def forward_check():
"""
Check the forward events for consistence issues
Returns:
bool: True if successful, False otherwhise
Message (str): Error description (if any)
"""
logger.info("Forward consistence check")
(success, local_id) = get_server_id_from_local()
if not success:
logger.error("Can't retrieve system_id.")
return False, "Can't retrieve system_id."
success, server_list = get_children_servers(local_id)
if not server_list:
return True, ''
if not success:
logger.error("Can't retrieve children system list.")
return False, "Can't retrieve children system list."
# Get the current alarms
# Check 8 hours back
success, local_alarms = get_local_alarms(delay=1, delta=3)
# local_alarms => hash, key => event_id data => server_id
if not success:
logger.error("Can't retrieve local alarms")
return False, "Can't retrieve local alarms"
for server in server_list:
success, child_alarms = get_child_alarms(server, delay=1, delta=3)
if not success:
logger.error(
"Can't retrieve remote alarms for server '%s'. Skiping" %
str(server))
continue
missing_alarms = [
event_id for event_id in child_alarms
if event_id not in local_alarms
]
if missing_alarms: # This check is list is empty
success, message = resend_alarms(server, missing_alarms)
if not success:
logger.error(
"Can't resend remote alarams from server '%s': %s. Skiping"
% (message, str(server)))
return True, ""
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
return success, "Error: Can not retrieve the local system id. %s" %str(local_system_id)
if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id):
return False, "Error: You're trying to remove the local system, which it's not allowed"
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
return success, "Error retrieving the system ip for the system id %s -> %s" % (system_ip, str(system_ip))
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
return success, "Error while removing the system from the database: %s" % str(msg)
# 2 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return success, "Error while removing the remote certificates: %s" % str(msg)
# 3 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Error while getting the local ip: %s" % str(local_ip)
success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id)
if not success:
return success, "Error while removing the local certificates: %s" % str(msg)
# 4 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
return False, "An error occurred while removing the system from the ansible inventory file: %s" % str(aim_error)
# 5 - Try to connect to the child and remove the parent using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
return success, "Error while retrieving server_id from local: %s" % str(msg)
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
return success, "Error while deleting parent server in child: %s" % str(msg)
return True, ""
def forward_check():
"""
Check the forward events for consistence issues
Returns:
bool: True if successful, False otherwhise
Message (str): Error description (if any)
"""
logger.info("Forward consistence check")
(success, local_id) = get_server_id_from_local()
if not success:
logger.error("Can't retrieve system_id.")
return False, "Can't retrieve system_id."
success, server_list = get_children_servers(local_id)
if not server_list:
return True, ''
if not success:
logger.error("Can't retrieve children system list.")
return False, "Can't retrieve children system list."
# Get the current alarms
# Check 8 hours back
success, local_alarms = get_local_alarms(delay=1, delta=3)
# local_alarms => hash, key => event_id data => server_id
if not success:
logger.error("Can't retrieve local alarms")
return False, "Can't retrieve local alarms"
for server in server_list:
success, child_alarms = get_child_alarms(server, delay=1, delta=3)
if not success:
logger.error("Can't retrieve remote alarms for server '%s'. Skiping" % str(server))
continue
missing_alarms = [event_id for event_id in child_alarms if event_id not in local_alarms]
if missing_alarms: # This check is list is empty
success, message = resend_alarms(server, missing_alarms)
if not success:
logger.error("Can't resend remote alarams from server '%s': %s. Skiping" % (message, str(server)))
return True, ""
def make_tunnel_with_vpn(system_ip, password):
"""Build the VPN tunnel with the given node"""
if not is_valid_ipv4(system_ip):
return False, "Invalid system ip: %s" % str(system_ip)
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Error while retrieving " + \
"server_id from local: %s" % str(own_server_id)
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Cannot retrieve the local ip <%s>" % str(local_ip)
success, data = ansible_make_tunnel_with_vpn(
system_ip=system_ip,
local_server_id=get_hex_string_from_uuid(own_server_id),
password=password)
if not success:
return success, data
print "Set VPN IP on the system table"
new_node_vpn_ip = data['client_end_point1']
if new_node_vpn_ip is None:
return False, "Cannot retrieve the new node VPN IP"
print "New Node VPN IP %s" % new_node_vpn_ip
success, data = get_system_id_from_system_ip(system_ip)
if success: # If the system is not on the system table is doesn't matter
success, data = set_system_vpn_ip(data, new_node_vpn_ip)
if not success:
return False, "Cannot set the new node vpn ip on the system table"
flush_cache(namespace="support_tunnel")
# Restart frameworkd
print "Restarting ossim-framework"
success, data = ansible_restart_frameworkd(system_ip=local_ip)
if not success:
print "Restarting %s ossim-framework failed (%s)" % (local_ip, data)
return True, "VPN node successfully connected."
