def validation(): """Check if Wazuh configuration is OK. :return: AffectedItemsWazuhResult. """ result = AffectedItemsWazuhResult(**_validation_default_result_kwargs) try: response = validate_ossec_conf() result.affected_items.append({'name': node_id, **response}) result.total_affected_items += 1 except WazuhError as e: result.add_failed_item(id_=node_id, error=e) return result
def get_node_wrapper(): """ Wrapper for get_node :return: AffectedItemsWazuhResult """ result = AffectedItemsWazuhResult( all_msg='All selected information was returned', none_msg='No information was returned') try: result.affected_items.append(get_node()) except WazuhError as e: result.add_failed_item(id_=node_id, error=e) result.total_affected_items = len(result.affected_items) return result
def read_config_wrapper(): """ Wrapper for read_config :return: AffectedItemsWazuhResult """ result = AffectedItemsWazuhResult( all_msg='All selected information is shown', none_msg='No information is shown') try: result.affected_items.append(read_config()) except WazuhError as e: result.add_failed_item(id_=node_id, error=e) result.total_affected_items = len(result.affected_items) return result
def get_distinct_agents(agent_list=None, offset=0, limit=common.database_limit, sort=None, search=None, select=None, fields=None, q=None): """ Gets all the different combinations that all system agents have for the selected fields. It also indicates the total number of agents that have each combination. :param agent_list: List of agents ID's. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}. :param select: Select fields to return. Format: {"fields":["field1","field2"]}. :param search: Looks for items with the specified string. Format: {"fields": ["field1","field2"]} :param q: Defines query to filter in DB. :param fields: Fields to group by :return: WazuhResult """ result = AffectedItemsWazuhResult( all_msg='All selected agents information was returned', some_msg='Some agents information was not returned', none_msg='No agent information was returned') if len(agent_list) != 0: rbac_filters = get_rbac_filters(system_resources=get_agents_info(), permitted_resources=agent_list) db_query = WazuhDBQueryGroupByAgents(filter_fields=fields, offset=offset, limit=limit, sort=sort, search=search, select=select, query=q, min_select_fields=set(), count=True, get_data=True, **rbac_filters) data = db_query.run() result.affected_items.extend(data['items']) result.total_affected_items = data['totalItems'] return result
def get_sca_list(agent_list=None, q="", offset=0, limit=common.database_limit, sort=None, search=None, select=None, filters=None): """ Get a list of policies analyzed in the configuration assessment for a given agent :param agent_list: agent id to get policies from :param q: Defines query to filter in DB. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}. :param search: Looks for items with the specified string. Format: {"fields": ["field1","field2"]} :param select: Select fields to return. Format: {"fields":["field1","field2"]}. :param filters: Define field filters required by the user. Format: {"field1":"value1", "field2":["value2","value3"]} :return: AffectedItemsWazuhResult """ result = AffectedItemsWazuhResult( all_msg='All selected sca information was returned', some_msg='Some sca information was not returned', none_msg='No sca information was returned') if len(agent_list) != 0: if agent_list[0] in get_agents_info(): select = list( fields_translation_sca.keys()) if select is None else select db_query = WazuhDBQuerySCA(agent_id=agent_list[0], offset=offset, limit=limit, sort=sort, search=search, select=select, count=True, get_data=True, query=q, filters=filters) data = db_query.run() result.affected_items.extend(data['items']) result.total_affected_items = data['totalItems'] else: result.add_failed_item(id_=agent_list[0], error=WazuhResourceNotFound(1701)) return result
