def run(self):
total = 0
passed = 0
json_msg = {'plugin': self.__name, 'checks': {}}
if self.__raw:
json_msg['source'] = self.__data[-(self.__raw_limit * 1024):]
if self.__verbose > 0:
Output.emphasized(
'\nRunning checks for plugin "%s"...' % self.__name,
[self.__name])
for check in self.__checks:
total += 1
result, msg = check.run()
if not result:
if self.__verbose == 2:
Output.error('Check "%s" failed: %s!' %
(check.get_name(), msg))
elif self.__verbose == 1:
Output.error('Check "%s" failed!' % check.get_name())
json_msg['checks'][check.get_name()] = {
'result': False,
'severity': check.get_severity(),
'warning': check.get_warning(),
'advice': check.get_advice()
}
# Exit the loop if one check has failed.
if self.__cutoff:
break
else:
if self.__verbose > 0:
Output.info('Check "%s" passed!' % check.get_name())
json_msg['checks'][check.get_name()] = {'result': True}
passed += 1
if self.__verbose > 0:
if passed == total:
Output.info('All tests passed')
else:
Output.info('%d out of %d tests passed' % (passed, total))
return (json_msg)
def run (self):
total = 0
passed = 0
json_msg = {'plugin': self.__name, 'checks': {}}
if self.__raw:
json_msg['source'] = self.__data[-(self.__raw_limit * 1024):]
if self.__verbose > 0:
Output.emphasized ('\nRunning checks for plugin "%s"...' % self.__name, [self.__name])
for check in self.__checks:
total += 1
result, msg = check.run()
if not result:
if self.__verbose == 2:
Output.error ('Check "%s" failed: %s!' % (check.get_name(), msg))
elif self.__verbose == 1:
Output.error ('Check "%s" failed!' % check.get_name())
json_msg['checks'][check.get_name()] = {'result': False, 'severity': check.get_severity(), 'warning': check.get_warning(), 'advice': check.get_advice()}
# Exit the loop if one check has failed.
if self.__cutoff:
break
else:
if self.__verbose > 0:
Output.info ('Check "%s" passed!' % check.get_name())
json_msg['checks'][check.get_name()] = {'result': True}
passed += 1
if self.__verbose > 0:
if passed == total:
Output.info ('All tests passed')
else:
Output.info ('%d out of %d tests passed' % (passed, total))
return (json_msg)
def run(self):
total = 0
passed = 0
json_msg = {'id': self.__id,
'name': self.__name,
'description': self.__description,
'checks': {},
}
if self.__strike_zone:
json_msg['strike_zone'] = True
if self.__raw:
json_msg['source'] = unicode(self.__data[-(self.__raw_limit * 1024):], errors='replace')
for check in self.__checks:
total += 1
result = False
msg = ''
if self.__check_force_true:
result = True
else:
result, msg, fo = check.run()
fo = fo.lstrip().split('\n\t')[-1]
# Prepare 'command' field
aux_command = ''
if self.__type == "file":
aux_command = "cat %s" % self.__filename
elif self.__type == "command":
aux_command = self.__command
elif self.__type == "db":
aux_command = "echo '%s' | ossim-db" % check.get_query()
if not result:
if self.__verbose >= 2:
Output.error("Check '%s' failed: %s" % (check.get_name(), msg))
elif self.__verbose == 1:
Output.error("Check '%s' failed" % check.get_name())
if self.__alienvault_config['has_ha'] and check.get_ha_dependant():
json_msg['checks'][check.get_name()] = {'result': 'passed',
'severity': check.get_severity(),
'description': check.get_description(),
'summary': 'HA configuration detected. Invalid issue: %s. Disregard this check' % check.get_summary_failed(),
'remediation': check.get_remediation(),
'detail': fo.lstrip().replace('\n\t', ';'),
'debug_detail': msg.lstrip().replace('\n\t', ';'),
'pattern': str(check.get_pattern()),
'command': aux_command,
'output': check.get_output(),
'strike_zone': True}
