cleanup and packaging

post_install

@@ -6,4 +6,8 @@ mkdir -p /usr/share/cb/integrations/infoblox/feeds/
 
 chown -R cb:cb /var/log/cb/integrations/infoblox
 chown -R cb:cb /usr/share/cb/integrations/infoblox/feeds/
-chmod +x /usr/share/cb/integrations/infoblox/cbinfoblox
+chmod +x /usr/share/cb/integrations/infoblox/cbinfoblox
+
+chkconfig --add cb-infoblox-connector
+chkconfig --level 345 cb-infoblox-connector on
+

pre_uninstall

@@ -1 +1,4 @@
 #!/bin/sh
+/etc/init.d/cb-infoblox-connector stop
+
+chkconfig --del cb-infoblox-connector

setup.cfg

@@ -3,4 +3,5 @@ force-arch=x86_64
 requires=   python-cbapi >= 0.5,
 	        python-cb-integration >= 1.1.15090,
 	        python-dateutil >= 1.4,
-            python-cbfeeds >= 0.5.2
+            python-cbfeeds >= 0.5.2,
+            pika >= 0.9

src/cbinfoblox/action.py

@@ -16,7 +16,6 @@ def action(self, sensors, domain):
         for sensor in sensors:
             flush_time = time.strftime("%a, %d %b %Y %H:%M:%S GMT", time.gmtime(time.time() + 86400))
             self.cb.sensor_flush(sensor.get('id'), flush_time)
-#            flush_sensor(self.cb, sensor['id'])
 
 
 class IsolateAction(Action):
@@ -27,4 +26,3 @@ def action(self, sensors, domain):
         for sensor in sensors:
             if sensor.get('supports_isolation', False):
                 self.cb.sensor_toggle_isolation(sensor.get('id'), True)
-#                isolate_sensor(self.cb, sensor['id'])

src/cbinfoblox/bridge.py

@@ -48,10 +48,6 @@ def run(self):
 
             self.worker_queue.task_done()
 
-#
-# TODO -- automatically add the FEED?
-# TODO -- better logging
-# TODO -- send out an alert maybe?
 
 class InfobloxBridge(CbIntegrationDaemon):
     def __init__(self, name, configfile):
@@ -60,24 +56,18 @@ def __init__(self, name, configfile):
         self.bridge_options = {}
         self.debug = False
         self.worker_queue = Queue.Queue(maxsize=10)
+        self.config_ready = False
 
     def run(self):
+        self.validate_config()
+
         try:
             self.logger.warn("CB Infoblox Bridge Starting")
             sslverify = False if self.bridge_options.get('carbonblack_server_sslverify', "0") == "0" else True
             self.cb = cbapi.CbApi(self.bridge_options['carbonblack_server_url'],
                                   token=self.bridge_options['carbonblack_server_token'],
                                   ssl_verify=sslverify)
 
-            #
-            # TODO -- for some reason this (checking version) was failing...
-            #
-            # self.logger.debug("checking CB server version")
-            # if not cbint.utils.cbserver.is_server_at_least(self.cb, "4.1"):
-            #     self.logger.error("the configured Carbon Black Enterprise server does not meet the minimum "
-            #                       "required version (4.1)")
-            #     return
-
             self.streaming_host = self.bridge_options.get('carbonblack_streaming_host')
             self.streaming_username = self.bridge_options.get('carbonblack_streaming_username')
             self.streaming_password = self.bridge_options.get('carbonblack_streaming_password')
@@ -90,11 +80,14 @@ def run(self):
             feed_thread = FeedAction(self.cb, self.logger, self.bridge_options)
             feed_thread.start()
 
-            self.logger.info("Started feed_thread")
-            time.sleep(1.0) # ghetto!
+            ctx = feed_thread.flask_feed.app.test_request_context()
+            ctx.push()
+            feed_thread.flask_feed.app.preprocess_request()
+            ctx.pop()
 
-            feed_thread.get_or_create_feed()
+            self.logger.info("flask ready")
 
+            feed_thread.get_or_create_feed()
 
             kill_process_thread = ApiKillProcessAction(self.cb, self.logger)
             kill_process_thread.start()
@@ -113,16 +106,22 @@ def run(self):
 
             self.logger.info("Starting event loop")
 
-            # TODO: just putting this here to make sure we don't exit till the threads do something useful...
-            time.sleep(1000)
+            try:
+                while True:
+                    time.sleep(5)
+            except KeyboardInterrupt:
+                self.logger.warn("Stopping Cb Infoblox Connector due to Control-C")
+                sys.exit(1)
 
-            self.logger.warn("CB Infoblox Connector Stopping")
+            self.logger.warn("Cb Infoblox Connector Stopping")
         except:
             import traceback
             self.logger.error(traceback.format_exc())
 
     def validate_config(self):
-        # TODO - -clean this up more
+        if self.config_ready:
+            return
+
         if 'bridge' in self.options:
             self.bridge_options = self.options['bridge']
         else:
@@ -131,15 +130,9 @@ def validate_config(self):
 
         config_valid = True
         msgs = []
-        # if not 'cyphort_url' in self.bridge_options:
-        #     msgs.append('the config option cyphort_url is required')
-        #     config_valid = False
         if not 'listener_port' in self.bridge_options or not self.bridge_options['listener_port'].isdigit():
             msgs.append('the config option listener_port is required and must be a valid port number')
             config_valid = False
-        # if not 'cyphort_api_key' in self.bridge_options:
-        #     msgs.append('the config option cyphort_api_key is required')
-        #     config_valid = False
         if not 'carbonblack_server_url' in self.bridge_options:
             msgs.append('the config option carbonblack_server_url is required')
             config_valid = False
@@ -153,4 +146,5 @@ def validate_config(self):
                 self.logger.error(msg)
             return False
         else:
+            self.config_ready = True
             return True

src/cbinfoblox/feed.py

@@ -59,8 +59,8 @@ def run(self):
             feed_id = self.get_or_create_feed()
 
             self.logger.info("Restored %d alerts" % num_restored)
+            self.logger.info("starting feed server")
 