def get_agents_sync_group(agent_list=None): """Get agents configuration sync status. :param agent_list: List of agents ID's. :return AffectedItemsWazuhResult. """ result = AffectedItemsWazuhResult( all_msg='Sync info was returned for all selected agents', some_msg='Sync info was not returned for some selected agents', none_msg='No sync info was returned', ) system_agents = get_agents_info() for agent_id in agent_list: try: if agent_id == "000": raise WazuhError(1703) if agent_id not in system_agents: raise WazuhResourceNotFound(1701) else: # Check if agent exists and it is active agent_info = Agent(agent_id).get_basic_information() # Check if it has a multigroup if len(agent_info['group']) > 1: multi_group = ','.join(agent_info['group']) multi_group = hashlib.sha256( multi_group.encode()).hexdigest()[:8] group_merged_path = path.join(common.multi_groups_path, multi_group, "merged.mg") else: group_merged_path = path.join(common.shared_path, agent_info['group'][0], "merged.mg") result.affected_items.append({ 'id': agent_id, 'synced': md5(group_merged_path) == agent_info['mergedSum'] }) except (IOError, KeyError): # The file couldn't be opened and therefore the group has not been synced result.affected_items.append({'id': agent_id, 'synced': False}) except WazuhException as e: result.add_failed_item(id_=agent_id, error=e) result.total_affected_items = len(result.affected_items) return result
def get_decoder_file( filename: str, raw: bool = False) -> Union[str, AffectedItemsWazuhResult]: """Read content of specified file. Parameters ---------- filename : str Name of the decoder file. raw : bool Whether to return the content in raw format (str->XML) or JSON. Returns ------- str or dict Content of the file. AffectedItemsWazuhResult format if `raw=False`. """ result = AffectedItemsWazuhResult(none_msg='No decoder was returned', all_msg='Selected decoder was returned') decoders = get_decoders_files(filename=filename).affected_items if len(decoders) > 0: decoder_path = decoders[0]['relative_dirname'] try: full_path = join(common.ossec_path, decoder_path, filename) with open(full_path) as f: file_content = f.read() if raw: result = file_content else: # Missing root tag in decoder file result.affected_items.append( xmltodict.parse(f'<root>{file_content}</root>')['root']) result.total_affected_items = 1 except ExpatError as e: result.add_failed_item( id_=filename, error=WazuhError( 1501, extra_message= f"{join('WAZUH_HOME', decoder_path, filename)}:" f" {str(e)}")) except OSError: result.add_failed_item( id_=filename, error=WazuhError(1502, extra_message=join('WAZUH_HOME', decoder_path, filename))) else: result.add_failed_item(id_=filename, error=WazuhError(1503)) return result
def run(agent_list: Union[str, None] = None) -> AffectedItemsWazuhResult: """Run a syscheck scan in the specified agents. Parameters ---------- agent_list : Union[str, None] List of the agents IDs to run the scan for. Returns ------- result : AffectedItemsWazuhResult Confirmation/Error message. """ result = AffectedItemsWazuhResult( all_msg='Syscheck scan was restarted on returned agents', some_msg='Syscheck scan was not restarted on some agents', none_msg='No syscheck scan was restarted') system_agents = get_agents_info() rbac_filters = get_rbac_filters(system_resources=system_agents, permitted_resources=agent_list) agent_list = set(agent_list) not_found_agents = agent_list - system_agents # Add non existent agents to failed_items [ result.add_failed_item(id_=agent, error=WazuhResourceNotFound(1701)) for agent in not_found_agents ] # Add non eligible agents to failed_items with WazuhDBQueryAgents(limit=None, select=["id", "status"], query='status!=active', **rbac_filters) as db_query: non_eligible_agents = db_query.run()['items'] [ result.add_failed_item(id_=agent['id'], error=WazuhError(1707)) for agent in non_eligible_agents ] wq = WazuhQueue(common.ARQUEUE) eligible_agents = agent_list - not_found_agents - { d['id'] for d in non_eligible_agents } for agent_id in eligible_agents: try: wq.send_msg_to_agent(WazuhQueue.HC_SK_RESTART, agent_id) result.affected_items.append(agent_id) except WazuhError as e: result.add_failed_item(id_=agent_id, error=e) wq.close() result.affected_items = sorted(result.affected_items, key=int) result.total_affected_items = len(result.affected_items) return result
def run_command(agent_list: list = None, command: str = '', arguments: list = None, custom: bool = False, alert: dict = None) -> AffectedItemsWazuhResult: """Run AR command in a specific agent. Parameters ---------- agent_list : list Agents list that will run the AR command. command : str Command running in the agents. If this value starts with !, then it refers to a script name instead of a command name. custom : bool Whether the specified command is a custom command or not. arguments : list Command arguments. alert : dict Alert information depending on the AR executed. Returns ------- AffectedItemsWazuhResult. """ result = AffectedItemsWazuhResult( all_msg='AR command was sent to all agents', some_msg='AR command was not sent to some agents', none_msg='AR command was not sent to any agent') if agent_list: wq = WazuhQueue(common.ARQUEUE) system_agents = get_agents_info() for agent_id in agent_list: try: if agent_id not in system_agents: raise WazuhResourceNotFound(1701) if agent_id == "000": raise WazuhError(1703) active_response.send_ar_message(agent_id, wq, command, arguments, custom, alert) result.affected_items.append(agent_id) result.total_affected_items += 1 except WazuhException as e: result.add_failed_item(id_=agent_id, error=e) result.affected_items.sort(key=int) wq.close() return result
