Example #1
0
def put_sensor_detector(sensor_id):
    """
    Set the [sensor]/detectors list on ossim_setup.conf of the sensor
    """
    # Get the 'plugins' param list, with contains the detector plugins
    # It must be a comma separate list
    plugins = request.args.get('plugins')
    if plugins is None:
        current_app.logger.error("detector: put_sensor_detector error: Missing parameter 'plugins'")
        return make_bad_request("Missing parameter plugins")

    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'")
        return make_bad_request("Bad sensor_id")

    (success, data) = set_sensor_detectors(sensor_ip, plugins)
    if not success:
        current_app.logger.error("detector: put_sensor_detector error %s" % data)
        return make_error("Error setting sensor detector plugins", 500)

    # Now launch reconfig task
    job = alienvault_reconfigure.delay(sensor_ip)

    # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces
    return make_ok(job_id_reconfig=job.id)
Example #2
0
def sync_asec_plugins(plugin=None, enable=True):
    """
    Send the ASEC generated plugins to the system sensors and enable them

    Args:
        plugin: plugin name
        enable: wether we should enable the plugin or not. Default = True

    Returns:
        success (bool):
        msg (str): Success message/Error info

    """
    if not plugin:
        return False, "No plugin to sync"

    try:
        plugin_path = "/var/lib/asec/plugins/" + plugin + ".cfg"
        sql_path = plugin_path + ".sql"

        sensors = []
        (success, sensors) = get_systems(system_type='sensor')
        if not success:
            return False, "Unable to get sensors list: %s" % sensors

        # Bug in ansible copy module prevents us from copying the files from
        # /var/lib/asec/plugins as it has permissions 0 for "other"
        # Workaround: make a local copy using ansible command module
        plugin_tmp_path = "/tmp/" + plugin + ".cfg"
        sql_tmp_path = plugin_tmp_path + ".sql"
        success, local_ip = get_system_ip_from_local()
        if not success:
            error_msg = "[ansible_install_plugin] " + \
                        "Failed to make get local IP: %s" % local_ip
            return False, error_msg
        (success, msg) = local_copy_file(local_ip,
                                         plugin_path,
                                         plugin_tmp_path)
        if not success:
            error_msg = "[ansible_install_plugin] " + \
                        "Failed to make temp copy of plugin file: %s" % msg
            return False, error_msg
        (success, msg) = local_copy_file(local_ip, sql_path, sql_tmp_path)
        if not success:
            error_msg = "[ansible_install_plugin] " + \
                        "Failed to make temp copy of sql file: %s" % msg
            return False, error_msg

        all_ok = True
        for (sensor_id, sensor_ip) in sensors:
            (success, msg) = ansible_install_plugin(sensor_ip,
                                                    plugin_tmp_path,
                                                    sql_tmp_path)
            if success and enable:
                # Get list of active plugins and add the new one.
                # Then send the list back to the sensor?
                (success, data) = get_sensor_detectors(sensor_ip)
                if success:
                    data['sensor_detectors'].append(plugin)
                    sensor_det = ','.join(data['sensor_detectors'])
                    (success, msg) = set_sensor_detectors(sensor_ip,
                                                          sensor_det)
                if not success:
                    error_msg = "[sync_asec_plugins] " + \
                                "Error enabling plugin %s " % plugin + \
                                "for sensor %s: %s" % (sensor_ip, msg)
                    api_log.error(error_msg)
                    all_ok = False
                else:
                    # Now launch reconfig task
                    job = alienvault_reconfigure.delay(sensor_ip)
            else:
                error_msg = "[sync_asec_plugins] " + \
                            "Error installing plugin %s " % plugin + \
                            "in sensor %s: %s" % (sensor_ip, msg)
                api_log.error(error_msg)
                all_ok = False

        # Delete temporal copies of the files
        remove_file([local_ip], plugin_tmp_path)
        remove_file([local_ip], sql_tmp_path)

        if not all_ok:
            error_msg = "Plugin %s installation failed " % plugin + \
                        "for some sensors"
            return False, error_msg

        info_msg = "Plugin %s installed. Enabled = %s" % (plugin, str(enable))
        return True, info_msg

    except Exception as e:
        api_log.error("[sync_asec_plugins] Exception catched: %s" % str(e))
        return False, "[sync_asec_plugins] Unknown error"