def is_local(system_id):
if system_id.lower() == 'local':
return True
success, local_system_id = get_system_id_from_local()
return success and get_hex_string_from_uuid(
local_system_id) == get_hex_string_from_uuid(system_id)
def get_hids_agents_by_asset(asset_id, sensor_id=None):
""" Get HIDS agents by asset
Args:
asset_id(str): Asset ID
sensor_id(str): Sensor ID
Returns:
Dictionary with HIDS agents related to asset in the database
Raises:
APICannotGetHIDSAgentByAsset
APICannotResolveAssetID
"""
hids_agents = {}
if asset_id is None:
api_log.error(
"[get_hids_agents_by_asset]: Asset ID could not be empty")
raise APICannotResolveAssetID(asset_id)
query = "SELECT HEX(ha.sensor_id) AS sensor_id, ha.agent_id, ha.agent_name, ha.agent_ip, " \
"ha.agent_status, HEX(ha.host_id) AS host_id " \
"FROM hids_agents ha WHERE ha.host_id = UNHEX('{0}')".format(get_hex_string_from_uuid(asset_id))
if sensor_id is not None:
query = query + " AND ha.sensor_id = UNHEX('{0}')".format(
get_hex_string_from_uuid(sensor_id))
try:
ha_list = db.session.connection(mapper=Hids_Agents).execute(query)
for hids_agent in ha_list:
ha_id = hids_agent.agent_id
ha_name = hids_agent.agent_name
ha_ip = hids_agent.agent_ip
ha_status = hids_agent.agent_status
ha_sensor_id = hids_agent.sensor_id
ha_host_id = hids_agent.host_id if hids_agent.host_id is not None else ''
ha_key = ha_sensor_id + '#' + ha_id
hids_agents[ha_key] = {
'id': ha_id,
'name': ha_name,
'ip_cidr': ha_ip,
'status': {
'id': ha_status,
'descr':
Hids_Agents.get_status_string_from_integer(ha_status)
},
'sensor_id': ha_sensor_id,
'host_id': ha_host_id
}
except Exception as msg:
api_log.error("[get_hids_agents_by_asset]: %s" % str(msg))
raise APICannotGetHIDSAgentByAsset(asset_id)
return hids_agents
def get_hids_agents_by_asset(asset_id, sensor_id=None):
""" Get HIDS agents by asset
Args:
asset_id(str): Asset ID
sensor_id(str): Sensor ID
Returns:
Dictionary with HIDS agents related to asset in the database
Raises:
APICannotGetHIDSAgentByAsset
APICannotResolveAssetID
"""
hids_agents = {}
if asset_id is None:
api_log.error("[get_hids_agents_by_asset]: Asset ID could not be empty")
raise APICannotResolveAssetID(asset_id)
query = "SELECT HEX(ha.sensor_id) AS sensor_id, ha.agent_id, ha.agent_name, ha.agent_ip, " \
"ha.agent_status, HEX(ha.host_id) AS host_id " \
"FROM hids_agents ha WHERE ha.host_id = UNHEX('{0}')".format(get_hex_string_from_uuid(asset_id))
if sensor_id is not None:
query = query + " AND ha.sensor_id = UNHEX('{0}')".format(get_hex_string_from_uuid(sensor_id))
try:
ha_list = db.session.connection(mapper=Hids_Agents).execute(query)
for hids_agent in ha_list:
ha_id = hids_agent.agent_id
ha_name = hids_agent.agent_name
ha_ip = hids_agent.agent_ip
ha_status = hids_agent.agent_status
ha_sensor_id = hids_agent.sensor_id
ha_host_id = hids_agent.host_id if hids_agent.host_id is not None else ''
ha_key = ha_sensor_id + '#' + ha_id
hids_agents[ha_key] = {
'id': ha_id,
'name': ha_name,
'ip_cidr': ha_ip,
'status': {
'id': ha_status,
'descr': Hids_Agents.get_status_string_from_integer(ha_status)
},
'sensor_id': ha_sensor_id,
'host_id': ha_host_id
}
except Exception as msg:
api_log.error("[get_hids_agents_by_asset]: %s" % str(msg))
raise APICannotGetHIDSAgentByAsset(asset_id)
return hids_agents
def ans_add_server_hierarchy(system_ip, parent_id, child_id):
"""
Add server_hierarchy entry on system_ip
"""
hex_parent_id = None
hex_child_id = None
try:
hex_parent_id = get_hex_string_from_uuid(parent_id)
hex_child_id = get_hex_string_from_uuid(child_id)
except Exception, msg:
api_log.error(str(msg))
return False, "[ans_add_server_hierarchy] Bad params: %s" % str(msg)