def test_DistributedAPI_tmp_file(mock_cluster_status): """Test the behaviour when processing temporal files to be send. Master node and unknown node.""" open('/tmp/dapi_file.txt', 'a').close() with patch('wazuh.core.cluster.cluster.get_node', return_value={ 'type': 'master', 'node': 'unknown' }): with patch('wazuh.core.cluster.dapi.dapi.get_node_wrapper', return_value=AffectedItemsWazuhResult( affected_items=[{ 'type': 'master', 'node': 'unknown' }])): dapi_kwargs = { 'f': manager.status, 'logger': logger, 'request_type': 'distributed_master', 'f_kwargs': { 'tmp_file': '/tmp/dapi_file.txt' } } raise_if_exc_routine(dapi_kwargs=dapi_kwargs) open('/tmp/dapi_file.txt', 'a').close() with patch('wazuh.core.cluster.cluster.get_node', return_value={ 'type': 'unk', 'node': 'master' }): raise_if_exc_routine(dapi_kwargs=dapi_kwargs)
def get_status(): """Wrapper for status(). :return: AffectedItemsWazuhResult """ result = AffectedItemsWazuhResult( all_msg=f"Processes status was successfully read" f"{' in specified node' if node_id != 'manager' else ''}", some_msg='Could not read basic information in some nodes', none_msg=f"Could not read processes status" f"{' in specified node' if node_id != 'manager' else ''}") result.affected_items.append(status()) result.total_affected_items = len(result.affected_items) return result
def test_get_rules_file_failed(mock_config, item, file_, error_code): """Test downloading a specified rule filter.""" with patch('wazuh.rule.get_rules_files', return_value=AffectedItemsWazuhResult( all_msg='test', affected_items=item)): result = rule.get_rule_file(filename=file_) assert not result.affected_items assert result.render()['data']['failed_items'][0]['error']['code'] == error_code
async def get_health_nodes(lc: local_client.LocalClient, filter_node=None): """ Wrapper for get_health """ result = AffectedItemsWazuhResult( all_msg='All selected nodes healthcheck information was returned', some_msg='Some nodes healthcheck information was not returned', none_msg='No healthcheck information was returned') data = await get_health(lc, filter_node=filter_node) for v in data['nodes'].values(): result.affected_items.append(v) result.affected_items = sorted(result.affected_items, key=lambda i: i['info']['name']) result.total_affected_items = len(result.affected_items) return result
def test_results_AffectedItemsWazuhResult___or__(get_wazuh_failed_item): """Test method `__or__` from class `AffectedItemsWazuhResult`.""" agent_list_1 = ['001', '002'] agent_list_2 = ['004', '003'] affected_item_1 = AffectedItemsWazuhResult(affected_items=deepcopy(agent_list_1)) affected_item_2 = AffectedItemsWazuhResult(affected_items=deepcopy(agent_list_2)) failed_item = get_wazuh_failed_item # Expect 'affected_items': ['001', '002', '003'] or_result_1 = affected_item_1 | affected_item_2 assert set(agent_list_1 + agent_list_2) == set(or_result_1.affected_items) assert not or_result_1.failed_items # Expect new failed_item or_result_2 = or_result_1 | failed_item assert or_result_2.failed_items == failed_item.failed_items
def get_agents(agent_list=None, offset=0, limit=common.database_limit, sort=None, search=None, select=None, filters=None, q=None): """Gets a list of available agents with basic attributes. :param agent_list: List of agents ID's. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}. :param select: Select fields to return. Format: {"fields":["field1","field2"]}. :param search: Looks for items with the specified string. Format: {"fields": ["field1","field2"]} :param filters: Defines required field filters. Format: {"field1":"value1", "field2":["value2","value3"]} :param q: Defines query to filter in DB. :return: AffectedItemsWazuhResult. """ result = AffectedItemsWazuhResult( all_msg='All selected agents information was returned', some_msg='Some agents information was not returned', none_msg='No agent information was returned') if len(agent_list) != 0: if filters is None: filters = dict() filters['id'] = agent_list system_agents = get_agents_info() for agent_id in agent_list: if agent_id not in system_agents: result.add_failed_item(id_=agent_id, error=WazuhResourceNotFound(1701)) db_query = WazuhDBQueryAgents(offset=offset, limit=limit, sort=sort, search=search, select=select, filters=filters, query=q) data = db_query.run() result.affected_items.extend(data['items']) result.total_affected_items = data['totalItems'] return result
