def get_plugin_sids_package(system_id, md5): """ Check the :system_id: system if its alienvault-plugin-sids package has md5 sum of :md5:. Download the package from remote system. check if not reconfig / update is running. Install package """ # First, check remote md5 rt = False emsg = '' try: result, info = get_plugin_package_info_from_system_id(system_id) if not result: raise Exception("Can't obtain alienvault-plugin-sid info for system %s : %s" % (system_id, str(info))) if info['md5'] != md5: raise Exception("md5 provided doesn't match with stored md5") # Use ansible to download file to temp directory result, ipremote = get_system_ip_from_system_id(system_id) if not result: raise Exception("Can't obtain remote system ip") result, iplocal = get_system_ip_from_local() if not result: raise Exception("Can't obtain local system ip") result, idlocal = get_system_id_from_local() if not result: raise Exception("Can't obtain local system id") # Create a temp file temp = NamedTemporaryFile(delete=True) tempname = temp.name plugin_package = "alienvault-plugin-sids_" + info['version'] + "_all.deb" remote_path = "/var/cache/apt/archives" result, emsg = fetch_if_changed(ipremote, os.path.join(remote_path, plugin_package), iplocal, tempname) if not result: raise Exception("Can't copy remote from %s file name %s Error: %s" % (ipremote, os.path.join(remote_path, plugin_package), emsg)) shutil.copy(tempname, remote_path) # Atomic rename os.rename(os.path.join(remote_path, os.path.basename(tempname)), os.path.join(remote_path, plugin_package)) # Check if we're not updaing / configuring result, status = check_update_and_reconfig_status(idlocal) if not result: raise Exception("Can't check current status reconfig / update") if status['alienvault-update']['job_status'] == 'running': raise Exception("alienvault-update running") if status['alienvault-reconfig']['job_status'] == 'running': raise Exception("alienvault-reconfig running") if status['ossim-reconfig']['job_status'] == 'running': raise Exception("ossim-reconfig running") # Okey, install package result, status = install_debian_package([iplocal], os.path.join(remote_path, plugin_package)) if not result: raise Exception("Can't install %s" % os.path.join(remote_path, plugin_package)) rt = True emsg = '' except Exception as excep: emsg = str(excep) rt = False return (rt, emsg)
def sync_database_from_child(system_id): """ Check SQL sync file in system_id and if it differs from the local one, get it and add to local database Then, check if we have to propagate changes upwards and generate sync.sql if so """ # Get remote and local IPs (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: return success, "[Apimethod sync_database_from_child] Error retrieving the system ip for the system id %s -> %s" % (system_ip, str(system_ip)) success, local_ip = get_system_ip_from_local() if not success: return success, "[Apimethod sync_database_from_child] Error while getting the local ip: %s" % str(local_ip) # Get remote sync file if changed remote_file_path = "/var/lib/alienvault-center/db/sync.sql.gz" local_gzfile_path = "%s/sync_%s.sql.gz" % (get_base_path_from_system_id(system_id), system_id) local_file_path = "%s/sync_%s.sql" % (get_base_path_from_system_id(system_id), system_id) (retrieved, msg) = fetch_if_changed(system_ip, remote_file_path, local_ip, local_gzfile_path) if not retrieved: if 'already in sync' in msg: return True, "[Apimethod sync_database_from_child] Databases already in sync" else: return False, "[Apimethod sync_database_from_child] %s" % msg # SQL file changed. Get it, check md5 and apply # Get MD5SUM file for the SQL file remote_md5file_path = "/var/lib/alienvault-center/db/sync.md5" local_md5file_path = "%s/sync_%s.md5" % (get_base_path_from_system_id(system_id), system_id) (retrieved, msg) = fetch_if_changed(system_ip, remote_md5file_path, local_ip, local_md5file_path) if not retrieved and 'already in sync' not in msg: return False, "[Apimethod sync_database_from_child] %s" % msg # Gunzip SQL file before processing it success, msg = gunzip_file(local_ip, local_gzfile_path, local_file_path) if not success: return False, "[Apimethod sync_database_from_child] %s" % msg # Check SQL file MD5 with open(local_md5file_path) as m: md5_read = m.readline() p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE) md5_calc, err = p.communicate() if err: return False, "[Apimethod sync_database_from_child] %s" % err if not str(md5_read.rstrip('\n')) in str(md5_calc): return False, "[Apimethod sync_database_from_child] Corrupt or incomplete SQL file (bad md5sum)" # SQL file OK. Apply with open(local_file_path) as f: if call(['/usr/bin/ossim-db'], stdin=f): return False, "[Apimethod sync_database_from_child] Error applying SQL file to ossim-db" else: api_log.info("[Apimethod sync_database_from_child] SQL applied successfully") # Check first line of sync.sql file for mySQL restart option f.seek(0, 0) restart_db = "RESTART OSSIM-SERVER" in f.readline() # Restart SQL server if needed if restart_db: try: restart_mysql(local_ip) except Exception, err: return False, "An error occurred while restarting MySQL server: %s" % str(err)