public function Exec($command, $stdin = '')
{
$database = $this->session->getDatabase();
$name = $database['name'];
$engine = $this->session->getSpoolerByName($name, 'waae');
if (!isset($engine[0]['shell'])) {
print "?!";
exit;
}
set_include_path('../vendor/phpseclib' . PATH_SEPARATOR . get_include_path());
include 'Net/SSH2.php';
include 'Crypt/RSA.php';
$shell = $engine[0]['shell'];
$host = $shell['host'];
$user = $shell['user'];
$ssh = new \Net_SSH2($host);
if (isset($shell['key'])) {
$key = new \Crypt_RSA();
$ret = $key->loadKey($shell['key']);
if (!$ret) {
echo "loadKey failed\n";
print "<pre>" . $ssh->getLog() . '</pre>';
exit;
}
} elseif (isset($shell['password'])) {
$key = $shell['password'];
} else {
$key = '';
// ?! possible ?
}
if (!$ssh->login('autosys', $key)) {
print 'Login Failed';
print "<pre>" . $ssh->getLog() . '</pre>';
exit;
}
if ($stdin == '') {
return $ssh->exec(". ~/.bash_profile;{$command}");
}
// Test STDIN
$ssh->enablePTY();
print "profile" . $ssh->exec(". ~/.bash_profile");
print "sort" . ($exec = $ssh->exec('sort'));
$ssh->write(<<<EOF
echo "update_job: SE.ERIC.JOB.JobType_UNIX"
echo "description: 'ok!!'
EOF
);
$ssh->reset(true);
$ssh->setTimeout(2);
print $ssh->read();
return;
return $ssh->read();
// outputs the echo above
}
$path = getcwd();
chdir('php/pear');
$path = getcwd();
set_include_path($path);
@($query = mysqli_query($connect, "SELECT * FROM configureddb where dbuid='{$option}'"));
while ($query_row = mysqli_fetch_assoc($query)) {
$hostname = $query_row['server'];
$sslusername = $query_row['sslusername'];
$sslpassword = $query_row['sslpassword'];
}
set_include_path(get_include_path() . '/' . 'phpsec');
include 'Net/SSH2.php';
include 'File/ANSI.php';
$ssh = new Net_SSH2(@$hostname);
if (@$ssh->login(@$sslusername, @$sslpassword)) {
$ssh->enablePTY();
$ssh->exec('ps axo pid,ppid,%cpu,pmem,user,group,args --sort %cpu');
$ssh->setTimeout(2);
$hello = $ssh->read();
$ps = explode("\n", $hello);
$proc = array();
foreach ($ps as $process) {
$processes[] = preg_split('@\\s+@', trim($process), 7);
}
unset($processes[0]);
foreach ($processes as $pro) {
$proc[] = @array('pid' => $pro[0], 'ppid' => $pro[1], 'cpu' => $pro[2], 'pmem' => $pro[3], 'user' => $pro[4], 'group' => $pro[5], 'cmd' => $pro[6]);
}
echo json_encode($proc);
} else {
echo "[]";
public function checkDeviceFW($deviceID = false)
{
global $db_CS;
global $access;
global $allowedParams;
global $allowedGroupsDeviceList;
global $allowedGroupsArray;
$deviceID = isset($_REQUEST['deviceID']) ? htmlspecialchars($_REQUEST['deviceID']) : $deviceID;
$sql = "SELECT tLastAliveIP,tDeviceVPNName,tDeviceFirmware,tRootPwd FROM DeviceList WHERE id = '{$deviceID}'";
$db_CS->autocommit(FALSE);
$data["rstatus"] = false;
if ($rs = $db_CS->query($sql)) {
if ($connection = $rs->fetch_assoc()) {
set_include_path(get_include_path() . PATH_SEPARATOR . '/var/www/html/sacp/includes/phpseclib');
include 'Net/SSH2.php';
include 'File/ANSI.php';
$data["tDeviceVPNName"] = $connection["tDeviceVPNName"];
if (filter_var($connection["tLastAliveIP"], FILTER_VALIDATE_IP)) {
$ssh = new Net_SSH2($connection["tLastAliveIP"], '22');
if (!$ssh->login('root', $connection["tRootPwd"])) {
$host_connected = false;
$data["result"] = "Auth failed!";
$data["alert_type"] = "danger alert";
} else {
// WE GOT A CONNECTION !
