def process(self, data, base_response):
logger.info("Sniffer Manager: Processing: %s" % data)
'''
control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eth="eth0,eth1,..ethx" hosts="192.168.1.2,192.168.1.3,..." nets="10.0.0.0/8,10.2.0.0/8,.."
#capsize packets
control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eth="eth0" cap_size="20" raw_filter="src port 40001 and dsp port 3338"
control action="net_scan_capture_list" sensor="id_sensor"
control action="net_scan_capture_get" id="ID_CAPTURE"
control action="net_scan_capture_delete" id="ID_CAPTURE"
control action="net_scan_status"
control action="net_scan_stop"
'''
response = []
action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
if action == "net_scan":
free_space = self.getDiskUsage('/var/ossim')
check = (MIN_FREE_SPACE / MEGABYTE)
if free_space < (MIN_FREE_SPACE / MEGABYTE):
response.append(base_response + ' status="-1" %s ackend\n' % (ControlError.get(3006)))
return response
device = Utils.get_var("eth=\"(\S+)\"" , data)
if device not in self.__availableInterfaces:
return response.append(base_response + ' %s ackend\n' % ControlError.get(3002))
tmp_capture_size = Utils.get_var("cap_size=\"(\d+)\"" , data)
capture_size = 0
if tmp_capture_size:
try:
capture_size = int(tmp_capture_size)
except TypeError:
capture_size = 0
logger.warning("Invalid Caputure size: %s" % tmp_capture_size)
capture_name = Utils.get_var("scan_name=\"([0-9A-Za-z_\.]+)\"", data)
try:
tmp = Utils.get_var("timeout=\"(\d+)\"", data)
if tmp != "":
timeout = int(tmp)
else:
timeout = 60
except TypeError:
timeout = 60
if device:
if self.__sniffer.status() == SnifferStatus.RUNNING_SCAN or self.__sniffer.status() == SnifferStatus.WORKING:
logger.info("Scan already in progress: %i" % self.__sniffer.status())
response.append(base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(3001)))
else:
#timestamp = datetime.datetime.today().strftime("%Y%m%d%H%M00")
#cap_file_name = "net_scan_%s_%s.pcap" % (device, timestamp)
cap_file_path = "%s/%s" % (self.__sniffer_captures_path, capture_name)
self.__sniffer.set_data_to_build_filter(data)
self.__sniffer.set_capture_file(cap_file_path)
self.__sniffer.set_device(device)
self.__sniffer.set_timeout(timeout)
self.__sniffer.set_capture_size(capture_size)
self.__sniffer.run_scan()
self.__scan_in_progress = True
self.__timeout_scan_in_progress = timeout
self.__start_time_scan_in_progress = time.time()
response.append(base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(0)))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(3002))
elif action == "net_scan_stop":
if self.__sniffer.status() > 0:
self.__sniffer.stopScan()
response.append(base_response + ' %s ackend\n' % (ControlError.get(0)))
else:
response.append(base_response + ' status="-1" %s ackend\n' % ControlError.get(3007))
elif action == "net_scan_status":
if self.__sniffer.status() == -1:
response.append(base_response + ' status="-1" error="%s" ackend\n' % (self.__sniffer.get_error()))
else:
response.append(base_response + ' %s %s ackend\n' % (self.__sniffer.getStatusString(), ControlError.get(0)))
elif action == "net_scan_capture_list":
capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)
for p in capture_files:
base_response += ' capture="%s"' % p
response.append(base_response + ' count="%i" %s ackend\n' % (len(capture_files), ControlError.get(0)))
elif action == "net_scan_capture_get":
path = Utils.get_var("path=\"([0-9A-Za-z_\.]+)\"", data)
# only valid paths should get through
if path != "":
# ensure we are not after the current working report
if path != self.__sniffer.get_working_capture_path():
filename = "%s/%s" % (self.__sniffer_captures_path, path)
if not os.path.isfile(filename):
response.append(base_response + '%s ackend\n' % ControlError.get(3004))
else:
capture_response, capture_len = self.__get_capture_file_data (filename)
response.append(base_response + ' data="%s" datalen="%s" %s ackend\n' % (capture_response, capture_len, ControlError.get(0)))
else:
response.append(base_response + '%s ackend\n' % ControlError.get(3005))
else:
print "path?"
