Exemple #1
0
def ansible_run_async_reconfig(system_ip, log_file="/var/log/alienvault/update/system_reconfigure.log"):
    """Runs an asynchronous reconfigure on the given system

    Args:
      system_ip(str): The system_ip of the system to configure.
      log_file(str): The path where the the alienvault-reconfig
                     command should throw the logs.

    Returns:
      (boolean, str): A tuple containing the result of the execution. On success msg will be the remote log file.

    Examples:

      >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log")
      (True,"/var/log/alienvault/update/update.log")

      >>> ansible_run_async_update("192.168.5.999","/var/log/alienvault/update/update.log")
      (False, "Something wrong happened while running ansible command {'192.168.1.198': {'unreachable': 1, 'skipped': 0, 'ok': 0, 'changed': 0, 'failures': 0}}")
    """

    log_file = "/var/log/alienvault/update/" + \
               "system_reconfigure_%10.2f.log" % time.time()
    evars = {"target": "%s" % system_ip,
             "log_file": "%s" % log_file}

    ansible_purge_logs(system_ip, 'reconfigure')
    response = ansible.run_playbook(playbook=PLAYBOOKS['ASYNC_RECONFIG'],
                                    host_list=[system_ip],
                                    extra_vars=evars,
                                    use_sudo=True)

    success, msg = ansible_is_valid_playbook_response(system_ip, response)
    if not success:
        return False, msg
    return success, log_file
Exemple #2
0
def connect_tunnel(system_ip, case_id):
    """
        Connect to :system_ip: and enable the reverse tunnel
        with case :case_id:
    """
    evars = {
        'ca_root': '/etc/ansible/playbooks/cacert.pem',
        'remote_server': 'tractorbeam.alienvault.com',
        'remote_port': '443',
        'remote_user': '******',
        'case_id': case_id,
        'target': system_ip
    }

    response = ansible.run_playbook(playbook=PLAYBOOKS['ENABLE_TUNNEL'],
                                    host_list=[system_ip],
                                    extra_vars=evars,
                                    use_sudo=True)
    success, msg = ansible_is_valid_playbook_response(system_ip, response)
    if not success:
        # Log all the error to api_log
        # First
        api_log.error("ERROR: ansible.run_playbook " + msg)
        try:
            err = response['alienvault']['lasterror']
            if type(err) == dict:
                return False, response['alienvault']['lasterror'][system_ip][
                    'msg']
            else:
                return False, msg
        except KeyError:
            return False, msg
    else:
        return True, ''
Exemple #3
0
def connect_tunnel(system_ip, case_id):
    """
        Connect to :system_ip: and enable the reverse tunnel
        with case :case_id:
    """
    evars = {'ca_root': '/etc/ansible/playbooks/cacert.pem',
             'remote_server': 'tractorbeam.alienvault.com',
             'remote_port': '443',
             'remote_user': '******',
             'case_id': case_id,
             'target': system_ip}

    response = ansible.run_playbook(playbook=PLAYBOOKS['ENABLE_TUNNEL'],
                                    host_list=[system_ip],
                                    extra_vars=evars,
                                    use_sudo=True)
    success, msg = ansible_is_valid_playbook_response(system_ip, response)
    if not success:
        # Log all the error to api_log
        # First
        api_log.error("ERROR: ansible.run_playbook " + msg)
        try:
            err = response['alienvault']['lasterror']
            if type(err) == dict:
                return False, response['alienvault']['lasterror'][system_ip]['msg']
            else:
                return False, msg
        except KeyError:
            return False, msg
    else:
        return True, ''
Exemple #4
0
def ansible_run_async_update(
        system_ip,
        log_file="/var/log/alienvault/update/system_update.log",
        only_feed=False,
        update_key=""):
    """Runs an asynchronous update on the given system

    Args:
      system_ip(str): The system_ip of the system to update.
      log_file(str): The path where the the alienvault-update command 
                     should throw the logs.
      only_feed(boolean): Update only the feed
      update_key(str): Upgrade key

    Returns:
      (boolean, str): A tuple containing the result of the execution.
                      On success msg will be the remote log file.

    Examples:

      >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log")
      (True,"/var/log/alienvault/update/update.log")

      >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log",only_feed=True)
      (True,"/var/log/alienvault/update/update.log")

      >>> ansible_run_async_update("192.168.5.999","/var/log/alienvault/update/update.log")
      (False, "Something wrong happened while running ansible command {'192.168.1.198': {'unreachable': 1, 'skipped': 0, 'ok': 0, 'changed': 0, 'failures': 0}}")

    """

    log_file = "/var/log/alienvault/update/" + \
               "system_update_%10.2f.log" % time.time()
    if only_feed:
        log_file = "/var/log/alienvault/update/" + \
                   "system_update_feed_%10.2f.log" % time.time()
    if update_key != "":
        log_file = "/var/log/alienvault/update/" + \
                   "system_update_uc_%10.2f.log" % time.time()

    evars = {
        "target": "%s" % system_ip,
        "log_file": "%s" % log_file,
        "only_feed": only_feed,
        "update_key": update_key
    }

    ansible_purge_logs(system_ip, 'update')
    response = ansible.run_playbook(playbook=PLAYBOOKS['ASYNC_UPDATE'],
                                    host_list=[system_ip],
                                    extra_vars=evars,
                                    use_sudo=True)

    success, msg = ansible_is_valid_playbook_response(system_ip, response)
    if not success:
        return False, msg
    return success, log_file
Exemple #5
0
def ansible_run_async_update(system_ip, log_file="/var/log/alienvault/update/system_update.log", only_feed=False, update_key=""):
    """Runs an asynchronous update on the given system

    Args:
      system_ip(str): The system_ip of the system to update.
      log_file(str): The path where the the alienvault-update command 
                     should throw the logs.
      only_feed(boolean): Update only the feed
      update_key(str): Upgrade key

    Returns:
      (boolean, str): A tuple containing the result of the execution.
                      On success msg will be the remote log file.