def make_tunnel_with_vpn(system_ip, password):
"""Build the VPN tunnel with the given node"""
if not is_valid_ipv4(system_ip):
return False, "Invalid system ip: %s" % str(system_ip)
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Error while retrieving " + \
"server_id from local: %s" % str(own_server_id)
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Cannot retrieve the local ip <%s>" % str(local_ip)
success, data = ansible_make_tunnel_with_vpn(system_ip=system_ip,
local_server_id=get_hex_string_from_uuid(own_server_id),
password=password)
if not success:
return success, data
print "Set VPN IP on the system table"
new_node_vpn_ip = data['client_end_point1']
if new_node_vpn_ip is None:
return False, "Cannot retrieve the new node VPN IP"
print "New Node VPN IP %s" % new_node_vpn_ip
success, data = get_system_id_from_system_ip(system_ip)
if success: # If the system is not on the system table is doesn't matter
success, data = set_system_vpn_ip(data, new_node_vpn_ip)
if not success:
return False, "Cannot set the new node vpn ip on the system table"
flush_cache(namespace="support_tunnel")
# Restart frameworkd
print "Restarting ossim-framework"
success, data = ansible_restart_frameworkd(system_ip=local_ip)
if not success:
print "Restarting %s ossim-framework failed (%s)" % (local_ip, data)
return True, "VPN node successfully connected."
def make_tunnel_with_vpn(system_ip,password):
"""Build the VPN tunnel with the given node"""
if not is_valid_ipv4(system_ip):
return False, "Invalid system ip: %s" % str(system_ip)
success, own_server_id = get_server_id_from_local()
if not success:
return success, "Error while retrieving server_id from local: %s" % str(own_server_id)
success, data = ansible_make_tunnel_with_vpn(system_ip=system_ip, local_server_id= get_hex_string_from_uuid(own_server_id), password=password)
if not success:
return success, data
print "Set VPN IP on the system table"
new_node_vpn_ip = data['client_end_point1']
if new_node_vpn_ip is None:
return False, "Cannot retrieve the new node VPN IP"
print "New Node VPN IP %s" % new_node_vpn_ip
success, data = get_system_id_from_system_ip(system_ip)
if success:# If the system is not on the system table is doesn't matter
success, data = set_system_vpn_ip(data, new_node_vpn_ip)
if not success:
return False, "Cannot set the new node vpn ip on the system table"
flush_cache(namespace="system")
return True, "VPN node successfully connected."
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Cannot retrieve the " + \
"local system id. %s" % str(local_system_id)
return success, error_msg
if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id):
error_msg = "You're trying to remove the local system, " + \
"which it's not allowed"
return False, error_msg
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "Cannot retrieve the system ip " + \
"for the given system-id %s" % (str(system_ip))
return success, error_msg
# Check whether the remote system is reachable or not:
try:
remote_system_is_reachable = ping_system(system_id, no_cache=True)
except APIException:
remote_system_is_reachable = False
# We need to take the sensor_id from the database before removing it from the db
(success_f, sensor_id) = get_sensor_id_from_system_id(system_id)
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
error_msg = "Cannot remove the system " + \
"from the database <%s>" % str(msg)
