4 | 5 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/semantic/hunt-id.html: -------------------------------------------------------------------------------- 1 |
2 |
4 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/core/wizard-form-page.html:
--------------------------------------------------------------------------------
1 |
2 |
4 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/semantic-proto-form.scss:
--------------------------------------------------------------------------------
1 |
2 | grr-form-proto {
3 | input.ng-pristine,
4 | select.ng-pristine {
5 | background-color: $color-pristine;
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/keys/test/driver_sign_pub.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PUBLIC KEY-----
2 | MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALnfFW1FffeKPs5PLUhFOSkNrr9TDCOD
3 | QAI3WluLh0sW7/ro93eoIZ0FbipnTpzGkPpriONbSOXmxWNTo0b9ma8CAwEAAQ==
4 | -----END PUBLIC KEY-----
5 |
--------------------------------------------------------------------------------
/keys/test/exe_sign_pub.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN PUBLIC KEY-----
2 | MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMQpeVjrxmf6nPmsjHjULWhLmquSgTDK
3 | GpJgTFkTIAgX0Ih5lxoFB5TUjUfJFbBkSmKQPRA/IyuLBtCLQgwkTNkCAwEAAQ==
4 | -----END PUBLIC KEY-----
5 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/sidebar/client-warnings.html:
--------------------------------------------------------------------------------
1 |
2 |
4 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-icons_222222_256x240.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Neo23x0/grr/master/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-icons_222222_256x240.png
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-icons_2e83ff_256x240.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Neo23x0/grr/master/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-icons_2e83ff_256x240.png
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-icons_454545_256x240.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Neo23x0/grr/master/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-icons_454545_256x240.png
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-icons_888888_256x240.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Neo23x0/grr/master/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-icons_888888_256x240.png
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-icons_cd0a0a_256x240.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Neo23x0/grr/master/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-icons_cd0a0a_256x240.png
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/parser_test/com.apple.LaunchServices.QuarantineEvents:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Neo23x0/grr/master/grr/test/grr_response_test/test_data/parser_test/com.apple.LaunchServices.QuarantineEvents
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/acl/approval-info.scss:
--------------------------------------------------------------------------------
1 | grr-approval-info {
2 | margin: 10px 30px 25px 20px;
3 | display: block;
4 |
5 | span.status-message {
6 | padding-left: 1em;
7 | }
8 | }
9 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/glob-expression-form.html:
--------------------------------------------------------------------------------
1 |
4 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Neo23x0/grr/master/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/deps.js:
--------------------------------------------------------------------------------
1 | // This file has been auto-generated by MakeJsDeps, please do not edit.
2 |
3 | goog.addDependency('../../../static/angular-components/local/local.js', ['grrUi.local.local'], []);
4 |
--------------------------------------------------------------------------------
/vagrant/Makefile:
--------------------------------------------------------------------------------
1 | # Makefile for building GRR linux clients in vagrant VMs
2 |
3 | all:
4 | screen -c build_screenrc
5 |
6 | templates:
7 | screen -c build_screenrc
8 |
9 | vmclean:
10 | screen -c reprovision_screenrc
11 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/rekall/log.html:
--------------------------------------------------------------------------------
1 | [{$ ::value['level'] $}
2 | (
2 |
4 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Neo23x0/grr/master/grr/server/grr_response_server/gui/static/css/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/core/troggle.html:
--------------------------------------------------------------------------------
1 |
2 | ✓
3 | ✕
4 | _
5 |
6 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/ext-flags-condition-form.scss:
--------------------------------------------------------------------------------
1 | grr-ext-flags-condition-form {
2 | .glyphicon {
3 | padding: 0 !important;
4 | top: 2px !important;
5 | font-size: 1em !important;
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/terraform/demo/google/client_install.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | set -e
3 | while [[ ! -f grr_client.deb ]]
4 | do
5 | wget -O grr_client.deb "${linux_installer_download_url}" || rm -f grr_client.deb
6 | sleep 10
7 | done
8 | apt install -y ./grr_client.deb
9 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/acl/request-approval-dialog.scss:
--------------------------------------------------------------------------------
1 | grr-request-approval-dialog {
2 | div.controls > input[type=checkbox] {
3 | display: inline-block;
4 | margin-top: .75em;
5 | margin-bottom: .75em;
6 | }
7 | }
8 |
--------------------------------------------------------------------------------
/grr/core/grr_response_core/lib/local/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """This directory contains local site-specific implementations."""
3 |
4 | # Local site-specific implementations that have to be imported to be registered
5 | # should be imported in plugins.py.
6 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/file-stats-view.html:
--------------------------------------------------------------------------------
1 |
2 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/file-table.scss:
--------------------------------------------------------------------------------
1 | grr-file-table .fa-download {
2 | color: $color-dim-grey;
3 | opacity: .9;
4 | }
5 |
6 | grr-file-table .navbar button.dropdown-toggle {
7 | height: 32px;
8 | }
9 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/pseudo/fetch-more-link.html:
--------------------------------------------------------------------------------
1 |
2 | More items available...
3 |
4 |
2 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/rekall/rekall.scss:
--------------------------------------------------------------------------------
1 | grr-rekall-json {
2 | .proto_header,
3 | .proto_key,
4 | .proto_value {
5 | word-wrap: break-word;
6 | word-break: break-all;
7 | min-width: 10ex;
8 | }
9 | }
10 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/user/user-label.html:
--------------------------------------------------------------------------------
1 | 2 | User: {$ controller.username $} 3 |
4 |5 | User: {$ controller.error $} 6 |
7 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/local/local.js: -------------------------------------------------------------------------------- 1 | goog.module('grrUi.local.local'); 2 | goog.module.declareLegacyNamespace(); 3 | 4 | /** 5 | * Angular module for user-specific logic. 6 | */ 7 | exports.localModule = angular.module('grrUi.local', []); 8 | -------------------------------------------------------------------------------- /grr/core/grr_response_core/config/local/__init__.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | """This contains all local, site-specific configuration options.""" 3 | from __future__ import unicode_literals 4 | 5 | # pylint: disable=unused-import 6 | from grr_response_core.config.local import contexts 7 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/core/global-notifications.scss: -------------------------------------------------------------------------------- 1 | grr-global-notifications div#global-notification { 2 | position: fixed; 3 | left: 0; 4 | right: 0; 5 | z-index: 10000; 6 | 7 | .alert { 8 | margin-bottom: 0; 9 | } 10 | } 11 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/acl/hunt-from-flow-copy-review.scss: -------------------------------------------------------------------------------- 1 | @import 'grr/server/grr_response_server/gui/static/angular-components/acl/hunt-from-hunt-copy-review'; 2 | 3 | grr-hunt-from-flow-copy-review { 4 | @extend %grr-hunt-from-hunt-copy-review; 5 | } 6 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/forms/semantic-enum-form.html: -------------------------------------------------------------------------------- 1 | 5 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/semantic/bytes.html: -------------------------------------------------------------------------------- 1 | 2 | Show bytes... 3 | 4 |
4 | Loading...
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/approvers.yaml:
--------------------------------------------------------------------------------
1 | label: "legal_approval"
2 | users:
3 | - "legal1"
4 | - "legal2"
5 | ---
6 | label: "prod_admin_approval"
7 | requester_must_be_authorized: True
8 | num_approvers_required: 2
9 | users:
10 | - "prod1"
11 | - "prod2"
12 | - "prod3"
13 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/cron/new-cron-job-wizard/configure-schedule-page.html:
--------------------------------------------------------------------------------
1 |
2 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/stats/chart.scss:
--------------------------------------------------------------------------------
1 | grr-chart {
2 | .hover {
3 | font-weight: bold;
4 | }
5 |
6 | .chart {
7 | position: absolute;
8 | left: 1em;
9 | right: 1em;
10 | bottom: 1em;
11 | top: 20em;
12 | overflow: hidden;
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/grr/artifacts/flow_templates/README.md:
--------------------------------------------------------------------------------
1 | # Flow Templates: GRR specific 'artifacts'
2 |
3 | These 'artifacts' are separate from the main repository because they don't
4 | describe digital forensic artifacts, instead they provide a way to call
5 | pre-defined GRR flows from YAML, the working name for which is 'flow templates'.
6 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/checks/data/wmi_sw.yaml:
--------------------------------------------------------------------------------
1 | - Description: Google Chrome
2 | status: 0
3 | Name: Google Chrome
4 | Version: 1.1.1
5 | - Description: Adware
6 | status: 0
7 | Name: Adware
8 | Version: 2.1.1
9 | - Description: Java
10 | status: 0
11 | Name: Java
12 | Version: 6.0.240
13 |
--------------------------------------------------------------------------------
/grr/core/install_data/macosx/client/preinstall.sh.in:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | # Pre installation script for GRR client MacOS-X package
4 |
5 | [[ $3 != "/" ]] && exit 0
6 |
7 | if [ -f "%(Client.plist_path)" ];
8 | then
9 | sudo launchctl unload "%(Client.plist_path)";
10 | sudo rm -f "%(Client.plist_path)";
11 | fi
12 |
13 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/local/local.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Additional (user-specific) UI logic."""
3 |
4 | from grr.core.grr_response_server.lib import registry
5 |
6 |
7 | class LocalGuiInitHook(registry.InitHook):
8 | """User-specific init logic."""
9 |
10 | def RunOnce(self):
11 | pass
12 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/core/server-error-button.html:
--------------------------------------------------------------------------------
1 |
6 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/sidebar/nav-dropdown.html:
--------------------------------------------------------------------------------
1 |
3 |
4 | {$ title $}
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/ext-flags-linux-picker-long.scss:
--------------------------------------------------------------------------------
1 | grr-ext-flags-linux-picker-long {
2 | form {
3 | width: 400px;
4 | }
5 |
6 | .control-label {
7 | float: right;
8 | width: auto;
9 | }
10 |
11 | select {
12 | width: auto !important;
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/acl/hunt-approval-view.scss:
--------------------------------------------------------------------------------
1 | grr-hunt-approval-view {
2 | span.text-danger {
3 | margin-left: 1em;
4 | }
5 |
6 | grr-approval-info {
7 | display: inline;
8 | margin: 0;
9 | }
10 |
11 | div.panel-body > h3 {
12 | margin-top: 0;
13 | }
14 | }
15 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/aff4-attribute-form.html:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/object-label.html:
--------------------------------------------------------------------------------
1 |
2 | {$ ::controller.labelName $}
3 |
4 |
5 |
6 | {$ ::controller.labelName $}
7 |
8 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/rekall-response.html:
--------------------------------------------------------------------------------
1 |
2 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/grr/client/grr_response_client/windows/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """This module contains windows specific client code."""
3 | from __future__ import unicode_literals
4 |
5 | # These need to register plugins so, pylint: disable=unused-import
6 | from grr_response_client.windows import installers
7 | from grr_response_client.windows import regconfig
8 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/r-we-owned-button.html:
--------------------------------------------------------------------------------
1 |
7 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/core/version-dropdown.scss:
--------------------------------------------------------------------------------
1 | grr-version-dropdown {
2 | position: relative;
3 |
4 | .newer-version-hint {
5 | position: absolute;
6 | text-align: center;
7 | left: 0;
8 | right: 0;
9 | font-size: .9em;
10 | background-color: $color-hint-background-color;
11 | }
12 | }
13 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/flow/flow-info.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
7 |
8 | {$ descriptor.value.name.value $}
4 |{$ descriptor.value.doc.value $}
5 | 6 |No flow selected.
