def update_hids_agents():
""" Task to update the info of hids agents of each sensor
"""
insert_message = False
send_refresh = False
not_linked_assets = 0
msg_id_binary = get_bytes_from_uuid("00000000-0000-0000-0000-000000010032")
delete_current_status_messages([msg_id_binary])
try:
success, systems = get_systems(system_type='Sensor',
directly_connected=True)
if not success:
logger.error("[update_hids_agents] %s" % str(systems))
raise APICannotRetrieveSystems()
success, local_system_id = get_system_id_from_local()
if not success:
logger.error("[update_hids_agents] %s" % str(local_system_id))
raise APICannotResolveLocalSystemID()
system_ids = [x[0] for x in systems]
if local_system_id not in system_ids:
system_ids.append(local_system_id)
for system_id in system_ids:
try:
not_linked_assets_by_sensor, new_host = update_system_hids_agents(
system_id)
# Update counter
not_linked_assets = not_linked_assets + not_linked_assets_by_sensor
if not_linked_assets_by_sensor > 0:
insert_message = True
if not send_refresh and new_host:
send_refresh = True
except APIException as e:
logger.error("[update_hids_agents] %s" % str(e))
except Exception as e:
logger.error("[update_hids_agents] %s" % str(e))
return False
if insert_message:
success, local_system_id = get_system_id_from_local()
additional_info = json.dumps({"not_linked_assets": not_linked_assets})
insert_current_status_message("00000000-0000-0000-0000-000000010032",
local_system_id, "system",
additional_info)
if send_refresh:
refresh_hosts()
return True
def start(self):
"""
Starts the monitor activity
:return: True on success, False otherwise
"""
self.remove_monitor_data()
monitor_data = {}
success, system_id = get_system_id_from_local()
if not success:
return False
# Just return if there is no internet connection.
if not self.__check_internet_connection__():
logger.error("Cannot connect to the Telemetry Server")
monitor_data['telemetry_server_connectivity'] = False
self.save_data(system_id, ComponentTypes.SYSTEM,
self.get_json_message(monitor_data))
return True
# Find the list of connected systems.
(result, sensor_dict) = get_systems('Sensor',
convert_to_dict=True,
exclusive=True)
if not result:
logger.error("Cannot retrieve connected sensors")
return False
(result, database_dict) = get_systems('Database',
convert_to_dict=True,
exclusive=True)
if not result:
logger.error("Cannot retrieve connected databases")
return False
system_dict = dict(sensor_dict, **database_dict)
result, local_system_id = get_system_id_from_local()
if not result:
logger.error("Cannot retrieve the local id")
return False
result, local_system_ip = get_system_ip_from_system_id(local_system_id)
if not result:
logger.error("Cannot retrieve the local IP address")
return False
system_dict = dict({local_system_id: local_system_ip}, **system_dict)
args = {
'output_type': 'ansible',
'plugin_list': ','.join(self.__strike_zone_plugins),
'verbose': 2
}
ansible_output = get_doctor_data(system_dict.values(), args)
if ansible_output.get('dark'):
logger.error('Cannot collect telemetry data: %s' %
str(ansible_output.get('dark')))
return False
return self.__send_data__(local_system_id, ansible_output)
def update_hids_agents():
""" Task to update the info of hids agents of each sensor
"""
insert_message = False
send_refresh = False
not_linked_assets = 0
msg_id_binary = get_bytes_from_uuid("00000000-0000-0000-0000-000000010032")
delete_current_status_messages([msg_id_binary])
try:
success, systems = get_systems(system_type='Sensor', directly_connected=True)
if not success:
logger.error("[update_hids_agents] %s" % str(systems))
raise APICannotRetrieveSystems()
success, local_system_id = get_system_id_from_local()
if not success:
logger.error("[update_hids_agents] %s" % str(local_system_id))
raise APICannotResolveLocalSystemID()
system_ids = [x[0] for x in systems]
if local_system_id not in system_ids:
system_ids.append(local_system_id)
for system_id in system_ids:
try:
not_linked_assets_by_sensor, new_host = update_system_hids_agents(system_id)
# Update counter
not_linked_assets = not_linked_assets + not_linked_assets_by_sensor
if not_linked_assets_by_sensor > 0:
insert_message = True
if not send_refresh and new_host:
send_refresh = True
except APIException as e:
logger.error("[update_hids_agents] %s" % str(e))
except Exception as e:
logger.error("[update_hids_agents] %s" % str(e))
return False
if insert_message:
success, local_system_id = get_system_id_from_local()
additional_info = json.dumps({"not_linked_assets": not_linked_assets})
insert_current_status_message("00000000-0000-0000-0000-000000010032", local_system_id, "system",
additional_info)
if send_refresh:
refresh_hosts()
return True
def start(self):
"""
Starts the monitor activity
:return: True on success, False otherwise
"""
self.remove_monitor_data()
monitor_data = {}
success, system_id = get_system_id_from_local()
if not success:
return False
# Just return if there is no internet connection.
if not self.__check_internet_connection__():
logger.error("Cannot connect to the Telemetry Server")
monitor_data['telemetry_server_connectivity'] = False
self.save_data(system_id,
ComponentTypes.SYSTEM,
self.get_json_message(monitor_data))
return True
# Find the list of connected systems.
(result, sensor_dict) = get_systems('Sensor', convert_to_dict=True, exclusive=True)
if not result:
logger.error("Cannot retrieve connected sensors")
return False
(result, database_dict) = get_systems('Database', convert_to_dict=True, exclusive=True)
if not result:
logger.error("Cannot retrieve connected databases")
return False
system_dict = dict(sensor_dict, **database_dict)
result, local_system_id = get_system_id_from_local()
if not result:
logger.error("Cannot retrieve the local id")
return False
result, local_system_ip = get_system_ip_from_system_id(local_system_id)
if not result:
logger.error("Cannot retrieve the local IP address")
return False
system_dict = dict({local_system_id: local_system_ip}, **system_dict)
args = {'output_type': 'ansible',
'plugin_list': ','.join(self.__strike_zone_plugins),
'verbose': 2}
ansible_output = get_doctor_data(system_dict.values(), args)
if ansible_output.get('dark'):
logger.error('Cannot collect telemetry data: %s' % str(ansible_output.get('dark')))
return False
return self.__send_data__(local_system_id, ansible_output)
def get_sensor_by_sensor_id(sensor_id):
"""Returns a Sensor object given a Sensor ID"""
try:
# Getting Sensor ID for local system
if sensor_id.lower() == 'local':
(success, system_id) = get_system_id_from_local()
if not success:
raise APICannotResolveLocalSystemID()
(success, local_sensor_id) = get_sensor_id_from_system_id(system_id)
if success and local_sensor_id:
sensor_id = local_sensor_id
if not is_valid_uuid(sensor_id):
raise APICannotResolveSensorID(sensor_id)
# Getting sensor information
success = True
sensor_id_bin = get_bytes_from_uuid(sensor_id.lower())
data = db.session.query(Sensor).filter(Sensor.id == sensor_id_bin).one()
except NoResultFound:
success = False
data = "No sensor found with the given ID"
except MultipleResultsFound:
success = False
data = "More than one sensor found with the given ID"
except Exception as ex:
db.session.rollback()
success = False
data = "Something wrong happen while retrieving the sensor {0}".format(ex)
return success, data
def start(self):
""" Starts the monitor activity
"""
self.remove_monitor_data()
monitor_data = {}
success, system_id = get_system_id_from_local()
if not success:
return False
# Load all system from current_local
logger.info("MCServer downloading messages")
messages, conn_failed = get_message_center_messages()
if conn_failed:
monitor_data['mc_server_connectivity'] = False
logger.error("Cannot connect to Message Center server")
self.save_data(system_id, ComponentTypes.SYSTEM,
self.get_json_message(monitor_data))
return True
# Save a current status message for each message on the list
success, data = load_external_messages_on_db(messages)
logger.info("MCServer messages donwloaded.. %s:%s" %
(success, str(data)))
return True
def get_plugin_sids_package(system_id, md5):
"""
Check the :system_id: system if its alienvault-plugin-sids
package has md5 sum of :md5:. Download the package from remote system.
