Ejemplo n.º 1
0
    def sendPatternSuggestion(self, suggestion, patterns):
        """@brief Builds a composite TLV to send a the pattern 
        to the ASEC system.
        @param suggestion: the suggestion
        """
        logger.info("Sending results...")
        tlv_list = []
        suggestion_id = UUID(bytes=suggestion.suggestion_group_id)
        b64_suggestion_id = base64.b64encode(str(suggestion_id))

        tlv_suggestion_id = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_ID, \
                        str(b64_suggestion_id), len(str(b64_suggestion_id)))

        suggestion_filename = ""
        if suggestion.location is None or suggestion.location == "":
            suggestion_filename = suggestion.filename
        else:
            suggestion_filename = suggestion.location
        suggestion_filename = base64.b64encode(suggestion_filename)
        tlv_suggestion_filename = ASECTLV.tlv_simple(
            ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME, suggestion_filename,
            len(suggestion_filename))

        suggestion_json = '{"patterns":['
        pattern_list = ",".join(["%s" % (p.pattern_json) for p in patterns])
        suggestion_json = suggestion_json + pattern_list + "]}"
        suggestion_json = base64.b64encode(suggestion_json)
        tlv_suggestion_json = ASECTLV.tlv_simple(
            ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR, suggestion_json,
            len(suggestion_json))

        tlv_list.append(tlv_suggestion_id)
        tlv_list.append(tlv_suggestion_filename)
        tlv_list.append(tlv_suggestion_json)

        tlvcomposite = ASECTLV.tlv_composite(ASECTLV.TLV_TYPE_PATTERN,
                                             tlv_list)
        attempts = 3
        while attempts > 0:
            if not self.__send(tlvcomposite):
                attempts = attempts - 1
                time.sleep(1)
            else:
                try:
                    self.__asecmodel.delete_suggestion(str(suggestion_id))
                except Exception, e:
                    logger.error("Can't remove the suggestionid: %s" % str(e))
                    return False
                return True
Ejemplo n.º 2
0
 def process_message_active_plugin(self, data, data_len):
     """Processes the active plugin  message.
     """
     logger.info("processing active plugin message")
     total = data_len
     readed = 0
     pkg = data
     plugin_id = ""
     plugin_name = ""
     sensor_id = ""
     log_file =""
     while readed < total:
         s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
         readed += s_len + 8
         if s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_ID:
             plugin_id = base64.b64decode(s_value).rstrip('\n')
             logger.info("pattern_pluginid: %s" % plugin_id)
         elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_NAME:
             plugin_name = base64.b64decode(s_value).rstrip('\n')
             logger.info("pattern_field_pluginname :%s" % plugin_name)
         elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_SENSOR_ID:
             sensor_id = base64.b64decode(s_value)
             logger.info("pattern_field_sensorid :%s" % sensor_id)
         elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_LOG_FILE:
             log_file = base64.b64decode(s_value)
         else:
             logger.error("unknown type: %s" % s_type)
     try:
         pid = int(plugin_id)
     except:
         logger.error("invalid plugin %s" % plugin_id)
         pid = 0
     notification = AsecDb_Notification(plugin_id=pid, sensor_id=UUID(sensor_id).bytes, rule_name=plugin_name,log_file = log_file)
     self.__asecmodel.set_notification(notification)
Ejemplo n.º 3
0
 def process_message_pattern(self, data, data_len):
     """Processes the pattern message.
     """
     logger.info("processing message: pattern")
     total = data_len
     readed = 0
     pkg = data
     logid = 0
     t_uuid = ""
     filename = ""
     json_str = ""
     while readed < total:
         s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
         readed += s_len + 8
         if s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_ID:
             logger.info("pattern_fieldid")
             t_uuid = base64.b64decode(s_value)
         elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME:
             logger.info("pattern_field_filename")
             filename = base64.b64decode(s_value).rstrip('\n')
         elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR:
             logger.info("pattern_field_json")
             json_str = base64.b64decode(s_value).rstrip('\n')
         else:
             logger.error("unknown type: %s" % s_type)
     if self.__asecmodel.get_suggestion(t_uuid) is None:
         suggestion = AsecDb_Suggestion(suggestion_group_id=UUID(t_uuid).bytes, filename=filename,location="")
         self.__asecmodel.set_suggestion(suggestion)
     suggestion_pattern = AsecDb_Suggestion_pattern(suggestion_group_id=UUID(t_uuid).bytes, pattern_json=json_str)
     self.__asecmodel.set_suggestion_pattern(suggestion_pattern)
Ejemplo n.º 4
0
    def process_message_mlog4fwk(self, data, data_len):
        """Processes  the mlog4fwk message.
        """
        logger.info("processing message: mlog4fwk")
        total = data_len
        readed = 0
        pkg = data
        logstr = ""
        sensor = ""
        regex = ""

