def process(self, data, base_response):
        logger.info("Sniffer Manager: Processing: %s" % data)
        '''
            control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eth="eth0,eth1,..ethx" hosts="192.168.1.2,192.168.1.3,..." nets="10.0.0.0/8,10.2.0.0/8,.."
            #capsize packets
            control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eth="eth0" cap_size="20" raw_filter="src port 40001 and dsp port 3338"
            control action="net_scan_capture_list" sensor="id_sensor"
            control action="net_scan_capture_get" id="ID_CAPTURE"
            control action="net_scan_capture_delete" id="ID_CAPTURE"
            control action="net_scan_status"
            control action="net_scan_stop"
        '''
        response = []
        action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)

        if action == "net_scan":
            free_space = self.getDiskUsage('/var/ossim')
            check = (MIN_FREE_SPACE / MEGABYTE)
            if free_space < (MIN_FREE_SPACE / MEGABYTE):
                response.append(base_response + ' status="-1" %s ackend\n' % (ControlError.get(3006)))
                return response
            device = Utils.get_var("eth=\"(\S+)\"" , data)
            if device not in self.__availableInterfaces:
                return response.append(base_response + ' %s ackend\n' % ControlError.get(3002))
                
            tmp_capture_size = Utils.get_var("cap_size=\"(\d+)\"" , data)
            capture_size = 0
            if tmp_capture_size:
              try:
                capture_size = int(tmp_capture_size)
              except TypeError:
                capture_size = 0
                logger.warning("Invalid Caputure size: %s" % tmp_capture_size)

            capture_name = Utils.get_var("scan_name=\"([0-9A-Za-z_\.]+)\"", data)
            try:
                tmp = Utils.get_var("timeout=\"(\d+)\"", data)
                if tmp != "":
                    timeout = int(tmp)
                else:
                    timeout = 60
            except TypeError:
                timeout = 60


            if device:
                if self.__sniffer.status() == SnifferStatus.RUNNING_SCAN or self.__sniffer.status() == SnifferStatus.WORKING:
                    logger.info("Scan already in progress: %i" % self.__sniffer.status())
                    response.append(base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(3001)))

                else:
                    #timestamp = datetime.datetime.today().strftime("%Y%m%d%H%M00")
                    #cap_file_name = "net_scan_%s_%s.pcap" % (device, timestamp)
                    cap_file_path = "%s/%s" % (self.__sniffer_captures_path, capture_name)
                    self.__sniffer.set_data_to_build_filter(data)
                    self.__sniffer.set_capture_file(cap_file_path)
                    self.__sniffer.set_device(device)
                    self.__sniffer.set_timeout(timeout)
                    self.__sniffer.set_capture_size(capture_size)
                    self.__sniffer.run_scan()
                    self.__scan_in_progress = True
                    self.__timeout_scan_in_progress = timeout
                    self.__start_time_scan_in_progress = time.time()
                    response.append(base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(0)))

            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(3002))

        elif action == "net_scan_stop":
            if self.__sniffer.status() > 0:
                self.__sniffer.stopScan()
                response.append(base_response + ' %s ackend\n' % (ControlError.get(0)))
            else:
                response.append(base_response + ' status="-1" %s ackend\n' % ControlError.get(3007))
        elif action == "net_scan_status":
            if self.__sniffer.status() == -1:
                response.append(base_response + ' status="-1" error="%s" ackend\n' % (self.__sniffer.get_error()))

            else:
                response.append(base_response + ' %s %s ackend\n' % (self.__sniffer.getStatusString(), ControlError.get(0)))

        elif action == "net_scan_capture_list":
            capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)

            for p in capture_files:
                base_response += ' capture="%s"' % p

            response.append(base_response + ' count="%i" %s ackend\n' % (len(capture_files), ControlError.get(0)))

        elif action == "net_scan_capture_get":
            path = Utils.get_var("path=\"([0-9A-Za-z_\.]+)\"", data)

            # only valid paths should get through
            if path != "":
                # ensure we are not after the current working report
                if path != self.__sniffer.get_working_capture_path():
                    filename = "%s/%s" % (self.__sniffer_captures_path, path)
                    if not os.path.isfile(filename):
                        response.append(base_response + '%s ackend\n' % ControlError.get(3004))
                    else:
                        capture_response, capture_len = self.__get_capture_file_data (filename)
                        response.append(base_response + ' data="%s" datalen="%s" %s ackend\n' % (capture_response, capture_len, ControlError.get(0)))
                else:
                    response.append(base_response + '%s ackend\n' % ControlError.get(3005))

            else:
                print "path?"
                response.append(base_response + ' %s ackend\n' % ControlError.get(3003))

        elif action == "net_scan_capture_delete":
            path = Utils.get_var("path=\"([^\"]+)\"", data)

            capture_file = self.__get_capture_file(path)

            if path == "*":
                logger.debug("Deleting all captures(s)")
                capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)
                for f in capture_files:
                    pcap_file = self.__get_capture_file(f)
                    os.unlink(pcap_file)

                response.append(base_response + ' %s ackend\n' % ControlError.get(0))
            elif capture_file != "":
                logger.debug("Deleting report at: %s" % capture_file)
                os.unlink(capture_file)
                response.append(base_response + ' %s ackend\n' % ControlError.get(0))
            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(3004))