check if not reconfig / update is running. Install package
"""
# First, check remote md5
rt = False
emsg = ''
try:
result, info = get_plugin_package_info_from_system_id(system_id)
if not result:
raise Exception("Can't obtain alienvault-plugin-sid info for system %s : %s" % (system_id, str(info)))
if info['md5'] != md5:
raise Exception("md5 provided doesn't match with stored md5")
# Use ansible to download file to temp directory
result, ipremote = get_system_ip_from_system_id(system_id)
if not result:
raise Exception("Can't obtain remote system ip")
result, iplocal = get_system_ip_from_local()
if not result:
raise Exception("Can't obtain local system ip")
result, idlocal = get_system_id_from_local()
if not result:
raise Exception("Can't obtain local system id")
# Create a temp file
temp = NamedTemporaryFile(delete=True)
tempname = temp.name
plugin_package = "alienvault-plugin-sids_" + info['version'] + "_all.deb"
remote_path = "/var/cache/apt/archives"
result, emsg = fetch_if_changed(ipremote,
os.path.join(remote_path, plugin_package),
iplocal,
tempname)
if not result:
raise Exception("Can't copy remote from %s file name %s Error: %s" % (ipremote, os.path.join(remote_path, plugin_package), emsg))
shutil.copy(tempname, remote_path)
# Atomic rename
os.rename(os.path.join(remote_path, os.path.basename(tempname)),
os.path.join(remote_path, plugin_package))
# Check if we're not updaing / configuring
result, status = check_update_and_reconfig_status(idlocal)
if not result:
raise Exception("Can't check current status reconfig / update")
if status['alienvault-update']['job_status'] == 'running':
raise Exception("alienvault-update running")
if status['alienvault-reconfig']['job_status'] == 'running':
raise Exception("alienvault-reconfig running")
if status['ossim-reconfig']['job_status'] == 'running':
raise Exception("ossim-reconfig running")
# Okey, install package
result, status = install_debian_package([iplocal], os.path.join(remote_path, plugin_package))
if not result:
raise Exception("Can't install %s" % os.path.join(remote_path, plugin_package))
rt = True
emsg = ''
except Exception as excep:
emsg = str(excep)
rt = False
return (rt, emsg)
def main():
profile = ossim_setup.get_general_profile()
if profile == 'Database':
return
try:
status, ip_list = db_get_systems()
except AssertionError:
# Show additional notification on sensors.
print("Warning: Please reset the AlienVault API key on connected server to avoid connectivity issues!\n")
return
if not status or not ip_list:
return
(success, local_system_id) = get_system_id_from_local()
if not success:
return
local_ip = ossim_setup.get_general_admin_ip(refresh=True)
# There is no need to add system itself - remove it from list.
if local_ip in ip_list:
ip_list.remove(local_ip)
last_asset = ip_list[-1] if ip_list else None
for remote_system_ip in ip_list:
if not add_system_with_new_key(local_system_id, remote_system_ip):
# Skip this step if current asset is the last in the list.
if remote_system_ip != last_asset and not confirm('Do you want to continue with other components?',
default=True):
sys.exit('Failed to add remote system {} with a new API key. Exiting...'.format(remote_system_ip))
def get_plugin_sids_package(system_id, md5):
"""
Check the :system_id: system if its alienvault-plugin-sids
package has md5 sum of :md5:. Download the package from remote system.
check if not reconfig / update is running. Install package
"""
# First, check remote md5
rt = False
emsg = ''
try:
result, info = get_plugin_package_info_from_system_id(system_id)
if not result:
raise Exception("Can't obtain alienvault-plugin-sid info for system %s : %s" % (system_id, str(info)))
if info['md5'] != md5:
raise Exception("md5 provided doesn't match with stored md5")
# Use ansible to download file to temp directory
result, ipremote = get_system_ip_from_system_id(system_id)
if not result:
raise Exception("Can't obtain remote system ip")
result, iplocal = get_system_ip_from_local()
if not result:
raise Exception("Can't obtain local system ip")
result, idlocal = get_system_id_from_local()
if not result:
raise Exception("Can't obtain local system id")
# Create a temp file
temp = NamedTemporaryFile(delete=True)
tempname = temp.name
plugin_package = "alienvault-plugin-sids_" + info['version'] + "_all.deb"
remote_path = "/var/cache/apt/archives"
result, emsg = fetch_if_changed(ipremote,
os.path.join(remote_path, plugin_package),
iplocal,
tempname)
if not result:
raise Exception("Can't copy remote from %s file name %s Error: %s" % (ipremote, os.path.join(remote_path, plugin_package), emsg))
shutil.copy(tempname, remote_path)
# Atomic rename
os.rename(os.path.join(remote_path, os.path.basename(tempname)),
os.path.join(remote_path, plugin_package))
# Check if we're not updaing / configuring
result, status = check_update_and_reconfig_status(idlocal)
if not result:
raise Exception("Can't check current status reconfig / update")
if status['alienvault-update']['job_status'] == 'running':
raise Exception("alienvault-update running")
if status['alienvault-reconfig']['job_status'] == 'running':
raise Exception("alienvault-reconfig running")
if status['ossim-reconfig']['job_status'] == 'running':
raise Exception("ossim-reconfig running")
# Okey, install package
result, status = install_debian_package([iplocal], os.path.join(remote_path, plugin_package))
if not result:
raise Exception("Can't install %s" % os.path.join(remote_path, plugin_package))
rt = True
emsg = ''
except Exception as excep:
emsg = str(excep)
rt = False
return (rt, emsg)
def start(self):
""" Starts the monitor activity
"""
monitor_data = {"pulses_download_fail": False, "old_otx_key": False}
self.remove_monitor_data()
success, system_id = get_system_id_from_local()
if not success:
return False
# Load all system from current_local
logger.info("[MonitorDownloadPulses] downloading pulses started...")
success, otx_config = apimethod_get_open_threat_exchange_config()
if success:
if otx_config["token"]:
try:
otx = OTXv2(key=otx_config["token"])
#Checking that the key is an valid OTX v2
if otx_config["key_version"] < "2":
monitor_data['old_otx_key'] = True
otx.download_pulses()
except Exception, err:
logger.error("Cannot Download Pulses: %s" % str(err))
monitor_data['pulses_download_fail'] = True
def start(self):
""" Starts the monitor activity
"""
monitor_data = {"pulses_download_fail": False, "old_otx_key": False}
self.remove_monitor_data()
success, system_id = get_system_id_from_local()
if not success:
return False
# Load all system from current_local
logger.info("[MonitorDownloadPulses] downloading pulses started...")
success, otx_config = apimethod_get_open_threat_exchange_config()
if success:
if otx_config["token"]:
try:
otx = OTXv2(key=otx_config["token"])
#Checking that the key is an valid OTX v2
if otx_config["key_version"] < "2":
monitor_data['old_otx_key'] = True
otx.download_pulses()
except Exception, err:
logger.error("Cannot Download Pulses: %s" % str(err))
monitor_data['pulses_download_fail'] = True
def add_server(server_ip, password):
"""
Add a new system.
