Add Ivanti OS (former Mobile Iron) support

[lhaagsma]

Dissect seems to deal pretty well with Ivanti images as is, however some OS specific things could be implemented.
Specifically IP adress does not always seem to work, or could be faster.

For detect function the presence of the /mi/ dir can be used

One relevant file is:
/mi/config-system/startup_config/systemconfig.xml

This file contains:

<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns="http://xsdobjects.mi.com/systemconf" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
  <system>
    <interface>
      <ifacename>Ethernet1</ifacename>
      <ipaddress>REDACTED IP</ipaddress>
      <mask>REDACTED IP</mask>
      <adminstate>up</adminstate>
      <aclname>None</aclname>
      <ip6address>::</ip6address>
      <ip6defaultgateway>::</ip6defaultgateway>
      <prefix>0</prefix>
      <ipv6enabled>false</ipv6enabled>
    </interface>
    <interface>
      <ifacename>Ethernet2</ifacename>
      <ipaddress>REDACTED IP</ipaddress>
      <mask>REDACTED IP</mask>
      <adminstate>down</adminstate>
      <aclname>None</aclname>
      <ip6address>::</ip6address>
      <ip6defaultgateway>::</ip6defaultgateway>
      <prefix>0</prefix>
      <ipv6enabled>false</ipv6enabled>
    </interface>
    <dns>
      <index>0</index>
      <ipaddress>REDACTED IP</ipaddress>
    </dns>
    <dns>
      <index>1</index>
      <ipaddress>REDACTED IP</ipaddress>
    </dns>
    <dnsname>
      <domainname>intern.network</domainname>
    </dnsname>
    <route>
      <ipaddress>REDACTED IP</ipaddress>
      <mask>REDACTED IP</mask>
      <gateway>REDACTED IP</gateway>
    </route>
    <hostname>
      <hname>ivanti-core.intern.network</hname>
    </hostname>

  </system>

It also contains some information about log paths.
Additionally we could add some parsers for various logs on the system. This includes tomcat logs (as far as we do not already parse them) and other mi related logs in (sub-folders of) /var/log/

[JSCU-CNI]

I think a future _os implementation of this product should be named after the specific product, e.g. Ivanti EPMM or Ivanti Mobile Iron Core but not just Ivanti as the company has more products that work and look different under the hood compared to EPMM (e.g. Connect Secure). Perhaps a nested OS structure like ivanti/epmm/_os.py, etc.

[yunzheng]

The file /mi/release can be used to retrieve some information as well. Same example contents:

VSP 12.5.0.2 Build 23 (Branch core-12.5.0.2)

or:

Sentry Standalone 10.3.0 Build 17 (Branch sentry-10.3.0-sentry-release)

[JSCU-CNI]

This includes tomcat logs (as far as we do not already parse them)

We will be open sourcing a tomcat web server plugin somewhere this week.

@lhaagsma Are you actively working on an EPMM OS plugin?

[lhaagsma]

No not at this time. This is just documenting for future work.
...
Are you?

[EinatFox]

Anyone has images for testing this?