retrieve ips(deep security) identifiers (#852)

* retrieve ips identifiers * fix golangci * use IPS type * fix log message * fix lockfiles config * change label * IPS : only work with fast-root mode
2019-07-02 10:06:30 +09:00
parent 03c3189c02
commit 7b78ebbc42
6 changed files with 93 additions and 27 deletions
--- a/scan/base.go
+++ b/scan/base.go
@@ -336,6 +336,35 @@ func (l *base) detectPlatform() {
 	return
 }

+var dsFingerPrintPrefix = "AgentStatus.agentCertHash: "
+
+func (l *base) detectDeepSecurity() (fingerprint string, err error) {
+	// only work root user
+	if l.getServerInfo().Mode.IsFastRoot() {
+		if r := l.exec("test -f /opt/ds_agent/dsa_query", sudo); r.isSuccess() {
+			cmd := fmt.Sprintf(`/opt/ds_agent/dsa_query -c "GetAgentStatus" | grep %q`, dsFingerPrintPrefix)
+			r := l.exec(cmd, sudo)
+			if r.isSuccess() {
+				line := strings.TrimSpace(r.Stdout)
+				return line[len(dsFingerPrintPrefix):], nil
+			}
+			l.warns = append(l.warns, xerrors.New("Fail to retrieve deepsecurity fingerprint"))
+		}
+	}
+	return "", xerrors.Errorf("Failed to detect deepsecurity %s", l.ServerInfo.ServerName)
+}
+
+func (l *base) detectIPSs() {
+	ips := map[config.IPS]string{}
+
+	fingerprint, err := l.detectDeepSecurity()
+	if err != nil {
+		return
+	}
+	ips[config.DeepSecurity] = fingerprint
+	l.ServerInfo.IPSIdentifiers = ips
+}
+
 func (l *base) detectRunningOnAws() (ok bool, instanceID string, err error) {
 	if r := l.exec("type curl", noSudo); r.isSuccess() {
 		cmd := "curl --max-time 1 --noproxy 169.254.169.254 http://169.254.169.254/latest/meta-data/instance-id"
@@ -432,6 +461,7 @@ func (l *base) convertToModel() models.ScanResult {
 		Platform:          l.Platform,
 		IPv4Addrs:         l.ServerInfo.IPv4Addrs,
 		IPv6Addrs:         l.ServerInfo.IPv6Addrs,
+		IPSIdentifiers:    l.ServerInfo.IPSIdentifiers,
 		ScannedCves:       l.VulnInfos,
 		ScannedVia:        scannedVia,
 		RunningKernel:     l.Kernel,