def ans_add_server_hierarchy(system_ip, parent_id, child_id):
"""
Add server_hierarchy entry on system_ip
"""
hex_parent_id = None
hex_child_id = None
try:
hex_parent_id = get_hex_string_from_uuid(parent_id)
hex_child_id = get_hex_string_from_uuid(child_id)
except Exception, msg:
api_log.error(str(msg))
return False, "[ans_add_server_hierarchy] Bad params: %s" % str(msg)
def update_host_net_reference(hostid=None):
"""
Update host_net_reference table with hosts data.
Modified to only update host provided. This query locks the asset db,
if you have a large number of assets this can cause issues when adding hosts.
Will default to previous behavior if no host is passed.
"""
# Original Query
query = ("REPLACE INTO host_net_reference "
"SELECT host.id, net_id FROM host, host_ip, net_cidrs "
"WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end")
# Check if hostid is passed and valid, if yes modify original query
if hostid is not None and is_valid_uuid(hostid):
query += " AND host.id = unhex(\'%s\')" % get_hex_string_from_uuid(hostid)
try:
db.session.begin()
db.session.connection(mapper=Host_Net_Reference).execute(query)
db.session.commit()
except Exception as err_detail:
db.session.rollback()
api_log.error("There was a problem while updating host net reference: %s" % str(err_detail))
return False
return True
def update_host_net_reference(hostid=None):
"""
Update host_net_reference table with hosts data.
Modified to only update host provided. This query locks the asset db,
if you have a large number of assets this can cause issues when adding hosts.
Will default to previous behavior if no host is passed.
"""
# Original Query
query = (
"REPLACE INTO host_net_reference "
"SELECT host.id, net_id FROM host, host_ip, net_cidrs "
"WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end"
)
# Check if hostid is passed and valid, if yes modify original query
if hostid is not None and is_valid_uuid(hostid):
query += " AND host.id = unhex(\'%s\')" % get_hex_string_from_uuid(
hostid)
try:
db.session.begin()
db.session.connection(mapper=Host_Net_Reference).execute(query)
db.session.commit()
except Exception as err_detail:
db.session.rollback()
api_log.error(
"There was a problem while updating host net reference: %s" %
str(err_detail))
return False
return True
def delete_orphan_hids_agents(agent_list, sensor_id):
""" Delete orphan HIDS agents
Args:
agent_list(list): List of active HIDS agents
sensor_id(str): Sensor ID
Raises:
APICannotResolveSensorID
APICannotDeleteHIDSAgentList
"""
if sensor_id is None:
api_log.error(
"[delete_orphan_hids_agents]: Sensor ID could not be empty")
raise APICannotResolveSensorID(sensor_id)
try:
if agent_list:
q_agent_list = "'" + "','".join(agent_list) + "'"
sensor_id_hex = get_hex_string_from_uuid(sensor_id)
query = "DELETE FROM hids_agents WHERE sensor_id = UNHEX('{0}') " \
"AND agent_id NOT IN ({1})".format(sensor_id_hex, q_agent_list)
db.sesion.begin()
db.session.connection(mapper=Hids_Agents).execute(query)
db.session.commit()
except Exception as msg:
db.session.rollback()
api_log.error("[delete_orphan_hids_agents]: %s" % str(msg))
raise APICannotDeleteHIDSAgentList(agent_list, sensor_id)
def delete_orphan_hids_agents(agent_list, sensor_id):
""" Delete orphan HIDS agents
Args:
agent_list(list): List of active HIDS agents
sensor_id(str): Sensor ID
Raises:
APICannotResolveSensorID
APICannotDeleteHIDSAgentList
"""
if sensor_id is None:
api_log.error("[delete_orphan_hids_agents]: Sensor ID could not be empty")
raise APICannotResolveSensorID(sensor_id)
try:
if agent_list:
q_agent_list = "'" + "','".join(agent_list) + "'"
sensor_id_hex = get_hex_string_from_uuid(sensor_id)