9 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/check_lib/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """This is the check capabilities used to post-process host data."""
3 |
4 | # pylint: disable=g-import-not-at-top,unused-import
5 |
6 | from grr_response_server.check_lib import checks
7 | from grr_response_server.check_lib import hints
8 | from grr_response_server.check_lib import triggers
9 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/hunt/hunt-context.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Simple Index
2 | grr-response-templates-3.1.0
3 | grr-response-templates-3.1.0post1
4 | 5 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/file-timeline.scss: -------------------------------------------------------------------------------- 1 | grr-file-timeline { 2 | 3 | tr.timeline-refresh-indicator { 4 | td { 5 | text-align: center; 6 | padding: 50px; 7 | background: $color-default-background; 8 | border: 0; 9 | } 10 | 11 | div { 12 | margin-top: 10px; 13 | } 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/config/binaries-list.scss: -------------------------------------------------------------------------------- 1 | grr-binaries-list { 2 | tr { 3 | cursor: pointer; 4 | } 5 | 6 | td { 7 | padding-left: 1em !important; 8 | } 9 | 10 | span.size { 11 | font-style: italic; 12 | } 13 | 14 | span.timestamp { 15 | padding-left: 3em; 16 | padding-right: 1em; 17 | font-size: 90%; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/semantic/urn.html: -------------------------------------------------------------------------------- 1 | 3 | {$ ::controller.plainValue $} 4 | 5 | {$ ::controller.plainValue $} 7 | -------------------------------------------------------------------------------- /appveyor/e2e_tests/install_mem_usage_cron.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Enables periodic logging of memory usage in an Appveyor VM. 4 | 5 | set -ex 6 | 7 | # Write header row of log file. 8 | echo "$(date) $(free -hmw | grep available)" >> /var/log/grr_e2e_mem_usage.log 9 | # Install the crontab file. 10 | cp "${APPVEYOR_BUILD_FOLDER}/appveyor/e2e_tests/grr_e2e_mem_usage" /etc/cron.d/ 11 | systemctl restart cron 12 | -------------------------------------------------------------------------------- /grr/core/grr_response_core/artifacts/flow_templates/processes.yaml: -------------------------------------------------------------------------------- 1 | # Process-related flow templates. 2 | 3 | name: AllRunningProcessBinaryFiles 4 | doc: Download binaries of all the running processes. 5 | sources: 6 | - type: ARTIFACT_FILES 7 | attributes: 8 | artifact_list: [ListProcessesGrr] 9 | pathspec_attribute: exe 10 | labels: [Processes, Software] 11 | supported_os: [Windows, Linux, Darwin] 12 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/flows/cron/registry_init.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | """Load all cron flows in order to populate the registry. 3 | """ 4 | 5 | # pylint: disable=unused-import 6 | # These imports populate the Flow registry 7 | from grr_response_server.flows.cron import data_retention 8 | from grr_response_server.flows.cron import filestore_stats 9 | from grr_response_server.flows.cron import system 10 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/output-plugins/output-plugin-logs.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 7 | {$ controller.itemsCount $} {$ label $} 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/stats/timeseries-graph.scss: -------------------------------------------------------------------------------- 1 | 2 | grr-timeseries-graph { 3 | width: 100%; 4 | height: 300px; 5 | padding: 0; 6 | position: relative; 7 | display: block; 8 | margin-bottom: 4em; 9 | 10 | .timeseries-graph { 11 | width: 100%; 12 | height: 300px; 13 | padding: 0; 14 | position: relative; 15 | display: block; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /grr/test/grr_response_test/test_data/VFSFixture/etc/passwd: -------------------------------------------------------------------------------- 1 | gevulot:x:111:122:Gevulot,,,:/home/gevulot:/bin/bash 2 | gogol:x:905:65534::/usr/local/home/gogol:/bin/sh 3 | user1:x:888:48:User 1:/home/user1:/bin/sh 4 | user2:x:889:48:User 2:/home/user2:/bin/sh 5 | quiet:x:41:48::/home/quiet:/bin/false 6 | exomemory:x:46:47:Never Forget (admin):/var/lib/exomemory:/bin/sh 7 | buguser3:x:890:48:Don't find me:/home/buguser3:/bin/sh 8 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/flow/flow-results.html: -------------------------------------------------------------------------------- 1 |
11 |
12 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/stat-ext-flags-osx.html:
--------------------------------------------------------------------------------
1 |
2 |
4 | {$ ::controller.clientId $}
5 |
6 |
7 |
10 |
11 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/dict.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
14 |
--------------------------------------------------------------------------------
/travis/install_centos_prereqs.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | yum install -y \
6 | emacs \
7 | epel-release \
8 | python-devel \
9 | wget \
10 | which \
11 | java-1.8.0-openjdk \
12 | libffi-devel \
13 | openssl-devel \
14 | zip \
15 | git \
16 | gcc \
17 | gcc-c++ \
18 | redhat-rpm-config \
19 | rpm-build \
20 | rpm-sign
21 |
22 | yum install -y python-pip
23 | pip install --upgrade pip virtualenv
24 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/artifact/upload-artifact-dialog.html:
--------------------------------------------------------------------------------
1 |
4 |
5 |
7 |
8 |
9 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/file-text-view.scss:
--------------------------------------------------------------------------------
1 | grr-file-text-view {
2 |
3 | grr-encodings-dropdown {
4 | margin: 5px 0;
5 | float: right;
6 | }
7 |
8 | .uib-pagination {
9 | margin: 5px 0;
10 | }
11 |
12 | .no-content {
13 | text-align: center;
14 | margin-top: 50px;
15 | font-size: 2.0em;
16 | color: $color-no-content-color;
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/flow/flow-api-helper.html:
--------------------------------------------------------------------------------
1 |
2 |
5 | {$ ::value.value $}
6 |
7 | {$ ::value.value $}
8 |
9 |
--------------------------------------------------------------------------------
/pytest.ini:
--------------------------------------------------------------------------------
1 | [pytest]
2 | python_files=*_test.py
3 | python_classes=
4 | python_functions=test*
5 |
6 | norecursedirs=
7 | grr/server/grr_response_server/gui/static/node_modules
8 | grr/server/grr_response_server/gui/static/bower_components
9 | addopts=
10 | --ignore=grr/server/grr_response_server/data_stores/mysql_advanced_data_store_test.py
11 | --ignore=grr/server/grr_response_server/data_stores/mysql_advanced_data_store_benchmark_test.py
12 |
--------------------------------------------------------------------------------
/grr/client/grr_response_client/components/chipsec_support/actions/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Conditional import for Chipsec. Only Linux is supported at this stage."""
3 | from __future__ import unicode_literals
4 |
5 | import platform
6 | import sys
7 |
8 | # pylint: disable=g-import-not-at-top
9 | if hasattr(sys, "frozen"):
10 | if platform.system() == "Linux":
11 | from . import grr_chipsec
12 | # pylint: enable=g-import-not-at-top
13 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/acl/client-approval-view.html:
--------------------------------------------------------------------------------
1 |
5 |
6 |
7 |
8 | 9 |
11 |
12 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/data-object.html:
--------------------------------------------------------------------------------
1 |
2 |
3 |
14 |
--------------------------------------------------------------------------------
/grr/proto/grr_response_proto/file_store.proto:
--------------------------------------------------------------------------------
1 | syntax = "proto2";
2 |
3 | import "grr_response_proto/semantic.proto";
4 |
5 |
6 | message FileStoreAddEvent {
7 | optional bytes hash_id = 1 [(sem_type) = {
8 | type: "SHA256HashID",
9 | description: "Hash ID of the file.",
10 | }];
11 | repeated bytes blob_ids = 2 [(sem_type) = {
12 | type: "BlobID",
13 | description: "IDs of blobs corresponding to the hash id.",
14 | }];
15 | }
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/events.js:
--------------------------------------------------------------------------------
1 | goog.module('grrUi.client.virtualFileSystem.events');
2 | goog.module.declareLegacyNamespace();
3 |
4 |
5 |
6 | /**
7 | * "Refresh folder" event name.
8 | * @const
9 | */
10 | exports.REFRESH_FOLDER_EVENT = 'RefreshFolderEvent';
11 |
12 | /**
13 | * "Refresh file" event name.
14 | * @const
15 | */
16 | exports.REFRESH_FILE_EVENT = 'RefreshFileEvent';
17 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/rekall/rekall-default-value.html:
--------------------------------------------------------------------------------
1 |
2 |
12 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/foreman-label-rule-form.scss:
--------------------------------------------------------------------------------
1 | grr-form-label {
2 | .remove-label {
3 | padding-left: .2em !important;
4 | float: initial;
5 | }
6 |
7 | .remove-label[disabled='disabled'] {
8 | pointer-events: none;
9 | opacity: .1;
10 | }
11 |
12 | grr-form-client-label {
13 | .select-label-controls {
14 | float: left;
15 | margin-left: 20px;
16 | }
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/output-plugins/output-plugins-notes.html:
--------------------------------------------------------------------------------
1 |
5 |
6 |
7 |
8 | 9 |
4 |
5 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/hunt/new-hunt-wizard/create-hunt-from-flow-form.html:
--------------------------------------------------------------------------------
1 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/client-urn-modal.html:
--------------------------------------------------------------------------------
1 |
2 |
15 |
--------------------------------------------------------------------------------
/grr/client/grr_response_client/client_actions/windows/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Copyright 2011 Google Inc. All Rights Reserved.
3 | """A module to load all windows client plugins."""
