diff --git a/bin/ssh_scan_worker b/bin/ssh_scan_worker deleted file mode 100755 index 2805582b..00000000 --- a/bin/ssh_scan_worker +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env ruby -$:.unshift File.join(File.dirname(__FILE__), "../lib") - -require 'ssh_scan' - -# Get the worker config from command-line or via an example location -config_file = ARGV[0] || - File.join( - File.dirname(__FILE__), - "../config/worker/config.yml" - ) - -worker = SSHScan::Worker.from_config_file(config_file) -worker.run! diff --git a/bin/ssh_scan_worker_example_config.yml b/bin/ssh_scan_worker_example_config.yml deleted file mode 100644 index 1fbaa7b4..00000000 --- a/bin/ssh_scan_worker_example_config.yml +++ /dev/null @@ -1,18 +0,0 @@ -# The location of the API server -server: 127.0.0.1 - -# The port of the API server -port: 8000 - -# Scheme (http/https) -# http - useful for development -# https - recommended for production -scheme: http - -# SSL/TLS verify - has no effect is scheme is not set to https -# false - don't verify SSL/TLS (useful for development) -# true - verify SSL/TLS (recommended for production) -verify: false - -# Where to send worker logs to (default: STDOUT) -#logger: ./bin/ssh_scan_worker.log diff --git a/config/worker/config.yml b/config/worker/config.yml deleted file mode 100644 index 766db011..00000000 --- a/config/worker/config.yml +++ /dev/null @@ -1,22 +0,0 @@ -# The location of the API server -server: 127.0.0.1 - -# The port of the API server -port: 8000 - -# Scheme (http/https) -# http - useful for development -# https - recommended for production -scheme: http - -# SSL/TLS verify - has no effect is scheme is not set to https -# false - don't verify SSL/TLS (useful for development) -# true - verify SSL/TLS (recommended for production) -verify: false - -# Where to send worker logs to (default: STDOUT) -#logger: ./bin/ssh_scan_worker.log - -# Authentication - if using authentication on the API, you'll -# need to have an auth token with matches in the API configuration -# auth_token: INSERT_WORKER_TOKEN diff --git a/lib/ssh_scan/worker.rb b/lib/ssh_scan/worker.rb deleted file mode 100644 index 097a0ae9..00000000 --- a/lib/ssh_scan/worker.rb +++ /dev/null @@ -1,119 +0,0 @@ -require 'ssh_scan/scan_engine' -require 'openssl' -require 'net/https' - -module SSHScan - class Worker - def initialize(opts = {}) - @server = opts["server"] || "127.0.0.1" - @scheme = opts["scheme"] || "http" - @verify = opts["verify"] || "false" - @port = opts["port"] || 8000 - @logger = setup_logger(opts["logger"]) - @poll_interval = 5 # seconds - @worker_id = SecureRandom.uuid - @verify_ssl = false - @auth_token = opts["auth_token"] || nil - end - - def setup_logger(logger) - case logger - when Logger - return logger - when String - return Logger.new(logger) - end - - return Logger.new(STDOUT) - end - - def self.from_config_file(file_string) - opts = YAML.load_file(file_string) - SSHScan::Worker.new(opts) - end - - def run! - loop do - begin - response = retrieve_work - if response["work"] - job = response["work"] - results = perform_work(job) - post_results(results, job) - else - @logger.info("No jobs available (waiting 5 seconds)") - sleep 5 - next - end - rescue Errno::ECONNREFUSED - @logger.error("Cannot reach API endpoint, waiting 5 seconds") - sleep 5 - rescue RuntimeError => e - @logger.error(e.inspect) - end - end - end - - def retrieve_work - (Net::HTTP::SSL_IVNAMES << :@ssl_options).uniq! - (Net::HTTP::SSL_ATTRIBUTES << :options).uniq! - - Net::HTTP.class_eval do - attr_accessor :ssl_options - end - - uri = URI( - "#{@scheme}://#{@server}:#{@port}/api/v#{SSHScan::API_VERSION}/\ -work?worker_id=#{@worker_id}" - ) - http = Net::HTTP.new(uri.host, uri.port) - - if @scheme == "https" - http.use_ssl = true - http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false - options_mask = - OpenSSL::SSL::OP_NO_SSLv2 + - OpenSSL::SSL::OP_NO_SSLv3 + - OpenSSL::SSL::OP_NO_COMPRESSION - http.ssl_options = options_mask - end - - request = Net::HTTP::Get.new(uri.path) - request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil? - response = http.request(request) - JSON.parse(response.body) - end - - def perform_work(job) - @logger.info("Started job: #{job["uuid"]}") - scan_engine = SSHScan::ScanEngine.new - results = scan_engine.scan(job) - @logger.info("Completed job: #{job["uuid"]}") - return results - end - - def post_results(results, job) - uri = URI( - "#{@scheme}://#{@server}:#{@port}/api/v#{SSHScan::API_VERSION}/\ -work/results/#{@worker_id}/#{job["uuid"]}" - ) - http = Net::HTTP.new(uri.host, uri.port) - - if @scheme == "https" - http.use_ssl = true - http.verify_mode = OpenSSL::SSL::VERIFY_NONE if @verify == false - options_mask = - OpenSSL::SSL::OP_NO_SSLv2 + - OpenSSL::SSL::OP_NO_SSLv3 + - OpenSSL::SSL::OP_NO_COMPRESSION - http.ssl_options = options_mask - end - - request = Net::HTTP::Post.new(uri.path) - request.add_field("SSH_SCAN_AUTH_TOKEN", @auth_token) unless @auth_token.nil? - request.body = results.to_json - http.request(request) - @logger.info("Posted job: #{job["uuid"]}") - end - end -end