def ossec_win_deploy(sensor_id):
    # First obtain the admin_ip
    param_names = ['agent_name', 'windows_ip', 'windows_username', 'windows_domain', 'windows_password']
    (result, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id, local_loopback=False)
    if result is False:
        current_app.logger.error("ossec_win_deploy: ossec_win_deploy error: " % str(sensor_ip))
        return api.lib.common.make_error("Error deploying ossec from sensor %s" % sensor_ip, 404)
    # Now the params. We need
    # agent_name
    # windows_ip
    # windows_user
    # windows_domain
    # windows_password
    for k in param_names:
        if request.args.get(k) is None:
            current_app.logger.error("ossec_win_deploy: ossec_win_deploy error: Bad param %s" % k)
            return api.lib.common.make_error("Bad param %s" % k, 400)
    # Ok, all params presents and with value
    job = celerymethods.jobs.ossec_win_deploy.ossec_win_deploy.delay(sensor_ip, request.args['agent_name'],
                                                           request.args['windows_ip'],
                                                           request.args['windows_username'],
                                                           request.args['windows_domain'],
                                                           request.args['windows_password'])

    current_job_id = job.id
    is_finished = False
    job_status = job.status
    job_data = job.info
    jobs_active = None
    msg = "Job launched!"

    return api.lib.common.make_ok(job_id=current_job_id, finished=is_finished, status=job_status, task_data=job_data,
                                  active_jobs=jobs_active, message=msg)
Beispiel #2
0
def apimethod_get_agentless_passlist(sensor_id):
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id %s" % sensor_id
    success, base_path = get_base_path_from_sensor_id(sensor_id)
    if not success:
        return False, "Can't retrieve the destination path: %s" % base_path
    destination_path = base_path + "/ossec/agentless/"

    success, msg = create_local_directory(destination_path)
    if not success:
        api_log.error(str(msg))
        return False, "Error creating directory '%s'" % destination_path
    dst_filename = destination_path+".passlist"
    success, msg = ans_ossec_get_agentless_passlist(system_ip=system_ip,
                                                    destination_path=dst_filename)
    if not success:
        if str(msg).find('the remote file does not exist') > 0:
            if touch_file(dst_filename):
                success = True
                msg = dst_filename

    success, result = set_ossec_file_permissions(dst_filename)
    if not success:
        return False, str(result)

    return success, msg
Beispiel #3
0
def get_sensor_detector_by_device(sensor_id):
    """
    Return the [sensor]/plugin list for a given sensor
    :param sensor_id: The sensor which we want to get the data
    :param device_id: Filter by device (canonical uuid)
    """
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        current_app.logger.error(
            "detector: get_sensor_detector: Bad 'sensor_id'")
        return make_bad_request("Bad sensor_id")

    device_id = request.args.get('device_id', None)

    # Now call the ansible module to obtain the [sensor]/iface
    (success, data) = get_sensor_detectors_from_yaml(sensor_ip)
    if not success:
        current_app.logger.error(
            "detector: get_sensor_detector_by_device: %s" % str(data))
        return make_error("Error getting sensor plugins", 500)
    try:
        yaml_data = get_plugin_get_request_from_yml(
            data['contacted'][sensor_ip]['plugins'], device_id)
    except:
        return make_error(
            "Something wrong while parsing the yml file. %s" % data, 500)
    # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
    return make_ok(plugins=yaml_data)
Beispiel #4
0
def put_sensor_detector_by_device(sensor_id):
    """
    Set the [sensor]/detectors list on config.yml of the sensor
    """
    # Get the 'plugins' param list, with contains the detector plugins
    # It must be a comma separate list
    plugins = request.form['plugins']
    if plugins is None:
        current_app.logger.error(
            "detector: put_sensor_detector error: Missing parameter 'plugins'")
        return make_bad_request("Missing parameter plugins")