        while readed < total:
            s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
            readed += s_len + 8
            if s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_LOG_LINE:
                logstr = s_value #base64.b64decode(s_value).rstrip('\n')
            elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_REGEXP:
                regex = base64.b64decode(s_value)
            elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_SENSOR_ID:
                sensor = base64.b64decode(s_value)
                logger.info("Campo Sensor :%s - %d" % (sensor, len(sensor)))
            else:
                logger.error("unknown type: %s" % s_type)
        
        obj = AsecDb_AlarmCoincidence(data=regex, sample_log=logstr, sensor_id=UUID(sensor).bytes)
        self.__asecmodel.set_alarm_coincidence(obj)
Ejemplo n.º 5
0
 def process_message_pattern(self, data, data_len):
     """Processes the pattern message.
     """
     logger.info("processing message: pattern")
     total = data_len
     readed = 0
     pkg = data
     logid = 0
     t_uuid = ""
     filename = ""
     json_str = ""
     while readed < total:
         s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
         readed += s_len + 8
         if s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_ID:
             logger.info("pattern_fieldid")
             t_uuid = base64.b64decode(s_value)
         elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME:
             logger.info("pattern_field_filename")
             filename = base64.b64decode(s_value).rstrip('\n')
         elif s_type == ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR:
             logger.info("pattern_field_json")
             json_str = base64.b64decode(s_value).rstrip('\n')
         else:
             logger.error("unknown type: %s" % s_type)
     if self.__asecmodel.get_suggestion(t_uuid) is None:
         suggestion = AsecDb_Suggestion(
             suggestion_group_id=UUID(t_uuid).bytes,
             filename=filename,
             location="")
         self.__asecmodel.set_suggestion(suggestion)
     suggestion_pattern = AsecDb_Suggestion_pattern(
         suggestion_group_id=UUID(t_uuid).bytes, pattern_json=json_str)
     self.__asecmodel.set_suggestion_pattern(suggestion_pattern)
Ejemplo n.º 6
0
    def process_message_mlog4fwk(self, data, data_len):
        """Processes  the mlog4fwk message.
        """
        logger.info("processing message: mlog4fwk")
        total = data_len
        readed = 0
        pkg = data
        logstr = ""
        sensor = ""
        regex = ""

        while readed < total:
            s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
            readed += s_len + 8
            if s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_LOG_LINE:
                logstr = s_value  #base64.b64decode(s_value).rstrip('\n')
            elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_REGEXP:
                regex = base64.b64decode(s_value)
            elif s_type == ASECTLV.TLV_TYPE_MLOG4FWK_FIELD_SENSOR_ID:
                sensor = base64.b64decode(s_value)
                logger.info("Campo Sensor :%s - %d" % (sensor, len(sensor)))
            else:
                logger.error("unknown type: %s" % s_type)

        obj = AsecDb_AlarmCoincidence(data=regex,
                                      sample_log=logstr,
                                      sensor_id=UUID(sensor).bytes)
        self.__asecmodel.set_alarm_coincidence(obj)
Ejemplo n.º 7
0
    def sendPatternSuggestion(self, suggestion, patterns):
        """@brief Builds a composite TLV to send a the pattern 
        to the ASEC system.
        @param suggestion: the suggestion
        """
        logger.info("Sending results...")
        tlv_list = []
        suggestion_id = UUID(bytes=suggestion.suggestion_group_id)
        b64_suggestion_id = base64.b64encode(str(suggestion_id))
        
        tlv_suggestion_id = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_ID, \
                        str(b64_suggestion_id), len(str(b64_suggestion_id)))

        suggestion_filename = ""
        if suggestion.location is None or suggestion.location == "":
            suggestion_filename = suggestion.filename
        else:
            suggestion_filename = suggestion.location
        suggestion_filename = base64.b64encode(suggestion_filename)
        tlv_suggestion_filename = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_FILENAME, suggestion_filename, len(suggestion_filename))
        