    Examples:

      >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log")
      (True,"/var/log/alienvault/update/update.log")

      >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log",only_feed=True)
      (True,"/var/log/alienvault/update/update.log")

      >>> ansible_run_async_update("192.168.5.999","/var/log/alienvault/update/update.log")
      (False, "Something wrong happened while running ansible command {'192.168.1.198': {'unreachable': 1, 'skipped': 0, 'ok': 0, 'changed': 0, 'failures': 0}}")

    """

    log_file = "/var/log/alienvault/update/" + \
               "system_update_%10.2f.log" % time.time()
    if only_feed:
        log_file = "/var/log/alienvault/update/" + \
                   "system_update_feed_%10.2f.log" % time.time()
    if update_key != "":
        log_file = "/var/log/alienvault/update/" + \
                   "system_update_uc_%10.2f.log" % time.time()

    evars = {"target": "%s" % system_ip,
             "log_file": "%s" % log_file,
             "only_feed": only_feed,
             "update_key": update_key}

    ansible_purge_logs(system_ip, 'update')
    response = ansible.run_playbook(playbook=PLAYBOOKS['ASYNC_UPDATE'],
                                    host_list=[system_ip],
                                    extra_vars=evars,
                                    use_sudo=True)

    success, msg = ansible_is_valid_playbook_response(system_ip, response)
    if not success:
        return False, msg
    return success, log_file
Exemple #6
0
def delete_tunnel(system_ip):
    """
        Stop the tunnel in system_ip. Also we must REMOVE the generate rsa keys
    """
    (success, result) = ret = ansible_pkill(system_ip, r"ssh\s+-o\s+StrictHostKeyChecking=no\s+-fNnT\s+-R\s+[0-9]+:localhost:(22|443)\s+.*?\[email protected]")
    if not success:
        return ret
    evars = {
        'target': system_ip}

    response = ansible.run_playbook(playbook=PLAYBOOKS['DISABLE_TUNNEL'],
                                    host_list=[system_ip],
                                    extra_vars=evars,
                                    use_sudo=True)
    success, msg = ansible_is_valid_playbook_response(system_ip, response)
    if not success:
        return False, msg
    else:
        return True, ''
Exemple #7
0
def check_support_tunnels(system_ip):
    """
        Check the tunnels in machine :system_ip:
    """
    success, tunnels = ret = status_tunnel(system_ip)
    if not success:
        return ret
    if len(tunnels) > 0:  # Tunnels UP
        return True, "tunnel(s) up"
    # Okey tunnels down, I'm not going to check
    # if user / keys exists. Directy clean the remote system?
    evars = {'target': system_ip}
    response = ansible.run_playbook(playbook=PLAYBOOKS['DISABLE_TUNNEL'],
                                    host_list=[system_ip],
                                    extra_vars=evars,
                                    use_sudo=True)
    success, msg = ansible_is_valid_playbook_response(system_ip, response)
    if not success:
        return False, msg
    else:
        return True, 'Clean up ok'
Exemple #8
0
def delete_tunnel(system_ip):
    """
        Stop the tunnel in system_ip. Also we must REMOVE the generate rsa keys
    """
    (success, result) = ret = ansible_pkill(
        system_ip,
        r"ssh\s+-o\s+StrictHostKeyChecking=no\s+-fNnT\s+-R\s+[0-9]+:localhost:(22|443)\s+.*?\[email protected]"
    )
    if not success:
        return ret
    evars = {'target': system_ip}

    response = ansible.run_playbook(playbook=PLAYBOOKS['DISABLE_TUNNEL'],
                                    host_list=[system_ip],
                                    extra_vars=evars,
                                    use_sudo=True)
    success, msg = ansible_is_valid_playbook_response(system_ip, response)
    if not success:
        return False, msg
    else:
        return True, ''
Exemple #9
0
def check_support_tunnels(system_ip):
    """
        Check the tunnels in machine :system_ip:
    """
    success, tunnels = ret = status_tunnel(system_ip)
    if not success:
        return ret
    if len(tunnels) > 0:  # Tunnels UP
        return True, "tunnel(s) up"
    # Okey tunnels down, I'm not going to check
    # if user / keys exists. Directy clean the remote system?
    evars = {
        'target': system_ip}
    response = ansible.run_playbook(playbook=PLAYBOOKS['DISABLE_TUNNEL'],
                                    host_list=[system_ip],
                                    extra_vars=evars,
                                    use_sudo=True)
    success, msg = ansible_is_valid_playbook_response(system_ip, response)
    if not success:
        return False, msg
    else:
        return True, 'Clean up ok'
Exemple #10
0
def ansible_run_async_reconfig(
        system_ip,
        log_file="/var/log/alienvault/update/system_reconfigure.log"):
    """Runs an asynchronous reconfigure on the given system

    Args:
      system_ip(str): The system_ip of the system to configure.
      log_file(str): The path where the the alienvault-reconfig
                     command should throw the logs.

    Returns:
      (boolean, str): A tuple containing the result of the execution. On success msg will be the remote log file.