    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        current_app.logger.error(
            "detector: put_sensor_detector error: Bad 'sensor_id'")
        return make_bad_request("Bad sensor_id")
    plugins_hash = {}
    try:
        plugins = json.loads(plugins)
        for device_id, plugins in plugins.iteritems():
            ips = get_asset_ip_from_id(device_id)
            if len(ips) > 0:
                plugins_hash[device_id] = {
                    "device_ip":
                    ips[0],  # A device  should never have more than one IP
                    "plugins": plugins
                }
    except Exception, e:
        return make_bad_request("Invalid JSON: %s , p=%s" % ("", str(plugins)))
Beispiel #5
0
def ossec_put_server_config(sensor_id):
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id %s" % sensor_id

    success, ossec_directory = get_ossec_directory(sensor_id)
    if not success:
        api_log.error(str(ossec_directory))
        return False, ossec_directory
    server_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_SERVER_FILE_NAME)

    success, local_system_ip = get_system_ip_from_local(local_loopback=False)
    if not success:
        api_log.error(str(local_system_ip))
        return False, "Error getting the local system ip"

    # Sanity Check of the file
    success, msg = ossec_verify_server_config_file(local_system_ip, server_config_file)
    if not success:
        api_log.error(str(msg))
        return False, "Error verifiying the ossec server configuration file\n%s" % msg

    success, msg = copy_file(host_list=[system_ip],
                             args="src=%s dest=%s owner=root group=ossec mode=644" % (server_config_file, OSSEC_CONFIG_SERVER_PATH))
    if not success:
        api_log.error(str(msg))
        return False, "Error setting the HIDS server configuration file"

    return True, ''
Beispiel #6
0
def put_sensor_interface(sensor_id):
    """
    Set the [sensor]/interfaces list on ossim_setup.conf of the sensor
    """
    # Get the 'ifaces' param list, with contains the ifaces
    # It must be a comma separate list
    ifaces = request.args.get('ifaces')
    if ifaces is None:
        current_app.logger.error("interfaces: put_sensor_interface error: Missing parameter 'ifaces'")
        return make_bad_request("Missing parameter ifaces")

    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        current_app.logger.error("interfaces: put_sensor_interface  error: Bad 'sensor_id'")
        return make_bad_request("Bad sensor_id")

    # Call the ansible module to obtain the [sensor]/iface
    (success, data) = set_sensor_interfaces(sensor_ip, ifaces)
    if not success:
        current_app.logger.error("interfaces: put_sensor_interfaces_from_conf error: %s" % data)
        return make_error("Error setting sensor interfaces", 500)

    # Now launch reconfig task
    job = alienvault_reconfigure.delay(sensor_ip)

    # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
    return make_ok(job_id_reconfig=job.id)
Beispiel #7
0
def put_sensor_detector(sensor_id):
    """
    Set the [sensor]/detectors list on ossim_setup.conf of the sensor
    """
    # Get the 'plugins' param list, with contains the detector plugins
    # It must be a comma separate list
    plugins = request.args.get('plugins')
    if plugins is None:
        current_app.logger.error(
            "detector: put_sensor_detector error: Missing parameter 'plugins'")
        return make_bad_request("Missing parameter plugins")

    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        current_app.logger.error(
            "detector: put_sensor_detector error: Bad 'sensor_id'")
        return make_bad_request("Bad sensor_id")

    (success, data) = set_sensor_detectors(sensor_ip, plugins)
    if not success:
        current_app.logger.error("detector: put_sensor_detector error %s" %
                                 data)
        return make_error("Error setting sensor detector plugins", 500)

    # Now launch reconfig task
    job = alienvault_reconfigure.delay(sensor_ip)

    # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
    return make_ok(job_id_reconfig=job.id)
Beispiel #8
0
def put_sensor_detector(sensor_id):
    """
    Set the [sensor]/detectors list on ossim_setup.conf of the sensor
    """
    # Get the 'plugins' param list, with contains the detector plugins
    # It must be a comma separate list
    plugins = request.args.get('plugins')
    if plugins is None:
        current_app.logger.error("detector: put_sensor_detector error: Missing parameter 'plugins'")
        return make_bad_request("Missing parameter plugins")