$ansi = new File_ANSI();
$ssh->enablePTY();
$fwCMD = "cat /http/default/_version.php | grep 'define' | grep 'PRODUCT_VERSION' | awk -F ',' '{print \$2}' | sed 's/[^[:alnum:]\\.[:space:]]\\+//g'";
$ssh->exec($fwCMD);
$ansi->appendString($ssh->read());
$response["cmdOutput"] = htmlspecialchars_decode(strip_tags($ansi->getHistory()));
if ($connection["tDeviceFirmware"] != $response["cmdOutput"]) {
$sql = "UPDATE DeviceList\n\t\t\t\t\t\t\t\t\tSET tDeviceFirmware = '" . $response["cmdOutput"] . "'\n\t\t\t\t\t\t\t\t\tWHERE id = '{$deviceID}'";
if ($db_CS->query($sql) && $db_CS->affected_rows > 0) {
if ($this->updateDeviceHistoryMember($deviceID, 'tDeviceFirmware')) {
$db_CS->commit();
$data["rstatus"] = true;
$data["alert_type"] = "success alert";
$data["result"] = "FW updated from " . $connection["tDeviceFirmware"] . " to " . $response["cmdOutput"] . "";
} else {
$data["rstatus"] = true;
//$data["sql"] = $sql;
$data["alert_type"] = "danger alert";
$data["result"] = 'Ошибка сохранения или такого устройства не существует';
}
}
} else {
$data["rstatus"] = true;
$data["alert_type"] = "success alert";
$data["result"] = "FW is up to date! (Answer: " . addslashes($response["cmdOutput"]) . ")";
}
}
} else {
$data["result"] = "Wrong IP! (" . $connection["tLastAliveIP"] . ")";
}
header('Content-Type: application/json');
echo json_encode($data);
}
}
}
public function fire($job, $data)
{
$output = new Symfony\Component\Console\Output\ConsoleOutput();
$node = Node::find($data['message']['node_id']);
$s3 = \Aws\S3\S3Client::factory(array('key' => 'AKIAIUCV4E2L4HDCDOUA', 'secret' => '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', 'region' => 'us-east-1'));
$all_keys = Key::where('integration_id', '=', $data['message']['integration_id'])->get();
foreach ($all_keys as $pem_key_reference) {
if ($pem_key_reference->remote_url) {
$unique_key_name = rand(0, 9999) . $pem_key_reference->remote_url;
$key_bucket = App::isLocal() ? 'devkeys.nosprawl.software' : 'keys.nosprawl.software';
$s3->getObject(array('Bucket' => $key_bucket, 'Key' => $pem_key_reference->remote_url, 'SaveAs' => '/tmp/' . $unique_key_name));
// Shouldn't need these two lines at all.
exec('chmod 400 /tmp/' . $unique_key_name);
$empty = null;
$s3_resource_root = App::isLocal() ? 'http://agent.nosprawl.software/dev/' : 'http://agent.nosprawl.software/';
$latest_version = exec("curl -s " . $s3_resource_root . "latest", $empty);
$latest_version_url = $s3_resource_root . $latest_version;
$ssh = new Net_SSH2($node->public_dns_name);
$ssh->enableQuietMode();
$ssh->enablePTY();
$key = new Crypt_RSA();
$key->loadKey(file_get_contents('/tmp/' . $unique_key_name));
exec('rm -rf /tmp/' . $unique_key_name);
if (!$ssh->login($pem_key_reference->username, $key)) {
continue;
} else {
$possible_installers = ["yum", "apt-get"];
foreach ($possible_installers as $possible_installer) {
$installer_check_result = false;
$found = false;
$ssh->exec("sudo " . $possible_installer . " -y install ruby");
$install_result = $ssh->read();
$output->writeln($install_result);
$install_exit_status = $ssh->getExitStatus();
if ($install_exit_status == 0) {
Queue::push('DeployAgentToNode', array('message' => array('node_id' => $node->id, 'integration_id' => $node->integration->id)));
return $job->delete();
}
}
}
} else {
$output->writeln("This is what we do if all we have is a password.");
continue;
}
}
// If we got to this point we were unable to install Curl automatically.
