Class: Mdm::Host

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Mdm::Host

Includes:

OperatingSystemNormalization

Defined in:

app/models/mdm/host.rb

Overview

A system with an IP address on the network that has been discovered in some way.

Defined Under Namespace

Modules: OperatingSystemNormalization

Constant Summary

ARCHITECTURES =

Either the CPU architecture for native code or the programming language name for exploits that run code in the programming language's virtual machine.

[
    'armbe',
    'armle',
    'cbea',
    'cbea64',
    'cmd',
    'java',
    'mips',
    'mipsbe',
    'mipsle',
    'php',
    'ppc',
    'ppc64',
    'ruby',
    'sparc',
    'tty',
    # To be used for compatability with 'X86_64'
    'x64',
    'x86',
    'x86_64'
]

SEARCH_FIELDS =

Fields searched for the search scope

[
    'address::text',
    'comments',
    'mac',
    'name',
    'os_flavor',
    'os_name',
    'os_sp',
    'purpose'
]

STATES =

Valid values for #state.

[
    'alive',
    'down',
    'unknown'
]

Instance Attribute Summary

• #address ⇒ String

  The IP address of this host.

• #arch ⇒ String

  The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.

• #comm ⇒ String
• #comments ⇒ String

  User supplied comments about host.

• #created_at ⇒ DateTime

  When this host was created in the database.

• #cred_count ⇒ Integer

  Counter cache for #creds.

• #creds ⇒ Array<Mdm::Cred> readonly

  Credentials captured from #services.

• #exploit_attempt_count ⇒ Integer

  Counter cache for #exploit_attempts.

• #exploit_attempts ⇒ Array<Mdm::ExploitAttempt]

  Attempts to run exploits against this host.

• #exploited_hosts ⇒ Array<Mdm::ExploitedHost>
• #host_detail_count ⇒ Integer

  Counter cache for #host_details.

• #host_details ⇒ Array<Mdm::HostDetail>
• #hosts_tags ⇒ Array<Mdm::HostTag>

  A join model between Tag and Host.

• #info ⇒ String

  Information about this host gathered from the host.

• #loots ⇒ Array<Mdm::Loot>

  Loot gathered from the host with newest loot first.

• #mac ⇒ String

  The MAC address of this host.

• #module_details ⇒ Array<Mdm::Module::Detail] readonly

  Details about modules that were used to find vulnerabilities on this host.

• #module_refs ⇒ Array<Mdm::Module::Ref> readonly

  References for modules for references for vulnerabilities.

• #name ⇒ String

  The name of the host.

• #note_count ⇒ Integer

  Counter cache for #notes.

• #notes ⇒ Array<Mdm::Note>

  Notes about the host entered by a user with oldest notes first.

• #os_flavor ⇒ String

  The flavor of #os_name.

• #os_lang ⇒ String

  Free-form language of operating system.

• #os_name ⇒ String

  The name of the operating system.

• #os_sp ⇒ String

  The service pack of the #os_flavor of the #os_name.

• #purpose ⇒ String

  The purpose of the host on the network, such as 'client' or 'firewall'.

• #refs ⇒ Array<Mdm::Ref> readonly

  External references, such as CVE, to vulnerabilities found on this host.

• #scope ⇒ String

  Interface identifier for link-local IPv6.

• #service_count ⇒ Integer

  Counter cache for #services.

• #service_notes ⇒ Array<Mdm::Note> readonly

  Notes about #services running on this host.

• #services ⇒ Array<Mdm::Service>

  The services running on ports on the host with services ordered by port and protocol.

• #sessions ⇒ Array<Mdm::Session]

  Sessions that are open or previously were open on the host ordered by when the session was opened.

• #state ⇒ String

  Whether the host is alive, down, or in an unknown state.

• #tags ⇒ Array<Mdm::Tag> readonly

  The tags on this host.

• #task_hosts ⇒ Array<Mdm::TaskHost>

  Details about what Tasks touched this host.

• #tasks ⇒ Array<Mdm::Task>

  Tasks that touched this service.

• #updated_at ⇒ DateTime

  The last time this host was updated in the database.

• #virtual_host ⇒ String

  The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.

• #vuln_count ⇒ Integer

  Counter cache for #vulns.

