Module: TCellAgent
- Defined in:
- lib/tcell_agent/version.rb,
lib/tcell_agent/api.rb,
lib/tcell_agent/agent.rb,
lib/tcell_agent/rails.rb,
lib/tcell_agent/devise.rb,
lib/tcell_agent/logger.rb,
lib/tcell_agent/patches.rb,
lib/tcell_agent/sinatra.rb,
lib/tcell_agent/userinfo.rb,
lib/tcell_agent/utils/io.rb,
lib/tcell_agent/authlogic.rb,
lib/tcell_agent/rails/dlp.rb,
lib/tcell_agent/rails/dlp.rb,
lib/tcell_agent/rust/models.rb,
lib/tcell_agent/system_info.rb,
lib/tcell_agent/rails/routes.rb,
lib/tcell_agent/routes/table.rb,
lib/tcell_agent/utils/params.rb,
lib/tcell_agent/configuration.rb,
lib/tcell_agent/tcell_context.rb,
lib/tcell_agent/utils/strings.rb,
lib/tcell_agent/rails/on_start.rb,
lib/tcell_agent/rust/whisperer.rb,
lib/tcell_agent/instrumentation.rb,
lib/tcell_agent/policies/policy.rb,
lib/tcell_agent/rails/better_ip.rb,
lib/tcell_agent/rails/responses.rb,
lib/tcell_agent/utils/passwords.rb,
lib/tcell_agent/hooks/login_fraud.rb,
lib/tcell_agent/rails/auth/devise.rb,
lib/tcell_agent/rails/dlp_handler.rb,
lib/tcell_agent/sensor_events/dlp.rb,
lib/tcell_agent/settings_reporter.rb,
lib/tcell_agent/agent/policy_types.rb,
lib/tcell_agent/agent/static_agent.rb,
lib/tcell_agent/rails/routes/grape.rb,
lib/tcell_agent/agent/route_manager.rb,
lib/tcell_agent/agent/policy_manager.rb,
lib/tcell_agent/instrumentation/cmdi.rb,
lib/tcell_agent/rails/auth/authlogic.rb,
lib/tcell_agent/rails/csrf_exception.rb,
lib/tcell_agent/sensor_events/sensor.rb,
lib/tcell_agent/agent/event_processor.rb,
lib/tcell_agent/rails/auth/doorkeeper.rb,
lib/tcell_agent/rails/js_agent_insert.rb,
lib/tcell_agent/rails/routes/route_id.rb,
lib/tcell_agent/sensor_events/metrics.rb,
lib/tcell_agent/sensor_events/patches.rb,
lib/tcell_agent/config/unknown_options.rb,
lib/tcell_agent/policies/rust_policies.rb,
lib/tcell_agent/rails/tcell_body_proxy.rb,
lib/tcell_agent/agent/fork_pipe_manager.rb,
lib/tcell_agent/policies/http_tx_policy.rb,
lib/tcell_agent/rails/settings_reporter.rb,
lib/tcell_agent/sensor_events/discovery.rb,
lib/tcell_agent/start_background_thread.rb,
lib/tcell_agent/policies/dataloss_policy.rb,
lib/tcell_agent/sensor_events/app_config.rb,
lib/tcell_agent/sensor_events/util/utils.rb,
lib/tcell_agent/utils/queue_with_timeout.rb,
lib/tcell_agent/rails/dlp/process_request.rb,
lib/tcell_agent/sensor_events/honeytokens.rb,
lib/tcell_agent/sensor_events/login_fraud.rb,
lib/tcell_agent/sensor_events/server_agent.rb,
lib/tcell_agent/policies/login_fraud_policy.rb,
lib/tcell_agent/appsensor/injections_reporter.rb,
lib/tcell_agent/policies/http_redirect_policy.rb,
lib/tcell_agent/sensor_events/appsensor_event.rb,
lib/tcell_agent/sensor_events/command_injection.rb,
lib/tcell_agent/rails/middleware/global_middleware.rb,
lib/tcell_agent/sensor_events/appsensor_meta_event.rb,
lib/tcell_agent/rails/middleware/context_middleware.rb,
lib/tcell_agent/rails/middleware/headers_middleware.rb,
lib/tcell_agent/sensor_events/util/sanitizer_utilities.rb,
lib/tcell_agent/rails/middleware/body_filter_middleware.rb
Overview
See the file “LICENSE” for the full license governing this code.
Defined Under Namespace
Modules: AppSensor, Cmdi, Config, CsrfExceptionReporter, DLP, DeviseInstrumentation, DoorkeeperInstrumentation, Hooks, Instrumentation, Policies, Routes, Rust, SensorEvents, SystemInfo, Utils
Classes: Agent, BoundedQueue, Configuration, ConfigurationException, MetaData, MyRailtie, NullLoger, PolicyTypes, QueueWithTimeout, Railtie, TCellApi, TCellLogDevice, TaggedLogger, UserInformation
Constant Summary
collapse
- VERSION =
'1.1.9'.freeze
- @@logger_pid =
Process.pid
- @@instance_lock =
Mutex.new
- @@my_thread_agent =
nil
Class Attribute Summary collapse
Class Method Summary
collapse
Class Attribute Details
.configuration ⇒ Object
Returns the value of attribute configuration.