-            self.logger.info("starting flask")
             self.serve()
         except:
             import traceback
@@ -89,8 +89,8 @@ def generate_feed(self):
         icon_path="%s/%s" % (self.directory, self.integration_image_path)
         self.logger.info("icon_path: %s" % icon_path)
 
-        ret = cbint.utils.feed.generate_feed(self.feed_name, summary="Infoblox detonation feed",
-                        tech_data="There are no requirements to share any data with Carbon Black to use this feed. However, binaries may be shared with Infoblox.",
+        ret = cbint.utils.feed.generate_feed(self.feed_name, summary="Infoblox secure DNS domain connector",
+                        tech_data="There are no requirements to share any data with Carbon Black to use this feed.",
                         provider_url="http://www.infoblox.com/", icon_path=icon_path,
                         display_name=self.display_name, category="Connectors")
 
@@ -107,15 +107,12 @@ def generate_feed(self):
         return ret
 
     def handle_json_feed_request(self):
-        self.logger.info("handle_json_feed_request")
         return self.flask_feed.generate_json_feed(self.feed)
 
     def handle_html_feed_request(self):
-        self.logger.info("handle_html_feed_request")
         return self.flask_feed.generate_html_feed(self.feed, self.display_name)
 
     def handle_index_request(self):
-        self.logger.info("handle_index_request")
         return self.flask_feed.generate_html_index(self.feed, self.bridge_options, self.display_name,
                                                    self.cb_image_path, self.integration_image_path,
                                                    self.json_feed_path)

src/cbinfoblox/live_response.py

@@ -5,7 +5,6 @@
 import copy
 import pprint
 
-# TODO -- could this grow out of control or anything??
 """A LiveResponseThread is created for every sensor that has processes to kill"""
 class LiveResponseThread(threading.Thread):
     """ note that timeout is not currently implemented
@@ -80,9 +79,10 @@ def _kill_process(self, pid):
         killed = False
         count = 0
 
+        self.logger.warn("Killing %d" % (pid))
+
         while not killed and count < 5:
             resp = self.cb.live_response_session_command_get(session_id, command_id)
-            self.logger.warn("Killing %d" % (pid))
             pprint.pprint(resp)
             if resp.get('status') == 'complete':
                 killed = True
@@ -114,7 +114,6 @@ def _kill_processes(self, target_proc_guids):
 
             if live_proc_guid in target_proc_guids:
                 live_proc_pid = live_proc.get('pid')
-                self.logger.warn("Killing! ----------------------------")
                 pprint.pprint(live_proc)
                 if self._kill_process(live_proc_pid):
                     self.logger.warn("KILLED %d" % live_proc_pid)

src/root/etc/init.d/cb-infoblox-bridge → src/root/etc/init.d/cb-infoblox-connector

@@ -1,18 +1,18 @@
 #!/bin/sh
 #
-# cb-infoblox-bridge
+# cb-infoblox-connector
 #
 # chkconfig:   2345 55 25
-# description: The Carbon Black Infoblox Bridge is a Carbon Black component \
+# description: The Carbon Black Infoblox Connector is a Carbon Black component \
 #              that integrates with the Infoblox SecureDNS to provide \
 #              actions when a bad domain is visited as well as to provide \
 #              a Carbon Black feed of bad domains in your environment.
 
 # Source function library.
 . /etc/rc.d/init.d/functions
 
-exec="/usr/share/cb/integrations/infoblox/cb-infoblox-bridge"
-prog="cb-infoblox-bridge"
+exec="/usr/share/cb/integrations/infoblox/cb-infoblox-connector"
+prog="cb-infoblox-connector"
 pidfile="/var/run/cb/integrations/infoblox.pid"
 
 #[ -f /etc/cb/cb.conf ] || {

src/root/usr/share/cb/integrations/infoblox/cb-infoblox-bridge → src/root/usr/share/cb/integrations/infoblox/cb-infoblox-connector

@@ -8,7 +8,7 @@ import cbinfoblox.bridge
 
 
 if __name__ == "__main__":
-    name = "cb-infoblox-bridge"
+    name = "cb-infoblox-connector"
     daemon = cbinfoblox.bridge.InfobloxBridge(name, "/etc/cb/integrations/infoblox/infoblox.conf")
     if len(sys.argv) == 2:
         if 'start' == sys.argv[1]:

src/test-cb-infoblox-bridge → src/test-cb-infoblox-connector

@@ -8,7 +8,7 @@ import cbinfoblox.bridge
 sys.path.insert(0, "src/")
 
 if __name__ == "__main__":
-    name = "cb-infoblox-bridge"
+    name = "cb-infoblox-connector"
     daemon = cbinfoblox.bridge.InfobloxBridge(name, "root/etc/cb/integrations/infoblox/infoblox.conf")
 
     if len(sys.argv) == 2: