def ansible_get_child_alarms(system_ip, delay=1, delta=3):
"""
Get the alarms from remote system
"""
cmd = "echo \"select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status='closed' AND timestamp between DATE_SUB(utc_timestamp(), " \
"interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) UNION select hex(event_id), timestamp, hex(backlog_id) " \
"FROM alarm WHERE status='open' AND " \
"timestamp between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) ORDER BY timestamp DESC;\" | ossim-db " % (
delta + delay, delay, delta + delay, delay)
api_log.debug("Query: %s" % cmd)
response = ansible.run_module(host_list=[system_ip],
module="shell",
args=cmd)
success, msg = ansible_is_valid_response(system_ip, response)
if not success:
return False, "[ansible_get_child_alarms] Can't retrieve remote alarms (%s) : %s" % (system_ip, msg)
data = []
try:
output = str(response['contacted'][system_ip]['stdout'])
split = output.splitlines() # Discard first line
if split:
for line in split[1:]: # Omit header
(event_id, timestamp, backlog_id) = line.split('\t')
data.append(event_id)
except KeyError:
api_log.error("[ansible_get_child_alarms] Bad response from child server: %s" & str(output))
return False, "[ansible_get_child_alarms] Bad response from child server"
return True, data
def sync_asec_plugins():
"""Send ASEC plugins to all sensors
The blueprint handle the following url:
PUT /av/api/1.0/system/asec?plugins=<plugins>
Args:
plugins (str): Comma separated plugin list
"""
plugins = request.args.get("plugins")
plugin_list = plugins.split(',')
all_ok = True
failed_plugins = []
for plugin in plugin_list:
(success, msg) = api_sync_asec(plugin=plugin, enable=True)
if not success:
all_ok = False
failed_plugins.append(plugin)
api_log.error("Sync failed for plugin %s: %s" % (plugin, msg))
else:
api_log.debug("Sync OK for plugin %s" % plugin)
if not all_ok:
error_msg = "ASEC plugins sync failed for plugins: %s" % ','.join(failed_plugins)
return make_error(error_msg, 500)
return make_ok(msg="ASEC plugins sync OK")
def get_license_devices():
"""
Retrieves the number of assets for a given license
Return:
Number of devices signed for a license
0 if an error occurs
1000000 if 'devices' is not specified in the ossim.lic file
"""
rc, pro = system_is_professional()
devices = 0
if rc and pro:
if os.path.isfile("/etc/ossim/ossim.lic"):
try:
config = RawConfigParser()
license_file = config.read('/etc/ossim/ossim.lic')
devices = config.getint('appliance', 'devices')
except NoOptionError:
devices = 1000000
else:
api_log.debug(
"License devices can't be determined: License file not found")
devices = 0
else:
devices = 1000000
return devices
def sync_asec_plugins():
"""Send ASEC plugins to all sensors
The blueprint handle the following url:
PUT /av/api/1.0/system/asec?plugins=<plugins>
Args:
plugins (str): Comma separated plugin list
"""
plugins = request.args.get("plugins")
plugin_list = plugins.split(',')
all_ok = True
failed_plugins = []
for plugin in plugin_list:
(success, msg) = api_sync_asec(plugin=plugin, enable=True)
if not success:
all_ok = False
failed_plugins.append(plugin)
api_log.error("Sync failed for plugin %s: %s" % (plugin, msg))
else:
api_log.debug("Sync OK for plugin %s" % plugin)
if not all_ok:
error_msg = "ASEC plugins sync failed for plugins: "
error_msg = error_msg + "%s" % ','.join(failed_plugins)
return make_error(error_msg, 500)
return make_ok(msg="ASEC plugins sync OK")
def get_license_devices():
"""
Retrieves the number of assets for a given license
Return:
Number of devices signed for a license
0 if an error occurs
1000000 if 'devices' is not specified in the ossim.lic file
"""
rc, pro = system_is_professional()
devices = 0
if rc and pro:
if os.path.isfile("/etc/ossim/ossim.lic"):
try:
config = RawConfigParser()
license_file = config.read('/etc/ossim/ossim.lic')
devices = config.getint('appliance', 'devices')
except NoOptionError:
devices = 1000000
else:
api_log.debug("License devices can't be determined: License file not found")
devices = 0
else:
devices = 1000000
return devices
def ansible_get_child_alarms(system_ip, delay=1, delta=3):
"""
Get the alarms from remote system
"""
cmd = "echo \"select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status='closed' AND timestamp between DATE_SUB(utc_timestamp(), " \
"interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) UNION select hex(event_id), timestamp, hex(backlog_id) " \