        # send back our response
        return response
Beispiel #2
0
    def process(self, data, base_response):
        logger.debug("VAScanner Manager: Processing: %s" % data)

        response = []
        action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)

        if action == "va_scan":
            target = Utils.get_vars("target=\"([\s0-9a-fA-F\.:/]+)\"", data)

            if len(target):
                if self.__vascanner.status() > 0:
                    logger.info("Scan already in progress: %i" %
                                self.__vascanner.status())
                    response.append(
                        base_response + ' status="%d" %s ackend\n' %
                        (self.__vascanner.status(), ControlError.get(2001)))
                else:
                    # set the scan target and start the scan
                    self.__vascanner.set_scan_target(target)
                    self.__vascanner.scan_start()

                    response.append(
                        base_response + ' status="%d" %s ackend\n' %
                        (self.__vascanner.status(), ControlError.get(0)))

            else:
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(2002))

        elif action == "va_status":
            if self.__vascanner.status() == -1:
                response.append(base_response +
                                ' status="-1" error="%s" ackend\n' %
                                (self.__vascanner.get_error()))

            else:
                response.append(
                    base_response + ' status="%d" %s ackend\n' %
                    (self.__vascanner.status(), ControlError.get(0)))

        elif action == "va_reset":
            self.__vascanner.reset_status()

            if self.__vascanner.status() == -1:
                logger.debug(
                    "Previous scan aborted raising errors, please check your logfile."
                )
                response.append(
                    base_response + ' %s ackend\n' %
                    ControlError.get(1, str(self.__vascanner.get_error())))
            else:
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(0))

        elif action == "va_report_list":
            report_files = self.__get_report_file_list(
                self.__vascanner_report_path)

            for p in report_files:
                base_response += ' report="%s"' % p

            response.append(base_response + ' count="%i" %s ackend\n' %
                            (len(report_files), ControlError.get(0)))

        elif action == "va_report_get":
            path = Utils.get_var("path=\"([^\"]+)\"", data)

            # only valid paths should get through
            if path != "":
                # ensure we are not after the current working report
                if path != self.__vascanner.get_working_report_path():
                    report_response = self.__generate_report(
                        path, base_response)
                    response.extend(report_response)
                    response.append(base_response +
                                    ' %s ackend\n' % ControlError.get(0))

                else:
                    response.append(base_response +
                                    '%s ackend\n' % ControlError.get(2005))

            else:
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(2003))

        elif action == "va_report_raw_get":
            path = Utils.get_var("path=\"([^\"]+)\"", data)

            # only valid paths should get through
            if path != "":
                report_file = self.__get_report_file(path)
                report_response = ControlUtil.get_file(report_file,
                                                       base_response)
                response.extend(report_response)
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(0))

            else:
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(2003))

        elif action == "va_report_delete":
            path = Utils.get_var("path=\"([^\"]+)\"", data)

            report_file = self.__get_report_file(path)

            if path == "*":
                logger.debug("Deleting all report(s)")
                report_files = self.__get_report_file_list(
                    self.__vascanner_report_path)
                for f in report_files:
                    report_file = self.__get_report_file(f)
                    os.unlink(report_file)

                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(0))
            elif report_file != "":
                logger.debug("Deleting report at: %s" % report_file)
                os.unlink(report_file)
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(0))
            else:
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(2004))

        # send back our response
        return response
    def process(self, data, base_response):
        logger.debug("Nmap Manager: Processing: %s" % data)
        
        response = []
        action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
           
        if action == "nmap_scan":
            target = Utils.get_var("target=\"([\s0-9a-fA-F\.:/\-]+)\"" , data)
            scan_type = Utils.get_var("type=\"(ping|0|fast|1|normal|2|full|3|custom|4)\"" , data)
            scan_timming = Utils.get_var("timming=\"(T0|T1|T2|T3|T4|T5)\"" , data)
            autodect = Utils.get_var("autodetect=\"(enable|disable|enabled|disabled)\"" , data)
            scan_ports = Utils.get_var("scan_ports=\"([0-9\-\,]+)\"" , data)
            rdns = Utils.get_var("rdns=\"(enable|disable|enabled|disabled)\"" , data)
            report_prefix = Utils.get_var("report_prefix=\"([\s0-9a-fA-F\.:/\-]+)\"" , data)
            if autodect == "":
                autodect = "enable"
            if rdns == "":
                rdns = "disable"
            if scan_timming == "":
                scan_timming = "T3"
            # set the scan type as appropriate
            if scan_type == "":
                scan_type = "ping"
            if report_prefix == "":
                response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(2007)))
                return response
            self.__nmap.set_report_prefix(report_prefix)
            self.__nmap.set_scan_type(scan_type)
            self.__nmap.set_scan_timming(scan_timming)
            self.__nmap.set_scan_autodetect(autodect)
            self.__nmap.set_scan_ports(scan_ports)#only if custom
            self.__nmap.set_scan_rdsn(rdns)
            if scan_type == "custom" and scan_ports=="":
                response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(2006)))
                return response
                