query = "DELETE FROM hids_agents WHERE sensor_id = UNHEX('{0}') " \
"AND agent_id NOT IN ({1})".format(sensor_id_hex, q_agent_list)
db.session.connection(mapper=Hids_Agents).execute(query)
except Exception as msg:
api_log.error("[delete_orphan_hids_agents]: %s" % str(msg))
raise APICannotDeleteHIDSAgentList(agent_list, sensor_id)
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
return success, "Error: Can not retrieve the local system id. %s" %str(local_system_id)
if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id):
return False, "Error: You're trying to remove the local system, which it's not allowed"
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
return success, "Error retrieving the system ip for the system id %s -> %s" % (system_ip, str(system_ip))
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
return success, "Error while removing the system from the database: %s" % str(msg)
# 2 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return success, "Error while removing the remote certificates: %s" % str(msg)
# 3 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Error while getting the local ip: %s" % str(local_ip)
success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id)
if not success:
return success, "Error while removing the local certificates: %s" % str(msg)
# 4 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
return False, "An error occurred while removing the system from the ansible inventory file: %s" % str(aim_error)
# 5 - Try to connect to the child and remove the parent using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
return success, "Error while retrieving server_id from local: %s" % str(msg)
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
return success, "Error while deleting parent server in child: %s" % str(msg)
return True, ""
def get_hids_agent_by_sensor(sensor_id, agent_id):
""" Get HIDS agent by sensor
Args:
sensor_id(str): Sensor ID
agent_id(str): Agent ID
Returns:
Dictionary with the HIDS agent of the sensor in the database
Raises:
APICannotResolveSensorID
APIInvalidHIDSAgentID
APICannotGetHIDSAgents
"""
if sensor_id is None:
api_log.error("[get_hids_agent_by_sensor]: Sensor ID could not be empty")
raise APICannotResolveSensorID(sensor_id)
if agent_id is None:
api_log.error("[get_hids_agent_by_sensor]: Agent ID could not be empty")
raise APIInvalidHIDSAgentID(agent_id)
hids_agent = {}
try:
sensor_id_hex = get_hex_string_from_uuid(sensor_id)
query = "SELECT HEX(ha.sensor_id) AS sensor_id, ha.agent_id, ha.agent_name, ha.agent_ip, " \
"ha.agent_status, HEX(ha.host_id) AS host_id " \
"FROM hids_agents ha WHERE ha.sensor_id = UNHEX('{0}') AND ha.agent_id = '{1}' " \
"LIMIT 1".format(sensor_id_hex, agent_id)
ha_list = db.session.connection(mapper=Hids_Agents).execute(query).fetchall()
if ha_list:
ha_list = ha_list[0]
ha_id = ha_list.agent_id
ha_name = ha_list.agent_name
ha_ip = ha_list.agent_ip
ha_status = ha_list.agent_status
ha_host_id = ha_list.host_id if ha_list.host_id is not None else ''
hids_agent = {
'id': ha_id,
'name': ha_name,
'ip_cidr': ha_ip,
'status': {
'id': ha_status,
'descr': Hids_Agents.get_status_string_from_integer(ha_status)
},
'host_id': ha_host_id
}
except Exception as msg:
api_log.error("[get_hids_agent_by_sensor]: %s" % str(msg))
raise APICannotGetHIDSAgents(sensor_id)
return hids_agent
def ans_add_server(system_ip, server_id,
server_name, server_ip,
server_port, server_descr=''):
"""
Add server entry on system_ip
"""
hex_server_id = None
hex_server_ip = None
try:
hex_server_id = get_hex_string_from_uuid(server_id)
hex_server_ip = get_ip_hex_from_str(server_ip)