return success, error_msg
# 2 - Remove the firewall rules.
if success_f:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-sensor")
if not trigger_success:
api_log.error(msg)
else:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-server")
if not trigger_success:
api_log.error(msg)
# 3 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return (success,
# "Error while removing the remote certificates: %s" % str(msg))
# 4 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "Cannot retrieve the local ip " + \
"<%s>" % str(local_ip)
return success, error_msg
#Remove remote system certificates on the local system
success, msg = ansible_remove_certificates(system_ip=local_ip,
system_id_to_remove=system_id)
if not success:
return success, "Cannot remove the local certificates <%s>" % str(msg)
# 5 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
error_msg = "Cannot remove the system from the " + \
"ansible inventory file " + \
"<%s>" % str(aim_error)
return False, error_msg
# 6 - Try to connect to the child and remove the parent
# using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Cannot retrieve the server-id " + \
"from local <%s>" % str(msg)
return success, error_msg
if remote_system_is_reachable:
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
error_msg = "Cannot delete parent server in child <%s>" % str(msg)
return success, error_msg
return True, ""
msg = "The remote system is not reachable. " + \
"We had not been able to remove the parent configuration"
return True, msg
tasks_time_start.append(task_time)
prior_task = False
for ttime in tasks_time_start:
if ttime != my_start_time and ttime < my_start_time:
prior_task = True
break
except Exception, e:
logger.error("An error occurred running sync_databases: %s" % (str(e)))
return False, str(e)
if prior_task:
logger.info("Sync Databases: A sync task is already running. Bailing out")
return True, "A sync task is already running. Bailing out"
(success, local_id) = get_server_id_from_local()
if not success:
logger.error("Can't retrieve system_id.")
return False, "Can't retrieve system_id."
success, server_list = get_children_servers(local_id)
if not success:
logger.error("Can't retrieve children system list.")
return False, "Can't retrieve children system list."
for server_id in server_list:
try:
logger.debug("Trying to sync database from server %s" % server_id)
(success, msg) = sync_database_from_child(server_id)
if not success:
logger.debug("Sync database from server %s failed: %s" % (server_id, str(msg)))
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Cannot retrieve the " + \
"local system id. %s" % str(local_system_id)
return success, error_msg
if system_id == 'local' or get_hex_string_from_uuid(
local_system_id) == get_hex_string_from_uuid(system_id):
error_msg = "You're trying to remove the local system, " + \
"which it's not allowed"
return False, error_msg
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "Cannot retrieve the system ip " + \
"for the given system-id %s" % (str(system_ip))
return success, error_msg
# Check whether the remote system is reachable or not:
try:
remote_system_is_reachable = ping_system(system_id, no_cache=True)
except APIException:
remote_system_is_reachable = False
# We need to take the sensor_id from the database before removing it from the db
(success_f, sensor_id) = get_sensor_id_from_system_id(system_id)
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
error_msg = "Cannot remove the system " + \
"from the database <%s>" % str(msg)
return success, error_msg
# 2 - Remove the firewall rules.
if success_f:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-sensor")
if not trigger_success:
api_log.error(msg)
else:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-server")
if not trigger_success:
api_log.error(msg)
# 3 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return (success,
# "Error while removing the remote certificates: %s" % str(msg))
# 4 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "Cannot retrieve the local ip " + \
"<%s>" % str(local_ip)
return success, error_msg
#Remove remote system certificates on the local system
success, msg = ansible_remove_certificates(system_ip=local_ip,
system_id_to_remove=system_id)
if not success:
return success, "Cannot remove the local certificates <%s>" % str(msg)
# 5 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
error_msg = "Cannot remove the system from the " + \
"ansible inventory file " + \
"<%s>" % str(aim_error)
return False, error_msg
# 6 - Try to connect to the child and remove the parent
# using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Cannot retrieve the server-id " + \
"from local <%s>" % str(msg)
return success, error_msg
if remote_system_is_reachable:
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
error_msg = "Cannot delete parent server in child <%s>" % str(msg)
return success, error_msg
return True, ""
msg = "The remote system is not reachable. " + \
"We had not been able to remove the parent configuration"
return True, msg