$problem = new Problem();
$problem->description = "Couldn't install Curl.";
$problem->reason = "Unable to automatically install Curl. Please install it manually.";
$problem->node_id = $node->id;
$problem->save();
$remediation = new Remediation();
$remediation->name = "Retry Deployment";
$remediation->queue_name = "DeployAgentToNode";
$remediation->problem_id = $problem->id;
$remediation->save();
$remediation = new Remediation();
$remediation->name = "Cancel";
$remediation->queue_name = "CancelDeployAgentToNode";
$remediation->problem_id = $problem->id;
$remediation->save();
return $job->delete();
}
public function fire($job, $data)
{
$output = new Symfony\Component\Console\Output\ConsoleOutput();
$node = Node::find($data['message']['node_id']);
// Make sure node exists
if (!$node) {
$output->writeln("node doesn't exist anymore. no need for this job.");
return $job->delete();
}
// Make sure node isn't terminated
/*if($node->service_provider_status == "terminated") {
return $job->delete();
}*/
// Make sure node is running
if ($node->service_provider_status != "running") {
return $job->release();
$output->writeln("node is not running");
}
// Keys are always stored on S3. This is the NoS account.
$s3 = \Aws\S3\S3Client::factory(array('key' => 'AKIAIUCV4E2L4HDCDOUA', 'secret' => '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', 'region' => 'us-east-1'));
$all_keys = Key::where('integration_id', '=', $data['message']['integration_id'])->get();
$unique_key_name = null;
$cmdout = null;
// Make sure the user has added credentials for this integration
if ($all_keys->isEmpty()) {
$problem = new Problem();
$problem->description = "Couldn't deploy agent";
$problem->reason = "No credentials added for this integration.<br /><br />You can manage your integration credentials on the <a href='#'>integrations</a> page.<br />Or <a href='#'>deploy manually</a>.";
$problem->node_id = $node->id;
$problem->long_message = true;
$problem->save();
$remediation = new Remediation();
$remediation->name = "Cancel";
$remediation->queue_name = "CancelDeployAgentToNode";
$remediation->problem_id = $problem->id;
$remediation->save();
$remediation = new Remediation();
$remediation->name = "Retry";
$remediation->queue_name = "DeployAgentToNode";
$remediation->problem_id = $problem->id;
$remediation->save();
return $job->delete();
}
$eventually_logged_in = false;
foreach ($all_keys as $pem_key_reference) {
if ($pem_key_reference->remote_url) {
$unique_key_name = rand(0, 9999) . $pem_key_reference->remote_url;
$key_bucket = App::isLocal() ? 'devkeys.nosprawl.software' : 'keys.nosprawl.software';
$s3->getObject(array('Bucket' => $key_bucket, 'Key' => $pem_key_reference->remote_url, 'SaveAs' => '/tmp/' . $unique_key_name));
exec('chmod 400 /tmp/' . $unique_key_name);
$empty = null;
$s3_resource_root = App::isLocal() ? 'http://agent.nosprawl.software/dev/' : 'http://agent.nosprawl.software/';
$latest_version = exec("curl -s " . $s3_resource_root . "latest", $empty);
$latest_version_url = $s3_resource_root . $latest_version;
$ssh = new Net_SSH2($node->public_dns_name);
$ssh->enableQuietMode();
$ssh->enablePTY();
$key = new Crypt_RSA();
$key->loadKey(file_get_contents('/tmp/' . $unique_key_name));
exec('rm -rf /tmp/' . $unique_key_name);
if (!$ssh->login($pem_key_reference->username, $key)) {
$output->writeln("ssh fail.");
continue;
} else {
$output->writeln("we are in ssh just fine.");
// Let's look for any problems running sudo first.