            

            if len(target):
                if self.__nmap.status() > 0:
                    logger.info("Scan already in progress: %i" % self.__nmap.status())
                    response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(2001)))

                else:
                    # set the scan target and start the scan
                    self.__nmap.set_scan_target(target)
                    self.__nmap.scan_start()

                    response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(0)))

            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(2002))

        elif action == "nmap_status":
            if self.__nmap.status() == -1:
                response.append(base_response + ' status="-1" error="%s" ackend\n' % (self.__nmap.get_error()))

            else:
                response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(0)))

        elif action == "nmap_reset":
            self.__nmap.reset_status()

            if self.__nmap.status() == -1:
                logger.debug("Previous scan aborted raising errors, please check your logfile.")
                response.append(base_response + ' %s ackend\n' % ControlError.get(1, str(self.__nmap.get_error())))

            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(0))

        elif action == "nmap_report_list":
            report_files = self.__get_report_file_list(self.__nmap_report_path)
                   
            for p in report_files:
                base_response += ' report="%s"' % p

            response.append(base_response + ' count="%i" %s ackend\n' % (len(report_files), ControlError.get(0)))

        elif action == "nmap_report_get":
            path = Utils.get_var("path=\"([^\"]+)\"", data)
            deletestr = Utils.get_var("delete=\"(yes|no|0|1|true\false)\"", data)
            deletestr = deletestr.lower()
            delete = False
            if deletestr in ['yes','1','true']:
                delete = True
            # only valid paths should get through
            if path != "":
                # ensure we are not after the current working report
                if path != self.__nmap.get_working_report_path():
                    report_response = self.__generate_report(path, base_response)
                    response.extend(report_response)
                    response.append(base_response + ' %s ackend\n' % ControlError.get(0))
                    if delete:
                        self.__deleteReport(path)
                else:
                    response.append(base_response + '%s ackend\n' % ControlError.get(2005))

            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(2003))

        elif action == "nmap_report_raw_get":
            path = Utils.get_var("path=\"([^\"]+)\"", data)
            deletestr = Utils.get_var("delete=\"(yes|no|0|1|true\false)\"", data)
            deletestr = deletestr.lower()
            delete = False
            if deletestr in ['yes','1','true']:
                delete = True
            # only valid paths should get through
            if path != "":
                report_file = self.__get_report_file(path)
                report_response = ControlUtil.get_file(report_file, base_response)
                response.extend(report_response)
                response.append(base_response + ' %s ackend\n' % ControlError.get(0))
                if delete:
                    self.__deleteReport(path)
            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(2003))


        elif action == "nmap_report_delete":
            path = Utils.get_var("path=\"([^\"]+)\"", data)

            report_file = self.__get_report_file(path)

            if path == "*":
                logger.debug("Deleting all report(s)")
                report_files = self.__get_report_file_list(self.__nmap_report_path)
                for f in report_files:
                    report_file = self.__get_report_file(f)
                    os.unlink(report_file)

                response.append(base_response + ' %s ackend\n' % ControlError.get(0))
            elif report_file != "":
                logger.debug("Deleting report at: %s" % report_file)
                os.unlink(report_file)
                response.append(base_response + ' %s ackend\n' % ControlError.get(0))
            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(2004))

        # send back our response
        return response
Beispiel #4
0
    def process(self, data, base_response):
        logger.info("Sniffer Manager: Processing: %s" % data)
        '''
            control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eths="eth0,eth1,..ethx" hosts="192.168.1.2,192.168.1.3,..." nets="10.0.0.0/8,10.2.0.0/8,.."
            control action="net_scan_capture_list" sensor="id_sensor"
            control action="net_scan_capture_get" id="ID_CAPTURE"
            control action="net_scan_capture_delete" id="ID_CAPTURE"
            control action="net_scan_status"
        '''
        response = []
        action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)

        if action == "net_scan":

            device = Utils.get_var("eth=\"(eth\d)\"" , data)
            capture_name = Utils.get_var("scan_name=\"([0-9A-Za-z_\.]+)\"", data)
            try:
                tmp = Utils.get_var("timeout=\"(\d+)\"", data)
                if tmp != "":
                    timeout = int(tmp)
                else:
                    timeout = 60
            except TypeError:
                timeout = 60


            if device:
                if self.__sniffer.status() > 0:
                    logger.info("Scan already in progress: %i" % self.__sniffer.status())
                    response.append(base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(3001)))

                else:
                    #timestamp = datetime.datetime.today().strftime("%Y%m%d%H%M00")
                    #cap_file_name = "net_scan_%s_%s.pcap" % (device, timestamp)
                    cap_file_path = "%s/%s" % (self.__sniffer_captures_path, capture_name)
                    self.__sniffer.set_data_to_build_filter(data)
                    self.__sniffer.set_capture_file(cap_file_path)
                    self.__sniffer.set_device(device)
                    self.__sniffer.set_timeout(timeout)
                    self.__sniffer.run_scan()
                    self.__scan_in_progress = True
                    self.__timeout_scan_in_progress = timeout
                    self.__start_time_scan_in_progress = time.time()
                    response.append(base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(0)))