"""
if not is_valid_ipv4(server_ip):
return False, "Invalid IP format: %s" % server_ip
(success, local_system_id) = get_system_id_from_local()
if not success:
return success, "Error retrieving the local system id"
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=server_ip,
password=password)
if not success:
return success, "Cannot add the server to the system"
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-add-server")
if not trigger_success:
api_log.error(msg)
(success, response) = get_remote_server_id_from_server_ip(server_ip)
return (success, response)
def add_server(server_ip, password):
"""
Add a new system.
"""
if not is_valid_ipv4(server_ip):
return False, "Invalid IP format: %s" % server_ip
(success, local_system_id) = get_system_id_from_local()
if not success:
return success, "Error retrieving the local system id"
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=server_ip,
password=password)
if not success:
return success, "Cannot add the server to the system"
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-add-server")
if not trigger_success:
api_log.error(msg)
(success, response) = get_remote_server_id_from_server_ip(server_ip)
return (success, response)
def make_backup_in_all_systems(backup_type):
"""
Make the backup for:
- Local system
- All connected remote sensors
return True if all the backups finished successfully, False otherwise
"""
result, systems = get_systems(system_type='Sensor',
directly_connected=True)
if not result:
notifier.error("An error occurred while making the Backup " +
"[%s]. Cant' retrieve the systems " % backup_type)
return False
result, local_system_id = get_system_id_from_local()
if not result:
notifier.error("An error occurred while making the Backup " +
"[%s]. Cant' retrieve the systems " % backup_type)
return False
system_ids = [x[0] for x in systems]
if local_system_id not in system_ids:
system_ids.append(local_system_id)
all_backups_ok = True
for system_id in system_ids:
success, msg = make_system_backup(system_id=system_id,
backup_type=backup_type,
rotate=True)
if not success:
all_backups_ok = False
return all_backups_ok
def monitor_download_pulses_ha():
"""Monitor for new pulses (HA Environments)
Returns:
True if successful, False otherwise
"""
rt = False
ha_enabled = False
try:
is_otx_enabled = apimethod_is_otx_enabled()
if is_otx_enabled is True:
system_id = get_system_id_from_local()[1]
success, system_info = system_status(system_id)
if success is False:
APICannotRetrieveSystems()
if 'ha_status' in system_info and system_info['ha_status'] == 'up':
logger.info("Monitor MonitorDownloadPulses [HA] started")
ha_enabled = True
monitor = MonitorDownloadPulses()
rt = monitor.start()
except:
rt = False
if ha_enabled is True:
logger.info("Monitor MonitorDownloadPulses [HA] stopped")
return rt
def monitor_download_pulses_ha():
"""Monitor for new pulses (HA Environments)
Returns:
True if successful, False otherwise
"""
rt = False
ha_enabled = False
try:
is_otx_enabled = apimethod_is_otx_enabled()
if is_otx_enabled is True:
system_id = get_system_id_from_local()[1]
success, system_info = system_status(system_id)
if success is False:
APICannotRetrieveSystems()
if 'ha_status' in system_info and system_info['ha_status'] == 'up':
logger.info("Monitor MonitorDownloadPulses [HA] started")
ha_enabled = True
monitor = MonitorDownloadPulses()
rt = monitor.start()
except:
rt = False
if ha_enabled is True:
logger.info("Monitor MonitorDownloadPulses [HA] stopped")
return rt
def start(self):
""" Starts the monitor activity
"""
self.remove_monitor_data()
monitor_data = {}
success, system_id = get_system_id_from_local()
if not success:
return False
# Load all system from current_local
logger.info("MCServer downloading messages")
messages, conn_failed = get_message_center_messages()
if conn_failed:
monitor_data['mc_server_connectivity'] = False
logger.error("Cannot connect to Message Center server")
self.save_data(system_id,
ComponentTypes.SYSTEM,
self.get_json_message(monitor_data))
return True
# Save a current status message for each message on the list
success, data = load_external_messages_on_db(messages)
logger.info("MCServer messages donwloaded.. %s:%s" % (success, str(data)))
return True
def put_passfile_scenario1_restore():
result, system_id = get_system_id_from_local()
if not result:
raise KeyboardInterrupt()
base_path = "/var/alienvault/%s/ossec/" % system_id
pass_file = base_path + "agentless/.passlist"
pass_file_backup = base_path + "agentless/.passlist.bk"
remotely_restore_file(ossim_setup.get_general_admin_ip(), pass_file_backup, pass_file)
remotely_remove_file(ossim_setup.get_general_admin_ip(), pass_file_backup)
def put_passfile_scenario1_restore():
result, system_id = get_system_id_from_local()
if not result:
raise KeyboardInterrupt()
base_path = "/var/alienvault/%s/ossec/" % system_id
pass_file = base_path + "agentless/.passlist"
pass_file_backup = base_path + "agentless/.passlist.bk"
remotely_restore_file(ossim_setup.get_general_admin_ip(), pass_file_backup,
pass_file)
remotely_remove_file(ossim_setup.get_general_admin_ip(), pass_file_backup)
def get_plugin_package_info_local():
"""
Get the alienvault-plugin-sids version from local system
"""
(success, system_id) = get_system_id_from_local()
if success:
result = get_plugin_package_info_from_system_id(system_id)
else:
api_log.error(str(system_id))
result = (False, "Can't get plugins version/md5 information for local system")
return result
def get_plugin_package_info_local():
"""
Get the alienvault-plugin-sids version from local system
"""
(success, system_id) = get_system_id_from_local()
if success:
result = get_plugin_package_info_from_system_id(system_id)
else:
api_log.error(str(system_id))
result = (False, "Can't get plugins version/md5 information for local system")
return result
def get_base_path_from_sensor_id(sensor_id):
if sensor_id == 'local':
rt, system_id = get_system_id_from_local()
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
rt, system_id = get_system_id_from_sensor_id(sensor_id)
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
def get_base_path_from_sensor_id(sensor_id):
if sensor_id == 'local':
rt, system_id = get_system_id_from_local()
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
rt, system_id = get_system_id_from_sensor_id(sensor_id)
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
def add_ha_system(system_ip, password, add_to_database=True):
"""
Add an HA system using system ip.
Args:
system_ip (str): IP address of the system to add to HA
password (str): root password of the system to add
Returns:
success (bool): True if OK, False elsewhere
response (str): Result message
"""
# Get local IP
(success, local_system_id) = get_system_id_from_local()
if not success:
error_msg = "[add_ha_system] Something wrong happened retrieving " + \
"the local system id"
return success, error_msg
# Exchange certificates
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=system_ip,
password=password)
if not success:
api_log.error(response)
return success, "Something wrong happened adding the system"
# Get remote system info
(success, system_info) = ansible_get_system_info(system_ip)
if not success:
api_log.error(system_info)
return success, "Something wrong happened getting the system info"
# Insert system into the database
if not system_info['admin_ip']:
system_info['admin_ip'] = system_ip
if add_to_database:
profile_str = ','.join(system_info['profile'])
(success, msg) = db_add_system(system_id=system_info['system_id'],
name=system_info['hostname'],
admin_ip=system_info['admin_ip'],
vpn_ip=system_info['vpn_ip'],
profile=profile_str,
server_id=system_info['server_id'],
sensor_id=system_info['sensor_id'])
if not success:
api_log.error(msg)
error_msg = "Something wrong happened inserting " + \
"the system into the database"
return (False, error_msg)
return success, response
def add_ha_system(system_ip, password, add_to_database=True):
"""
Add an HA system using system ip.
