Граф коммитов

100 Коммитов

Автор SHA1 Сообщение Дата
Aaron Meihm 53cfc5288b add sshkey module
sshkey scans the file system on remote agents for SSH keys, and where
identified returns fingerprints for the keys.

Where private keys and public keys are identified, fingerprints will be
returned for these keys if possible.

The module also identifies authorized_keys files, and returns the
fingerprints of any public keys present in the authorized_keys file,
allowing correlation between identified public/private fingerprints and
the hosts the keys have access to.
2017-08-21 20:03:36 -05:00
Aaron Meihm e5e4e3e406 remove agent-intel-worker
Remove the agent-intel-worker which is no longer used, and is
incompatible with the recent changes to gozdef.
2017-07-25 13:46:01 -05:00
Aaron Meihm f70b3c6f38 [minor] change tags comment/default in default agent configuration file 2017-07-06 16:52:20 -05:00
Aaron Meihm de9f9f0a7a [minor] update comments for loader TAGS value 2017-07-06 16:10:16 -05:00
Aaron Meihm 786b3b70cc [minor] add a note regarding tags being configurable in config file 2017-07-06 16:05:03 -05:00
Andres Hermosilla 4cd3867cc9 [minor] Added option to set tags in mig-agent config file, contributes to #237 2017-04-27 10:07:22 -07:00
Aaron Meihm 5fd4941043 [medium] yara module, base implementation
Adds a yara module that supports scanning of files on agent systems
using yara rules. Based on go-yara.
2017-04-03 15:35:55 -05:00
Aaron Meihm 15d5615154 [minor] make agent action stats limit configurable 2017-03-28 12:19:57 -05:00
Aaron Meihm 5cd87423da [minor] fswatch and examplepersist modules are optional 2017-02-27 14:57:36 -06:00
Aaron Meihm 5f631db035 [minor] scheduler option to log summary of each agent actions/commands
Optionally create a summarized log entry for each command dispatched to
an agent by the scheduler. Currently this log entry just includes the
agent name, the loader name (if it is associated with a loader
instance), and the action name.
2017-02-07 16:18:35 -06:00
jboyer2012 9ad057e229 [minor] Add ONLYVERIFYPUBKEY global to bypass verification of ACLs if set to true. 2017-02-06 18:22:07 -05:00
Aaron Meihm 08f83f5cd0 [minor] fix import path for example module 2016-12-22 15:40:20 -06:00
Aaron Meihm bbd4b8d2e4 [minor] remove upgrade module and additional references to module 2016-12-21 15:08:49 -06:00
Aaron Meihm 3b35161a0f [minor] rename PERSISTCONFIGDIR -> MODULECONFIGDIR 2016-12-16 15:48:57 -06:00
Aaron Meihm bfec483d5c [medium] persistent module config file support
Adds the ability for persistent modules to read a configuration file
that can be used to control their behavior.

In some cases, we may want a persistent module to be configurable. A new
configuration variable PERSISTCONFIGDIR has been added which indicates a
directory the agent will look in for persistent module configs. When the
agent starts a persistent module, it will determine if modulename.cfg
exists in the config directory; if so the agent will load the config and
send it to the newly executed module, which it will read on stdin. The
module can then read this configuration, and configure itself as needed
before it begins it's primary execution functions.

Modules specify the configuration format within the module code itself,
so each module that makes use of this can have it's own configuration
parameters.
2016-12-16 15:42:16 -06:00
Aaron Meihm 8ab8d29f7f [minor] runtime options to disable persistent modules 2016-10-14 13:46:58 -05:00
Aaron Meihm 2c10c2928f [minor] add an example persistent module 2016-10-08 23:38:20 -05:00
Aaron Meihm b1f1543e67 [minor] agent epm implementation
EPM (extra privacy mode) is an agent option that if enabled, will
inform modules they should apply additional masking on returned results.

For example, by default if the file module matches a search, the name of
the matching file will be returned. With this enabled, it may inform the
investigator that something on the system matched, but will not provide
meta-data.
2016-08-29 14:06:45 -05:00
Aaron Meihm c8a8b53d8e [minor] add support for user defined target macros
This provides the ability for users to define target macros in ~/.migrc,
as an example rather than requiring -t "status='online'", given a
section such as:

[targets]
    macro = allonline:status='online'

in .migrc, you can then do -t allonline. The intended specification
format is macro = name:<target string>. Multiple "macro" items can be
specified in the targets section.

This also removes the default target in mig-cmd, and the -t flag is
now a required option. This better aligns with how mig-console works.
2016-08-09 09:03:13 -05:00
Aaron Meihm 63787dded6 [minor] configured handling of X-Forwarded-For
Adds a configuration option to the API to inform the API when it should
use the X-Forwarded-For header value as the public IP of a client. Also
does some validation of the value.

Resolves #247
2016-07-12 15:28:06 -05:00
Aaron Meihm 71ad82d3cf [medium] change agent proxy behavior to prefer proxies
If any proxies have been configured, try those first before attempting
direct connections. This also adds specifying proxies in the agent
config file, where as before they were only compile time options in the
built-in configuration.

Resolves #249
2016-07-05 16:20:11 -05:00
Aaron Meihm a84474ad9e [medium] introduce periodic agent environment refresh
It's possible over the course of the process lifetime on a workstation
that address or other environment information can change. This adds
support for periodic refreshes of current environment information from
the system.

This commit also requires modifying the way we pass the Context around
the agent, from a copy to using a pointer so the changes made in the
refresh routine are visible.

Closes #205
2016-04-18 23:04:50 -05:00
Aaron Meihm cb4fdac8d7 [minor] add log file rotation for file output mode
Closes #204
2016-04-18 21:59:28 -05:00
Aaron Meihm 82230198ed [minor] add better logging for loader operations
This just uses the mig logging framework, as a second part to this we
need to implement rotation for file output in the logging framework.

Related to #204
2016-04-18 21:59:28 -05:00
Aaron Meihm d056b5b4fb [minor] make api required signatures a config option 2016-03-24 17:08:14 -05:00
Aaron Meihm 7a494e1d05 [medium] validate manifest signatures on loader 2016-03-24 17:08:13 -05:00
Aaron Meihm d77e0707ef [minor] use a dedicated configuration input for the loader 2016-03-24 17:08:13 -05:00
Julien Vehent [:ulfr] cbbebf0155 Merge pull request #143 from mvanotti/issue107
(WIP) [minor/107] Fix issue #107
2016-03-18 09:03:10 -04:00
Aaron Meihm f893afd6e0 [medium] Support fetch of instance meta-data for agents running in AWS 2015-12-30 09:36:37 -06:00
Aaron Meihm ba7302de77 [minor] Remove old worker code and update documentation 2015-12-29 17:25:09 -06:00
Aaron Meihm e9825fc328 [medium] Add a runner plugin to process compliance items 2015-12-29 14:00:42 -06:00
Marco Vanotti c4e4ffb2e8 [minor/107] Add mig-agent shortcut to msi package
This creates a shortcut to the MIG Executable named mig-agent.exe.

As a side-change, this changes the File Id of the MainExecutable to make
it more detailed, this is used as the shortcut's target.
2015-10-28 17:08:48 -03:00
Aaron Meihm 0ba9cb93a7 [minor] add a results delay configuration value
This supports including a small delay following action expiry before
attempting to retrieve results from the API.
2015-09-18 10:23:21 -05:00
Aaron Meihm 9d313e3932 [minor] support pre-cacheing gpg passphrase for automated operation 2015-09-17 13:43:11 -05:00
Aaron Meihm 20c8a2c40c [minor] initial commit of mig-runner 2015-09-15 14:40:26 -05:00
Julien Vehent 0cbfa67552 [minor] re-enable Masche by default, upstream issue is fixed 2015-09-02 09:22:57 -04:00
Julien Vehent ede3858edb [minor/bug] disable memory module to prevent macos build from breaking 2015-08-26 17:14:37 -04:00
Julien Vehent f9c24e9828 [minor] change folder structure to go get with nice names 2015-08-26 12:22:02 -04:00
Julien Vehent e9aa7febf9 [major] reorganize repository structure for `go get mig.ninja/mig`
This is a major change to the structure of the repository and the Makefile,
but a minor change in terms of functionalities. It simply changes the structure
of the directories to be compliant with Go's idiomatic build methods.

I also bought the domain `mig.ninja` and will now be using that as
a standard import path for everything. The magic to serve everything
under mig.ninja/mig will be documented elsewhere.
2015-08-25 18:01:22 -04:00
Julien Vehent 668ca47998 Merge pull request #77 from mozilla/exchangerework
MQ Exchanges rework
2015-08-22 10:36:44 -04:00
Aaron Meihm eadec415c3 [minor] mig scribe module implementation 2015-08-07 11:56:20 -05:00
Julien Vehent e062d41b33 [major] reorg of mq exchanges for stronger access control 2015-08-01 11:47:49 -04:00
Julien Vehent 85787c1d3c [minor] various fixes to build server packages 2015-05-14 10:21:43 -04:00
Aaron Meihm 044e8bfa57 [minor] rename migoval -> pkg 2015-05-10 12:10:02 -05:00
Aaron Meihm 3c70552282 [minor] basic initial structure for migoval module 2015-05-10 12:10:01 -05:00
Julien Vehent c09c20858a [major] Memory module, using Masche 2015-05-08 09:28:47 -04:00
Julien Vehent b4986e09a7 [minor] add `example` module to list of available modules 2015-04-29 16:14:04 -04:00
Julien Vehent f6a6120960 [medium] timedrift module, to check that systems use network time 2015-03-17 11:43:09 -04:00
Sushant Dinesh 0f46e8cfdb [medium] ping module 2015-03-17 11:43:09 -04:00
Julien Vehent 04e822d20a [medium] improve automated deletion of unused amqp queues in scheduler 2015-02-04 11:25:33 -05:00