Ejemplo n.º 1
0
def get_sensor_by_sensor_id(sensor_id):
    """Returns a Sensor object given a Sensor ID"""
    try:
        # Getting Sensor ID for local system
        if sensor_id.lower() == 'local':
            (success, system_id) = get_system_id_from_local()

            if not success:
                raise APICannotResolveLocalSystemID()

            (success, local_sensor_id) = get_sensor_id_from_system_id(system_id)

            if success and local_sensor_id:
                sensor_id = local_sensor_id

        if not is_valid_uuid(sensor_id):
            raise APICannotResolveSensorID(sensor_id)

        # Getting sensor information
        success = True
        sensor_id_bin = get_bytes_from_uuid(sensor_id.lower())
        data = db.session.query(Sensor).filter(Sensor.id == sensor_id_bin).one()
    except NoResultFound:
        success = False
        data = "No sensor found with the given ID"
    except MultipleResultsFound:
        success = False
        data = "More than one sensor found with the given ID"
    except Exception as ex:
        db.session.rollback()
        success = False
        data = "Something wrong happen while retrieving the sensor {0}".format(ex)

    return success, data
Ejemplo n.º 2
0
def update_host_net_reference(hostid=None):
    """
        Update host_net_reference table with hosts data.
        Modified to only update host provided.  This query locks the asset db,
        if you have a large number of assets this can cause issues when adding hosts.
        Will default to previous behavior if no host is passed.
    """
    # Original Query
    query = ("REPLACE INTO host_net_reference "
             "SELECT host.id, net_id FROM host, host_ip, net_cidrs "
             "WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end")

    # Check if hostid is passed and valid, if yes modify original query
    if hostid is not None and is_valid_uuid(hostid):
        query += " AND host.id = unhex(\'%s\')" % get_hex_string_from_uuid(hostid)

    try:
        db.session.begin()
        db.session.connection(mapper=Host_Net_Reference).execute(query)
        db.session.commit()
    except Exception as err_detail:
        db.session.rollback()
        api_log.error("There was a problem while updating host net reference: %s" % str(err_detail))
        return False
    return True
Ejemplo n.º 3
0
def create_host(ips, sensor_id, hostname='', fqdns='', asset_value=2, threshold_c=30, threshold_a=30, alert=0, persistence=0, nat=None,
                rrd_profile=None, descr='', lat=0, lon=0, icon=None, country=None, external_host=0, permissions=0, av_component=0, output='str', refresh=False):
    """
    Creates a new host in the database
     Args:
        Host data
     Return:
        Tuple (boolean, msg)
        - boolean indicates whether the operation was successful or not
        - msg will be the host ID,
           or the error string otherwise
    """

    if len(ips) == 0:
        return False, "At least one IP is required"

    succes, ctx = get_sensor_ctx_by_sensor_id(sensor_id)

    if not is_valid_uuid(ctx):
        return False, "ctx is not a valid canonical uuid"

    ctx = get_bytes_from_uuid(ctx)

    host_id = str(uuid.uuid4())

    if hostname == '':
        hostname = "Host-%s" % (ips[0].replace(".", "-"))

    try:
        db.session.begin()
        for host_ip in ips:
            host_ip_object = Host_Ip(host_id=get_bytes_from_uuid(host_id),
                                     ip=get_ip_bin_from_str(host_ip),
                                     mac=None,
                                     interface=None)
            db.session.merge(host_ip_object)

        host = Host(id=get_bytes_from_uuid(host_id),
                    ctx=ctx,
                    hostname=hostname,
                    fqdns=fqdns,
                    asset=asset_value,
                    threshold_c=threshold_c,
                    threshold_a=threshold_a,
                    alert=alert,
                    persistence=persistence,
                    nat=nat,
                    rrd_profile=rrd_profile,
                    descr=descr,
                    lat=lat,
                    lon=lon,
                    icon=icon,
                    country=country,
                    external_host=external_host,
                    permissions=permissions,
                    av_component=av_component)

        db.session.merge(host)

        hs_reference = Host_Sensor_Reference(host_id=get_bytes_from_uuid(host_id),
                                             sensor_id=get_bytes_from_uuid(sensor_id))
        db.session.merge(hs_reference)

        db.session.commit()

    except Exception, msg:
        db.session.rollback()
        message = "There was a problem adding new Host %s to the database: %s" % (hostname, str(msg))
        api_log.error(message)
        return False, message
Ejemplo n.º 4
0
def ossec_win_deploy(sensor_id, asset_id, windows_ip, windows_username, windows_password, windows_domain,
                     agent_id=None):
    """ Deploy HIDS agent on a Windows System
    Args:
        sensor_id(str): Sensor ID
        asset_id(str): Asset ID
        windows_ip(str) : Deployment IP (where we are going to deploy the HIDS Agent)
        windows_username(str) : Windows Username
        windows_password(str) : Windows Password
        windows_domain(str) : Windows Domain
        agent_id(str) : Agent ID