Args:
system_ip (str): IP address of the system to add to HA
password (str): root password of the system to add
Returns:
success (bool): True if OK, False elsewhere
response (str): Result message
"""
# Get local IP
(success, local_system_id) = get_system_id_from_local()
if not success:
error_msg = "[add_ha_system] Something wrong happened retrieving " + \
"the local system id"
return success, error_msg
# Exchange certificates
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=system_ip,
password=password)
if not success:
api_log.error(response)
return success, "Something wrong happened adding the system"
# Get remote system info
(success, system_info) = ansible_get_system_info(system_ip)
if not success:
api_log.error(system_info)
return success, "Something wrong happened getting the system info"
# Insert system into the database
if not system_info['admin_ip']:
system_info['admin_ip'] = system_ip
if add_to_database:
profile_str = ','.join(system_info['profile'])
(success, msg) = db_add_system(system_id=system_info['system_id'],
name=system_info['hostname'],
admin_ip=system_info['admin_ip'],
vpn_ip=system_info['vpn_ip'],
profile=profile_str,
server_id=system_info['server_id'],
sensor_id=system_info['sensor_id'])
if not success:
api_log.error(msg)
error_msg = "Something wrong happened inserting " + \
"the system into the database"
return (False, error_msg)
return success, response
def insert_current_status_message(message_id, component_id, component_type, additional_info=None, replace=False):
"""Inserts a new notification on the system. The related message id should exists.
Args:
message_id (str:uuid string): Message id related with the notification
component_id(str:uuid string): Component id related with the notification (Could be none for external messages)
component_type(str): Component type. Allowed values: ('net','host','user','sensor','server','system','external')
additional_info (str:json): Additional information you want to store.
Returns:
success(bool): True if the operation went well, False otherwise
msg(str): A message string that will contain some kind of information in case of error"""
if component_id == "local":
success, component_id = get_system_id_from_local()
if not success:
return False, "Cannot retrieve the local system id"
return db_insert_current_status_message(message_id, component_id, component_type, additional_info, replace)
def add_sensor(sensor_id, password):
"""
Add the system for sensor_id
"""
(success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
return (False, system_ip)
(success, local_system_id) = ret = get_system_id_from_local()
if not success:
return ret
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=system_ip,
password=password)
return (success, response)
def add_sensor(sensor_id, password):
"""
Add the system for sensor_id
"""
(success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
return (False, system_ip)
(success, local_system_id) = ret = get_system_id_from_local()
if not success:
return ret
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=system_ip,
password=password)
return (success, response)
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
return success, "Error: Can not retrieve the local system id. %s" %str(local_system_id)
if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id):
return False, "Error: You're trying to remove the local system, which it's not allowed"
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
return success, "Error retrieving the system ip for the system id %s -> %s" % (system_ip, str(system_ip))
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
return success, "Error while removing the system from the database: %s" % str(msg)
# 2 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return success, "Error while removing the remote certificates: %s" % str(msg)
# 3 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Error while getting the local ip: %s" % str(local_ip)
success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id)
if not success:
return success, "Error while removing the local certificates: %s" % str(msg)
# 4 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
return False, "An error occurred while removing the system from the ansible inventory file: %s" % str(aim_error)
# 5 - Try to connect to the child and remove the parent using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
return success, "Error while retrieving server_id from local: %s" % str(msg)
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
return success, "Error while deleting parent server in child: %s" % str(msg)
return True, ""
def add_server(server_ip, password):
"""
Add a new system.
"""
if not is_valid_ipv4(server_ip):
return False, "Invalid IP format: %s" % server_ip
(success, local_system_id) = get_system_id_from_local()
if not success:
return success, "Error retrieving the local system id"
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=server_ip,
password=password)
if not success:
return success, "Cannot add the server to the system"
(success, response) = get_remote_server_id_from_server_ip(server_ip)
return (success, response)
def make_backup_in_all_systems(backup_type):
"""
Make the backup for:
- Local system
- All connected remote sensors
return True if all the backups finished successfully, False otherwise
"""
result, systems = get_systems(system_type='Sensor',
directly_connected=True)
if not result:
notifier.error(
"An error occurred while making the Backup [%s]. Cant' retrieve the systems "
% backup_type)
return False
result, local_system_id = get_system_id_from_local()
if not result:
notifier.error(
"An error occurred while making the Backup [%s]. Cant' retrieve the system ID"
% backup_type)
return False
system_ids = [x[0] for x in systems]
if local_system_id not in system_ids:
system_ids.append(local_system_id)
# Get server ip in case of distributed deployment (Because only server has the UI / possibility to set backup_pass)
success, server_ip = get_system_ip_from_system_id(local_system_id)
if not success:
return False
all_backups_ok = True
backup_config_pass = ansible_get_backup_config_pass(server_ip)
for system_id in system_ids:
success, msg = make_system_backup(system_id=system_id,
backup_type=backup_type,
rotate=True,
backup_pass=backup_config_pass)
if not success:
all_backups_ok = False
return all_backups_ok
def get_base_path_from_server_id(server_id):
""" Get base path from server ID
Args:
server_id (str): Server ID
Returns:
String with the corresponding base path
"""
if server_id == 'local':
rt, system_id = get_system_id_from_local()
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
rt, system_id = get_system_id_from_server_id(server_id)
if not rt:
return False, "Can't retrieve the system id for server id %s: %s" % (server_id, system_id)
return True, get_base_path_from_system_id(system_id)
def start(self):
"""
Start monitor. Connect to database is local
"""
(success, system_id) = get_system_id_from_local()
if not success:
api_log.error("Can't get local system_id")
return False
self.remove_monitor_data()
# OSSIM must not tell to migrate the DB
rc, pro = system_is_professional(system_id)
if not pro:
return True
(success, result) = check_any_innodb_tables()
mresult = False
if success:
if len(result) > 0:
# I need the component ID
# (success, result) = insert_current_status_message("00000000-0000-0000-0000-000000010017",
# system_id, "system", str(result))
self.save_data(
system_id, ComponentTypes.SYSTEM,
self.get_json_message({
"has_innodb": True,
"innodb_tables": result
}))
if not success:
api_log.error("Can't insert notification into system: %s" %
str(result))
mresult = False
else:
mresult = True
else:
mresult = True # No messages to insert
else:
api_log.error("Can't check current database engine")
mresult = False
return mresult
def get_base_path_from_server_id(server_id):
""" Get base path from server ID
Args:
server_id (str): Server ID
Returns:
String with the corresponding base path
"""
if server_id == 'local':
rt, system_id = get_system_id_from_local()
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
rt, system_id = get_system_id_from_server_id(server_id)
if not rt:
return False, "Can't retrieve the system id for server id %s: %s" % (
server_id, system_id)
return True, get_base_path_from_system_id(system_id)
def insert_current_status_message(message_id,
component_id,
component_type,
additional_info=None,
replace=False):
"""Inserts a new notification on the system. The related message id should exists.
Args:
message_id (str:uuid string): Message id related with the notification
component_id(str:uuid string): Component id related with the notification (Could be none for external messages)
component_type(str): Component type. Allowed values: ('net','host','user','sensor','server','system','external')
additional_info (str:json): Additional information you want to store.