• #vuln_refs ⇒ Array<Mdm::VulnRef> readonly

  Join model between #vulns and #refs.

• #vulns ⇒ Array<Mdm::Vuln>

  Vulnerabilities found on the host.

• #web_sites ⇒ Array<Mdm::WebSite> readonly

  Web sites running on top of #services on this host.

• #workspace ⇒ Mdm::Workspace

  The workspace in which this host was found.

Instance Method Summary

• #attribute_locked?(attr) ⇒ true, false

  Returns whether 'host.updated.' note is locked.

• #cleanup_tags ⇒ void

  Destroys any Mdm::Tags that will have no Tag#hosts left after this host is deleted.

• #ip_address_invalid? ⇒ void

  This is replicated by the IpAddressValidator class.

• #is_vm? ⇒ true, false

  Returns whether this host is a virtual machine.

Methods included from OperatingSystemNormalization

#get_arch_from_string, #normalize_os, #normalize_scanner_fp, #parse_windows_os_str, #validate_fingerprint_data

Instance Attribute Details

#address ⇒ String

The IP address of this host.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 220

#arch ⇒ String

The architecture of the host's CPU OR the programming language for virtual machine programming language like Ruby, PHP, and Java.

Returns:

• (String) —

  an element of ARCHITECTURES

# File 'app/models/mdm/host.rb', line 225

#comm ⇒ String

TODO:

https://www.pivotaltracker.com/story/show/49722411

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 231

#comments ⇒ String

User supplied comments about host.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 236

#created_at ⇒ DateTime

When this host was created in the database.

Returns:

• (DateTime)

# File 'app/models/mdm/host.rb', line 241

#cred_count ⇒ Integer

Counter cache for #creds.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 246

#creds ⇒ Array<Mdm::Cred> (readonly)

Credentials captured from #services.

Returns:

• (Array<Mdm::Cred>)

See Also:

• #services

# File 'app/models/mdm/host.rb', line 152

has_many :creds, :class_name => 'Mdm::Cred', :through => :services

#exploit_attempt_count ⇒ Integer

Counter cache for #exploit_attempts.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 251

#exploit_attempts ⇒ Array<Mdm::ExploitAttempt]

Attempts to run exploits against this host.

Returns:

• (Array<Mdm::ExploitAttempt]) —

  Array<Mdm::ExploitAttempt]

# File 'app/models/mdm/host.rb', line 72

has_many :exploit_attempts,
:class_name => 'Mdm::ExploitAttempt',
:dependent => :destroy

#exploited_hosts ⇒ Array<Mdm::ExploitedHost>

TODO:

https://www.pivotaltracker.com/story/show/48993731

Returns:

• (Array<Mdm::ExploitedHost>)

# File 'app/models/mdm/host.rb', line 79

has_many :exploited_hosts, :class_name => 'Mdm::ExploitedHost', :dependent => :destroy

#host_detail_count ⇒ Integer

Counter cache for #host_details.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 256

#host_details ⇒ Array<Mdm::HostDetail>

Returns:

• (Array<Mdm::HostDetail>)

# File 'app/models/mdm/host.rb', line 83

has_many :host_details, :class_name => 'Mdm::HostDetail', :dependent => :destroy

#hosts_tags ⇒ Array<Mdm::HostTag>

TODO:

https://www.pivotaltracker.com/story/show/48923201

A join model between Tag and Mdm::Host. Use #tags to get the actual Mdm::Tags on this host. #hosts_tags are cleaned up in a before_destroy: #cleanup_tags.

Returns:

• (Array<Mdm::HostTag>)

# File 'app/models/mdm/host.rb', line 91

has_many :hosts_tags, :class_name => 'Mdm::HostTag'

#info ⇒ String

Information about this host gathered from the host.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 261

#loots ⇒ Array<Mdm::Loot>

TODO:

https://www.pivotaltracker.com/story/show/48991525

Loot gathered from the host with newest loot first.

Returns:

• (Array<Mdm::Loot>)

# File 'app/models/mdm/host.rb', line 98

has_many :loots, :class_name => 'Mdm::Loot', :dependent => :destroy, :order => 'loots.created_at DESC'

#mac ⇒ String

The MAC address of this host.