    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'")
        return make_bad_request("Bad sensor_id")

    (success, data) = set_sensor_detectors(sensor_ip, plugins)
    if not success:
        current_app.logger.error("detector: put_sensor_detector error %s" % data)
        return make_error("Error setting sensor detector plugins", 500)

    # Now launch reconfig task
    job = alienvault_reconfigure.delay(sensor_ip)

    # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
    return make_ok(job_id_reconfig=job.id)
Beispiel #9
0
def apimethod_run_nmap_scan(sensor_id, target, idm, scan_type, rdns, scan_timing, autodetect, scan_ports,
                            output_file_prefix="", save_to_file=False, job_id=""):
    """Launches an MAP scan
    Args:
        sensor_id: The system IP where you want to get the [sensor]/interfaces from ossim_setup.conf
        target: IP address of the component where the NMAP will be executed
        idm: Convert results into idm events
        scan_type: Sets the NMAP scan type
        rdns: Tells Nmap to do reverse DNS resolution on the active IP addresses it finds
        scan_timing: Set the timing template
        autodetect: Aggressive scan options (enable OS detection)
        scan_ports: Only scan specified ports
        output_file_prefix: Prefix string to be added to the output filename
        save_to_file: Indicates whether you want to save the NMAP report to a file or not.
        job_id: Celery job ID.

    Returns:
        nmap_report: The NMAP report or the filename where the report has been saved.

    Raises:
        APINMAPScanCannotRun
        APICannotResolveSensorID
        APINMAPScanCannotRetrieveBaseFolder
        APINMAPScanCannotCreateLocalFolder
    """
    (result, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id, local_loopback=False)
    if result is False:
        api_log.error(
            "[apimethod_run_nmap_scan] Cannot retrieve the sensor ip from the given sensor id <%s>" % sensor_id)
        raise APICannotResolveSensorID(sensor_id)
    success, nmap_report = ansible_run_nmap_scan(sensor_ip=sensor_ip, target=target, scan_type=scan_type, rdns=rdns,
                                                 scan_timing=scan_timing, autodetect=autodetect, scan_ports=scan_ports,
                                                 job_id=job_id)
    if not success:
        api_log.error('Failed to launch NMAP scan: %s' % nmap_report)
        raise APINMAPScanCannotRun(nmap_report)

    filename = None
    if save_to_file:
        base_path = get_nmap_directory(sensor_id)
        filename = "%s/nmap_report_%s.json" % (base_path, output_file_prefix)
        with open(filename, "w") as f:
            f.write(json.dumps(nmap_report))

    if idm:
        conn = IDMConnection(sensor_id=sensor_id)
        if conn.connect():
            conn.send_events_from_hosts(nmap_report)
            try:
                if filename is not None:
                    os.remove(filename)
            except Exception:
                pass
        else:
            api_log.error("[apimethod_run_nmap_scan] Cannot connect with the IDM Service")
    try:
        apimethods_nmap_purge_scan_files(job_id)
    except Exception as exp:
        api_log.warning("[apimethod_run_nmap_scan] Cannot purge the scan files %s" % str(exp))
    return nmap_report
Beispiel #10
0
def put_sensor_detector_by_device(sensor_id):
    """
    Set the [sensor]/detectors list on config.yml of the sensor
    """
    # Get the 'plugins' param list, with contains the detector plugins
    # It must be a comma separate list
    plugins = request.form['plugins']
    if plugins is None:
        current_app.logger.error("detector: put_sensor_detector error: Missing parameter 'plugins'")
        return make_bad_request("Missing parameter plugins")