        suggestion_json = '{"patterns":['
        pattern_list = ",".join(["%s" % (p.pattern_json) for p in patterns])
        suggestion_json = suggestion_json+pattern_list+"]}"
        suggestion_json = base64.b64encode(suggestion_json)
        tlv_suggestion_json = ASECTLV.tlv_simple(ASECTLV.TLV_TYPE_PATTERN_FIELD_JSON_STR, suggestion_json, len(suggestion_json))

        tlv_list.append(tlv_suggestion_id)
        tlv_list.append(tlv_suggestion_filename)
        tlv_list.append(tlv_suggestion_json)

        tlvcomposite = ASECTLV.tlv_composite(ASECTLV.TLV_TYPE_PATTERN, tlv_list)
        attempts = 3
        while attempts>0:
            if not self.__send(tlvcomposite):
                attempts = attempts - 1
                time.sleep(1)
            else:
                try:
                    self.__asecmodel.delete_suggestion(str(suggestion_id))
                except Exception,e:
                    logger.error("Can't remove the suggestionid: %s" % str(e))
                    return False
                return True
Ejemplo n.º 8
0
 def process_message_active_plugin(self, data, data_len):
     """Processes the active plugin  message.
     """
     logger.info("processing active plugin message")
     total = data_len
     readed = 0
     pkg = data
     plugin_id = ""
     plugin_name = ""
     sensor_id = ""
     log_file = ""
     while readed < total:
         s_type, s_len, s_value = ASECTLV.tlv_decode(pkg[readed:])
         readed += s_len + 8
         if s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_ID:
             plugin_id = base64.b64decode(s_value).rstrip('\n')
             logger.info("pattern_pluginid: %s" % plugin_id)
         elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_NAME:
             plugin_name = base64.b64decode(s_value).rstrip('\n')
             logger.info("pattern_field_pluginname :%s" % plugin_name)
         elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_SENSOR_ID:
             sensor_id = base64.b64decode(s_value)
             logger.info("pattern_field_sensorid :%s" % sensor_id)
         elif s_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN_FIELD_PLUGIN_LOG_FILE:
             log_file = base64.b64decode(s_value)
         else:
             logger.error("unknown type: %s" % s_type)
     try:
         pid = int(plugin_id)
     except:
         logger.error("invalid plugin %s" % plugin_id)
         pid = 0
     notification = AsecDb_Notification(plugin_id=pid,
                                        sensor_id=UUID(sensor_id).bytes,
                                        rule_name=plugin_name,
                                        log_file=log_file)
     self.__asecmodel.set_notification(notification)
Ejemplo n.º 9
0
 def process(self, requestor, line):
     """Processes an ASEC requests
     requestor: Source Socket
     line: command to process
     """
     
     msg = Util.get_var("msg=\"([^\"]+)\"", line)
     line = base64.b64decode(msg)
     # TODO ACK tlv
     response = ""
     try:
         tlv_type, tlv_len, tlv_value = ASECTLV.tlv_decode(line)
         if tlv_type == ASECTLV.TLV_TYPE_PATTERN:
             self.process_message_pattern(tlv_value, tlv_len)
         elif tlv_type == ASECTLV.TLV_TYPE_MLOG4FWK:
             self.process_message_mlog4fwk(tlv_value, tlv_len);
         elif tlv_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN:
             self.process_message_active_plugin(tlv_value, tlv_len)
         else:
             logger.error("unknown tlv")
     except Exception, e:
         import traceback
         logger.error(traceback.print_exc())
         logger.error("ERROR:  %s" % str(e))
Ejemplo n.º 10
0
    def process(self, requestor, line):
        """Processes an ASEC requests
        requestor: Source Socket
        line: command to process
        """

        msg = Util.get_var("msg=\"([^\"]+)\"", line)
        line = base64.b64decode(msg)
        # TODO ACK tlv
        response = ""
        try:
            tlv_type, tlv_len, tlv_value = ASECTLV.tlv_decode(line)
            if tlv_type == ASECTLV.TLV_TYPE_PATTERN:
                self.process_message_pattern(tlv_value, tlv_len)
            elif tlv_type == ASECTLV.TLV_TYPE_MLOG4FWK:
                self.process_message_mlog4fwk(tlv_value, tlv_len)
            elif tlv_type == ASECTLV.TLV_TYPE_ACTIVE_PLUGIN:
                self.process_message_active_plugin(tlv_value, tlv_len)
            else:
                logger.error("unknown tlv")
        except Exception, e:
            import traceback
            logger.error(traceback.print_exc())
            logger.error("ERROR:  %s" % str(e))