            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(3002))

        elif action == "net_scan_status":
            if self.__sniffer.status() == -1:
                response.append(base_response + ' status="-1" error="%s" ackend\n' % (self.__sniffer.get_error()))

            else:
                response.append(base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(0)))

        elif action == "net_scan_capture_list":
            capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)

            for p in capture_files:
                base_response += ' capture="%s"' % p

            response.append(base_response + ' count="%i" %s ackend\n' % (len(capture_files), ControlError.get(0)))

        elif action == "net_scan_capture_get":
            path = Utils.get_var("path=\"([0-9A-Za-z_\.]+)\"", data)

            # only valid paths should get through
            if path != "":
                # ensure we are not after the current working report
                if path != self.__sniffer.get_working_capture_path():
                    filename = "%s/%s" % (self.__sniffer_captures_path, path)
                    if not os.path.isfile(filename):
                        response.append(base_response + '%s ackend\n' % ControlError.get(3004))
                    else:
                        capture_response, capture_len = self.__get_capture_file_data (filename)
                        response.append(base_response + ' data="%s" datalen="%s" %s ackend\n' % (capture_response, capture_len, ControlError.get(0)))
                else:
                    response.append(base_response + '%s ackend\n' % ControlError.get(3005))

            else:
                print "path?"
                response.append(base_response + ' %s ackend\n' % ControlError.get(3003))

        elif action == "net_scan_capture_delete":
            path = Utils.get_var("path=\"([^\"]+)\"", data)

            capture_file = self.__get_capture_file(path)

            if path == "*":
                logger.debug("Deleting all captures(s)")
                capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)
                for f in capture_files:
                    pcap_file = self.__get_capture_file(f)
                    os.unlink(pcap_file)

                response.append(base_response + ' %s ackend\n' % ControlError.get(0))
            elif capture_file != "":
                logger.debug("Deleting report at: %s" % capture_file)
                os.unlink(capture_file)
                response.append(base_response + ' %s ackend\n' % ControlError.get(0))
            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(3004))

        # send back our response
        return response
Beispiel #5
0
    def process(self, data, base_response):
        logger.debug("VAScanner Manager: Processing: %s" % data)
        
        response = []
        action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
           
        if action == "va_scan":
            target = Utils.get_vars("target=\"([\s0-9a-fA-F\.:/]+)\"" , data)
           
            if len(target):
                if self.__vascanner.status() > 0:
                    logger.info("Scan already in progress: %i" % self.__vascanner.status())
                    response.append(base_response + ' status="%d" %s ackend\n' % (self.__vascanner.status(), ControlError.get(2001)))
                else:
                    # set the scan target and start the scan
                    self.__vascanner.set_scan_target(target)
                    self.__vascanner.scan_start()

                    response.append(base_response + ' status="%d" %s ackend\n' % (self.__vascanner.status(), ControlError.get(0)))

            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(2002))

        elif action == "va_status":
            if self.__vascanner.status() == -1:
                response.append(base_response + ' status="-1" error="%s" ackend\n' % (self.__vascanner.get_error()))

            else:
                response.append(base_response + ' status="%d" %s ackend\n' % (self.__vascanner.status(), ControlError.get(0)))

        elif action == "va_reset":
            self.__vascanner.reset_status()

            if self.__vascanner.status() == -1:
                logger.debug("Previous scan aborted raising errors, please check your logfile.")
                response.append(base_response + ' %s ackend\n' % ControlError.get(1, str(self.__vascanner.get_error())))
            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(0))

        elif action == "va_report_list":
            report_files = self.__get_report_file_list(self.__vascanner_report_path)
                   
            for p in report_files:
                base_response += ' report="%s"' % p

            response.append(base_response + ' count="%i" %s ackend\n' % (len(report_files), ControlError.get(0)))

        elif action == "va_report_get":
            path = Utils.get_var("path=\"([^\"]+)\"", data)

            # only valid paths should get through
            if path != "":
                # ensure we are not after the current working report
                if path != self.__vascanner.get_working_report_path():
                    report_response = self.__generate_report(path, base_response)
                    response.extend(report_response)
                    response.append(base_response + ' %s ackend\n' % ControlError.get(0))

                else:
                    response.append(base_response + '%s ackend\n' % ControlError.get(2005))

            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(2003))

        elif action == "va_report_raw_get":
            path = Utils.get_var("path=\"([^\"]+)\"", data)

            # only valid paths should get through
            if path != "":
                report_file = self.__get_report_file(path)
                report_response = ControlUtil.get_file(report_file, base_response)
                response.extend(report_response)
                response.append(base_response + ' %s ackend\n' % ControlError.get(0))