response.append(base_response + ' %s ackend\n' % ControlError.get(3003))
elif action == "net_scan_capture_delete":
path = Utils.get_var("path=\"([^\"]+)\"", data)
capture_file = self.__get_capture_file(path)
if path == "*":
logger.debug("Deleting all captures(s)")
capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)
for f in capture_files:
pcap_file = self.__get_capture_file(f)
os.unlink(pcap_file)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
elif capture_file != "":
logger.debug("Deleting report at: %s" % capture_file)
os.unlink(capture_file)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(3004))
# send back our response
return response
def process(self, data, base_response):
logger.debug("VAScanner Manager: Processing: %s" % data)
response = []
action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
if action == "va_scan":
target = Utils.get_vars("target=\"([\s0-9a-fA-F\.:/]+)\"", data)
if len(target):
if self.__vascanner.status() > 0:
logger.info("Scan already in progress: %i" %
self.__vascanner.status())
response.append(
base_response + ' status="%d" %s ackend\n' %
(self.__vascanner.status(), ControlError.get(2001)))
else:
# set the scan target and start the scan
self.__vascanner.set_scan_target(target)
self.__vascanner.scan_start()
response.append(
base_response + ' status="%d" %s ackend\n' %
(self.__vascanner.status(), ControlError.get(0)))
else:
response.append(base_response +
' %s ackend\n' % ControlError.get(2002))
elif action == "va_status":
if self.__vascanner.status() == -1:
response.append(base_response +
' status="-1" error="%s" ackend\n' %
(self.__vascanner.get_error()))
else:
response.append(
base_response + ' status="%d" %s ackend\n' %
(self.__vascanner.status(), ControlError.get(0)))
elif action == "va_reset":
self.__vascanner.reset_status()
if self.__vascanner.status() == -1:
logger.debug(
"Previous scan aborted raising errors, please check your logfile."
)
response.append(
base_response + ' %s ackend\n' %
ControlError.get(1, str(self.__vascanner.get_error())))
else:
response.append(base_response +
' %s ackend\n' % ControlError.get(0))
elif action == "va_report_list":
report_files = self.__get_report_file_list(
self.__vascanner_report_path)
for p in report_files:
base_response += ' report="%s"' % p
response.append(base_response + ' count="%i" %s ackend\n' %
(len(report_files), ControlError.get(0)))
elif action == "va_report_get":
path = Utils.get_var("path=\"([^\"]+)\"", data)
# only valid paths should get through
if path != "":
# ensure we are not after the current working report
if path != self.__vascanner.get_working_report_path():
report_response = self.__generate_report(
path, base_response)
response.extend(report_response)
response.append(base_response +
' %s ackend\n' % ControlError.get(0))
else:
response.append(base_response +
'%s ackend\n' % ControlError.get(2005))
else:
response.append(base_response +
' %s ackend\n' % ControlError.get(2003))
elif action == "va_report_raw_get":
path = Utils.get_var("path=\"([^\"]+)\"", data)
# only valid paths should get through
if path != "":
report_file = self.__get_report_file(path)
report_response = ControlUtil.get_file(report_file,
base_response)
response.extend(report_response)
response.append(base_response +
' %s ackend\n' % ControlError.get(0))
else:
response.append(base_response +
' %s ackend\n' % ControlError.get(2003))
elif action == "va_report_delete":
path = Utils.get_var("path=\"([^\"]+)\"", data)
report_file = self.__get_report_file(path)
if path == "*":
logger.debug("Deleting all report(s)")
report_files = self.__get_report_file_list(
self.__vascanner_report_path)
for f in report_files:
report_file = self.__get_report_file(f)
os.unlink(report_file)
response.append(base_response +
' %s ackend\n' % ControlError.get(0))
elif report_file != "":
logger.debug("Deleting report at: %s" % report_file)
os.unlink(report_file)
response.append(base_response +
' %s ackend\n' % ControlError.get(0))
else:
response.append(base_response +
' %s ackend\n' % ControlError.get(2004))
# send back our response
return response
def process(self, data, base_response):
logger.debug("Nmap Manager: Processing: %s" % data)
response = []
action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
if action == "nmap_scan":
target = Utils.get_var("target=\"([\s0-9a-fA-F\.:/\-]+)\"" , data)
scan_type = Utils.get_var("type=\"(ping|0|fast|1|normal|2|full|3|custom|4)\"" , data)
scan_timming = Utils.get_var("timming=\"(T0|T1|T2|T3|T4|T5)\"" , data)
autodect = Utils.get_var("autodetect=\"(enable|disable|enabled|disabled)\"" , data)
scan_ports = Utils.get_var("scan_ports=\"([0-9\-\,]+)\"" , data)
rdns = Utils.get_var("rdns=\"(enable|disable|enabled|disabled)\"" , data)
report_prefix = Utils.get_var("report_prefix=\"([\s0-9a-fA-F\.:/\-]+)\"" , data)
if autodect == "":
autodect = "enable"
if rdns == "":
rdns = "disable"
if scan_timming == "":
scan_timming = "T3"
# set the scan type as appropriate
if scan_type == "":
scan_type = "ping"
if report_prefix == "":
response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(2007)))
return response
self.__nmap.set_report_prefix(report_prefix)
self.__nmap.set_scan_type(scan_type)
self.__nmap.set_scan_timming(scan_timming)
self.__nmap.set_scan_autodetect(autodect)
self.__nmap.set_scan_ports(scan_ports)#only if custom
self.__nmap.set_scan_rdsn(rdns)
if scan_type == "custom" and scan_ports=="":
response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(2006)))
return response
if len(target):
if self.__nmap.status() > 0:
logger.info("Scan already in progress: %i" % self.__nmap.status())
response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(2001)))
else:
# set the scan target and start the scan
self.__nmap.set_scan_target(target)
self.__nmap.scan_start()
response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(0)))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(2002))
elif action == "nmap_status":
if self.__nmap.status() == -1:
response.append(base_response + ' status="-1" error="%s" ackend\n' % (self.__nmap.get_error()))
else:
response.append(base_response + ' status="%d" %s ackend\n' % (self.__nmap.status(), ControlError.get(0)))
elif action == "nmap_reset":
self.__nmap.reset_status()
if self.__nmap.status() == -1:
logger.debug("Previous scan aborted raising errors, please check your logfile.")
