def run(self): total = 0 passed = 0 json_msg = {'plugin': self.__name, 'checks': {}} if self.__raw: json_msg['source'] = self.__data[-(self.__raw_limit * 1024):] if self.__verbose > 0: Output.emphasized( '\nRunning checks for plugin "%s"...' % self.__name, [self.__name]) for check in self.__checks: total += 1 result, msg = check.run() if not result: if self.__verbose == 2: Output.error('Check "%s" failed: %s!' % (check.get_name(), msg)) elif self.__verbose == 1: Output.error('Check "%s" failed!' % check.get_name()) json_msg['checks'][check.get_name()] = { 'result': False, 'severity': check.get_severity(), 'warning': check.get_warning(), 'advice': check.get_advice() } # Exit the loop if one check has failed. if self.__cutoff: break else: if self.__verbose > 0: Output.info('Check "%s" passed!' % check.get_name()) json_msg['checks'][check.get_name()] = {'result': True} passed += 1 if self.__verbose > 0: if passed == total: Output.info('All tests passed') else: Output.info('%d out of %d tests passed' % (passed, total)) return (json_msg)
def run (self): total = 0 passed = 0 json_msg = {'plugin': self.__name, 'checks': {}} if self.__raw: json_msg['source'] = self.__data[-(self.__raw_limit * 1024):] if self.__verbose > 0: Output.emphasized ('\nRunning checks for plugin "%s"...' % self.__name, [self.__name]) for check in self.__checks: total += 1 result, msg = check.run() if not result: if self.__verbose == 2: Output.error ('Check "%s" failed: %s!' % (check.get_name(), msg)) elif self.__verbose == 1: Output.error ('Check "%s" failed!' % check.get_name()) json_msg['checks'][check.get_name()] = {'result': False, 'severity': check.get_severity(), 'warning': check.get_warning(), 'advice': check.get_advice()} # Exit the loop if one check has failed. if self.__cutoff: break else: if self.__verbose > 0: Output.info ('Check "%s" passed!' % check.get_name()) json_msg['checks'][check.get_name()] = {'result': True} passed += 1 if self.__verbose > 0: if passed == total: Output.info ('All tests passed') else: Output.info ('%d out of %d tests passed' % (passed, total)) return (json_msg)
def run(self): total = 0 passed = 0 json_msg = {'id': self.__id, 'name': self.__name, 'description': self.__description, 'checks': {}, } if self.__strike_zone: json_msg['strike_zone'] = True if self.__raw: json_msg['source'] = unicode(self.__data[-(self.__raw_limit * 1024):], errors='replace') for check in self.__checks: total += 1 result = False msg = '' if self.__check_force_true: result = True else: result, msg, fo = check.run() fo = fo.lstrip().split('\n\t')[-1] # Prepare 'command' field aux_command = '' if self.__type == "file": aux_command = "cat %s" % self.__filename elif self.__type == "command": aux_command = self.__command elif self.__type == "db": aux_command = "echo '%s' | ossim-db" % check.get_query() if not result: if self.__verbose >= 2: Output.error("Check '%s' failed: %s" % (check.get_name(), msg)) elif self.__verbose == 1: Output.error("Check '%s' failed" % check.get_name()) if self.__alienvault_config['has_ha'] and check.get_ha_dependant(): json_msg['checks'][check.get_name()] = {'result': 'passed', 'severity': check.get_severity(), 'description': check.get_description(), 'summary': 'HA configuration detected. Invalid issue: %s. Disregard this check' % check.get_summary_failed(), 'remediation': check.get_remediation(), 'detail': fo.lstrip().replace('\n\t', ';'), 'debug_detail': msg.lstrip().replace('\n\t', ';'), 'pattern': str(check.get_pattern()), 'command': aux_command, 'output': check.get_output(), 'strike_zone': True} elif check.get_severity() != 'Info': json_msg['checks'][check.get_name()] = {'result': 'failed', 'severity': check.get_severity(), 'description': check.get_description(), 'summary': check.get_summary_failed(), 'remediation': check.get_remediation(), 'detail': fo.lstrip().replace('\n\t', ';'), 'debug_detail': msg.lstrip().replace('\n\t', ';'), 'pattern': check.get_pattern(), 'command': aux_command, 'output': check.get_output()} # If current check affects to strike_zone, set 'strike_zone' param to 'False' json_msg['checks'][check.get_name()]['strike_zone'] = False if check.get_strike_zone() else True else: json_msg['checks'][check.get_name()] = {'result': 'passed', 'severity': check.get_severity(), 'description': check.get_description(), 'summary': check.get_summary_failed(), 'remediation': check.get_remediation(), 'detail': fo.lstrip().replace('\n\t', ';'), 'debug_detail': msg.lstrip().replace('\n\t', ';'), 'pattern': check.get_pattern(), 'command': aux_command, 'output': check.get_output(), 'strike_zone': True} if json_msg['checks'][check.get_name()]['result'] == 'failed': self.