external/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-02-14 20:11:52 +00:00
Code Issues Releases Wiki Activity

Improved Intel AMT within MeshCMD

Browse source
This commit is contained in:
Ylian Saint-Hilaire 2021-07-16 18:43:30 -07:00
parent 600fb45908
commit 596e3e20d4
2 changed files with 30 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
agents/meshcmd.js
View file

@ -202,13 +202,13 @@ function run(argv) {
console.log(' AmtRPE - Intel AMT Remote Platform Erase.'); console.log(' AmtRPE - Intel AMT Remote Platform Erase.');
console.log('\r\nHelp on a specific action using:\r\n'); console.log('\r\nHelp on a specific action using:\r\n');
console.log(' meshcmd help [action]'); console.log(' meshcmd help [action]');
exit(1); return; exit(0); return;
} }
if (settings.action == 'help') { if (settings.action == 'help') {
if (argv.length <= 2) { if (argv.length <= 2) {
actions.shift(); actions.shift();
console.log('Help usage:\r\n\r\n MeshCmd help [action]\r\n\r\nValid actions are: ' + actions.join(', ') + '.'); console.log('Help usage:\r\n\r\n MeshCmd help [action]\r\n\r\nValid actions are: ' + actions.join(', ') + '.');
exit(1); return; exit(0); return;
} }
var action = argv[2].toLowerCase(); var action = argv[2].toLowerCase();
if (action == 'route') { if (action == 'route') {
@ -231,6 +231,8 @@ function run(argv) {
console.log(' --json Display all Intel AMT state in JSON format.'); console.log(' --json Display all Intel AMT state in JSON format.');
} else if (action == 'amthashes') { } else if (action == 'amthashes') {
console.log('Amthashes will display all trusted activations hashes for Intel AMT on this computer. The command must be run on a computer with Intel AMT, must run as administrator and the Intel management driver must be installed. These certificates hashes are used by Intel AMT when performing activation into ACM mode. Example usage:\r\n\r\n meshcmd amthashes'); console.log('Amthashes will display all trusted activations hashes for Intel AMT on this computer. The command must be run on a computer with Intel AMT, must run as administrator and the Intel management driver must be installed. These certificates hashes are used by Intel AMT when performing activation into ACM mode. Example usage:\r\n\r\n meshcmd amthashes');
console.log('\r\nPossible arguments:\r\n');
console.log(' --json Display all Intel AMT hashes in JSON format.');
} else if ((action == 'microlms') || (action == 'lms') || (action == 'amtlms')) { } else if ((action == 'microlms') || (action == 'lms') || (action == 'amtlms')) {
console.log('Starts MicroLMS on this computer, allowing local access to Intel AMT on TCP ports 16992 and 16993 when applicable. The command must be run on a computer with Intel AMT, must run as administrator and the Intel management driver must be installed. These certificates hashes are used by Intel AMT when performing activation into ACM mode. Example usage:\r\n\r\n meshcmd microlms'); console.log('Starts MicroLMS on this computer, allowing local access to Intel AMT on TCP ports 16992 and 16993 when applicable. The command must be run on a computer with Intel AMT, must run as administrator and the Intel management driver must be installed. These certificates hashes are used by Intel AMT when performing activation into ACM mode. Example usage:\r\n\r\n meshcmd microlms');
console.log('\r\nPossible arguments:\r\n'); console.log('\r\nPossible arguments:\r\n');
@ -413,7 +415,7 @@ function run(argv) {
actions.shift(); actions.shift();
console.log('Invalid action, usage:\r\n\r\n meshcmd help [action]\r\n\r\nValid actions are: ' + actions.join(', ') + '.'); console.log('Invalid action, usage:\r\n\r\n meshcmd help [action]\r\n\r\nValid actions are: ' + actions.join(', ') + '.');
} }
exit(1); return; exit(0); return;
} }
settings.action = settings.action.toLowerCase(); settings.action = settings.action.toLowerCase();
debug(1, "Settings: " + JSON.stringify(settings)); debug(1, "Settings: " + JSON.stringify(settings));
@ -438,7 +440,7 @@ function run(argv) {
else if (state == 49) { console.log("Certificate not ready."); } else if (state == 49) { console.log("Certificate not ready."); }
else if (state == 0) { console.log("Success."); } else if (state == 0) { console.log("Success."); }
else { console.log("Unknown status: " + state); } else { console.log("Unknown status: " + state); }
exit(1); exit(state);
}); });
} else if (settings.action == 'amtstopconfig') { } else if (settings.action == 'amtstopconfig') {
// Stop Intel AMT configuration // Stop Intel AMT configuration
@ -450,16 +452,16 @@ function run(argv) {
else if (state == 1) { console.log("Intel AMT internal error."); } else if (state == 1) { console.log("Intel AMT internal error."); }
else if (state == 0) { console.log("Success."); } else if (state == 0) { console.log("Success."); }
else { console.log("Unknown status: " + state); } else { console.log("Unknown status: " + state); }
exit(1); exit(state);
}); });
} else if (settings.action == 'smbios') { } else if (settings.action == 'smbios') {
// Display SM BIOS tables in raw form // Display SM BIOS tables in raw form
SMBiosTables = require('smbios'); SMBiosTables = require('smbios');
SMBiosTables.get(function (data) { SMBiosTables.get(function (data) {
var r = SMBiosTables.parse(data); var r = SMBiosTables.parse(data);
var out = objToString(r, 0, '\r\n'); var out = JSON.stringify(r, null, 2);
if (settings.output == null) { console.log(out); } else { var file = fs.openSync(settings.output, 'w'); fs.writeSync(file, Buffer.from(out, 'utf8')); fs.closeSync(file); } if (settings.output == null) { console.log(out); } else { var file = fs.openSync(settings.output, 'w'); fs.writeSync(file, Buffer.from(out, 'utf8')); fs.closeSync(file); }
exit(1); exit(0);
}); });
} else if (settings.action == 'rawsmbios') { } else if (settings.action == 'rawsmbios') {
// Display SM BIOS tables in raw form // Display SM BIOS tables in raw form
@ -468,7 +470,7 @@ function run(argv) {
var out = ''; var out = '';
for (var i in data) { var header = false; for (var j in data[i]) { if (data[i][j].length > 0) { if (header == false) { out += ('Table type #' + i + ((SMBiosTables.smTableTypes[i] == null) ? '' : (', ' + SMBiosTables.smTableTypes[i]))) + '\r\n'; header = true; } out += (' ' + data[i][j].toString('hex')) + '\r\n'; } } } for (var i in data) { var header = false; for (var j in data[i]) { if (data[i][j].length > 0) { if (header == false) { out += ('Table type #' + i + ((SMBiosTables.smTableTypes[i] == null) ? '' : (', ' + SMBiosTables.smTableTypes[i]))) + '\r\n'; header = true; } out += (' ' + data[i][j].toString('hex')) + '\r\n'; } } }
if (settings.output == null) { console.log(out); } else { var file = fs.openSync(settings.output, 'w'); fs.writeSync(file, Buffer.from(out, 'utf8')); fs.closeSync(file); } if (settings.output == null) { console.log(out); } else { var file = fs.openSync(settings.output, 'w'); fs.writeSync(file, Buffer.from(out, 'utf8')); fs.closeSync(file); }
exit(1); exit(0);
}); });
} else if (settings.action == 'route') { } else if (settings.action == 'route') {
// MeshCentral Router, port map local TCP port to a remote computer // MeshCentral Router, port map local TCP port to a remote computer
@ -503,11 +505,12 @@ function run(argv) {
console.log(val.Versions[version].Description + " = " + val.Versions[version].Version + extras); console.log(val.Versions[version].Description + " = " + val.Versions[version].Version + extras);
} }
} }
exit(1); return; exit(0);
return;
}); });
} else if (settings.action == 'amthashes') { } else if (settings.action == 'amthashes') {
// Display Intel AMT list of trusted hashes // Display Intel AMT list of trusted hashes
var amtMeiModule, amtMei; var amtMeiModule, amtMei, amtHashes = [];
try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { console.log(ex); exit(1); return; } try { amtMeiModule = require('amt-mei'); amtMei = new amtMeiModule(); } catch (ex) { console.log(ex); exit(1); return; }
amtMei.on('error', function (e) { console.log('ERROR: ' + e); exit(1); return; }); amtMei.on('error', function (e) { console.log('ERROR: ' + e); exit(1); return; });
amtMei.getHashHandles(function (handles) { amtMei.getHashHandles(function (handles) {
@ -517,8 +520,9 @@ function run(argv) {
var certState = []; var certState = [];
if (result.isDefault) { certState.push('Default'); } if (result.isDefault) { certState.push('Default'); }
if (result.isActive) { certState.push('Active'); } else { certState.push('Disabled'); } if (result.isActive) { certState.push('Active'); } else { certState.push('Disabled'); }
console.log(result.name + ', (' + certState.join(', ') + ')\r\n ' + result.hashAlgorithmStr + ': ' + result.certificateHash); amtHashes.push(result);
if (--exitOnCount == 0) { exit(1); } if (!args.json) { console.log(result.name + ', (' + certState.join(', ') + ')\r\n ' + result.hashAlgorithmStr + ': ' + result.certificateHash); }
if (--exitOnCount == 0) { if (args.json) { console.log(JSON.stringify(amtHashes, null, 2)); } exit(0); }
}); });
} }
}); });
@ -595,10 +599,11 @@ function run(argv) {
} }
} }
console.log(str + '.'); console.log(str + '.');
exit(0);
} else { } else {
console.log('Intel(R) AMT not supported.'); console.log('Intel(R) AMT not supported.');
}
exit(1); exit(1);
}
}); });
} else { } else {
console.log("Unable to perform MEI operations, try running as " + ((process.platform == 'win32')?"administrator.":"root.")); console.log("Unable to perform MEI operations, try running as " + ((process.platform == 'win32')?"administrator.":"root."));
@ -608,7 +613,7 @@ function run(argv) {
} catch (ex) { console.log("Unable to perform MEI operations, try running as " + ((process.platform == 'win32')?"administrator.":"root.")); exit(1); return; } } catch (ex) { console.log("Unable to perform MEI operations, try running as " + ((process.platform == 'win32')?"administrator.":"root.")); exit(1); return; }
} else if (settings.action == 'amtinfojson') { } else if (settings.action == 'amtinfojson') {
// Display Intel AMT version and activation state // Display Intel AMT version and activation state
getMeiState(15, function (state) { console.log(JSON.stringify(state, null, 2)); exit(1); }); // Flags: 1 = Versions, 2 = OsAdmin, 4 = Hashes, 8 = Network getMeiState(15, function (state) { console.log(JSON.stringify(state, null, 2)); exit(0); }); // Flags: 1 = Versions, 2 = OsAdmin, 4 = Hashes, 8 = Network
} else if (settings.action == 'amtsavestate') { } else if (settings.action == 'amtsavestate') {
// Save the entire state of Intel AMT info a JSON file // Save the entire state of Intel AMT info a JSON file
if ((settings.password == null) || (typeof settings.password != 'string') || (settings.password == '')) { console.log('No or invalid \"password\" specified, use --password [password].'); exit(1); return; } if ((settings.password == null) || (typeof settings.password != 'string') || (settings.password == '')) { console.log('No or invalid \"password\" specified, use --password [password].'); exit(1); return; }
@ -697,7 +702,7 @@ function run(argv) {
r = 'No Intel AMT found.'; r = 'No Intel AMT found.';
} }
console.log(r); console.log(r);
exit(1); exit(0);
}); });
} else if (settings.action == 'amtauditlog') { // Read the Intel AMT audit log } else if (settings.action == 'amtauditlog') { // Read the Intel AMT audit log