response.append(base_response + ' %s ackend\n' % ControlError.get(1, str(self.__nmap.get_error())))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
elif action == "nmap_report_list":
report_files = self.__get_report_file_list(self.__nmap_report_path)
for p in report_files:
base_response += ' report="%s"' % p
response.append(base_response + ' count="%i" %s ackend\n' % (len(report_files), ControlError.get(0)))
elif action == "nmap_report_get":
path = Utils.get_var("path=\"([^\"]+)\"", data)
deletestr = Utils.get_var("delete=\"(yes|no|0|1|true\false)\"", data)
deletestr = deletestr.lower()
delete = False
if deletestr in ['yes','1','true']:
delete = True
# only valid paths should get through
if path != "":
# ensure we are not after the current working report
if path != self.__nmap.get_working_report_path():
report_response = self.__generate_report(path, base_response)
response.extend(report_response)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
if delete:
self.__deleteReport(path)
else:
response.append(base_response + '%s ackend\n' % ControlError.get(2005))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(2003))
elif action == "nmap_report_raw_get":
path = Utils.get_var("path=\"([^\"]+)\"", data)
deletestr = Utils.get_var("delete=\"(yes|no|0|1|true\false)\"", data)
deletestr = deletestr.lower()
delete = False
if deletestr in ['yes','1','true']:
delete = True
# only valid paths should get through
if path != "":
report_file = self.__get_report_file(path)
report_response = ControlUtil.get_file(report_file, base_response)
response.extend(report_response)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
if delete:
self.__deleteReport(path)
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(2003))
elif action == "nmap_report_delete":
path = Utils.get_var("path=\"([^\"]+)\"", data)
report_file = self.__get_report_file(path)
if path == "*":
logger.debug("Deleting all report(s)")
report_files = self.__get_report_file_list(self.__nmap_report_path)
for f in report_files:
report_file = self.__get_report_file(f)
os.unlink(report_file)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
elif report_file != "":
logger.debug("Deleting report at: %s" % report_file)
os.unlink(report_file)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(2004))
# send back our response
return response
def process(self, data, base_response):
logger.info("Sniffer Manager: Processing: %s" % data)
'''
control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eths="eth0,eth1,..ethx" hosts="192.168.1.2,192.168.1.3,..." nets="10.0.0.0/8,10.2.0.0/8,.."
