[backend] Implement garbage collectors on Tanium / CS to purge payloads / runtimes (#3812)

Author: SamuelHassine

openbas-api/src/main/java/io/openbas/executors/crowdstrike/CrowdStrikeGarbageCollector.java

@@ -0,0 +1,32 @@
+package io.openbas.executors.crowdstrike;
+
+import io.openbas.executors.crowdstrike.client.CrowdStrikeExecutorClient;
+import io.openbas.executors.crowdstrike.config.CrowdStrikeExecutorConfig;
+import io.openbas.executors.crowdstrike.service.CrowdStrikeGarbageCollectorService;
+import io.openbas.service.AgentService;
+import jakarta.annotation.PostConstruct;
+import java.time.Duration;
+import lombok.RequiredArgsConstructor;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
+import org.springframework.stereotype.Service;
+
+@ConditionalOnProperty(prefix = "executor.crowdstrike", name = "enable")
+@RequiredArgsConstructor
+@Service
+public class CrowdStrikeGarbageCollector {
+
+  private final CrowdStrikeExecutorConfig config;
+  private final ThreadPoolTaskScheduler taskScheduler;
+  private final CrowdStrikeExecutorClient client;
+  private final AgentService agentService;
+
+  @PostConstruct
+  public void init() {
+    if (this.config.isEnable()) {
+      CrowdStrikeGarbageCollectorService service =
+          new CrowdStrikeGarbageCollectorService(this.config, this.client, this.agentService);
+      this.taskScheduler.scheduleAtFixedRate(service, Duration.ofHours(6));
+    }
+  }
+}

openbas-api/src/main/java/io/openbas/executors/crowdstrike/service/CrowdStrikeGarbageCollectorService.java

@@ -0,0 +1,66 @@
+package io.openbas.executors.crowdstrike.service;
+
+import io.openbas.database.model.Endpoint;
+import io.openbas.executors.crowdstrike.client.CrowdStrikeExecutorClient;
+import io.openbas.executors.crowdstrike.config.CrowdStrikeExecutorConfig;
+import io.openbas.service.AgentService;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.List;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+@Slf4j
+@Service
+public class CrowdStrikeGarbageCollectorService implements Runnable {
+  // Clean payloads older than 24 hours
+  private static final String WINDOWS_COMMAND_LINE =
+      "Get-ChildItem -Path \"C:\\Program Files (x86)\\Filigran\\OBAS Agent\\payloads\",\"C:\\Program Files (x86)\\Filigran\\OBAS Agent\\runtimes\" -Directory -Recurse | Where-Object {$_.CreationTime -lt (Get-Date).AddHours(-24)} | Remove-Item -Recurse -Force";
+  private static final String UNIX_COMMAND_LINE =
+      "find /opt/openbas-agent/payloads /opt/openbas-agent/runtimes -type d -mmin +1440 -exec rm -rf {} + 2>/dev/null";
+  private final CrowdStrikeExecutorConfig config;
+  private final CrowdStrikeExecutorClient client;
+  private final AgentService agentService;
+
+  @Autowired
+  public CrowdStrikeGarbageCollectorService(
+      CrowdStrikeExecutorConfig config,
+      CrowdStrikeExecutorClient client,
+      AgentService agentService) {
+    this.config = config;
+    this.client = client;
+    this.agentService = agentService;
+  }
+
+  @Override
+  public void run() {
+    log.info("Running CrowdStrike executor garbage collector...");
+    List<io.openbas.database.model.Agent> agents =
+        this.agentService.getAgentsByExecutorType(
+            CrowdStrikeExecutorService.CROWDSTRIKE_EXECUTOR_TYPE);
+    log.info("Running CrowdStrike executor garbage collector on " + agents.size() + " agents");
+    agents.forEach(
+        agent -> {
+          Endpoint endpoint = (Endpoint) agent.getAsset();
+          switch (endpoint.getPlatform()) {
+            case Windows -> {
+              log.info("Sending Windows command line to " + endpoint.getName());
+              this.client.executeAction(
+                  List.of(agent.getExternalReference()),
+                  this.config.getWindowsScriptName(),
+                  Base64.getEncoder()
+                      .encodeToString(WINDOWS_COMMAND_LINE.getBytes(StandardCharsets.UTF_16LE)));
+            }
+            case Linux, MacOS -> {
+              log.info("Sending Unix command line to " + endpoint.getName());
+              this.client.executeAction(
+                  List.of(agent.getExternalReference()),
+                  this.config.getUnixScriptName(),
+                  Base64.getEncoder()
+                      .encodeToString(UNIX_COMMAND_LINE.getBytes(StandardCharsets.UTF_8)));
+            }
+          }
+        });
+  }
+}

openbas-api/src/main/java/io/openbas/executors/tanium/TaniumGarbageCollector.java

