def add_server(server_ip, password):
"""
Add a new system.
"""
if not is_valid_ipv4(server_ip):
return False, "Invalid IP format: %s" % server_ip
(success, local_system_id) = get_system_id_from_local()
if not success:
return success, "Error retrieving the local system id"
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=server_ip,
password=password)
if not success:
return success, "Cannot add the server to the system"
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-add-server")
if not trigger_success:
api_log.error(msg)
(success, response) = get_remote_server_id_from_server_ip(server_ip)
return (success, response)
def add_server(server_ip, password):
"""
Add a new system.
"""
if not is_valid_ipv4(server_ip):
return False, "Invalid IP format: %s" % server_ip
(success, local_system_id) = get_system_id_from_local()
if not success:
return success, "Error retrieving the local system id"
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=server_ip,
password=password)
if not success:
return success, "Cannot add the server to the system"
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-add-server")
if not trigger_success:
api_log.error(msg)
(success, response) = get_remote_server_id_from_server_ip(server_ip)
return (success, response)
def apimethod_add_sensor(sensor_id, password, ctx):
if password is not None:
(success, response) = add_sensor(sensor_id, password)
if not success:
raise APICannotAddSensor(sensor_id, log=str(response))
(success, job_id) = set_sensor_context(sensor_id, ctx)
if not success:
raise APICannotSetSensorContext(sensor_id)
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-new-sensor")
if not trigger_success:
api_log.error(msg)
return job_id
def apimethod_add_sensor(sensor_id, password, ctx):
if password is not None:
(success, response) = add_sensor(sensor_id, password)
if not success:
raise APICannotAddSensor(sensor_id,
log=str(response))
(success, job_id) = set_sensor_context(sensor_id, ctx)
if not success:
raise APICannotSetSensorContext(sensor_id)
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-new-sensor")
if not trigger_success:
api_log.error(msg)
return job_id
def set_interfaces_roles(system_ip,interface_roles):
""" Check the role of subset of intefaces in the system
@param system_ip The system IP where we're going to operate
@param inteface_roles A json describing each interface we're going
to touch
interface_role format:
{ "iface" : {"role":<role>, "ipaddress":<ipaddress>, "netmask":<netmask>}, ...}
The possibles roles and params
monitoring => no ipaddress and no netmask
log_management => ipaddress and netmask must be present
disable => no ipaddress and no netmask
iface is the name of the network interface as configures (eth0, eth1, etc)
iface SHOULD NOT BE the admin interface
"""
def get_admin_interface_from_current_status(current_status):
for interface, interface_data in current_status.iteritems():
if interface_data['role'] == 'admin':
return interface
return None
# check params
if system_ip == "":
return False, "The system_ip should be a valid IP Address"
if not isinstance(interface_roles, dict):
return False, "The interface_roles should be a dictionary"
if len(interface_roles)<=0:
return False, "Empty interface roles"
# Retrieve the current status.
rc, net_current_status = get_iface_list(system_ip)
if not rc:
return False, "We can't retrieve the current status of the network configuration: %s" % net_current_status
# The management interface can't be set.
admin_interface = get_admin_interface_from_current_status(net_current_status)
if admin_interface is not None:
if admin_interface in interface_roles.keys():
return False, "'%s' is the admin interface. You can't set the role" % admin_interface
# Retrieve the network interface list from ansible facts
response = ansible.run_module([system_ip],
module="av_setup",
args="filter=ansible_interfaces",
use_sudo=True)
if system_ip in response['dark']:
return False, "We can't retrieve the current network interface list: %s" % response['dark'][system_ip]
if response['contacted'][system_ip].get('Failed',False) is True:
return False, "We can't retrieve the current network interface list: %s" % response['contacted'][system_ip]
# Ok, now in response we have all systems interfaces returned by ansible
# u'ansible_facts': {u'ansible_interfaces': [u'lo', u'bond0', u'eth2', u'eth1', u'eth0']}}}}
# First verify that the admin iface is in the list
system_interfaces = response['contacted'][system_ip]['ansible_facts']['ansible_interfaces']
if admin_interface not in system_interfaces:
return False, "Internal error admin iface '%s' not in system interfaces '%s'" % \
(admin_interface, str(system_interfaces))
# Check that all ifaces are included in system_ifaces
if not set(interface_roles.keys()).issubset(set(system_interfaces)):
return False, "There are interfaces in the request that are not present in the system"