            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(2003))


        elif action == "va_report_delete":
            path = Utils.get_var("path=\"([^\"]+)\"", data)

            report_file = self.__get_report_file(path)

            if path == "*":
                logger.debug("Deleting all report(s)")
                report_files = self.__get_report_file_list(self.__vascanner_report_path)
                for f in report_files:
                    report_file = self.__get_report_file(f)
                    os.unlink(report_file)

                response.append(base_response + ' %s ackend\n' % ControlError.get(0))
            elif report_file != "":
                logger.debug("Deleting report at: %s" % report_file)
                os.unlink(report_file)
                response.append(base_response + ' %s ackend\n' % ControlError.get(0))
            else:
                response.append(base_response + ' %s ackend\n' % ControlError.get(2004))

        # send back our response
        return response
Beispiel #6
0
    def process(self, data, base_response):
        logger.info("Sniffer Manager: Processing: %s" % data)
        """
            control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eths="eth0,eth1,..ethx" hosts="192.168.1.2,192.168.1.3,..." nets="10.0.0.0/8,10.2.0.0/8,.."
            control action="net_scan_capture_list" sensor="id_sensor"
            control action="net_scan_capture_get" id="ID_CAPTURE"
            control action="net_scan_capture_delete" id="ID_CAPTURE"
            control action="net_scan_status"
        """
        response = []
        action = Utils.get_var('action="([A-Za-z_]+)"', data)

        if action == "net_scan":

            device = Utils.get_var('eth="(eth\d)"', data)
            capture_name = Utils.get_var('scan_name="([0-9A-Za-z_\.]+)"', data)
            try:
                tmp = Utils.get_var('timeout="(\d+)"', data)
                if tmp != "":
                    timeout = int(tmp)
                else:
                    timeout = 60
            except TypeError:
                timeout = 60

            if device:
                if self.__sniffer.status() > 0:
                    logger.info("Scan already in progress: %i" % self.__sniffer.status())
                    response.append(
                        base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(3001))
                    )

                else:
                    # timestamp = datetime.datetime.today().strftime("%Y%m%d%H%M00")
                    # cap_file_name = "net_scan_%s_%s.pcap" % (device, timestamp)
                    cap_file_path = "%s/%s" % (self.__sniffer_captures_path, capture_name)
                    self.__sniffer.set_data_to_build_filter(data)
                    self.__sniffer.set_capture_file(cap_file_path)
                    self.__sniffer.set_device(device)
                    self.__sniffer.set_timeout(timeout)
                    self.__sniffer.run_scan()
                    self.__scan_in_progress = True
                    self.__timeout_scan_in_progress = timeout
                    self.__start_time_scan_in_progress = time.time()
                    response.append(
                        base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(0))
                    )

            else:
                response.append(base_response + " %s ackend\n" % ControlError.get(3002))

        elif action == "net_scan_status":
            if self.__sniffer.status() == -1:
                response.append(base_response + ' status="-1" error="%s" ackend\n' % (self.__sniffer.get_error()))

            else:
                response.append(
                    base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(0))
                )

        elif action == "net_scan_capture_list":
            capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)

            for p in capture_files:
                base_response += ' capture="%s"' % p

            response.append(base_response + ' count="%i" %s ackend\n' % (len(capture_files), ControlError.get(0)))

        elif action == "net_scan_capture_get":
            path = Utils.get_var('path="([0-9A-Za-z_\.]+)"', data)

            # only valid paths should get through
            if path != "":
                # ensure we are not after the current working report
                if path != self.__sniffer.get_working_capture_path():
                    filename = "%s/%s" % (self.__sniffer_captures_path, path)
                    if not os.path.isfile(filename):
                        response.append(base_response + "%s ackend\n" % ControlError.get(3004))
                    else:
                        capture_response, capture_len = self.__get_capture_file_data(filename)
                        response.append(
                            base_response
                            + ' data="%s" datalen="%s" %s ackend\n'
                            % (capture_response, capture_len, ControlError.get(0))
                        )
                else:
                    response.append(base_response + "%s ackend\n" % ControlError.get(3005))

            else:
                print "path?"
                response.append(base_response + " %s ackend\n" % ControlError.get(3003))

        elif action == "net_scan_capture_delete":
            path = Utils.get_var('path="([^"]+)"', data)

            capture_file = self.__get_capture_file(path)

            if path == "*":
                logger.debug("Deleting all captures(s)")
                capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)
                for f in capture_files:
                    pcap_file = self.__get_capture_file(f)
                    os.unlink(pcap_file)

                response.append(base_response + " %s ackend\n" % ControlError.get(0))
            elif capture_file != "":
                logger.debug("Deleting report at: %s" % capture_file)
                os.unlink(capture_file)
                response.append(base_response + " %s ackend\n" % ControlError.get(0))
            else:
                response.append(base_response + " %s ackend\n" % ControlError.get(3004))

