Example #1
0
def get_plugin_sids_package(system_id, md5):
    """
        Check the :system_id: system if its alienvault-plugin-sids
        package has md5 sum of :md5:. Download the package from remote system.
        check if not reconfig / update is running. Install package
    """
    # First, check remote md5
    rt = False
    emsg = ''
    try:
        result, info = get_plugin_package_info_from_system_id(system_id)
        if not result:
            raise Exception("Can't obtain alienvault-plugin-sid info for system %s : %s" % (system_id, str(info)))
        if info['md5'] != md5:
            raise Exception("md5 provided doesn't match with stored md5")
        # Use ansible to download file to temp directory
        result, ipremote = get_system_ip_from_system_id(system_id)
        if not result:
            raise Exception("Can't obtain remote system ip")
        result, iplocal = get_system_ip_from_local()
        if not result:
            raise Exception("Can't obtain local system ip")
        result, idlocal = get_system_id_from_local()
        if not result:
            raise Exception("Can't obtain local system id")
            # Create a temp file
        temp = NamedTemporaryFile(delete=True)
        tempname = temp.name
        plugin_package = "alienvault-plugin-sids_" + info['version'] + "_all.deb"
        remote_path = "/var/cache/apt/archives"
        result, emsg = fetch_if_changed(ipremote,
                                        os.path.join(remote_path, plugin_package),
                                        iplocal,
                                        tempname)
        if not result:
            raise Exception("Can't copy remote from %s file name %s Error: %s" % (ipremote, os.path.join(remote_path, plugin_package), emsg))
        shutil.copy(tempname, remote_path)
        # Atomic rename
        os.rename(os.path.join(remote_path, os.path.basename(tempname)),
                  os.path.join(remote_path, plugin_package))
        # Check if we're not updaing / configuring
        result, status = check_update_and_reconfig_status(idlocal)
        if not result:
            raise Exception("Can't check current status reconfig / update")
        if status['alienvault-update']['job_status'] == 'running':
            raise Exception("alienvault-update running")
        if status['alienvault-reconfig']['job_status'] == 'running':
            raise Exception("alienvault-reconfig running")
        if status['ossim-reconfig']['job_status'] == 'running':
            raise Exception("ossim-reconfig running")
        # Okey, install package
        result, status = install_debian_package([iplocal], os.path.join(remote_path, plugin_package))
        if not result:
            raise Exception("Can't install %s" % os.path.join(remote_path, plugin_package))
        rt = True
        emsg = ''
    except Exception as excep:
        emsg = str(excep)
        rt = False
    return (rt, emsg)
Example #2
0
def get_plugin_sids_package(system_id, md5):
    """
        Check the :system_id: system if its alienvault-plugin-sids
        package has md5 sum of :md5:. Download the package from remote system.
        check if not reconfig / update is running. Install package
    """
    # First, check remote md5
    rt = False
    emsg = ''
    try:
        result, info = get_plugin_package_info_from_system_id(system_id)
        if not result:
            raise Exception("Can't obtain alienvault-plugin-sid info for system %s : %s" % (system_id, str(info)))
        if info['md5'] != md5:
            raise Exception("md5 provided doesn't match with stored md5")
        # Use ansible to download file to temp directory
        result, ipremote = get_system_ip_from_system_id(system_id)
        if not result:
            raise Exception("Can't obtain remote system ip")
        result, iplocal = get_system_ip_from_local()
        if not result:
            raise Exception("Can't obtain local system ip")
        result, idlocal = get_system_id_from_local()
        if not result:
            raise Exception("Can't obtain local system id")
            # Create a temp file
        temp = NamedTemporaryFile(delete=True)
        tempname = temp.name
        plugin_package = "alienvault-plugin-sids_" + info['version'] + "_all.deb"
        remote_path = "/var/cache/apt/archives"
        result, emsg = fetch_if_changed(ipremote,
                                        os.path.join(remote_path, plugin_package),
                                        iplocal,
                                        tempname)
        if not result:
            raise Exception("Can't copy remote from %s file name %s Error: %s" % (ipremote, os.path.join(remote_path, plugin_package), emsg))
        shutil.copy(tempname, remote_path)
        # Atomic rename
        os.rename(os.path.join(remote_path, os.path.basename(tempname)),
                  os.path.join(remote_path, plugin_package))
        # Check if we're not updaing / configuring
        result, status = check_update_and_reconfig_status(idlocal)
        if not result:
            raise Exception("Can't check current status reconfig / update")
        if status['alienvault-update']['job_status'] == 'running':
            raise Exception("alienvault-update running")
        if status['alienvault-reconfig']['job_status'] == 'running':
            raise Exception("alienvault-reconfig running")
        if status['ossim-reconfig']['job_status'] == 'running':
            raise Exception("ossim-reconfig running")
        # Okey, install package
        result, status = install_debian_package([iplocal], os.path.join(remote_path, plugin_package))
        if not result:
            raise Exception("Can't install %s" % os.path.join(remote_path, plugin_package))
        rt = True
        emsg = ''
    except Exception as excep:
        emsg = str(excep)
        rt = False
    return (rt, emsg)
Example #3
0
def sync_database_from_child(system_id):
    """
    Check SQL sync file in system_id and if it differs from the local one, get it and add to local database
    Then, check if we have to propagate changes upwards and generate sync.sql if so
    """
    # Get remote and local IPs
    (success, system_ip) = get_system_ip_from_system_id(system_id)
    if not success:
        return success, "[Apimethod sync_database_from_child] Error retrieving the system ip for the system id %s -> %s" % (system_ip, str(system_ip))

