def ossec_put_server_config(sensor_id): (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: return False, "Invalid sensor id %s" % sensor_id success, ossec_directory = get_ossec_directory(sensor_id) if not success: api_log.error(str(ossec_directory)) return False, ossec_directory server_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_SERVER_FILE_NAME) success, local_system_ip = get_system_ip_from_local(local_loopback=False) if not success: api_log.error(str(local_system_ip)) return False, "Error getting the local system ip" # Sanity Check of the file success, msg = ossec_verify_server_config_file(local_system_ip, server_config_file) if not success: api_log.error(str(msg)) return False, "Error verifiying the ossec server configuration file\n%s" % msg success, msg = copy_file(host_list=[system_ip], args="src=%s dest=%s owner=root group=ossec mode=644" % (server_config_file, OSSEC_CONFIG_SERVER_PATH)) if not success: api_log.error(str(msg)) return False, "Error setting the HIDS server configuration file" return True, ''
def ansible_install_plugin(system_ip, plugin_path, sql_path): if not (system_ip or plugin_path or sql_path): return False, "[ansible_install_plugin]: Missing arguments" # Copy plugin file to plugins dir remote_plugin_path = "/etc/ossim/agent/plugins/" + basename(plugin_path) cmd_args = "src=%s dest=%s force=yes owner=root " + \ "group=alienvault mode=644" % (plugin_path, remote_plugin_path) (success, msg) = copy_file([system_ip], cmd_args) if not success: error_msg = "[ansible_install_plugin] Failed to copy " + \ "plugin file: %s" % msg return False, error_msg # Copy SQL file to tmp dir remote_sql_path = "/tmp/tmp_" + basename(sql_path) cmd_args = "src=%s dest=%s force=yes " % (sql_path, remote_sql_path) + \ "owner=root group=alienvault mode=644" (success, msg) = copy_file([system_ip], cmd_args) if not success: error_msg = "[ansible_install_plugin] Failed to copy " + \ "sql file: %s" % msg return False, error_msg # Apply SQL file cmd_args = "/usr/bin/ossim-db < %s" % remote_sql_path response = ansible.run_module(host_list=[system_ip], module="shell", use_sudo=True, args=cmd_args) (success, msg) = ansible_is_valid_response(system_ip, response) if not success: error_msg = "[ansible_install_plugin] Failed to apply " + \ "sql file: %s" % msg return False, error_msg # Delete SQL file (success, msg) = remove_file([system_ip], remote_sql_path) if not success: error_msg = "[ansible_install_plugin] Failed to delete " + \ "sql file: %s" % msg return False, error_msg return True, "[ansible_install_plugin] Plugin installed OK"