control action="net_scan_capture_list" sensor="id_sensor"
control action="net_scan_capture_get" id="ID_CAPTURE"
control action="net_scan_capture_delete" id="ID_CAPTURE"
control action="net_scan_status"
'''
response = []
action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
if action == "net_scan":
device = Utils.get_var("eth=\"(eth\d)\"" , data)
capture_name = Utils.get_var("scan_name=\"([0-9A-Za-z_\.]+)\"", data)
try:
tmp = Utils.get_var("timeout=\"(\d+)\"", data)
if tmp != "":
timeout = int(tmp)
else:
timeout = 60
except TypeError:
timeout = 60
if device:
if self.__sniffer.status() > 0:
logger.info("Scan already in progress: %i" % self.__sniffer.status())
response.append(base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(3001)))
else:
#timestamp = datetime.datetime.today().strftime("%Y%m%d%H%M00")
#cap_file_name = "net_scan_%s_%s.pcap" % (device, timestamp)
cap_file_path = "%s/%s" % (self.__sniffer_captures_path, capture_name)
self.__sniffer.set_data_to_build_filter(data)
self.__sniffer.set_capture_file(cap_file_path)
self.__sniffer.set_device(device)
self.__sniffer.set_timeout(timeout)
self.__sniffer.run_scan()
self.__scan_in_progress = True
self.__timeout_scan_in_progress = timeout
self.__start_time_scan_in_progress = time.time()
response.append(base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(0)))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(3002))
elif action == "net_scan_status":
if self.__sniffer.status() == -1:
response.append(base_response + ' status="-1" error="%s" ackend\n' % (self.__sniffer.get_error()))
else:
response.append(base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(0)))
elif action == "net_scan_capture_list":
capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)
for p in capture_files:
base_response += ' capture="%s"' % p
response.append(base_response + ' count="%i" %s ackend\n' % (len(capture_files), ControlError.get(0)))
elif action == "net_scan_capture_get":
path = Utils.get_var("path=\"([0-9A-Za-z_\.]+)\"", data)
# only valid paths should get through
if path != "":
# ensure we are not after the current working report
if path != self.__sniffer.get_working_capture_path():
filename = "%s/%s" % (self.__sniffer_captures_path, path)
if not os.path.isfile(filename):
response.append(base_response + '%s ackend\n' % ControlError.get(3004))
else:
capture_response, capture_len = self.__get_capture_file_data (filename)
response.append(base_response + ' data="%s" datalen="%s" %s ackend\n' % (capture_response, capture_len, ControlError.get(0)))
else:
response.append(base_response + '%s ackend\n' % ControlError.get(3005))
else:
print "path?"
response.append(base_response + ' %s ackend\n' % ControlError.get(3003))
elif action == "net_scan_capture_delete":
path = Utils.get_var("path=\"([^\"]+)\"", data)
capture_file = self.__get_capture_file(path)
if path == "*":
logger.debug("Deleting all captures(s)")
capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)
for f in capture_files:
pcap_file = self.__get_capture_file(f)
os.unlink(pcap_file)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
elif capture_file != "":
logger.debug("Deleting report at: %s" % capture_file)
os.unlink(capture_file)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(3004))
# send back our response
return response
def process(self, data, base_response):
logger.debug("VAScanner Manager: Processing: %s" % data)
response = []
action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
if action == "va_scan":
target = Utils.get_vars("target=\"([\s0-9a-fA-F\.:/]+)\"" , data)
if len(target):
if self.__vascanner.status() > 0:
logger.info("Scan already in progress: %i" % self.__vascanner.status())
response.append(base_response + ' status="%d" %s ackend\n' % (self.__vascanner.status(), ControlError.get(2001)))
else:
# set the scan target and start the scan
self.__vascanner.set_scan_target(target)
self.__vascanner.scan_start()
response.append(base_response + ' status="%d" %s ackend\n' % (self.__vascanner.status(), ControlError.get(0)))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(2002))
elif action == "va_status":
if self.__vascanner.status() == -1:
response.append(base_response + ' status="-1" error="%s" ackend\n' % (self.__vascanner.get_error()))
else:
response.append(base_response + ' status="%d" %s ackend\n' % (self.__vascanner.status(), ControlError.get(0)))
elif action == "va_reset":
self.__vascanner.reset_status()
if self.__vascanner.status() == -1:
logger.debug("Previous scan aborted raising errors, please check your logfile.")
response.append(base_response + ' %s ackend\n' % ControlError.get(1, str(self.__vascanner.get_error())))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
elif action == "va_report_list":
report_files = self.__get_report_file_list(self.__vascanner_report_path)
for p in report_files:
base_response += ' report="%s"' % p
response.append(base_response + ' count="%i" %s ackend\n' % (len(report_files), ControlError.get(0)))
elif action == "va_report_get":
path = Utils.get_var("path=\"([^\"]+)\"", data)
# only valid paths should get through
if path != "":
# ensure we are not after the current working report
if path != self.__vascanner.get_working_report_path():
report_response = self.__generate_report(path, base_response)
response.extend(report_response)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
else:
response.append(base_response + '%s ackend\n' % ControlError.get(2005))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(2003))
elif action == "va_report_raw_get":
path = Utils.get_var("path=\"([^\"]+)\"", data)
# only valid paths should get through
if path != "":
report_file = self.__get_report_file(path)
report_response = ControlUtil.get_file(report_file, base_response)
response.extend(report_response)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(2003))
elif action == "va_report_delete":
path = Utils.get_var("path=\"([^\"]+)\"", data)
report_file = self.__get_report_file(path)
if path == "*":
logger.debug("Deleting all report(s)")
report_files = self.__get_report_file_list(self.__vascanner_report_path)
for f in report_files:
report_file = self.__get_report_file(f)
os.unlink(report_file)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
elif report_file != "":
logger.debug("Deleting report at: %s" % report_file)
os.unlink(report_file)
response.append(base_response + ' %s ackend\n' % ControlError.get(0))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(2004))
# send back our response
return response
def process(self, data, base_response):
logger.info("Sniffer Manager: Processing: %s" % data)
"""
control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eths="eth0,eth1,..ethx" hosts="192.168.1.2,192.168.1.3,..." nets="10.0.0.0/8,10.2.0.0/8,.."