Returns:

• (String)

See Also:

• http://en.wikipedia.org/wiki/Mac_address

# File 'app/models/mdm/host.rb', line 266

#module_details ⇒ Array<Mdm::Module::Detail] (readonly)

Details about modules that were used to find vulnerabilities on this host.

Returns:

• (Array<Mdm::Module::Detail]) —

  Array<Mdm::Module::Detail]

# File 'app/models/mdm/host.rb', line 210

has_many :module_details,
:class_name => 'Mdm::Module::Detail',
:source =>:detail,
:through => :module_refs,
:uniq => true

#module_refs ⇒ Array<Mdm::Module::Ref> (readonly)

References for modules for references for vulnerabilities.

Returns:

• (Array<Mdm::Module::Ref>)

# File 'app/models/mdm/host.rb', line 200

has_many :module_refs, :class_name => 'Mdm::Module::Ref', :through => :refs

#name ⇒ String

The name of the host. If the host name is not available, then it will just be the IP address.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 272

#note_count ⇒ Integer

Counter cache for #notes.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 277

#notes ⇒ Array<Mdm::Note>

Notes about the host entered by a user with oldest notes first.

Returns:

• (Array<Mdm::Note>)

# File 'app/models/mdm/host.rb', line 104

has_many :notes, :class_name => 'Mdm::Note', :dependent => :delete_all, :order => 'notes.created_at'

#os_flavor ⇒ String

The flavor of #os_name.

Examples:

Windows XP

host.os_name = 'Microsoft Windows'
host.os_flavor = 'XP'

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 282

#os_lang ⇒ String

Free-form language of operating system. Usually either spelled out like 'English' or an IETF language tag like 'en' or 'en-US'.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 291

#os_name ⇒ String

The name of the operating system.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 297

#os_sp ⇒ String

The service pack of the #os_flavor of the #os_name.

Examples:

Windows XP SP2

host.os_name = 'Microsoft Windows'
host.os_flavor = 'XP'
host.os_sp = 'SP2'

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 302

#purpose ⇒ String

The purpose of the host on the network, such as 'client' or 'firewall'.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 312

#refs ⇒ Array<Mdm::Ref> (readonly)

External references, such as CVE, to vulnerabilities found on this host.

Returns:

• (Array<Mdm::Ref>)

See Also:

• #vuln_refs

# File 'app/models/mdm/host.rb', line 190

has_many :refs, :class_name => 'Mdm::Ref', :through => :vuln_refs

#scope ⇒ String

Interface identifier for link-local IPv6

Returns:

• (String)

See Also:

• http://en.wikipedia.org/wiki/IPv6_address#Link-local_addresses_and_zone_indices

# File 'app/models/mdm/host.rb', line 317

#service_count ⇒ Integer

Counter cache for #services.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 323

#service_notes ⇒ Array<Mdm::Note> (readonly)

Notes about #services running on this host.

Returns:

• (Array<Mdm::Note>)

See Also:

• #services

# File 'app/models/mdm/host.rb', line 159

has_many :service_notes, :class_name => 'Mdm::Note', :through => :services

#services ⇒ Array<Mdm::Service>

The services running on ports on the host with services ordered by port and protocol.

Returns:

• (Array<Mdm::Service>)

# File 'app/models/mdm/host.rb', line 111

has_many :services, :class_name => 'Mdm::Service', :dependent => :destroy, :order => 'services.port, services.proto'

#sessions ⇒ Array<Mdm::Session]

Sessions that are open or previously were open on the host ordered by when the session was opened

Returns:

• (Array<Mdm::Session]) —

  Array<Mdm::Session]

# File 'app/models/mdm/host.rb', line 118

has_many :sessions, :class_name => 'Mdm::Session', :dependent => :destroy, :order => 'sessions.opened_at'

#state ⇒ String

Whether the host is alive, down, or in an unknown state.

Returns:

• (String) —

  element of STATES.

# File 'app/models/mdm/host.rb', line 328

#tags ⇒ Array<Mdm::Tag> (readonly)

The tags on this host. Tags are used to filter hosts.

