def test_execute(self):
server = Server.get_by_id(1)
self.assertEqual(execute(server, {'test_hostame': "hostname"}, become=False),
{'test_hostame': 'test-travis'})
self.assertEqual(execute(server, {'test_ok': "hostname 1>/dev/null"}, become=False),
{'test_ok': 'OK'})
with self.assertRaises(Exception):
execute(server, {'test_fail': "service ssh status"}, become=False)
def install(self, version=settings.OSSEC_VERSION):
if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu':
install_script = """
if ! type ${binary_dir}ossec ; then
wget https://github.com/ossec/ossec-hids/archive/${version}.tar.gz
tar xf ${version}.tar.gz
cp probemanager/ossec/preloaded-vars-agent.conf ossec-hids-${version}/etc/preloaded-vars.conf
chmod +x ossec-hids-${version}/etc/preloaded-vars.conf
(cd ossec-hids-${version}/ && sudo ./install.sh)
rm ${version}.tar.gz && rm -rf ossec-hids-" + version
cp probemanager/ossec/ossec-conf-agent.xml /var/ossec/etc/ossec.conf
${binary_dir}agent-auth -m ${ossec_server_ip}
exit 0
else
echo "Already installed"
exit 0
fi
"""
t = Template_string(install_script)
command = "sh -c '" + t.safe_substitute(
version=version,
binary_dir=settings.OSSEC_BINARY,
ossec_server_ip=settings.OSSEC_SERVER_IP) + "'"
else:
raise NotImplementedError
tasks = {"install": command}
try:
response = execute(self.server, tasks, become=True)
except Exception as e:
logger.error(e)
return False
logger.debug("output : " + str(response))
return True
def stop(self):
if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu':
command = self.configuration.bin_directory + "broctl stop"
else: # pragma: no cover
raise NotImplementedError
tasks = {"stop": command}
try:
response = execute(self.server, tasks, become=True)
except Exception: # pragma: no cover
logger.exception("Error during stop")
return {'status': False, 'errors': "Error during stop"}
logger.debug("output : " + str(response))
return {'status': True}
def status(self):
if self.server.os.name == 'debian':
command = settings.OSSEC_BINARY + "ossec-control status"
else:
raise NotImplementedError
tasks = {"status": command}
try:
response = execute(self.server, tasks, become=True)
except Exception as e:
logger.error('Failed to get status : ' + str(e))
return 'Failed to get status : ' + str(e)
logger.debug("output : " + str(response))
return response['status']
def reload(self):
if self.server.os.name == 'debian':
command = settings.OSSEC_BINARY + "ossec-control reload"
else:
raise NotImplementedError
tasks = {"reload": command}
try:
response = execute(self.server, tasks, become=True)
except Exception as e:
logger.error(str(e))
return {'status': False, 'errors': str(e)}
logger.debug("output : " + str(response))
return {'status': True}
def test(self):
if self.server.os.name == 'debian':
command1 = settings.OSSEC_BINARY + "ossec-monitord -t"
command2 = settings.OSSEC_BINARY + "ossec-agentd -t"
else:
raise NotImplementedError
tasks = {"test monitord": command1, "test remoted": command2}
try:
response = execute(self.server, tasks, become=True)
except Exception as e:
logger.error(str(e))
return False
logger.debug("output : " + str(response))
return True
def restart(self):
if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu':
command1 = self.configuration.bin_directory + "broctl stop"
command2 = self.configuration.bin_directory + "broctl deploy"
else: # pragma: no cover
raise NotImplementedError
tasks_unordered = {"1_stop": command1,
"3_deploy": command2}
tasks = OrderedDict(sorted(tasks_unordered.items(), key=lambda t: t[0]))
try:
response = execute(self.server, tasks, become=True)
except Exception: # pragma: no cover
logger.exception("Error during restart")
return {'status': False, 'errors': "Error during restart"}
logger.debug("output : " + str(response))
return {'status': True}
def status(self):
if self.installed:
if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu':
command = self.configuration.bin_directory + "broctl status | sed -n 2p"
else: # pragma: no cover
raise NotImplementedError
tasks = {"status": command}
try:
response = execute(self.server, tasks, become=True)
except Exception: # pragma: no cover
logger.exception('Failed to get status')
return 'Failed to get status'
logger.debug("output : " + str(response))