Returns:
success(bool): True if the operation went well, False otherwise
msg(str): A message string that will contain some kind of information in case of error"""
if component_id == "local":
success, component_id = get_system_id_from_local()
if not success:
return False, "Cannot retrieve the local system id"
return db_insert_current_status_message(message_id, component_id,
component_type, additional_info,
replace)
def get_system(self):
_, system_id = get_system_id_from_local()
system_id_bin = get_bytes_from_uuid(system_id)
system_info = db.session.query(
System.name,
System.admin_ip,
System.vpn_ip,
System.ha_ip
).filter(System.id == system_id_bin).one()
system_name = system_info[0]
system_admin_ip = get_ip_str_from_bytes(system_info[1])
system_vpn_ip = get_ip_str_from_bytes(system_info[2])
system_ha_ip = get_ip_str_from_bytes(system_info[3])
return self._system_constructor(
system_id,
system_name,
system_admin_ip,
system_vpn_ip,
system_ha_ip
)
def get_local_info():
"""
Get all the information available about the local system.
"""
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Something wrong happened retrieving " + \
"the local system id"
return success, error_msg
success, system_data = get_all()
if not success:
error_msg = "Something wrong happened retrieving " + \
"the system info"
return success, error_msg
if local_system_id in system_data:
return True, system_data[local_system_id]
else:
error_msg = "Something wrong happened retrieving " + \
"the local system info"
return False, error_msg
def get_local_info():
"""
Get all the information available about the local system.
"""
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Something wrong happened retrieving " + \
"the local system id"
return success, error_msg
success, system_data = get_all()
if not success:
error_msg = "Something wrong happened retrieving " + \
"the system info"
return success, error_msg
if local_system_id in system_data:
return True, system_data[local_system_id]
else:
error_msg = "Something wrong happened retrieving " + \
"the local system info"
return False, error_msg
def start(self):
"""
Start monitor. Connect to database is local
"""
(success, system_id) = get_system_id_from_local()
if not success:
api_log.error("Can't get local system_id")
return False
self.remove_monitor_data()
# OSSIM must not tell to migrate the DB
rc, pro = system_is_professional(system_id)
if not pro:
return True
(success, result) = check_any_innodb_tables()
mresult = False
if success:
if len(result) > 0:
# I need the component ID
# (success, result) = insert_current_status_message("00000000-0000-0000-0000-000000010017",
# system_id, "system", str(result))
self.save_data(system_id,
ComponentTypes.SYSTEM,
self.get_json_message({"has_innodb": True,
"innodb_tables": result}))
if not success:
api_log.error("Can't insert notification into system: %s" % str(result))
mresult = False
else:
mresult = True
else:
mresult = True # No messages to insert
else:
api_log.error("Can't check current database engine")
mresult = False
return mresult
def put_passfile_scenario2_prepare():
raw_file="""[email protected]|mypasss123|"""
result, system_id = get_system_id_from_local()
if not result:
raise KeyboardInterrupt()
base_path = "/var/alienvault/%s/ossec/" % system_id
pass_file = base_path + "agentless/.passlist"
pass_file_backup = base_path + "agentless/.passlist.bk"
ossec_pass_file = "/var/ossec/agentless/.passlist"
ossec_pass_file_backup = "/var/ossec/agentless/.passlist.bk"
remotely_backup_file(ossim_setup.get_general_admin_ip(),pass_file,
pass_file_backup)
remotely_remove_file(ossim_setup.get_general_admin_ip(), pass_file)
remotely_backup_file(ossim_setup.get_general_admin_ip(),ossec_pass_file,
ossec_pass_file_backup)
remotely_remove_file(ossim_setup.get_general_admin_ip(), ossec_pass_file)
f = open(pass_file,"w")
f.write(raw_file)
f.close()
def put_passfile_scenario2_prepare():
raw_file = """[email protected]|mypasss123|"""
result, system_id = get_system_id_from_local()
if not result:
raise KeyboardInterrupt()
base_path = "/var/alienvault/%s/ossec/" % system_id
pass_file = base_path + "agentless/.passlist"
pass_file_backup = base_path + "agentless/.passlist.bk"
ossec_pass_file = "/var/ossec/agentless/.passlist"
ossec_pass_file_backup = "/var/ossec/agentless/.passlist.bk"
remotely_backup_file(ossim_setup.get_general_admin_ip(), pass_file,
pass_file_backup)
remotely_remove_file(ossim_setup.get_general_admin_ip(), pass_file)
remotely_backup_file(ossim_setup.get_general_admin_ip(), ossec_pass_file,
ossec_pass_file_backup)
remotely_remove_file(ossim_setup.get_general_admin_ip(), ossec_pass_file)
f = open(pass_file, "w")
f.write(raw_file)
f.close()
def update_newest_plugin_sids():
"""
Update plugins in the local system
"""
result = False
emsg = ''
try:
# Get the local system_id
result, local_system_id = get_system_id_from_local()
if not result:
raise Exception("Can't obtain the local system_id")
remote_system_id, md5 = get_newest_plugin_system()
if remote_system_id is None or local_system_id == remote_system_id:
raise Exception('Nothing to update')
result, emsg = get_plugin_sids_package(remote_system_id, md5)
if not result:
raise Exception(emsg)
result = True
emsg = 'System update correctly'
except Exception as excep:
result = False
emsg = str(excep)
return (result, emsg)
def update_newest_plugin_sids():
"""
Update plugins in the local system
"""
result = False
emsg = ''
try:
# Get the local system_id
result, local_system_id = get_system_id_from_local()
if not result:
raise Exception("Can't obtain the local system_id")
remote_system_id, md5 = get_newest_plugin_system()
if remote_system_id is None or local_system_id == remote_system_id:
raise Exception('Nothing to update')
result, emsg = get_plugin_sids_package(remote_system_id, md5)
if not result:
raise Exception(emsg)
result = True
emsg = 'System update correctly'
except Exception as excep:
result = False
emsg = str(excep)
return (result, emsg)
def get_sensor_by_sensor_id(sensor_id):
"""Returns a Sensor object given a Sensor ID"""
try:
# Getting Sensor ID for local system
if sensor_id.lower() == 'local':
(success, system_id) = get_system_id_from_local()
if not success:
raise APICannotResolveLocalSystemID()
(success,
local_sensor_id) = get_sensor_id_from_system_id(system_id)
if success and local_sensor_id:
sensor_id = local_sensor_id
if not is_valid_uuid(sensor_id):
raise APICannotResolveSensorID(sensor_id)
# Getting sensor information
success = True
sensor_id_bin = get_bytes_from_uuid(sensor_id.lower())
data = db.session.query(Sensor).filter(
Sensor.id == sensor_id_bin).one()
except NoResultFound:
success = False
data = "No sensor found with the given ID"
except MultipleResultsFound:
success = False
data = "More than one sensor found with the given ID"
except Exception as ex:
db.session.rollback()
success = False
data = "Something wrong happen while retrieving the sensor {0}".format(
ex)
return success, data
def make_backup_in_all_systems(backup_type):
"""
Make the backup for:
- Local system
- All connected remote sensors
return True if all the backups finished successfully, False otherwise
"""
result, systems = get_systems(system_type='Sensor', directly_connected=True)
if not result:
notifier.error("An error occurred while making the Backup [%s]. Cant' retrieve the systems " % backup_type)
return False
result, local_system_id = get_system_id_from_local()
if not result:
notifier.error("An error occurred while making the Backup [%s]. Cant' retrieve the system ID" % backup_type)
return False
system_ids = [x[0] for x in systems]
if local_system_id not in system_ids:
system_ids.append(local_system_id)
# Get server ip in case of distributed deployment (Because only server has the UI / possibility to set backup_pass)
success, server_ip = get_system_ip_from_system_id(local_system_id)
if not success:
return False
all_backups_ok = True
backup_config_pass = ansible_get_backup_config_pass(server_ip)
for system_id in system_ids:
success, msg = make_system_backup(system_id=system_id,
backup_type=backup_type,
rotate=True,
backup_pass=backup_config_pass)
if not success:
all_backups_ok = False
return all_backups_ok
except Exception, msg:
app.logger.warning("Error loading messages in database")
# Log permissions
try:
if os.path.isdir("/var/log/alienvault/api"):
for api_logfile in os.listdir("/var/log/alienvault/api"):
os.chmod("/var/log/alienvault/api/%s" % api_logfile, 0644)
except Exception as e:
pass
# Purge celery-once references from redis
from celery_once.helpers import queue_once_key
from celery_once.tasks import QueueOnce
from db.methods.system import get_system_id_from_local
system_id = get_system_id_from_local()[1]
args = {'system_id': u'%s' % system_id}
task_name = "celerymethods.tasks.backup_tasks.backup_configuration_for_system_id"
key = queue_once_key(task_name, args, None)
aux = QueueOnce()
aux.clear_lock(key)