16
17
18
|
# File 'lib/tcell_agent/configuration.rb', line 16
def configuration
@configuration
end
|
Class Method Details
.appfirewall_payloads_logger ⇒ Object
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
# File 'lib/tcell_agent/logger.rb', line 68
def self.appfirewall_payloads_logger
return @null_logger unless TCellAgent.configuration.enabled
if defined?(@paylods_logger) && @logger_pid == Process.pid
return @payloads_logger
end
if TCellAgent.configuration.appfirewall_payloads_logger
@logger_pid = Process.pid
@payloads_logger = TCellAgent.configuration.appfirewall_payloads_logger
return @payloads_logger
end
TCellAgent::Utils::IO.create_directory(
File.dirname(TCellAgent.configuration.appfirewall_payloads_log_filename),
TCellAgent.configuration.agent_home_owner.to_s
)
log_device = TCellLogDevice.new(
TCellAgent.configuration.appfirewall_payloads_log_filename,
:shift_age => 9, :shift_size => 5_242_880
)
@payloads_logger = Logger.new(log_device)
@payloads_logger.level = Logger::INFO
@payloads_logger.formatter = proc do |_severity, datetime, _progname, msg|
date_format = datetime.strftime('%Y-%m-%dT%H:%M:%S.%L%:z')
"#{date_format} - #{msg}\n"
end
@payloads_logger
end
|
19
20
21
22
|
# File 'lib/tcell_agent/configuration.rb', line 19
def self.configure
self.configuration ||= Configuration.new
yield(configuration)
end
|
.discover_database_fields(route_id, database, schema, table, fields) ⇒ Object
50
51
52
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 50
def self.discover_database_fields(route_id, database, schema, table, fields)
thread_agent.discover_database_fields(route_id, database, schema, table, fields)
end
|
.ensure_event_processor_running ⇒ Object
58
59
60
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 58
def self.ensure_event_processor_running
thread_agent.ensure_event_processor_running
end
|
.increment_route(route_id, response_time) ⇒ Object
46
47
48
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 46
def self.increment_route(route_id, response_time)
thread_agent.increment_route(route_id, response_time)
end
|
.increment_session_info(hmac_session_id, user_id, ip_address, user_agent) ⇒ Object
42
43
44
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 42
def self.increment_session_info(hmac_session_id, user_id, ip_address, user_agent)
thread_agent.increment_session_info(hmac_session_id, user_id, ip_address, user_agent)
end
|
.logger ⇒ Object
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
# File 'lib/tcell_agent/logger.rb', line 100
def self.logger
return @null_logger unless TCellAgent.configuration.enabled
return @logger if defined?(@logger) && @logger_pid == Process.pid
if TCellAgent.configuration.logger
@logger_pid = Process.pid
@logger = if TCellAgent.configuration.log_tag
TCellAgent::TaggedLogger.new(TCellAgent.configuration.log_tag, TCellAgent.configuration.logger)
else
TCellAgent.configuration.logger
end
return @logger
end
@logger_pid = Process.pid
logging_options = TCellAgent.configuration.logging_options || {}
use_default_setting = !logging_options.key?(:enabled) && !logging_options.key?('enabled')
if use_default_setting || logging_options[:enabled] || logging_options['enabled']
logging_file = TCellAgent.configuration.log_filename
logging_directory = File.dirname(logging_file)
TCellAgent::Utils::IO.create_directory(logging_directory, TCellAgent.configuration.agent_home_owner.to_s)
log_device = TCellLogDevice.new(logging_file, :shift_age => 9, :shift_size => 5_242_880)
level = logging_level_from_string(logging_options[:level] || logging_options['level'])
@logger = Logger.new(log_device)
@logger.level = level
@logger.formatter = proc do |severity, datetime, _progname, msg|
date_format = datetime.strftime('%Y-%m-%dT%H:%M:%S.%L%:z')
"#{date_format} - [#{TCellAgent::VERSION}] - #{severity}[#{@logger_pid}]: #{msg}\n"
end
return @logger
else
@null_logger
end
@null_logger
end
|
.logger=(logger) ⇒ Object
147
148
149
|
# File 'lib/tcell_agent/logger.rb', line 147
def self.logger=(logger)
@logger = logger
end
|
.logging_level_from_string(level_string) ⇒ Object
58
59
60
61
62
63
64
65
66
|
# File 'lib/tcell_agent/logger.rb', line 58
def self.logging_level_from_string(level_string)
return Logger::DEBUG if level_string == 'DEBUG'
return Logger::WARN if level_string == 'WARN'
return Logger::INFO if level_string == 'INFO'
return Logger::ERROR if level_string == 'ERROR'
return Logger::FATAL if level_string == 'FATAL'
Logger::INFO
end
|
.policy(policy_type) ⇒ Object
38
39
40
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 38
def self.policy(policy_type)
thread_agent.policies.fetch(policy_type, nil)
end
|
.queue_metric(event) ⇒ Object
34
35
36
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 34
def self.queue_metric(event)
thread_agent._queue_metric(event)
end
|
.report_settings(send_startup_events) ⇒ Object
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
# File 'lib/tcell_agent/settings_reporter.rb', line 8
def self.report_settings(send_startup_events)
return unless send_startup_events && TCellAgent.configuration.should_instrument?