__result &= False # Evaluate strike zone. We have to take in mind: # 1. If the current plugin affects to the strike zone # 2. If the check analysed affects to the strike zone # 3. If this is an info check if self.__strike_zone: if check.get_strike_zone(): if check.get_severity() != 'Info': json_msg['strike_zone'] = False # Exit the loop if one check has failed. if self.__cutoff: break else: if self.__verbose > 0: Output.info('Check "%s" passed' % check.get_name()) if check.get_severity() != 'Debug': json_msg['checks'][check.get_name()] = {'result': 'passed', 'severity': check.get_severity(), 'description': check.get_description(), 'summary': check.get_summary_passed(), 'pattern': str(check.get_pattern()), 'command': aux_command, 'output': check.get_output(), 'strike_zone': True} else: json_msg['checks'][check.get_name()] = {'result': 'passed', 'severity': check.get_severity(), 'description': check.get_description(), 'summary': fo.lstrip().replace('\n\t', ';'), 'pattern': str(check.get_pattern()), 'command': aux_command, 'output': check.get_output(), 'strike_zone': True} passed += 1 json_msg['result'] = self.get_result() if self.__verbose > 0: if passed == total: Output.emphasized('\nAll checks passed for plugin "%s".' % self.__name, [self.__name]) else: Output.emphasized('\n%d out of %d checks passed for plugin "%s".' % (passed, total, self.__name), [self.__name]) return (json_msg)
def __init__(self, filename, config_file, alienvault_config, severity_list, appliance_type_list, ignore_dummy_platform, verbose, raw): # Common properties. self.__config_file = None self.__sections = [] self.__alienvault_config = {} self.__severity_list = [] self.__appliance_type_list = [] self.__ignore_dummy_platform = False self.__verbose = 0 self.__raw = False self.__name = '' self.__id = '' self.__description = '' self.__type = '' self.__exclude = '' self.__category = [] self.__requires = [] self.__profiles = [] self.__cutoff = False self.__strike_zone = False self.__raw_limit = 0 self.__result = True # 'file' type properties. self.__filename = '' self.__file_must_exist = False self.__check_force_true = False # 'command' type properties. self.__command = '' # Shared properties for 'file' and 'command' types. self.__data = '' self.__data_len = '' # 'db' type properties. self.__host = '' self.__user = '' self.__password = '' self.__database = '' self.__db_conn = None self.__db_cursor = None # Plugin defined checks. self.__checks = [] self.__config_file = config_file self.__alienvault_config = alienvault_config self.__severity_list = severity_list self.__appliance_type_list = appliance_type_list self.__ignore_dummy_platform = ignore_dummy_platform self.__verbose = verbose self.__raw = raw # try: # # Parse the plugin configuration file. # self.__config_file = PluginConfigParser() # self.__config_file.read(filename) # except PluginConfigParserError: # raise # except Exception as e: # raise PluginError('Cannot parse plugin file "%s": %s' % (filename, str(e)), filename) try: # Parse 'check' sections. self.__sections = self.__config_file.sections() self.__name = self.__config_file.get('properties', 'name') self.__id = self.__config_file.get('properties', 'id') self.__description = self.__config_file.get('properties', 'description') self.__type = self.__config_file.get('properties', 'type') self.__category = self.__config_file.get('properties', 'category').split(',') plugin_data = {'id': self.__id if self.__id else '', 'type': self.__type if self.__type else '', 'description': self.__description if self.__description else ''} if self.__verbose > 0: Output.emphasized('\nRunning plugin "%s"...\n' % self.__name, [self.__name]) if self.__config_file.has_option('properties', 'requires'): self.__requires = self.__config_file.get('properties', 'requires').split(';') self.__check_requirements__() # Check for the 'cutoff' option if self.__config_file.has_option('properties', 'cutoff'): self.__cutoff = self.__config_file.getboolean('properties', 'cutoff') # Check for the 'strike_zone' option if self.__config_file.has_option('properties', 'affects_strike_zone'): self.__strike_zone = self.__config_file.getboolean('properties', 'affects_strike_zone') # Check for the 'file_must_exist' option if self.__config_file.has_option('properties', 'file_must_exist'): self.__file_must_exist = self.__config_file.getboolean('properties', 'file_must_exist') # Check for the 'exclude' option if self.__config_file.has_option('properties', 'exclude'): self.__exclude = self.