def main():
import os_lib_handle
import os_lib_agent
import os_lib_syscheck
import os_lib_alerts
import ossec_conf
import datetime
ossec_handle = os_lib_handle.os_handle_start(ossec_conf.ossec_dir)
if ossec_handle is None:
print("Unable to access ossec directory.\n")
return(1)
agent_list = os_lib_agent.os_getagents(ossec_handle)
agent_list2 = []
agent_count = 0
for agent in agent_list:
agent['id'] = agent_count
agent_count += 1
agent['change_time_fmt'] = datetime.datetime.fromtimestamp(agent['change_time']).strftime("%m/%d/%Y %H:%M:%S")
atitle = ""
aclass = ""
amsg = ""
#If agent is connected
if agent['connected']:
atitle = "Agent active"
aclass = "bluez"
else:
atitle = "Agent Inactive"
aclass = "red"
amsg = " - Inactive"
agent['atitle'] = atitle
agent['aclass'] = aclass
agent['amsg'] = amsg
agent_list2.append(agent)
syscheck_list = os_lib_syscheck.os_getsyscheck(ossec_handle)
syscheck_count = 0
syscheck_list2 = []
# {'time_stamp':time_stamp, '_name':_name, 'sk_file_name':sk_file_name}
for syscheck in syscheck_list['global_list']['files']:
ts = datetime.datetime.fromtimestamp(int(syscheck['time_stamp'])).strftime("%m/%d/%Y %H:%M:%S")
syscheck_list2.append({'id':syscheck_count, 'ts':ts, 'name':syscheck['_name'], 'filename':syscheck['sk_file_name']})
syscheck_count += 1
if syscheck_count >= 10:
break
pass
alert_list = os_lib_alerts.os_getalerts(ossec_handle, 0, 0, 30)
alert_count = alert_list.size() - 1
alert_array = alert_list.alerts()
alert_list_html = ""
while (alert_count>=0):
alert_list_html += alert_array[alert_count].toHtml()
alert_count -= 1
now = datetime.datetime.now().strftime("%m/%d/%Y %H:%M:%S")
return render_template("main.html", now=now, agent_list=agent_list2,
syscheck_global_list = syscheck_list2,
alert_list_html=alert_list_html)
def _make_contents(self):
#<form name="dosearch" method="post" action="index.php?f=i">
#<table><tr valign="top">
#<td>
#Agent name: </td><td><select name="agentpattern" class="formText"><option value="ossec-server" selected="selected"> ossec-server</option>
#</select></td>
#<td><input type="submit" name="ss" value="Dump database" class="button"/>
#</td>
#</tr></table>
#</form>
# Initializing variables
u_agent = "ossec-server"
u_file = ""
USER_agent = None
USER_file = None
# Getting user patterns
strpattern = "^[0-9a-zA-Z._^ -]{1,128}$"
if request.method == 'POST':
agentpattern = request.form.get('agentpattern')
if not agentpattern:
raise Exception("something is wrong in agentpattern")
if re.search(strpattern, agentpattern):
USER_agent = agentpattern
u_agent = USER_agent
#filepattern
pass
# Starting handle
ossec_handle = os_lib_handle.os_handle_start(ossec_conf.ossec_dir)
# Getting syscheck information
syscheck_list = os_lib_syscheck.os_getsyscheck(ossec_handle)
buffer = ""
# Creating form
buffer += """\
<form name="dosearch" method="post" action="syscheck">
<table><tr valign="top">
<td>Agent name: </td>
<td><select name="agentpattern" class="formText">
"""
for agent in syscheck_list.keys(): # global_list, ossec-server
print(agent)
#agent = str(agent)
sl = ""
if agent == "global_list":
break
elif u_agent == agent:
sl = ' selected ="selected"'
buffer += """<option value="%s" %s> %s</option>""" % (agent, sl, agent)
buffer += "</select></td>"
buffer += """ <td><input type="submit" name="ss" value="Dump database" class="button"/>"""
if USER_agent is not None:
buffer += """ <a class="bluez" href="syscheck"> <<back</a>"""
buffer += """\
</td>
</tr></table>
</form>
"""
# Dumping database
if request.method == 'POST':
if (request.form.get('ss') == "Dump database") and (USER_agent is not None):
print("Let's go!!!!!!!!!!!!!!!!!!!!")
dump_buffer = os_lib_syscheck.os_syscheck_dumpdb(ossec_handle, USER_agent)
self.contents = buffer + dump_buffer
return
pass
buffer += "<br /><h2>Latest modified files (for all agents): </h2>\n\n"
last_mod_date = ""
sk_count = 0
for syscheck in syscheck_list['global_list']['files']:
sk_count += 1
ffile_name = ""
ffile_name2 = ""
ffile_name = syscheck['sk_file_name']
# Setting the database
ts = int(syscheck['time_stamp'])
dt = datetime.datetime.fromtimestamp(ts).strftime("%m/%d/%Y")
dt2 = datetime.datetime.fromtimestamp(ts).strftime("%m/%d/%Y %H:%M:%S")
if last_mod_date != dt:
last_mod_date = dt
buffer += "<br/><b>%s</b><br/>" % last_mod_date
# ts = datetime.datetime.fromtimestamp(int(syscheck['time_stamp'])).strftime("%m/%d/%Y %H:%M:%S")
buffer += """\
<span id="togglesk%s">
<a href="#" class="bluez" title="Expand %s"
onclick="ShowSection(\'sk%s\');return false;"><span class="bluez">+
%s</span></a><br />
</span>
""" % (sk_count, ffile_name, sk_count, ffile_name)
buffer += """\
<div id="contentsk%d" style="display: none">
<a href="#" title="Hide %s"
onclick="HideSection(\'sk%d\');return false;">-%s</a>
<br />
<div class="smaller">
<b>File:</b> %s<br />
<b>Agent:</b> %s<br />
<b>Modification time:</b>
%s<br />
</div>
</div>
""" % (sk_count, ffile_name, sk_count, ffile_name, ffile_name, syscheck['_name'], dt2)
pass
buffer += "</td></tr></table>"
buffer += "<br /> <br />\n"
#syscheck_count = 0
#syscheck_list2 = []
## {'time_stamp':time_stamp, '_name':_name, 'sk_file_name':sk_file_name}
#for syscheck in syscheck_list['global_list']['files']:
# ts = datetime.datetime.fromtimestamp(int(syscheck['time_stamp'])).strftime("%m/%d/%Y %H:%M:%S")
# syscheck_list2.append({'id':syscheck_count, 'ts':ts, 'name':syscheck['_name'], 'filename':syscheck['sk_file_name']})
# syscheck_count += 1
#pass
self.contents = buffer