# Retrieves the current [sensor]interfaces from ossim_setup.conf
(success, sensor_ifaces) = get_sensor_interfaces(system_ip)
if not success:
return False, "Can't get current sensor interfaces"
sensor_ifaces = sensor_ifaces['sensor_interfaces']
# Ok, now we must check that each param obeys the constrains
# Retrieve the system configured interfaces
(success,system_configured_ifaces) = get_conf_network_interfaces(system_ip, store_path=True)
if not success:
return False, "Can't retrieve the current configured interfaces"
# Build a hash table with key=ethx and value False
result_ifaces = dict([(x, False) for x in interface_roles.keys()])
old_sensor_ifaces = sensor_ifaces[:] # CLone, python use refs
removed_interfaces = []
added_interfaces = []
# Before attempting to make changes we have to check if the result of the operation would be consistent
future_net_status = net_current_status.copy()
for iface, conf in interface_roles.items():
role = conf.get('role', None)
netmask = conf.get('netmask', None)
address = conf.get('ipaddress', None)
if future_net_status.has_key(iface):
if future_net_status[iface]['role'] != role:
future_net_status[iface].pop('ipv4', None) # Clear the old IPv4 because we have change roles
future_net_status[iface]['role'] = role
# We need to clear all the info if we changed the role
future_net_status[iface]['promisc'] = False
if role == 'monitoring':
future_net_status[iface]['promisc'] = True
if role == 'log_management':
ipconf = {'network': "", 'netmask': netmask, 'address': address}
future_net_status[iface]['ipv4'] = ipconf
admin_interfaces_future_net_status = [iface for iface, data in future_net_status.iteritems() if
data['role'] is 'admin']
if len(admin_interfaces_future_net_status) > 1:
return False, "The admin interface is: %s and it's not allowed to configure more than one %s" % (
admin_interface, admin_interfaces_future_net_status)
ip_interfaces = [data['ipv4']['address'] for iface, data in future_net_status.iteritems() if
'ipv4' in data and data['ipv4']['address'] is not None and data['role'] is not 'disabled' and data['role'] is not 'monitoring']
if len(ip_interfaces) > len(set(ip_interfaces)):
return False, "It's not allowed to have more than one interface with the same ip"
for iface, conf in interface_roles.items():
role = conf.get('role', None)
if role == "log_management":
iface_netmask = conf.get('netmask', None)
iface_address = conf.get('ipaddress', None)
if iface_address is None:
result_ifaces[iface] = (False,
"In order to configure the given interface (%s) as a log management "
"interface we need an IP address(%s)" % (
iface, iface_address))
continue
if iface_netmask is None:
result_ifaces[iface] = (False,
"In order to configure the given interface (%s) as a log management "
"interface we need a valid netmask (%s)" % (
iface, iface_netmask))
continue
(success, result) = set_conf_iface(system_ip, iface, iface_address, iface_netmask)
if not success:
api_log.error("Can't configure iface '%s' msg: %s " % (iface, str(result)))
result_ifaces[iface] = (False, "Can't configure iface '%s' msg: %s" % (iface, str(result)))
continue
result_ifaces[iface] = (True, "Configured in /etc/network/interfaces")
added_interfaces.append(iface)
if iface in sensor_ifaces:
sensor_ifaces.remove(iface)
elif role == 'disabled' or role == 'monitoring':
# Check if the iface is in the
if iface in system_configured_ifaces.keys():
# Down iface
(success,result) = iface_debian_down(system_ip,[iface])
if not success:
api_log.error("Can't bring down configured iface '%s' " % iface)
result_ifaces[iface] = False,"Can't bring down configured iface '%s' " % iface
continue
(success,result) = delete_conf_iface (system_ip, iface)
if not success:
result_ifaces[iface] = (False,
"Can't delete iface from /etc/network/interfaces msg: %s" % str(result))
continue
removed_interfaces.append(iface)
result_ifaces[iface] = (True, "Removed from /etc/network/interfaces")
else:
result_ifaces[iface] = (True, "Not in /etc/network/interfaces")
if role == 'disabled':
removed_interfaces.append(iface)
if iface in sensor_ifaces:
sensor_ifaces.remove(iface)
else:
added_interfaces.append(iface)
if iface not in sensor_ifaces:
sensor_ifaces.append(iface)
else:
return False, "Invalid Role (%s) for the interface %s" % (role, iface)
# Here the code must be OK
# How can we make and atomic "configuration" of this code
# Now, check if we have to change the [sensor]interfaces
# First, now ifdown
(success,msg) = iface_down(system_ip, removed_interfaces)
if not success:
return False, "Something wrong has happened while setting down the interfaces %s" % msg
# Give me up
(success, msg) = iface_up(system_ip, added_interfaces)
if not success:
return False, "Something wrong has happened while setting up the interfaces %s" % msg
if set(sensor_ifaces) != set(old_sensor_ifaces):
# Set the ne sensors
(success,msg) = set_sensor_interfaces(system_ip,",".join(sensor_ifaces))
if not success:
return False, result_ifaces