Returns:

• (Array<Mdm::Tag>)

See Also:

• #hosts_tags

# File 'app/models/mdm/host.rb', line 141

has_many :tags, :class_name => 'Mdm::Tag', :through => :hosts_tags

#task_hosts ⇒ Array<Mdm::TaskHost>

Details about what Tasks touched this host

Returns:

• (Array<Mdm::TaskHost>)

# File 'app/models/mdm/host.rb', line 60

has_many :task_hosts, :dependent => :destroy, :class_name => 'Mdm::TaskHost'

#tasks ⇒ Array<Mdm::Task>

Tasks that touched this service

Returns:

• (Array<Mdm::Task>)

# File 'app/models/mdm/host.rb', line 66

has_many :tasks, :through => :task_hosts, :class_name => 'Mdm::Task'

#updated_at ⇒ DateTime

The last time this host was updated in the database.

Returns:

• (DateTime)

# File 'app/models/mdm/host.rb', line 333

#virtual_host ⇒ String

The name of the virtual machine host software, such as 'VMWare', 'QEMU', 'XEN', etc.

Returns:

• (String)

# File 'app/models/mdm/host.rb', line 338

#vuln_count ⇒ Integer

Counter cache for #vulns.

Returns:

• (Integer)

# File 'app/models/mdm/host.rb', line 343

#vuln_refs ⇒ Array<Mdm::VulnRef> (readonly)

TODO:

https://www.pivotaltracker.com/story/show/49004623

Join model between #vulns and #refs. Use either of those asssociations instead of this join model.

Returns:

• (Array<Mdm::VulnRef>)

See Also:

• #refs
• #vulns

# File 'app/models/mdm/host.rb', line 179

has_many :vuln_refs, :class_name => 'Mdm::VulnRef', :source => :vulns_refs, :through => :vulns

#vulns ⇒ Array<Mdm::Vuln>

Vulnerabilities found on the host.

Returns:

• (Array<Mdm::Vuln>)

# File 'app/models/mdm/host.rb', line 124

has_many :vulns, :class_name => 'Mdm::Vuln', :dependent => :delete_all

#web_sites ⇒ Array<Mdm::WebSite> (readonly)

Web sites running on top of #services on this host.

Returns:

• (Array<Mdm::WebSite>)

See Also:

• #services

# File 'app/models/mdm/host.rb', line 166

has_many :web_sites, :class_name => 'Mdm::WebSite', :through => :services

#workspace ⇒ Mdm::Workspace

The workspace in which this host was found.

Returns:

• (Mdm::Workspace)

# File 'app/models/mdm/host.rb', line 130

belongs_to :workspace, :class_name => 'Mdm::Workspace'

Instance Method Details

#attribute_locked?(attr) ⇒ true, false

Returns whether 'host.updated.' note is locked.

Returns:

• (true) —

  if Mdm::Note with 'host.updated.' as Note#name exists and data[:locked] is true.

• (false) —

  otherwise.

# File 'app/models/mdm/host.rb', line 415

def attribute_locked?(attr)
  n = notes.find_by_ntype("host.updated.#{attr}")
  n && n.data[:locked]
end

#cleanup_tags ⇒ void

This method returns an undefined value.

Destroys any Mdm::Tags that will have no Tag#hosts left after this host is deleted.

# File 'app/models/mdm/host.rb', line 423

def cleanup_tags
  # No need to keep tags with no hosts
  tags.each do |tag|
    tag.destroy if tag.hosts == [self]
  end
  # Clean up association table records
  Mdm::HostTag.delete_all("host_id = #{self.id}")
end

#ip_address_invalid? ⇒ void

This method returns an undefined value.

This is replicated by the IpAddressValidator class. Had to put it here as well to avoid SQL errors when checking address uniqueness.

# File 'app/models/mdm/host.rb', line 436

def ip_address_invalid?
  begin
    potential_ip = IPAddr.new(address)
    return true unless potential_ip.ipv4? || potential_ip.ipv6?
  rescue ArgumentError
    return true
  end
end

#is_vm? ⇒ true, false

Returns whether this host is a virtual machine.

Returns:

• (true) —

  unless #virtual_host is nil.

• (false) —

  otherwise.

# File 'app/models/mdm/host.rb', line 449

def is_vm?
  !!self.virtual_host
end