control action="net_scan_capture_list" sensor="id_sensor"
control action="net_scan_capture_get" id="ID_CAPTURE"
control action="net_scan_capture_delete" id="ID_CAPTURE"
control action="net_scan_status"
"""
response = []
action = Utils.get_var('action="([A-Za-z_]+)"', data)
if action == "net_scan":
device = Utils.get_var('eth="(eth\d)"', data)
capture_name = Utils.get_var('scan_name="([0-9A-Za-z_\.]+)"', data)
try:
tmp = Utils.get_var('timeout="(\d+)"', data)
if tmp != "":
timeout = int(tmp)
else:
timeout = 60
except TypeError:
timeout = 60
if device:
if self.__sniffer.status() > 0:
logger.info("Scan already in progress: %i" % self.__sniffer.status())
response.append(
base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(3001))
)
else:
# timestamp = datetime.datetime.today().strftime("%Y%m%d%H%M00")
# cap_file_name = "net_scan_%s_%s.pcap" % (device, timestamp)
cap_file_path = "%s/%s" % (self.__sniffer_captures_path, capture_name)
self.__sniffer.set_data_to_build_filter(data)
self.__sniffer.set_capture_file(cap_file_path)
self.__sniffer.set_device(device)
self.__sniffer.set_timeout(timeout)
self.__sniffer.run_scan()
self.__scan_in_progress = True
self.__timeout_scan_in_progress = timeout
self.__start_time_scan_in_progress = time.time()
response.append(
base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(0))
)
else:
response.append(base_response + " %s ackend\n" % ControlError.get(3002))
elif action == "net_scan_status":
if self.__sniffer.status() == -1:
response.append(base_response + ' status="-1" error="%s" ackend\n' % (self.__sniffer.get_error()))
else:
response.append(
base_response + ' status="%d" %s ackend\n' % (self.__sniffer.status(), ControlError.get(0))
)
elif action == "net_scan_capture_list":
capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)
for p in capture_files:
base_response += ' capture="%s"' % p
response.append(base_response + ' count="%i" %s ackend\n' % (len(capture_files), ControlError.get(0)))
elif action == "net_scan_capture_get":
path = Utils.get_var('path="([0-9A-Za-z_\.]+)"', data)
# only valid paths should get through
if path != "":
# ensure we are not after the current working report
if path != self.__sniffer.get_working_capture_path():
filename = "%s/%s" % (self.__sniffer_captures_path, path)
if not os.path.isfile(filename):
response.append(base_response + "%s ackend\n" % ControlError.get(3004))
else:
capture_response, capture_len = self.__get_capture_file_data(filename)
response.append(
base_response
+ ' data="%s" datalen="%s" %s ackend\n'
% (capture_response, capture_len, ControlError.get(0))
)
else:
response.append(base_response + "%s ackend\n" % ControlError.get(3005))
else:
print "path?"
response.append(base_response + " %s ackend\n" % ControlError.get(3003))
elif action == "net_scan_capture_delete":
path = Utils.get_var('path="([^"]+)"', data)
capture_file = self.__get_capture_file(path)
if path == "*":
logger.debug("Deleting all captures(s)")
capture_files = self.__get_capture_file_list(self.__sniffer_captures_path)
for f in capture_files:
pcap_file = self.__get_capture_file(f)
os.unlink(pcap_file)
response.append(base_response + " %s ackend\n" % ControlError.get(0))
elif capture_file != "":
logger.debug("Deleting report at: %s" % capture_file)
os.unlink(capture_file)
response.append(base_response + " %s ackend\n" % ControlError.get(0))
else:
response.append(base_response + " %s ackend\n" % ControlError.get(3004))
# send back our response
return response
def process(self, data, base_response):
logger.info("Sniffer Manager: Processing: %s" % data)
'''
control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eth="eth0,eth1,..ethx" hosts="192.168.1.2,192.168.1.3,..." nets="10.0.0.0/8,10.2.0.0/8,.."