    Examples:

      >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log")
      (True,"/var/log/alienvault/update/update.log")

      >>> ansible_run_async_update("192.168.5.999","/var/log/alienvault/update/update.log")
      (False, "Something wrong happened while running ansible command {'192.168.1.198': {'unreachable': 1, 'skipped': 0, 'ok': 0, 'changed': 0, 'failures': 0}}")
    """

    log_file = "/var/log/alienvault/update/" + \
               "system_reconfigure_%10.2f.log" % time.time()
    evars = {"target": "%s" % system_ip, "log_file": "%s" % log_file}

    ansible_purge_logs(system_ip, 'reconfigure')
    response = ansible.run_playbook(playbook=PLAYBOOKS['ASYNC_RECONFIG'],
                                    host_list=[system_ip],
                                    extra_vars=evars,
                                    use_sudo=True)

    success, msg = ansible_is_valid_playbook_response(system_ip, response)
    if not success:
        return False, msg
    return success, log_file
Exemple #11
0
def make_tunnel(system_ip, local_server_id, password=""):
    """
    Builds the vpn node configuration for the given system ip.
    When possible, it tries to deploy the given configuration on the remote node.
    Args:
        system_ip: The VPN node you want to configure
        local_server_id: The local server id.
        password: The VPN node password
    """
    host = '127.0.0.1'
    src = '/etc/openvpn/nodes/%s.tar.gz' % system_ip
    dst = '/tmp/'
    rt = True
    try:
        end_points = {}
        if not os.path.exists(src):
            response = ansible.run_module(host_list=[host],
                                          module='av_vpn',
                                          args={'system_ip': system_ip})
            # 1 - Create the server configuration
            print "Building the VPN node configuration..."
            success, msg = ansible_is_valid_response(host, response)
            if not success:
                api_log.error("[make_tunnel] Cannot create the VPN node configuration. %s" % str(msg))
                return False, "Cannot create the VPN node configuration"
            end_points = response['contacted'][host]['data']
        else:
            # VPN configuration for the given node already exists
            with open("/etc/openvpn/ccd/%s" % system_ip, "r") as client_file:
                for line in client_file.readlines():
                    matchobj = re.match(
                        "ifconfig-push (?P<client_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (?P<client_ip2>)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}",
                        line)
                    if matchobj is not None:
                        end_points['client_end_point1'] = matchobj.groupdict()['client_ip']
                        end_points['client_end_point2'] = matchobj.groupdict()['client_ip2']
        if 'client_end_point1' not in end_points:
            api_log.error("[make_tunnel] end_points %s" % str(end_points))
            return False, "Cannot retrieve the end points information"

        # Restart the OpenVPN server
        print "Restarting OpenVPN server..."
        response = ansible.run_module(host_list=[host], module="service", args="name=openvpn state=restarted")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            api_log.error("[make_tunnel] %s" % str(msg))
            return False, "Cannot restart the OpenVPN server"

        print "Retrieving the local vpn server ip..."
        # 2- Retrieve the OpenVPN server ip
        response = ansible.run_module(host_list=[host], module="av_system_info", args="")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            api_log.error("[make_tunnel] Cannot retrieve the current vpn server ip: %s" % str(msg))
            return False, "Cannot retrieve the VPN server ip"

        try:
            server_vpn_ip = response['contacted'][host]['data']['vpn_ip']
        except Exception as error:
            api_log.error("[make_tunnel] tun0 doesn't exists. <%s>" % str(error))
            return False, "Cannot retrieve the VPN server ip"

        # 3 - Copy the cliente configuration to its destination
        print "Trying to deploy the VPN configuration on the remote AlienVault appliance..."
        args = {'src': src, 'dest': dst}
        response = ansible.run_module(host_list=[system_ip], module='copy', args=args,
                                      ans_remote_pass=password,
                                      ans_remote_user="******",
                                      use_sudo=True)
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, show_vpn_offline_instructions(src, system_ip)

        print "Extracting the remote AlienVault appliance VPN configuration..."
        evars = {"tar_file": "%s.tar.gz" % system_ip,
                 "target": "%s" % system_ip}
        response = ansible.run_playbook(playbook=PLAYBOOKS['UNTAR_VPN_AND_START'],
                                        host_list=[system_ip],
                                        extra_vars=evars,
                                        ans_remote_pass=password,
                                        ans_remote_user="******",
                                        use_sudo=True)

        success, msg = ansible_is_valid_playbook_response(system_ip, response)
        if not success:
            return False, "Cannot extract the OpenVPN configuration in the remote AlienVault appliance"

        print "Restarting remote OpenVPN service..."
        response = ansible.run_module(host_list=[system_ip], module="service", args="name=openvpn state=restarted",
                                      ans_remote_pass=password, ans_remote_user="******", use_sudo=True)
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, "Cannot restart OpenVPN service in the remote AlienVault appliance"
        # Retrieve remote system information. We need to know the remote system profile
        response = ansible.run_module(host_list=[system_ip], module="av_system_info", args="", ans_remote_pass=password,
                                      ans_remote_user="******", use_sudo=True)
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, "Cannot retrieve the remote AlienVault appliance configuration"
        try:
            remote_profiles = response['contacted'][system_ip]['data']['profile']
            remote_server_id = None
            if 'server_id' in response['contacted'][system_ip]['data'] and \
                            response['contacted'][system_ip]['data']['server_id'] is not None:

                remote_server_id = response['contacted'][system_ip]['data']['server_id']
                remote_server_id = remote_server_id.replace('-', '')

        except Exception as err:
            api_log.error("Error getting the remote profile:  %s" % str(err))
            return False, "Cannot retrieve the remote AlienVault appliance configuration"

        # UPDATE LOCAL SERVER TABLE: Set the local vpn ip
        cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % (
        server_vpn_ip, local_server_id.upper())
        response = ansible.run_module(host_list=[host], module="shell", args=cmd)
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            api_log.error("Cannot update the local server information in the database. %s" % msg)
            return False, "Cannot update the local server information in the database"
        if response['contacted'][host]['rc'] != 0:
            api_log.error("Cannot update the local server information in the database. %s" % str(response))
            return False, "Cannot update the local server information in the database"

        if "server" in remote_profiles:
            # IF SERVER PROFILE, UPDATE LOCAL SERVER TABLE AS WELL
            cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % (end_points['client_end_point1'], remote_server_id.upper())
            response = ansible.run_module(host_list=[host], module="shell", args=cmd)
            success, msg = ansible_is_valid_response(host, response)
            if not success:
                api_log.error("Cannot configure the remote server information in the local database {0}".format(str(msg)))
                return False, "Cannot configure the remote server information in the local database"

            if response['contacted'][host]['rc'] != 0:
                api_log.error("Cannot configure the remote server information in the local database {0}".format(str(response)))
                return False, "Cannot configure the remote server information in the local database"