def upload_decoder_file(filename: str, content: str, overwrite: bool = False) -> AffectedItemsWazuhResult: """Upload a new decoder file or update an existing one. Parameters ---------- filename : str Name of the decoder file. content : str Content of the file. It must be a valid XML file. overwrite : bool True for updating existing files. False otherwise. Returns ------- AffectedItemsWazuhResult """ result = AffectedItemsWazuhResult( all_msg='Decoder was successfully uploaded', none_msg='Could not upload decoder') full_path = join(common.user_decoders_path, filename) backup_file = '' try: if len(content) == 0: raise WazuhError(1112) validate_wazuh_xml(content) # If file already exists and overwrite is False, raise exception if not overwrite and exists(full_path): raise WazuhError(1905) elif overwrite and exists(full_path): backup_file = f'{full_path}.backup' delete_file_with_backup(backup_file, full_path, delete_decoder_file) upload_file(content, to_relative_path(full_path)) result.affected_items.append(to_relative_path(full_path)) result.total_affected_items = len(result.affected_items) backup_file and exists(backup_file) and remove(backup_file) except WazuhError as e: result.add_failed_item(id_=to_relative_path(full_path), error=e) finally: exists(backup_file) and safe_move( backup_file, full_path, permissions=0o0660) return result
def set_user_role(user_id, role_ids, position=None): """Create a relationship between a user and a role. Parameters ---------- user_id : str User ID role_ids : list of int List of role ids position : int Position where the new role will be inserted Returns ------- Dict User-Roles information """ if position is not None and position < 0: raise WazuhError(4018) result = AffectedItemsWazuhResult(none_msg=f'No link created to user {user_id[0]}', some_msg=f'Some roles could not be linked to user {user_id[0]}', all_msg=f'All roles were linked to user {user_id[0]}') success = False with UserRolesManager() as urm: for role_id in role_ids: user_role = urm.add_role_to_user(user_id=user_id[0], role_id=role_id, position=position) if user_role == SecurityError.ALREADY_EXIST: result.add_failed_item(id_=role_id, error=WazuhError(4017)) elif user_role == SecurityError.ROLE_NOT_EXIST: result.add_failed_item(id_=role_id, error=WazuhError(4002)) elif user_role == SecurityError.USER_NOT_EXIST: result.add_failed_item(id_=user_id[0], error=WazuhError(5001)) break elif user_role == SecurityError.ADMIN_RESOURCES: result.add_failed_item(id_=user_id[0], error=WazuhError(4008)) else: success = True result.total_affected_items += 1 if position is not None: position += 1 if success: with AuthenticationManager() as auth: result.affected_items.append(auth.get_user_id(user_id[0])) result.affected_items.sort(key=str) invalid_users_tokens(users=[user_id[0]]) return result
def get_rootcheck_agent(agent_list=None, offset=0, limit=common.database_limit, sort=None, search=None, select=None, filters=None, q='', distinct=None): """Return a list of events from the rootcheck database. Parameters ---------- agent_list : list Agent ID to get the rootcheck events from. offset : int First element to return in the collection. limit : int Maximum number of elements to return. sort : str Sort the collection by a field or fields (separated by comma). Use +/- at the beginning to list in ascending or descending order. search : str Look for elements with the specified string. select : str Select which fields to return (separated by comma). q : str Query to filter results by. distinct : bool Look for distinct values. filters : dict Fields to filter by. Returns ------- result : AffectedItemsWazuhResult JSON containing the rootcheck events. """ if filters is None: filters = {} result = AffectedItemsWazuhResult(all_msg='All selected rootcheck information was returned', some_msg='Some rootcheck information was not returned', none_msg='No rootcheck information was returned' ) with WazuhDBQueryRootcheck(agent_id=agent_list[0], offset=offset, limit=limit, sort=sort, search=search, select=select, count=True, get_data=True, query=q, filters=filters, distinct=distinct) as db_query: data = db_query.run() result.affected_items.extend(data['items']) result.total_affected_items = data['totalItems'] return result
