Updated Snapshot 4n6ir Imager for Docker

One significant addition is the usage of AWS Security Token Service (STS) like the stand-alone version to generate logs of access to the EBS direct API. The other is the splitting of the upload and download permissions to separate keys, received in two emails.

Cloud 4n6ir Upload/Download API Key

	URL Link: https://upload.us-east-2.4n6ir.com
	API Key: abacadaba-abacadaba-abacadaba
	AWS Region: us-east-2
	TTL Seconds: 120
SNAPSHOT 4N6IR IMAGER FOR DOCKER

Before the script even starts now, it checks to make sure the snapshot exists.

ERROR: snap-090e77f6aabdf5435 does not exist!

The docker script only imaged snapshots previously, so with the extra features, it needed an ‘–image’ argument.

$ python3 Snapshot-4n6ir-Imager-for-Docker.py --region us-east-2 --snapshot snap-0de67428c1be121f4 --token abacadaba-abacadaba-abacadaba --image

Every imaged block has the hash value verified upon collection into the S3 bucket automatically. If the hash verification has an error, it notifies the end-user with an email.

Cloud 4n6ir Verification Error
	
	0_snap-090e77f6aabdf5435_f6130ee2a361f66ce9a2a851d616491a93f0b1632e26556b208c58efa466f7d1_8_524288_2730.gz.encrypted

After the imaging process, it counts that all expected bocks are in the S3 bucket. It sends an email to the end-user with this validation error if they are all not present.

Cloud 4n6ir Validation Error

 	Imaged Blocks: 22 of 4619
 	Compressed Size: 0.0 GB

A completed status of ‘Confirmed!’ or ‘Error!’ is returned to trigger additional tasks if needed.

The docker version used to be only able to complete a full image, thus added the ability to image a single block now.

$ python3 Snapshot-4n6ir-Imager-for-Docker.py --region us-east-2 --snapshot snap-0de67428c1be121f4 --token abacadaba-abacadaba-abacadaba --single --block 0
Snapshot 4n6ir Imager for Docker v0.2.0

	Region: 	us-east-2
	Snapshot: 	snap-0de67428c1be121f4
	Blocks: 	4619
	Completed: 	Single Block

It also provides a manual way to re-run the count validation that all snapshot blocks were received.

$ python3 Snapshot-4n6ir-Imager-for-Docker.py --region us-east-2 --snapshot snap-090e77f6aabdf5435 --token abacadaba-abacadaba-abacadaba --verify

That covers the upload feature set for the Docker ready python script for now!

SNAPSHOT 4N6IR IMAGER TOOLKIT

Snapshot 4n6ir Imager Toolkit is a complementary script to handle all download capabilities for the Snapshot 4n6ir Imager for Docker script. The upload key needed to stay uni-directional with the ability to disable if it ends up in harm’s way during the image acquisition.

Snapshot 4n6ir Imager Toolkit v0.2.0

optional arguments:
  -h, --help           show this help message and exit

Required:
  --region REGION      us-east-2
  --snapshot SNAPSHOT  snap-056e0b1bd07ad91b2
  --token TOKEN        abacadaba-abacadaba-abacadaba

Voluntary:
  --block BLOCK        Single Snapshot Block Name for Download
  --decrypt            Decryption Codes for Snapshot Blocks
  --download           Download All EBS Snapshot Blocks
  --single             Single EBS Snapshot Block Download
  --missed             Identify Missed EBS Snapshot Blocks

When the docker script verifies that all the blocks are acquired, it creates a report_snap-05b485ae8913a8b06_list.txt.gz compressed text file with a list of available blocks that the download argument uses.

$ python3 Snapshot-4n6ir-Imager-Toolkit.py --region us-east-2 --snapshot snap-05b485ae8913a8b06 --token abacadaba-abacadaba-abacadaba --download
Snapshot 4n6ir Imager Toolkit v0.2.0

	Snapshot: 	snap-05b485ae8913a8b06
	16it [00:08,  1.97it/s]
	Download: 	Completed!

If a downloaded block does not pass the hash verification, then there needs to be an option to download a single block too.

$ python3 Snapshot-4n6ir-Imager-Toolkit.py --region us-east-2 --snapshot snap-05b485ae8913a8b06 --token abacadaba-abacadaba-abacadaba --single --block 0_snap-05b485ae8913a8b06_f6130ee2a361f66ce9a2a851d616491a93f0b1632e26556b208c58efa466f7d1_8_524288_2727.gz.encrypted
Snapshot 4n6ir Imager Toolkit v0.2.0

	Snapshot: 	snap-05b485ae8913a8b06
	Download: 	Completed!

The decryption keys need to be available programmatically to store in SSM parameters secure storage, for example, while rebuilding the full disk image.

$ python3 Snapshot-4n6ir-Imager-Toolkit.py --region us-east-2 --snapshot snap-05b485ae8913a8b06 --token abacadaba-abacadaba-abacadaba --decrypt

The script is chatty, as it notifies you by email every time the decryption keys are accessed!

Cloud 4n6ir Decryption Alert

	Did you request decryption codes for snapshot blocks stored in the us-east-2 region?

An essential part of automating disk imaging is having the verifications and validations built into the process natively. If the docker script triggers a validation error, the examiner needs a way to figure out the missing blocks so they can be acquired.

$ python3 Snapshot-4n6ir-Imager-Toolkit.py --region us-east-2 --snapshot snap-05b485ae8913a8b06 --token abacadaba-abacadaba-abacadaba --missed

Snapshot 4n6ir Imager Toolkit v0.2.0

	Snapshot: 	snap-05b485ae8913a8b06
	Missing Count: 	2711
	Output: 	Completed!

The script generates a text file containing a list of missing block index numbers.

missing_snap-05b485ae8913a8b06_block_list.txt

I have the Snapshot 4n6ir Pipeline available in the Ohio (us-east-2) Region for testing if you would like to try it out.

Happy Coding,

John Lukach

DOWNLOAD
$ wget https://cloud.4n6ir.com/scripts/Snapshot-4n6ir-Imager-for-Docker.py.gz
$ wget https://cloud.4n6ir.com/scripts/Snapshot-4n6ir-Imager-for-Docker.sha256.txt
$ gunzip Snapshot-4n6ir-Imager-for-Docker.py.gz
$ shasum -a 256 Snapshot-4n6ir-Imager-for-Docker.py 
5d45e0ecdadb2ead94ffde9c5d02192d05326692d9c8570b1ff4694293092e0c  Snapshot-4n6ir-Imager-for-Docker.py

Snapshot-4n6ir-Imager-for-Docker

$ wget https://cloud.4n6ir.com/scripts/Snapshot-4n6ir-Imager-Toolkit.py.gz
$ wget https://cloud.4n6ir.com/scripts/Snapshot-4n6ir-Imager-Toolkit.sha256.txt
$ gunzip Snapshot-4n6ir-Imager-Toolkit.py.gz
$ shasum -a 256 Snapshot-4n6ir-Imager-Toolkit.py 
c472c99eccdbc247870790ebd64b00b7b02d7206fc6685285c0b3be7bf554ae0  Snapshot-4n6ir-Imager-Toolkit.py

Snapshot-4n6ir-Imager-Toolkit