X-PGPAUTHORIZATION based authentication was previously used for
authorizing client access to the API. This patch adds the option of
using a standard API key as well.
Note that PGP is still required for querying agents. In some cases
though, we may want to integrate other external applications that just
require API access (e.g. to review previous investigations, manage
users, etc). Using PGP for this is problematic and the ability
to instead just use a regular API key for these scenarios remediates
this.
Investigators can now be assigned an key that enables API key based
access to the MIG API. Investigators can also be created without a PGP
key, so they can solely utilize API key based access.
Resolves#239
If the agent fails to bind the status socket, it will wait and retry
again. As part of this retry, it was also binding endpoints to register
them in the http package for the status socket which would result in a
panic.
Changes behavior so endpoints are only registered once.
When the agent shuts down (e.g. due to a signal, etc) a message is sent
to the Terminate channel, which results eventually in the agent Context
being destroyed.
The terminate channel was being closed before the AMQP connection was
being shut down. This was causing a panic as the getCommands function
also writes to the terminate channel to indicate relay collection is
failing.
Move close of Terminate later in destroy and after we shut down the AMQP
connection so prevent the write on the closed Terminate channel in
getCommands.
On some distributions lsb_release will not be present. Currently when
the agent is run on these systems, an error is always generated on
startup after lsb_release cannot be found and the agent uses issue for
distribution detection.
This changes the function so it does not generate these errors as they
are expected during normal execution, but will still print them at the
debug level.
Closes#326
service-go is being imported as a vendor package. It was originally more
generic but over time has been tweaked in a few ways for its use within
MIG. Rather then manage it as a separate package, just include it.
Updates Dockerfile with a few changes:
- use ubuntu:xenial
- Ensure we stop postgresql after build so it starts without requiring
recovery
- Also install packages in docker build to take advantage of cache for
faster testing
ba34c5c moved some code in mig-cmd around so a client/configuration was
not required with -t local, but this created issues with -i as the
configuration was no longer being read. Update action file handling to
include reading configuration and creating a client.
If the agent is running on for example a workstation device, by browsing
to the status socket (e.g., typically bound at http://127.0.0.1:51664)
basic statistics of the agent are returned to be viewed.
Rather than a custom/raw TCP protocol here, make use of HTTP for
communication with the agent stat socket. The existing functionality has
been modified to operate in the same manner as it was previously.
Aaron Meihm
Julien Vehent [:ulfr]
Malhar Vora
jayant-yadav
Julien Vehent