def put_sensor_detector(sensor_id):
"""
Set the [sensor]/detectors list on ossim_setup.conf of the sensor
"""
# Get the 'plugins' param list, with contains the detector plugins
# It must be a comma separate list
plugins = request.args.get('plugins')
if plugins is None:
current_app.logger.error(
"detector: put_sensor_detector error: Missing parameter 'plugins'")
return make_bad_request("Missing parameter plugins")
(success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
current_app.logger.error(
"detector: put_sensor_detector error: Bad 'sensor_id'")
return make_bad_request("Bad sensor_id")
(success, data) = set_sensor_detectors(sensor_ip, plugins)
if not success:
current_app.logger.error("detector: put_sensor_detector error %s" %
data)
return make_error("Error setting sensor detector plugins", 500)
# Now launch reconfig task
job = alienvault_reconfigure.delay(sensor_ip)
# Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
return make_ok(job_id_reconfig=job.id)
def put_sensor_interface(sensor_id):
"""
Set the [sensor]/interfaces list on ossim_setup.conf of the sensor
"""
# Get the 'ifaces' param list, with contains the ifaces
# It must be a comma separate list
ifaces = request.args.get('ifaces')
if ifaces is None:
current_app.logger.error("interfaces: put_sensor_interface error: Missing parameter 'ifaces'")
return make_bad_request("Missing parameter ifaces")
(success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
current_app.logger.error("interfaces: put_sensor_interface error: Bad 'sensor_id'")
return make_bad_request("Bad sensor_id")
# Call the ansible module to obtain the [sensor]/iface
(success, data) = set_sensor_interfaces(sensor_ip, ifaces)
if not success:
current_app.logger.error("interfaces: put_sensor_interfaces_from_conf error: %s" % data)
return make_error("Error setting sensor interfaces", 500)
# Now launch reconfig task
job = alienvault_reconfigure.delay(sensor_ip)
# Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
return make_ok(job_id_reconfig=job.id)
def alienvault_reconfig(system_ip,operation,jobid):
current_job_id = None
is_finished = False
job_status = None
job_data = None
jobs_active = None
job = None
msg = ""
if operation == "start":
print "Starting a new job..."
job = alienvault_reconfigure.delay(system_ip)
msg ="Job launched!"
elif operation == "status":
print "Status..."
job = AsyncResult(jobid,backend=alienvault_reconfigure.backend)
elif operation == "list":
i = inspect()
jobs_active = i.active()
else:
print "operation (%s) not allowed!!" % operation
if job:
current_job_id = job.id
job_data = job.info
job_status = job.status
return make_ok(job_id=current_job_id, finished=is_finished, status=job_status, task_data=job_data,
active_jobs=jobs_active, message=msg)
def put_sensor_detector(sensor_id):
"""
Set the [sensor]/detectors list on ossim_setup.conf of the sensor
"""
# Get the 'plugins' param list, with contains the detector plugins
# It must be a comma separate list
plugins = request.args.get('plugins')
if plugins is None:
current_app.logger.error("detector: put_sensor_detector error: Missing parameter 'plugins'")
return make_bad_request("Missing parameter plugins")
(success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'")
return make_bad_request("Bad sensor_id")
(success, data) = set_sensor_detectors(sensor_ip, plugins)
if not success:
current_app.logger.error("detector: put_sensor_detector error %s" % data)
return make_error("Error setting sensor detector plugins", 500)
# Now launch reconfig task
job = alienvault_reconfigure.delay(sensor_ip)
# Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
return make_ok(job_id_reconfig=job.id)
def alienvault_reconfig(system_ip, operation, jobid):
current_job_id = None
is_finished = False
job_status = None
job_data = None
jobs_active = None
job = None
msg = ""
if operation == "start":
print "Starting a new job..."
job = alienvault_reconfigure.delay(system_ip)
msg = "Job launched!"
elif operation == "status":
print "Status..."