            # UPDATE REMOTE SERVER TABLE
            print "Remote profile server found... configuring it"
            print "Set VPN server ip oin remote db..."
            cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % (
            server_vpn_ip, local_server_id.upper())
            response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot configure the VPN server ip in the remote AlienVault appliance {0}".format(str(response)))
                return False, "Cannot configure the VPN server ip in the remote AlienVault appliance"

            if response['contacted'][system_ip]['rc'] != 0:
                api_log.error("Cannot configure the VPN server ip in the remote AlienVault appliance {0}".format(str(response)))
                return False, "Cannot configure the VPN server ip in the remote AlienVault appliance"

            print "Set local server VPN ip in remote db ..."
            cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % (
            end_points['client_end_point1'], remote_server_id.upper())
            response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot set the local server VPN ip in the remote DB {0}".format(str(msg)))
                return False, "Cannot set the local server VPN ip in the remote DB"

            if response['contacted'][system_ip]['rc'] != 0:
                api_log.error("Cannot set the local server VPN ip in the remote DB {0}".format(str(msg)))
                return False, "Cannot set the local server VPN ip in the remote DB"


            # UPDATE REMOTE SYSTEM TABLE
            cmd = """echo \"update alienvault.system set vpn_ip=inet6_aton('%s') where server_id=unhex('%s');\" | ossim-db""" % (server_vpn_ip, local_server_id.upper())
            response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot update the system information in the database. {0}".format(str(msg)))
                return False, "Cannot update the system information in the database."

            if response['contacted'][system_ip]['rc'] != 0:
                api_log.error("Cannot update the system information in the database. {0}".format(str(msg)))
                return False, "Cannot update the system information in the database."

            print "Set local vpn ip on remote db (systems)..."
            cmd = """echo \"update alienvault.system set vpn_ip=inet6_aton('%s') where server_id=unhex('%s');\" | ossim-db""" % (end_points['client_end_point1'], remote_server_id.upper())
            response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot update the system information in the database. {0}".format(str(msg)))
                return False, "Cannot update the system information in the database."

            if response['contacted'][system_ip]['rc'] != 0:
                api_log.error("Cannot update the system information in the database. {0}".format(str(msg)))
                return False, "Cannot update the system information in the database."

            # RESTART SERVICES ON REMOTE: ossim-server and alienvault-forward
            print "Restarting remote alienvault-forward service..."
            response = ansible.run_module(host_list=[system_ip], module="service",
                                          args="name=alienvault-forward state=restarted", ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot restart the alienvault-forward service in the remote AlienVault appliance. {0}".format(str(msg)))
                return False, "Cannot restart the alienvault-forward service in the remote AlienVault appliance."

            print "Restarting remote ossim-server service..."
            response = ansible.run_module(host_list=[system_ip], module="service",
                                          args="name=ossim-server state=restarted", ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot restart the ossim-server service in the remote AlienVault appliance. {0}".format(str(msg)))
                return False, "Cannot restart the ossim-server service in the remote AlienVault appliance."

        print "Restarting ossim-server"
        response = ansible.run_module(host_list=[host], module="service", args="name=ossim-server state=restarted")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            api_log.error("Cannot restart the ossim-server service. {0}".format(str(msg)))
            return False, "Cannot restart the ossim-server service"

    except Exception as err:
        api_log.error("Something wrong happened while building the vpn tunnel! %s" % str(err))
        return False, "Cannot deploy the VPN tunnel"

    return True, end_points
Exemple #12
0
def make_tunnel(system_ip, local_server_id, password=""):
    """
    Builds the vpn node configuration for the given system ip.
    When possible, it tries to deploy the given configuration on the remote node.
    Args:
        system_ip: The VPN node you want to configure
        local_server_id: The local server id.
        password: The VPN node password
    """
    host = '127.0.0.1'
    src = '/etc/openvpn/nodes/%s.tar.gz' % system_ip
    dst = '/tmp/'
    rt = True
    try:
        end_points = {}
        if not os.path.exists(src):
            response = ansible.run_module(host_list=[host],
                                          module='av_vpn',
                                          args={'system_ip': system_ip})
            # 1 - Create the server configuration
            print "Building the VPN node configuration..."
            success, msg = ansible_is_valid_response(host, response)
            if not success:
                api_log.error("[make_tunnel] Cannot create the VPN node configuration. %s" % str(msg))
                return False, "Cannot create the VPN node configuration"
            end_points = response['contacted'][host]['data']
        else:
            # VPN configuration for the given node already exists
            with open("/etc/openvpn/ccd/%s" % system_ip, "r") as client_file:
                for line in client_file.readlines():
                    matchobj = re.match(
                        "ifconfig-push (?P<client_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (?P<client_ip2>)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}",
                        line)
                    if matchobj is not None:
                        end_points['client_end_point1'] = matchobj.groupdict()['client_ip']
                        end_points['client_end_point2'] = matchobj.groupdict()['client_ip2']
        if 'client_end_point1' not in end_points:
            api_log.error("[make_tunnel] end_points %s" % str(end_points))
            return False, "Cannot retrieve the end points information"

        # Restart the OpenVPN server
        print "Restarting OpenVPN server..."
        response = ansible.run_module(host_list=[host], module="service", args="name=openvpn state=restarted")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            api_log.error("[make_tunnel] %s" % str(msg))
            return False, "Cannot restart the OpenVPN server"

        print "Retrieving the local vpn server ip..."
        # 2- Retrieve the OpenVPN server ip
        response = ansible.run_module(host_list=[host], module="av_system_info", args="")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            api_log.error("[make_tunnel] Cannot retrieve the current vpn server ip: %s" % str(msg))
            return False, "Cannot retrieve the VPN server ip"

        try:
            server_vpn_ip = response['contacted'][host]['data']['vpn_ip']
        except Exception as error:
            api_log.error("[make_tunnel] tun0 doesn't exists. <%s>" % str(error))
            return False, "Cannot retrieve the VPN server ip"