#capsize packets
control action="net_scan" sensor="id_sensor" scan_name="file.pcap" eth="eth0" cap_size="20" raw_filter="src port 40001 and dsp port 3338"
control action="net_scan_capture_list" sensor="id_sensor"
control action="net_scan_capture_get" id="ID_CAPTURE"
control action="net_scan_capture_delete" id="ID_CAPTURE"
control action="net_scan_status"
control action="net_scan_stop"
'''
response = []
action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
if action == "net_scan":
free_space = self.getDiskUsage('/var/ossim')
check = (MIN_FREE_SPACE / MEGABYTE)
if free_space < (MIN_FREE_SPACE / MEGABYTE):
response.append(base_response + ' status="-1" %s ackend\n' %
(ControlError.get(3006)))
return response
device = Utils.get_var("eth=\"(\S+)\"", data)
if device not in self.__availableInterfaces:
return response.append(base_response +
' %s ackend\n' % ControlError.get(3002))
tmp_capture_size = Utils.get_var("cap_size=\"(\d+)\"", data)
capture_size = 0
if tmp_capture_size:
try:
capture_size = int(tmp_capture_size)
except TypeError:
capture_size = 0
logger.warning("Invalid Caputure size: %s" %
tmp_capture_size)
capture_name = Utils.get_var("scan_name=\"([0-9A-Za-z_\.]+)\"",
data)
try:
tmp = Utils.get_var("timeout=\"(\d+)\"", data)
if tmp != "":
timeout = int(tmp)
else:
timeout = 60
except TypeError:
timeout = 60
if device:
if self.__sniffer.status(
) == SnifferStatus.RUNNING_SCAN or self.__sniffer.status(
) == SnifferStatus.WORKING:
logger.info("Scan already in progress: %i" %
self.__sniffer.status())
response.append(
base_response + ' status="%d" %s ackend\n' %
(self.__sniffer.status(), ControlError.get(3001)))
else:
#timestamp = datetime.datetime.today().strftime("%Y%m%d%H%M00")
#cap_file_name = "net_scan_%s_%s.pcap" % (device, timestamp)
cap_file_path = "%s/%s" % (self.__sniffer_captures_path,
capture_name)
self.__sniffer.set_data_to_build_filter(data)
self.__sniffer.set_capture_file(cap_file_path)
self.__sniffer.set_device(device)
self.__sniffer.set_timeout(timeout)
self.__sniffer.set_capture_size(capture_size)
self.__sniffer.run_scan()
self.__scan_in_progress = True
self.__timeout_scan_in_progress = timeout
self.__start_time_scan_in_progress = time.time()
response.append(
base_response + ' status="%d" %s ackend\n' %
(self.__sniffer.status(), ControlError.get(0)))
else:
response.append(base_response +
' %s ackend\n' % ControlError.get(3002))
elif action == "net_scan_stop":
if self.__sniffer.status() > 0:
self.__sniffer.stopScan()
response.append(base_response + ' %s ackend\n' %
(ControlError.get(0)))
else:
response.append(base_response + ' status="-1" %s ackend\n' %
ControlError.get(3007))
elif action == "net_scan_status":
if self.__sniffer.status() == -1:
response.append(base_response +
' status="-1" error="%s" ackend\n' %
(self.__sniffer.get_error()))
else:
response.append(
base_response + ' %s %s ackend\n' %
(self.__sniffer.getStatusString(), ControlError.get(0)))
elif action == "net_scan_capture_list":
capture_files = self.__get_capture_file_list(
self.__sniffer_captures_path)
for p in capture_files:
base_response += ' capture="%s"' % p
response.append(base_response + ' count="%i" %s ackend\n' %
(len(capture_files), ControlError.get(0)))
elif action == "net_scan_capture_get":
path = Utils.get_var("path=\"([0-9A-Za-z_\.]+)\"", data)
# only valid paths should get through
if path != "":
# ensure we are not after the current working report
if path != self.__sniffer.get_working_capture_path():
filename = "%s/%s" % (self.__sniffer_captures_path, path)
if not os.path.isfile(filename):
response.append(base_response +
'%s ackend\n' % ControlError.get(3004))
else:
capture_response, capture_len = self.__get_capture_file_data(
filename)
response.append(base_response +
' data="%s" datalen="%s" %s ackend\n' %
(capture_response, capture_len,
ControlError.get(0)))
else:
response.append(base_response +
'%s ackend\n' % ControlError.get(3005))
else:
print "path?"