elif check.get_severity() != 'Info':
json_msg['checks'][check.get_name()] = {'result': 'failed',
'severity': check.get_severity(),
'description': check.get_description(),
'summary': check.get_summary_failed(),
'remediation': check.get_remediation(),
'detail': fo.lstrip().replace('\n\t', ';'),
'debug_detail': msg.lstrip().replace('\n\t', ';'),
'pattern': check.get_pattern(),
'command': aux_command,
'output': check.get_output()}
# If current check affects to strike_zone, set 'strike_zone' param to 'False'
json_msg['checks'][check.get_name()]['strike_zone'] = False if check.get_strike_zone() else True
else:
json_msg['checks'][check.get_name()] = {'result': 'passed',
'severity': check.get_severity(),
'description': check.get_description(),
'summary': check.get_summary_failed(),
'remediation': check.get_remediation(),
'detail': fo.lstrip().replace('\n\t', ';'),
'debug_detail': msg.lstrip().replace('\n\t', ';'),
'pattern': check.get_pattern(),
'command': aux_command,
'output': check.get_output(),
'strike_zone': True}
if json_msg['checks'][check.get_name()]['result'] == 'failed':
self.__result &= False
# Evaluate strike zone. We have to take in mind:
# 1. If the current plugin affects to the strike zone
# 2. If the check analysed affects to the strike zone
# 3. If this is an info check
if self.__strike_zone:
if check.get_strike_zone():
if check.get_severity() != 'Info':
json_msg['strike_zone'] = False
# Exit the loop if one check has failed.
if self.__cutoff:
break
else:
if self.__verbose > 0:
Output.info('Check "%s" passed' % check.get_name())
if check.get_severity() != 'Debug':
json_msg['checks'][check.get_name()] = {'result': 'passed',
'severity': check.get_severity(),
'description': check.get_description(),
'summary': check.get_summary_passed(),
'pattern': str(check.get_pattern()),
'command': aux_command,
'output': check.get_output(),
'strike_zone': True}
else:
json_msg['checks'][check.get_name()] = {'result': 'passed',
'severity': check.get_severity(),
'description': check.get_description(),
'summary': fo.lstrip().replace('\n\t', ';'),
'pattern': str(check.get_pattern()),
'command': aux_command,
'output': check.get_output(),
'strike_zone': True}
passed += 1
json_msg['result'] = self.get_result()
if self.__verbose > 0:
if passed == total:
Output.emphasized('\nAll checks passed for plugin "%s".' % self.__name, [self.__name])
else:
Output.emphasized('\n%d out of %d checks passed for plugin "%s".' % (passed, total, self.__name), [self.__name])
return (json_msg)
def __init__(self, filename, config_file, alienvault_config, severity_list, appliance_type_list, ignore_dummy_platform, verbose, raw):
# Common properties.
self.__config_file = None
self.__sections = []
self.__alienvault_config = {}
self.__severity_list = []
self.__appliance_type_list = []
self.__ignore_dummy_platform = False
self.__verbose = 0
self.__raw = False
self.__name = ''
self.__id = ''
self.__description = ''
self.__type = ''
self.__exclude = ''
self.__category = []
self.__requires = []
self.__profiles = []
self.__cutoff = False
self.__strike_zone = False
self.__raw_limit = 0
self.__result = True
# 'file' type properties.
self.__filename = ''
self.__file_must_exist = False
self.__check_force_true = False
# 'command' type properties.
self.__command = ''
# Shared properties for 'file' and 'command' types.
self.__data = ''
self.__data_len = ''
# 'db' type properties.
self.__host = ''
self.__user = ''
self.__password = ''
self.__database = ''
self.__db_conn = None
self.__db_cursor = None
# Plugin defined checks.
self.__checks = []