    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'")
        return make_bad_request("Bad sensor_id")
    plugins_hash = {}
    try:
        plugins = json.loads(plugins)
        for device_id, plugins in plugins.iteritems():
            ips = get_asset_ip_from_id(device_id)
            if len(ips) > 0:
                plugins_hash[device_id] = {"device_ip": ips[0],  # A device  should never have more than one IP
                                           "plugins": plugins}
    except Exception, e:
        return make_bad_request("Invalid JSON: %s , p=%s" % ("", str(plugins)))
Beispiel #11
0
def ossec_get_agent_config(sensor_id):
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id %s" % sensor_id

    success, ossec_directory = get_ossec_directory(sensor_id)
    if not success:
        api_log.error(str(ossec_directory))
        return False, ossec_directory
    agent_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_AGENT_FILE_NAME)

    success, filename = fetch_file(system_ip=system_ip,
                                   src_file_path=OSSEC_CONFIG_AGENT_PATH,
                                   dst_file_path=agent_config_file,
                                   fail_on_missing=True,
                                   flat=True)
    try:
        if not success:
            if str(filename).find('the remote file does not exist') > 0:
                if touch_file(agent_config_file):
                    success = True
                    filename = agent_config_file
    except Exception as err:
        import traceback
        api_log.error("EX: %s, %s" % (str(err), traceback.format_exc()))

    if not success:
        api_log.error(str(filename))
        return False, "Something wrong happened getting the HIDS agent configuration file"

    success, result = set_ossec_file_permissions(agent_config_file)
    if not success:
        return False, str(result)

    return True, filename
Beispiel #12
0
def ossec_add_new_agent(sensor_id, agent_name, agent_ip, asset_id):
    """
        Add a new agent
    """
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Bad sensor_id"

    (success, data) = ans_ossec_add_new_agent(sensor_ip, agent_name, agent_ip)

    # Add HIDS information to database and restart ossec server if it is necessary
    if success:
        # Default values
        agent_id = data
        agent_status = 'Never connected'

        try:
            add_hids_agent(agent_id, sensor_id, agent_name, agent_ip, agent_status, asset_id)
        except APIException as e:
            success = False
            data = str(e)

        (result, status) = ans_ossec_control(sensor_ip, 'status', '')

        if result and status['general_status']['remoted'] == 'DOWN':
            ans_ossec_control(sensor_ip, 'restart', '')

    return success, data
Beispiel #13
0
def ossec_get_server_config(sensor_id):
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id %s" % sensor_id

    success, ossec_directory = get_ossec_directory(sensor_id)
    if not success:
        api_log.error(str(ossec_directory))
        return False, ossec_directory
    server_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_SERVER_FILE_NAME)

    success, filename = fetch_file(system_ip=system_ip,
                                   src_file_path=OSSEC_CONFIG_SERVER_PATH,
                                   dst_file_path=server_config_file,
                                   fail_on_missing=True,
                                   flat=True)

    if not success:
        if str(filename).find('the remote file does not exist') > 0:
            if touch_file(server_config_file):
                filename = server_config_file
        else:
            api_log.error(str(filename))
            return False, "Something wrong happened getting the HIDS server configuration file"

    success, result = set_ossec_file_permissions(server_config_file)
    if not success:
        return False, str(result)
    return True, filename
Beispiel #14
0
def apimethod_ossec_control(sensor_id, operation, option):
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id %s" % sensor_id

    return ans_ossec_control(system_ip=system_ip,
                             operation=operation,
                             option=option)
Beispiel #15
0
def ossec_add_new_agent(sensor_id, agent_name, agent_ip):
    """
        Add a new agent
    """
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Bad sensor_id"
    (success, data) = ans_ossec_add_new_agent(sensor_ip, agent_name, agent_ip)
    return success, data
Beispiel #16
0
def get_service_status_by_id(sensor_id):
    """
    Return a list of processes with their statuses (snort, suricata, prads, ntop and ossec)
    """
    (success, ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, ip

    return get_service_status_by_ip(ip)
Beispiel #17
0
def ossec_add_new_agent(sensor_id, agent_name, agent_ip):
    """
        Add a new agent
    """
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Bad sensor_id"
    (success, data) = ans_ossec_add_new_agent(sensor_ip, agent_name, agent_ip)
    return success, data
Beispiel #18
0
def ossec_get_check(sensor_id, agent_ip, agent_name, check_type):
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id" % sensor_id

