10.1.1. Module: main

Tanium Hygiene Assessment Tool (THAT) Main workflow module.

10.1.1.1. Class: Main

class tanium_hat.main.Main[source]

Bases: object

Main workflow class for THAT.

Must call tanium_hat.main.Main.start() in order to start the workflow.

Examples

>>> # initialize the Main class
>>> main = that.main.Main()

>>> # use the default configuration file
>>> main.start()

>>> # or, use a specific configuration file
>>> main.start(config_file="my_config.ini")
CONFIG_FILE

str

  • Path to configuration file for this instance
CONFIG

dict

PCONFIG

dict

LOG

logging.Logger

  • Logger for this instance
LH_CON

logging.StreamHandler

  • Console log handler for this instance
LH_FILE

logging.handlers.RotatingFileHandler

ERRORS

dict

EXCEPTIONS

dict

WEQUESTS

tanium_kit.wequests.Wequests

  • Wequests object (wrapper for requests)
__init__()[source]

Constructor.

_sep1()[source]

Log a level 1 separation line.

_sep2()[source]

Log a level 2 separation line.

_sep3()[source]

Log a level 3 separation line.

_sep4()[source]

Log a level 4 separation line.

add_file_logging()[source]

Add a file log handler to the root logger that gets DEBUG and above log messages.

check_internet()[source]

Check to see if an internet connection is available.

Uses tanium_hat.constants.INTERNET_TEST_URL as the url to use for checking internet connectivity.

Returns:ret
  • True: Internet available
  • False: Internet not available
Return type:bool
check_pytan_admin(role_name=u'Administrator')[source]

Check if the current pytan user has the Administrator role in Tanium.

collect_analyze_results()[source]

Collect analayze_data results from plugins.

Returns:ret
  • nested dict with the collected results
Return type:dict
collect_internet_results()[source]

Collect get_internet_data results from plugins.

Returns:ret
  • dict with the collected results
Return type:dict
collect_tanium_results()[source]

Collect get_tanium_data results from plugins.

Returns:ret
  • list of dict with the collected results
Return type:list
config_check_abs(value, section, entry, **kwargs)[source]

Pre-pend value if it is not absolute.

Parameters:
  • value (str) –
    • value from config file/user
  • section (str) –
    • section in configuration file value came from
  • entry (str) –
    • entry in section in configuration file value came from
  • force_abs (bool, optional) –
    • default : False
    • str : value should be prefixed with str if value is not absolute
    • False : leave value alone
Returns:

ret

  • value
Return type:

str
config_check_bool(value, section, entry, **kwargs)[source]

Convert value into boolean.

Parameters:
  • value (str) –
    • value from config file/user
  • section (str) –
    • section in configuration file value came from
  • entry (str) –
    • entry in section in configuration file value came from
  • is_bool (bool, optional) –
    • default : False
    • True : value should be converted to bool using tanium_kit.ask.coerce_bool(), ask user if it fails to be converted
    • False : leave value alone
Returns:

ret

  • value
Return type:

str
config_check_crypt(value, section, entry, **kwargs)[source]

Check if value is cryptable.

Parameters:
  • value (str) –
    • value from config file/user
  • section (str) –
    • section in configuration file value came from
  • entry (str) –
    • entry in section in configuration file value came from
  • is_crypt (bool, optional) –
Returns:

ret

  • value
Return type:

str
config_check_empty(value, section, entry, **kwargs)[source]

Check if value is empty.

Parameters:
  • value (str) –
    • value from config file/user
  • section (str) –
    • section in configuration file value came from
  • entry (str) –
    • entry in section in configuration file value came from
  • empty_ok (bool, optional) –
    • default : False
    • True : value is allowed to be empty
    • False : value is not allowed to be empty, re-ask user if it is empty
Returns:

ret

  • value
Return type:

str
config_check_int(value, section, entry, **kwargs)[source]

Convert value into integer.