self.__config_file = config_file
self.__alienvault_config = alienvault_config
self.__severity_list = severity_list
self.__appliance_type_list = appliance_type_list
self.__ignore_dummy_platform = ignore_dummy_platform
self.__verbose = verbose
self.__raw = raw
# try:
# # Parse the plugin configuration file.
# self.__config_file = PluginConfigParser()
# self.__config_file.read(filename)
# except PluginConfigParserError:
# raise
# except Exception as e:
# raise PluginError('Cannot parse plugin file "%s": %s' % (filename, str(e)), filename)
try:
# Parse 'check' sections.
self.__sections = self.__config_file.sections()
self.__name = self.__config_file.get('properties', 'name')
self.__id = self.__config_file.get('properties', 'id')
self.__description = self.__config_file.get('properties', 'description')
self.__type = self.__config_file.get('properties', 'type')
self.__category = self.__config_file.get('properties', 'category').split(',')
plugin_data = {'id': self.__id if self.__id else '',
'type': self.__type if self.__type else '',
'description': self.__description if self.__description else ''}
if self.__verbose > 0:
Output.emphasized('\nRunning plugin "%s"...\n' % self.__name, [self.__name])
if self.__config_file.has_option('properties', 'requires'):
self.__requires = self.__config_file.get('properties', 'requires').split(';')
self.__check_requirements__()
# Check for the 'cutoff' option
if self.__config_file.has_option('properties', 'cutoff'):
self.__cutoff = self.__config_file.getboolean('properties', 'cutoff')
# Check for the 'strike_zone' option
if self.__config_file.has_option('properties', 'affects_strike_zone'):
self.__strike_zone = self.__config_file.getboolean('properties', 'affects_strike_zone')
# Check for the 'file_must_exist' option
if self.__config_file.has_option('properties', 'file_must_exist'):
self.__file_must_exist = self.__config_file.getboolean('properties', 'file_must_exist')
# Check for the 'exclude' option
if self.__config_file.has_option('properties', 'exclude'):
self.__exclude = self.__config_file.get('properties', 'exclude').split(',')
for excluding_profile in self.__exclude:
excluding_profile = excluding_profile.strip()
if excluding_profile in self.__alienvault_config['hw_profile']:
raise PluginError(msg='Plugin cannot be executed in %s' % self.__alienvault_config['hw_profile'],
plugin=self.__name,
plugin_data=plugin_data)
# Check for the 'limit' option (in kbytes), used in combination with the raw data output. '0' means no limit.
if self.__raw and self.__config_file.has_option('properties', 'raw_limit'):
self.__raw_limit = self.__config_file.getint('properties', 'raw_limit')
# Check for profile & version where this plugin is relevant.
if self.__config_file.has_option('properties', 'profiles'):
profiles_versions = self.__config_file.get('properties', 'profiles')
self.__profiles = [(x.partition(':')[0], x.partition(':')[2]) for x in profiles_versions.split(';')]
for (profile, version) in self.__profiles:
if profile == '' or version == '':
raise PluginError(msg='Empty profile or version in "profiles" field',
plugin=self.__name,
plugin_data=plugin_data)
if profile not in self.__alienvault_config['sw_profile'] and \
profile != self.__alienvault_config['hw_profile']:
raise PluginError(msg='Profile "%s" does not match installed profiles' % profile,
plugin=self.__name,
plugin_data=plugin_data)
if version.startswith('>'):
ret = LooseVersion(self.__alienvault_config['version']) > LooseVersion(version[1:])
elif version.startswith('<'):
ret = LooseVersion(self.__alienvault_config['version']) < LooseVersion(version[1:])
elif version.startswith('=='):
ret = LooseVersion(self.__alienvault_config['version']) == LooseVersion(version[2:])
elif version.startswith('!='):
ret = LooseVersion(self.__alienvault_config['version']) != LooseVersion(version[2:])
else:
raise PluginError(msg='Profile "%s" version does not match installed profiles' % profile,
plugin=self.__name,
plugin_data=plugin_data)
# Ugly...
if self.__type == 'file':
self.__init_file__()
elif self.__type == 'command':
self.__init_command__()
elif self.__type == 'db':
self.__init_db__()
elif self.__type == 'hardware':
pass
else:
raise PluginError(msg='Unknown type',
plugin=self.__name,
plugin_data=plugin_data)