4 | from __future__ import unicode_literals
5 |
6 | # pylint: disable=unused-import,g-import-not-at-top
7 |
8 | # These import populate the Action registry
9 | import platform
10 |
11 | if platform.system() == "Windows":
12 | from grr_response_client.client_actions.windows import windows
13 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/stats/stats-view.scss:
--------------------------------------------------------------------------------
1 | grr-stats-view {
2 | grr-report-listing {
3 | position: absolute;
4 | left: 0;
5 | width: $reports-tree-width;
6 | top: 0;
7 | bottom: 0;
8 | border-right: $color-modal-border 1px solid;
9 | }
10 |
11 | grr-report {
12 | position: absolute;
13 | left: $reports-tree-width;
14 | right: 0;
15 | top: 0;
16 | bottom: 0;
17 | overflow: auto;
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/vagrant/build_templates.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | set -e
4 |
5 | function usage() {
6 | echo "Usage: ./build_templates.sh [vagrant box name]"
7 | exit
8 | }
9 |
10 | if [ $# -ne 1 ]; then
11 | usage
12 | fi
13 |
14 | export SSH_AUTH_SOCK=""
15 | vagrant up "$1"
16 | vagrant ssh -c "bash /grr/vagrant/install_grr.sh && source ~/grrbuild/PYTHON_ENV/bin/activate && grr_client_build build --output /grr/executables/" "$1"
17 |
18 | if [ $? -eq 0 ]; then
19 | vagrant halt "$1"
20 | fi
21 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/core/server-error-dialog.html:
--------------------------------------------------------------------------------
1 |
9 | {$ ::controller.formattedTimestamp $}
10 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/artifacts/test_artifact.json:
--------------------------------------------------------------------------------
1 | { "name": "TestDrivers",
2 | "sources": [
3 | { "type": "WMI",
4 | "attributes": { "query": "SELECT * from Win32_SystemDriver"
5 | },
6 | "conditions": [],
7 | "returned_types": []
8 | }
9 | ],
10 | "doc": "Extract the installed drivers on Windows via WMI.",
11 | "labels": [ "Software" ],
12 | "supported_os": [ "Windows" ],
13 | "urls": ["http://www.example.com"],
14 | "conditions": [ "os_major_version >= 6" ]
15 | }
16 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/flow/start-flow-view.scss:
--------------------------------------------------------------------------------
1 | grr-start-flow-view {
2 |
3 | grr-flow-descriptors-tree {
4 | position: absolute;
5 | left: 0;
6 | width: $flow-descriptors-tree-width;
7 | top: 0;
8 | bottom: 0;
9 | border-right: $color-modal-border 1px solid;
10 | }
11 |
12 | div.flow-details {
13 | position: absolute;
14 | left: $flow-descriptors-tree-width;
15 | right: 0;
16 | top: 0;
17 | bottom: 0;
18 | overflow: auto;
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/grr/core/grr_response_core/lib/rdfvalues/wmi.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """WMI RDF values."""
3 |
4 | from __future__ import unicode_literals
5 |
6 | from grr_response_core.lib.rdfvalues import structs as rdf_structs
7 | from grr_response_proto import sysinfo_pb2
8 |
9 |
10 | class WMIActiveScriptEventConsumer(rdf_structs.RDFProtoStruct):
11 | protobuf = sysinfo_pb2.WMIActiveScriptEventConsumer
12 |
13 |
14 | class WMICommandLineEventConsumer(rdf_structs.RDFProtoStruct):
15 | protobuf = sysinfo_pb2.WMICommandLineEventConsumer
16 |
--------------------------------------------------------------------------------
/grr/core/install_data/debian/dpkg_client/debian/grr-client.lintian-overrides:
--------------------------------------------------------------------------------
1 | # The PyInstaller build binary should not be stripped otherwise it stops
2 | # working.
3 | %(ClientBuilder.package_name) binary: unstripped-binary-or-object
4 |
5 | # The PyInstaller build package directory contains all its dependencies.
6 | # We cannot rely on the versions available on the system.
7 | %(ClientBuilder.package_name) binary: embedded-library
8 |
9 | # No bug to close.
10 | %(ClientBuilder.package_name) binary: new-package-should-close-itp-bug
11 |
--------------------------------------------------------------------------------
/grr/core/install_data/debian/manuals/grrd.1:
--------------------------------------------------------------------------------
1 | .Dd Nov 13, 2012
2 | .Dt grrd
3 | .Sh NAME
4 | .Nm grrd
5 | .Nd GRR Rapid Response Client
6 | .Sh DESCRIPTION
7 | .Nm grrd
8 | is a Rapid Response Client
9 | .Sh BUGS
10 | Please report bugs of any kind to or on the project website:
11 | https://github.com/google/grr
12 | .Sh COPYRIGHT
13 | Copyright 2011 Google Inc.
14 | This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
15 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/flow/flow-form.html:
--------------------------------------------------------------------------------
1 |
3 |
2 |
3 |
15 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/rdfvalues/file_store.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """FileStore implementation-related RDFValues."""
3 |
4 | from grr_response_core.lib.rdfvalues import structs as rdf_structs
5 | from grr_response_proto import file_store_pb2
6 | from grr_response_server.rdfvalues import objects as rdf_objects
7 |
8 |
9 | class FileStoreAddEvent(rdf_structs.RDFProtoStruct):
10 | """Basic metadata about a path which has been observed on a client."""
11 | protobuf = file_store_pb2.FileStoreAddEvent
12 | rdf_deps = [
13 | rdf_objects.SHA256HashID,
14 | rdf_objects.BlobID,
15 | ]
16 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/output_plugins/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Output plugins implementations."""
3 |
4 |
5 | from grr_response_server import output_plugin
6 |
7 | # pylint: disable=unused-import,g-import-not-at-top
8 | try:
9 | from grr_response_server.output_plugins import bigquery_plugin
10 | except ImportError:
11 | pass
12 |
13 | from grr_response_server.output_plugins import csv_plugin
14 | from grr_response_server.output_plugins import email_plugin
15 | from grr_response_server.output_plugins import sqlite_plugin
16 | from grr_response_server.output_plugins import yaml_plugin
17 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/message_handlers.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Message handlers."""
3 |
4 |
5 | class MessageHandler(object):
6 | """The base class for all message handlers."""
7 |
8 | handler_name = ""
9 |
10 | def __init__(self, token=None):
11 | # TODO(amoser): Get rid of the token once well known flows don't
12 | # write to aff4 anymore.
13 | self.token = token
14 |
15 | def ProcessMessages(self, msgs):
16 | """This is where messages get processed.
17 |
18 | Override in derived classes.
19 |
20 | Args:
21 | msgs: The GrrMessages sent by the client.
22 | """
23 |
--------------------------------------------------------------------------------
/debian/grr-server@.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=GRR %I
3 | PartOf=grr-server.service
4 | ReloadPropagatedFrom=grr-server.service
5 | After=syslog.target network.target
6 | Documentation=https://github.com/google/grr
7 |
8 | [Service]
9 | Type=simple
10 | PrivateTmp=true
11 | Restart=on-failure
12 | LimitNOFILE=65536
13 | Environment="MPLCONFIGDIR=/var/run/grr/tmp/%i" "PYTHON_EGG_CACHE=/var/run/grr/tmp/%i"
14 | ExecStartPre=/bin/mkdir -p /var/run/grr/tmp/%i
15 | ExecStart=/usr/bin/grr_server --component %i --disallow_missing_config_definitions -p StatsStore.process_id=%i_%m
16 |
17 | [Install]
18 | WantedBy=multi-user.target
19 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/ipshell.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """A compatibility layer for the IPython shell."""
3 |
4 |
5 | # pylint: disable=g-import-not-at-top
6 | def IPShell(argv=None, user_ns=None, banner=None):
7 | if argv is None:
8 | argv = []
9 |
10 | try:
11 | from IPython.terminal.embed import InteractiveShellEmbed
12 |
13 | shell = InteractiveShellEmbed(user_ns=user_ns, banner2=unicode(banner))
14 | shell(local_ns=user_ns)
15 | except ImportError:
16 | from IPython import Shell
17 |
18 | # IPython < 0.11
19 | Shell.IPShell(argv=argv, user_ns=user_ns).mainloop(banner=banner)
20 |
--------------------------------------------------------------------------------
/grr/client/grr_response_client/client_actions/enrol.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Copyright 2010 Google Inc. All Rights Reserved.
3 | """Actions required for CA enrolment."""
4 | from __future__ import unicode_literals
5 |
6 |
7 | from grr_response_client import actions
8 |
9 |
10 | class SaveCert(actions.ActionPlugin):
11 | """Accepts a signed certificate from the server and saves it to disk."""
12 |
13 | def Run(self, args):
14 | """Receive the certificate and store it to disk."""
15 | # We dont really care about the certificate any more. The ca_enroller flow
16 | # is changed to not issue this client action now.
17 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/semantic-diff-annotated-proto.scss:
--------------------------------------------------------------------------------
1 | grr-semantic-diff-annotated-proto {
2 | div.repeated.diff_changed,
3 | table.diff-changed > tbody > tr > td,
4 | tr.diff-changed > td {
5 | background: $color-diff-changed
6 | }
7 |
8 | div.repeated.diff-added,
9 | table.diff-added > tbody > tr > td,
10 | tr.diff-added > td {
11 | background: $color-diff-added !important;
12 | }
13 |
14 | div.repeated.diff-removed,
15 | table.diff-removed > tbody > tr > td,
16 | tr.diff-removed > td {
17 | background: $color-diff-removed !important;
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/grr/core/grr_response_core/lib/rdfvalues/config.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Implementations of RDFValues used in GRR config options definitions."""
3 |
4 | from __future__ import unicode_literals
5 |
6 | from grr_response_core.lib.rdfvalues import structs as rdf_structs
7 | from grr_response_proto import config_pb2
8 |
9 |
10 | class AdminUIClientWarningRule(rdf_structs.RDFProtoStruct):
11 | protobuf = config_pb2.AdminUIClientWarningRule
12 |
13 |
14 | class AdminUIClientWarningsConfigOption(rdf_structs.RDFProtoStruct):
15 | protobuf = config_pb2.AdminUIClientWarningsConfigOption
16 | rdf_deps = [AdminUIClientWarningRule]
17 |
--------------------------------------------------------------------------------
/grr/core/grr_response_core/lib/rdfvalues/cronjobs.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """RDFValues for GRR client-side cron jobs parsing."""
3 |
4 | from __future__ import unicode_literals
5 |
6 | from grr_response_core.lib import rdfvalue
7 | from grr_response_core.lib.rdfvalues import structs as rdf_structs
8 | from grr_response_proto import sysinfo_pb2
9 |
10 |
11 | class CronTabEntry(rdf_structs.RDFProtoStruct):
12 | protobuf = sysinfo_pb2.CronTabEntry
13 |
14 |
15 | class CronTabFile(rdf_structs.RDFProtoStruct):
16 | protobuf = sysinfo_pb2.CronTabFile
17 | rdf_deps = [
18 | CronTabEntry,
19 | rdfvalue.RDFURN,
20 | ]
21 |
--------------------------------------------------------------------------------
/grr/proto/grr_response_proto/user.proto:
--------------------------------------------------------------------------------
1 | syntax = "proto2";
2 |
3 | import "grr_response_proto/semantic.proto";
4 |
5 |
6 |
7 | // Next field: 4
8 | message GUISettings {
9 | option (semantic) = {
10 | description: "User GUI settings and preferences."
11 | };
12 |
13 | enum UIMode {
14 | BASIC = 0;
15 | ADVANCED = 1;
16 | DEBUG = 2;
17 | }
18 |
19 | optional UIMode mode = 1 [(sem_type) = {
20 | description: "User interface mode.",
21 | }, default=BASIC];
22 |
23 | optional bool canary_mode = 3 [(sem_type) = {
24 | description: "If true, show features that are being canaried."
25 | }];
26 | }
27 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/semantic-proto-union-form.html:
--------------------------------------------------------------------------------
1 |
7 | * Ben Galehouse
8 | * Andreas Moser
9 | * Milosz Lakomy
10 |
11 | To reach the authors, please use the GRR development mailing
12 | list .