    return ans_ossec_get_check(system_ip=system_ip,
                               check_type=check_type,
                               agent_ip=agent_ip,
                               agent_name=agent_name)
Beispiel #19
0
def get_service_status_by_id(sensor_id):
    """
    Return a list of processes with their statuses (snort, suricata, prads, ntop and ossec)
    """
    (success, ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, ip

    return get_service_status_by_ip(ip)
Beispiel #20
0
def apimethod_put_agentless_passlist(sensor_id):
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id %s" % sensor_id
    success, base_path = get_base_path_from_sensor_id(sensor_id)
    if not success:
        return False, "Can't retrieve the destination path: %s" % base_path
    src_file = base_path + "/ossec/agentless/.passlist"
    return ans_ossec_put_agentless_passlist(system_ip=system_ip, local_passfile=src_file)
Beispiel #21
0
def ossec_rootcheck(sensor_id, agent_id):
    """
        Rootcheck
        @param sensor_id: Sensor id
        @param agent_id: Agent id [0-9]{1,4}
    """
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return (False, system_ip)
    return ans_ossec_rootcheck(system_ip, agent_id)
Beispiel #22
0
def get_plugin_package_info(sensor_id):
    """
        Return the current version of package alienvault-api-sids in
        sensor with id sensor_id
    """
    (success, ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if success:
        return ans_get_plugin_package_info(ip)
    else:
        return (False, ip)
Beispiel #23
0
def apimethod_ossec_get_agent_detail(sensor_id, agent_id):
    """Retrieves information about a given agent_id
    :param sensor_id of the sensor we are going to consult
    :param agent_id: Agent id [0-9]{1,4}

    """
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return (False, "Invalid sensor id %s" % sensor_id)
    return ans_ossec_get_ossec_agent_detail(system_ip, agent_id)
Beispiel #24
0
def apimethod_ossec_get_syscheck(sensor_id, agent_id):
    """
        Return the modified file list detected by ossec agent
        :param sensor_id of the sensor we are going to consult
        :param agent_id: Agente id \d{1,4}
    """
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return (False, "Invalid sensor id %s" % sensor_id)
    return ans_ossec_get_syscheck(system_ip, agent_id)
Beispiel #25
0
def get_plugin_package_info(sensor_id):
    """
        Return the current version of package alienvault-api-sids in
        sensor with id sensor_id
    """
    (success, ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if success:
        return ans_get_plugin_package_info(ip)
    else:
        return (False, ip)
Beispiel #26
0
def ossec_get_preconfigured_agent(sensor_id, agent_id, agent_type):
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id"

    success, destination_path = get_ossec_directory(sensor_id)
    if not success:
        api_log.error(str(destination_path))
        return False, destination_path

    return ossec_create_preconfigured_agent(system_ip, agent_id, agent_type, destination_path)
Beispiel #27
0
def ossec_get_logs(sensor_id, ossec_log, number_of_lines):
    """
       Return lines from ossec_log
       @param sensor_id: Sensor id
       @param ossce_log: alert or ossec , the where we're going to red
       @param number_of_logs: Number of line to read from the logs
    """
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return (False, system_ip)
    return ans_ossec_get_logs(system_ip, ossec_log, number_of_lines)
Beispiel #28
0
 def __build_sensor_from_alchemy_object(self, alchemy_sensor_object):
     sensor_id = get_uuid_string_from_bytes(alchemy_sensor_object.id)
     _, sensor_ip = get_sensor_ip_from_sensor_id(sensor_id)
     sensor_platform = self._platform_repository.get_platform(sensor_ip)
     sensor_connected = sensor_platform is not None
     return self._sensor_constructor(
         sensor_id, alchemy_sensor_object.name, alchemy_sensor_object.descr,
         sensor_platform and sensor_platform.name, sensor_ip,
         self.__get_software_version(alchemy_sensor_object.id),
         sensor_platform and sensor_platform.threat_intelligence_version,
         sensor_connected)
Beispiel #29
0
def apimethod_put_ossec_configuration_file(sensor_id, filename):
    if filename not in ['local_rules.xml', 'rules_config.xml']:
        return False, "Invalid configuration file to put: %s" % str(filename)
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id %s" % sensor_id
    success, base_path = get_base_path_from_sensor_id(sensor_id)
    if not success:
        return False, "Can't retrieve the destination path: %s" % base_path
    src_file = base_path + "/ossec/rules/%s" % filename
    return ans_ossec_put_configuration_rule_file(system_ip=system_ip, local_rule_filename=src_file, remote_rule_name=filename)
Beispiel #30
0
def get_ossec_rules_filenames(sensor_id):
    (ret, admin_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not ret:
        current_app.logger.error("sensor: auth_sensor error: " + str(admin_ip))
        return make_bad_request(sensor_id)

