From 58ab684d6b7c32a6a2af6304cc33f98603311185 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 12 May 2023 00:42:17 +0000 Subject: [PATCH 1/6] Mcafee Endpoint : Changing timeformat to be generic --- .../Antimalware/plugin/collectmcafeeinfo.rb | 65 +++++++++++++------ 1 file changed, 44 insertions(+), 21 deletions(-) diff --git a/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb b/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb index 839f1c5f5..e62d3ea0f 100644 --- a/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb +++ b/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb @@ -11,13 +11,16 @@ class McAfee attr_accessor :detectedPath , :mcafeeName , :mcafeeVersion def self.findMcAfeePath() + puts "findMcAfeePath" paths = ['/opt/McAfee/ens/tp/bin/mfetpcli','/opt/isec/ens/threatprevention/bin/isecav'] for path in paths if File.file?(path) - @detectedPath = path + @detectedPath = path detectioncmd = `#{path} --version 2>&1`.lines.map(&:chomp) + puts "findMcAfeePath detectioncmd : #{detectioncmd} " @mcafeeName = detectioncmd[0] @mcafeeVersion = detectioncmd[1].split(" : ")[1] + puts "findMcAfeePath detectedPath : #{@detectedPath} , mcafeeName : #{@mcafeeName} , mcafeeVersion : #{@mcafeeVersion} " break end end @@ -25,22 +28,30 @@ def self.findMcAfeePath() def self.detect() begin + puts "detect : Starting" findMcAfeePath() if !File.file?(@detectedPath) - return false + puts "detect : File not found : Returing False" + return false end - if ( @mcafeeName == nil || @mcafeeName != "McAfee Endpoint Security for Linux Threat Prevention") - return false + if ( @mcafeeName == nil || @mcafeeName != "Trellix Endpoint Security for Linux Threat Prevention") + puts "detect : mcafee nil or nor ESLTP : Returing False" + return false elsif ( @mcafeeVersion == nil || @mcafeeVersion.split(".")[0].to_i < 10) - return false + puts "detect : mcafee less than 10 : Returing False" + return false end - return true - rescue => e + puts "detect : mcafee nil or nor ESLTP : Returing True" + return true + + rescue => e + puts "detect : Exception #{e} : Returing False" return false end end def self.getprotectionstatus() + puts "getprotectionstatus : Starting" ret = {} mcafeeName = @mcafeeName @@ -247,10 +258,13 @@ def self.getprotectionstatus() ret["Tool"] = mcafeeName ret["AMProductVersion"] = (mcafeeVersion.nil? || mcafeeVersion.empty? || mcafeeVersion == "NA")? "McAfee version not found" : mcafeeVersion return ret + puts "getprotectionstatus : Ending" + end def self.parseMcAfeeDateTime(datearray , mcafeeVersion) begin + puts "parseMcAfeeDateTime : Starting" mcafeeVersionSplit = mcafeeVersion.to_s.split(".") if (mcafeeVersionSplit[1].to_i > 6) || (mcafeeVersionSplit[1].to_i == 6 && mcafeeVersionSplit[2].to_i >=6 ) return parseMcAfeeDateTimeForSixPointSixVersionAndNewer(datearray) @@ -264,16 +278,19 @@ def self.parseMcAfeeDateTime(datearray , mcafeeVersion) end def self.parseMcAfeeDateTimeSixPointFiveVersionAndOlder(datearray) + puts "parseMcAfeeDateTimeSixPointFiveVersionAndOlder : Starting" $l = datearray.length scandate = 'NA' scanstatus = 'NA' if $l >= 4 if(!datearray[$l-3].include? "AM") && (!datearray[$l-3].include? "PM") - scandate = datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] - scandate = Time.strptime(scandate, '%d/%m/%y %H:%M:%S %Z') + scandatestring = datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] + scandateparsed = Time.parse(scandatestring) + scandate = scandateparsed.utc.strftime('%m/%d/%Y %H:%M:%S') elsif $l >= 8 - scandate = datearray[$l-7] + " " + datearray[$l-6] + " " + datearray[$l-5] + " " + datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] - scandate = Time.strptime(scandate, '%d %b %Y %I:%M:%S %p %Z') + scandatestring = datearray[$l-7] + " " + datearray[$l-6] + " " + datearray[$l-5] + " " + datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] + scandateparsed = Time.parse(scandatestring) + scandate = scandateparsed.utc.strftime('%m/%d/%Y %H:%M:%S') end if $l >= 5 && (!datearray[4].include? "Not") scanstatus = datearray[4] @@ -282,17 +299,23 @@ def self.parseMcAfeeDateTimeSixPointFiveVersionAndOlder(datearray) scanstatus = datearray[9] end end - return scandate, scanstatus + return Time.Parse(scandate), scanstatus end - def self.parseMcAfeeDateTimeForSixPointSixVersionAndNewer(datearray) - $l = datearray.length - scandate = 'NA' - scanstatus = 'NA' - scandate = datearray[$l-6] + " " + datearray[$l-5] + " " + datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] + " " + datearray[$l-1] - scandate = Time.strptime(scandate, '%a %b %d %H:%M:%S %Y') - scandate.utc.strftime("%d/%m/%y %H:%M:%S %Z") - scanstatus = datearray[9] - return scandate, scanstatus + def self.parseMcAfeeDateTimeForSixPointSixVersionAndNewer(datearray) + begin + puts "parseMcAfeeDateTimeForSixPointSixVersionAndNewer : Starting" + puts datearray + $l = datearray.length + scandate = 'NA' + scanstatus = 'NA' + scandatestring = datearray[$l-6] + " " + datearray[$l-5] + " " + datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] + " " + datearray[$l-1] + puts "scandatestring : #{scandatestring}" + scandateparsed = Time.parse(scandatestring) + scandateparsed.utc.strftime('%m/%d/%Y %H:%M:%S') + scanstatus = datearray[9] + puts "scandate : #{scandate.class} , scanstatus : #{scanstatus} " + return scandateparsed, scanstatus + end end end \ No newline at end of file From b4be9f83231a89578576ec19ad9c5fa037e34d5d Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 18 May 2023 22:16:49 +0000 Subject: [PATCH 2/6] Mcafee DateTime Format and Version Update --- Makefile | 2 +- .../Antimalware/plugin/collectmcafeeinfo.rb | 62 +++++++------------ installbuilder/datafiles/Base_DSC.data | 6 +- 3 files changed, 25 insertions(+), 45 deletions(-) diff --git a/Makefile b/Makefile index ea9bcb0a9..22aabfed7 100755 --- a/Makefile +++ b/Makefile @@ -541,7 +541,7 @@ nxOMSGenerateInventoryMof: nxOMSPlugin: rm -rf output/staging; \ - VERSION="3.70"; \ + VERSION="3.71"; \ PROVIDERS="nxOMSPlugin"; \ STAGINGDIR="output/staging/$@/DSCResources"; \ cat Providers/Modules/$@.psd1 | sed "s@@$${VERSION}@" > intermediate/Modules/$@.psd1; \ diff --git a/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb b/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb index e62d3ea0f..23f517f07 100644 --- a/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb +++ b/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb @@ -11,16 +11,13 @@ class McAfee attr_accessor :detectedPath , :mcafeeName , :mcafeeVersion def self.findMcAfeePath() - puts "findMcAfeePath" paths = ['/opt/McAfee/ens/tp/bin/mfetpcli','/opt/isec/ens/threatprevention/bin/isecav'] for path in paths if File.file?(path) @detectedPath = path detectioncmd = `#{path} --version 2>&1`.lines.map(&:chomp) - puts "findMcAfeePath detectioncmd : #{detectioncmd} " @mcafeeName = detectioncmd[0] @mcafeeVersion = detectioncmd[1].split(" : ")[1] - puts "findMcAfeePath detectedPath : #{@detectedPath} , mcafeeName : #{@mcafeeName} , mcafeeVersion : #{@mcafeeVersion} " break end end @@ -28,30 +25,22 @@ def self.findMcAfeePath() def self.detect() begin - puts "detect : Starting" - findMcAfeePath() + findMcAfeePath() if !File.file?(@detectedPath) - puts "detect : File not found : Returing False" return false end - if ( @mcafeeName == nil || @mcafeeName != "Trellix Endpoint Security for Linux Threat Prevention") - puts "detect : mcafee nil or nor ESLTP : Returing False" - return false - elsif ( @mcafeeVersion == nil || @mcafeeVersion.split(".")[0].to_i < 10) - puts "detect : mcafee less than 10 : Returing False" + if (@mcafeeName == nil) return false + elsif (@mcafeeVersion == nil || @mcafeeVersion.split(".")