13 |
14 | GRR emeriti:
15 |
16 | * Darren Bilby
17 | * Germano Caronni
18 | * Greg Castle
19 | * Michael Cohen
20 | * Dionysis Zindros
21 |
--------------------------------------------------------------------------------
/debian/control:
--------------------------------------------------------------------------------
1 | Source: grr-server
2 | Section: misc
3 | Priority: extra
4 | Maintainer: GRR developers
5 | Build-Depends: debhelper (>= 9), dh-make, dh-systemd (>= 1.5), dh-virtualenv (>= 0.6), lib32z1, libc6-i386, python2.7-dev
6 | Standards-Version: 3.8.3
7 | Homepage: https://github.com/google/grr
8 |
9 | Package: grr-server
10 | Section: python
11 | Architecture: any
12 | Pre-Depends:
13 | Depends: debhelper, dh-make, dpkg (>= 1.16.1), dpkg-dev, python-mysqldb, python2.7-dev, rpm, systemd, zip
14 | Description: GRR Rapid Response is an Incident Response Framework
15 | GRR Rapid Response is an Incident Response Framework.
16 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/databases/mem_events.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """The in memory database methods for event handling."""
3 |
4 | from grr_response_core.lib import rdfvalue
5 | from grr_response_core.lib import utils
6 |
7 |
8 | class InMemoryDBEventMixin(object):
9 | """InMemoryDB mixin for event handling."""
10 |
11 | @utils.Synchronized
12 | def ReadAllAuditEvents(self):
13 | return sorted(self.events, key=lambda event: event.timestamp)
14 |
15 | @utils.Synchronized
16 | def WriteAuditEvent(self, event):
17 | event = event.Copy()
18 | event.timestamp = rdfvalue.RDFDatetime.Now()
19 | self.events.append(event)
20 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/recursive-list-button.html:
--------------------------------------------------------------------------------
1 |
11 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/cron/cron-job-inspector.html:
--------------------------------------------------------------------------------
1 |
3 |
4 |
18 |
--------------------------------------------------------------------------------
/grr/test_lib/test_output_plugins.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Output plugins that are used in flow tests."""
3 |
4 | from grr_response_server import output_plugin
5 |
6 |
7 | class DummyFlowOutputPlugin(output_plugin.OutputPlugin):
8 | """Dummy plugin that opens a dummy stream."""
9 | num_calls = 0
10 | num_responses = 0
11 |
12 | def ProcessResponses(self, responses):
13 | DummyFlowOutputPlugin.num_calls += 1
14 | DummyFlowOutputPlugin.num_responses += len(list(responses))
15 |
16 |
17 | class FailingDummyFlowOutputPlugin(output_plugin.OutputPlugin):
18 |
19 | def ProcessResponses(self, responses):
20 | del responses
21 | raise RuntimeError("Oh no!")
22 |
--------------------------------------------------------------------------------
/grr/core/install_data/macosx/client/fleetspeak/postinstall.sh.in:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | # MacOS post-installation script for GRR [Fleetspeak-enabled].
4 |
5 | [[ "${3}" != '/' ]] && exit 0
6 |
7 | # Use the config generated during client repacking as the
8 | # primary config.
9 | if [[ -f "${PACKAGE_PATH}" ]]; then
10 | unzip -p "${PACKAGE_PATH}" config.yaml > '%(ClientBuilder.install_dir)/%(ClientBuilder.config_filename)'
11 | fi
12 |
13 | # Restart Fleetspeak so it picks up GRR's service config.
14 | if [[ -f '%(ClientBuilder.fleetspeak_plist_path)' ]]; then
15 | launchctl unload '%(ClientBuilder.fleetspeak_plist_path)'
16 | launchctl load '%(ClientBuilder.fleetspeak_plist_path)'
17 | fi
18 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/file-hex-view.scss:
--------------------------------------------------------------------------------
1 | grr-file-hex-view {
2 |
3 | .uib-pagination {
4 | margin: 5px 0;
5 | }
6 |
7 | table {
8 |
9 | .offset {
10 | font-weight: bold;
11 | color: $color-table-row-offset;
12 | padding-right: 1ex;
13 | }
14 |
15 | td {
16 | vertical-align: top !important;
17 | }
18 |
19 | .data {
20 | padding-left: 2ex;
21 | white-space: nowrap;
22 | }
23 |
24 | }
25 |
26 | .no-content {
27 | text-align: center;
28 | margin-top: 50px;
29 | font-size: 2.0em;
30 | color: $color-no-content-color;
31 | }
32 |
33 | }
34 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/semantic-versioned-proto.scss:
--------------------------------------------------------------------------------
1 | grr-semantic-versioned-proto {
2 | td.proto_key,
3 | td.proto_history,
4 | td.proto_value {
5 | vertical-align: middle !important;
6 | }
7 |
8 | tr td > .proto_history {
9 | opacity: 0;
10 | width: 1em;
11 | padding-top: .1em;
12 | padding-bottom: .1em;
13 | padding-left: .25em;
14 | padding-right: .25em;
15 | background: $color-proto-background;
16 | }
17 |
18 | tr:hover td > .proto_history {
19 | opacity: .15;
20 | }
21 |
22 | td:hover > .proto_history {
23 | opacity: 1.0 !important;
24 | transition-delay: .25s;
25 | }
26 | }
27 |
--------------------------------------------------------------------------------
/grr/core/grr_response_core/lib/config_validator_base.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """The base class for config validators.
3 |
4 | This has to be in a separate file to avoid import loops.
5 | """
6 | from __future__ import unicode_literals
7 |
8 |
9 | from future.utils import with_metaclass
10 |
11 | from grr_response_core.lib import registry
12 |
13 |
14 | class PrivateConfigValidator(
15 | with_metaclass(registry.MetaclassRegistry, object)):
16 | """Use this class to sanity check private config options at repack time."""
17 | __abstract = True # pylint: disable=g-bad-name
18 |
19 | def ValidateEndConfig(self, conf, context, errors_fatal=True):
20 | raise NotImplementedError()
21 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/searching/dpkg.log:
--------------------------------------------------------------------------------
1 | 2012-01-02 03:31:36 startup packages configure
2 | 2012-01-02 03:32:08 startup packages configure
3 | 2012-01-02 03:32:17 update-alternatives: run with --set gl_conf /usr/lib/nvidia-current/ld.so.conf
4 | 2012-01-02 22:00:20 startup archives install
5 | 2012-01-02 22:00:20 upgrade libbde-dev 20111012-1 20111012-1
6 | 2012-01-02 22:00:20 status half-configured libbde-dev 20111012-1
7 | 2012-01-02 22:00:20 status unpacked libbde-dev 20111012-1
8 | 2012-01-02 22:00:20 status half-installed libbde-dev 20111012-1
9 | 2012-01-02 22:00:20 status triggers-pending man-db 2.5.7-2ubuntu1
10 | 2012-01-02 22:00:20 status half-installed libbde-dev 20111012-1
11 |
--------------------------------------------------------------------------------
/grr/test_lib/export_test_lib.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Classes for export-related tests."""
3 |
4 | from grr_response_core.lib import rdfvalue
5 | from grr_response_core.lib.rdfvalues import structs as rdf_structs
6 |
7 | from grr_response_proto import tests_pb2
8 |
9 | from grr_response_server import export
10 |
11 |
12 | class DataAgnosticConverterTestValue(rdf_structs.RDFProtoStruct):
13 | protobuf = tests_pb2.DataAgnosticConverterTestValue
14 | rdf_deps = [export.ExportedMetadata, rdfvalue.RDFDatetime, rdfvalue.RDFURN]
15 |
16 |
17 | class DataAgnosticConverterTestValueWithMetadata(rdf_structs.RDFProtoStruct):
18 | protobuf = tests_pb2.DataAgnosticConverterTestValueWithMetadata
19 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/data_stores/fake_data_store_test.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Tests the fake data store - in memory implementation."""
3 |
4 |
5 | from grr_response_core.lib import flags
6 | from grr_response_server import data_store_test
7 | from grr.test_lib import test_lib
8 |
9 |
10 | class FakeDataStoreTest(data_store_test.DataStoreTestMixin,
11 | test_lib.GRRBaseTest):
12 | """Test the fake data store."""
13 |
14 | def testApi(self):
15 | """The fake datastore doesn't strictly conform to the api but this is ok."""
16 |
17 |
18 | def main(args):
19 | test_lib.main(args)
20 |
21 |
22 | if __name__ == "__main__":
23 | flags.StartMain(main)
24 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/ext-flags-linux-picker-long.html:
--------------------------------------------------------------------------------
1 |
17 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/hunt/hunt-status-icon.html:
--------------------------------------------------------------------------------
1 | 3 | grr-response-templates-3.1.0post1
4 | 5 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/file-timeline.scss: -------------------------------------------------------------------------------- 1 | grr-file-timeline { 2 | 3 | tr.timeline-refresh-indicator { 4 | td { 5 | text-align: center; 6 | padding: 50px; 7 | background: $color-default-background; 8 | border: 0; 9 | } 10 | 11 | div { 12 | margin-top: 10px; 13 | } 14 | } 15 | 16 | } 17 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/config/binaries-list.scss: -------------------------------------------------------------------------------- 1 | grr-binaries-list { 2 | tr { 3 | cursor: pointer; 4 | } 5 | 6 | td { 7 | padding-left: 1em !important; 8 | } 9 | 10 | span.size { 11 | font-style: italic; 12 | } 13 | 14 | span.timestamp { 15 | padding-left: 3em; 16 | padding-right: 1em; 17 | font-size: 90%; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/semantic/urn.html: -------------------------------------------------------------------------------- 1 | 3 | {$ ::controller.plainValue $} 4 | 5 | {$ ::controller.plainValue $} 7 | -------------------------------------------------------------------------------- /appveyor/e2e_tests/install_mem_usage_cron.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Enables periodic logging of memory usage in an Appveyor VM. 4 | 5 | set -ex 6 | 7 | # Write header row of log file. 8 | echo "$(date) $(free -hmw | grep available)" >> /var/log/grr_e2e_mem_usage.log 9 | # Install the crontab file. 10 | cp "${APPVEYOR_BUILD_FOLDER}/appveyor/e2e_tests/grr_e2e_mem_usage" /etc/cron.d/ 11 | systemctl restart cron 12 | -------------------------------------------------------------------------------- /grr/core/grr_response_core/artifacts/flow_templates/processes.yaml: -------------------------------------------------------------------------------- 1 | # Process-related flow templates. 2 | 3 | name: AllRunningProcessBinaryFiles 4 | doc: Download binaries of all the running processes. 5 | sources: 6 | - type: ARTIFACT_FILES 7 | attributes: 8 | artifact_list: [ListProcessesGrr] 9 | pathspec_attribute: exe 10 | labels: [Processes, Software] 11 | supported_os: [Windows, Linux, Darwin] 12 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/flows/cron/registry_init.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | """Load all cron flows in order to populate the registry. 3 | """ 4 | 5 | # pylint: disable=unused-import 6 | # These imports populate the Flow registry 7 | from grr_response_server.flows.cron import data_retention 8 | from grr_response_server.flows.cron import filestore_stats 9 | from grr_response_server.flows.cron import system 10 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/output-plugins/output-plugin-logs.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 7 | {$ controller.itemsCount $} {$ label $} 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/stats/timeseries-graph.scss: -------------------------------------------------------------------------------- 1 | 2 | grr-timeseries-graph { 3 | width: 100%; 4 | height: 300px; 5 | padding: 0; 6 | position: relative; 7 | display: block; 8 | margin-bottom: 4em; 9 | 10 | .timeseries-graph { 11 | width: 100%; 12 | height: 300px; 13 | padding: 0; 14 | position: relative; 15 | display: block; 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /grr/test/grr_response_test/test_data/VFSFixture/etc/passwd: -------------------------------------------------------------------------------- 1 | gevulot:x:111:122:Gevulot,,,:/home/gevulot:/bin/bash 2 | gogol:x:905:65534::/usr/local/home/gogol:/bin/sh 3 | user1:x:888:48:User 1:/home/user1:/bin/sh 4 | user2:x:889:48:User 2:/home/user2:/bin/sh 5 | quiet:x:41:48::/home/quiet:/bin/false 6 | exomemory:x:46:47:Never Forget (admin):/var/lib/exomemory:/bin/sh 7 | buguser3:x:890:48:Don't find me:/home/buguser3:/bin/sh 8 | -------------------------------------------------------------------------------- /grr/server/grr_response_server/gui/static/angular-components/flow/flow-results.html: -------------------------------------------------------------------------------- 1 |
2 | Loading...