# Regenerate /etc/alienvault/network/interfaces
# It should be done until all the interface management is ported to use lib av_config
fire_trigger(system_ip=system_ip,
trigger="alienvault-network-interfaces-migrate",
execute_trigger=False)
return True, result_ifaces
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Cannot retrieve the " + \
"local system id. %s" % str(local_system_id)
return success, error_msg
if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id):
error_msg = "You're trying to remove the local system, " + \
"which it's not allowed"
return False, error_msg
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "Cannot retrieve the system ip " + \
"for the given system-id %s" % (str(system_ip))
return success, error_msg
# Check whether the remote system is reachable or not:
try:
remote_system_is_reachable = ping_system(system_id, no_cache=True)
except APIException:
remote_system_is_reachable = False
# We need to take the sensor_id from the database before removing it from the db
(success_f, sensor_id) = get_sensor_id_from_system_id(system_id)
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
error_msg = "Cannot remove the system " + \
"from the database <%s>" % str(msg)
return success, error_msg
# 2 - Remove the firewall rules.
if success_f:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-sensor")
if not trigger_success:
api_log.error(msg)
else:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-server")
if not trigger_success:
api_log.error(msg)
# 3 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return (success,
# "Error while removing the remote certificates: %s" % str(msg))
# 4 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "Cannot retrieve the local ip " + \
"<%s>" % str(local_ip)
return success, error_msg
#Remove remote system certificates on the local system
success, msg = ansible_remove_certificates(system_ip=local_ip,
system_id_to_remove=system_id)
if not success:
return success, "Cannot remove the local certificates <%s>" % str(msg)
# 5 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
error_msg = "Cannot remove the system from the " + \
"ansible inventory file " + \
"<%s>" % str(aim_error)
return False, error_msg
# 6 - Try to connect to the child and remove the parent
# using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Cannot retrieve the server-id " + \
"from local <%s>" % str(msg)
return success, error_msg
if remote_system_is_reachable:
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
error_msg = "Cannot delete parent server in child <%s>" % str(msg)
return success, error_msg
return True, ""
msg = "The remote system is not reachable. " + \
"We had not been able to remove the parent configuration"
return True, msg
def add_system_from_ip(system_ip, password, add_to_database=True):
"""
Add a new system using system ip.
"""
(success, local_system_id) = get_system_id_from_local()
if not success:
error_msg = "Something wrong happened retrieving " + \
"the local system id"
return success, error_msg
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=system_ip,
password=password)
if not success:
api_log.error(response)
return success, response
(success, system_info) = ansible_get_system_info(system_ip)
if not success:
api_log.error(system_info)
return success, "Something wrong happened getting the system info"
sensor_id = None
if 'server' in system_info['profile']:
# - Do not add the child server when I'm myself
if system_info['server_id'] != local_system_id:
success, msg = add_child_server(system_ip,
system_info['server_id'])
if not success:
api_log.error(str(msg))
error_msg = "Something wrong happened setting the child server"
return False, error_msg
if 'sensor' in system_info['profile']:
if 'server' in system_info['profile'] and system_info['sensor_id']:
# sensor and sensor profiles come with its own sensor_id
sensor_id = system_info['sensor_id']
else:
# get sensor_id from ip
sensor_ip = system_ip
if system_info['vpn_ip']:
sensor_ip = system_info['vpn_ip']
(success, sensor_id) = get_sensor_id_from_sensor_ip(sensor_ip)
if not success:
api_log.error(str(sensor_id))
sensor_id = None
system_info['sensor_id'] = sensor_id
if not system_info['admin_ip']:
system_info['admin_ip'] = system_ip
if system_info['admin_ip'] != system_ip:
# We're natted
system_info['admin_ip'] = system_ip
if add_to_database:
profile_str = ','.join(system_info['profile'])
(success, msg) = db_add_system(system_id=system_info['system_id'],
name=system_info['hostname'],
admin_ip=system_info['admin_ip'],
vpn_ip=system_info['vpn_ip'],
profile=profile_str,
server_id=system_info['server_id'],
sensor_id=system_info['sensor_id'])
if not success:
api_log.error(msg)
error_msg = "Something wrong happened inserting " + \
"the system into the database"
return (False, error_msg)
else:
result, _ = get_system_ip_from_system_id (system_info['system_id'])
if not result:
error_msg = "System was not inserted, cannot continue"
return (False, error_msg)