Thread.new do
TCellAgent::Instrumentation.safe_block('Instrumenting Agent Details') do
event = TCellAgent::SensorEvents::ServerAgentDetailsSensorEvent.new
TCellAgent.send_event(event)
end
TCellAgent::Instrumentation.safe_block('Instrumenting Server Packages') do
event = TCellAgent::SensorEvents::ServerAgentPackagesSensorEvent.new
TCellAgent.send_event(event)
end
TCellAgent::Instrumentation.safe_block('Instrumenting Native Lib Status') do
require 'tcell_agent/rust/whisperer'
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
'native_lib_loaded',
TCellAgent::Rust::Wrapper.common_lib_available?.to_s
)
)
end
TCellAgent::Instrumentation.safe_block('Instrumenting Initial Config') do
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
'allow_payloads',
(!!TCellAgent.configuration.allow_payloads).to_s
)
)
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
'reverse_proxy',
(!!TCellAgent.configuration.reverse_proxy).to_s
)
)
TCellAgent.configuration.log_filename
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
'config_filename',
TCellAgent.configuration.config_filename
)
)
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
'logging_directory',
TCellAgent.configuration.agent_log_dir
)
)
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
'agent_home_directory',
TCellAgent.configuration.agent_home_dir
)
)
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
'agent_home_owner',
TCellAgent.configuration.agent_home_owner
)
)
logging_options = TCellAgent.configuration.logging_options || {}
use_default_setting = !logging_options.key?(:enabled) && !logging_options.key?('enabled')
if use_default_setting || logging_options[:enabled] || logging_options['enabled']
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new('logging_enabled', 'true')
)
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
'logging_level',
logging_options[:level] || logging_options['level'] || 'INFO'
)
)
else
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new('logging_enabled', 'false')
)
end
if TCellAgent.configuration.hmac_key
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
'hmac_key_present',
(!!TCellAgent.configuration.hmac_key).to_s
)
)
end
if TCellAgent.configuration.reverse_proxy
TCellAgent.send_event(
TCellAgent::SensorEvents::TCellAgentSettingEvent.new(
'reverse_proxy_ip_address_header',
TCellAgent.configuration.
)
)
end
end
if defined?(::Rails)
TCellAgent::Instrumentation.safe_block('Instrumenting routes') do
TCellAgent::Instrumentation::Rails.instrument_routes
end
end
end
end
|
.run_instrumentation(server_name, send_startup_events = true) ⇒ Object
14
15
16
17
18
19
20
21
22
23
24
25
|
# File 'lib/tcell_agent/start_background_thread.rb', line 14
def self.run_instrumentation(server_name, send_startup_events = true)
require 'tcell_agent/hooks/login_fraud'
require 'tcell_agent/rails/on_start' if defined?(Rails)
require 'tcell_agent/settings_reporter'
TCellAgent::Instrumentation.safe_block('Starting thread agent') do
TCellAgent.logger.debug("Instrumenting: #{server_name}")
TCellAgent.thread_agent.start
end
report_settings(send_startup_events)
end
|
.safe_to_send_cmdi_events? ⇒ Boolean
62
63
64
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 62
def self.safe_to_send_cmdi_events?
thread_agent.safe_to_send_cmdi_events?
end
|
.send_event(event) ⇒ Object
30
31
32
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 30
def self.send_event(event)
thread_agent.queue_sensor_event(event)
end
|
.stop_agent ⇒ Object
54
55
56
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 54
def self.stop_agent
thread_agent.stop_agent = true
end
|
.thread_agent ⇒ Object
9
10
11
12
13
14
15
16
17
18
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 9
def self.thread_agent
if thread_agent_defined? == false
@@instance_lock.synchronize do
if thread_agent_defined? == false
@@my_thread_agent = TCellAgent::Agent.new(Process.pid)
end
end
end
@@my_thread_agent
end
|
.thread_agent=(some_agent) ⇒ Object
24
25
26
27
28
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 24
def self.thread_agent=(some_agent)
@@instance_lock.synchronize do
@@my_thread_agent = some_agent
end
end
|
.thread_agent_defined? ⇒ Boolean
20
21
22
|
# File 'lib/tcell_agent/agent/static_agent.rb', line 20
def self.thread_agent_defined?
@@my_thread_agent != nil
end
|