    (success, data) = get_ossec_rule_filenames(admin_ip)
    if not success:
        current_app.logger.error("sensor: Can't get  sensor networks for  " + str(sensor_id) + " msg: " + str(data))
        return make_bad_request(sensor_id)
    else:
        return make_ok(rules=data)
Beispiel #31
0
def ossec_get_available_agents(sensor_id, op_ossec, agent_id=''):
    """
        Exec several ops for a ossec agent
        @param sensor_id: Sensor id
        @param op_ossec: Operation. One in list_available_agents,  list_online_agents,
        restart_agent, integrity_check
        @param agent_id: Agent id [0-9]{1,4}

    """
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return (False, system_ip)
    return ans_ossec_get_available_agents(system_ip, op_ossec, agent_id)
Beispiel #32
0
def get_ossec_rules_filenames(sensor_id):
    (ret, admin_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not ret:
        current_app.logger.error("sensor: auth_sensor error: " + str(admin_ip))
        return make_bad_request(sensor_id)

    (success, data) = get_ossec_rule_filenames(admin_ip)
    if not success:
        current_app.logger.error("sensor: Can't get  sensor networks for  " +
                                 str(sensor_id) + " msg: " + str(data))
        return make_bad_request(sensor_id)
    else:
        return make_ok(rules=data)
Beispiel #33
0
def apimethods_nmap_purge_scan_files(task_id):
    """Purge the given scan files
    Raises:
        APICannotResolveSensorID
        APINMAPScanKeyNotFound
        APINMAPScanException
    """
    job = apimethod_get_nmap_scan_status(task_id)

    (result, sensor_ip) = get_sensor_ip_from_sensor_id(job["sensor_id"], local_loopback=False)
    if not result:
        return False, "Cannot retrieve the sensor ip from the given sensor id {0}".format(job["sensor_id"])
    success, result = ansible_nmap_purge_scan_files(sensor_ip, task_id)
    return success, result
Beispiel #34
0
def check_credentials(host_ip):
    (ret, admin_ip) = get_sensor_ip_from_sensor_id('local')

    if not ret:
        abort(500, "local sensor not found")
    #TODO: the method check_credentials_from_sensor doesn't exist
    #(success, data) = check_credentials_from_sensor(admin_ip, host_ip, request.args.get('user'),
    #                                               request.args.get('pass'), request.args.get('method'))
    success, data = True, "OK"
    if not success:
        current_app.logger.error("Cannot check host " + str(host_ip) + " credentials; msg: " + str(data))
        abort(500, "Cannot check host " + str(host_ip) + " credentials; msg: " + str(data))

    return make_ok(result=data)
Beispiel #35
0
def ossec_delete_agent(sensor_id, agent_id):
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Bad sensor_id"
    (success, data) = ans_ossec_delete_agent(sensor_ip, agent_id)

    if success:
        try:
            delete_hids_agent(agent_id, sensor_id)
        except APIException as e:
            data = str(e)
            success = False