if (settings.hostname != null) { if (settings.hostname != null) {
@ -933,7 +938,7 @@ function readAmtEventLogEx2(stack, messages) {
var file = fs.openSync(settings.output, 'w'); var file = fs.openSync(settings.output, 'w');
fs.writeSync(file, Buffer.from(out)); fs.writeSync(file, Buffer.from(out));
fs.closeSync(file); fs.closeSync(file);
exit(1); exit(0);
} }
else if (settings.uuidoutput) { else if (settings.uuidoutput) {
var destpath = null; //Dest path where messagelog file will be saved var destpath = null; //Dest path where messagelog file will be saved
@ -948,9 +953,11 @@ function readAmtEventLogEx2(stack, messages) {
var file = fs.openSync(eventlogsfile, 'w'); var file = fs.openSync(eventlogsfile, 'w');
fs.writeSync(file, Buffer.from(out)); fs.writeSync(file, Buffer.from(out));
fs.closeSync(file); fs.closeSync(file);
exit(0);
} else { } else {
console.log('Intel AMT is not available or not activated, status = ' + status + '.'); console.log('Intel AMT is not available or not activated, status = ' + status + '.');
} exit(1); exit(1);
}
}); });
} }
else { else {
@ -1012,7 +1019,7 @@ function readAmtAuditLogEx2(stack, response, status) {
var file = fs.openSync(settings.output, 'w'); var file = fs.openSync(settings.output, 'w');
fs.writeSync(file, Buffer.from(out)); fs.writeSync(file, Buffer.from(out));
fs.closeSync(file); fs.closeSync(file);
exit(1); exit(0);
} }
else if (settings.uuidoutput) { else if (settings.uuidoutput) {
var destpath = null; //Dest path where auditlog file will be saved var destpath = null; //Dest path where auditlog file will be saved
@ -1027,9 +1034,11 @@ function readAmtAuditLogEx2(stack, response, status) {
var file = fs.openSync(auditlogsfile, 'w'); var file = fs.openSync(auditlogsfile, 'w');
fs.writeSync(file, Buffer.from(out)); fs.writeSync(file, Buffer.from(out));
fs.closeSync(file); fs.closeSync(file);
exit(0);
} else { } else {
console.log('Intel AMT is not available or not activated, status = ' + status + '.'); console.log('Intel AMT is not available or not activated, status = ' + status + '.');
} exit(1); exit(1);
}
}); });
} }
else { else {

3
agents/modules_meshcmd/amt-wsman-duk.js
View file

@ -80,11 +80,12 @@ function CreateWsmanComm(/*host, port, user, pass, tls, extra*/) {
} }
obj.digest.http = require('http'); obj.digest.http = require('http');
} }
var request = { protocol: (obj.tls == 1 ? 'https:' : 'http:'), method: 'POST', host: obj.host, path: '/wsman', port: obj.port, rejectUnauthorized: false, checkServerIdentity: function (cert) { console.log('checkServerIdentity', JSON.stringify(cert)); } }; var request = { protocol: (obj.tls == 1 ? 'https:' : 'http:'), method: 'POST', host: obj.host, path: '/wsman', port: obj.port, rejectUnauthorized: false, checkServerIdentity: function (cert) { /*console.log('checkServerIdentity', JSON.stringify(cert));*/ } };
var req = obj.digest.request(request); var req = obj.digest.request(request);
//console.log('Request ' + (obj.RequestCount++)); //console.log('Request ' + (obj.RequestCount++));
req.on('error', function (e) { obj.gotNextMessagesError({ status: 600 }, 'error', null, [postdata, callback, tag]); }); req.on('error', function (e) { obj.gotNextMessagesError({ status: 600 }, 'error', null, [postdata, callback, tag]); });
req.on('response', function (response) { req.on('response', function (response) {
//console.log(JSON.stringify(response, null, 2));
if (globalDebugFlags & 1) { console.log('Response: ' + response.statusCode); } if (globalDebugFlags & 1) { console.log('Response: ' + response.statusCode); }
if (response.statusCode != 200) { if (response.statusCode != 200) {
if (globalDebugFlags & 1) { console.log('ERR:' + JSON.stringify(response)); } if (globalDebugFlags & 1) { console.log('ERR:' + JSON.stringify(response)); }