"FROM alarm WHERE status='open' AND " \
"timestamp between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) ORDER BY timestamp DESC;\" | ossim-db " % (
delta + delay, delay, delta + delay, delay)
api_log.debug("Query: %s" % cmd)
response = ansible.run_module(host_list=[system_ip],
module="shell",
args=cmd)
success, msg = ansible_is_valid_response(system_ip, response)
if not success:
return False, "[ansible_get_child_alarms] Can't retrieve remote alarms (%s) : %s" % (
system_ip, msg)
data = []
try:
output = str(response['contacted'][system_ip]['stdout'])
split = output.splitlines() # Discard first line
if split:
for line in split[1:]: # Omit header
(event_id, timestamp, backlog_id) = line.split('\t')
data.append(event_id)
except KeyError:
api_log.error(
"[ansible_get_child_alarms] Bad response from child server: %s"
& str(output))
return False, "[ansible_get_child_alarms] Bad response from child server"
return True, data
def __process_connection_message_response(self, response):
api_log.debug("IDM connector - Recv: %s" % response)
success = False
if response == 'ok id="' + str(self.sequence_id) + '"\n':
success = True
else:
api_log.error("IDM connector - Bad response from %s (seq_exp:%s): %s " % (self.ip, self.sequence_id, str(response)))
return success
def __process_connection_message_response(self, response):
api_log.debug("IDM connector - Recv: %s" % response)
success = False
if response == 'ok id="' + str(self.sequence_id) + '"\n':
success = True
else:
api_log.error(
"IDM connector - Bad response from %s (seq_exp:%s): %s " %
(self.ip, self.sequence_id, str(response)))
return success
def connect(self, attempts=3, wait_time=10):
"""Connects to the server and starts the handshake"""
try:
tries = 0
connected = False
self.close()
while tries < attempts and connected is False:
if tries > 0:
time.sleep(wait_time)
tries += 1
api_log.debug("IDM connector - Tries: %s connected: %s" %
(tries, connected))
api_log.debug("IDM connector - Conn: %s" % self.conn)
if self.conn is not None:
self.conn.close()
self.conn = None
self.conn = Connection(ip=self.ip, port=self.port)
api_log.debug(
"IDM connector - Creating a new Connection object")
if not self.conn.connect(attempts=attempts,
default_wait=wait_time):
continue
# Send the connection message:
self.sequence_id += 1
if self.sensor_id is None:
connect_message = self.CONNECT_MESSAGE_2.format(
self.sequence_id)
else:
connect_message = self.CONNECT_MESSAGE.format(
self.sequence_id, self.sensor_id)
api_log.error(
"IDM connector - Send: {0}".format(connect_message))
if not self.send(connect_message):
api_log.error(
"IDM connector - Cannot send the connection message")
self.conn.close()
continue
connection_message_response = self.recv()
if not self.__process_connection_message_response(
connection_message_response):
api_log.error(
"IDM connector - Cannot connect to the server, invalid response"
)
self.conn.close()
continue
connected = True
if not connected:
return False
except Exception as err:
api_log.debug(
"IDM connector - Cannot connect to the server.... %s" %
str(err))
self.close()
return False
return True
def reload_hosts(self):
"""Builds an IDM message to reload the hosts"""
try:
self.sequence_id += 1
message = 'reload-hosts id="' + str(self.sequence_id) + '"\n'
api_log.info("Sending the reload host message")
self.send(message)
connection_message_response = self.recv()
if not self.__process_connection_message_response(connection_message_response):
api_log.error("Server connector - Cannot connect to the server, invalid response")
except Exception as e:
api_log.debug("Server connector, cannot send the reload host message")
def get_local_alarms(delay=1, delta=3):
"""
Get the local alarms
By default alarms older than 1 hours and delta 3
"""
data = []
try:
query = "select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status=0 AND timestamp " \
"between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) " \
"UNION select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status=1 AND " \
"timestamp between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) " \
"ORDER BY timestamp DESC;" % (delta + delay, delay, delta + delay, delay)
api_log.debug("[get_local_alarms] Query:" + query)
rows = db.session.connection(mapper=Server).execute(query)
data = [row[0] for row in rows]
except NoResultFound:
pass
except Exception, msg:
api_log.error("[get_local_alarms] %s" % str(msg))