# Parse 'check' sections.
sections = self.__config_file.sections()
for section in sections:
if section != 'properties':
check = Check(self, section)
needs_deletion = False
if not check.check_appliance_type(self.__alienvault_config['hw_profile'],
self.__appliance_type_list,
self.__ignore_dummy_platform):
Output.warning("\nCheck %s is not meant to be run in %s" % (section,
self.__alienvault_config['hw_profile']))
needs_deletion = True
elif not check.check_version(self.__alienvault_config['version']):
Output.warning("\nCheck %s cannot be run in version %s" % (section,
self.__alienvault_config['version']))
needs_deletion = True
elif not check.check_version_type():
Output.warning("\nCheck %s is not meant to be run in a %s license" % (section,
self.__alienvault_config['versiontype']))
needs_deletion = True
if not needs_deletion:
self.__checks.append(check)
else:
del check
except PluginError:
raise
except PluginConfigParserError:
raise
except CheckError as e:
plugin_data = {'id': self.__id if self.__id else '',
'type': self.__type if self.__type else '',
'description': self.__description if self.__description else ''}
raise PluginError(msg=e.msg,
plugin=e.plugin,
plugin_data=plugin_data)
except Exception as e:
raise PluginError(msg='%s' % str(e),
plugin=filename,
plugin_data={})
def run(self):
total = 0
passed = 0
json_msg = {
'id': self.__id,
'name': self.__name,
'description': self.__description,
'checks': {},
}
if self.__strike_zone:
json_msg['strike_zone'] = True
if self.__raw:
json_msg['source'] = unicode(
self.__data[-(self.__raw_limit * 1024):], errors='replace')
for check in self.__checks:
total += 1
result = False
msg = ''
if self.__check_force_true:
result = True
else:
result, msg, fo = check.run()
fo = fo.lstrip().split('\n\t')[-1]
# Prepare 'command' field
aux_command = ''
if self.__type == "file":
aux_command = "cat %s" % self.__filename
elif self.__type == "command":
aux_command = self.__command
elif self.__type == "db":
aux_command = "echo '%s' | ossim-db" % check.get_query()
if not result:
if self.__verbose >= 2:
Output.error("Check '%s' failed: %s" %
(check.get_name(), msg))
elif self.__verbose == 1:
Output.error("Check '%s' failed" % check.get_name())
if self.__alienvault_config[
'has_ha'] and check.get_ha_dependant():
json_msg['checks'][check.get_name()] = {
'result':
'passed',
'severity':
check.get_severity(),
'description':
check.get_description(),
'summary':
'HA configuration detected. Invalid issue: %s. Disregard this check'
% check.get_summary_failed(),
'remediation':
check.get_remediation(),
'detail':
fo.lstrip().replace('\n\t', ';'),
'debug_detail':
msg.lstrip().replace('\n\t', ';'),
'pattern':
str(check.get_pattern()),
'command':
aux_command,
'output':
check.get_output(),
'strike_zone':
True
}
elif check.get_severity() != 'Info':
json_msg['checks'][check.get_name()] = {
'result': 'failed',
'severity': check.get_severity(),
'description': check.get_description(),
'summary': check.get_summary_failed(),
'remediation': check.get_remediation(),
'detail': fo.lstrip().replace('\n\t', ';'),
'debug_detail': msg.lstrip().replace('\n\t', ';'),
'pattern': check.get_pattern(),
'command': aux_command,
'output': check.get_output(),
'strike_zone': False
}
else:
json_msg['checks'][check.get_name()] = {
'result': 'passed',
'severity': check.get_severity(),
'description': check.get_description(),
'summary': check.get_summary_failed(),
'remediation': check.get_remediation(),
'detail': fo.lstrip().replace('\n\t', ';'),
'debug_detail': msg.lstrip().replace('\n\t', ';'),
'pattern': check.get_pattern(),
'command': aux_command,
'output': check.get_output(),
'strike_zone': True
}
if json_msg['checks'][check.get_name()]['result'] == 'failed':
self.__result &= False
# Evaluate strike zone. We have to take in mind:
# 1. If the current plugin affects to the strike zone
# 2. If the check analysed affects to the strike zone
# 3. If this is an info check
if self.__strike_zone:
if check.get_strike_zone():
if check.get_severity() != 'Info':