# This is the recommended way of packaging a Flask app.
# This seems to be a hack to avoid circulat imports.
# See http://flask.pocoo.org/docs/patterns/packages/
import api.views
# (Keep pyflakes quiet)
views
login_manager.login_view = "auth.login"
def add_system_from_ip(system_ip, password, add_to_database=True):
"""
Add a new system usign system ip.
"""
(success, local_system_id) = get_system_id_from_local()
if not success:
return success, "Something wrong happened retrieving the local system id"
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=system_ip,
password=password)
if not success:
api_log.error(response)
return success, response
(success, system_info) = ansible_get_system_info(system_ip)
if not success:
api_log.error(system_info)
return success, "Something wrong happened getting the system info"
sensor_id = None
if 'server' in system_info['profile']:
# - Do not add the child server when I'm myself
if system_info['server_id'] != local_system_id:
success, msg = add_child_server(system_ip, system_info['server_id'])
if not success:
api_log.error(str(msg))
return False, "Something wrong happened setting the child server"
if 'sensor' in system_info['profile']:
if 'server' in system_info['profile'] and system_info['sensor_id']:
# sensor and sensor profiles come with its own sensor_id
sensor_id = system_info['sensor_id']
else:
# get sensor_id from ip
sensor_ip = system_ip
if system_info['vpn_ip']:
sensor_ip = system_info['vpn_ip']
(success, sensor_id) = get_sensor_id_from_sensor_ip(sensor_ip)
if not success:
api_log.error(str(sensor_id))
sensor_id = None
system_info['sensor_id'] = sensor_id
if not system_info['admin_ip']:
system_info['admin_ip'] = system_ip
if add_to_database:
profile_str = ','.join(system_info['profile'])
(success, msg) = db_add_system(system_id=system_info['system_id'],
name=system_info['hostname'],
admin_ip=system_info['admin_ip'],
vpn_ip=system_info['vpn_ip'],
profile=profile_str,
server_id=system_info['server_id'],
sensor_id=system_info['sensor_id'])
if not success:
api_log.error(msg)
return (False, "Something wrong happened inserting the system into the database")
(success, msg) = create_directory_for_ossec_remote(system_info['system_id'])
if not success:
api_log.error(msg)
return (False, msg)
return (True, system_info)
api_log.info(info_msg)
# Check first line of sync.sql file for mySQL restart option
f.seek(0, 0)
restart_db = "RESTART OSSIM-SERVER" in f.readline()
# Restart SQL server if needed
if restart_db:
try:
restart_ossim_server(local_ip)
except Exception, err:
error_msg = "An error occurred while restarting " + \
"MySQL server: %s" % str(err)
return False, error_msg
# Check server_forward_role and generate sync.sql
(success, local_id) = get_system_id_from_local()
if success and has_forward_role(local_id):
try:
generate_sync_sql(local_ip, restart_db)
except Exception, err:
error_msg = "An error occurred while generating " + \
"sync.sql file: %s" % str(err)
return False, error_msg
return True, "[Apimethod sync_database_from_child] SQL sync successful"
@use_cache(namespace="system_packages", expire=84600)
def apimethod_get_update_info(system_id, no_cache=False):
"""Retrieves the system update information
Args:
def start(self):
""" Starts the monitor activity
"""
try:
# Remove the previous monitor data.
self.remove_monitor_data()
monitor_data = {}
success, system_id = get_system_id_from_local()
if not success:
return False
# Now
now = int(time.time())
# Firstly, wizard data!
wizard_dict = {}
success, start_welcome_wizard, welcome_wizard_date = get_wizard_data(
)
if not success:
api_log.error("There was an error retrieving the wizard data")
wizard_shown = True
if start_welcome_wizard == 2:
# if difference between now and welcome_wizard_date is less
# than a week, display message
if (now - welcome_wizard_date) < 420:
wizard_shown = False
wizard_dict['wizard_shown'] = wizard_shown
monitor_data[
self.__WEB_MESSAGES['MESSAGE_WIZARD_SHOWN']] = wizard_dict
# Time to look for orphan sensors
orphan_sensors_dict = {}
success, message = check_any_orphan_sensor()
orphan_sensors = False
if not success:
api_log.error(message)
orphan_sensors = True
orphan_sensors_dict['orphan_sensors'] = orphan_sensors
monitor_data[self.__WEB_MESSAGES[
'MESSAGE_SENSOR_NOT_INSERTED']] = orphan_sensors_dict
# Has the trial version expired?
success, expires, message = get_trial_expiration_date()
trial_expired = False
trial_expires_7days = False
trial_expires_2days = False
if not success:
rc, pro = system_is_professional()
if rc:
if pro:
# OK, we have an error here
api_log.error(message)
else:
pass
else:
# expire=9999-12-31
expiration_date = expires.split('=')[1]
if expiration_date:
mktime_expression = datetime.datetime.strptime(
expiration_date, "%Y-%m-%d").timetuple()
expires = int(time.mktime(mktime_expression))
one_week_left = now - 604800
two_days_left = now - 172800
if expires < one_week_left:
trial_expires_7days = True
elif expires < two_days_left:
trial_expires_2days = True
elif expires < now:
trial_expired = True
else:
pass
else:
if os.path.isfile("/etc/ossim/ossim.lic"):
api_log.warning(
"Valid license but no web admin user found!")