return False, str(msg)
def get_local_alarms(delay=1, delta=3):
"""
Get the local alarms
By default alarms older than 1 hours and delta 3
"""
data = []
try:
query = "select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status=0 AND timestamp " \
"between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) " \
"UNION select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status=1 AND " \
"timestamp between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) " \
"ORDER BY timestamp DESC;" % (delta + delay, delay, delta + delay, delay)
api_log.debug("[get_local_alarms] Query:" + query)
rows = db.session.connection(mapper=Server).execute(query)
data = [row[0] for row in rows]
except NoResultFound:
pass
except Exception, msg:
api_log.error("[get_local_alarms] %s" % str(msg))
return False, str(msg)
def connect(self, attempts=3, default_wait=10):
"""Connects to the given endpoint"""
while self.__sock is None and self.__wait < MAX_WAIT and self.__tries < MAX_TRIES:
api_log.debug("Connection [%s:%s] - Trying to connect ... " % (self.ip, self.port ))
# Create a new socket
try:
plain_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except Exception as err:
api_log.error("Connection [%s:%s] - Cannot create a new socket %s" % (self.ip, self.port, str(err)))
self.__tries += 1
self.__wait += default_wait
time.sleep(default_wait)
continue
# Set socket options:
plain_sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 2) # Enable keep alive
plain_sock.setsockopt(socket.SOL_TCP, socket.TCP_KEEPIDLE, 5) # Start to send keepalieves after this period
plain_sock.setsockopt(socket.SOL_TCP, socket.TCP_KEEPINTVL, 3) # interval between keepalieves.
plain_sock.setsockopt(socket.SOL_TCP, socket.TCP_KEEPCNT, 5) # number of keep alieves before deadth
self.__sock = plain_sock
try:
api_log.debug("Connection [%s:%s] - Connect using plain socket" % (self.ip, self.port))
self.__sock.connect((self.__ip, self.__port))
except Exception as err:
api_log.error("Connection [%s:%s] - Cannot establish a plain connection"
"with the remote server, waiting for %d seconds: %s" % (
self.__ip, self.__port, default_wait, str(err)))
self.__tries += 1
self.__wait += default_wait
time.sleep(default_wait)
continue
else:
api_log.error("Connection [%s:%s] - Plain socket connected..." % (self.ip, self.port))
self.__connected = True
return self.__connected
def reload_hosts(self):
"""Builds an IDM message to reload the hosts"""
try:
self.sequence_id += 1
message = 'reload-hosts id="' + str(self.sequence_id) + '"\n'
api_log.info("Sending the reload host message")
self.send(message)
connection_message_response = self.recv()
if not self.__process_connection_message_response(
connection_message_response):
api_log.error(
"Server connector - Cannot connect to the server, invalid response"
)
except Exception as e:
api_log.debug(
"Server connector, cannot send the reload host message")
def connect(self, attempts=3, wait_time=10):
"""Connects to the server and starts the handshake"""
try:
tries = 0
connected = False
self.close()
while tries < attempts and connected is False:
if tries > 0:
time.sleep(wait_time)
tries += 1
api_log.debug("IDM connector - Tries: %s connected: %s" % (tries, connected))
api_log.debug("IDM connector - Conn: %s" % self.conn)
if self.conn is not None:
self.conn.close()
self.conn = None
self.conn = Connection(ip=self.ip, port=self.port)
api_log.debug("IDM connector - Creating a new Connection object")
if not self.conn.connect(attempts=attempts, default_wait=wait_time):
continue
# Send the connection message:
self.sequence_id += 1
if self.sensor_id is None:
connect_message = self.CONNECT_MESSAGE_2.format(self.sequence_id)
else:
connect_message = self.CONNECT_MESSAGE.format(self.sequence_id, self.sensor_id)
api_log.error("IDM connector - Send: {0}".format(connect_message))
if not self.send(connect_message):
api_log.error("IDM connector - Cannot send the connection message")
self.conn.close()
continue
connection_message_response = self.recv()
if not self.__process_connection_message_response(connection_message_response):
api_log.error("IDM connector - Cannot connect to the server, invalid response")
self.conn.close()
continue
connected = True
if not connected:
return False
except Exception as err:
api_log.debug("IDM connector - Cannot connect to the server.... %s" % str(err))
self.close()
return False
return True
def start(self):
""" Starts the monitor activity
"""
try:
# Remove the previous monitor data.
self.remove_monitor_data()
monitor_data = {}
success, system_id = get_system_id_from_local()
if not success:
return False
# Now
now = int(time.time())
# Firstly, wizard data!
wizard_dict = {}
success, start_welcome_wizard, welcome_wizard_date = get_wizard_data(
)
if not success:
api_log.error("There was an error retrieving the wizard data")
wizard_shown = True
if start_welcome_wizard == 2:
# if difference between now and welcome_wizard_date is less
# than a week, display message
if (now - welcome_wizard_date) < 420:
wizard_shown = False
wizard_dict['wizard_shown'] = wizard_shown
monitor_data[
self.__WEB_MESSAGES['MESSAGE_WIZARD_SHOWN']] = wizard_dict
# Time to look for orphan sensors
orphan_sensors_dict = {}
success, message = check_any_orphan_sensor()
orphan_sensors = False
if not success:
api_log.error(message)
orphan_sensors = True
orphan_sensors_dict['orphan_sensors'] = orphan_sensors
monitor_data[self.__WEB_MESSAGES[
'MESSAGE_SENSOR_NOT_INSERTED']] = orphan_sensors_dict
# Has the trial version expired?
success, expires, message = get_trial_expiration_date()
trial_expired = False
trial_expires_7days = False
trial_expires_2days = False
if not success:
rc, pro = system_is_professional()
if rc:
if pro:
# OK, we have an error here
api_log.error(message)
else:
pass
else:
# expire=9999-12-31
expiration_date = expires.split('=')[1]
if expiration_date:
mktime_expression = datetime.datetime.strptime(
expiration_date, "%Y-%m-%d").timetuple()
expires = int(time.mktime(mktime_expression))
one_week_left = now - 604800
two_days_left = now - 172800
if expires < one_week_left:
trial_expires_7days = True
elif expires < two_days_left:
trial_expires_2days = True
elif expires < now:
trial_expired = True
else:
pass
else:
if os.path.isfile("/etc/ossim/ossim.lic"):
api_log.warning(
"Valid license but no web admin user found!")
else:
api_log.debug(
"Expiration date can't be determined: License file not found"
)
monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRED"]] = {
'trial_checked': success,
'trial_expired': trial_expired
}
monitor_data[
self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_7DAYS"]] = {
'trial_checked': success,
'trial_expired': trial_expires_7days
}
monitor_data[
self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_2DAYS"]] = {
'trial_checked': success,
'trial_expired': trial_expires_2days
}
# Check max number of assets
assets = len(get_asset_list())
contracted_devices = get_license_devices()
over_assets = False
exceeding_assets = 0
#if assets > contracted_devices:
# exceeding_assets = assets - contracted_devices
# over_assets = True
monitor_data[self.__WEB_MESSAGES["MESSAGE_LICENSE_VIOLATION"]] = {
'over_assets': over_assets,
'exceeding_assets': exceeding_assets
}
# OTX contribution
otx_enabled = apimethod_is_otx_enabled()
monitor_data[self.__WEB_MESSAGES["MESSAGE_OTX_CONNECTION"]] = {
'otx_enabled': otx_enabled
}
# Backup in progress?
success, running, message = check_backup_process_running()
if not success:
api_log.error(message)
monitor_data[self.__WEB_MESSAGES["MESSAGE_BACKUP_RUNNING"]] = {
'backup_check': success,
'backup_running': running
}
# Save monitor data
self.save_data(system_id, ComponentTypes.SYSTEM,
self.get_json_message(monitor_data))
except Exception as err:
api_log.error(
"Error processing WebUIData monitor information: %s" %
str(err))
return False
return True
def start(self):
""" Starts the monitor activity
"""
try:
# Remove the previous monitor data.
self.remove_monitor_data()
monitor_data = {}
success, system_id = get_system_id_from_local()
if not success:
return False
# Now
now = int(time.time())
# Firstly, wizard data!
wizard_dict = {}
success, start_welcome_wizard, welcome_wizard_date = get_wizard_data()
if not success:
api_log.error("There was an error retrieving the wizard data")
wizard_shown = True
if start_welcome_wizard == 2:
# if difference between now and welcome_wizard_date is less
# than a week, display message
if (now - welcome_wizard_date) < 420:
wizard_shown = False
wizard_dict['wizard_shown'] = wizard_shown
monitor_data[self.__WEB_MESSAGES['MESSAGE_WIZARD_SHOWN']] = wizard_dict
# Time to look for orphan sensors
orphan_sensors_dict = {}
success, message = check_any_orphan_sensor()
orphan_sensors = False
if not success:
api_log.error(message)
orphan_sensors = True
orphan_sensors_dict['orphan_sensors'] = orphan_sensors
monitor_data[self.__WEB_MESSAGES['MESSAGE_SENSOR_NOT_INSERTED']] = orphan_sensors_dict
# Has the trial version expired?
success, expires, message = get_trial_expiration_date()
trial_expired = False
trial_expires_7days = False
trial_expires_2days = False
if not success:
rc, pro = system_is_professional()
if rc:
if pro:
# OK, we have an error here
api_log.error(message)
else:
pass
else:
# expire=9999-12-31
expiration_date = expires.split('=')[1]
if expiration_date:
mktime_expression = datetime.datetime.strptime(expiration_date,
"%Y-%m-%d").timetuple()
expires = int(time.mktime(mktime_expression))
one_week_left = now - 604800
two_days_left = now - 172800
if expires < one_week_left:
trial_expires_7days = True
elif expires < two_days_left:
trial_expires_2days = True
elif expires < now:
trial_expired = True
else:
pass
else:
if os.path.isfile("/etc/ossim/ossim.lic"):
api_log.warning("Valid license but no web admin user found!")
else:
api_log.debug("Expiration date can't be determined: License file not found")
monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRED"]] = {'trial_checked': success,
'trial_expired': trial_expired}
monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_7DAYS"]] = {'trial_checked': success,
'trial_expired': trial_expires_7days}
monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_2DAYS"]] = {'trial_checked': success,
'trial_expired': trial_expires_2days}
# Check max number of assets
assets = len(get_asset_list())
contracted_devices = get_license_devices()
over_assets = False
exceeding_assets = 0
#if assets > contracted_devices:
# exceeding_assets = assets - contracted_devices
# over_assets = True
monitor_data[self.__WEB_MESSAGES["MESSAGE_LICENSE_VIOLATION"]] = {'over_assets': over_assets,
'exceeding_assets': exceeding_assets}
# OTX contribution
otx_enabled = apimethod_is_otx_enabled()
monitor_data[self.__WEB_MESSAGES["MESSAGE_OTX_CONNECTION"]] = {'otx_enabled': otx_enabled}
# Backup in progress?
success, running, message = check_backup_process_running()
if not success:
api_log.error(message)
monitor_data[self.__WEB_MESSAGES["MESSAGE_BACKUP_RUNNING"]] = {'backup_check': success,
'backup_running': running}
# Save monitor data
self.save_data(system_id,
ComponentTypes.SYSTEM,
self.get_json_message(monitor_data))
except Exception as err:
api_log.error("Error processing WebUIData monitor information: %s" % str(err))
return False
return True
