sshkey scans the file system on remote agents for SSH keys, and where
identified returns fingerprints for the keys.
Where private keys and public keys are identified, fingerprints will be
returned for these keys if possible.
The module also identifies authorized_keys files, and returns the
fingerprints of any public keys present in the authorized_keys file,
allowing correlation between identified public/private fingerprints and
the hosts the keys have access to.
Optionally create a summarized log entry for each command dispatched to
an agent by the scheduler. Currently this log entry just includes the
agent name, the loader name (if it is associated with a loader
instance), and the action name.
Adds the ability for persistent modules to read a configuration file
that can be used to control their behavior.
In some cases, we may want a persistent module to be configurable. A new
configuration variable PERSISTCONFIGDIR has been added which indicates a
directory the agent will look in for persistent module configs. When the
agent starts a persistent module, it will determine if modulename.cfg
exists in the config directory; if so the agent will load the config and
send it to the newly executed module, which it will read on stdin. The
module can then read this configuration, and configure itself as needed
before it begins it's primary execution functions.
Modules specify the configuration format within the module code itself,
so each module that makes use of this can have it's own configuration
parameters.
EPM (extra privacy mode) is an agent option that if enabled, will
inform modules they should apply additional masking on returned results.
For example, by default if the file module matches a search, the name of
the matching file will be returned. With this enabled, it may inform the
investigator that something on the system matched, but will not provide
meta-data.
This provides the ability for users to define target macros in ~/.migrc,
as an example rather than requiring -t "status='online'", given a
section such as:
[targets]
macro = allonline:status='online'
in .migrc, you can then do -t allonline. The intended specification
format is macro = name:<target string>. Multiple "macro" items can be
specified in the targets section.
This also removes the default target in mig-cmd, and the -t flag is
now a required option. This better aligns with how mig-console works.
Adds a configuration option to the API to inform the API when it should
use the X-Forwarded-For header value as the public IP of a client. Also
does some validation of the value.
Resolves#247
If any proxies have been configured, try those first before attempting
direct connections. This also adds specifying proxies in the agent
config file, where as before they were only compile time options in the
built-in configuration.
Resolves#249
It's possible over the course of the process lifetime on a workstation
that address or other environment information can change. This adds
support for periodic refreshes of current environment information from
the system.
This commit also requires modifying the way we pass the Context around
the agent, from a copy to using a pointer so the changes made in the
refresh routine are visible.
Closes#205
This just uses the mig logging framework, as a second part to this we
need to implement rotation for file output in the logging framework.
Related to #204
This creates a shortcut to the MIG Executable named mig-agent.exe.
As a side-change, this changes the File Id of the MainExecutable to make
it more detailed, this is used as the shortcut's target.
This is a major change to the structure of the repository and the Makefile,
but a minor change in terms of functionalities. It simply changes the structure
of the directories to be compliant with Go's idiomatic build methods.
I also bought the domain `mig.ninja` and will now be using that as
a standard import path for everything. The magic to serve everything
under mig.ninja/mig will be documented elsewhere.