json_msg['strike_zone'] = False
# Exit the loop if one check has failed.
if self.__cutoff:
break
else:
if self.__verbose > 0:
Output.info('Check "%s" passed' % check.get_name())
if check.get_severity() != 'Debug':
json_msg['checks'][check.get_name()] = {
'result': 'passed',
'severity': check.get_severity(),
'description': check.get_description(),
'summary': check.get_summary_passed(),
'pattern': str(check.get_pattern()),
'command': aux_command,
'output': check.get_output(),
'strike_zone': True
}
else:
json_msg['checks'][check.get_name()] = {
'result': 'passed',
'severity': check.get_severity(),
'description': check.get_description(),
'summary': fo.lstrip().replace('\n\t', ';'),
'pattern': str(check.get_pattern()),
'command': aux_command,
'output': check.get_output(),
'strike_zone': True
}
passed += 1
json_msg['result'] = self.get_result()
if self.__verbose > 0:
if passed == total:
Output.emphasized(
'\nAll checks passed for plugin "%s".' % self.__name,
[self.__name])
else:
Output.emphasized(
'\n%d out of %d checks passed for plugin "%s".' %
(passed, total, self.__name), [self.__name])
return (json_msg)
def __init__(self, filename, config_file, alienvault_config, severity_list,
appliance_type_list, verbose, raw):
# Common properties.
self.__config_file = None
self.__sections = []
self.__alienvault_config = {}
self.__severity_list = []
self.__appliance_type_list = []
self.__verbose = 0
self.__raw = False
self.__name = ''
self.__id = ''
self.__description = ''
self.__type = ''
self.__exclude = ''
self.__category = []
self.__requires = []
self.__profiles = []
self.__cutoff = False
self.__strike_zone = False
self.__raw_limit = 0
self.__result = True
# 'file' type properties.
self.__filename = ''
self.__file_must_exist = False
self.__check_force_true = False
# 'command' type properties.
self.__command = ''
# Shared properties for 'file' and 'command' types.
self.__data = ''
self.__data_len = ''
# 'db' type properties.
self.__host = ''
self.__user = ''
self.__password = ''
self.__database = ''
self.__db_conn = None
self.__db_cursor = None
# Plugin defined checks.
self.__checks = []
self.__config_file = config_file
self.__alienvault_config = alienvault_config
self.__severity_list = severity_list
self.__appliance_type_list = appliance_type_list
self.__verbose = verbose
self.__raw = raw
# try:
# # Parse the plugin configuration file.
# self.__config_file = PluginConfigParser()
# self.__config_file.read(filename)
# except PluginConfigParserError:
# raise
# except Exception as e:
# raise PluginError('Cannot parse plugin file "%s": %s' % (filename, str(e)), filename)
try:
# Parse 'check' sections.
self.__sections = self.__config_file.sections()
self.__name = self.__config_file.get('properties', 'name')
self.__id = self.__config_file.get('properties', 'id')
self.__description = self.__config_file.get(
'properties', 'description')
self.__type = self.__config_file.get('properties', 'type')
self.__category = self.__config_file.get('properties',
'category').split(',')
plugin_data = {
'id': self.__id if self.__id else '',
'type': self.__type if self.__type else '',
'description': self.__description if self.__description else ''
}
if self.__verbose > 0:
Output.emphasized('\nRunning plugin "%s"...\n' % self.__name,
[self.__name])
if self.__config_file.has_option('properties', 'requires'):
self.__requires = self.__config_file.get(
'properties', 'requires').split(';')
self.__check_requirements__()
# Check for the 'cutoff' option
if self.__config_file.has_option('properties', 'cutoff'):
self.__cutoff = self.__config_file.getboolean(
'properties', 'cutoff')
# Check for the 'strike_zone' option
if self.__config_file.has_option('properties', 'strike_zone'):
self.__strike_zone = self.__config_file.getboolean(
'properties', 'strike_zone')
# Check for the 'file_must_exist' option
if self.__config_file.has_option('properties', 'file_must_exist'):
self.__file_must_exist = self.__config_file.getboolean(
'properties', 'file_must_exist')
# Check for the 'exclude' option
if self.__config_file.has_option('properties', 'exclude'):
self.__exclude = self.__config_file.get(
'properties', 'exclude').split(',')
for excluding_profile in self.__exclude:
excluding_profile = excluding_profile.strip()
if excluding_profile in self.__alienvault_config[
'hw_profile']:
raise PluginError(
msg='Plugin cannot be executed in %s' %
self.__alienvault_config['hw_profile'],
plugin=self.__name,
plugin_data=plugin_data)
