def read_config():
cluster_default_configuration = {
'disabled': False,
'node_type': 'master',
'name': 'wazuh',
'node_name': 'node01',
'key': '',
'port': 1516,
'bind_addr': '0.0.0.0',
'nodes': ['NODE_IP'],
'hidden': 'no'
}
try:
config_cluster = get_ossec_conf('cluster')
except WazuhException as e:
if e.code == 1106:
# if no cluster configuration is present in ossec.conf, return default configuration but disabling it.
cluster_default_configuration['disabled'] = True
return cluster_default_configuration
else:
raise WazuhException(3006, e.message)
except Exception as e:
raise WazuhException(3006, str(e))
# if any value is missing from user's cluster configuration, add the default one:
for value_name in set(cluster_default_configuration.keys()) - set(config_cluster.keys()):
config_cluster[value_name] = cluster_default_configuration[value_name]
config_cluster['port'] = int(config_cluster['port'])
if config_cluster['disabled'] == 'no':
config_cluster['disabled'] = False
elif config_cluster['disabled'] == 'yes':
config_cluster['disabled'] = True
else:
raise WazuhException(3004, "Allowed values for 'disabled' field are 'yes' and 'no'. Found: '{}'".format(
config_cluster['disabled']))
# if config_cluster['node_name'].upper() == '$HOSTNAME':
# # The HOSTNAME environment variable is not always available in os.environ so use socket.gethostname() instead
# config_cluster['node_name'] = gethostname()
# if config_cluster['node_name'].upper() == '$NODE_NAME':
# if 'NODE_NAME' in environ:
# config_cluster['node_name'] = environ['NODE_NAME']
# else:
# raise WazuhException(3006, 'Unable to get the $NODE_NAME environment variable')
# if config_cluster['node_type'].upper() == '$NODE_TYPE':
# if 'NODE_TYPE' in environ:
# config_cluster['node_type'] = environ['NODE_TYPE']
# else:
# raise WazuhException(3006, 'Unable to get the $NODE_TYPE environment variable')
if config_cluster['node_type'] == 'client':
logger.info("Deprecated node type 'client'. Using 'worker' instead.")
config_cluster['node_type'] = 'worker'
return config_cluster
def get_decoders_files(offset=0,
limit=common.database_limit,
sort=None,
search=None):
"""
Gets a list of the available decoder files.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}.
:param search: Looks for items with the specified string.
:return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)}
"""
data = []
decoder_dirs = []
decoder_files = []
ossec_conf = configuration.get_ossec_conf()
if 'rules' in ossec_conf:
if 'decoder_dir' in ossec_conf['rules']:
if type(ossec_conf['rules']['decoder_dir']) is list:
decoder_dirs.extend(ossec_conf['rules']['decoder_dir'])
else:
decoder_dirs.append(ossec_conf['rules']['decoder_dir'])
if 'decoder' in ossec_conf['rules']:
if type(ossec_conf['rules']['decoder']) is list:
decoder_files.extend(ossec_conf['rules']['decoder'])
else:
decoder_files.append(ossec_conf['rules']['decoder'])
else:
raise WazuhException(1500)
for decoder_dir in decoder_dirs:
path = "{0}/{1}/*_decoders.xml".format(common.ossec_path,
decoder_dir)
data.extend(glob(path))
for decoder_file in decoder_files:
data.append("{0}/{1}".format(common.ossec_path, decoder_file))
if search:
data = search_array(data, search['value'], search['negation'])
if sort:
data = sort_array(data, order=sort['order'])
else:
data = sort_array(data, order='asc')
return {
'items': cut_array(data, offset, limit),
'totalItems': len(data)
}
def get_rules_files(status=None, offset=0, limit=common.database_limit, sort=None, search=None):
"""
Gets a list of the rule files.
:param status: Filters by status: enabled, disabled, all.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}.
:param search: Looks for items with the specified string.