response.append(base_response +
' %s ackend\n' % ControlError.get(3003))
elif action == "net_scan_capture_delete":
path = Utils.get_var("path=\"([^\"]+)\"", data)
capture_file = self.__get_capture_file(path)
if path == "*":
logger.debug("Deleting all captures(s)")
capture_files = self.__get_capture_file_list(
self.__sniffer_captures_path)
for f in capture_files:
pcap_file = self.__get_capture_file(f)
os.unlink(pcap_file)
response.append(base_response +
' %s ackend\n' % ControlError.get(0))
elif capture_file != "":
logger.debug("Deleting report at: %s" % capture_file)
os.unlink(capture_file)
response.append(base_response +
' %s ackend\n' % ControlError.get(0))
else:
response.append(base_response +
' %s ackend\n' % ControlError.get(3004))
# send back our response
return response
def process(self, data, base_response):
logger.info("Inventory Manager: Processing: %s" % data)
response = []
action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
if action == "refresh_inventory_task":
tmp_tasks = Utils.get_var("inventory_task_list=\{(?P<task_list>.*)\}", data)
task_list = tmp_tasks.split('|')
inventory_task_list = []
for task in task_list:
task_values = self.__taskRegex.match(task)
if task_values:
groupdict = task_values.groupdict()
if groupdict['task_type_name'].lower() =='nmap':
inventory_task_list.append(NMAP_TASK(groupdict['task_name'], \
groupdict['task_params'], \
groupdict['task_period'], \
groupdict['task_reliability'], \
groupdict['task_enable'], \
groupdict['task_type'],\
groupdict['task_type_name']))
elif groupdict['task_type_name'].lower() =='wmi':
inventory_task_list.append(WMI_TASK(groupdict['task_name'], \
groupdict['task_params'], \
groupdict['task_period'], \
groupdict['task_reliability'], \
groupdict['task_enable'], \
groupdict['task_type'],\
groupdict['task_type_name']))
elif groupdict['task_type_name'].lower() =='ldap':
inventory_task_list.append(LDAP_TASK(groupdict['task_name'], \
groupdict['task_params'], \
groupdict['task_period'], \
groupdict['task_reliability'], \
groupdict['task_enable'], \
groupdict['task_type'],\
groupdict['task_type_name']))
elif groupdict['task_type_name'].lower() =='ocs':
inventory_task_list.append(OCS_TASK(groupdict['task_name'], \
groupdict['task_params'], \
groupdict['task_period'], \
groupdict['task_reliability'], \
groupdict['task_enable'], \
groupdict['task_type'],\
groupdict['task_type_name'],\
self._fmkip,\
self._fmkport))
elif groupdict['task_type_name'].lower() =='nagios':
inventory_task_list.append(NAGIOS_TASK(groupdict['task_name'], \
groupdict['task_params'], \
groupdict['task_period'], \
groupdict['task_reliability'], \
groupdict['task_enable'], \
groupdict['task_type'],\
groupdict['task_type_name'],\
self._fmkip,\
self._fmkport))
else:
logger.warning("task not implemented:%s" % groupdict['task_type_name'])
else:
logger.warning("Invalid task: %s" % task)
self.__inventory.set_tasks(inventory_task_list)
response.append(base_response + ' status="%d" %s ackend\n' % (0, ControlError.get(0)))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(2002))
return response
def process(self, data, base_response):
logger.info("Inventory Manager: Processing: %s" % data)
response = []
action = Utils.get_var("action=\"([A-Za-z_]+)\"", data)
if action == "refresh_inventory_task":
tmp_tasks = Utils.get_var(
"inventory_task_list=\{(?P<task_list>.*)\}", data)
task_list = tmp_tasks.split('|')
inventory_task_list = []
for task in task_list:
task_values = self.__taskRegex.match(task)
if task_values:
groupdict = task_values.groupdict()
if groupdict['task_type_name'].lower() == 'nmap':
inventory_task_list.append(NMAP_TASK(groupdict['task_name'], \
groupdict['task_params'], \
groupdict['task_period'], \
groupdict['task_reliability'], \
groupdict['task_enable'], \
groupdict['task_type'],\
groupdict['task_type_name']))
elif groupdict['task_type_name'].lower() == 'wmi':
inventory_task_list.append(WMI_TASK(groupdict['task_name'], \
groupdict['task_params'], \
groupdict['task_period'], \
groupdict['task_reliability'], \
groupdict['task_enable'], \
groupdict['task_type'],\
groupdict['task_type_name']))
elif groupdict['task_type_name'].lower() == 'ldap':
inventory_task_list.append(LDAP_TASK(groupdict['task_name'], \
groupdict['task_params'], \
groupdict['task_period'], \
groupdict['task_reliability'], \
groupdict['task_enable'], \