3 |
4 |
5 |
2 | malformed
3 | none
4 |
10 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/client-urn.html:
--------------------------------------------------------------------------------
1 | -
5 |
- 6 | {$ ::flag.identifier $} 7 | 8 |
| 5 | {$ ::key $} 6 | | 7 | 8 |
9 | |
11 |
To start this flow on this client via the API, you can use one of the following options:
2 | 3 |
4 |
12 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/css/_mixins.scss:
--------------------------------------------------------------------------------
1 |
2 | @mixin border-radius($radius) {
3 | -webkit-border-radius: $radius;
4 | -moz-border-radius: $radius;
5 | -ms-border-radius: $radius;
6 | border-radius: $radius;
7 | }
8 |
9 | @mixin box-shadow($top, $left, $blur, $color) {
10 | -webkit-box-shadow: $top $left $blur $color;
11 | -moz-box-shadow: $top $left $blur $color;
12 | box-shadow: $top $left $blur $color;
13 | }
14 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/flow-id.html:
--------------------------------------------------------------------------------
1 | 5 | {$ label $} 6 | (authentication details are omitted) 7 | 8 |
{$ result.data $}
9 |
10 |
11 | 8 | 9 |
| 5 | {$ ::keyValuePair.value.key.value $} 6 | | 7 | 8 |
9 | |
11 |
| 5 | {$ ::k $} 6 | | 7 |
8 | |
10 |
2 |
4 |
5 |
6 |
7 | Can't fetch output plugins list: {$ controller.error $}.
8 |
9 |
--------------------------------------------------------------------------------
/grr/core/install_data/macosx/client/postinstall.sh.in:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | #
3 | # Post installation script for GRR client MacOS-X package
4 |
5 | [[ $3 != "/" ]] && exit 0
6 |
7 | # Run the installation routines.
8 | "%(ClientBuilder.install_dir)/%(Client.binary_name)" --install --config="%(ClientBuilder.install_dir)/%(ClientBuilder.config_filename)"
9 |
10 | if [ -f "%(Client.plist_path)" ];
11 | then
12 | sudo launchctl load -w "%(Client.plist_path)";
13 | fi
14 |
15 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/acl/cron-job-approval-view.html:
--------------------------------------------------------------------------------
1 | 8 | 9 |
Are you sure you want to delete following artifacts?
6 |-
7 |
- 8 | {$ name $} 9 | 10 |
2 | Loading...
3 |
4 |
5 |
2 |
6 |
8 | Client {$ ::controller.clientId $}
7 |
9 |
11 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/stats/chart.html:
--------------------------------------------------------------------------------
1 | {{ controller.errorMsg }}
2 | 3 |
4 | {{controller.hoverText}}
5 |
6 |
7 |
8 | | 4 | 5 | {$ flag.identifier $} 6 | 7 | | 8 |
|---|
|
11 | |
13 |
2 |
--------------------------------------------------------------------------------
/grr/core/grr_response_core/lib/rdfvalues/nsrl.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """RDFValues for the NSRL file store."""
3 |
4 | from __future__ import unicode_literals
5 |
6 | from grr_response_core.lib import rdfvalue
7 | from grr_response_core.lib.rdfvalues import structs as rdf_structs
8 | from grr_response_proto import jobs_pb2
9 |
10 |
11 | class NSRLInformation(rdf_structs.RDFProtoStruct):
12 | protobuf = jobs_pb2.NSRLInformation
13 | rdf_deps = [
14 | rdfvalue.HashDigest,
15 | ]
16 |
--------------------------------------------------------------------------------
/grr/core/install_data/debian/dpkg_client/debian/control:
--------------------------------------------------------------------------------
1 | Source: %(ClientBuilder.package_name)
2 | Section: misc
3 | Priority: extra
4 | Maintainer: %(ClientBuilder.maintainer)
5 | Build-Depends: debhelper \(>= 7.0.0\)
6 | Standards-Version: 3.9.2
7 | Homepage: https://github.com/google/grr
8 |
9 | Package: %(ClientBuilder.package_name)
10 | Architecture: any
11 | Depends: lsb-base \(>= 3.2-14\)
12 | Description: %(Client.name) Rapid Response Client
13 | The %(Client.name) Rapid Response Client
14 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/psefcmd.out:
--------------------------------------------------------------------------------
1 | UID PID PPID C STIME TTY TIME CMD
2 | root 1 0 0 Jun12 ? 00:00:03 init [3]
3 | root 2 0 0 Jun12 ? 00:00:00 [kthreadd]
4 | root 3 2 0 Jun12 ? 00:00:00 [ksoftirqd/0]
5 | root 5 2 0 Jun12 ? 00:00:00 [kworker/0:0H]
6 | root 337127 337126 0 00:48 ? 00:00:00 sleep 60
7 | usernam 337492 592357 0 00:49 pts/0 00:00:00 ps -ef
8 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/ext-flags-linux-picker-short.html:
--------------------------------------------------------------------------------
1 |
3 |
4 |
6 | {$ message $}
5 |
7 |
9 |
12 | {$ traceBack $}
8 |
2 |
3 |
14 |
15 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/cron/cron-job-runs-list.scss:
--------------------------------------------------------------------------------
1 | grr-cron-job-runs-list {
2 | tr td[name=backtrace] span {
3 | display: inline-block;
4 | white-space: nowrap;
5 | overflow: hidden;
6 | text-overflow: ellipsis;
7 | max-width: 20em
8 | }
9 |
10 | tr.row-selected td[name=backtrace] span {
11 | display: inline;
12 | white-space: inherit;
13 | overflow: inherit;
14 | text-overflow: inherit;
15 | max-width: inherit;
16 | }
17 | }
18 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/data_stores/registry_init.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Load all data stores so that they are visible in the registry.
3 | """
4 |
5 | # pylint: disable=g-import-not-at-top,unused-import,g-line-too-long
6 |
7 | from grr_response_server.data_stores import fake_data_store
8 |
9 | try:
10 | from grr_response_server.data_stores import mysql_advanced_data_store
11 | except ImportError:
12 | pass
13 |
14 | # Site specific data stores.
15 | from grr_response_server.data_stores import local
16 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/bytes-form.html:
--------------------------------------------------------------------------------
1 | | 5 | {$ ::flag.identifier $} 6 | | 7 |
|---|
|
10 | |
12 |
2 |
3 |
6 |
10 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/timerange-form.html:
--------------------------------------------------------------------------------
1 |
4 |
7 | {$ value.validationError $}
8 |
9 |
5 |
7 |
8 |
11 |
12 |
14 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/timestamp.html:
--------------------------------------------------------------------------------
1 |
2 |
7 |
8 | 3 |
6 |
7 |
11 |
12 |
13 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/duration-form.html:
--------------------------------------------------------------------------------
1 | 7 |
2 |
3 |
5 |
6 |
7 |
8 |
9 |
10 | Expected format is [number][unit] where unit may be "s" for seconds, "m" for minutes, "h" for hours, "d" for days or "w" for weeks.
11 |
12 |
13 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/semantic-proto-single-field-form.html:
--------------------------------------------------------------------------------
1 |
2 |
9 |
13 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/hunt/hunts-view.html:
--------------------------------------------------------------------------------
1 |
10 |
12 |
2 |
11 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/sidebar/client-summary.scss:
--------------------------------------------------------------------------------
1 | grr-client-summary {
2 | padding: 5px 10px;
3 | display: block;
4 |
5 | .client-name {
6 | color: $color-infoline-success;
7 | }
8 |
9 | grr-client-status-icons > div {
10 | text-align: left;
11 | display: inline;
12 | }
13 |
14 | .client-status,
15 | .client-ip-info {
16 | color: $color-infoline-color;
17 | }
18 |
19 | grr-client-warnings {
20 | display: block;
21 | padding-top: .5em;
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/ext-flags-linux-picker-short.scss:
--------------------------------------------------------------------------------
1 | grr-ext-flags-linux-picker-short {
2 | > div {
3 | width: 400px !important;
4 | }
5 |
6 | table {
7 | border-spacing: 1px;
8 | border-collapse: separate;
9 | font-family: monospace;
10 | user-select: none;
11 | width: 100%;
12 |
13 | th {
14 | cursor: help;
15 | text-align: center;
16 | }
17 |
18 | td {
19 | cursor: pointer;
20 | text-align: center;
21 | }
22 | }
23 | }
24 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/stat-ext-flags-linux.html:
--------------------------------------------------------------------------------
1 |
3 |
5 |
6 |
7 |
10 |
2 | malformed
3 | none
4 |
13 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/dummyconfig.yaml:
--------------------------------------------------------------------------------
1 | # This yaml is used in repacking integration tests so that we can exercise the
2 | # repack code without having to do a full initialize.