@@ -0,0 +1,32 @@
+package io.openbas.executors.tanium;
+
+import io.openbas.executors.tanium.client.TaniumExecutorClient;
+import io.openbas.executors.tanium.config.TaniumExecutorConfig;
+import io.openbas.executors.tanium.service.TaniumGarbageCollectorService;
+import io.openbas.service.AgentService;
+import jakarta.annotation.PostConstruct;
+import java.time.Duration;
+import lombok.RequiredArgsConstructor;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
+import org.springframework.stereotype.Service;
+
+@ConditionalOnProperty(prefix = "executor.tanium", name = "enable")
+@RequiredArgsConstructor
+@Service
+public class TaniumGarbageCollector {
+
+  private final TaniumExecutorConfig config;
+  private final ThreadPoolTaskScheduler taskScheduler;
+  private final TaniumExecutorClient client;
+  private final AgentService agentService;
+
+  @PostConstruct
+  public void init() {
+    if (this.config.isEnable()) {
+      TaniumGarbageCollectorService service =
+          new TaniumGarbageCollectorService(this.config, this.client, this.agentService);
+      this.taskScheduler.scheduleAtFixedRate(service, Duration.ofHours(6));
+    }
+  }
+}

openbas-api/src/main/java/io/openbas/executors/tanium/service/TaniumGarbageCollectorService.java

@@ -0,0 +1,60 @@
+package io.openbas.executors.tanium.service;
+
+import io.openbas.database.model.Endpoint;
+import io.openbas.executors.tanium.client.TaniumExecutorClient;
+import io.openbas.executors.tanium.config.TaniumExecutorConfig;
+import io.openbas.service.AgentService;
+import java.util.Base64;
+import java.util.List;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+@Slf4j
+@Service
+public class TaniumGarbageCollectorService implements Runnable {
+  // Clean payloads older than 24 hours
+  private static final String WINDOWS_COMMAND_LINE =
+      "Get-ChildItem -Path \"C:\\Program Files (x86)\\Filigran\\OBAS Agent\\payloads\",\"C:\\Program Files (x86)\\Filigran\\OBAS Agent\\runtimes\" -Directory -Recurse | Where-Object {$_.CreationTime -lt (Get-Date).AddHours(-24)} | Remove-Item -Recurse -Force";
+  private static final String UNIX_COMMAND_LINE =
+      "find /opt/openbas-agent/payloads /opt/openbas-agent/runtimes -type d -mmin +1440 -exec rm -rf {} + 2>/dev/null";
+  private final TaniumExecutorConfig config;
+  private final TaniumExecutorClient client;
+  private final AgentService agentService;
+
+  @Autowired
+  public TaniumGarbageCollectorService(
+      TaniumExecutorConfig config, TaniumExecutorClient client, AgentService agentService) {
+    this.config = config;
+    this.client = client;
+    this.agentService = agentService;
+  }
+
+  @Override
+  public void run() {
+    log.info("Running Tanium executor garbage collector...");
+    List<io.openbas.database.model.Agent> agents =
+        this.agentService.getAgentsByExecutorType(TaniumExecutorService.TANIUM_EXECUTOR_TYPE);
+    log.info("Running Tanium executor garbage collector on " + agents.size() + " agents");
+    agents.forEach(
+        agent -> {
+          Endpoint endpoint = (Endpoint) agent.getAsset();
+          switch (endpoint.getPlatform()) {
+            case Windows -> {
+              log.info("Sending Windows command line to " + endpoint.getName());
+              this.client.executeAction(
+                  agent.getExternalReference(),
+                  this.config.getWindowsPackageId(),
+                  Base64.getEncoder().encodeToString(WINDOWS_COMMAND_LINE.getBytes()));
+            }
+            case Linux, MacOS -> {
+              log.info("Sending Unix command line to " + endpoint.getName());
+              this.client.executeAction(
+                  agent.getExternalReference(),
+                  this.config.getUnixPackageId(),
+                  Base64.getEncoder().encodeToString(UNIX_COMMAND_LINE.getBytes()));
+            }
+          }
+        });
+  }
+}

openbas-api/src/main/java/io/openbas/injectors/caldera/CalderaGarbageCollector.java

@@ -11,7 +11,7 @@
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
 import org.springframework.stereotype.Service;
 
-@ConditionalOnProperty(prefix = "executor.caldera", name = "enable")
+@ConditionalOnProperty(prefix = "injector.caldera", name = "enable")
 @RequiredArgsConstructor
 @Service
 public class CalderaGarbageCollector {