mirror of
https://github.com/netbirdio/netbird.git
synced 2024-12-28 17:48:50 +01:00
51f133fdc6
* wip: add posture checks structs * add netbird version check * Refactor posture checks and add version checks * Add posture check activities (#1445) * Integrate Endpoints for Posture Checks (#1432) * wip: add posture checks structs * add netbird version check * Refactor posture checks and add version checks * Implement posture and version checks in API models * Refactor API models and enhance posture check functionality * wip: add posture checks endpoints * go mod tidy * Reference the posture checks by id's in policy * Add posture checks management to server * Add posture checks management mocks * implement posture checks handlers * Add posture checks to account copy and fix tests * Refactor posture checks validation * wip: Add posture checks handler tests * Add JSON encoding support to posture checks * Encode posture checks to correct api response object * Refactored posture checks implementation to align with the new API schema * Refactor structure of `Checks` from slice to map * Cleanup * Add posture check activities (#1445) * Revert map to use list of checks * Add posture check activity events * Refactor posture check initialization in account test * Improve the handling of version range in posture check * Fix tests and linter * Remove max_version from NBVersionCheck * Added unit tests for NBVersionCheck * go mod tidy * Extend policy endpoint with posture checks (#1450) * Implement posture and version checks in API models * go mod tidy * Allow attaching posture checks to policy * Update error message for linked posture check on deleting * Refactor PostureCheck and Checks structures * go mod tidy * Add validation for non-existing posture checks * fix unit tests * use Wt version * Remove the enabled field, as posture check will now automatically be activated by default when attaching to a policy * wip: add posture checks structs * add netbird version check * Refactor posture checks and add version checks * Add posture check activities (#1445) * Integrate Endpoints for Posture Checks (#1432) * wip: add posture checks structs * add netbird version check * Refactor posture checks and add version checks * Implement posture and version checks in API models * Refactor API models and enhance posture check functionality * wip: add posture checks endpoints * go mod tidy * Reference the posture checks by id's in policy * Add posture checks management to server * Add posture checks management mocks * implement posture checks handlers * Add posture checks to account copy and fix tests * Refactor posture checks validation * wip: Add posture checks handler tests * Add JSON encoding support to posture checks * Encode posture checks to correct api response object * Refactored posture checks implementation to align with the new API schema * Refactor structure of `Checks` from slice to map * Cleanup * Add posture check activities (#1445) * Revert map to use list of checks * Add posture check activity events * Refactor posture check initialization in account test * Improve the handling of version range in posture check * Fix tests and linter * Remove max_version from NBVersionCheck * Added unit tests for NBVersionCheck * go mod tidy * Extend policy endpoint with posture checks (#1450) * Implement posture and version checks in API models * go mod tidy * Allow attaching posture checks to policy * Update error message for linked posture check on deleting * Refactor PostureCheck and Checks structures * go mod tidy * Add validation for non-existing posture checks * fix unit tests * use Wt version * Remove the enabled field, as posture check will now automatically be activated by default when attaching to a policy * Extend network map generation with posture checks (#1466) * Apply posture checks to network map generation * run policy posture checks on peers to connect * Refactor and streamline policy posture check process for peers to connect. * Add posture checks testing in a network map * Remove redundant nil check in policy.go * Refactor peer validation check in policy.go * Update 'Check' function signature and use logger for version check * Refactor posture checks run on sources and updated the validation func * Update peer validation * fix tests * improved test coverage for policy posture check * Refactoring * Extend NetBird agent to collect kernel version (#1495) * Add KernelVersion field to LoginRequest * Add KernelVersion to system info retrieval * Fix tests * Remove Core field from system info * Replace Core field with new OSVersion field in system info * Added WMI dependency to info_windows.go * Add OS Version posture checks (#1479) * Initial support of Geolocation service (#1491) * Add Geo Location posture check (#1500) * wip: implement geolocation check * add geo location posture checks to posture api * Merge branch 'feature/posture-checks' into geo-posture-check * Remove CityGeoNameID and update required fields in API * Add geoLocation checks to posture checks handler tests * Implement geo location-based checks for peers * Update test values and embed location struct in peer system * add support for country wide checks * initialize country code regex once * Fix peer meta core compability with older clients (#1515) * Refactor extraction of OSVersion in grpcserver * Ignore lint check * Fix peer meta core compability with older management (#1532) * Revert core field deprecation * fix tests * Extend peer meta with location information (#1517) This PR uses the geolocation service to resolve IP to location. The lookup happens once on the first connection - when a client calls the Sync func. The location is stored as part of the peer: * Add Locations endpoints (#1516) * add locations endpoints * Add sqlite3 check and database generation in geolite script * Add SQLite storage for geolocation data * Refactor file existence check into a separate function * Integrate geolocation services into management application * Refactoring * Refactor city retrieval to include Geonames ID * Add signature verification for GeoLite2 database download * Change to in-memory database for geolocation store * Merge manager to geolocation * Update GetAllCountries to return Country name and iso code * fix tests * Add reload to SqliteStore * Add geoname indexes * move db file check to connectDB * Add concurrency safety to SQL queries and database reloading The commit adds mutex locks to the GetAllCountries and GetCitiesByCountry functions to ensure thread-safety during database queries. Additionally, it introduces a mechanism to safely close the old database connection before a new connection is established upon reloading, which improves the reliability of database operations. Lastly, it moves the checking of database file existence to the connectDB function. * Add sha256 sum check to geolocation store before reload * Use read lock * Check SHA256 twice when reload geonames db --------- Co-authored-by: Yury Gargay <yury.gargay@gmail.com> * Add tests and validation for empty peer location in GeoLocationCheck (#1546) * Disallow Geo check creation/update without configured Geo DB (#1548) * Fix shared access to in memory copy of geonames.db (#1550) * Trim suffix in when evaluate Min Kernel Version in OS check * Add Valid Peer Windows Kernel version test * Add Geolocation handler tests (#1556) * Implement user admin checks in posture checks * Add geolocation handler tests * Mark initGeolocationTestData as helper func * Add error handling to geolocation database closure * Add cleanup function to close geolocation resources * Simplify checks definition serialisation (#1555) * Regenerate network map on posture check update (#1563) * change network state and generate map on posture check update * Refactoring * Make city name optional (#1575) * Do not return empty city name * Validate action param of geo location checks (#1577) We only support allow and deny * Switch realip middleware to upstream (#1578) * Be more silent in download-geolite2.sh script * Fix geonames db reload (#1580) * Ensure posture check name uniqueness when create (#1594) * Enhance the management of posture checks (#1595) * add a correct min version and kernel for os posture check example * handle error when geo or location db is nil * expose all peer location details in api response * Check for nil geolocation manager only * Validate posture check before save * bump open api version * add peer location fields to toPeerListItemResponse * Feautre/extend sys meta (#1536) * Collect network addresses * Add Linux sys product info * Fix peer meta comparison * Collect sys info on mac * Add windows sys info * Fix test * Fix test * Fix grpc client * Ignore test * Fix test * Collect IPv6 addresses * Change the IP to IP + net * fix tests * Use netip on server side * Serialize netip to json * Extend Peer metadata with cloud detection (#1552) * add cloud detection + test binary * test windows exe * Collect IPv6 addresses * Change the IP to IP + net * switch to forked cloud detect lib * new test builds * new GCE build * discontinue using library but local copy instead * fix imports * remove openstack check * add hierarchy to cloud check * merge IBM and SoftLayer * close resp bodies and use os lib for file reading * close more resp bodies * fix error check logic * parallelize IBM checks * fix response value * go mod tidy * include context + change kubernetes detection * add context in info functions * extract platform into separate field * fix imports * add missing wmi import --------- Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com> --------- Co-authored-by: pascal-fischer <32096965+pascal-fischer@users.noreply.github.com> * generate proto * remove test binaries --------- Co-authored-by: bcmmbaga <bethuelmbaga12@gmail.com> Co-authored-by: Yury Gargay <yury.gargay@gmail.com> Co-authored-by: Zoltan Papp <zoltan.pmail@gmail.com>