except Exception, msg:
api_log.error(str(msg))
return False, "[ans_add_server] Bad params: %s" % str(msg)
def ans_add_server(system_ip, server_id,
server_name, server_ip,
server_port, server_descr=''):
"""
Add server entry on system_ip
"""
hex_server_id = None
hex_server_ip = None
try:
hex_server_id = get_hex_string_from_uuid(server_id)
hex_server_ip = get_ip_hex_from_str(server_ip)
except Exception, msg:
api_log.error(str(msg))
return False, "[ans_add_server] Bad params: %s" % str(msg)
def get_hids_agents_by_sensor(sensor_id):
""" Get HIDS agents by sensor
Args:
sensor_id(str): Sensor ID
Returns:
Dictionary with HIDS agents of the sensor in the database
Raises:
APICannotResolveSensorID
APICannotGetHIDSAgents
"""
hids_agents = {}
if sensor_id is None:
api_log.error(
"[get_hids_agents_by_sensor]: Sensor ID could not be empty")
raise APICannotResolveSensorID(sensor_id)
try:
sensor_id_hex = get_hex_string_from_uuid(sensor_id)
query = "SELECT HEX(ha.sensor_id) AS sensor_id, ha.agent_id, ha.agent_name, ha.agent_ip, " \
"ha.agent_status, HEX(ha.host_id) AS host_id " \
"FROM hids_agents ha WHERE ha.sensor_id = UNHEX('{0}')".format(sensor_id_hex)
ha_list = db.session.connection(mapper=Hids_Agents).execute(query)
for hids_agent in ha_list:
ha_id = hids_agent.agent_id
ha_name = hids_agent.agent_name
ha_ip = hids_agent.agent_ip
ha_status = hids_agent.agent_status
ha_host_id = hids_agent.host_id if hids_agent.host_id is not None else ''
hids_agents[ha_id] = {
'id': ha_id,
'name': ha_name,
'ip_cidr': ha_ip,
'status': {
'id': ha_status,
'descr':
Hids_Agents.get_status_string_from_integer(ha_status)
},
'host_id': ha_host_id
}
except Exception as msg:
api_log.error("[get_hids_agents_by_sensor]: %s" % str(msg))
raise APICannotGetHIDSAgents(sensor_id)
return hids_agents
def get_name_by_host_id(host_id):
"""
Returns an asset name given an asset ID
"""
host_name = ''
try:
host_id_hex = get_hex_string_from_uuid(host_id)
query = "SELECT hostname FROM host WHERE id = UNHEX('{0}')".format(host_id_hex)
host_data = db.session.connection(mapper=Host).execute(query).first()
if host_data:
host_name = host_data.hostname
except Exception as msg:
api_log.error("[get_name_by_host_id] {0}".format(msg))
raise APICannotGetAssetName(host_id)
return host_name
def make_tunnel_with_vpn(system_ip, password):
"""Build the VPN tunnel with the given node"""
if not is_valid_ipv4(system_ip):
return False, "Invalid system ip: %s" % str(system_ip)
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Error while retrieving " + \
"server_id from local: %s" % str(own_server_id)
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Cannot retrieve the local ip <%s>" % str(local_ip)
success, data = ansible_make_tunnel_with_vpn(
system_ip=system_ip,
local_server_id=get_hex_string_from_uuid(own_server_id),
password=password)
if not success:
return success, data
print "Set VPN IP on the system table"
new_node_vpn_ip = data['client_end_point1']
if new_node_vpn_ip is None:
return False, "Cannot retrieve the new node VPN IP"
print "New Node VPN IP %s" % new_node_vpn_ip
success, data = get_system_id_from_system_ip(system_ip)
if success: # If the system is not on the system table is doesn't matter
success, data = set_system_vpn_ip(data, new_node_vpn_ip)
if not success:
return False, "Cannot set the new node vpn ip on the system table"
flush_cache(namespace="support_tunnel")
# Restart frameworkd
print "Restarting ossim-framework"
success, data = ansible_restart_frameworkd(system_ip=local_ip)
if not success:
print "Restarting %s ossim-framework failed (%s)" % (local_ip, data)
return True, "VPN node successfully connected."