3 | #
4 |
5 | Client.server_urls: ["http://localhost:8000/"]
6 | Client.executable_signing_public_key: |
7 | -----BEGIN PUBLIC KEY-----
8 | MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMQpeVjrxmf6nPmsjHjULWhLmquSgTDK
9 | GpJgTFkTIAgX0Ih5lxoFB5TUjUfJFbBkSmKQPRA/IyuLBtCLQgwkTNkCAwEAAQ==
10 | -----END PUBLIC KEY-----
11 | CA.certificate: "-----BEGIN CERTIFICATE"
12 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/cron/cron-job-status-icon.html:
--------------------------------------------------------------------------------
1 | -
5 |
- 6 | - 7 | 8 | {$ ::flag.identifier $} 9 | 10 | 11 |
4 | 
7 | 
10 |
11 |
--------------------------------------------------------------------------------
/keys/test/driver_sign.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIBOgIBAAJBALnfFW1FffeKPs5PLUhFOSkNrr9TDCODQAI3WluLh0sW7/ro93eo
3 | IZ0FbipnTpzGkPpriONbSOXmxWNTo0b9ma8CAwEAAQJAfg37HBZK7bxGB+jOjvrT
4 | XzI2Vu7dhqAWouojT357DMKjGvkO+w7r6BmToZkgHRL4Nvh1KJ/APYdWWR+jTwJ3
5 | 4QIhAOhY/Gx8xs1ngrQLfSK9AWzPeegZK0I9W1UQuLWt7MjHAiEAzMrr2huBFrM0
6 | NgTOlWdrKnI/DPDpR3jGfSoUTsAeT9kCIQCzgxzzjKvkQtb+1+mEj1ashNgA9IEx
7 | mkoYPOUYqRnKPQIgUV+8UcEmDRgOAfzs/U7HtWkKBqFfgGfMLwXeZeBO6xkCIHGq
8 | wDcAa2GW9htKHmv9/Rzg05iAD+FYTsp8Gi2r4icV
9 | -----END RSA PRIVATE KEY-----
10 |
--------------------------------------------------------------------------------
/keys/test/exe_sign.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIBOwIBAAJBAMQpeVjrxmf6nPmsjHjULWhLmquSgTDKGpJgTFkTIAgX0Ih5lxoF
3 | B5TUjUfJFbBkSmKQPRA/IyuLBtCLQgwkTNkCAwEAAQJBAJ/nKwsIT1jNWw7P0EZi
4 | t40QLEn2CCfsZ9KweywVQgQ1b7z41glfhuKFn9+j+O1wZaElqcAFrU9H8qaQNMPH
5 | 6I0CIQDrFDlvcNvjXlxFV8oZYf2oCkXduamU/+170IoU/MRgdwIhANWem891kp7X
6 | 2bkpBpP9C+mqYnsuUMF+BqjMdVYAouEvAiA8zmZs5Qx7q5TCewrTtf0e0klwKO4s
7 | lGaheDe/ZgKF0QIhALgPFYlHcLHUohBcPQK+AcmvuXMRkRtnDy3aHS+hFLaZAiAp
8 | p9t+NDqxYEMnQ1UVt47cF9jyAWcKnnyyAH1ClPowxA==
9 | -----END RSA PRIVATE KEY-----
10 |
--------------------------------------------------------------------------------
/grr/core/grr_response_core/lib/rdfvalues/webhistory.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """RDFValues describing web history artifacts."""
3 |
4 | from __future__ import unicode_literals
5 |
6 | from grr_response_core.lib import rdfvalue
7 | from grr_response_core.lib.rdfvalues import structs as rdf_structs
8 | from grr_response_proto import sysinfo_pb2
9 |
10 |
11 | class BrowserHistoryItem(rdf_structs.RDFProtoStruct):
12 | protobuf = sysinfo_pb2.BrowserHistoryItem
13 | rdf_deps = [
14 | rdfvalue.RDFDatetime,
15 | rdfvalue.RDFURN,
16 | ]
17 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/data_stores/fake_data_store_benchmark_test.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """The benchmark tests for the fake data store."""
3 |
4 |
5 | from grr_response_core.lib import flags
6 | from grr_response_server import data_store_test
7 | from grr.test_lib import test_lib
8 |
9 |
10 | class FakeDataStoreBenchmarks(data_store_test.DataStoreBenchmarks):
11 | """Benchmark the fake data store."""
12 |
13 |
14 | def main(args):
15 | test_lib.main(args)
16 |
17 |
18 | if __name__ == "__main__":
19 | flags.StartMain(main)
20 |
--------------------------------------------------------------------------------
/docker/Dockerfile.build_centos_i686:
--------------------------------------------------------------------------------
1 | FROM centos_i686:7_base
2 |
3 | LABEL maintainer="grr-dev@googlegroups.com"
4 |
5 | RUN linux32 yum update
6 |
7 | RUN linux32 yum install -y \
8 | python-devel \
9 | java-1.8.0-openjdk \
10 | libffi-devel \
11 | openssl-devel \
12 | git \
13 | gcc \
14 | gcc-c++ \
15 | redhat-rpm-config \
16 | rpm-build \
17 | rpm-sign
18 |
19 | # Install pip
20 | RUN linux32 curl https://bootstrap.pypa.io/get-pip.py | python
21 |
22 | RUN linux32 pip install --upgrade pip virtualenv
23 |
24 | CMD ["/bin/bash"]
25 |
--------------------------------------------------------------------------------
/grr/core/install_data/debian/dpkg_client/nanny.sh.in:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | MOREARGS=\("${@:1}"\)
4 |
5 | # This nanny will be used by Linux upstart to throttle the respawn rate of the
6 | # client in case the client exists immediately. It will eventually be replaced
7 | # with the full C++ nanny code similar to Windows but for now this is just a
8 | # simple shell script.
9 | while true
10 | do
11 | "${MOREARGS[@]}"
12 | /usr/bin/logger --tag %(Client.binary_name) Daemon exited... Waiting 120 seconds before respawn. || true
13 | sleep 120
14 | done
15 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/file-details.scss:
--------------------------------------------------------------------------------
1 | grr-file-details {
2 |
3 | ul.breadcrumb {
4 | margin: 0;
5 | padding: 0;
6 | background: $color-default-background;
7 | }
8 |
9 | h1 {
10 | margin-top: 0;
11 | margin-bottom: 15px;
12 | }
13 |
14 | grr-version-dropdown {
15 | float: right;
16 | margin-top: 5px;
17 |
18 | select.form-control {
19 | margin-left: 10px;
20 | display: inline-block;
21 | width: auto;
22 | }
23 | }
24 | }
25 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/hunt/new-hunt-wizard/configure-flow-page.scss:
--------------------------------------------------------------------------------
1 | grr-configure-flow-page {
2 | grr-flow-descriptors-tree {
3 | position: absolute;
4 | left: 0;
5 | width: $flow-descriptors-tree-width;
6 | top: 0;
7 | bottom: 0;
8 | border-right: $color-modal-border 1px solid;
9 | }
10 |
11 | .flow-configuration-pane {
12 | position: absolute;
13 | left: $flow-descriptors-tree-width;
14 | right: 0;
15 | top: 0;
16 | bottom: 0;
17 | overflow: auto;
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/core/splitter.scss:
--------------------------------------------------------------------------------
1 | *[grr-splitter] {
2 | .gutter {
3 | background-color: $color-modal-border;
4 | background-repeat: no-repeat;
5 | background-position: 50%;
6 | }
7 |
8 | .gutter-vertical {
9 | cursor: ns-resize;
10 | background-image: url('/static/images/horizontal-grip.png');
11 | }
12 |
13 | .gutter-horizontal {
14 | cursor: ew-resize;
15 | background-image: url('/static/images/vertical-grip.png');
16 | float: left;
17 | height: 100%;
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/cron/cron-view.html:
--------------------------------------------------------------------------------
1 |
7 |
10 |
2 |
12 |
--------------------------------------------------------------------------------
/grr/core/install_data/debian/dpkg_client/debian/grr-client.prerm.in:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 |
3 | # Correct a problem with /etc/init.d/%(ClientBuilder.package_name) in package
4 | # version 3080. The exit 1 in the script broke prerm on upstart systems so the
5 | # package couldn't be removed or downgraded.
6 |
7 | set -e
8 |
9 | case "$1" in
10 | failed-upgrade\)
11 | if [ $2 = "3080-1" ]; then
12 | sed -i s'/exit 1/exit 0/g' /etc/init.d/%(ClientBuilder.package_name)
13 | fi
14 | ;;
15 |
16 | *\)
17 | ;;
18 | esac
19 |
20 | #DEBHELPER#
21 |
22 | exit 0
23 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/client-label-form.html:
--------------------------------------------------------------------------------
1 |
4 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
5 |
13 |
14 |
--------------------------------------------------------------------------------
/docker/Dockerfile.build_ubuntu_i386:
--------------------------------------------------------------------------------
1 | FROM ubuntu_i386:xenial_base
2 |
3 | LABEL maintainer="grr-dev@googlegroups.com"
4 |
5 | ENV DEBIAN_FRONTEND=noninteractive
6 |
7 | RUN apt-get update
8 |
9 | # Install python
10 | RUN apt-get install -y python3 && apt-get install -y python
11 |
12 | # Install other required packages
13 | RUN apt-get install -y zip \
14 | wget \
15 | openjdk-8-jdk \
16 | python-pip \
17 | git \
18 | debhelper \
19 | libffi-dev \
20 | libssl-dev \
21 | python-dev
22 |
23 | RUN pip install --upgrade pip virtualenv
24 |
25 | CMD ["/bin/bash"]
26 |
--------------------------------------------------------------------------------
/grr/artifacts/README.md:
--------------------------------------------------------------------------------
1 | # This directory is reserved for external artifacts
2 |
3 | The Makefile removes ``*.yaml`` from this directory when syncing the external
4 | repo located [here] (https://github.com/ForensicArtifacts/artifacts).
5 |
6 | ## Where artifacts go
7 |
8 | - Private artifacts should go in ``artifacts/local``
9 | - Public artifacts that are non GRR specific should be submitted to the external
10 | repo.
11 | - Public artifacts that call GRR functions with ``LIST_FILES``,
12 | ``GRR_CLIENT_ACTION``, ``GREP`` etc. should live in
13 | ``artifacts/flow_templates``
14 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/flows/general/data_migration.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """A module with database migration flows."""
3 |
4 | from __future__ import unicode_literals
5 |
6 | from grr_response_server import data_migration
7 | from grr_response_server import flow
8 |
9 |
10 | class ClientVfsMigrationFlow(flow.GRRFlow):
11 |
12 | category = "/Administrative/"
13 |
14 | def Start(self):
15 | super(ClientVfsMigrationFlow, self).Start()
16 |
17 | migrator = data_migration.ClientVfsMigrator()
18 | migrator.MigrateClient(client_urn=self.client_urn)
19 |
--------------------------------------------------------------------------------
/grr/core/MANIFEST.in:
--------------------------------------------------------------------------------
1 | include version.ini
2 |
3 | recursive-include * *
4 |
5 | recursive-exclude .git *
6 | recursive-exclude build *
7 | recursive-exclude dist *
8 | recursive-exclude executables *.zip
9 | recursive-exclude executables/installers *
10 | recursive-exclude executables *.bin
11 | recursive-exclude executables/components *
12 | recursive-exclude executables/linux *
13 | recursive-exclude executables/darwin *
14 | recursive-exclude grr/var *
15 | recursive-exclude grr-response-* *
16 |
17 | recursive-exclude * *.pyc
18 |
19 | exclude install_data/etc/server.local.yaml
20 |
--------------------------------------------------------------------------------
/grr/core/install_data/debian/dpkg_client/upstart/grr-client.conf:
--------------------------------------------------------------------------------
1 | # %(Client.description) client upstart file
2 |
3 | limit nofile 20000 20000
4 |
5 | kill timeout 300
6 |
7 | start on startup
8 | start on runlevel [2345]
9 | stop on runlevel [016]
10 |
11 | respawn
12 |
13 | env LANG=en_US.UTF-8
14 |
15 | script
16 | DAEMON="%(ClientBuilder.daemon_link).nanny"
17 | DAEMON_ARGS="%(ClientBuilder.daemon_link) --config=%(ClientBuilder.target_dir)/%(ClientBuilder.config_filename)"
18 |
19 | [ -x "${DAEMON}" ] || exit 0
20 |
21 | exec ${DAEMON} ${DAEMON_ARGS}
22 |
23 | end script
24 |
--------------------------------------------------------------------------------
/grr/proto/grr_response_proto/config.proto:
--------------------------------------------------------------------------------
1 | syntax = "proto2";
2 |
3 | import "grr_response_proto/semantic.proto";
4 |
5 |
6 |
7 | message AdminUIClientWarningsConfigOption {
8 | repeated AdminUIClientWarningRule rules = 1;
9 | }
10 |
11 | message AdminUIClientWarningRule {
12 |
13 | repeated string with_labels = 1 [(sem_type) = {
14 | description: "List of client labels that a warning message applies to."