:return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)}
"""
data = []
status = Rule.__check_status(status)
# Enabled rules
ossec_conf = configuration.get_ossec_conf()
if 'rules' in ossec_conf and 'include' in ossec_conf['rules']:
data_enabled = ossec_conf['rules']['include']
else:
raise WazuhException(1200)
if status == Rule.S_ENABLED:
for f in data_enabled:
data.append({'name': f, 'status': 'enabled'})
else:
# All rules
data_all = []
rule_paths = sorted(glob("{0}/*_rules.xml".format(common.rules_path)))
for rule_path in rule_paths:
data_all.append(rule_path.split('/')[-1])
# Disabled
for r in data_enabled:
if r in data_all:
data_all.remove(r)
for f in data_all: # data_all = disabled
data.append({'name': f, 'status': 'disabled'})
if status == Rule.S_ALL:
for f in data_enabled:
data.append({'name': f, 'status': 'enabled'})
if search:
data = search_array(data, search['value'], search['negation'])
if sort:
data = sort_array(data, sort['fields'], sort['order'])
else:
data = sort_array(data, ['name'], 'asc')
return {'items': cut_array(data, offset, limit), 'totalItems': len(data)}
def read_config():
# Get api/configuration/config.js content
try:
config_cluster = get_ossec_conf('cluster')
except WazuhException as e:
if e.code == 1102:
raise WazuhException(
3006, "Cluster configuration not present in ossec.conf")
else:
raise WazuhException(3006, e.message)
except Exception as e:
raise WazuhException(3006, str(e))
return config_cluster
def managers_get_ossec_conf(section=None,
field=None,
node_id=None,
cluster_depth=1):
if is_a_local_request() or cluster_depth <= 0:
return get_ossec_conf(section, field)
else:
if not is_cluster_running():
raise WazuhException(3015)
request_type = list_requests_managers['MANAGERS_OSSEC_CONF']
args = [str(section), str(field)]
return distributed_api_request(request_type=request_type,
args=args,
cluster_depth=cluster_depth,
affected_nodes=node_id)
def get_decoders_files(offset=0, limit=common.database_limit, sort=None, search=None):
"""
Gets a list of the available decoder files.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}.
:param search: Looks for items with the specified string.
:return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)}
"""
data = []
decoder_dirs = []
decoder_files = []
ossec_conf = configuration.get_ossec_conf()
if 'rules' in ossec_conf:
if 'decoder_dir' in ossec_conf['rules']:
if type(ossec_conf['rules']['decoder_dir']) is list:
decoder_dirs.extend(ossec_conf['rules']['decoder_dir'])
else:
decoder_dirs.append(ossec_conf['rules']['decoder_dir'])
if 'decoder' in ossec_conf['rules']:
if type(ossec_conf['rules']['decoder']) is list:
decoder_files.extend(ossec_conf['rules']['decoder'])
else:
decoder_files.append(ossec_conf['rules']['decoder'])
else:
raise WazuhException(1500)
for decoder_dir in decoder_dirs:
path = "{0}/{1}/*_decoders.xml".format(common.ossec_path, decoder_dir)
data.extend(glob(path))
for decoder_file in decoder_files:
data.append("{0}/{1}".format(common.ossec_path, decoder_file))
if search:
data = search_array(data, search['value'], search['negation'])
if sort:
data = sort_array(data, order=sort['order'])
else:
data = sort_array(data, order='asc')
return {'items': cut_array(data, offset, limit), 'totalItems': len(data)}
def read_config():
try:
config_cluster = get_ossec_conf('cluster')
except WazuhException as e:
if e.code == 1102:
raise WazuhException(
3006, "Cluster configuration not present in ossec.conf")
else:
raise WazuhException(3006, e.message)
except Exception as e:
raise WazuhException(3006, str(e))
if 'port' in config_cluster:
config_cluster['port'] = int(config_cluster['port'])
return config_cluster
def read_config():
try:
config_cluster = get_ossec_conf('cluster')
except WazuhException as e:
if e.code == 1102:
raise WazuhException(
3006, "Cluster configuration not present in ossec.conf")
else:
raise WazuhException(3006, e.message)
except Exception as e:
raise WazuhException(3006, str(e))
if 'port' in config_cluster:
config_cluster['port'] = int(config_cluster['port'])
if 'node_type' in config_cluster and config_cluster[
'node_type'] == 'client':
logger.warning(
"Deprecated node type 'client'. Using 'worker' instead.")