return response['status']
else:
return 'Not installed'
def deploy(self):
errors = list()
for bro in self.bros.all():
command1 = "critical-stack-intel api " + str(self.api_key)
command2 = "critical-stack-intel config --set bro.restart=true"
command3 = "critical-stack-intel pull"
tasks_unordered = {"1_set_api": command1, "2_set_restart": command2, "3_pull": command3}
tasks = OrderedDict(sorted(tasks_unordered.items(), key=lambda t: t[0]))
try:
response = execute(bro.server, tasks, become=True)
except Exception as e: # pragma: no cover
logger.exception('deploy failed for ' + str(bro))
errors.append('deploy failed for ' + str(bro) + ': ' + str(e))
else:
logger.debug("output : " + str(response))
if errors: # pragma: no cover
return {'status': False, 'errors': str(errors)}
else:
return {'status': True}
def list(self):
errors = list()
success = list()
for bro in self.bros.all():
command1 = "critical-stack-intel api " + str(self.api_key)
command2 = "critical-stack-intel list"
tasks_unordered = {"1_set_api": command1, "2_list": command2}
tasks = OrderedDict(sorted(tasks_unordered.items(), key=lambda t: t[0]))
try:
response = execute(bro.server, tasks, become=True)
except Exception as e: # pragma: no cover
logger.exception('list failed for ' + str(bro))
errors.append('list failed for ' + str(bro) + ': ' + str(e))
else:
logger.debug("output : " + str(response))
success.append(response['2_list'])
if errors: # pragma: no cover
return {'status': False, 'errors': str(errors)}
else:
return {'status': True, 'message': str(success)}
def test_execute_become(self):
server = Server.get_by_id(1)
self.assertEqual(execute(server, {'test_hostame': "hostname"}, become=True),
{'test_hostame': 'test-travis'})
self.assertIn('ssh.service', execute(server, {'test_status': "service ssh status"}, become=True)['test_status'])
server.become_pass = None
server.save()
with self.assertRaises(Exception):
execute(server, {'test_hostame': "hostname"}, become=True)
server.become = False
server.save()
with self.assertRaises(Exception):
execute(server, {'test_hostame': "hostname"}, become=True)
with self.assertRaises(Exception):
execute_copy(server, src=settings.ROOT_DIR + '/LICENSE', dest='/tmp/LICENSE', become=True)
def get_version(self, probe):
software_by_os = Software.objects.get(name=self.name,
os=probe.server.os)
command = {'get_version': software_by_os.command}
if self.instaled_by == 'apt':
command = {
'get_version':
"apt-cache policy " + str(self.name) +
" | sed -n '2 p' | grep -Po '\d{1,2}\.\d{1,2}\.{0,1}\d{0,2}' | sed -n '1 p'"
}
elif self.instaled_by == 'brew':
command = {
'get_version':
"brew list " + str(self.name) + " --versions | cut -d ' ' -f 2"
}
try:
output = execute(probe.server, command)
except Exception as e: # pragma: no cover
logger.exception('Error during get version')
return str(e)
logger.info("output : " + str(output))
return output['get_version']
def install(self, version=settings.BRO_VERSION):
if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu':
install_script = """
if ! type /usr/local/bro/bin/bro ; then
apt update
apt install -y cmake make gcc g++ flex bison libpcap-dev libssl1.0-dev python-dev swig zlib1g-dev \
libmagic-dev libgeoip-dev sendmail libcap2-bin wget curl ca-certificates
wget https://www.bro.org/downloads/bro-${version}.tar.gz
tar xf bro-${version}.tar.gz
( cd bro-${version} && ./configure )
( cd bro-${version} && make -j$(nproc) )
( cd bro-${version} && make install )
rm bro-${version}.tar.gz && rm -rf bro-${version}
export PATH=/usr/local/bro/bin:$PATH && export LD_LIBRARY_PATH=/usr/local/bro/lib/
echo "export PATH=/usr/local/bro/bin:$PATH" >> .bashrc
echo "export LD_LIBRARY_PATH=/usr/local/bro/lib/" >> .bashrc
/usr/local/bro/bin/broctl deploy
exit 0
else
echo "Already installed"
exit 0
fi
"""
t = Template(install_script)
command = "sh -c '" + t.safe_substitute(version=version) + "'"
else: # pragma: no cover
raise NotImplementedError
tasks = {"install": command}
try:
response = execute(self.server, tasks, become=True)
self.installed = True
self.save()
except Exception as e: # pragma: no cover
logger.exception('install failed')
return {'status': False, 'errors': str(e)}
logger.debug("output : " + str(response))
return {'status': True}