15 | }];
16 |
17 | optional string message = 2 [(sem_type) = {
18 | description: "Warning message text (may contain markdown)."
19 | }];
20 |
21 | }
22 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/empty-templates.js:
--------------------------------------------------------------------------------
1 | goog.module('grrUi.templates.templates.templatesModule');
2 | goog.module.declareLegacyNamespace();
3 |
4 | /**
5 | * If GRR is running with AdminUI.use_precompiled_js = True, then
6 | * this file is not used, instead automatically generated templates
7 | * module will be included into the JS bundle. On the other hand,
8 | * of GRR is running with AdminUI.use_precompiled_js = False, then
9 | * this module is loaded. See base.html for details.
10 | */
11 | exports = angular.module('grrUi.templates', []);
12 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/databases/mem_test.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | import unittest
3 | from grr_response_core.lib import flags
4 | from grr_response_server import db_test_mixin
5 | from grr_response_server.databases import mem
6 | from grr.test_lib import test_lib
7 |
8 | FLAGS = flags.FLAGS
9 |
10 |
11 | class MemoryDBTest(db_test_mixin.DatabaseTestMixin, unittest.TestCase):
12 |
13 | def CreateDatabase(self):
14 | return mem.InMemoryDB(), None
15 |
16 |
17 | def main(args):
18 | test_lib.main(args)
19 |
20 |
21 | if __name__ == "__main__":
22 | flags.StartMain(main)
23 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "grr",
3 | "author": "Mikhail Bushkov",
4 | "version": "0.1.0",
5 | "devDependencies": {
6 | "grunt": "^0.4.5",
7 | "grunt-contrib-jshint": "^0.11.1",
8 | "grunt-html2js": "^0.3.0",
9 | "grunt-karma": "^0.10.1",
10 | "karma": "^0.12.31",
11 | "grunt-closure-tools": "^0.9.8",
12 | "superstartup-closure-compiler": "^0.1.6",
13 | "grunt-contrib-concat": "^0.5.1",
14 | "grunt-contrib-less": "^1.0.1",
15 | "grunt-contrib-uglify": "^0.8.1",
16 | "grunt-contrib-watch": "^0.6.1"
17 | }
18 | }
19 |
--------------------------------------------------------------------------------
/grr/client/grr_response_client/vfs_handlers/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | # Copyright 2010 Google Inc. All Rights Reserved.
3 | """A module to load all vfs handler plugins."""
4 | from __future__ import unicode_literals
5 |
6 | # pylint: disable=unused-import
7 | import platform
8 |
9 | # These import populate the VFSHandler registry
10 | from grr_response_client.vfs_handlers import files
11 | from grr_response_client.vfs_handlers import sleuthkit
12 |
13 | # pylint: disable=g-import-not-at-top
14 | if platform.system() == "Windows":
15 | from grr_response_client.vfs_handlers import registry
16 |
--------------------------------------------------------------------------------
/grr/core/grr_response_core/artifacts/README.md:
--------------------------------------------------------------------------------
1 | # This directory is reserved for external artifacts
2 |
3 | The Makefile removes ``*.yaml`` from this directory when syncing the external
4 | repo located [here] (https://github.com/ForensicArtifacts/artifacts).
5 |
6 | ## Where artifacts go
7 |
8 | - Private artifacts should go in ``artifacts/local``
9 | - Public artifacts that are non GRR specific should be submitted to the external
10 | repo.
11 | - Public artifacts that call GRR functions with ``LIST_FILES``,
12 | ``GRR_CLIENT_ACTION``, ``GREP`` etc. should live in
13 | ``artifacts/flow_templates``
14 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/semantic/semantic-proto.html:
--------------------------------------------------------------------------------
1 | | 5 | {$ ::item.key $} 6 | | 7 |{$ ::item.key $} | 8 | 9 |
10 | |
12 |
2 |
3 |
18 |
--------------------------------------------------------------------------------
/AUTHORS:
--------------------------------------------------------------------------------
1 | GRR Rapid Response Framework
2 | https://github.com/google/grr
3 |
4 | GRR is developed by (in alphabetical order):
5 |
6 | * Mikhail Bushkov
4 |
7 |
12 |
13 |
8 |
11 |
14 |
16 |
17 |
2 |
3 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/grr/client/grr_response_client/client_actions/file_finder_utils/subactions_test.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | from __future__ import unicode_literals
3 |
4 | import unittest
5 | from grr_response_core.lib import flags
6 | from grr.test_lib import test_lib
7 |
8 | # TODO(hanuszczak): Implement basic unit tests for subactions.
9 |
10 |
11 | class StatActionTest(unittest.TestCase):
12 | pass
13 |
14 |
15 | class HashActionTest(unittest.TestCase):
16 | pass
17 |
18 |
19 | class DownloadActionTest(unittest.TestCase):
20 | pass
21 |
22 |
23 | def main(argv):
24 | test_lib.main(argv)
25 |
26 |
27 | if __name__ == "__main__":
28 | flags.StartMain(main)
29 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/r-we-owned-button-modal.html:
--------------------------------------------------------------------------------
1 |
4 | Please select a cron job to see the details.
5 |
6 |
7 |
2 |
6 |
8 | Are we owned?
7 |
9 |
13 |
19 |
--------------------------------------------------------------------------------
/terraform/demo/google/client_install.ps1:
--------------------------------------------------------------------------------
1 | function Write-SerialPort {
2 | param (
3 | [string]$message
4 | )
5 |
6 | $port = New-Object System.IO.Ports.SerialPort COM1,9600,None,8,one
7 | $port.open()
8 | $port.WriteLine($message)
9 | $port.Close()
10 | }
11 |
12 | Write-SerialPort ('Downloading client')
13 |
14 | $down = New-Object System.Net.WebClient
15 | $url = '${windows_installer_download_url}';
16 | $file = 'grr-install.exe';
17 | $down.DownloadFile($url,$file);
18 |
19 | Write-SerialPort ('Installing client')
20 |
21 | $exec = New-Object -com shell.application
22 | $exec.shellexecute($file);
23 |
24 | Write-SerialPort ('Done')
25 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/checks/nfs.yaml:
--------------------------------------------------------------------------------
1 | check_id: 'NFS-EXPORTS-RW-OPEN'
2 | method:
3 | - match: 'ANY'
4 | target:
5 | os: ['Linux']
6 | hint:
7 | problem: 'NFS read/write exports are too permissive.'
8 | summary: 'nfs export config'
9 | format: '{share}: defaults:{defaults} hosts:{clients.host} options:{clients.options}'
10 | probe:
11 | - artifact: 'NfsExportsFile'
12 | filters:
13 | - type: 'ObjectFilter'
14 | expression: 'clients.host contains "*.example.org"'
15 | - type: 'ObjectFilter'
16 | expression: 'clients.options contains "rw" or defaults contains "rw"'
17 |
--------------------------------------------------------------------------------
/api_client/python/grr_api_client/__init__.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Python GRR API client library. Should be used for querying GRR API."""
3 | from __future__ import unicode_literals
4 |
5 | import os
6 | import sys
7 |
8 | try:
9 | import grr.proto # pylint: disable=g-import-not-at-top
10 | except ImportError:
11 | # Required for OpenSource standalone grr-api-client PIP package, so that it
12 | # can load protocol buffers compiled into Python files relative to
13 | # grr_api_client. See api_client/python/setup.py (compile_protos() function)
14 | # for details.
15 | sys.path.append(
16 | os.path.join(os.path.dirname(os.path.realpath(__file__)), "proto"))
17 |
--------------------------------------------------------------------------------
/grr/client/grr_response_client/local/binary_whitelist.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Deployment-specific whitelisted binaries."""
3 | from __future__ import unicode_literals
4 |
5 | import platform
6 |
7 |
8 | def IsExecutionWhitelisted(cmd, args):
9 | """Check if a binary and args is whitelisted.
10 |
11 | Args:
12 | cmd: Canonical path to the binary.
13 | args: List of arguments to be passed to the binary.
14 |
15 | Returns:
16 | Bool, True if it is whitelisted.
17 |
18 | This function is not called directly but used by client_utils_common.py to
19 | detect site-specific binaries that are allowed to run.
20 | """
21 |
22 |
23 | return False
24 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/output-plugin-descriptor-form.html:
--------------------------------------------------------------------------------
1 | 10 | {$ phrase $} 11 |
12 |
2 |
3 |
20 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/core/encode-uri-component-filter.js:
--------------------------------------------------------------------------------
1 | goog.module('grrUi.core.encodeUriComponentFilter');
2 | goog.module.declareLegacyNamespace();
3 |
4 |
5 |
6 | /**
7 | * Angular filter definition. Filter escapes given string using builtin
8 | * encodeURIComponent function.
9 | *
10 | * @return {!Function}
11 | * @export
12 | * @ngInject
13 | */
14 | exports.EncodeUriComponentFilter = function() {
15 | return window.encodeURIComponent;
16 | };
17 |
18 |
19 | /**
20 | * Name of the filter in Angular.
21 | *
22 | * @const
23 | * @export
24 | */
25 | exports.EncodeUriComponentFilter.filter_name = 'grrEncodeUriComponent';
26 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/flow/flow-requests.html:
--------------------------------------------------------------------------------
1 |
4 |
7 |
14 |
15 |
8 |
12 |
13 |
16 |
18 |
19 | | ID | 6 |Request | 7 |Responses | 8 |
|---|---|---|
2 | 
4 |
6 |
8 | 
10 |
11 |
--------------------------------------------------------------------------------
/grr/core/install_data/fleetspeak/windows/grr_service_config.txt.in:
--------------------------------------------------------------------------------
1 | # Default [unsigned] service config for integration with Fleetspeak.
2 |
3 | name: "GRR"
4 | factory: "Daemon"
5 | required_labels {
6 | service_name: "client"
7 | label: "windows"
8 | }
9 | config {
10 | [type.googleapis.com/fleetspeak.daemonservice.Config] {
11 | argv: "%(Client.install_path)\\%(Client.binary_name)"
12 | argv: "--config=%(Client.install_path)\\%(Client.binary_name).yaml"
13 |
14 | memory_limit: 2147483648 # 2GB
15 | monitor_heartbeats: true
16 | heartbeat_unresponsive_grace_period_seconds: 600
17 | heartbeat_unresponsive_kill_period_seconds: %(Nanny.unresponsive_kill_period)
18 | }
19 | }
20 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/end_to_end_tests/tests/processes.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """End to end tests for lib.flows.general.processes."""
3 |
4 | from grr_response_test.end_to_end_tests import test_base
5 |
6 |
7 | class TestProcessListing(test_base.EndToEndTest):
8 | """Test ListProcesses."""
