-
Notifications
You must be signed in to change notification settings - Fork 98
/
sshkeys.go
116 lines (96 loc) · 2.49 KB
/
sshkeys.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package table
import (
"context"
"runtime"
"strconv"
"github.com/go-kit/kit/log"
"github.com/go-kit/kit/log/level"
"github.com/kolide/launcher/pkg/keyidentifier"
"github.com/kolide/osquery-go"
"github.com/kolide/osquery-go/plugin/table"
)
var sshDirs = map[string][]string{
// "windows": []string{},
}
var sshDirsDefault = []string{".ssh/*"}
type SshKeysTable struct {
client *osquery.ExtensionManagerClient
logger log.Logger
kIdentifer *keyidentifier.KeyIdentifier
}
// New returns a new table extension
func SshKeys(client *osquery.ExtensionManagerClient, logger log.Logger) *table.Plugin {
columns := []table.ColumnDefinition{
table.TextColumn("user"),
table.TextColumn("path"),
table.TextColumn("type"),
table.IntegerColumn("encrypted"),
table.IntegerColumn("bits"),
table.TextColumn("fingerprint_sha256"),
table.TextColumn("fingerprint_md5"),
}
// we don't want the logging in osquery, so don't instantiate WithLogger()
kIdentifer, err := keyidentifier.New()
if err != nil {
level.Info(logger).Log(
"msg", "Failed to create keyidentifier",
"err", err,
)
return nil
}
t := &SshKeysTable{
client: client,
logger: logger,
kIdentifer: kIdentifer,
}
return table.NewPlugin("kolide_ssh_keys", columns, t.generate)
}
func (t *SshKeysTable) generate(ctx context.Context, queryContext table.QueryContext) ([]map[string]string, error) {
var results []map[string]string
// Find the dirs we're going to search
dirs, ok := sshDirs[runtime.GOOS]
if !ok {
dirs = sshDirsDefault
}
for _, dir := range dirs {
files, err := findFileInUserDirs(dir, t.logger)
if err != nil {
level.Info(t.logger).Log(
"msg", "Error finding ssh keys paths",
"path", dir,
"err", err,
)
continue
}
for _, file := range files {
ki, err := t.kIdentifer.IdentifyFile(file.path)
if err != nil {
level.Debug(t.logger).Log(
"msg", "Failed to get keyinfo for file",
"file", file.path,
"err", err,
)
continue
}
res := map[string]string{
"path": file.path,
"user": file.user,
"type": ki.Type,
}
if ki.Encrypted != nil {
res["encrypted"] = strconv.Itoa(btoi(*ki.Encrypted))
}
if ki.Bits != 0 {
res["bits"] = strconv.FormatInt(int64(ki.Bits), 10)
}
if ki.FingerprintSHA256 != "" {
res["fingerprint_sha256"] = ki.FingerprintSHA256
}
if ki.FingerprintMD5 != "" {
res["fingerprint_md5"] = ki.FingerprintMD5
}
results = append(results, res)
}
}
return results, nil
}