mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
e1bbcfcfda
* Generate audit logs for activities * Fix config tests * Fix TestGetConfig/IncludeServerConfig * Fix use of AddAttributes in results only * Stream activities asynchronously * Fix index and add logging * Revert change * Documentation fixes
234 lines
6.3 KiB
Go
234 lines
6.3 KiB
Go
package service
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"html/template"
|
|
"strings"
|
|
|
|
"github.com/fleetdm/fleet/v4/server"
|
|
authz_ctx "github.com/fleetdm/fleet/v4/server/contexts/authz"
|
|
"github.com/fleetdm/fleet/v4/server/contexts/ctxerr"
|
|
"github.com/fleetdm/fleet/v4/server/contexts/license"
|
|
"github.com/fleetdm/fleet/v4/server/contexts/viewer"
|
|
"github.com/fleetdm/fleet/v4/server/fleet"
|
|
"github.com/fleetdm/fleet/v4/server/mail"
|
|
)
|
|
|
|
// mailError is set when an error performing mail operations
|
|
type mailError struct {
|
|
message string
|
|
}
|
|
|
|
func (e mailError) Error() string {
|
|
return fmt.Sprintf("a mail error occurred: %s", e.message)
|
|
}
|
|
|
|
func (e mailError) MailError() []map[string]string {
|
|
return []map[string]string{
|
|
{
|
|
"name": "base",
|
|
"reason": e.message,
|
|
},
|
|
}
|
|
}
|
|
|
|
func (svc *Service) NewAppConfig(ctx context.Context, p fleet.AppConfig) (*fleet.AppConfig, error) {
|
|
// skipauth: No user context yet when the app config is first created.
|
|
svc.authz.SkipAuthorization(ctx)
|
|
|
|
newConfig, err := svc.ds.NewAppConfig(ctx, &p)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Set up a default enroll secret
|
|
secret := svc.config.Packaging.GlobalEnrollSecret
|
|
if secret == "" {
|
|
secret, err = server.GenerateRandomText(fleet.EnrollSecretDefaultLength)
|
|
if err != nil {
|
|
return nil, ctxerr.Wrap(ctx, err, "generate enroll secret string")
|
|
}
|
|
}
|
|
secrets := []*fleet.EnrollSecret{
|
|
{
|
|
Secret: secret,
|
|
},
|
|
}
|
|
err = svc.ds.ApplyEnrollSecrets(ctx, nil, secrets)
|
|
if err != nil {
|
|
return nil, ctxerr.Wrap(ctx, err, "save enroll secret")
|
|
}
|
|
|
|
return newConfig, nil
|
|
}
|
|
|
|
func (svc *Service) sendTestEmail(ctx context.Context, config *fleet.AppConfig) error {
|
|
vc, ok := viewer.FromContext(ctx)
|
|
if !ok {
|
|
return fleet.ErrNoContext
|
|
}
|
|
|
|
testMail := fleet.Email{
|
|
Subject: "Hello from Fleet",
|
|
To: []string{vc.User.Email},
|
|
Mailer: &mail.SMTPTestMailer{
|
|
BaseURL: template.URL(config.ServerSettings.ServerURL + svc.config.Server.URLPrefix),
|
|
AssetURL: getAssetURL(),
|
|
},
|
|
Config: config,
|
|
}
|
|
|
|
if err := mail.Test(svc.mailService, testMail); err != nil {
|
|
return mailError{message: err.Error()}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func cleanupURL(url string) string {
|
|
return strings.TrimRight(strings.Trim(url, " \t\n"), "/")
|
|
}
|
|
|
|
func (svc *Service) License(ctx context.Context) (*fleet.LicenseInfo, error) {
|
|
if !svc.authz.IsAuthenticatedWith(ctx, authz_ctx.AuthnDeviceToken) {
|
|
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionRead); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
lic, _ := license.FromContext(ctx)
|
|
return lic, nil
|
|
}
|
|
|
|
func (svc *Service) SetupRequired(ctx context.Context) (bool, error) {
|
|
users, err := svc.ds.ListUsers(ctx, fleet.UserListOptions{ListOptions: fleet.ListOptions{Page: 0, PerPage: 1}})
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
if len(users) == 0 {
|
|
return true, nil
|
|
}
|
|
return false, nil
|
|
}
|
|
|
|
func (svc *Service) UpdateIntervalConfig(ctx context.Context) (*fleet.UpdateIntervalConfig, error) {
|
|
return &fleet.UpdateIntervalConfig{
|
|
OSQueryDetail: svc.config.Osquery.DetailUpdateInterval,
|
|
OSQueryPolicy: svc.config.Osquery.PolicyUpdateInterval,
|
|
}, nil
|
|
}
|
|
|
|
func (svc *Service) VulnerabilitiesConfig(ctx context.Context) (*fleet.VulnerabilitiesConfig, error) {
|
|
return &fleet.VulnerabilitiesConfig{
|
|
DatabasesPath: svc.config.Vulnerabilities.DatabasesPath,
|
|
Periodicity: svc.config.Vulnerabilities.Periodicity,
|
|
CPEDatabaseURL: svc.config.Vulnerabilities.CPEDatabaseURL,
|
|
CPETranslationsURL: svc.config.Vulnerabilities.CPETranslationsURL,
|
|
CVEFeedPrefixURL: svc.config.Vulnerabilities.CVEFeedPrefixURL,
|
|
CurrentInstanceChecks: svc.config.Vulnerabilities.CurrentInstanceChecks,
|
|
DisableDataSync: svc.config.Vulnerabilities.DisableDataSync,
|
|
RecentVulnerabilityMaxAge: svc.config.Vulnerabilities.RecentVulnerabilityMaxAge,
|
|
DisableWinOSVulnerabilities: svc.config.Vulnerabilities.DisableWinOSVulnerabilities,
|
|
}, nil
|
|
}
|
|
|
|
func (svc *Service) LoggingConfig(ctx context.Context) (*fleet.Logging, error) {
|
|
if err := svc.authz.Authorize(ctx, &fleet.AppConfig{}, fleet.ActionRead); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
conf := svc.config
|
|
logging := &fleet.Logging{
|
|
Debug: conf.Logging.Debug,
|
|
Json: conf.Logging.JSON,
|
|
}
|
|
|
|
loggings := []struct {
|
|
plugin string
|
|
target *fleet.LoggingPlugin
|
|
}{
|
|
{
|
|
plugin: conf.Osquery.StatusLogPlugin,
|
|
target: &logging.Status,
|
|
},
|
|
{
|
|
plugin: conf.Osquery.ResultLogPlugin,
|
|
target: &logging.Result,
|
|
},
|
|
}
|
|
|
|
if conf.Activity.EnableAuditLog {
|
|
loggings = append(loggings, struct {
|
|
plugin string
|
|
target *fleet.LoggingPlugin
|
|
}{
|
|
plugin: conf.Activity.AuditLogPlugin,
|
|
target: &logging.Audit,
|
|
})
|
|
}
|
|
|
|
for _, lp := range loggings {
|
|
switch lp.plugin {
|
|
case "", "filesystem":
|
|
*lp.target = fleet.LoggingPlugin{
|
|
Plugin: "filesystem",
|
|
Config: fleet.FilesystemConfig{
|
|
FilesystemConfig: conf.Filesystem,
|
|
},
|
|
}
|
|
case "kinesis":
|
|
*lp.target = fleet.LoggingPlugin{
|
|
Plugin: "kinesis",
|
|
Config: fleet.KinesisConfig{
|
|
Region: conf.Kinesis.Region,
|
|
StatusStream: conf.Kinesis.StatusStream,
|
|
ResultStream: conf.Kinesis.ResultStream,
|
|
AuditStream: conf.Kinesis.AuditStream,
|
|
},
|
|
}
|
|
case "firehose":
|
|
*lp.target = fleet.LoggingPlugin{
|
|
Plugin: "firehose",
|
|
Config: fleet.FirehoseConfig{
|
|
Region: conf.Firehose.Region,
|
|
StatusStream: conf.Firehose.StatusStream,
|
|
ResultStream: conf.Firehose.ResultStream,
|
|
AuditStream: conf.Firehose.AuditStream,
|
|
},
|
|
}
|
|
case "lambda":
|
|
*lp.target = fleet.LoggingPlugin{
|
|
Plugin: "lambda",
|
|
Config: fleet.LambdaConfig{
|
|
Region: conf.Lambda.Region,
|
|
StatusFunction: conf.Lambda.StatusFunction,
|
|
ResultFunction: conf.Lambda.ResultFunction,
|
|
AuditFunction: conf.Lambda.AuditFunction,
|
|
},
|
|
}
|
|
case "pubsub":
|
|
*lp.target = fleet.LoggingPlugin{
|
|
Plugin: "pubsub",
|
|
Config: fleet.PubSubConfig{
|
|
PubSubConfig: conf.PubSub,
|
|
},
|
|
}
|
|
case "stdout":
|
|
*lp.target = fleet.LoggingPlugin{Plugin: "stdout"}
|
|
case "kafkarest":
|
|
*lp.target = fleet.LoggingPlugin{
|
|
Plugin: "kafkarest",
|
|
Config: fleet.KafkaRESTConfig{
|
|
StatusTopic: conf.KafkaREST.StatusTopic,
|
|
ResultTopic: conf.KafkaREST.ResultTopic,
|
|
AuditTopic: conf.KafkaREST.AuditTopic,
|
|
ProxyHost: conf.KafkaREST.ProxyHost,
|
|
},
|
|
}
|
|
default:
|
|
return nil, ctxerr.Errorf(ctx, "unrecognized logging plugin: %s", lp.plugin)
|
|
}
|
|
}
|
|
return logging, nil
|
|
}
|