    return success, data
Beispiel #36
0
def ossec_extract_agent_key(sensor_id, agent_id):
    """
        Extract the agente key
        @param sensor_id: sensor id
        @param agent_id:  A string between 0 and 9999 and [0-9]{1,4}
        @return: Nothig is OK or the error message
    """
    # Check the agent_id
    if re.match(r"^[0-9]{1,4}$", agent_id) is None:
        return (False, "Bad agent_id %s" % agent_id)
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return (False, system_ip)
    return ans_ossec_extract_agent_key(system_ip, agent_id)
Beispiel #37
0
def get_sensor_plugins(sensor_id, no_cache=False):
    """ Get the plugins of a sensor
    Raise:
        APICannotGetSensorPlugins
    """
    success, sensor_ip = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        raise APICannotResolveSensorID(
            sensor_id=sensor_id,
            log='[get_sensor_plugins] Error getting sensor ip: {0}'.format(str(sensor_ip)))

    plugins = ansible_get_sensor_plugins(system_ip=sensor_ip)

    return plugins
Beispiel #38
0
def get_sensor_plugins(sensor_id, no_cache=False):
    """ Get the plugins of a sensor
    Raise:
        APICannotGetSensorPlugins
    """
    success, sensor_ip = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        raise APICannotResolveSensorID(
            sensor_id=sensor_id,
            log='[get_sensor_plugins] Error getting sensor ip: {0}'.format(str(sensor_ip)))

    plugins = ansible_get_sensor_plugins(system_ip=sensor_ip)

    return plugins
Beispiel #39
0
def set_sensor_network(sensor_id):
    netlist = request.args.get('nets').split(",")
    (ret, admin_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not ret:
        current_app.logger.error("sensor: auth_sensor error: " + str(admin_ip))
        return make_bad_request(sensor_id)

    (success, data) = set_sensor_networks(admin_ip, netlist)
    if not success:
        current_app.logger.error("sensor: Can't set sensor networks to " + str(netlist))
        return make_bad_request(sensor_id)
    # Launch configure
    job = alienvault_reconfigure.delay(admin_ip)
    # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
    return make_ok(job_id_reconfig=job.id)
 def __build_sensor_from_alchemy_object(self, alchemy_sensor_object):
     sensor_id = get_uuid_string_from_bytes(alchemy_sensor_object.id)
     _, sensor_ip = get_sensor_ip_from_sensor_id(sensor_id)
     sensor_platform = self._platform_repository.get_platform(sensor_ip)
     sensor_connected = sensor_platform is not None
     return self._sensor_constructor(
         sensor_id,
         alchemy_sensor_object.name,
         alchemy_sensor_object.descr,
         sensor_platform and sensor_platform.name,
         sensor_ip,
         self.__get_software_version(alchemy_sensor_object.id),
         sensor_platform and sensor_platform.threat_intelligence_version,
         sensor_connected
     )
Beispiel #41
0
def configure_ntop (sensor_id, force=False):
    """
    Set the Ntop configuration in a Sensor profile.
    @param sensor_id: Sensor id
    """
    # Do nothing if ntop is already configured in this sensor
    (success, properties) = get_sensor_properties (sensor_id)
    if not success:
        return (False, properties)
    if properties['has_ntop'] and not force:
        return (True, 'ntop already configured')

    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return (False, "Bad sensor id: %s" % str(sensor_id))
    return ans_configure_ntop(sensor_ip)
Beispiel #42
0
def configure_ntop(sensor_id, force=False):
    """
    Set the Ntop configuration in a Sensor profile.
    @param sensor_id: Sensor id
    """
    # Do nothing if ntop is already configured in this sensor
    (success, properties) = get_sensor_properties(sensor_id)
    if not success:
        return (False, properties)
    if properties['has_ntop'] and not force:
        return (True, 'ntop already configured')

    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return (False, "Bad sensor id: %s" % str(sensor_id))
    return ans_configure_ntop(sensor_ip)