else:
api_log.debug(
"Expiration date can't be determined: License file not found"
)
monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRED"]] = {
'trial_checked': success,
'trial_expired': trial_expired
}
monitor_data[
self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_7DAYS"]] = {
'trial_checked': success,
'trial_expired': trial_expires_7days
}
monitor_data[
self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_2DAYS"]] = {
'trial_checked': success,
'trial_expired': trial_expires_2days
}
# Check max number of assets
assets = len(get_asset_list())
contracted_devices = get_license_devices()
over_assets = False
exceeding_assets = 0
#if assets > contracted_devices:
# exceeding_assets = assets - contracted_devices
# over_assets = True
monitor_data[self.__WEB_MESSAGES["MESSAGE_LICENSE_VIOLATION"]] = {
'over_assets': over_assets,
'exceeding_assets': exceeding_assets
}
# OTX contribution
otx_enabled = apimethod_is_otx_enabled()
monitor_data[self.__WEB_MESSAGES["MESSAGE_OTX_CONNECTION"]] = {
'otx_enabled': otx_enabled
}
# Backup in progress?
success, running, message = check_backup_process_running()
if not success:
api_log.error(message)
monitor_data[self.__WEB_MESSAGES["MESSAGE_BACKUP_RUNNING"]] = {
'backup_check': success,
'backup_running': running
}
# Save monitor data
self.save_data(system_id, ComponentTypes.SYSTEM,
self.get_json_message(monitor_data))
except Exception as err:
api_log.error(
"Error processing WebUIData monitor information: %s" %
str(err))
return False
return True
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Cannot retrieve the " + \
"local system id. %s" % str(local_system_id)
return success, error_msg
if system_id == 'local' or get_hex_string_from_uuid(
local_system_id) == get_hex_string_from_uuid(system_id):
error_msg = "You're trying to remove the local system, " + \
"which it's not allowed"
return False, error_msg
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "Cannot retrieve the system ip " + \
"for the given system-id %s" % (str(system_ip))
return success, error_msg
# Check whether the remote system is reachable or not:
try:
remote_system_is_reachable = ping_system(system_id, no_cache=True)
except APIException:
remote_system_is_reachable = False
# We need to take the sensor_id from the database before removing it from the db
(success_f, sensor_id) = get_sensor_id_from_system_id(system_id)
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
error_msg = "Cannot remove the system " + \
"from the database <%s>" % str(msg)
return success, error_msg
# 2 - Remove the firewall rules.
if success_f:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-sensor")
if not trigger_success:
api_log.error(msg)
else:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-server")
if not trigger_success:
api_log.error(msg)
# 3 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return (success,
# "Error while removing the remote certificates: %s" % str(msg))
# 4 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "Cannot retrieve the local ip " + \
"<%s>" % str(local_ip)
return success, error_msg
#Remove remote system certificates on the local system
success, msg = ansible_remove_certificates(system_ip=local_ip,
system_id_to_remove=system_id)
if not success:
return success, "Cannot remove the local certificates <%s>" % str(msg)
# 5 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
error_msg = "Cannot remove the system from the " + \
"ansible inventory file " + \
"<%s>" % str(aim_error)
return False, error_msg
# 6 - Try to connect to the child and remove the parent
# using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Cannot retrieve the server-id " + \
"from local <%s>" % str(msg)
return success, error_msg
if remote_system_is_reachable:
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
error_msg = "Cannot delete parent server in child <%s>" % str(msg)
return success, error_msg
return True, ""
msg = "The remote system is not reachable. " + \
"We had not been able to remove the parent configuration"
return True, msg
def add_system_from_ip(system_ip, password, add_to_database=True):
"""
Add a new system using system ip.
"""
(success, local_system_id) = get_system_id_from_local()
if not success:
error_msg = "Something wrong happened retrieving " + \
"the local system id"
return success, error_msg
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=system_ip,
password=password)
if not success:
api_log.error(response)
return success, response
(success, system_info) = ansible_get_system_info(system_ip)
if not success:
api_log.error(system_info)
return success, "Something wrong happened getting the system info"
sensor_id = None
if 'server' in system_info['profile']:
# - Do not add the child server when I'm myself
if system_info['server_id'] != local_system_id:
success, msg = add_child_server(system_ip,
system_info['server_id'])
if not success:
api_log.error(str(msg))
error_msg = "Something wrong happened setting the child server"
return False, error_msg
if 'sensor' in system_info['profile']:
if 'server' in system_info['profile'] and system_info['sensor_id']:
# sensor and sensor profiles come with its own sensor_id
sensor_id = system_info['sensor_id']
else:
# get sensor_id from ip
sensor_ip = system_ip
if system_info['vpn_ip']:
sensor_ip = system_info['vpn_ip']
(success, sensor_id) = get_sensor_id_from_sensor_ip(sensor_ip)
if not success:
api_log.error(str(sensor_id))
sensor_id = None
system_info['sensor_id'] = sensor_id
if not system_info['admin_ip']:
system_info['admin_ip'] = system_ip
if system_info['admin_ip'] != system_ip:
# We're natted
system_info['admin_ip'] = system_ip
if add_to_database:
profile_str = ','.join(system_info['profile'])
(success, msg) = db_add_system(system_id=system_info['system_id'],
name=system_info['hostname'],
admin_ip=system_info['admin_ip'],
vpn_ip=system_info['vpn_ip'],
profile=profile_str,
server_id=system_info['server_id'],
sensor_id=system_info['sensor_id'])
if not success:
api_log.error(msg)
error_msg = "Something wrong happened inserting " + \
"the system into the database"
return (False, error_msg)
else:
result, _ = get_system_ip_from_system_id(system_info['system_id'])
if not result:
error_msg = "System was not inserted, cannot continue"
return (False, error_msg)
# Now that the system is in the database, check if it is a server and
# open the firewall, if it is required.
if 'server' in system_info['profile']:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-add-server")
if not trigger_success:
api_log.error(msg)
(success,
msg) = create_directory_for_ossec_remote(system_info['system_id'])
if not success:
api_log.error(msg)
return (False, msg)
return (True, system_info)
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Cannot retrieve the " + \
"local system id. %s" % str(local_system_id)
return success, error_msg
if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id):
error_msg = "You're trying to remove the local system, " + \
"which it's not allowed"
return False, error_msg
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "Cannot retrieve the system ip " + \
"for the given system-id %s" % (str(system_ip))
return success, error_msg
# Check whether the remote system is reachable or not:
try:
remote_system_is_reachable = ping_system(system_id, no_cache=True)
except APIException:
remote_system_is_reachable = False
# We need to take the sensor_id from the database before removing it from the db
(success_f, sensor_id) = get_sensor_id_from_system_id(system_id)
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
error_msg = "Cannot remove the system " + \
"from the database <%s>" % str(msg)
return success, error_msg
# 2 - Remove the firewall rules.
if success_f:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-sensor")
if not trigger_success:
api_log.error(msg)
else:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-server")
if not trigger_success:
api_log.error(msg)
# 3 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return (success,
# "Error while removing the remote certificates: %s" % str(msg))
# 4 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "Cannot retrieve the local ip " + \
"<%s>" % str(local_ip)
return success, error_msg
#Remove remote system certificates on the local system
success, msg = ansible_remove_certificates(system_ip=local_ip,
system_id_to_remove=system_id)
if not success:
return success, "Cannot remove the local certificates <%s>" % str(msg)
# 5 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
error_msg = "Cannot remove the system from the " + \
"ansible inventory file " + \
"<%s>" % str(aim_error)
return False, error_msg
# 6 - Try to connect to the child and remove the parent
# using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Cannot retrieve the server-id " + \
"from local <%s>" % str(msg)
return success, error_msg
if remote_system_is_reachable:
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
error_msg = "Cannot delete parent server in child <%s>" % str(msg)
return success, error_msg
return True, ""
msg = "The remote system is not reachable. " + \
"We had not been able to remove the parent configuration"
return True, msg
def add_system_from_ip(system_ip, password, add_to_database=True):
"""
Add a new system using system ip.