9 |
10 | platforms = test_base.EndToEndTest.Platform.ALL
11 |
12 | def runTest(self):
13 | f = self.RunFlowAndWait("Netstat")
14 |
15 | results = list(f.ListResults())
16 | self.assertGreater(len(results), 5)
17 |
18 | # TODO(user): add a check for a GRR process (probably need to query
19 | # the server for the configuration option containing GRR agent name
20 | # to do that).
21 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/dict-form.html:
--------------------------------------------------------------------------------
1 |
4 |
6 |
8 |
10 |
2 |
6 |
7 |
8 |
9 |
11 |
17 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/searching/dpkg_false.log:
--------------------------------------------------------------------------------
1 | 2012-01-02 03:31:36 notavalidstatus packages configure
2 | 2012-01-02 03:32:08 startup packages configure
3 | 2012-01-02 03:32:17 update-alternatives: run with --set gl_conf /usr/lib/nvidia-current/ld.so.conf
4 | 2012-01-02 22:00:20 startup archives install
5 | 2012-01-02 22:00:20 upgrade libbde-dev 20111012-1 20111012-1
6 | 2012-01-02 22:00:20 status half-configured libbde-dev 20111012-1
7 | 2012-01-02 22:00:20 status unpacked libbde-dev 20111012-1
8 | 2012-01-02 22:00:20 status half-installed libbde-dev 20111012-1
9 | 2012-01-02 22:00:20 status triggers-pending man-db 2.5.7-2ubuntu1
10 | 2012-01-02 22:00:20 status half-installed libbde-dev 20111012-1
11 |
--------------------------------------------------------------------------------
/.dockerignore:
--------------------------------------------------------------------------------
1 | # Unfortunately the ** syntax isn't supported before docker 1.10
2 | # https://github.com/docker/docker/issues/13113
3 | # and installing a newer version is difficult.
4 | *.changes
5 | *.deb
6 | *.dsc
7 | *.egg-info
8 | */*/server.local.yaml
9 | *.pyc
10 | */*.pyc
11 | */*/*.pyc
12 | */*/*/*.pyc
13 | */*/*/*/*.pyc
14 | *_pb2.*
15 | */*_pb2.*
16 | */*/*_pb2.*
17 | ACKNOWLEDGEMENTS
18 | AUTHORS
19 | build
20 | dist
21 | executables
22 | !executables/windows/templates/unzipsfx/*.exe
23 | grr/config/grr-response-templates
24 | grr/gui/static/bower_components
25 | grr/gui/static/node_modules
26 | grr/gui/static/tmp
27 | grr/var
28 | grr-server*.tar.gz
29 | LICENSE
30 | README
31 | README.md
32 | travis
33 | vagrant
34 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/client/virtual-file-system/encodings-dropdown.html:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/forms/datetime-form.html:
--------------------------------------------------------------------------------
1 |
12 |
13 | =
14 |
16 |
2 |
3 |
6 |
12 |
13 |
7 |
9 |
10 |
11 |
14 |
15 | Expected format is {$ controller.format $}, i.e. {$ controller.example $}
16 |
17 |
18 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/hunt/new-hunt-wizard/configure-flow-page.html:
--------------------------------------------------------------------------------
1 |
4 |
22 |
23 |
--------------------------------------------------------------------------------
/grr/core/grr_response_core/config/checks.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """Configuration parameters for the check subsystem."""
3 | from __future__ import unicode_literals
4 |
5 | from grr_response_core.lib import config_lib
6 |
7 | config_lib.DEFINE_list("Checks.config_dir", [
8 | "%(grr_response_server|module_path)/"
9 | "checks",
10 | "%(grr_response_server|module_path)/"
11 | "checks/local"
12 | ], "A list of directories to load checks from.")
13 |
14 | config_lib.DEFINE_list("Checks.config_files", [],
15 | "Paths of check configurations to load at start up.")
16 |
17 | config_lib.DEFINE_integer("Checks.max_results", 50,
18 | "Maximum items to include as check results.")
19 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/hunt/modify-hunt-dialog.html:
--------------------------------------------------------------------------------
1 |
5 |
20 |
21 |
6 |
7 |
8 |
9 |
10 |
11 |
12 | 13 |
15 |
16 |
17 | Please select a flow from the tree on the left.
18 |
19 | 12 | 13 |
14 | Loading...
15 |
16 |
17 |
2 |
3 |
5 | Disk warnings
4 |
6 |
7 |
16 |
17 |
20 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/flow/flow-status-icon-directive.js:
--------------------------------------------------------------------------------
1 | goog.module('grrUi.flow.flowStatusIconDirective');
2 | goog.module.declareLegacyNamespace();
3 |
4 |
5 |
6 | /**
7 | * Directive that displays flow status icons for a given flow.
8 | *
9 | * @return {!angular.Directive} Directive definition object.
10 | * @ngInject
11 | * @export
12 | */
13 | exports.FlowStatusIconDirective = function() {
14 | return {
15 | scope: {flow: '='},
16 | restrict: 'E',
17 | templateUrl: '/static/angular-components/flow/flow-status-icon.html'
18 | };
19 | };
20 |
21 |
22 | /**
23 | * Name of the directive in Angular.
24 | */
25 | exports.FlowStatusIconDirective.directive_name = 'grrFlowStatusIcon';
26 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/hunt/hunt-status-icon-directive.js:
--------------------------------------------------------------------------------
1 | goog.module('grrUi.hunt.huntStatusIconDirective');
2 | goog.module.declareLegacyNamespace();
3 |
4 |
5 |
6 | /**
7 | * Directive that displays hunt status icons for a given hunt.
8 | *
9 | * @return {!angular.Directive} Directive definition object.
10 | * @ngInject
11 | * @export
12 | */
13 | exports.HuntStatusIconDirective = function() {
14 | return {
15 | scope: {hunt: '='},
16 | restrict: 'E',
17 | templateUrl: '/static/angular-components/hunt/hunt-status-icon.html'
18 | };
19 | };
20 |
21 |
22 | /**
23 | * Name of the directive in Angular.
24 | */
25 | exports.HuntStatusIconDirective.directive_name = 'grrHuntStatusIcon';
26 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/end_to_end_tests/tests/network.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env python
2 | """End to end tests for lib.flows.general.network."""
3 |
4 | from grr_response_test.end_to_end_tests import test_base
5 |
6 |
7 | class TestNetstat(test_base.EndToEndTest):
8 | """Test Netstat."""
9 |
10 | platforms = test_base.EndToEndTest.Platform.ALL
11 |
12 | def runTest(self):
13 | f = self.RunFlowAndWait("Netstat")
14 |
15 | results = list(f.ListResults())
16 | self.assertGreater(len(results), 5)
17 |
18 | num_ips = set()
19 | for r in results:
20 | netstat = r.payload
21 | num_ips.add(netstat.local_address.ip)
22 |
23 | # There should be at least two local IPs.
24 | self.assertGreater(len(num_ips), 1)
25 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/dpkg_status:
--------------------------------------------------------------------------------
1 | Package: t1
2 | Status: install ok installed
3 | Priority: optional
4 | Section: web
5 | Installed-Size: 10
6 | Maintainer: package-builder | volume | 9 |available space | 10 |
|---|---|
| {$ ::warning.volume $} | 13 |{$ warning.percent | number:0 $}% | 14 |
4 |
5 |
16 |
17 |
18 | Render all the data... (May take a while)
19 |
20 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/stats/audit-chart.html:
--------------------------------------------------------------------------------
1 | {{ controller.errorMsg }}
2 | 3 || 9 | {{ titleCaseLabel }} 10 | | 11 |
|---|
|
17 | |
19 |
2 |
17 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/acl/hunt-from-flow-copy-review.html:
--------------------------------------------------------------------------------
1 | 6 | No rules specified! 7 | 9 | The hunt will run on all clients. 10 | 11 | 13 | The hunt won't run on any client. 14 | 15 |
16 |
2 |
22 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/docs/api-route.html:
--------------------------------------------------------------------------------
1 |
3 |
4 |
21 |
5 |
12 |
13 |
6 |
8 | Source flow:
7 |
9 |
11 | Hunt flow parameters:
10 |
14 |
17 |
18 |
19 |
20 |
5 |
6 |
22 |
23 | Client requests for {$ controller.clientId $}
7 | 8 |
9 | Loading...
10 |
11 |
12 |
13 | No actions currently in progress.
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
2 |
3 |
24 |
--------------------------------------------------------------------------------
/grr/test/grr_response_test/test_data/pscmd.out:
--------------------------------------------------------------------------------
1 | 1 0 init.real 0 0 0 0 0 0 root ? Ss 0 1 0.0 716 4380 0.0 init [3]
2 | 2 0 kthreadd 0 0 0 0 0 0 root ? S 0 1 0.0 0 0 0.0 [kthreadd]
3 | 3 2 ksoftirqd/0 0 0 0 0 0 0 root ? S 0 1 0.0 0 0 0.0 [ksoftirqd/0]
4 | 135939 135938 sleep 0 0 0 0 0 0 root ? S 0 1 0.2 612 2532 0.0 sleep 60
5 | 136095 592357 ps 27262 27262 27262 5000 5000 5000 usernam pts/0 R+ 0 1 0.0 920 9768 0.0 ps h -ewwo pid,ppid,comm,ruid,uid,suid,rgid,gid,sgid,user,tty,stat,nice,thcount,pcpu,rss,vsz,pmem,cmd
6 |
--------------------------------------------------------------------------------
/grr/client/grr_response_client/nanny/GRRNanny.mc:
--------------------------------------------------------------------------------
1 | MessageIdTypedef=DWORD
2 |
3 | SeverityNames=(Success=0x0:STATUS_SEVERITY_SUCCESS
4 | Informational=0x1:STATUS_SEVERITY_INFORMATIONAL
5 | Warning=0x2:STATUS_SEVERITY_WARNING
6 | Error=0x3:STATUS_SEVERITY_ERROR
7 | )
8 |
9 |
10 | FacilityNames=(System=0x0:FACILITY_SYSTEM
11 | Runtime=0x2:FACILITY_RUNTIME
12 | Stubs=0x3:FACILITY_STUBS
13 | Io=0x4:FACILITY_IO_ERROR_CODE
14 | )
15 |
16 | LanguageNames=(English=0x409:MSG00409)
17 |
18 | ; // The following are message definitions.
19 |
20 | MessageId=0x1
21 | Severity=Error
22 | Facility=Runtime
23 | SymbolicName=SVC_ERROR
24 | Language=English
25 | An error has occurred (%2).
26 | .
27 |
28 | ; // A message file must end with a period on its own line
29 | ; // followed by a blank line.
30 |
--------------------------------------------------------------------------------
/grr/server/grr_response_server/gui/static/angular-components/flow/copy-flow-form.html:
--------------------------------------------------------------------------------
1 |
4 |
5 | Creating cron job...
6 |
7 |
8 |
9 |
10 |
13 |
14 | Can't create cron job:
11 |{$ response.data $}
12 |
15 |
22 |
23 |
16 |
21 |
17 | Created Cron Job:
18 |
2 | Loading...
3 |
4 |
5 |