Parameters:
  • value (str) –
    • value from config file/user
  • section (str) –
    • section in configuration file value came from
  • entry (str) –
    • entry in section in configuration file value came from
  • is_int (bool, optional) –
    • default : False
    • True : value should be converted to int using tanium_kit.tools.int_check(), ask user if it fails to be converted
    • False : leave value alone
Returns:

ret

  • value
Return type:

str
config_check_tmpl(value, section, entry, **kwargs)[source]

Templatize value.

Parameters:
  • value (str) –
    • value from config file/user
  • section (str) –
    • section in configuration file value came from
  • entry (str) –
    • entry in section in configuration file value came from
  • is_template (bool, optional) –
Returns:

ret

  • value
Return type:

str
config_check_value(section, entry, **kwargs)[source]

Check if value is defined in config file.

Parameters:
  • section (str) –
    • section in configuration file value came from
  • entry (str) –
    • entry in section in configuration file value came from
Returns:

ret

  • value
Return type:

str
config_tmpl(value, src, quiet=False)[source]

Templatize a value.

Parameters:
  • value (str) –
  • src (str) –
    • where this string came from
  • quiet (bool, optional) –
    • default : False
    • True : Log at debug level
    • False : Log at info level
Returns:

ret

  • Templatized string
Return type:

str
err_handler(err_str, src=None)[source]

Error handler.

Parameters:err_str (str) –
  • error string to log/track/spew
flight_check()[source]

Verify that at least one mode and one plugin was selected.

get_config_entry(section, entry, **kwargs)[source]

Get the value of an entry from self.CONFIG.

If value not supplied or is not the right type, prompt user for value.

Parameters:
  • section (str) –
    • section in self.CONFIG to look for entry
  • entry (str) –
    • key in section to get value from self.CONFIG[section][entry]
  • prompt (str) –
    • Prompt to use when asking for value
  • is_bool (bool, optional) –
    • default: False
    • True: value of entry must be a boolean
    • False: value of entry does not have to be a boolean
  • is_int (bool, optional) –
    • default: False
    • True: value of entry must be an integer
    • False: value of entry does not have to be an integer
  • empty_ok (bool, optional) –
    • default: False
    • True: value of entry can be empty
    • False: value of entry can not be empty
  • force_abs (bool, optional) –
    • default: False
    • True: if value of entry is not an absolute path, prepend it with the path of THAT
    • False: leave value of entry alone
  • is_crypt (bool, optional) –
    • default: False
    • True: run value of entry through tanium_kit.tools.deobfuscate()
    • False: leave value of entry alone
Returns:

value

  • value of entry from config file or from user supplied input
Return type:

str/bool/int
get_enabled_plugins()[source]

Determine which plugins to enable.

get_handler()[source]

Get a PyTan Handler.

Returns:ret
  • PyTan Handler created using credentials from self.PCONFIG
Return type:pytan.handler.Handler
get_info_json()[source]

Get info.json from the Tanium platform server using PyTan.

get_local_plugins()[source]

Find the plugins that are available locally.

get_module_json(name, url)[source]

Get json for a module from the Tanium platform server using PyTan.

get_plugin_option(option_name, pname, pmod)[source]

Get a plugin option and templatize it for a given plugin.

Parameters:
Returns:

ret

  • templatized dict for this plugin option
Return type:

dict
get_plugin_tmpl(pname, pmod)[source]

Build a dict to use in templating plugin options.

Parameters:
Returns:

ret

  • dict ready for use in templating
Return type:

dict
get_user_obj()[source]

Get the user object for the current user.

Returns:user_obj
  • User object for the currently logged in user ID in handler
Return type:taniumpy.object_types.user.User
jump_ship(lvl=99)[source]

Method called to exit due to error.

Parameters:lvl (int, optional) –
  • Default: 99
  • Exit code to end process with
keep_going(m)[source]

Ask the user if they wish to keep going using prompt m.

Exit if they say no.

Parameters:m (str) –
  • prompt to use when asking the user
land()[source]

Print out any errors that occurred and exit.

load_config_file(path)[source]

Use IniReader() to turn ini file at path into a dictionary.

Parameters:path (str) –
  • path to ini file to parse
Returns:ret
  • ini file contents churned into dict
Return type:dict
load_enabled_plugins()[source]

Load enabled plugins.

load_layout_def()[source]

Load the python layout definition file.

load_layout_pptx()[source]

Load the PPTX file referenced by the layout definition file.

load_module(path, mod_type, mod_attrs=[])[source]

Load a python file into a module.

