Multiple changes.

 * Update version to 3.4.5.1.
 * Update fleetspeak binary dependency.
 * Adding more logging to proto deserialization.
 * Add tests for title in Netstat results.
 * Fleetspeak server wrapper: remove obsolete config initialization.
 * Config updater: add support for rotating fleetspeak certificate.
 * Use material table for displaying Netstat results.
 * Format NetworkConnectionFamily and NetworkConnectionType in Netstat Results table.
 * MSI: MSI templates can't be bulk signed.
 * Increasing min time between stop checks to 30 seconds.

Author: mol123

grr/client/setup.py

@@ -138,7 +138,7 @@ def run(self):
         PYTSK3,
         "retry==0.9.2",
         "libfsntfs-python==20210503",
-        "fleetspeak-client-bin==0.1.9",
+        "fleetspeak-client-bin==0.1.11",
     ],
     extras_require={
         # The following requirements are needed in Windows.

grr/client_builder/grr_response_client_builder/client_build.py

@@ -328,7 +328,10 @@ def RepackTemplates(self,
               passwd = self.GetWindowsPassphrase()
               repack_args.append("--sign")
             else:
-              bulk_sign_installers = True
+              if template.endswith(".msi.zip"):
+                repack_args.append("--sign")
+              else:
+                bulk_sign_installers = True
             if signed_template:
               repack_args.append("--signed_template")
           elif template.endswith(".rpm.zip"):

grr/client_builder/setup.py

@@ -68,7 +68,7 @@ def make_release_tree(self, base_dir, files):
         "grr-response-client==%s" % VERSION.get("Version", "packagedepends"),
         "grr-response-core==%s" % VERSION.get("Version", "packagedepends"),
         "PyInstaller==3.6",
-        "fleetspeak-client-bin==0.1.9",
+        "fleetspeak-client-bin==0.1.11",
         "olefile==0.46",
     ],
 

grr/core/grr_response_core/lib/rdfvalues/structs.py

@@ -1750,8 +1750,8 @@ def FromSerializedBytes(cls, value: bytes):
     try:
       ReadIntoObject(value, 0, instance)
     except ValueError:
-      logging.error("Error in ReadIntoObject for bytes, extract: %r",
-                    value[:1000])
+      logging.error("Error in ReadIntoObject. %d bytes, extract: %r",
+                    len(value), value[:1000])
       raise
 
     instance.dirty = True
@@ -1879,7 +1879,7 @@ def Get(self, attr, allow_set_default=True):
       The attribute's value, or the attribute's type's default value, if unset.
     """
     entry = self._data.get(attr)
-    # We dont have this field, try the defaults.
+    # We don't have this field, try the defaults.
     if entry is None:
       type_descriptor = self._GetTypeDescriptor(attr)
       default = type_descriptor.GetDefault(container=self)

grr/proto/grr_response_proto/sysinfo.proto

@@ -321,8 +321,15 @@ message WindowsServiceInformation {
     SERVICE_KERNEL_DRIVER = 0x1;
     SERVICE_FILE_SYSTEM_DRIVER = 0x2;
     SERVICE_ADAPTER_ARGS = 0x4;
+    SERVICE_RECOGNIZER_DRIVER = 0x8;
     SERVICE_WIN32_OWN_PROCESS = 0x10;
     SERVICE_WIN32_SHARE_PROCESS = 0x20;
+    SERVICE_USER_OWN_PROCESS = 0x50;
+    SERVICE_USER_SHARE_PROCESS = 0x60;
+    SERVICE_INTERACTIVE_PROCESS = 0x100;
+    SERVICE_INSTANCE_USER_SHARE_PROCESS = 0xe0;
+    SERVICE_INTERACTIVE_WIN32_OWN_PROCESS = 0x110;
+    SERVICE_INTERACTIVE_WIN32_SHARE_PROCESS = 0x120;
   }
 
   optional ServiceType service_type = 12 [(sem_type) = {

grr/server/grr_response_server/bin/config_updater.py

@@ -411,6 +411,11 @@ def main(args):
       maintenance_utils.RotateServerKey(
           cn=args.common_name, keylength=keylength)
 
+      if grr_config.CONFIG["Server.fleetspeak_enabled"]:
+        config_updater_util.FleetspeakConfig().RotateKey()
+        print("Fleetspeak server key rotated, "
+              "please restart fleetspeak-server.")
+
 
 def Run():
   app.run(main, flags_parser=lambda argv: parser.parse_args(argv[1:]))

grr/server/grr_response_server/bin/config_updater_util.py

@@ -2,6 +2,7 @@
 """Utilities for modifying the GRR server configuration."""
 
 import argparse
+import datetime
 import getpass
 import os
 import re
@@ -372,6 +373,18 @@ def Write(self, config):
     else:
       self._WriteDisabled(config)
 
+  def RotateKey(self):
+    now_str = datetime.datetime.now().isoformat()
+    # Move the old server keys
+    for cert_file in ("server_cert.pem", "server_cert_key.pem"):
+      old_file = f"old_{now_str}_{cert_file}"
+      os.rename(self._ConfigPath(cert_file), self._ConfigPath(old_file))
+    # Run fleetspeak-config to regenerate them
+    subprocess.check_call([
+        self._fleetspeak_config_command_path, "-config",
+        self._ConfigPath("fleetspeak_config.config")
+    ])
+
   def _ConfigPath(self, *path_components: str) -> str:
     return os.path.join(self.config_dir, *path_components)
 