# Check for the 'limit' option (in kbytes), used in combination with the raw data output. '0' means no limit.
if self.__raw and self.__config_file.has_option(
'properties', 'raw_limit'):
self.__raw_limit = self.__config_file.getint(
'properties', 'raw_limit')
# Check for profile & version where this plugin is relevant.
if self.__config_file.has_option('properties', 'profiles'):
profiles_versions = self.__config_file.get(
'properties', 'profiles')
self.__profiles = [(x.partition(':')[0], x.partition(':')[2])
for x in profiles_versions.split(';')]
for (profile, version) in self.__profiles:
if profile == '' or version == '':
raise PluginError(
msg='Empty profile or version in "profiles" field',
plugin=self.__name,
plugin_data=plugin_data)
if profile not in self.__alienvault_config['sw_profile'] and \
profile != self.__alienvault_config['hw_profile']:
raise PluginError(
msg='Profile "%s" does not match installed profiles'
% profile,
plugin=self.__name,
plugin_data=plugin_data)
if version.startswith('>'):
ret = LooseVersion(self.__alienvault_config['version']
) > LooseVersion(version[1:])
elif version.startswith('<'):
ret = LooseVersion(self.__alienvault_config['version']
) < LooseVersion(version[1:])
elif version.startswith('=='):
ret = LooseVersion(self.__alienvault_config['version']
) == LooseVersion(version[2:])
elif version.startswith('!='):
ret = LooseVersion(self.__alienvault_config['version']
) != LooseVersion(version[2:])
else:
raise PluginError(
msg=
'Profile "%s" version does not match installed profiles'
% profile,
plugin=self.__name,
plugin_data=plugin_data)
# Ugly...
if self.__type == 'file':
self.__init_file__()
elif self.__type == 'command':
self.__init_command__()
elif self.__type == 'db':
self.__init_db__()
elif self.__type == 'hardware':
pass
else:
raise PluginError(msg='Unknown type',
plugin=self.__name,
plugin_data=plugin_data)
# Parse 'check' sections.
sections = self.__config_file.sections()
for section in sections:
if section != 'properties':
check = Check(self, section)
needs_deletion = False
if not check.check_appliance_type(
self.__alienvault_config['hw_profile'],
self.__appliance_type_list):
Output.warning(
"\nCheck %s is not meant to be run in %s" %
(section, self.__alienvault_config['hw_profile']))
needs_deletion = True
elif not check.check_version(
self.__alienvault_config['version']):
Output.warning(
"\nCheck %s cannot be run in version %s" %
(section, self.__alienvault_config['version']))
needs_deletion = True
elif not check.check_version_type():
Output.warning(
"\nCheck %s is not meant to be run in a %s license"
%
(section, self.__alienvault_config['versiontype']))
needs_deletion = True
if not needs_deletion:
self.__checks.append(check)
else:
del check
except PluginError:
raise
except PluginConfigParserError:
raise
except CheckError as e:
plugin_data = {
'id': self.__id if self.__id else '',
'type': self.__type if self.__type else '',
'description': self.__description if self.__description else ''
}
raise PluginError(msg=e.msg,
plugin=e.plugin,
plugin_data=plugin_data)
except Exception as e:
raise PluginError(msg='%s' % str(e),
plugin=filename,
plugin_data={})