    success, local_ip = get_system_ip_from_local()
    if not success:
        return success, "[Apimethod sync_database_from_child] Error while getting the local ip: %s" % str(local_ip)

    # Get remote sync file if changed
    remote_file_path = "/var/lib/alienvault-center/db/sync.sql.gz"
    local_gzfile_path = "%s/sync_%s.sql.gz" % (get_base_path_from_system_id(system_id), system_id)
    local_file_path = "%s/sync_%s.sql" % (get_base_path_from_system_id(system_id), system_id)
    (retrieved, msg) = fetch_if_changed(system_ip, remote_file_path, local_ip, local_gzfile_path)
    if not retrieved:
        if 'already in sync' in msg:
            return True, "[Apimethod sync_database_from_child] Databases already in sync"
        else:
            return False, "[Apimethod sync_database_from_child] %s" % msg

    # SQL file changed. Get it, check md5 and apply
    # Get MD5SUM file for the SQL file
    remote_md5file_path = "/var/lib/alienvault-center/db/sync.md5"
    local_md5file_path = "%s/sync_%s.md5" % (get_base_path_from_system_id(system_id), system_id)
    (retrieved, msg) = fetch_if_changed(system_ip, remote_md5file_path, local_ip, local_md5file_path)
    if not retrieved and 'already in sync' not in msg:
        return False, "[Apimethod sync_database_from_child] %s" % msg

    # Gunzip SQL file before processing it
    success, msg = gunzip_file(local_ip, local_gzfile_path, local_file_path)
    if not success:
        return False, "[Apimethod sync_database_from_child] %s" % msg

    # Check SQL file MD5
    with open(local_md5file_path) as m:
        md5_read = m.readline()
    p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE)
    md5_calc, err = p.communicate()
    if err:
        return False, "[Apimethod sync_database_from_child] %s" % err
    if not str(md5_read.rstrip('\n')) in str(md5_calc):
        return False, "[Apimethod sync_database_from_child] Corrupt or incomplete SQL file (bad md5sum)"

    # SQL file OK. Apply
    with open(local_file_path) as f:
        if call(['/usr/bin/ossim-db'], stdin=f):
            return False, "[Apimethod sync_database_from_child] Error applying SQL file to ossim-db"
        else:
            api_log.info("[Apimethod sync_database_from_child] SQL applied successfully")
            # Check first line of sync.sql file for mySQL restart option
            f.seek(0, 0)
            restart_db = "RESTART OSSIM-SERVER" in f.readline()

    # Restart SQL server if needed
    if restart_db:
        try:
            restart_mysql(local_ip)
        except Exception, err:
            return False, "An error occurred while restarting MySQL server: %s" % str(err)