@@ -482,12 +495,13 @@ def _WriteEnabled(self, config):
     cp.darwin_client_configuration_file = self._ConfigPath(
         "darwin_client.config")
 
-    p = subprocess.Popen(
-        [self._fleetspeak_config_command_path, "-config", "/dev/stdin"],
-        stdin=subprocess.PIPE)
-    p.communicate(input=text_format.MessageToString(cp).encode())
-    if p.wait() != 0:
-      raise RuntimeError("fleetspeak-config command failed.")
+    with open(self._ConfigPath("fleetspeak_config.config"), "w") as f:
+      f.write(text_format.MessageToString(cp))
+
+    subprocess.check_call([
+        self._fleetspeak_config_command_path, "-config",
+        self._ConfigPath("fleetspeak_config.config")
+    ])
 
     # These modules don't exist on Windows, so importing locally.
     # pylint: disable=g-import-not-at-top

grr/server/grr_response_server/bin/fleetspeak_server_wrapper.py

@@ -15,7 +15,6 @@
 
 from absl import app
 
-from grr_response_core.lib import config_lib
 from grr_response_core.lib import package
 
 
@@ -24,7 +23,6 @@ class Error(Exception):
 
 
 def main(argv):
-  config_lib.ParseConfigCommandLine()
   config_dir = package.ResourcePath(
       "fleetspeak-server-bin", "fleetspeak-server-bin/etc/fleetspeak-server")
   if not os.path.exists(config_dir):

grr/server/grr_response_server/gui/ui/components/flow_details/helpers/module.ts

@@ -10,6 +10,7 @@ import {BrowserAnimationsModule} from '@angular/platform-browser/animations';
 import {RouterModule} from '@angular/router';
 import {ExpandableHashModule} from '@app/components/expandable_hash/module';
 import {FileModePipe} from '@app/components/flow_details/helpers/file_mode_pipe';
+import {NetworkConnectionFamilyPipe, NetworkConnectionTypePipe} from '@app/components/flow_details/helpers/network_connection_pipes';
 import {HumanReadableSizeModule} from '@app/components/human_readable_size/module';
 import {TimestampModule} from '@app/components/timestamp/module';
 
@@ -46,6 +47,8 @@ import {ResultAccordion} from './result_accordion';
   declarations: [
     FileResultsTable,
     FileModePipe,
+    NetworkConnectionFamilyPipe,
+    NetworkConnectionTypePipe,
     OsqueryResultsTable,
     ResultAccordion,
     LoadFlowResultsDirective,
@@ -54,6 +57,8 @@ import {ResultAccordion} from './result_accordion';
   exports: [
     FileResultsTable,
     FileModePipe,
+    NetworkConnectionFamilyPipe,
+    NetworkConnectionTypePipe,
     OsqueryResultsTable,
     ResultAccordion,
     LoadFlowResultsDirective,

grr/server/grr_response_server/gui/ui/components/flow_details/helpers/network_connection_pipes.ts

@@ -0,0 +1,46 @@
+import {Pipe, PipeTransform} from '@angular/core';
+
+import {NetworkConnectionFamily, NetworkConnectionType} from '../../../lib/api/api_interfaces';
+
+const NETWORK_CONNECTION_FAMILY_MAP:
+    ReadonlyMap<NetworkConnectionFamily, string> = new Map([
+      [NetworkConnectionFamily.INET, 'IPv4'],
+      [NetworkConnectionFamily.INET6, 'IPv6'],
+      [NetworkConnectionFamily.INET6_WIN, 'IPv6'],
+      [NetworkConnectionFamily.INET6_OSX, 'IPv6'],
+    ]);
+
+const NETWORK_CONNECTION_TYPE_MAP: ReadonlyMap<NetworkConnectionType, string> =
+    new Map([
+      [NetworkConnectionType.UNKNOWN_SOCKET, '?'],
+      [NetworkConnectionType.SOCK_STREAM, 'TCP'],
+      [NetworkConnectionType.SOCK_DGRAM, 'UDP'],
+    ]);
+
+/**
+ * Converts a given NetworkConnectionFamily (IP Version) enum to a more
+ * human readable format.
+ */
+@Pipe({name: 'networkConnectionFamily'})
+export class NetworkConnectionFamilyPipe implements PipeTransform {
+  transform(family: NetworkConnectionFamily|undefined): string {
+    if (family === undefined) {
+      return '-';
+    }
+    return NETWORK_CONNECTION_FAMILY_MAP.get(family) ?? '-';
+  }
+}
+
+/**
+ * Converts a given NetworkConnectionType (IP Version) enum to a more
+ * human readable format.
+ */
+@Pipe({name: 'networkConnectionType'})
+export class NetworkConnectionTypePipe implements PipeTransform {
+  transform(type: NetworkConnectionType|undefined): string {
+    if (type === undefined) {
+      return '-';
+    }
+    return NETWORK_CONNECTION_TYPE_MAP.get(type) ?? '-';
+  }
+}