allenmichael · September 22, 2021 17:59
diff --git a/nessus_ssm_distributor.py b/nessus_ssm_distributor.py
 import boto3
 from botocore.exceptions import ClientError
 import json
 from pprint import pprint
 from tenable.dl import Downloads
 from zipfile import ZipFile
 import re
 import hashlib
 import logging

 agent_version = '8.3.1'
 agent_name = f'NessusAgent-{agent_version}-amzn.x86_64.rpm'
 prefix = 'AL2Package'
 zip_package_name = 'NessusAgentPackageAmazonLinux.zip'
 bucket_name = 'nessusal2-distributor-packaging-amsxbg'
 region = 'us-east-1'
 sm = boto3.client('secretsmanager')
 ssm = boto3.client('ssm')
 s3 = boto3.client('s3')

 try:
    s3.create_bucket(Bucket=bucket_name, CreateBucketConfiguration={
        'LocationConstraint': region})
 except ClientError as e:
    print(e)

 response = sm.get_secret_value(
    SecretId='TenableSecrets'
 )
 tio_keys = json.loads(response['SecretString'])
 linking_key = tio_keys.get('agentLinkingKey')
 tdl = Downloads(tio_keys.get('apiKey'))

 with open('install.sh', 'r+') as f:
    content = f.read()
    content = re.sub(r'linking_key=.+', f'linking_key={linking_key}', content)
    content = re.sub(r'file=.+', f'file={agent_name}', content)
    print(content)
    f.seek(0)
    f.write(content)

 with open(agent_name, 'wb') as pkgfile:
    tdl.download('nessus-agents', agent_name, pkgfile)

 with ZipFile(zip_package_name, 'w') as zip:
    zip.write(agent_name)
    zip.write('install.sh')
    zip.write('uninstall.sh')

 h = hashlib.sha256()
 with open(zip_package_name, "rb") as f:
    for byte_block in iter(lambda: f.read(4096), b""):
        h.update(byte_block)
    with open('manifest.json', 'w') as manifest:
        mj = {
            "schemaVersion": "2.0",
            "version": agent_version,
            "packages": {
                "amazon": {
                    "_any": {
                        "_any": {
                            "file": zip_package_name
                        }
                    }
                }
            },
            "files": {
                zip_package_name: {
                    "checksums": {
                        "sha256": h.hexdigest()
                    }
                }
            }}
        manifest.write(json.dumps(mj))

 try:
    s3.upload_file('manifest.json', bucket_name, f'{prefix}/manifest.json')
    s3.upload_file(zip_package_name, bucket_name,
                   f'{prefix}/{zip_package_name}')
 except ClientError as e:
    logging.error(e)

 with open('manifest.json', 'r') as manifest:
    content = manifest.read()
    ssm.create_document(
        Content=content,
        Attachments=[
            {
                'Key': 'SourceUrl',
                'Values': [
                    f'https://s3.amazonaws.com/{bucket_name}/{prefix}',
                ]
            },
        ],
        Name='NessusAgentInstallerAL2',
        VersionName=agent_version,
        DocumentType='Package',
    )
	import boto3
	from botocore.exceptions import ClientError
	import json
	from pprint import pprint
	from tenable.dl import Downloads
	from zipfile import ZipFile
	import re
	import hashlib
	import logging

	agent_version = '8.3.1'
	agent_name = f'NessusAgent-{agent_version}-amzn.x86_64.rpm'
	prefix = 'AL2Package'
	zip_package_name = 'NessusAgentPackageAmazonLinux.zip'
	bucket_name = 'nessusal2-distributor-packaging-amsxbg'
	region = 'us-east-1'
	sm = boto3.client('secretsmanager')
	ssm = boto3.client('ssm')
	s3 = boto3.client('s3')

	try:
	s3.create_bucket(Bucket=bucket_name, CreateBucketConfiguration={
	'LocationConstraint': region})
	except ClientError as e:
	print(e)

	response = sm.get_secret_value(
	SecretId='TenableSecrets'
	)
	tio_keys = json.loads(response['SecretString'])
	linking_key = tio_keys.get('agentLinkingKey')
	tdl = Downloads(tio_keys.get('apiKey'))

	with open('install.sh', 'r+') as f:
	content = f.read()
	content = re.sub(r'linking_key=.+', f'linking_key={linking_key}', content)
	content = re.sub(r'file=.+', f'file={agent_name}', content)
	print(content)
	f.seek(0)
	f.write(content)

	with open(agent_name, 'wb') as pkgfile:
	tdl.download('nessus-agents', agent_name, pkgfile)

	with ZipFile(zip_package_name, 'w') as zip:
	zip.write(agent_name)
	zip.write('install.sh')
	zip.write('uninstall.sh')

	h = hashlib.sha256()
	with open(zip_package_name, "rb") as f:
	for byte_block in iter(lambda: f.read(4096), b""):
	h.update(byte_block)
	with open('manifest.json', 'w') as manifest:
	mj = {
	"schemaVersion": "2.0",
	"version": agent_version,
	"packages": {
	"amazon": {
	"_any": {
	"_any": {
	"file": zip_package_name
	}
	}
	}
	},
	"files": {
	zip_package_name: {
	"checksums": {
	"sha256": h.hexdigest()
	}
	}
	}}
	manifest.write(json.dumps(mj))

	try:
	s3.upload_file('manifest.json', bucket_name, f'{prefix}/manifest.json')
	s3.upload_file(zip_package_name, bucket_name,
	f'{prefix}/{zip_package_name}')
	except ClientError as e:
	logging.error(e)

	with open('manifest.json', 'r') as manifest:
	content = manifest.read()
	ssm.create_document(
	Content=content,
	Attachments=[
	{
	'Key': 'SourceUrl',
	'Values': [
	f'https://s3.amazonaws.com/{bucket_name}/{prefix}',
	]
	},
	],
	Name='NessusAgentInstallerAL2',
	VersionName=agent_version,
	DocumentType='Package',
	)