        # send back our response
        return response
Beispiel #7
0
    def process(self, data, base_response):
        logger.info("Sniffer Manager: Processing: %s" % data)
        '''
            control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eth="eth0,eth1,..ethx" hosts="192.168.1.2,192.168.1.3,..." nets="10.0.0.0/8,10.2.0.0/8,.."
            #capsize packets
            control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eth="eth0" cap_size="20" raw_filter="src port 40001 and dsp port 3338"
            control action="net_scan_capture_list" sensor="id_sensor"
            control action="net_scan_capture_get" id="ID_CAPTURE"
            control action="net_scan_capture_delete" id="ID_CAPTURE"
            control action="net_scan_status"
            control action="net_scan_stop"
        '''
        response = []
        action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)

        if action == "net_scan":
            free_space = self.getDiskUsage('/var/ossim')
            check = (MIN_FREE_SPACE / MEGABYTE)
            if free_space < (MIN_FREE_SPACE / MEGABYTE):
                response.append(base_response + ' status="-1" %s ackend\n' %
                                (ControlError.get(3006)))
                return response
            device = Utils.get_var("eth=\"(\S+)\"", data)
            if device not in self.__availableInterfaces:
                return response.append(base_response +
                                       ' %s ackend\n' % ControlError.get(3002))

            tmp_capture_size = Utils.get_var("cap_size=\"(\d+)\"", data)
            capture_size = 0
            if tmp_capture_size:
                try:
                    capture_size = int(tmp_capture_size)
                except TypeError:
                    capture_size = 0
                    logger.warning("Invalid Caputure size: %s" %
                                   tmp_capture_size)

            capture_name = Utils.get_var("scan_name=\"([0-9A-Za-z_\.]+)\"",
                                         data)
            try:
                tmp = Utils.get_var("timeout=\"(\d+)\"", data)
                if tmp != "":
                    timeout = int(tmp)
                else:
                    timeout = 60
            except TypeError:
                timeout = 60

            if device:
                if self.__sniffer.status(
                ) == SnifferStatus.RUNNING_SCAN or self.__sniffer.status(
                ) == SnifferStatus.WORKING:
                    logger.info("Scan already in progress: %i" %
                                self.__sniffer.status())
                    response.append(
                        base_response + ' status="%d" %s ackend\n' %
                        (self.__sniffer.status(), ControlError.get(3001)))

                else:
                    #timestamp = datetime.datetime.today().strftime("%Y%m%d%H%M00")
                    #cap_file_name = "net_scan_%s_%s.pcap" % (device, timestamp)
                    cap_file_path = "%s/%s" % (self.__sniffer_captures_path,
                                               capture_name)
                    self.__sniffer.set_data_to_build_filter(data)
                    self.__sniffer.set_capture_file(cap_file_path)
                    self.__sniffer.set_device(device)
                    self.__sniffer.set_timeout(timeout)
                    self.__sniffer.set_capture_size(capture_size)
                    self.__sniffer.run_scan()
                    self.__scan_in_progress = True
                    self.__timeout_scan_in_progress = timeout
                    self.__start_time_scan_in_progress = time.time()
                    response.append(
                        base_response + ' status="%d" %s ackend\n' %
                        (self.__sniffer.status(), ControlError.get(0)))

            else:
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(3002))

        elif action == "net_scan_stop":
            if self.__sniffer.status() > 0:
                self.__sniffer.stopScan()
                response.append(base_response + ' %s ackend\n' %
                                (ControlError.get(0)))
            else:
                response.append(base_response + ' status="-1" %s ackend\n' %
                                ControlError.get(3007))
        elif action == "net_scan_status":
            if self.__sniffer.status() == -1:
                response.append(base_response +
                                ' status="-1" error="%s" ackend\n' %
                                (self.__sniffer.get_error()))

            else:
                response.append(
                    base_response + ' %s %s ackend\n' %
                    (self.__sniffer.getStatusString(), ControlError.get(0)))

        elif action == "net_scan_capture_list":
            capture_files = self.__get_capture_file_list(
                self.__sniffer_captures_path)

            for p in capture_files:
                base_response += ' capture="%s"' % p

            response.append(base_response + ' count="%i" %s ackend\n' %
                            (len(capture_files), ControlError.get(0)))

        elif action == "net_scan_capture_get":
            path = Utils.get_var("path=\"([0-9A-Za-z_\.]+)\"", data)

            # only valid paths should get through
            if path != "":
                # ensure we are not after the current working report
                if path != self.__sniffer.get_working_capture_path():
                    filename = "%s/%s" % (self.__sniffer_captures_path, path)
                    if not os.path.isfile(filename):
                        response.append(base_response +
                                        '%s ackend\n' % ControlError.get(3004))
                    else:
                        capture_response, capture_len = self.__get_capture_file_data(
                            filename)
                        response.append(base_response +
                                        ' data="%s" datalen="%s" %s ackend\n' %
                                        (capture_response, capture_len,
                                         ControlError.get(0)))
                else:
                    response.append(base_response +
                                    '%s ackend\n' % ControlError.get(3005))

            else:
                print "path?"
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(3003))

        elif action == "net_scan_capture_delete":
            path = Utils.get_var("path=\"([^\"]+)\"", data)

            capture_file = self.__get_capture_file(path)

            if path == "*":
                logger.debug("Deleting all captures(s)")
                capture_files = self.__get_capture_file_list(
                    self.__sniffer_captures_path)
                for f in capture_files:
                    pcap_file = self.__get_capture_file(f)
                    os.unlink(pcap_file)