def update_ossec_conf(new_conf=None): """ Replace wazuh configuration (ossec.conf) with the provided configuration. Parameters ---------- new_conf: str The new configuration to be applied. """ result = AffectedItemsWazuhResult( all_msg=f"Configuration was successfully updated" f"{' in specified node' if node_id != 'manager' else ''}", some_msg='Could not update configuration in some nodes', none_msg=f"Could not update configuration" f"{' in specified node' if node_id != 'manager' else ''}") backup_file = f'{common.ossec_conf}.backup' try: # Check a configuration has been provided if not new_conf: raise WazuhError(1125) # Check if the configuration is valid validate_wazuh_xml(new_conf, config_file=True) # Create a backup of the current configuration before attempting to replace it try: copyfile(common.ossec_conf, backup_file) except IOError: raise WazuhError(1019) # Write the new configuration and validate it write_ossec_conf(new_conf) is_valid = validate_ossec_conf() if not isinstance(is_valid, dict) or ('status' in is_valid and is_valid['status'] != 'OK'): raise WazuhError(1125) else: result.affected_items.append(node_id) exists(backup_file) and remove(backup_file) except WazuhError as e: result.add_failed_item(id_=node_id, error=e) finally: exists(backup_file) and safe_move(backup_file, common.ossec_conf) result.total_affected_items = len(result.affected_items) return result
def mitre_metadata() -> Dict: """Return the metadata of the MITRE's database Returns ------- Metadata of MITRE's db """ result = AffectedItemsWazuhResult(none_msg='No MITRE metadata information was returned', all_msg='MITRE Metadata information was returned') db_query = mitre.WazuhDBQueryMitreMetadata() data = db_query.run() result.affected_items.extend(data['items']) result.total_affected_items = data['totalItems'] return result
def get_upgrade_result(agent_list=None): """Read upgrade result output from agent. Parameters ---------- agent_list : list List of agent ID's. Returns ------- Upgrade result. """ result = AffectedItemsWazuhResult( all_msg='All upgrade tasks were returned', some_msg='Some upgrade tasks were not returned', none_msg='No upgrade task was returned') agent_list = list( map(int, agents_padding(result=result, agent_list=agent_list))) agents_result_chunks = [ agent_list[x:x + 100] for x in range(0, len(agent_list), 100) ] task_results = list() for agents_chunk in agents_result_chunks: task_results.append( core_upgrade_agents(agents_chunk=agents_chunk, get_result=True)) for task_result_chunk in task_results: for task_result in task_result_chunk['data']: task_error = task_result.pop('error') if task_error == 0: task_result['agent'] = str(task_result['agent']).zfill(3) result.affected_items.append(task_result) result.total_affected_items += 1 else: error = WazuhError(code=1810 + task_error, cmd_error=True, extra_message=task_result['message']) result.add_failed_item(id_=str( task_result.pop('agent')).zfill(3), error=error) result.affected_items = sorted(result.affected_items, key=lambda k: k['agent']) return result
def set_role_policy(role_id, policy_ids, position=None): """Create a relationship between a role and a policy Parameters ---------- role_id : int The new role_id policy_ids : list of int List of policy IDs position : int Position where the new role will be inserted Returns ------- dict Role-Policies information """ result = AffectedItemsWazuhResult(none_msg=f'No link was created to role {role_id[0]}', some_msg=f'Some policies were not linked to role {role_id[0]}', all_msg=f'All policies were linked to role {role_id[0]}') success = False with RolesPoliciesManager() as rpm: for policy_id in policy_ids: policy_id = int(policy_id) role_policy = rpm.add_policy_to_role(role_id=role_id[0], policy_id=policy_id, position=position) if role_policy == SecurityError.ALREADY_EXIST: result.add_failed_item(id_=policy_id, error=WazuhError(4011)) elif role_policy == SecurityError.ROLE_NOT_EXIST: result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4002)) elif role_policy == SecurityError.POLICY_NOT_EXIST: result.add_failed_item(id_=policy_id, error=WazuhError(4007)) elif role_policy == SecurityError.ADMIN_RESOURCES: result.add_failed_item(id_=int(role_id[0]), error=WazuhError(4008)) else: success = True result.total_affected_items += 1 if position is not None: position += 1 if success: with RolesManager() as rm: result.affected_items.append(rm.get_role_id(role_id=role_id[0])) role = rm.get_role_id(role_id=role_id[0]) invalid_roles_tokens(roles=[role['id']]) result.affected_items.sort(key=str) return result