        # 3 - Copy the cliente configuration to its destination
        print "Trying to deploy the VPN configuration on the remote AlienVault appliance..."
        args = {'src': src, 'dest': dst}
        response = ansible.run_module(host_list=[system_ip], module='copy', args=args,
                                      ans_remote_pass=password,
                                      ans_remote_user="******",
                                      use_sudo=True)
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, show_vpn_offline_instructions(src, system_ip)

        print "Extracting the remote AlienVault appliance VPN configuration..."
        evars = {"tar_file": "%s.tar.gz" % system_ip,
                 "target": "%s" % system_ip}
        response = ansible.run_playbook(playbook=PLAYBOOKS['UNTAR_VPN_AND_START'],
                                        host_list=[system_ip],
                                        extra_vars=evars,
                                        ans_remote_pass=password,
                                        ans_remote_user="******",
                                        use_sudo=True)

        success, msg = ansible_is_valid_playbook_response(system_ip, response)
        if not success:
            return False, "Cannot extract the OpenVPN configuration in the remote AlienVault appliance"

        print "Restarting remote OpenVPN service..."
        response = ansible.run_module(host_list=[system_ip], module="service", args="name=openvpn state=restarted",
                                      ans_remote_pass=password, ans_remote_user="******", use_sudo=True)
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, "Cannot restart OpenVPN service in the remote AlienVault appliance"
        # Retrieve remote system information. We need to know the remote system profile
        response = ansible.run_module(host_list=[system_ip], module="av_system_info", args="", ans_remote_pass=password,
                                      ans_remote_user="******", use_sudo=True)
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, "Cannot retrieve the remote AlienVault appliance configuration"
        try:
            remote_profiles = response['contacted'][system_ip]['data']['profile']
            remote_server_id = None
            if 'server_id' in response['contacted'][system_ip]['data'] and \
                            response['contacted'][system_ip]['data']['server_id'] is not None:

                remote_server_id = response['contacted'][system_ip]['data']['server_id']
                remote_server_id = remote_server_id.replace('-', '')

        except Exception as err:
            api_log.error("Error getting the remote profile:  %s" % str(err))
            return False, "Cannot retrieve the remote AlienVault appliance configuration"

        # UPDATE LOCAL SERVER TABLE: Set the local vpn ip
        cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % (
        server_vpn_ip, local_server_id.upper())
        response = ansible.run_module(host_list=[host], module="shell", args=cmd)
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            api_log.error("Cannot update the local server information in the database. %s" % msg)
            return False, "Cannot update the local server information in the database"
        if response['contacted'][host]['rc'] != 0:
            api_log.error("Cannot update the local server information in the database. %s" % str(response))
            return False, "Cannot update the local server information in the database"

        if "server" in remote_profiles:
            # IF SERVER PROFILE, UPDATE LOCAL SERVER TABLE AS WELL
            cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % (end_points['client_end_point1'], remote_server_id.upper())
            response = ansible.run_module(host_list=[host], module="shell", args=cmd)
            success, msg = ansible_is_valid_response(host, response)
            if not success:
                api_log.error("Cannot configure the remote server information in the local database {0}".format(str(msg)))
                return False, "Cannot configure the remote server information in the local database"

            if response['contacted'][host]['rc'] != 0:
                api_log.error("Cannot configure the remote server information in the local database {0}".format(str(response)))
                return False, "Cannot configure the remote server information in the local database"

            # UPDATE REMOTE SERVER TABLE
            print "Remote profile server found... configuring it"
            print "Set VPN server ip oin remote db..."
            cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % (
            server_vpn_ip, local_server_id.upper())
            response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot configure the VPN server ip in the remote AlienVault appliance {0}".format(str(response)))
                return False, "Cannot configure the VPN server ip in the remote AlienVault appliance"

            if response['contacted'][system_ip]['rc'] != 0:
                api_log.error("Cannot configure the VPN server ip in the remote AlienVault appliance {0}".format(str(response)))
                return False, "Cannot configure the VPN server ip in the remote AlienVault appliance"

            print "Set local server VPN ip in remote db ..."
            cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % (
            end_points['client_end_point1'], remote_server_id.upper())
            response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot set the local server VPN ip in the remote DB {0}".format(str(msg)))
                return False, "Cannot set the local server VPN ip in the remote DB"

            if response['contacted'][system_ip]['rc'] != 0:
                api_log.error("Cannot set the local server VPN ip in the remote DB {0}".format(str(msg)))
                return False, "Cannot set the local server VPN ip in the remote DB"


            # UPDATE REMOTE SYSTEM TABLE
            cmd = """echo \"update alienvault.system set vpn_ip=inet6_aton('%s') where server_id=unhex('%s');\" | ossim-db""" % (server_vpn_ip, local_server_id.upper())
            response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot update the system information in the database. {0}".format(str(msg)))
                return False, "Cannot update the system information in the database."

            if response['contacted'][system_ip]['rc'] != 0:
                api_log.error("Cannot update the system information in the database. {0}".format(str(msg)))
                return False, "Cannot update the system information in the database."

            print "Set local vpn ip on remote db (systems)..."
            cmd = """echo \"update alienvault.system set vpn_ip=inet6_aton('%s') where server_id=unhex('%s');\" | ossim-db""" % (end_points['client_end_point1'], remote_server_id.upper())
            response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot update the system information in the database. {0}".format(str(msg)))
                return False, "Cannot update the system information in the database."

            if response['contacted'][system_ip]['rc'] != 0:
                api_log.error("Cannot update the system information in the database. {0}".format(str(msg)))
                return False, "Cannot update the system information in the database."