"""
(success, local_system_id) = get_system_id_from_local()
if not success:
error_msg = "Something wrong happened retrieving " + \
"the local system id"
return success, error_msg
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=system_ip,
password=password)
if not success:
api_log.error(response)
return success, response
(success, system_info) = ansible_get_system_info(system_ip)
if not success:
api_log.error(system_info)
return success, "Something wrong happened getting the system info"
sensor_id = None
if 'server' in system_info['profile']:
# - Do not add the child server when I'm myself
if system_info['server_id'] != local_system_id:
success, msg = add_child_server(system_ip,
system_info['server_id'])
if not success:
api_log.error(str(msg))
error_msg = "Something wrong happened setting the child server"
return False, error_msg
if 'sensor' in system_info['profile']:
if 'server' in system_info['profile'] and system_info['sensor_id']:
# sensor and sensor profiles come with its own sensor_id
sensor_id = system_info['sensor_id']
else:
# get sensor_id from ip
sensor_ip = system_ip
if system_info['vpn_ip']:
sensor_ip = system_info['vpn_ip']
(success, sensor_id) = get_sensor_id_from_sensor_ip(sensor_ip)
if not success:
api_log.error(str(sensor_id))
sensor_id = None
system_info['sensor_id'] = sensor_id
if not system_info['admin_ip']:
system_info['admin_ip'] = system_ip
if system_info['admin_ip'] != system_ip:
# We're natted
system_info['admin_ip'] = system_ip
if add_to_database:
profile_str = ','.join(system_info['profile'])
(success, msg) = db_add_system(system_id=system_info['system_id'],
name=system_info['hostname'],
admin_ip=system_info['admin_ip'],
vpn_ip=system_info['vpn_ip'],
profile=profile_str,
server_id=system_info['server_id'],
sensor_id=system_info['sensor_id'])
if not success:
api_log.error(msg)
error_msg = "Something wrong happened inserting " + \
"the system into the database"
return (False, error_msg)
else:
result, _ = get_system_ip_from_system_id (system_info['system_id'])
if not result:
error_msg = "System was not inserted, cannot continue"
return (False, error_msg)
# Now that the system is in the database, check if it is a server and
# open the firewall, if it is required.
if 'server' in system_info['profile']:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-add-server")
if not trigger_success:
api_log.error(msg)
(success, msg) = create_directory_for_ossec_remote(system_info['system_id'])
if not success:
api_log.error(msg)
return (False, msg)
return (True, system_info)
def start(self):
""" Starts the monitor activity
"""
try:
# Remove the previous monitor data.
self.remove_monitor_data()
monitor_data = {}
success, system_id = get_system_id_from_local()
if not success:
return False
# Now
now = int(time.time())
# Firstly, wizard data!
wizard_dict = {}
success, start_welcome_wizard, welcome_wizard_date = get_wizard_data()
if not success:
api_log.error("There was an error retrieving the wizard data")
wizard_shown = True
if start_welcome_wizard == 2:
# if difference between now and welcome_wizard_date is less
# than a week, display message
if (now - welcome_wizard_date) < 420:
wizard_shown = False
wizard_dict['wizard_shown'] = wizard_shown
monitor_data[self.__WEB_MESSAGES['MESSAGE_WIZARD_SHOWN']] = wizard_dict
# Time to look for orphan sensors
orphan_sensors_dict = {}
success, message = check_any_orphan_sensor()
orphan_sensors = False
if not success:
api_log.error(message)
orphan_sensors = True
orphan_sensors_dict['orphan_sensors'] = orphan_sensors
monitor_data[self.__WEB_MESSAGES['MESSAGE_SENSOR_NOT_INSERTED']] = orphan_sensors_dict
# Has the trial version expired?
success, expires, message = get_trial_expiration_date()
trial_expired = False
trial_expires_7days = False
trial_expires_2days = False
if not success:
rc, pro = system_is_professional()
if rc:
if pro:
# OK, we have an error here
api_log.error(message)
else:
pass
else:
# expire=9999-12-31
expiration_date = expires.split('=')[1]
if expiration_date:
mktime_expression = datetime.datetime.strptime(expiration_date,
"%Y-%m-%d").timetuple()
expires = int(time.mktime(mktime_expression))
one_week_left = now - 604800
two_days_left = now - 172800
if expires < one_week_left:
trial_expires_7days = True
elif expires < two_days_left:
trial_expires_2days = True
elif expires < now:
trial_expired = True
else:
pass
else:
if os.path.isfile("/etc/ossim/ossim.lic"):
api_log.warning("Valid license but no web admin user found!")
else:
api_log.debug("Expiration date can't be determined: License file not found")
monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRED"]] = {'trial_checked': success,
'trial_expired': trial_expired}
monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_7DAYS"]] = {'trial_checked': success,
'trial_expired': trial_expires_7days}
monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_2DAYS"]] = {'trial_checked': success,
'trial_expired': trial_expires_2days}
# Check max number of assets
assets = len(get_asset_list())
contracted_devices = get_license_devices()
over_assets = False
exceeding_assets = 0
#if assets > contracted_devices:
# exceeding_assets = assets - contracted_devices
# over_assets = True
monitor_data[self.__WEB_MESSAGES["MESSAGE_LICENSE_VIOLATION"]] = {'over_assets': over_assets,
'exceeding_assets': exceeding_assets}
# OTX contribution
otx_enabled = apimethod_is_otx_enabled()
monitor_data[self.__WEB_MESSAGES["MESSAGE_OTX_CONNECTION"]] = {'otx_enabled': otx_enabled}
# Backup in progress?
success, running, message = check_backup_process_running()
if not success:
api_log.error(message)
monitor_data[self.__WEB_MESSAGES["MESSAGE_BACKUP_RUNNING"]] = {'backup_check': success,
'backup_running': running}
# Save monitor data
self.save_data(system_id,
ComponentTypes.SYSTEM,
self.get_json_message(monitor_data))
except Exception as err:
api_log.error("Error processing WebUIData monitor information: %s" % str(err))
return False
return True
except Exception, msg:
app.logger.warning("Error loading messages in database")
# Log permissions
try:
if os.path.isdir("/var/log/alienvault/api"):
for api_logfile in os.listdir("/var/log/alienvault/api"):
os.chmod("/var/log/alienvault/api/%s" % api_logfile, 0644)
except Exception as e:
pass
# Purge celery-once references from redis
from celery_once.helpers import queue_once_key
from celery_once.tasks import QueueOnce
from db.methods.system import get_system_id_from_local
system_id=get_system_id_from_local()[1]
args={'system_id' : u'%s' % system_id}
task_name = "celerymethods.tasks.backup_tasks.backup_configuration_for_system_id"
key = queue_once_key(task_name, args, None)
aux = QueueOnce()
aux.clear_lock(key)
# This is the recommended way of packaging a Flask app.
# This seems to be a hack to avoid circulat imports.
# See http://flask.pocoo.org/docs/patterns/packages/
import api.views
# (Keep pyflakes quiet)
views
login_manager.login_view = "auth.login"
api_log.info(info_msg)
# Check first line of sync.sql file for mySQL restart option
f.seek(0, 0)
restart_db = "RESTART OSSIM-SERVER" in f.readline()
# Restart SQL server if needed
if restart_db:
try:
restart_ossim_server(local_ip)
except Exception, err:
error_msg = "An error occurred while restarting " + \
"MySQL server: %s" % str(err)
return False, error_msg
# Check server_forward_role and generate sync.sql
(success, local_id) = get_system_id_from_local()
if success and has_forward_role(local_id):
try:
generate_sync_sql(local_ip, restart_db)
except Exception, err:
error_msg = "An error occurred while generating " + \
"sync.sql file: %s" % str(err)
return False, error_msg
return True, "[Apimethod sync_database_from_child] SQL sync successful"
@use_cache(namespace="system_packages", expire=84600)
def apimethod_get_update_info(system_id, no_cache=False):
"""Retrieves the system update information
Args: