title string `json:"title"` +} + +func ParseCPE(name string) *CPE { + cpe := &CPE{} + // https://nvd.nist.gov/products/cpe + if strings.HasPrefix(name, "cpe:2.3") { + cpe.CpeVersion = 2.3 + } else { + cpe.CpeVersion = 2.2 + } + + matches := CpeNamePattern.FindAllStringSubmatch(name, -1) + var parts []string + if len(matches) == 1 { + match := matches[0] + cpe.Part = match[2] + parts = strings.Split(match[3], ":") + + if match[1] == "/" && len(parts) > 5 { + moreParts := strings.Split(parts[5], "~") + parts = parts[0:4] + parts = append(parts, moreParts...) + } + + for i, v := range parts { + decoded, err := url.QueryUnescape(v) + if err == nil { + if decoded == "*" { + parts[i] = "" + } else { + parts[i] = decoded + } + } + } + + if len(parts) > 1 { + cpe.Vendor = parts[1] + if len(parts) > 2 { + cpe.Product = parts[2] + if len(parts) > 3 { + cpe.Version = parts[3] + if len(parts) > 4 { + cpe.Update = parts[4] + if len(parts) > 6 { + cpe.Language = parts[6] + if len(parts) > 7 { + cpe.SoftwareEdition = parts[7] + if len(parts) > 8 { + cpe.TargetHardware = parts[8] + if len(parts) > 9 { + cpe.Other = parts[9] + } + } + } + } + } + } + } + } + } + return cpe +} diff --git a/ossec/sysinfo.go b/ossec/sysinfo.go deleted file mode 100644 index 9cb7849..0000000 --- a/ossec/sysinfo.go +++ /dev/null @@ -1,206 +0,0 @@ -package ossec - -// See: https://github.com/wazuh/wazuh/blob/master/src/analysisd/decoders/syscollector.c - -import ( - "crypto/sha1" - "encoding/gob" - "encoding/json" - "fmt" - "os" - "path/filepath" - "runtime" - "time" - - // https://www.socketloop.com/tutorials/golang-get-hardware-information-such-as-disk-memory-and-cpu-usage - "github.com/shirou/gopsutil/cpu" - "github.com/shirou/gopsutil/mem" -) - -var scanId uint64 - -func init() { - scanId = uint64(time.Now().Unix()) - gob.Register(Sysinfo{}) - gob.Register(OS{}) - gob.Register(Hardware{}) - gob.Register(Package{}) - gob.Register(Network{}) - gob.Register(Process{}) - gob.Register(Port{}) -} - -const ( - TYPE_OS = "OS" - TYPE_HARDWARE = "hardware" - TYPE_PROCESS = "process" - TYPE_PROCESS_END = "process_end" -) - -func (a *Client) PostSysinfo(input chan *QueuePosting) { - scanId++ - input <- &QueuePosting{ - Location: WM_SYS_LOCATION, - TargetQueue: SYSCOLLECTOR_MQ, - Timestamp: time.Now(), - Raw: a.NewOS(), - } - - input <- &QueuePosting{ - Location: WM_SYS_LOCATION, - TargetQueue: SYSCOLLECTOR_MQ, - Timestamp: time.Now(), - Raw: a.NewProcess(), - } - - input <- &QueuePosting{ - Location: WM_SYS_LOCATION, - TargetQueue: SYSCOLLECTOR_MQ, - Timestamp: time.Now(), - Raw: a.NewHardware(), - } -} - -type Sysinfo struct { - // ScanTime string `json:"scan_time,omitempty"` - Type string `json:"type"` - Checksum string `json:"checksum"` - ID string `json:"ID,omitempty"` - ScanTime string `json:"scan_time,omitempty"` -} - -func getScanTime() string { - return time.Now().Format("2006/1/2 03:04:05") -} - -func (a *Client) NewSysinfo(typ string, data interface{}) *Sysinfo { - b, _ := json.Marshal(data) - return &Sysinfo{ - Type: typ, - Checksum: fmt.Sprintf("%x", sha1.Sum(b)), - ID: fmt.Sprintf("%d", scanId), - ScanTime: getScanTime(), - } -} - -type Hardware struct { - // R"({"board_serial":"Intel Corporation","scan_time":"2020/12/28 21:49:50", "cpu_MHz":2904,"cpu_cores":2,"cpu_name":"Intel(R) Core(TM) i5-9400 CPU @ 2.90GHz", "ram_free":2257872,"ram_total":4972208,"ram_usage":54})"))); - *Sysinfo - BoardSerial string `json:"board_serial,omitempty"` - CPUName string `json:"cpu_name,omitempty"` - CPUCores int `json:"cpu_cores,omitempty"` - CPUMhz float64 `json:"cpu_mhz,omitempty"` - RamFree uint64 `json:"ram_free,omitempty"` - RamTotal uint64 `json:"ram_total,omitempty"` - RamUsage float64 `json:"ram_usage,omitempty"` -} - -func (a *Client) NewHardware() *Hardware { - cpuStat, _ := cpu.Info() - vmStat, _ := mem.VirtualMemory() - hw := &Hardware{ - CPUName: cpuStat[0].ModelName, - CPUCores: runtime.NumCPU(), - CPUMhz: cpuStat[0].Mhz, - RamFree: vmStat.Free, - RamTotal: vmStat.Total, - RamUsage: vmStat.UsedPercent, - } - hw.Sysinfo = a.NewSysinfo(TYPE_OS, hw) - return hw -} - -type OS struct { - // R"({"architecture":"x86_64","scan_time":"2020/12/28 21:49:50", "hostname":"UBUNTU","os_build":"7601","os_major":"6","os_minor":"1","os_name":"Microsoft Windows 7","os_release":"sp1","os_version":"6.1.7601"})"))); - *Sysinfo - ScanTime string `json:"scan_time,omitempty"` - OSName string `json:"os_name,omitempty"` - OSMajor string `json:"os_major,omitempty"` - OSMinor string `json:"os_minor,omitempty"` - OSBuild string `json:"os_build,omitempty"` - OSVersion string `json:"os_version,omitempty"` - Hostname string `json:"hostname,omitempty"` - OSRelease string `json:"os_release,omitempty"` - Architecture string `json:"architecture,omitempty"` -} - -func (a *Client) NewOS() *OS { - os := &OS{ - OSName: a.osInfo.Name, - OSVersion: a.osInfo.Version, - Hostname: a.un.Hostname, - OSRelease: a.osInfo.Release, - Architecture: runtime.GOARCH, - } - os.Sysinfo = a.NewSysinfo(TYPE_OS, os) - return os -} - -// R"([{"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":"411","source":"xorg","version":"1:7.7+19ubuntu14","os_patch":""},{"hotfix":"KB4586786"}])"))); - -type Process struct { - // R"([{"egroup":"root","euser":"root","fgroup":"root","name":"kworker/u256:2-","scan_time":"2020/12/28 21:49:50", "nice":0,"nlwp":1,"pgrp":0,"pid":431625,"ppid":2,"priority":20,"processor":1,"resident":0,"rgroup":"root","ruser":"root","session":0,"sgroup":"root","share":0,"size":0,"start_time":9302261,"state":"I","stime":3,"suser":"root","tgid":431625,"tty":0,"utime":0,"vm_size":0}])"))); - - *Sysinfo - Name string `json:"name,omitempty"` - EGroup string `json:"egroup,omitempty"` - EUser string `json:"euser,omitempty"` - FGroup string `json:"fgroup,omitempty"` - RGroup string `json:"rgroup,omitempty"` - RUser string `json:"ruser,omitempty"` - SGroup string `json:"sgroup,omitempty"` - SUser string `json:"suser,omitempty"` - State string `json:"state,omitempty"` - Nice int `json:"nice,omitempty"` - NLWP int `json:"nlwp,omitempty"` - PGrp int `json:"pgrp,omitempty"` - PID int `json:"pid,omitempty"` - PPID int `json:"ppid,omitempty"` - Priority int `json:"priority,omitempty"` - Processor int `json:"processor,omitempty"` - Resident int `json:"resident,omitempty"` - Session int `json:"session,omitempty"` - Share int `json:"share,omitempty"` - Size int `json:"size,omitempty"` - STime int `json:"stime,omitempty"` - TGID int `json:"tgid,omitempty"` - TTY int `json:"tty,omitempty"` - UTime int `json:"utime,omitempty"` - VMSize int `json:"vm_size,omitempty"` -} - -func (a *Client) NewProcess() *Process { - p := &Process{ - Name: filepath.Base(os.Args[0]), - PID: os.Getpid(), - PPID: os.Getppid(), - } - - p.Sysinfo = a.NewSysinfo(TYPE_OS, p) - return p -} - -// R"([{"architecture":"amd64","scan_time":"2020/12/28 21:49:50", "group":"x11","name":"xserver-xorg","priority":"optional","size":"411","source":"xorg","version":"1:7.7+19ubuntu14","os_patch":""},{"hotfix":"KB4586786"}])"))); -type Package struct { - *Sysinfo - Architecture string `json:"architecture,omitempty"` - Group string `json:"group,omitempty"` - Name string `json:"name,omitempty"` - Priority string `json:"priority,omitempty"` - Size string `json:"size,omitempty"` - Source string `json:"source,omitempty"` - Version string `json:"version,omitempty"` - OSPatch string `json:"os_patch,omitempty"` - Hotfix string `json:"hotfix,omitempty"` -} - -type Network struct { - // R"({"iface":[{"address":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "mac":"d4:5d:64:51:07:5d", "gateway":"192.168.0.1|600","broadcast":"127.255.255.255", "name":"ens1", "mtu":1500, "name":"enp4s0", "adapter":" ", "type":"ethernet", "state":"up", "dhcp":"disabled","iface":"Loopback Pseudo-Interface 1","metric":"75","netmask":"255.0.0.0","proto":"IPv4","rx_bytes":0,"rx_dropped":0,"rx_errors":0,"rx_packets":0,"tx_bytes":0,"tx_dropped":0,"tx_errors":0,"tx_packets":0, "IPv4":[{"address":"192.168.153.1","broadcast":"192.168.153.255","dhcp":"unknown","metric":" ","netmask":"255.255.255.0"}], "IPv6":[{"address":"fe80::250:56ff:fec0:8","dhcp":"unknown","metric":" ","netmask":"ffff:ffff:ffff:ffff::"}]}]})"))); - - *Sysinfo -} - -type Port struct { - // R"({"ports":[{"inode":0,"local_ip":"127.0.0.1","scan_time":"2020/12/28 21:49:50", "local_port":631,"pid":0,"process_name":"System Idle Process","protocol":"tcp","remote_ip":"0.0.0.0","remote_port":0,"rx_queue":0,"state":"listening","tx_queue":0}]})"))); - *Sysinfo -}