# Now that the system is in the database, check if it is a server and
# open the firewall, if it is required.
if 'server' in system_info['profile']:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-add-server")
if not trigger_success:
api_log.error(msg)
(success, msg) = create_directory_for_ossec_remote(system_info['system_id'])
if not success:
api_log.error(msg)
return (False, msg)
return (True, system_info)
def set_interfaces_roles(system_ip,interface_roles):
""" Check the role of subset of intefaces in the system
@param system_ip The system IP where we're going to operate
@param inteface_roles A json describing each interface we're going
to touch
interface_role format:
{ "iface" : {"role":<role>, "ipaddress":<ipaddress>, "netmask":<netmask>}, ...}
The possibles roles and params
monitoring => no ipaddress and no netmask
log_management => ipaddress and netmask must be present
disable => no ipaddress and no netmask
iface is the name of the network interface as configures (eth0, eth1, etc)
iface SHOULD NOT BE the admin interface
"""
def get_admin_interface_from_current_status(current_status):
for interface, interface_data in current_status.iteritems():
if interface_data['role'] == 'admin':
return interface
return None
# check params
if system_ip == "":
return False, "The system_ip should be a valid IP Address"
if not isinstance(interface_roles, dict):
return False, "The interface_roles should be a dictionary"
if len(interface_roles)<=0:
return False, "Empty interface roles"
# Retrieve the current status.
rc, net_current_status = get_iface_list(system_ip)
if not rc:
return False, "We can't retrieve the current status of the network configuration: %s" % net_current_status
# The management interface can't be set.
admin_interface = get_admin_interface_from_current_status(net_current_status)
if admin_interface is not None:
if admin_interface in interface_roles.keys():
return False, "'%s' is the admin interface. You can't set the role" % admin_interface
# Retrieve the network interface list from ansible facts
response = ansible.run_module([system_ip],
module="av_setup",
args="filter=ansible_interfaces",
use_sudo=True)
if system_ip in response['dark']:
return False, "We can't retrieve the current network interface list: %s" % response['dark'][system_ip]
if response['contacted'][system_ip].get('Failed',False) is True:
return False, "We can't retrieve the current network interface list: %s" % response['contacted'][system_ip]
# Ok, now in response we have all systems interfaces returned by ansible
# u'ansible_facts': {u'ansible_interfaces': [u'lo', u'bond0', u'eth2', u'eth1', u'eth0']}}}}
# First verify that the admin iface is in the list
system_interfaces = response['contacted'][system_ip]['ansible_facts']['ansible_interfaces']
if admin_interface not in system_interfaces:
return False, "Internal error admin iface '%s' not in system interfaces '%s'" % \
(admin_interface, str(system_interfaces))
# Check that all ifaces are included in system_ifaces
if not set(interface_roles.keys()).issubset(set(system_interfaces)):
return False, "There are interfaces in the request that are not present in the system"
# Retrieves the current [sensor]interfaces from ossim_setup.conf
(success, sensor_ifaces) = get_sensor_interfaces(system_ip)
if not success:
return False, "Can't get current sensor interfaces"
sensor_ifaces = sensor_ifaces['sensor_interfaces']
# Ok, now we must check that each param obeys the constrains
# Retrieve the system configured interfaces
(success,system_configured_ifaces) = get_conf_network_interfaces(system_ip, store_path=True)
if not success:
return False, "Can't retrieve the current configured interfaces"
# Build a hash table with key=ethx and value False
result_ifaces = dict([(x, False) for x in interface_roles.keys()])
old_sensor_ifaces = sensor_ifaces[:] # CLone, python use refs
removed_interfaces = []
added_interfaces = []
# Before attempting to make changes we have to check if the result of the operation would be consistent
future_net_status = net_current_status.copy()
for iface, conf in interface_roles.items():
role = conf.get('role', None)
netmask = conf.get('netmask', None)
address = conf.get('ipaddress', None)
if future_net_status.has_key(iface):
if future_net_status[iface]['role'] != role:
future_net_status[iface].pop('ipv4', None) # Clear the old IPv4 because we have change roles
future_net_status[iface]['role'] = role
# We need to clear all the info if we changed the role
future_net_status[iface]['promisc'] = False
if role == 'monitoring':
future_net_status[iface]['promisc'] = True
if role == 'log_management':
ipconf = {'network': "", 'netmask': netmask, 'address': address}