groupdict['task_type'],\
groupdict['task_type_name']))
elif groupdict['task_type_name'].lower() == 'ocs':
inventory_task_list.append(OCS_TASK(groupdict['task_name'], \
groupdict['task_params'], \
groupdict['task_period'], \
groupdict['task_reliability'], \
groupdict['task_enable'], \
groupdict['task_type'],\
groupdict['task_type_name'],\
self._fmkip,\
self._fmkport))
elif groupdict['task_type_name'].lower() == 'nagios':
inventory_task_list.append(NAGIOS_TASK(groupdict['task_name'], \
groupdict['task_params'], \
groupdict['task_period'], \
groupdict['task_reliability'], \
groupdict['task_enable'], \
groupdict['task_type'],\
groupdict['task_type_name'],\
self._fmkip,\
self._fmkport))
else:
logger.warning("task not implemented:%s" %
groupdict['task_type_name'])
else:
logger.warning("Invalid task: %s" % task)
self.__inventory.set_tasks(inventory_task_list)
response.append(base_response + ' status="%d" %s ackend\n' %
(0, ControlError.get(0)))
else:
response.append(base_response +
' %s ackend\n' % ControlError.get(2002))
return response
def process(self, data, base_response):
"""Process all the ossec deployment requests
control action="ossec-deploy" order="deploy" host="192.168.2.142" user="******" password="******" domain="domain" ossecserver="ossecserverip"
control action="ossec-deploy" order="status" workid="theworkid"
control action="ossec-deploy" order="abort" workid="theworkid"
control action="ossec-deploy" order="list" workid="theworkid"
control action="ossec-deploy" order="purge" workid="theworkid"
"""
logger.info("OssecDeployManager: Processing: %s" % data)
response = []
action = Utils.get_var("order=\"([A-Za-z_]+)\"", data)
if action == "deploy":
host = Utils.get_var("host=\"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\"",data)
if not host or host == "":
response.append(base_response + ' %s ackend\n' % ControlError.get(5003))
return response
user = Utils.get_var("user=\"([^\"]+)\"",data)
if not user or user == "":
response.append(base_response + ' %s ackend\n' % ControlError.get(5004))
return response
passwd = Utils.get_var("password=\"([^\"]+)\"",data)
if not passwd or passwd == "":
response.append(base_response + ' %s ackend\n' % ControlError.get(5005))
return response
domain = Utils.get_var("domain=\"([^\"]+)\"",data)
if not domain:
domain= ""
server = Utils.get_var("ossecserver=\"(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\"",data)
if not server or server == "":
response.append(base_response + ' %s ackend\n' % ControlError.get(5007))
return response
#we are ready to go
# 1 - Generate a random uuid to use it as work id
workid = str(uuid.uuid4())
logger.info("Work ID: %s" % workid)
work = OssecDeploy(workid,host, user, passwd, domain,server)
work.start()
self.__deployWorks[workid] = work
response.append(base_response + ' workid="%s" %s ackend\n' % (workid,ControlError.get(0)))
elif action == "status":
workid = Utils.get_var("workid=\"([A-Za-z0-9_\-]+)\"",data)
if not workid or workid is "":
response.append(base_response + ' %s ackend\n' % ControlError.get(5001))
elif not self.__deployWorks.has_key(workid):
response.append(base_response + ' %s ackend\n' % ControlError.get(5002))
else:
status = self.__deployWorks[workid].get_status_string()
response.append(base_response + ' %s %s ackend\n' % (status, ControlError.get(0)))
elif action == "abort":
workid = Utils.get_var("workid=\"([A-Za-z0-9_\-]+)\"",data)
if not workid or workid is "":
response.append(base_response + ' %s ackend\n' % ControlError.get(5001))
elif not self.__deployWorks.has_key(workid):
response.append(base_response + ' %s ackend\n' % ControlError.get(5002))
else:
self.__deployWorks[workid].join(1)
del self.__deployWorks[workid]
response.append(base_response + ' %s ackend\n' % (ControlError.get(0)))
elif action == "list":
worklist = ','.join(self.__deployWorks.keys())
response.append(base_response + ' list="%s" %s ackend\n' % (worklist, ControlError.get(0)))
elif action == "purge":
logger.info("purge")
for workid in self.__deployWorks.keys():
st = self.__deployWorks[workid].status()
if st == OssecDeployStatus.FINISHED_OK or st == OssecDeployStatus.STOPPED_ERROR:
del self.__deployWorks[workid]
response.append(base_response + ' %s ackend\n' % (ControlError.get(0)))
else:
response.append(base_response + ' %s ackend\n' % ControlError.get(5000))
# send back our response
return response