__config_file.get('properties', 'exclude').split(',') for excluding_profile in self.__exclude: excluding_profile = excluding_profile.strip() if excluding_profile in self.__alienvault_config['hw_profile']: raise PluginError(msg='Plugin cannot be executed in %s' % self.__alienvault_config['hw_profile'], plugin=self.__name, plugin_data=plugin_data) # Check for the 'limit' option (in kbytes), used in combination with the raw data output. '0' means no limit. if self.__raw and self.__config_file.has_option('properties', 'raw_limit'): self.__raw_limit = self.__config_file.getint('properties', 'raw_limit') # Check for profile & version where this plugin is relevant. if self.__config_file.has_option('properties', 'profiles'): profiles_versions = self.__config_file.get('properties', 'profiles') self.__profiles = [(x.partition(':')[0], x.partition(':')[2]) for x in profiles_versions.split(';')] for (profile, version) in self.__profiles: if profile == '' or version == '': raise PluginError(msg='Empty profile or version in "profiles" field', plugin=self.__name, plugin_data=plugin_data) if profile not in self.__alienvault_config['sw_profile'] and \ profile != self.__alienvault_config['hw_profile']: raise PluginError(msg='Profile "%s" does not match installed profiles' % profile, plugin=self.__name, plugin_data=plugin_data) if version.startswith('>'): ret = LooseVersion(self.__alienvault_config['version']) > LooseVersion(version[1:]) elif version.startswith('<'): ret = LooseVersion(self.__alienvault_config['version']) < LooseVersion(version[1:]) elif version.startswith('=='): ret = LooseVersion(self.__alienvault_config['version']) == LooseVersion(version[2:]) elif version.startswith('!='): ret = LooseVersion(self.__alienvault_config['version']) != LooseVersion(version[2:]) else: raise PluginError(msg='Profile "%s" version does not match installed profiles' % profile, plugin=self.__name, plugin_data=plugin_data) # Ugly... if self.__type == 'file': self.__init_file__() elif self.__type == 'command': self.__init_command__() elif self.__type == 'db': self.__init_db__() elif self.__type == 'hardware': pass else: raise PluginError(msg='Unknown type', plugin=self.__name, plugin_data=plugin_data) # Parse 'check' sections. sections = self.__config_file.sections() for section in sections: if section != 'properties': check = Check(self, section) needs_deletion = False if not check.check_appliance_type(self.__alienvault_config['hw_profile'], self.__appliance_type_list, self.__ignore_dummy_platform): Output.warning("\nCheck %s is not meant to be run in %s" % (section, self.__alienvault_config['hw_profile'])) needs_deletion = True elif not check.check_version(self.__alienvault_config['version']): Output.warning("\nCheck %s cannot be run in version %s" % (section, self.__alienvault_config['version'])) needs_deletion = True elif not check.check_version_type(): Output.warning("\nCheck %s is not meant to be run in a %s license" % (section, self.__alienvault_config['versiontype'])) needs_deletion = True if not needs_deletion: self.__checks.append(check) else: del check except PluginError: raise except PluginConfigParserError: raise except CheckError as e: plugin_data = {'id': self.__id if self.__id else '', 'type': self.__type if self.__type else '', 'description': self.__description if self.__description else ''} raise PluginError(msg=e.msg, plugin=e.plugin, plugin_data=plugin_data) except Exception as e: raise PluginError(msg='%s' % str(e), plugin=filename, plugin_data={})
def run(self): total = 0 passed = 0 json_msg = { 'id': self.__id, 'name': self.__name, 'description': self.__description, 'checks': {}, } if self.__strike_zone: json_msg['strike_zone'] = True if self.__raw: json_msg['source'] = unicode( self.__data[-(self.__raw_limit * 1024):], errors='replace') for check in self.__checks: total += 1 result = False msg = '' if self.__check_force_true: result = True else: result, msg, fo = check.run() fo = fo.lstrip().split('\n\t')[-1] # Prepare 'command' field aux_command = '' if self.__type == "file": aux_command = "cat %s" % self.__filename elif self.__type == "command": aux_command = self.__command elif self.__type == "db": aux_command = "echo '%s' | ossim-db" % check.get_query() if not result: if self.__verbose >= 2: Output.error("Check '%s' failed: %s" % (check.get_name(), msg)) elif self.__verbose == 1: Output.error("Check '%s' failed" % check.get_name()) if self.