                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(0))
            elif capture_file != "":
                logger.debug("Deleting report at: %s" % capture_file)
                os.unlink(capture_file)
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(0))
            else:
                response.append(base_response +
                                ' %s ackend\n' % ControlError.get(3004))

        # send back our response
        return response
 def process(self, data, base_response):
     logger.info("Inventory Manager: Processing: %s" % data)
     response = []
     action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
     if action == "refresh_inventory_task":
         tmp_tasks = Utils.get_var("inventory_task_list=\{(?P<task_list>.*)\}", data)
         task_list = tmp_tasks.split('|')
         inventory_task_list = []
         for task in task_list:
             task_values = self.__taskRegex.match(task)
             if task_values:
                 groupdict = task_values.groupdict()
                 if groupdict['task_type_name'].lower() =='nmap':
                     inventory_task_list.append(NMAP_TASK(groupdict['task_name'], \
                                                          groupdict['task_params'], \
                                                          groupdict['task_period'], \
                                                          groupdict['task_reliability'], \
                                                          groupdict['task_enable'], \
                                                          groupdict['task_type'],\
                                                          groupdict['task_type_name']))
                 elif groupdict['task_type_name'].lower() =='wmi':
                     inventory_task_list.append(WMI_TASK(groupdict['task_name'], \
                                                          groupdict['task_params'], \
                                                          groupdict['task_period'], \
                                                          groupdict['task_reliability'], \
                                                          groupdict['task_enable'], \
                                                          groupdict['task_type'],\
                                                          groupdict['task_type_name']))
                 elif groupdict['task_type_name'].lower() =='ldap':
                     inventory_task_list.append(LDAP_TASK(groupdict['task_name'], \
                                                          groupdict['task_params'], \
                                                          groupdict['task_period'], \
                                                          groupdict['task_reliability'], \
                                                          groupdict['task_enable'], \
                                                          groupdict['task_type'],\
                                                          groupdict['task_type_name']))
                 elif groupdict['task_type_name'].lower() =='ocs':
                     inventory_task_list.append(OCS_TASK(groupdict['task_name'], \
                                                          groupdict['task_params'], \
                                                          groupdict['task_period'], \
                                                          groupdict['task_reliability'], \
                                                          groupdict['task_enable'], \
                                                          groupdict['task_type'],\
                                                          groupdict['task_type_name'],\
                                                          self._fmkip,\
                                                          self._fmkport))
                 elif groupdict['task_type_name'].lower() =='nagios':
                     inventory_task_list.append(NAGIOS_TASK(groupdict['task_name'], \
                                                          groupdict['task_params'], \
                                                          groupdict['task_period'], \
                                                          groupdict['task_reliability'], \
                                                          groupdict['task_enable'], \
                                                          groupdict['task_type'],\
                                                          groupdict['task_type_name'],\
                                                          self._fmkip,\
                                                          self._fmkport))
                 else:
                     logger.warning("task not implemented:%s" % groupdict['task_type_name'])
             else:
                 logger.warning("Invalid task: %s" % task)
         self.__inventory.set_tasks(inventory_task_list)
         response.append(base_response + ' status="%d" %s ackend\n' % (0, ControlError.get(0)))
     else:
         response.append(base_response + ' %s ackend\n' % ControlError.get(2002))
     return response
 def process(self, data, base_response):
     logger.info("Inventory Manager: Processing: %s" % data)
     response = []
     action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
     if action == "refresh_inventory_task":
         tmp_tasks = Utils.get_var(
             "inventory_task_list=\{(?P<task_list>.*)\}", data)
         task_list = tmp_tasks.split('|')
         inventory_task_list = []
         for task in task_list:
             task_values = self.__taskRegex.match(task)
             if task_values:
                 groupdict = task_values.groupdict()
                 if groupdict['task_type_name'].lower() == 'nmap':
                     inventory_task_list.append(NMAP_TASK(groupdict['task_name'], \
                                                          groupdict['task_params'], \
                                                          groupdict['task_period'], \
                                                          groupdict['task_reliability'], \
                                                          groupdict['task_enable'], \
                                                          groupdict['task_type'],\
                                                          groupdict['task_type_name']))
                 elif groupdict['task_type_name'].lower() == 'wmi':
                     inventory_task_list.append(WMI_TASK(groupdict['task_name'], \
                                                          groupdict['task_params'], \
                                                          groupdict['task_period'], \
                                                          groupdict['task_reliability'], \
                                                          groupdict['task_enable'], \
                                                          groupdict['task_type'],\
                                                          groupdict['task_type_name']))
                 elif groupdict['task_type_name'].lower() == 'ldap':
                     inventory_task_list.append(LDAP_TASK(groupdict['task_name'], \
                                                          groupdict['task_params'], \
                                                          groupdict['task_period'], \
                                                          groupdict['task_reliability'], \
                                                          groupdict['task_enable'], \
                                                          groupdict['task_type'],\
                                                          groupdict['task_type_name']))
                 elif groupdict['task_type_name'].lower() == 'ocs':
                     inventory_task_list.append(OCS_TASK(groupdict['task_name'], \
                                                          groupdict['task_params'], \
                                                          groupdict['task_period'], \
                                                          groupdict['task_reliability'], \
                                                          groupdict['task_enable'], \
                                                          groupdict['task_type'],\
                                                          groupdict['task_type_name'],\
                                                          self._fmkip,\
                                                          self._fmkport))
                 elif groupdict['task_type_name'].lower() == 'nagios':
                     inventory_task_list.append(NAGIOS_TASK(groupdict['task_name'], \
                                                          groupdict['task_params'], \
                                                          groupdict['task_period'], \
                                                          groupdict['task_reliability'], \
                                                          groupdict['task_enable'], \
                                                          groupdict['task_type'],\
                                                          groupdict['task_type_name'],\
                                                          self._fmkip,\
                                                          self._fmkport))
                 else:
                     logger.warning("task not implemented:%s" %
                                    groupdict['task_type_name'])
             else:
                 logger.warning("Invalid task: %s" % task)
         self.__inventory.set_tasks(inventory_task_list)
         response.append(base_response + ' status="%d" %s ackend\n' %
                         (0, ControlError.get(0)))
     else:
         response.append(base_response +
                         ' %s ackend\n' % ControlError.get(2002))
     return response
Beispiel #10
0
    def process(self, data, base_response):
        """Process all the ossec deployment requests
        control action="ossec-deploy" order="deploy" host="192.168.2.142" user="******" password="******" domain="domain" ossecserver="ossecserverip" 
        control action="ossec-deploy" order="status" workid="theworkid"
        control action="ossec-deploy" order="abort" workid="theworkid"
        control action="ossec-deploy" order="list" workid="theworkid"
        control action="ossec-deploy" order="purge" workid="theworkid"
        """
        logger.info("OssecDeployManager: Processing: %s" % data)
        response = []
        action = Utils.get_var("order=\"([A-Za-z_]+)\"", data)