job = AsyncResult(jobid, backend=alienvault_reconfigure.backend)
elif operation == "list":
i = inspect()
jobs_active = i.active()
else:
print "operation (%s) not allowed!!" % operation
if job:
current_job_id = job.id
job_data = job.info
job_status = job.status
return make_ok(job_id=current_job_id,
finished=is_finished,
status=job_status,
task_data=job_data,
active_jobs=jobs_active,
message=msg)
def set_sensor_network(sensor_id):
netlist = request.args.get('nets').split(",")
(ret, admin_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not ret:
current_app.logger.error("sensor: auth_sensor error: " + str(admin_ip))
return make_bad_request(sensor_id)
(success, data) = set_sensor_networks(admin_ip, netlist)
if not success:
current_app.logger.error("sensor: Can't set sensor networks to " + str(netlist))
return make_bad_request(sensor_id)
# Launch configure
job = alienvault_reconfigure.delay(admin_ip)
# Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
return make_ok(job_id_reconfig=job.id)
def set_sensor_network(sensor_id):
netlist = request.args.get('nets').split(",")
(ret, admin_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not ret:
current_app.logger.error("sensor: auth_sensor error: " + str(admin_ip))
return make_bad_request(sensor_id)
(success, data) = set_sensor_networks(admin_ip, netlist)
if not success:
current_app.logger.error("sensor: Can't set sensor networks to " +
str(netlist))
return make_bad_request(sensor_id)
# Launch configure
job = alienvault_reconfigure.delay(admin_ip)
# Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
return make_ok(job_id_reconfig=job.id)
def set_interfaces_roles(system_id, interfaces):
"""
Set roles for the system network interfaces.
"""
(success, ip) = ret = get_system_ip_from_system_id (system_id)
if not success:
return ret
# Flush caches
flush_cache(namespace="sensor_network")
# Next verify that the interfaces param exists, correct decode a base64 string
# and this string is a json object
(success, msg) = ret = ansiblemethods.system.network.set_interfaces_roles(ip, interfaces)
if not success:
return ret
job = alienvault_reconfigure.delay(ip)
if job.state is 'FAILURE':
return (False, "Can't start task to delete orphan status message")
return (True, job.id)
def sync_asec_plugins(plugin=None, enable=True):
"""
Send the ASEC generated plugins to the system sensors and enable them
Args:
plugin: plugin name
enable: wether we should enable the plugin or not. Default = True
Returns:
success (bool):
msg (str): Success message/Error info
"""
if not plugin:
return False, "No plugin to sync"
try:
plugin_path = "/var/lib/asec/plugins/" + plugin + ".cfg"
sql_path = plugin_path + ".sql"
sensors = []
(success, sensors) = get_systems(system_type='sensor')
if not success:
return False, "Unable to get sensors list: %s" % sensors
# Bug in ansible copy module prevents us from copying the files from
# /var/lib/asec/plugins as it has permissions 0 for "other"
# Workaround: make a local copy using ansible command module
plugin_tmp_path = "/tmp/" + plugin + ".cfg"
sql_tmp_path = plugin_tmp_path + ".sql"
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make get local IP: %s" % local_ip
return False, error_msg
(success, msg) = local_copy_file(local_ip,
plugin_path,
plugin_tmp_path)
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make temp copy of plugin file: %s" % msg
return False, error_msg
(success, msg) = local_copy_file(local_ip, sql_path, sql_tmp_path)
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make temp copy of sql file: %s" % msg
return False, error_msg
all_ok = True
for (sensor_id, sensor_ip) in sensors:
(success, msg) = ansible_install_plugin(sensor_ip,
plugin_tmp_path,
sql_tmp_path)
if success and enable:
# Get list of active plugins and add the new one.
# Then send the list back to the sensor?
(success, data) = get_sensor_detectors(sensor_ip)
if success:
data['sensor_detectors'].append(plugin)
sensor_det = ','.join(data['sensor_detectors'])
(success, msg) = set_sensor_detectors(sensor_ip,
sensor_det)
if not success:
error_msg = "[sync_asec_plugins] " + \
"Error enabling plugin %s " % plugin + \
"for sensor %s: %s" % (sensor_ip, msg)
api_log.error(error_msg)
all_ok = False
else:
# Now launch reconfig task
job = alienvault_reconfigure.delay(sensor_ip)
else:
error_msg = "[sync_asec_plugins] " + \
"Error installing plugin %s " % plugin + \
"in sensor %s: %s" % (sensor_ip, msg)
api_log.error(error_msg)
all_ok = False
# Delete temporal copies of the files
remove_file([local_ip], plugin_tmp_path)
remove_file([local_ip], sql_tmp_path)
if not all_ok:
error_msg = "Plugin %s installation failed " % plugin + \
"for some sensors"
return False, error_msg
info_msg = "Plugin %s installed. Enabled = %s" % (plugin, str(enable))
return True, info_msg
except Exception as e:
api_log.error("[sync_asec_plugins] Exception catched: %s" % str(e))
return False, "[sync_asec_plugins] Unknown error"
def sync_asec_plugins(plugin=None, enable=True):
"""
Send the ASEC generated plugins to the system sensors and enable them
Args:
plugin: plugin name
enable: wether we should enable the plugin or not. Default = True
Returns:
success (bool):
msg (str): Success message/Error info
"""
if not plugin:
return False, "No plugin to sync"
try:
plugin_path = "/var/lib/asec/plugins/" + plugin + ".cfg"
sql_path = plugin_path + ".sql"
sensors = []
(success, sensors) = get_systems(system_type='sensor')
if not success:
return False, "Unable to get sensors list: %s" % sensors
# Bug in ansible copy module prevents us from copying the files from
# /var/lib/asec/plugins as it has permissions 0 for "other"
# Workaround: make a local copy using ansible command module
plugin_tmp_path = "/tmp/" + plugin + ".cfg"
sql_tmp_path = plugin_tmp_path + ".sql"
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make get local IP: %s" % local_ip
return False, error_msg
(success, msg) = local_copy_file(local_ip, plugin_path,
plugin_tmp_path)
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make temp copy of plugin file: %s" % msg
return False, error_msg
(success, msg) = local_copy_file(local_ip, sql_path, sql_tmp_path)
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make temp copy of sql file: %s" % msg
return False, error_msg
all_ok = True
for (sensor_id, sensor_ip) in sensors:
(success, msg) = ansible_install_plugin(sensor_ip, plugin_tmp_path,
sql_tmp_path)
if success and enable:
# Get list of active plugins and add the new one.
# Then send the list back to the sensor?
(success, data) = get_sensor_detectors(sensor_ip)
if success:
data['sensor_detectors'].append(plugin)
sensor_det = ','.join(data['sensor_detectors'])
(success,
msg) = set_sensor_detectors(sensor_ip, sensor_det)
if not success:
error_msg = "[sync_asec_plugins] " + \
"Error enabling plugin %s " % plugin + \
"for sensor %s: %s" % (sensor_ip, msg)
api_log.error(error_msg)
all_ok = False
else:
# Now launch reconfig task
job = alienvault_reconfigure.delay(sensor_ip)
else:
error_msg = "[sync_asec_plugins] " + \
"Error installing plugin %s " % plugin + \
"in sensor %s: %s" % (sensor_ip, msg)
api_log.error(error_msg)
all_ok = False
# Delete temporal copies of the files
remove_file([local_ip], plugin_tmp_path)
remove_file([local_ip], sql_tmp_path)
if not all_ok:
error_msg = "Plugin %s installation failed " % plugin + \
"for some sensors"
return False, error_msg
info_msg = "Plugin %s installed. Enabled = %s" % (plugin, str(enable))
return True, info_msg
except Exception as e:
api_log.error("[sync_asec_plugins] Exception catched: %s" % str(e))
return False, "[sync_asec_plugins] Unknown error"