  • Uses imp.load_source() to read the file at runtime and load it in as a python module.
  • Sets MODULE_PATH and MODULE_FILE as attributes on the returned module.
Parameters:
Returns:

ret

  • Loaded python module from path
Return type:

object
makedir(path)[source]

Make a directory and all leading directories as needed.

Parameters:path (str) –
  • Directory to make
mode_analyze_data()[source]

Run analyze_data for plugins, collect results, create PPTX file.

mode_get_internet_data()[source]

Run get_internet_data for plugins and write results.

mode_get_tanium_data()[source]

Run get_tanium_data for plugins and write results.

parse_config_analyze()[source]

Parse options that are only asked if the user supplied yes to analyze_data.

parse_config_base()[source]

Parse base options that are always asked.

parse_config_contents()[source]

Read the tanium_hat.main.Main.CONFIG dictionary for keys and prompt user for missing values.

parse_config_plugins()[source]

Parse options that are asked for plugins.

parse_config_tanium()[source]

Parse options that are only asked if the user supplied yes to get_tanium_data.

pre_flight()[source]

Read configuration file and start file logging.

register_zipper()[source]

Create a zip file of the data_path when python script exits.

run_plugin(mode, plugin_name, plugin_obj)[source]

Run a plugin using mode.

Parameters:
  • mode (str) –
    • plugin mode to run, one of “get_tanium_data”, “get_internet_data”, “analyze_data”
  • plugin_name (str) –
    • name of plugin
  • plugin_obj (tanium_hat.plugin.Plugin) –
    • instantiated object of plugin class
run_plugins(mode)[source]

Run all plugins using mode.

Parameters:mode (str) –
  • plugin mode to run, one of “get_tanium_data”, “get_internet_data”, “analyze_data”
save_file(out, filename, path, prompt=False, binary=False, **kwargs)[source]

Save a file in binary or text mode.

Parameters:
  • out (str) –
    • The contents to write to the file
  • filename (str) –
    • The basename of the file to save
  • path (str) –
    • The path to save the file into
  • prompt (bool, optional) –
    • Default : False
    • True: Prompt the user using tanium_kit.ask.ask() where they would like to save the file to, defaulting to path
    • False: Use path as is
  • binary (bool, optional) –
Returns:

file_path

  • The full path to the file that was saved
Return type:

str
signal_handler(signal, frame)[source]

Signal handler for trapping Control-C (SIGINT).

sorted_plugins(d=1000)[source]

Sort the plugins based on priority.

Parameters:d (int, optional) –
  • default : 1000
  • priority to use for plugins if not defined
Returns:ret
Return type:list
start(**kwargs)[source]

Main workflow entry point for THAT.

Parameters:config_file (str, optional) –
takeoff()[source]

Run the enabled modes against the enabled plugins.

track_items(name, obj, attr)[source]

Pull items from object and add them into this object by name.

Parameters:
  • name (str) –
    • name to store items from attr in obj under this classes tracker
  • obj (object) –
    • object to get attr from
  • attr (str) –
    • attribute to get from obj and to store in this class
valid_tmpl_keys()[source]

Produce a list of valid template keys.

Returns:ret
  • str containing CR delimited list of all valid template keys
Return type:str
write_csv(results, path, **kwargs)[source]

Write a csv file.

Parameters:
  • results (list of dict) –
    • list of dictionaries to write to the CSV file
  • path (str) –
    • path to write csv file to
Returns:

ret

  • list of dictionaries post-processing by ExcelWriter
Return type:

list of dict
write_file(path, out)[source]

Write a file.

Parameters:
  • path (str) –
    • path of file to write
  • out (str) –
    • contents to write to file
write_json_files()[source]

Write JSON files to the data_path.

10.1.1.2. Function: base_pconfig

tanium_hat.main.base_pconfig()[source]

Create a baseline PCONFIG (parsed config) dict.

Returns:ret
  • baseline PCONFIG dict
Return type:dict