def clear(agent_list=None): """Clear the rootcheck database for a list of agents. Parameters ---------- agent_list : list List of agent ids. Returns ------- result : AffectedItemsWazuhResult JSON containing the affected agents. """ result = AffectedItemsWazuhResult( all_msg='Rootcheck database was cleared on returned agents', some_msg='Rootcheck database was not cleared on some agents', none_msg="No rootcheck database was cleared") wdb_conn = WazuhDBConnection() for agent_id in agent_list: if agent_id not in get_agents_info(): result.add_failed_item(id_=agent_id, error=WazuhResourceNotFound(1701)) else: try: wdb_conn.execute(f"agent {agent_id} rootcheck delete", delete=True) result.affected_items.append(agent_id) except WazuhError as e: result.add_failed_item(id_=agent_id, error=e) result.affected_items.sort(key=int) result.total_affected_items = len(result.affected_items) return result
def remove_policies(policy_ids=None): """Removes a certain policy from the system :param policy_ids: ID of the policy to be removed (All for all policies) :return Result of operation """ result = AffectedItemsWazuhResult( none_msg='No policy was deleted', some_msg='Some policies were not deleted', all_msg='All specified policies were deleted') with PoliciesManager() as pm: for p_id in policy_ids: policy = pm.get_policy_id(int(p_id)) policy_delete = pm.delete_policy(int(p_id)) if policy_delete == SecurityError.ADMIN_RESOURCES: result.add_failed_item(id_=p_id, error=WazuhError(4008)) elif not policy_delete: result.add_failed_item(id_=p_id, error=WazuhError(4007)) elif policy: result.affected_items.append(policy) result.total_affected_items += 1 invalid_roles_tokens(roles=policy['roles']) result.affected_items = sorted(result.affected_items, key=lambda i: i['id']) return result
def remove_rules(rule_ids=None): """Remove a rule from the system. :param rule_ids: List of rule ids (None for all rules) :return Result of operation """ result = AffectedItemsWazuhResult( none_msg='No security rule was deleted', some_msg='Some security rules were not deleted', all_msg='All specified security rules were deleted') with RulesManager() as rum: for r_id in rule_ids: rule = rum.get_rule(int(r_id)) role_delete = rum.delete_rule(int(r_id)) if role_delete == SecurityError.ADMIN_RESOURCES: result.add_failed_item(id_=r_id, error=WazuhError(4008)) elif not role_delete: result.add_failed_item(id_=r_id, error=WazuhError(4022)) elif rule: result.affected_items.append(rule) result.total_affected_items += 1 invalid_roles_tokens(roles=rule['roles']) result.affected_items = sorted(result.affected_items, key=lambda i: i['id']) return result
def get_outdated_agents(agent_list=None, offset=0, limit=common.database_limit, sort=None, search=None, select=None, q=None): """Gets the outdated agents. :param agent_list: List of agents ID's. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}. :param search: Looks for items with the specified string. :param select: Select fields to return. Format: {"fields":["field1","field2"]}. :param q: Defines query to filter in DB. :return: AffectedItemsWazuhResult. """ result = AffectedItemsWazuhResult( all_msg='All selected agents information was returned', some_msg='Some agents information was not returned', none_msg='No agent information was returned') if agent_list: # Get manager version manager = Agent(id='000') manager.load_info_from_db() select = ['version', 'id', 'name'] if select is None else select rbac_filters = get_rbac_filters(system_resources=get_agents_info(), permitted_resources=agent_list) db_query = WazuhDBQueryAgents(offset=offset, limit=limit, sort=sort, search=search, select=select, query=f"version!={manager.version}" + (';' + q if q else ''), **rbac_filters) data = db_query.run() result.affected_items = data['items'] result.total_affected_items = data['totalItems'] return result