            # RESTART SERVICES ON REMOTE: ossim-server and alienvault-forward
            print "Restarting remote alienvault-forward service..."
            response = ansible.run_module(host_list=[system_ip], module="service",
                                          args="name=alienvault-forward state=restarted", ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot restart the alienvault-forward service in the remote AlienVault appliance. {0}".format(str(msg)))
                return False, "Cannot restart the alienvault-forward service in the remote AlienVault appliance."

            print "Restarting remote ossim-server service..."
            response = ansible.run_module(host_list=[system_ip], module="service",
                                          args="name=ossim-server state=restarted", ans_remote_pass=password,
                                          ans_remote_user="******", use_sudo=True)
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                api_log.error("Cannot restart the ossim-server service in the remote AlienVault appliance. {0}".format(str(msg)))
                return False, "Cannot restart the ossim-server service in the remote AlienVault appliance."

        print "Restarting ossim-server"
        response = ansible.run_module(host_list=[host], module="service", args="name=ossim-server state=restarted")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            api_log.error("Cannot restart the ossim-server service. {0}".format(str(msg)))
            return False, "Cannot restart the ossim-server service"

    except Exception as err:
        api_log.error("Something wrong happened while building the vpn tunnel! %s" % str(err))
        return False, "Cannot deploy the VPN tunnel"

    return True, end_points
Exemple #13
0
def make_tunnel(system_ip, local_server_id, password=""):
    """
    Make a tunnel with system_ip
    """
    host = '127.0.0.1'
    src = '/etc/openvpn/nodes/%s.tar.gz' % system_ip
    dst = '/tmp/'
    rt = True
    end_points = None
    try:
        end_points = {}
        if not os.path.exists(src):
            response = ansible.run_module(host_list=[host],
                                          module='av_vpn',
                                          args={'system_ip': system_ip})
            # 1 - Create the server configuration
            print "Creating node vpn configuration..."
            success, msg = ansible_is_valid_response(host, response)
            if not success:
                return False, msg
            end_points = response['contacted'][host]['data']
        else:  #VPN configuration for the given node already exists
            with open("/etc/openvpn/ccd/%s" % system_ip, "r") as client_file:
                for line in client_file.readlines():
                    matchobj = re.match(
                        "ifconfig-push (?P<client_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (?P<client_ip2>)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}",
                        line)
                    if matchobj is not None:
                        end_points['client_end_point1'] = matchobj.groupdict(
                        )['client_ip']
                        end_points['client_end_point2'] = matchobj.groupdict(
                        )['client_ip2']
        if 'client_end_point1' not in end_points:
            return False, "End points are empty"
            _
        # Restart the openvpn server
        print "Restarting openvpn server..."
        response = ansible.run_module(host_list=[host],
                                      module="service",
                                      args="name=openvpn state=restarted")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            return False, msg
        print "Retrieving the local vpn server ip..."
        # 2- Retrieve the openvpn server ip
        response = ansible.run_module(host_list=[host],
                                      module="av_system_info",
                                      args="")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            return False, "[make_tunnel] Cannot retrieve the current vpn server ip: %s" % str(
                msg)
        server_vpn_ip = None
        frameworkd_vpn_ip = None
        try:
            server_vpn_ip = response['contacted'][host]['data']['vpn_ip']
            frameworkd_vpn_ip = server_vpn_ip
        except:
            return False, "[make_tunnel] tun0 doesn't exists. <%s>" % str(
                response)
        # 3 - Copy the cliente configuration to its destination
        print "Copying the openvpn configuration to the node "
        args = {'src': src, 'dest': dst}
        response = ansible.run_module(host_list=[system_ip],
                                      module='copy',
                                      args=args,
                                      ans_remote_pass=password,
                                      ans_remote_user="******")
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, msg
        print "Uncompress the node configuration..."
        evars = {
            "tar_file": "%s.tar.gz" % system_ip,
            "target": "%s" % system_ip
        }
        response = ansible.run_playbook(
            playbook=PLAYBOOKS['UNTAR_VPN_AND_START'],
            host_list=[system_ip],
            extra_vars=evars,
            ans_remote_pass=password,
            ans_remote_user="******")

        success, msg = ansible_is_valid_playbook_response(system_ip, response)
        if not success:
            return False, msg

        # 4 - Set the ossim_setup.conf variables
        #ossim_setup_values = {'server_server_ip':server_vpn_ip,
        #                      'framework_framework_ip':frameworkd_vpn_ip}
        #print "Setting the server_ip and framework ip node values..."
        #success, msg = set_av_config(system_ip,ossim_setup_values)
        #if not success:
        #    return False, "Error setting the vpn values on the remote host: %s" % msg
        #print "Reconfiguring the node..."
        ## 5 - Run alienvault reconfig in a asynchrnous way
        #success, msg = ansible_run_async_reconfig(system_ip)

        #if not success:
        #    return False, "Error running alienvault-reconfigure after the vpn changes %s" % str(msg)
        print "Restarting remote openvpn service..."
        response = ansible.run_module(host_list=[system_ip],
                                      module="service",
                                      args="name=openvpn state=restarted",
                                      ans_remote_pass=password,
                                      ans_remote_user="******")
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, msg
        # Retrieve remote system information. We need to know the remote system profile
        response = ansible.run_module(host_list=[system_ip],
                                      module="av_system_info",
                                      args="",
                                      ans_remote_pass=password,
                                      ans_remote_user="******")
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, msg
        try:
            remote_profiles = response['contacted'][system_ip]['data'][
                'profile']
            remote_server_id = None
            if 'server_id' in response['contacted'][system_ip][
                    'data'] and response['contacted'][system_ip]['data'][
                        'server_id'] is not None:
                remote_server_id = response['contacted'][system_ip]['data'][
                    'server_id']
                remote_server_id = remote_server_id.replace('-', '')

        except Exception as err:
            return False, "Error getting the remote profile:  %s" % str(err)