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Cannot retrieve the " + \
"local system id. %s" % str(local_system_id)
return success, error_msg
if system_id == 'local' or get_hex_string_from_uuid(
local_system_id) == get_hex_string_from_uuid(system_id):
error_msg = "You're trying to remove the local system, " + \
"which it's not allowed"
return False, error_msg
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "Cannot retrieve the system ip " + \
"for the given system-id %s" % (str(system_ip))
return success, error_msg
# Check whether the remote system is reachable or not:
try:
remote_system_is_reachable = ping_system(system_id, no_cache=True)
except APIException:
remote_system_is_reachable = False
# We need to take the sensor_id from the database before removing it from the db
(success_f, sensor_id) = get_sensor_id_from_system_id(system_id)
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
error_msg = "Cannot remove the system " + \
"from the database <%s>" % str(msg)
return success, error_msg
# 2 - Remove the firewall rules.
if success_f:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-sensor")
if not trigger_success:
api_log.error(msg)
else:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-server")
if not trigger_success:
api_log.error(msg)
# 3 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return (success,
# "Error while removing the remote certificates: %s" % str(msg))
# 4 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "Cannot retrieve the local ip " + \
"<%s>" % str(local_ip)
return success, error_msg
#Remove remote system certificates on the local system
success, msg = ansible_remove_certificates(system_ip=local_ip,
system_id_to_remove=system_id)
if not success:
return success, "Cannot remove the local certificates <%s>" % str(msg)
# 5 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
error_msg = "Cannot remove the system from the " + \
"ansible inventory file " + \
"<%s>" % str(aim_error)
return False, error_msg
# 6 - Try to connect to the child and remove the parent
# using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Cannot retrieve the server-id " + \
"from local <%s>" % str(msg)
return success, error_msg
if remote_system_is_reachable:
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
error_msg = "Cannot delete parent server in child <%s>" % str(msg)
return success, error_msg
return True, ""
msg = "The remote system is not reachable. " + \
"We had not been able to remove the parent configuration"
return True, msg
def make_tunnel_with_vpn(system_ip,password):
"""Build the VPN tunnel with the given node"""
if not is_valid_ipv4(system_ip):
return False, "Invalid system ip: %s" % str(system_ip)
success, own_server_id = get_server_id_from_local()
if not success:
return success, "Error while retrieving server_id from local: %s" % str(own_server_id)
success, data = ansible_make_tunnel_with_vpn(system_ip=system_ip, local_server_id= get_hex_string_from_uuid(own_server_id), password=password)
if not success:
return success, data
print "Set VPN IP on the system table"
new_node_vpn_ip = data['client_end_point1']
if new_node_vpn_ip is None:
return False, "Cannot retrieve the new node VPN IP"
print "New Node VPN IP %s" % new_node_vpn_ip
success, data = get_system_id_from_system_ip(system_ip)
if success:# If the system is not on the system table is doesn't matter
success, data = set_system_vpn_ip(data, new_node_vpn_ip)
if not success:
return False, "Cannot set the new node vpn ip on the system table"
flush_cache(namespace="system")
return True, "VPN node successfully connected."