future_net_status[iface]['ipv4'] = ipconf
admin_interfaces_future_net_status = [iface for iface, data in future_net_status.iteritems() if
data['role'] is 'admin']
if len(admin_interfaces_future_net_status) > 1:
return False, "The admin interface is: %s and it's not allowed to configure more than one %s" % (
admin_interface, admin_interfaces_future_net_status)
ip_interfaces = [data['ipv4']['address'] for iface, data in future_net_status.iteritems() if
'ipv4' in data and data['ipv4']['address'] is not None and data['role'] is not 'disabled' and data['role'] is not 'monitoring']
if len(ip_interfaces) > len(set(ip_interfaces)):
return False, "It's not allowed to have more than one interface with the same ip"
for iface, conf in interface_roles.items():
role = conf.get('role', None)
if role == "log_management":
iface_netmask = conf.get('netmask', None)
iface_address = conf.get('ipaddress', None)
if iface_address is None:
result_ifaces[iface] = (False,
"In order to configure the given interface (%s) as a log management "
"interface we need an IP address(%s)" % (
iface, iface_address))
continue
if iface_netmask is None:
result_ifaces[iface] = (False,
"In order to configure the given interface (%s) as a log management "
"interface we need a valid netmask (%s)" % (
iface, iface_netmask))
continue
(success, result) = set_conf_iface(system_ip, iface, iface_address, iface_netmask)
if not success:
api_log.error("Can't configure iface '%s' msg: %s " % (iface, str(result)))
result_ifaces[iface] = (False, "Can't configure iface '%s' msg: %s" % (iface, str(result)))
continue
result_ifaces[iface] = (True, "Configured in /etc/network/interfaces")
added_interfaces.append(iface)
if iface in sensor_ifaces:
sensor_ifaces.remove(iface)
elif role == 'disabled' or role == 'monitoring':
# Check if the iface is in the
if iface in system_configured_ifaces.keys():
# Down iface
(success,result) = iface_debian_down(system_ip,[iface])
if not success:
api_log.error("Can't bring down configured iface '%s' " % iface)
result_ifaces[iface] = False,"Can't bring down configured iface '%s' " % iface
continue
(success,result) = delete_conf_iface (system_ip, iface)
if not success:
result_ifaces[iface] = (False,
"Can't delete iface from /etc/network/interfaces msg: %s" % str(result))
continue
removed_interfaces.append(iface)
result_ifaces[iface] = (True, "Removed from /etc/network/interfaces")
else:
result_ifaces[iface] = (True, "Not in /etc/network/interfaces")
if role == 'disabled':
removed_interfaces.append(iface)
if iface in sensor_ifaces:
sensor_ifaces.remove(iface)
else:
added_interfaces.append(iface)
if iface not in sensor_ifaces:
sensor_ifaces.append(iface)
else:
return False, "Invalid Role (%s) for the interface %s" % (role, iface)
# Here the code must be OK
# How can we make and atomic "configuration" of this code
# Now, check if we have to change the [sensor]interfaces
# First, now ifdown
(success,msg) = iface_down(system_ip, removed_interfaces)
if not success:
return False, "Something wrong has happened while setting down the interfaces %s" % msg
# Give me up
(success, msg) = iface_up(system_ip, added_interfaces)
if not success:
return False, "Something wrong has happened while setting up the interfaces %s" % msg
if set(sensor_ifaces) != set(old_sensor_ifaces):
# Set the ne sensors
(success,msg) = set_sensor_interfaces(system_ip,",".join(sensor_ifaces))
if not success:
return False, result_ifaces
# Regenerate /etc/alienvault/network/interfaces
# It should be done until all the interface management is ported to use lib av_config
fire_trigger(system_ip=system_ip,
trigger="alienvault-network-interfaces-migrate",
execute_trigger=False)
return True, result_ifaces
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Cannot retrieve the " + \
"local system id. %s" % str(local_system_id)
return success, error_msg
if system_id == 'local' or get_hex_string_from_uuid(
local_system_id) == get_hex_string_from_uuid(system_id):
error_msg = "You're trying to remove the local system, " + \
"which it's not allowed"
return False, error_msg
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "Cannot retrieve the system ip " + \
"for the given system-id %s" % (str(system_ip))
return success, error_msg
# Check whether the remote system is reachable or not:
try:
remote_system_is_reachable = ping_system(system_id, no_cache=True)
except APIException:
remote_system_is_reachable = False
# We need to take the sensor_id from the database before removing it from the db
(success_f, sensor_id) = get_sensor_id_from_system_id(system_id)
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
error_msg = "Cannot remove the system " + \
"from the database <%s>" % str(msg)
