void genSSHkeyForHosts(const std::string& uid, const std::string& directory, QueryData& results) { // Get list of files in directory boost::filesystem::path keys_dir = directory; keys_dir /= kSSHUserKeysDir; std::vector<std::string> files_list; auto status = listFilesInDirectory(keys_dir, files_list, false); if (!status.ok()) { return; } // Go through each file for (const auto& kfile : files_list) { std::string keys_content; if (!forensicReadFile(kfile, keys_content).ok()) { // Cannot read a specific keys file. continue; } if (keys_content.find("PRIVATE KEY") != std::string::npos) { // File is private key, create record for it Row r; r["uid"] = uid; r["path"] = kfile; r["encrypted"] = INTEGER(0); // Check to see if the file is encrypted if (keys_content.find("ENCRYPTED") != std::string::npos) { r["encrypted"] = INTEGER(1); } results.push_back(r); } } }
void genSSHkeysForUser(const std::string& uid, const std::string& gid, const std::string& directory, QueryData& results) { auto dropper = DropPrivileges::get(); if (!dropper->dropTo(uid, gid)) { VLOG(1) << "Cannot drop privileges to UID " << uid; return; } for (const auto& kfile : kSSHAuthorizedkeys) { boost::filesystem::path keys_file = directory; keys_file /= kfile; std::string keys_content; if (!forensicReadFile(keys_file, keys_content).ok()) { // Cannot read a specific keys file. continue; } // Protocol 1 public key consist of: options, bits, exponent, modulus, // comment; Protocol 2 public key consist of: options, keytype, // base64-encoded key, comment. for (const auto& line : split(keys_content, "\n")) { if (!line.empty() && line[0] != '#') { Row r = {{"uid", uid}, {"key", line}, {"key_file", keys_file.string()}}; results.push_back(r); } } } }
void genExtension(const std::string& uid, const std::string& path, QueryData& results) { std::string json_data; if (!forensicReadFile(path + kManifestFile, json_data).ok()) { VLOG(1) << "Could not read file: " << path + kManifestFile; return; } // Read the extensions data into a JSON blob, then property tree. pt::ptree tree; try { std::stringstream json_stream; json_stream << json_data; pt::read_json(json_stream, tree); } catch (const pt::json_parser::json_parser_error& e) { VLOG(1) << "Could not parse JSON from: " << path + kManifestFile; return; } Row r; r["uid"] = uid; // Most of the keys are in the top-level JSON dictionary. for (const auto& it : kExtensionKeys) { r[it.second] = tree.get<std::string>(it.first, ""); // Convert JSON bool-types to an integer. if (r[it.second] == "true") { r[it.second] = INTEGER(1); } else if (r[it.second] == "false") { r[it.second] = INTEGER(0); } } // Set the default persistence setting to false if (r.at("persistent") == "") { r["persistent"] = INTEGER(0); } r["identifier"] = fs::path(path).parent_path().parent_path().leaf().string(); r["path"] = path; results.push_back(r); }
void genSSHkeyForHosts(const std::string& uid, const std::string& gid, const std::string& directory, QueryData& results) { auto dropper = DropPrivileges::get(); if (!dropper->dropTo(uid, gid)) { VLOG(1) << "Cannot drop privileges to UID " << uid; return; } // Get list of files in directory boost::filesystem::path keys_dir = directory; keys_dir /= kSSHUserKeysDir; std::vector<std::string> files_list; auto status = listFilesInDirectory(keys_dir, files_list, false); if (!status.ok()) { return; } // Go through each file for (const auto& kfile : files_list) { std::string keys_content; if (!forensicReadFile(kfile, keys_content).ok()) { // Cannot read a specific keys file. continue; } if (keys_content.find("PRIVATE KEY") != std::string::npos) { // File is private key, create record for it Row r; r["uid"] = uid; r["path"] = kfile; r["encrypted"] = (keys_content.find("ENCRYPTED") != std::string::npos) ? "1" : "0"; results.push_back(r); } } }
void genSSHkeysForHosts(const std::string& uid, const std::string& directory, QueryData& results) { for (const auto& kfile : kSSHKnownHostskeys) { boost::filesystem::path keys_file = directory; keys_file /= kfile; std::string keys_content; if (!forensicReadFile(keys_file, keys_content).ok()) { // Cannot read a specific keys file. continue; } for (const auto& line : split(keys_content, "\n")) { if (!line.empty() && line[0] != '#') { Row r; r["uid"] = uid; r["key"] = line; r["key_file"] = keys_file.string(); results.push_back(r); } } } }