$ssh->exec("sudo whoami");
$exit_status = $ssh->getExitStatus();
if (!$exit_status && $exit_status != 0) {
// User can't sudo without a password. We can't auto-install.
$problem = new Problem();
$problem->description = "Couldn't deploy agent";
$problem->reason = "User '" . $pem_key_reference->username . "' doesn't have passwordless sudo priviliges. Please either enable it or <a class='problem_cta_btn' href='#'>Manually deploy the NoSprawl Agent</a>";
$problem->node_id = $node->id;
$problem->long_message = true;
$problem->save();
$remediation = new Remediation();
$remediation->name = "Cancel";
$remediation->queue_name = "CancelDeployAgentToNode";
$remediation->problem_id = $problem->id;
$remediation->save();
$remediation = new Remediation();
$remediation->name = "Retry";
$remediation->queue_name = "DeployAgentToNode";
$remediation->problem_id = $problem->id;
$remediation->save();
return $job->delete();
}
$result = $ssh->read();
$output->writeln($result);
// Check for problems with curl
$ssh->exec("curl --help");
$curl_result = $ssh->read();
$curl_exit_status = $ssh->getExitStatus();
if ($curl_exit_status != 0) {
$problem = new Problem();
$problem->description = "Couldn't deploy agent";
$problem->reason = "cURL isn’t installed.";
$problem->node_id = $node->id;
$problem->save();
$remediation = new Remediation();
$remediation->name = "Install cURL";
$remediation->queue_name = "InstallCurlAndRetryDeployment";
$remediation->problem_id = $problem->id;
$remediation->save();
$remediation = new Remediation();
$remediation->name = "Cancel";
$remediation->queue_name = "CancelDeployAgentToNode";
$remediation->problem_id = $problem->id;
$remediation->save();
return $job->delete();
}
$ssh->exec("(curl " . $latest_version_url . " > nosprawl-installer.rb) && sudo ruby nosprawl-installer.rb && rm -rf nosprawl-installer.rb");
$installer_result = $ssh->read();
$installer_exit_status = $ssh->getExitStatus();
if ($installer_exit_status == 0) {
// Everything is good.
$node->limbo = false;
$node->save();
return $job->delete();
} else {
$problem = new Problem();
$problem->description = "Couldn't deploy agent";
$problem->reason = "Ruby isn't installed.";
$problem->node_id = $node->id;
$problem->save();
$remediation = new Remediation();
$remediation->name = "Install";
$remediation->queue_name = "InstallRubyAndRetryDeployment";
$remediation->problem_id = $problem->id;
$remediation->save();
$remediation = new Remediation();
$remediation->name = "Cancel";
$remediation->queue_name = "CancelDeployAgentToNode";
$remediation->problem_id = $problem->id;
$remediation->save();
return $job->delete();
}
return $job->delete();
}
} else {
$output->writeln("This is what we do if all we have is a password.");
continue;
}
}
if (!$eventually_logged_in) {
$problem = new Problem();
$problem->description = "Couldn't deploy agent";
$problem->reason = "None of the credentials provided were sufficient to connect to this node. Manage your credentials on the <a href='#'>integrations</a> page.<br />Or <a href='#'>deploy manually</a>.";
$problem->node_id = $node->id;
$problem->long_message = true;
$problem->save();
$remediation = new Remediation();
$remediation->name = "Cancel";
$remediation->queue_name = "CancelDeployAgentToNode";
$remediation->problem_id = $problem->id;
$remediation->save();
$remediation = new Remediation();
$remediation->name = "Retry";
$remediation->queue_name = "DeployAgentToNode";
$remediation->problem_id = $problem->id;
$remediation->save();
return $job->delete();
}
}