__alienvault_config[ 'has_ha'] and check.get_ha_dependant(): json_msg['checks'][check.get_name()] = { 'result': 'passed', 'severity': check.get_severity(), 'description': check.get_description(), 'summary': 'HA configuration detected. Invalid issue: %s. Disregard this check' % check.get_summary_failed(), 'remediation': check.get_remediation(), 'detail': fo.lstrip().replace('\n\t', ';'), 'debug_detail': msg.lstrip().replace('\n\t', ';'), 'pattern': str(check.get_pattern()), 'command': aux_command, 'output': check.get_output(), 'strike_zone': True } elif check.get_severity() != 'Info': json_msg['checks'][check.get_name()] = { 'result': 'failed', 'severity': check.get_severity(), 'description': check.get_description(), 'summary': check.get_summary_failed(), 'remediation': check.get_remediation(), 'detail': fo.lstrip().replace('\n\t', ';'), 'debug_detail': msg.lstrip().replace('\n\t', ';'), 'pattern': check.get_pattern(), 'command': aux_command, 'output': check.get_output(), 'strike_zone': False } else: json_msg['checks'][check.get_name()] = { 'result': 'passed', 'severity': check.get_severity(), 'description': check.get_description(), 'summary': check.get_summary_failed(), 'remediation': check.get_remediation(), 'detail': fo.lstrip().replace('\n\t', ';'), 'debug_detail': msg.lstrip().replace('\n\t', ';'), 'pattern': check.get_pattern(), 'command': aux_command, 'output': check.get_output(), 'strike_zone': True } if json_msg['checks'][check.get_name()]['result'] == 'failed': self.__result &= False # Evaluate strike zone. We have to take in mind: # 1. If the current plugin affects to the strike zone # 2. If the check analysed affects to the strike zone # 3. If this is an info check if self.__strike_zone: if check.get_strike_zone(): if check.get_severity() != 'Info': json_msg['strike_zone'] = False # Exit the loop if one check has failed. if self.__cutoff: break else: if self.__verbose > 0: Output.info('Check "%s" passed' % check.get_name()) if check.get_severity() != 'Debug': json_msg['checks'][check.get_name()] = { 'result': 'passed', 'severity': check.get_severity(), 'description': check.get_description(), 'summary': check.get_summary_passed(), 'pattern': str(check.get_pattern()), 'command': aux_command, 'output': check.get_output(), 'strike_zone': True } else: json_msg['checks'][check.get_name()] = { 'result': 'passed', 'severity': check.get_severity(), 'description': check.get_description(), 'summary': fo.lstrip().replace('\n\t', ';'), 'pattern': str(check.get_pattern()), 'command': aux_command, 'output': check.get_output(), 'strike_zone': True } passed += 1 json_msg['result'] = self.get_result() if self.__verbose > 0: if passed == total: Output.emphasized( '\nAll checks passed for plugin "%s".' % self.__name, [self.__name]) else: Output.emphasized( '\n%d out of %d checks passed for plugin "%s".' % (passed, total, self.__name), [self.__name]) return (json_msg)
def __init__(self, filename, config_file, alienvault_config, severity_list, appliance_type_list, verbose, raw): # Common properties. self.__config_file = None self.__sections = [] self.__alienvault_config = {} self.__severity_list = [] self.__appliance_type_list = [] self.__verbose = 0 self.__raw = False self.__name = '' self.__id = '' self.__description = '' self.__type = '' self.__exclude = '' self.__category = [] self.__requires = [] self.__profiles = [] self.__cutoff = False self.__strike_zone = False self.__raw_limit = 0 self.__result = True # 'file' type properties. self.__filename = '' self.__file_must_exist = False self.__check_force_true = False # 'command' type properties. self.__command = '' # Shared properties for 'file' and 'command' types. self.__data = '' self.__data_len = '' # 'db' type properties. self.__host = '' self.__user = '' self.__password = '' self.__database = '' self.__db_conn = None self.__db_cursor = None # Plugin defined checks. self.__checks = [] self.__config_file = config_file self.__alienvault_config = alienvault_config self.__severity_list = severity_list self.__appliance_type_list = appliance_type_list self.__verbose = verbose self.__raw = raw # try: # # Parse the plugin configuration file. # self.__config_file = PluginConfigParser() # self.__config_file.read(filename) # except PluginConfigParserError: # raise # except Exception as e: # raise PluginError('Cannot parse plugin file "%s": %s' % (filename, str(e)), filename) try: # Parse 'check' sections. self.__sections = self.__config_file.sections() self.__name = self.__config_file.get('properties', 'name') self.__id = self.__config_file.get('properties', 'id') self.__description = self.__config_file.get( 'properties', 'description') self.__type = self.__config_file.get('properties', 'type') self.__category = self.__config_file.get('properties', 'category').split(',') plugin_data = { 'id': self.