[0].to_i < 10) + return false end - puts "detect : mcafee nil or nor ESLTP : Returing True" - return true - + return true rescue => e - puts "detect : Exception #{e} : Returing False" - return false + return false end end - def self.getprotectionstatus() - puts "getprotectionstatus : Starting" + def self.getprotectionstatus() ret = {} mcafeeName = @mcafeeName @@ -104,7 +93,7 @@ def self.getprotectionstatus() else quickscanarray = taskcmd[$i].split(" ") quickscanStatus = 'NA' - quickscan, quickscanStatus = parseMcAfeeDateTime(quickscanarray , @mcafeeVersion) + quickscan, quickscanStatus = parseMcAfeeDateTime(taskcmd[$i], quickscanarray , @mcafeeVersion) if quickscan == "NA" protectionStatusDetailsArray.push("Fail to parse quickscan date: " + taskcmd[$i]) end @@ -119,7 +108,7 @@ def self.getprotectionstatus() else fullscanarray = taskcmd[$i].split(" ") fullscanStatus = 'NA' - fullscan, fullscanStatus = parseMcAfeeDateTime(fullscanarray, @mcafeeVersion) + fullscan, fullscanStatus = parseMcAfeeDateTime(taskcmd[$i], fullscanarray, @mcafeeVersion) if fullscan == "NA" protectionStatusDetailsArray.push("Fail to parse fullscan date: " + taskcmd[$i]) end @@ -133,7 +122,7 @@ def self.getprotectionstatus() else datengupdatearray = taskcmd[$i].split(" ") datengupdateStatus = 'NA' - datengupdate, datengupdateStatus = parseMcAfeeDateTime(datengupdatearray, @mcafeeVersion) + datengupdate, datengupdateStatus = parseMcAfeeDateTime(taskcmd[$i], datengupdatearray, @mcafeeVersion) if datengupdate == "NA" protectionStatusDetailsArray.push("Fail to parse DAT Engine update date: " + taskcmd[$i]) end @@ -258,16 +247,13 @@ def self.getprotectionstatus() ret["Tool"] = mcafeeName ret["AMProductVersion"] = (mcafeeVersion.nil? || mcafeeVersion.empty? || mcafeeVersion == "NA")? "McAfee version not found" : mcafeeVersion return ret - puts "getprotectionstatus : Ending" - end - def self.parseMcAfeeDateTime(datearray , mcafeeVersion) + def self.parseMcAfeeDateTime(taskcmd, datearray , mcafeeVersion) begin - puts "parseMcAfeeDateTime : Starting" mcafeeVersionSplit = mcafeeVersion.to_s.split(".") if (mcafeeVersionSplit[1].to_i > 6) || (mcafeeVersionSplit[1].to_i == 6 && mcafeeVersionSplit[2].to_i >=6 ) - return parseMcAfeeDateTimeForSixPointSixVersionAndNewer(datearray) + return parseMcAfeeDateTimeForSixPointSixVersionAndNewer(taskcmd, datearray) else return parseMcAfeeDateTimeSixPointFiveVersionAndOlder(datearray) end @@ -278,19 +264,16 @@ def self.parseMcAfeeDateTime(datearray , mcafeeVersion) end def self.parseMcAfeeDateTimeSixPointFiveVersionAndOlder(datearray) - puts "parseMcAfeeDateTimeSixPointFiveVersionAndOlder : Starting" $l = datearray.length scandate = 'NA' scanstatus = 'NA' if $l >= 4 if(!datearray[$l-3].include? "AM") && (!datearray[$l-3].include? "PM") - scandatestring = datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] - scandateparsed = Time.parse(scandatestring) - scandate = scandateparsed.utc.strftime('%m/%d/%Y %H:%M:%S') + scandate = datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] + scandate = Time.strptime(scandate, '%d/%m/%y %H:%M:%S %Z') elsif $l >= 8 - scandatestring = datearray[$l-7] + " " + datearray[$l-6] + " " + datearray[$l-5] + " " + datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] - scandateparsed = Time.parse(scandatestring) - scandate = scandateparsed.utc.strftime('%m/%d/%Y %H:%M:%S') + scandate = datearray[$l-7] + " " + datearray[$l-6] + " " + datearray[$l-5] + " " + datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] + scandate = Time.strptime(scandate, '%d %b %Y %I:%M:%S %p %Z') end if $l >= 5 && (!datearray[4].include? "Not") scanstatus = datearray[4] @@ -299,23 +282,20 @@ def self.parseMcAfeeDateTimeSixPointFiveVersionAndOlder(datearray) scanstatus = datearray[9] end end - return Time.Parse(scandate), scanstatus + return scandate, scanstatus end - def self.parseMcAfeeDateTimeForSixPointSixVersionAndNewer(datearray) + def self.parseMcAfeeDateTimeForSixPointSixVersionAndNewer(taskcmd, datearray) begin - puts "parseMcAfeeDateTimeForSixPointSixVersionAndNewer : Starting" - puts datearray $l = datearray.length scandate = 'NA' scanstatus = 'NA' + regularexpressionforscanstatus = /\b(Not Started|Running|Completed|Aborted)\b/ scandatestring = datearray[$l-6] + " " + datearray[$l-5] + " " + datearray[$l-4] + " " + datearray[$l-3] + " " + datearray[$l-2] + " " + datearray[$l-1] - puts "scandatestring : #{scandatestring}" scandateparsed = Time.parse(scandatestring) scandateparsed.utc.strftime('%m/%d/%Y %H:%M:%S') - scanstatus = datearray[9] - puts "scandate : #{scandate.class} , scanstatus : #{scanstatus} " - return scandateparsed, scanstatus + scanstatus = (regularexpressionforscanstatus.match(taskcmd)) + return scandateparsed, scanstatus.to_s end end end \ No newline at end of file diff --git a/installbuilder/datafiles/Base_DSC.data b/installbuilder/datafiles/Base_DSC.data index 267996723..2f38b1688 100755 --- a/installbuilder/datafiles/Base_DSC.data +++ b/installbuilder/datafiles/Base_DSC.data @@ -102,7 +102,7 @@ SHLIB_EXT: 'so' /opt/microsoft/omsconfig/module_packages/nxOMSContainers_1.0.zip; release/nxOMSContainers_1.0.zip; 755; ${{RUN_AS_USER}}; root /opt/microsoft/omsconfig/module_packages/nxOMSCustomLog_1.0.zip; release/nxOMSCustomLog_1.0.zip; 755; ${{RUN_AS_USER}}; root /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip; release/nxOMSGenerateInventoryMof_1.5.zip; 755; ${{RUN_AS_USER}}; root -/opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.70.zip; release/nxOMSPlugin_3.70.zip; 755; ${{RUN_AS_USER}}; root +/opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.71.zip; release/nxOMSPlugin_3.71.zip; 755; ${{RUN_AS_USER}}; root /opt/microsoft/omsconfig/module_packages/nxOMSWLI_1.46.zip; release/nxOMSWLI_1.46.zip; 755; ${{RUN_AS_USER}}; root #endif @@ -418,7 +418,7 @@ if [ "$pythonVersion" = "python3" ]; then su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSContainers_1.0.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSCustomLog_1.0.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip 0" - su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.70.zip 0" + su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.71.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/python3/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSWLI_1.46.zip 0" else echo "Running python2 python version is ", $pythonVersion @@ -428,7 +428,7 @@ else su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSContainers_1.0.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSCustomLog_1.0.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSGenerateInventoryMof_1.5.zip 0" - su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.70.zip 0" + su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSPlugin_3.71.zip 0" su - omsagent -c "/opt/microsoft/omsconfig/Scripts/InstallModule.py /opt/microsoft/omsconfig/module_packages/nxOMSWLI_1.46.zip 0" #endif From d35c14f48b9e38c445b51fcd5fe1ba3a814be41a Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Fri, 19 May 2023 17:26:07 +0000 Subject: [PATCH 3/6] Added comment for mcafee function to trigger new build --- .../Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb b/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb index 23f517f07..81b217c4b 100644 --- a/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb +++ b/Providers/Modules/Plugins/Antimalware/plugin/collectmcafeeinfo.rb @@ -285,6 +285,7 @@ def self.parseMcAfeeDateTimeSixPointFiveVersionAndOlder(datearray) return scandate, scanstatus end + # function to handle version 10.6.6 and above for mcafee def self.parseMcAfeeDateTimeForSixPointSixVersionAndNewer(taskcmd, datearray) begin $l = datearray.length From 5d3b3a1653a9c0ac170080c22b488e093ef62338 Mon Sep 17 00:00:00 2001 From: Ayush Limaye Date: Fri, 19 May 2023 22:19:34 +0000 Subject: [PATCH 4/6] EMpty git commit message From 7122eca6a761b7bae1ed363b3d199936e6e28de3 Mon Sep 17 00:00:00 2001 From: Ayush Limaye Date: Fri, 19 May 2023 22:22:17 +0000 Subject: [PATCH 5/6] Empty commit From 2b64121d847a73792fba99b6464e344545423de7 Mon Sep 17 00:00:00 2001 From: Ayush Limaye Date: Mon, 22 May 2023 19:57:00 +0000 Subject: [PATCH 6/6] Trigger Build