        if action == "deploy":
            host = Utils.get_var("host=\"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\"",data)
            if not host or host == "":
                response.append(base_response + ' %s ackend\n' % ControlError.get(5003))
                return response
            user = Utils.get_var("user=\"([^\"]+)\"",data)
            if not user or user == "":
                response.append(base_response + ' %s ackend\n' % ControlError.get(5004))
                return response
            passwd = Utils.get_var("password=\"([^\"]+)\"",data)
            if not passwd or passwd == "":
                response.append(base_response + ' %s ackend\n' % ControlError.get(5005))
                return response
            domain = Utils.get_var("domain=\"([^\"]+)\"",data)
            if not domain:
                domain= ""
            server = Utils.get_var("ossecserver=\"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\"",data)
            if not server or server == "":
                response.append(base_response + ' %s ackend\n' % ControlError.get(5007))
                return response
            #we are ready to go
            # 1 - Generate a random uuid to use it as work id
            workid = str(uuid.uuid4())
            logger.info("Work ID: %s" % workid)
            work = OssecDeploy(workid,host, user, passwd, domain,server)
            work.start()
            self.__deployWorks[workid] = work
            response.append(base_response + ' workid="%s" %s ackend\n' % (workid,ControlError.get(0)))

        elif action == "status":
            workid = Utils.get_var("workid=\"([A-Za-z0-9_\-]+)\"",data)
            if not workid or workid is "":
                response.append(base_response + ' %s ackend\n' % ControlError.get(5001))
            elif not  self.__deployWorks.has_key(workid):
                response.append(base_response + ' %s ackend\n' % ControlError.get(5002))
            else:
                status = self.__deployWorks[workid].get_status_string()
                response.append(base_response + ' %s  %s ackend\n' % (status, ControlError.get(0)))
        elif action == "abort":
            workid = Utils.get_var("workid=\"([A-Za-z0-9_\-]+)\"",data)
            if not workid or workid is "":
                response.append(base_response + ' %s ackend\n' % ControlError.get(5001))
            elif not self.__deployWorks.has_key(workid):
                response.append(base_response + ' %s ackend\n' % ControlError.get(5002))
            else:
                self.__deployWorks[workid].join(1)
                del self.__deployWorks[workid]
                response.append(base_response + ' %s ackend\n' % (ControlError.get(0)))
        elif action == "list":
            worklist = ','.join(self.__deployWorks.keys())
            response.append(base_response + ' list="%s" %s ackend\n' % (worklist, ControlError.get(0)))
        elif action == "purge":
            logger.info("purge")
            for workid in self.__deployWorks.keys():
                st  = self.__deployWorks[workid].status() 
                if st == OssecDeployStatus.FINISHED_OK or st == OssecDeployStatus.STOPPED_ERROR:
                    del self.__deployWorks[workid]
            response.append(base_response + ' %s ackend\n' % (ControlError.get(0)))
        else:
            response.append(base_response + ' %s ackend\n' % ControlError.get(5000))
        
        # send back our response
        return response