def create_user(username: str = None, password: str = None): """Create a new user Parameters ---------- username : str Name for the new user password : str Password for the new user Returns ------- result : AffectedItemsWazuhResult Status message """ if len(password) > 64 or len(password) < 8: raise WazuhError(5009) elif not _user_password.match(password): raise WazuhError(5007) result = AffectedItemsWazuhResult(none_msg='User could not be created', all_msg='User was successfully created') with AuthenticationManager() as auth: if auth.add_user(username, password): operation = auth.get_user(username) if operation: result.affected_items.append(operation) result.total_affected_items = 1 else: result.add_failed_item(id_=username, error=WazuhError(5000)) else: result.add_failed_item(id_=username, error=WazuhError(5000)) return result
def clear(agent_list=None): """Clear the syscheck database for a list of agents. :param agent_list: List of agent ids :return: AffectedItemsWazuhResult. """ result = AffectedItemsWazuhResult(all_msg='Syscheck database was cleared on returned agents', some_msg='Syscheck database was not cleared on some agents', none_msg="No syscheck database was cleared") wdb_conn = WazuhDBConnection() for agent in agent_list: if agent not in get_agents_info(): result.add_failed_item(id_=agent, error=WazuhResourceNotFound(1701)) else: try: wdb_conn.execute("agent {} sql delete from fim_entry".format(agent), delete=True) # Update key fields which contains keys to value 000 wdb_conn.execute("agent {} sql update metadata set value = '000' " "where key like 'fim_db%'".format(agent), update=True) wdb_conn.execute("agent {} sql update metadata set value = '000' " "where key = 'syscheck-db-completed'".format(agent), update=True) result.affected_items.append(agent) except WazuhError as e: result.add_failed_item(id_=agent, error=e) result.affected_items.sort(key=int) result.total_affected_items = len(result.affected_items) return result
def get_rule_file(filename=None, raw=False): """Read content of specified file. Parameters ---------- filename : str, optional Name of the rule file. Default `None` raw : bool, optional Whether to return the content in raw format (str->XML) or JSON. Default `False` (JSON format) Returns ------- str or dict Content of the file. AffectedItemsWazuhResult format if `raw=False`. """ result = AffectedItemsWazuhResult(none_msg='No rule was returned', all_msg='Selected rule was returned') files = get_rules_files(filename=filename).affected_items if len(files) > 0: rules_path = files[0]['relative_dirname'] try: full_path = join(common.ossec_path, rules_path, filename) with open(full_path) as f: content = f.read() if raw: result = content else: # Missing root tag in rule file result.affected_items.append( xmltodict.parse(f'<root>{content}</root>')['root']) result.total_affected_items = 1 except ExpatError as e: result.add_failed_item( id_=filename, error=WazuhError( 1413, extra_message=f"{join('WAZUH_HOME', rules_path, filename)}:" f" {str(e)}")) except OSError: result.add_failed_item(id_=filename, error=WazuhError(1414, extra_message=join( 'WAZUH_HOME', rules_path, filename))) else: result.add_failed_item(id_=filename, error=WazuhError(1415)) return result
def get_users(user_ids: list = None, offset: int = 0, limit: int = common.database_limit, sort_by: dict = None, sort_ascending: bool = True, search_text: str = None, complementary_search: bool = False, search_in_fields: list = None): """Get the information of a specified user Parameters ---------- user_ids : list List of user ids offset : int First item to return limit : int Maximum number of items to return sort_by : dict Fields to sort the items by. Format: {"fields":["field1","field2"],"order":"asc|desc"} sort_ascending : bool Sort in ascending (true) or descending (false) order search_text : str Text to search complementary_search : bool Find items without the text to search search_in_fields : list Fields to search in Returns ------- AffectedItemsWazuhResult with the desired information """ result = AffectedItemsWazuhResult(none_msg='No user was returned', some_msg='Some users were not returned', all_msg='All specified users were returned') affected_items = list() with AuthenticationManager() as auth: for user_id in user_ids: user_id = int(user_id) user = auth.get_user_id(user_id) affected_items.append(user) if user else result.add_failed_item(id_=user_id, error=WazuhError(5001)) data = process_array(affected_items, search_text=search_text, search_in_fields=search_in_fields, complementary_search=complementary_search, sort_by=sort_by, sort_ascending=sort_ascending, offset=offset, limit=limit) result.affected_items = data['items'] result.total_affected_items = data['totalItems'] return result