return success, error_msg
# 2 - Remove the firewall rules.
if success_f:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-sensor")
if not trigger_success:
api_log.error(msg)
else:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-server")
if not trigger_success:
api_log.error(msg)
# 3 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return (success,
# "Error while removing the remote certificates: %s" % str(msg))
# 4 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "Cannot retrieve the local ip " + \
"<%s>" % str(local_ip)
return success, error_msg
#Remove remote system certificates on the local system
success, msg = ansible_remove_certificates(system_ip=local_ip,
system_id_to_remove=system_id)
if not success:
return success, "Cannot remove the local certificates <%s>" % str(msg)
# 5 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
error_msg = "Cannot remove the system from the " + \
"ansible inventory file " + \
"<%s>" % str(aim_error)
return False, error_msg
# 6 - Try to connect to the child and remove the parent
# using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Cannot retrieve the server-id " + \
"from local <%s>" % str(msg)
return success, error_msg
if remote_system_is_reachable:
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
error_msg = "Cannot delete parent server in child <%s>" % str(msg)
return success, error_msg
return True, ""
msg = "The remote system is not reachable. " + \
"We had not been able to remove the parent configuration"
return True, msg
def add_system_from_ip(system_ip, password, add_to_database=True):
"""
Add a new system using system ip.
"""
(success, local_system_id) = get_system_id_from_local()
if not success:
error_msg = "Something wrong happened retrieving " + \
"the local system id"
return success, error_msg
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=system_ip,
password=password)
if not success:
api_log.error(response)
return success, response
(success, system_info) = ansible_get_system_info(system_ip)
if not success:
api_log.error(system_info)
return success, "Something wrong happened getting the system info"
sensor_id = None
if 'server' in system_info['profile']:
# - Do not add the child server when I'm myself
if system_info['server_id'] != local_system_id:
success, msg = add_child_server(system_ip,
system_info['server_id'])
if not success:
api_log.error(str(msg))
error_msg = "Something wrong happened setting the child server"
return False, error_msg
if 'sensor' in system_info['profile']:
if 'server' in system_info['profile'] and system_info['sensor_id']:
# sensor and sensor profiles come with its own sensor_id
sensor_id = system_info['sensor_id']
else:
# get sensor_id from ip
sensor_ip = system_ip
if system_info['vpn_ip']:
sensor_ip = system_info['vpn_ip']
(success, sensor_id) = get_sensor_id_from_sensor_ip(sensor_ip)
if not success:
api_log.error(str(sensor_id))
sensor_id = None
system_info['sensor_id'] = sensor_id
if not system_info['admin_ip']:
system_info['admin_ip'] = system_ip
if system_info['admin_ip'] != system_ip:
# We're natted
system_info['admin_ip'] = system_ip
if add_to_database:
profile_str = ','.join(system_info['profile'])
(success, msg) = db_add_system(system_id=system_info['system_id'],
name=system_info['hostname'],
admin_ip=system_info['admin_ip'],
vpn_ip=system_info['vpn_ip'],
profile=profile_str,
server_id=system_info['server_id'],
sensor_id=system_info['sensor_id'])
if not success:
api_log.error(msg)
error_msg = "Something wrong happened inserting " + \
"the system into the database"
return (False, error_msg)
else:
result, _ = get_system_ip_from_system_id(system_info['system_id'])
if not result:
error_msg = "System was not inserted, cannot continue"
return (False, error_msg)
# Now that the system is in the database, check if it is a server and
# open the firewall, if it is required.
if 'server' in system_info['profile']:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-add-server")
if not trigger_success:
api_log.error(msg)
(success,
msg) = create_directory_for_ossec_remote(system_info['system_id'])
if not success:
api_log.error(msg)
return (False, msg)
return (True, system_info)