    Returns:
        True if HIDS agent was properly deployed

    Raises:
        APICannotResolveAssetID
        APICannotCreateHIDSAgent
        APICannotGetHIDSAgentByAsset
        APICannotResolveSensorID
        APICannotDeployHIDSAgent
        APIInvalidDeploymentIP
        APIInvalidWindowsUsername
        APIInvalidWindowsPassword
        APIInvalidAgentID
    """

    # Setting default values
    agent_name = None
    sensor_ip = None
    sensor_name = None
    asset_name = None
    try:
        # Validate deployment parameters
        if not is_valid_uuid(asset_id):
            raise APICannotResolveAssetID(asset_id)

        if not is_valid_ipv4(windows_ip):
            raise APIInvalidDeploymentIP(windows_ip)

        if not is_valid_windows_user(windows_username):
            raise APIInvalidWindowsUsername(windows_username)

        if not is_valid_user_password(windows_password):
            raise APIInvalidWindowsPassword()

        if agent_id and not is_valid_ossec_agent_id(agent_id):
            raise APIInvalidAgentID(agent_id)

        # Getting Sensor Information
        (success, sensor) = get_sensor_by_sensor_id(sensor_id)
        if not success:
            raise APICannotResolveSensorID(sensor_id)

        sensor_id = get_uuid_string_from_bytes(sensor.id)
        sensor_id = sensor_id.replace('-', '').upper()
        sensor_ip = get_ip_str_from_bytes(sensor.ip)
        sensor_name = sensor.name

        # Getting agent related to assets
        hids_agents = get_hids_agents_by_asset(asset_id, sensor_id)

        # Getting asset info
        asset_name = get_name_by_host_id(asset_id)

        if len(hids_agents) == 0:
            # Creating agent if doesn't exists
            agent_name = asset_name
            (success, data) = apimethod_ossec_add_new_agent(sensor_id, agent_name, windows_ip, asset_id)

            if not success:
                raise APICannotCreateHIDSAgent(agent_name, sensor_id)
            else:
                agent_id = data
        else:
            # Getting agent information
            if agent_id:
                agent_key = sensor_id + '#' + agent_id
            else:
                agent_key = hids_agents.keys().pop(0)

            if agent_key in hids_agents:
                agent_name = hids_agents[agent_key].get('name')
                agent_id = hids_agents[agent_key].get('id')
            else:
                raise APICannotGetHIDSAgentByAsset(asset_id)

        # Deploy HIDS Agent
        ansible_result = ansible_ossec_win_deploy(sensor_ip, agent_name, windows_ip, windows_username, windows_domain,
                                                  windows_password)
        if ansible_result[sensor_ip]['unreachable'] == 0 and ansible_result[sensor_ip]['failures'] == 0:
            # No error, update agent status in database
            time.sleep(2)
            (success, data) = apimethod_ossec_get_agent_detail(sensor_id, agent_id)

            if success:
                agent_info = data[0].split(',')
                agent_status = agent_info[3]

                update_hids_agent_status(agent_id, sensor_id, agent_status)
        else:
            ans_last_error = ""
            if ansible_result[sensor_ip]['unreachable'] == 1:
                ans_last_error = "System is unreachable"
            elif 'msg' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['msg']!="":
                ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['msg']
            elif 'stderr' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['stderr']!="":
                ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['stderr']
            elif 'stdout' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['stdout']!="":
                ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['stdout']
            error_msg = 'HIDS Agent cannot be deployed.  Reason: {0}'.format(ans_last_error)

            raise APICannotDeployHIDSAgent(error_msg)

        res = True
        message = 'HIDS agent successfully deployed'
    except APICannotDeployHIDSAgent as err:
        message = str(err)
        res = False
    except Exception as err:
        message = str(err)
        logger.error(message)
        res = False

    # Create message in Message Center
    mc_id = "00000000-0000-0000-0000-000000010033" if res is True else "00000000-0000-0000-0000-000000010031"

    additional_info = {
        "asset_id": asset_id,
        "sensor_id": sensor_id,
        "agent_id": agent_id,
        "asset_name": asset_name,
        "asset_ip": windows_ip,
        "sensor_ip": sensor_ip,
        "sensor_name": sensor_name,
        "agent_name": agent_name,
        "deploy_status": message
    }

    additional_info = json.dumps(additional_info)
    insert_current_status_message(mc_id, asset_id, "host", additional_info)

    return res, message