180 lines
3.8 KiB
Go
180 lines
3.8 KiB
Go
package system
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"os"
|
|
"runtime"
|
|
"strings"
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
"github.com/yusufpapurcu/wmi"
|
|
"golang.org/x/sys/windows/registry"
|
|
|
|
"github.com/netbirdio/netbird/client/system/detect_cloud"
|
|
"github.com/netbirdio/netbird/client/system/detect_platform"
|
|
"github.com/netbirdio/netbird/version"
|
|
)
|
|
|
|
type Win32_OperatingSystem struct {
|
|
Caption string
|
|
}
|
|
|
|
type Win32_ComputerSystem struct {
|
|
Manufacturer string
|
|
}
|
|
|
|
type Win32_ComputerSystemProduct struct {
|
|
Name string
|
|
}
|
|
|
|
type Win32_BIOS struct {
|
|
SerialNumber string
|
|
}
|
|
|
|
// GetInfo retrieves and parses the system information
|
|
func GetInfo(ctx context.Context) *Info {
|
|
osName, osVersion := getOSNameAndVersion()
|
|
buildVersion := getBuildVersion()
|
|
|
|
addrs, err := networkAddresses()
|
|
if err != nil {
|
|
log.Warnf("failed to discover network addresses: %s", err)
|
|
}
|
|
|
|
serialNum, err := sysNumber()
|
|
if err != nil {
|
|
log.Warnf("failed to get system serial number: %s", err)
|
|
}
|
|
|
|
prodName, err := sysProductName()
|
|
if err != nil {
|
|
log.Warnf("failed to get system product name: %s", err)
|
|
}
|
|
|
|
manufacturer, err := sysManufacturer()
|
|
if err != nil {
|
|
log.Warnf("failed to get system manufacturer: %s", err)
|
|
}
|
|
|
|
env := Environment{
|
|
Cloud: detect_cloud.Detect(ctx),
|
|
Platform: detect_platform.Detect(ctx),
|
|
}
|
|
|
|
gio := &Info{
|
|
Kernel: "windows",
|
|
OSVersion: osVersion,
|
|
Platform: "unknown",
|
|
OS: osName,
|
|
GoOS: runtime.GOOS,
|
|
CPUs: runtime.NumCPU(),
|
|
KernelVersion: buildVersion,
|
|
NetworkAddresses: addrs,
|
|
SystemSerialNumber: serialNum,
|
|
SystemProductName: prodName,
|
|
SystemManufacturer: manufacturer,
|
|
Environment: env,
|
|
}
|
|
|
|
systemHostname, _ := os.Hostname()
|
|
gio.Hostname = extractDeviceName(ctx, systemHostname)
|
|
gio.WiretrusteeVersion = version.NetbirdVersion()
|
|
gio.UIVersion = extractUserAgent(ctx)
|
|
|
|
return gio
|
|
}
|
|
|
|
func getOSNameAndVersion() (string, string) {
|
|
var dst []Win32_OperatingSystem
|
|
query := wmi.CreateQuery(&dst, "")
|
|
err := wmi.Query(query, &dst)
|
|
if err != nil {
|
|
log.Error(err)
|
|
return "Windows", getBuildVersion()
|
|
}
|
|
|
|
if len(dst) == 0 {
|
|
return "Windows", getBuildVersion()
|
|
}
|
|
|
|
split := strings.Split(dst[0].Caption, " ")
|
|
|
|
if len(split) < 3 {
|
|
return "Windows", getBuildVersion()
|
|
}
|
|
|
|
name := split[1]
|
|
version := split[2]
|
|
if split[2] == "Server" {
|
|
name = fmt.Sprintf("%s %s", split[1], split[2])
|
|
version = split[3]
|
|
}
|
|
|
|
return name, version
|
|
}
|
|
|
|
func getBuildVersion() string {
|
|
k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE)
|
|
if err != nil {
|
|
log.Error(err)
|
|
return "0.0.0.0"
|
|
}
|
|
defer func() {
|
|
deferErr := k.Close()
|
|
if deferErr != nil {
|
|
log.Error(deferErr)
|
|
}
|
|
}()
|
|
|
|
major, _, err := k.GetIntegerValue("CurrentMajorVersionNumber")
|
|
if err != nil {
|
|
log.Error(err)
|
|
}
|
|
minor, _, err := k.GetIntegerValue("CurrentMinorVersionNumber")
|
|
if err != nil {
|
|
log.Error(err)
|
|
}
|
|
build, _, err := k.GetStringValue("CurrentBuildNumber")
|
|
if err != nil {
|
|
log.Error(err)
|
|
}
|
|
// Update Build Revision
|
|
ubr, _, err := k.GetIntegerValue("UBR")
|
|
if err != nil {
|
|
log.Error(err)
|
|
}
|
|
ver := fmt.Sprintf("%d.%d.%s.%d", major, minor, build, ubr)
|
|
return ver
|
|
}
|
|
|
|
func sysNumber() (string, error) {
|
|
var dst []Win32_BIOS
|
|
query := wmi.CreateQuery(&dst, "")
|
|
err := wmi.Query(query, &dst)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return dst[0].SerialNumber, nil
|
|
}
|
|
|
|
func sysProductName() (string, error) {
|
|
var dst []Win32_ComputerSystemProduct
|
|
query := wmi.CreateQuery(&dst, "")
|
|
err := wmi.Query(query, &dst)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return dst[0].Name, nil
|
|
}
|
|
|
|
func sysManufacturer() (string, error) {
|
|
var dst []Win32_ComputerSystem
|
|
query := wmi.CreateQuery(&dst, "")
|
|
err := wmi.Query(query, &dst)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return dst[0].Manufacturer, nil
|
|
}
|