config_cluster['node_type'] = 'worker'
return config_cluster
def read_config():
cluster_default_configuration = {
'disabled': 'no',
'node_type': 'master',
'name': 'wazuh',
'node_name': 'node01',
'key': '',
'port': 1516,
'bind_addr': '0.0.0.0',
'nodes': ['NODE_IP'],
'hidden': 'no'
}
try:
config_cluster = get_ossec_conf('cluster')
except WazuhException as e:
if e.code == 1106:
# if no cluster configuration is present in ossec.conf, return default configuration but disabling it.
cluster_default_configuration['disabled'] = 'yes'
return cluster_default_configuration
else:
raise WazuhException(3006, e.message)
except Exception as e:
raise WazuhException(3006, str(e))
# if any value is missing from user's cluster configuration, add the default one:
for value_name in set(cluster_default_configuration.keys()) - set(
config_cluster.keys()):
config_cluster[value_name] = cluster_default_configuration[value_name]
config_cluster['port'] = int(config_cluster['port'])
if config_cluster['node_type'] == 'client':
logger.info("Deprecated node type 'client'. Using 'worker' instead.")
config_cluster['node_type'] = 'worker'
return config_cluster
def get_decoders_files(status=None,
path=None,
file=None,
offset=0,
limit=common.database_limit,
sort=None,
search=None):
"""
Gets a list of the available decoder files.
:param status: Filters by status: enabled, disabled, all.
:param path: Filters by path.
:param file: Filters by filename.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}.
:param search: Looks for items with the specified string.
:return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)}
"""
status = Decoder.__check_status(status)
ruleset_conf = configuration.get_ossec_conf(section='ruleset')
if not ruleset_conf:
raise WazuhException(1500)
tmp_data = []
tags = ['decoder_include', 'decoder_exclude']
exclude_filenames = []
for tag in tags:
if tag in ruleset_conf:
item_status = Decoder.S_DISABLED if tag == 'decoder_exclude' else Decoder.S_ENABLED
if type(ruleset_conf[tag]) is list:
items = ruleset_conf[tag]
else:
items = [ruleset_conf[tag]]
for item in items:
item_name = os.path.basename(item)
full_dir = os.path.dirname(item)
item_dir = os.path.relpath(
full_dir if full_dir else common.ruleset_rules_path,
start=common.ossec_path)
if tag == 'decoder_exclude':
exclude_filenames.append(item_name)
else:
tmp_data.append({
'file': item_name,
'path': item_dir,
'status': item_status
})
tag = 'decoder_dir'
if tag in ruleset_conf:
if type(ruleset_conf[tag]) is list:
items = ruleset_conf[tag]
else:
items = [ruleset_conf[tag]]
for item_dir in items:
all_decoders = "{0}/{1}/*.xml".format(common.ossec_path,
item_dir)
for item in glob(all_decoders):
item_name = os.path.basename(item)
item_dir = os.path.relpath(os.path.dirname(item),
start=common.ossec_path)
if item_name in exclude_filenames:
item_status = Decoder.S_DISABLED
else:
item_status = Decoder.S_ENABLED
tmp_data.append({
'file': item_name,
'path': item_dir,
'status': item_status
})
data = list(tmp_data)
for d in tmp_data:
if status and status != 'all' and status != d['status']:
data.remove(d)
continue
if path and path != d['path']:
data.remove(d)
continue
if file and file != d['file']:
data.remove(d)
continue
if search:
data = search_array(data, search['value'], search['negation'])
if sort:
data = sort_array(data, sort['fields'], sort['order'])
else:
data = sort_array(data, ['file'], 'asc')
return {
'items': cut_array(data, offset, limit),
'totalItems': len(data)
}