        # UPDATE LOCAL SERVER TABLE: Set the local vpn ip
        cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % (
            server_vpn_ip, local_server_id.upper())
        response = ansible.run_module(host_list=[host],
                                      module="shell",
                                      args=cmd)
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            return False, msg
        if response['contacted'][host]['rc'] != 0:
            return False, response['contacted'][host]['stderr']

        if "server" in remote_profiles:
            # IF SERVER PROFILE, UPDATE LOCAL SERVER TABLE AS WELL
            cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % (
                end_points['client_end_point1'], remote_server_id.upper())
            response = ansible.run_module(host_list=[host],
                                          module="shell",
                                          args=cmd)
            success, msg = ansible_is_valid_response(host, response)
            if not success:
                return False, msg

            if response['contacted'][host]['rc'] != 0:
                return False, response['contacted'][host]['stderr']

            # UPDATE REMOTE SERVER TABLE
            print "Remote profile server found... configuring it"
            print "Set vpn server ip on remote db..."
            cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % (
                server_vpn_ip, local_server_id.upper())
            response = ansible.run_module(host_list=[system_ip],
                                          module="shell",
                                          args=cmd,
                                          ans_remote_pass=password,
                                          ans_remote_user="******")
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg

            if response['contacted'][system_ip]['rc'] != 0:
                return False, response['contacted'][system_ip]['stderr']
            print "Set local vpn ip on remote db ..."
            cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % (
                end_points['client_end_point1'], remote_server_id.upper())
            response = ansible.run_module(host_list=[system_ip],
                                          module="shell",
                                          args=cmd,
                                          ans_remote_pass=password,
                                          ans_remote_user="******")
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg

            if response['contacted'][system_ip]['rc'] != 0:
                return False, response['contacted'][system_ip]['stderr']

            # UPDATE REMOTE SYSTEM TABLE
            cmd = """echo \"update alienvault.system set vpn_ip=inet6_pton('%s') where server_id=unhex('%s');\" | ossim-db""" % (
                server_vpn_ip, local_server_id.upper())
            response = ansible.run_module(host_list=[system_ip],
                                          module="shell",
                                          args=cmd,
                                          ans_remote_pass=password,
                                          ans_remote_user="******")
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg

            if response['contacted'][system_ip]['rc'] != 0:
                return False, response['contacted'][system_ip]['stderr']

            print "Set local vpn ip on remote db (systems)..."
            cmd = """echo \"update alienvault.system set vpn_ip=inet6_pton('%s') where server_id=unhex('%s');\" | ossim-db""" % (
                end_points['client_end_point1'], remote_server_id.upper())
            response = ansible.run_module(host_list=[system_ip],
                                          module="shell",
                                          args=cmd,
                                          ans_remote_pass=password,
                                          ans_remote_user="******")
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg

            if response['contacted'][system_ip]['rc'] != 0:
                return False, response['contacted'][system_ip]['stderr']

            # RESTART SERVICES ON REMOTE: ossim-server and alienvault-forward
            print "Restarting remote alienvault-forward service..."
            response = ansible.run_module(
                host_list=[system_ip],
                module="service",
                args="name=alienvault-forward state=restarted",
                ans_remote_pass=password,
                ans_remote_user="******")
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg
            print "Restarting remote ossim-server service..."
            response = ansible.run_module(
                host_list=[system_ip],
                module="service",
                args="name=ossim-server state=restarted",
                ans_remote_pass=password,
                ans_remote_user="******")
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg

        print "Restarting ossim-server"
        response = ansible.run_module(host_list=[host],
                                      module="service",
                                      args="name=ossim-server state=restarted")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            return False, msg

    except Exception as err:
        return rt, "Something wrong happened while building the vpn tunnel! %s" % str(
            err)

    return True, end_points
Exemple #14
0
def make_tunnel(system_ip, local_server_id, password=""):
    """
    Make a tunnel with system_ip
    """
    host = "127.0.0.1"
    src = "/etc/openvpn/nodes/%s.tar.gz" % system_ip
    dst = "/tmp/"
    rt = True
    end_points = None
    try:
        end_points = {}
        if not os.path.exists(src):
            response = ansible.run_module(host_list=[host], module="av_vpn", args={"system_ip": system_ip})
            # 1 - Create the server configuration
            print "Creating node vpn configuration..."
            success, msg = ansible_is_valid_response(host, response)
            if not success:
                return False, msg
            end_points = response["contacted"][host]["data"]
        else:  # VPN configuration for the given node already exists
            with open("/etc/openvpn/ccd/%s" % system_ip, "r") as client_file:
                for line in client_file.readlines():
                    matchobj = re.match(
                        "ifconfig-push (?P<client_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (?P<client_ip2>)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}",
                        line,
                    )
                    if matchobj is not None:
                        end_points["client_end_point1"] = matchobj.groupdict()["client_ip"]
                        end_points["client_end_point2"] = matchobj.groupdict()["client_ip2"]
        if "client_end_point1" not in end_points:
            return False, "End points are empty"
            _
        # Restart the openvpn server
        print "Restarting openvpn server..."
        response = ansible.run_module(host_list=[host], module="service", args="name=openvpn state=restarted")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            return False, msg
        print "Retrieving the local vpn server ip..."
        # 2- Retrieve the openvpn server ip
        response = ansible.run_module(host_list=[host], module="av_system_info", args="")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            return False, "[make_tunnel] Cannot retrieve the current vpn server ip: %s" % str(msg)
        server_vpn_ip = None
        frameworkd_vpn_ip = None
        try:
            server_vpn_ip = response["contacted"][host]["data"]["vpn_ip"]
            frameworkd_vpn_ip = server_vpn_ip
        except:
            return False, "[make_tunnel] tun0 doesn't exists. <%s>" % str(response)
        # 3 - Copy the cliente configuration to its destination
        print "Copying the openvpn configuration to the node "
        args = {"src": src, "dest": dst}
        response = ansible.run_module(
            host_list=[system_ip], module="copy", args=args, ans_remote_pass=password, ans_remote_user="******"
        )
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, msg
        print "Uncompress the node configuration..."
        evars = {"tar_file": "%s.tar.gz" % system_ip, "target": "%s" % system_ip}
        response = ansible.run_playbook(
            playbook=PLAYBOOKS["UNTAR_VPN_AND_START"],
            host_list=[system_ip],
            extra_vars=evars,
            ans_remote_pass=password,
            ans_remote_user="******",
        )

        success, msg = ansible_is_valid_playbook_response(system_ip, response)
        if not success:
            return False, msg