__id if self.__id else '', 'type': self.__type if self.__type else '', 'description': self.__description if self.__description else '' } if self.__verbose > 0: Output.emphasized('\nRunning plugin "%s"...\n' % self.__name, [self.__name]) if self.__config_file.has_option('properties', 'requires'): self.__requires = self.__config_file.get( 'properties', 'requires').split(';') self.__check_requirements__() # Check for the 'cutoff' option if self.__config_file.has_option('properties', 'cutoff'): self.__cutoff = self.__config_file.getboolean( 'properties', 'cutoff') # Check for the 'strike_zone' option if self.__config_file.has_option('properties', 'strike_zone'): self.__strike_zone = self.__config_file.getboolean( 'properties', 'strike_zone') # Check for the 'file_must_exist' option if self.__config_file.has_option('properties', 'file_must_exist'): self.__file_must_exist = self.__config_file.getboolean( 'properties', 'file_must_exist') # Check for the 'exclude' option if self.__config_file.has_option('properties', 'exclude'): self.__exclude = self.__config_file.get( 'properties', 'exclude').split(',') for excluding_profile in self.__exclude: excluding_profile = excluding_profile.strip() if excluding_profile in self.__alienvault_config[ 'hw_profile']: raise PluginError( msg='Plugin cannot be executed in %s' % self.__alienvault_config['hw_profile'], plugin=self.__name, plugin_data=plugin_data) # Check for the 'limit' option (in kbytes), used in combination with the raw data output. '0' means no limit. if self.__raw and self.__config_file.has_option( 'properties', 'raw_limit'): self.__raw_limit = self.__config_file.getint( 'properties', 'raw_limit') # Check for profile & version where this plugin is relevant. if self.__config_file.has_option('properties', 'profiles'): profiles_versions = self.__config_file.get( 'properties', 'profiles') self.__profiles = [(x.partition(':')[0], x.partition(':')[2]) for x in profiles_versions.split(';')] for (profile, version) in self.__profiles: if profile == '' or version == '': raise PluginError( msg='Empty profile or version in "profiles" field', plugin=self.__name, plugin_data=plugin_data) if profile not in self.__alienvault_config['sw_profile'] and \ profile != self.__alienvault_config['hw_profile']: raise PluginError( msg='Profile "%s" does not match installed profiles' % profile, plugin=self.__name, plugin_data=plugin_data) if version.startswith('>'): ret = LooseVersion(self.__alienvault_config['version'] ) > LooseVersion(version[1:]) elif version.startswith('<'): ret = LooseVersion(self.__alienvault_config['version'] ) < LooseVersion(version[1:]) elif version.startswith('=='): ret = LooseVersion(self.__alienvault_config['version'] ) == LooseVersion(version[2:]) elif version.startswith('!='): ret = LooseVersion(self.__alienvault_config['version'] ) != LooseVersion(version[2:]) else: raise PluginError( msg= 'Profile "%s" version does not match installed profiles' % profile, plugin=self.__name, plugin_data=plugin_data) # Ugly... if self.__type == 'file': self.__init_file__() elif self.__type == 'command': self.__init_command__() elif self.__type == 'db': self.__init_db__() elif self.__type == 'hardware': pass else: raise PluginError(msg='Unknown type', plugin=self.__name, plugin_data=plugin_data) # Parse 'check' sections. sections = self.__config_file.sections() for section in sections: if section != 'properties': check = Check(self, section) needs_deletion = False if not check.check_appliance_type( self.__alienvault_config['hw_profile'], self.__appliance_type_list): Output.warning( "\nCheck %s is not meant to be run in %s" % (section, self.__alienvault_config['hw_profile'])) needs_deletion = True elif not check.check_version( self.__alienvault_config['version']): Output.warning( "\nCheck %s cannot be run in version %s" % (section, self.__alienvault_config['version'])) needs_deletion = True elif not check.check_version_type(): Output.warning( "\nCheck %s is not meant to be run in a %s license" % (section, self.__alienvault_config['versiontype'])) needs_deletion = True if not needs_deletion: self.__checks.append(check) else: del check except PluginError: raise except PluginConfigParserError: raise except CheckError as e: plugin_data = { 'id': self.__id if self.__id else '', 'type': self.__type if self.__type else '', 'description': self.__description if self.__description else '' } raise PluginError(msg=e.msg, plugin=e.plugin, plugin_data=plugin_data) except Exception as e: raise PluginError(msg='%s' % str(e), plugin=filename, plugin_data={})