        # 4 - Set the ossim_setup.conf variables
        # ossim_setup_values = {'server_server_ip':server_vpn_ip,
        #                      'framework_framework_ip':frameworkd_vpn_ip}
        # print "Setting the server_ip and framework ip node values..."
        # success, msg = set_av_config(system_ip,ossim_setup_values)
        # if not success:
        #    return False, "Error setting the vpn values on the remote host: %s" % msg
        # print "Reconfiguring the node..."
        ## 5 - Run alienvault reconfig in a asynchrnous way
        # success, msg = ansible_run_async_reconfig(system_ip)

        # if not success:
        #    return False, "Error running alienvault-reconfigure after the vpn changes %s" % str(msg)
        print "Restarting remote openvpn service..."
        response = ansible.run_module(
            host_list=[system_ip],
            module="service",
            args="name=openvpn state=restarted",
            ans_remote_pass=password,
            ans_remote_user="******",
        )
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, msg
        # Retrieve remote system information. We need to know the remote system profile
        response = ansible.run_module(
            host_list=[system_ip], module="av_system_info", args="", ans_remote_pass=password, ans_remote_user="******"
        )
        success, msg = ansible_is_valid_response(system_ip, response)
        if not success:
            return False, msg
        try:
            remote_profiles = response["contacted"][system_ip]["data"]["profile"]
            remote_server_id = None
            if (
                "server_id" in response["contacted"][system_ip]["data"]
                and response["contacted"][system_ip]["data"]["server_id"] is not None
            ):
                remote_server_id = response["contacted"][system_ip]["data"]["server_id"]
                remote_server_id = remote_server_id.replace("-", "")

        except Exception as err:
            return False, "Error getting the remote profile:  %s" % str(err)

        # UPDATE LOCAL SERVER TABLE: Set the local vpn ip
        cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % (
            server_vpn_ip,
            local_server_id.upper(),
        )
        response = ansible.run_module(host_list=[host], module="shell", args=cmd)
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            return False, msg
        if response["contacted"][host]["rc"] != 0:
            return False, response["contacted"][host]["stderr"]

        if "server" in remote_profiles:
            # IF SERVER PROFILE, UPDATE LOCAL SERVER TABLE AS WELL
            cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % (
                end_points["client_end_point1"],
                remote_server_id.upper(),
            )
            response = ansible.run_module(host_list=[host], module="shell", args=cmd)
            success, msg = ansible_is_valid_response(host, response)
            if not success:
                return False, msg

            if response["contacted"][host]["rc"] != 0:
                return False, response["contacted"][host]["stderr"]

            # UPDATE REMOTE SERVER TABLE
            print "Remote profile server found... configuring it"
            print "Set vpn server ip on remote db..."
            cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % (
                server_vpn_ip,
                local_server_id.upper(),
            )
            response = ansible.run_module(
                host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******"
            )
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg

            if response["contacted"][system_ip]["rc"] != 0:
                return False, response["contacted"][system_ip]["stderr"]
            print "Set local vpn ip on remote db ..."
            cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % (
                end_points["client_end_point1"],
                remote_server_id.upper(),
            )
            response = ansible.run_module(
                host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******"
            )
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg

            if response["contacted"][system_ip]["rc"] != 0:
                return False, response["contacted"][system_ip]["stderr"]

            # UPDATE REMOTE SYSTEM TABLE
            cmd = (
                """echo \"update alienvault.system set vpn_ip=inet6_pton('%s') where server_id=unhex('%s');\" | ossim-db"""
                % (server_vpn_ip, local_server_id.upper())
            )
            response = ansible.run_module(
                host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******"
            )
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg

            if response["contacted"][system_ip]["rc"] != 0:
                return False, response["contacted"][system_ip]["stderr"]

            print "Set local vpn ip on remote db (systems)..."
            cmd = (
                """echo \"update alienvault.system set vpn_ip=inet6_pton('%s') where server_id=unhex('%s');\" | ossim-db"""
                % (end_points["client_end_point1"], remote_server_id.upper())
            )
            response = ansible.run_module(
                host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******"
            )
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg

            if response["contacted"][system_ip]["rc"] != 0:
                return False, response["contacted"][system_ip]["stderr"]

            # RESTART SERVICES ON REMOTE: ossim-server and alienvault-forward
            print "Restarting remote alienvault-forward service..."
            response = ansible.run_module(
                host_list=[system_ip],
                module="service",
                args="name=alienvault-forward state=restarted",
                ans_remote_pass=password,
                ans_remote_user="******",
            )
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg
            print "Restarting remote ossim-server service..."
            response = ansible.run_module(
                host_list=[system_ip],
                module="service",
                args="name=ossim-server state=restarted",
                ans_remote_pass=password,
                ans_remote_user="******",
            )
            success, msg = ansible_is_valid_response(system_ip, response)
            if not success:
                return False, msg

        print "Restarting ossim-server"
        response = ansible.run_module(host_list=[host], module="service", args="name=ossim-server state=restarted")
        success, msg = ansible_is_valid_response(host, response)
        if not success:
            return False, msg

    except Exception as err:
        return rt, "Something wrong happened while building the vpn tunnel! %s" % str(err)

    return True, end_points