def ansible_get_child_alarms(system_ip, delay=1, delta=3): """ Get the alarms from remote system """ cmd = "echo \"select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status='closed' AND timestamp between DATE_SUB(utc_timestamp(), " \ "interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) UNION select hex(event_id), timestamp, hex(backlog_id) " \ "FROM alarm WHERE status='open' AND " \ "timestamp between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) ORDER BY timestamp DESC;\" | ossim-db " % ( delta + delay, delay, delta + delay, delay) api_log.debug("Query: %s" % cmd) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, "[ansible_get_child_alarms] Can't retrieve remote alarms (%s) : %s" % (system_ip, msg) data = [] try: output = str(response['contacted'][system_ip]['stdout']) split = output.splitlines() # Discard first line if split: for line in split[1:]: # Omit header (event_id, timestamp, backlog_id) = line.split('\t') data.append(event_id) except KeyError: api_log.error("[ansible_get_child_alarms] Bad response from child server: %s" & str(output)) return False, "[ansible_get_child_alarms] Bad response from child server" return True, data
def sync_asec_plugins(): """Send ASEC plugins to all sensors The blueprint handle the following url: PUT /av/api/1.0/system/asec?plugins=<plugins> Args: plugins (str): Comma separated plugin list """ plugins = request.args.get("plugins") plugin_list = plugins.split(',') all_ok = True failed_plugins = [] for plugin in plugin_list: (success, msg) = api_sync_asec(plugin=plugin, enable=True) if not success: all_ok = False failed_plugins.append(plugin) api_log.error("Sync failed for plugin %s: %s" % (plugin, msg)) else: api_log.debug("Sync OK for plugin %s" % plugin) if not all_ok: error_msg = "ASEC plugins sync failed for plugins: %s" % ','.join(failed_plugins) return make_error(error_msg, 500) return make_ok(msg="ASEC plugins sync OK")
def get_license_devices(): """ Retrieves the number of assets for a given license Return: Number of devices signed for a license 0 if an error occurs 1000000 if 'devices' is not specified in the ossim.lic file """ rc, pro = system_is_professional() devices = 0 if rc and pro: if os.path.isfile("/etc/ossim/ossim.lic"): try: config = RawConfigParser() license_file = config.read('/etc/ossim/ossim.lic') devices = config.getint('appliance', 'devices') except NoOptionError: devices = 1000000 else: api_log.debug( "License devices can't be determined: License file not found") devices = 0 else: devices = 1000000 return devices
def sync_asec_plugins(): """Send ASEC plugins to all sensors The blueprint handle the following url: PUT /av/api/1.0/system/asec?plugins=<plugins> Args: plugins (str): Comma separated plugin list """ plugins = request.args.get("plugins") plugin_list = plugins.split(',') all_ok = True failed_plugins = [] for plugin in plugin_list: (success, msg) = api_sync_asec(plugin=plugin, enable=True) if not success: all_ok = False failed_plugins.append(plugin) api_log.error("Sync failed for plugin %s: %s" % (plugin, msg)) else: api_log.debug("Sync OK for plugin %s" % plugin) if not all_ok: error_msg = "ASEC plugins sync failed for plugins: " error_msg = error_msg + "%s" % ','.join(failed_plugins) return make_error(error_msg, 500) return make_ok(msg="ASEC plugins sync OK")
def get_license_devices(): """ Retrieves the number of assets for a given license Return: Number of devices signed for a license 0 if an error occurs 1000000 if 'devices' is not specified in the ossim.lic file """ rc, pro = system_is_professional() devices = 0 if rc and pro: if os.path.isfile("/etc/ossim/ossim.lic"): try: config = RawConfigParser() license_file = config.read('/etc/ossim/ossim.lic') devices = config.getint('appliance', 'devices') except NoOptionError: devices = 1000000 else: api_log.debug("License devices can't be determined: License file not found") devices = 0 else: devices = 1000000 return devices
def ansible_get_child_alarms(system_ip, delay=1, delta=3): """ Get the alarms from remote system """ cmd = "echo \"select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status='closed' AND timestamp between DATE_SUB(utc_timestamp(), " \ "interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) UNION select hex(event_id), timestamp, hex(backlog_id) " \ "FROM alarm WHERE status='open' AND " \ "timestamp between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) ORDER BY timestamp DESC;\" | ossim-db " % ( delta + delay, delay, delta + delay, delay) api_log.debug("Query: %s" % cmd) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, "[ansible_get_child_alarms] Can't retrieve remote alarms (%s) : %s" % ( system_ip, msg) data = [] try: output = str(response['contacted'][system_ip]['stdout']) split = output.splitlines() # Discard first line if split: for line in split[1:]: # Omit header (event_id, timestamp, backlog_id) = line.split('\t') data.append(event_id) except KeyError: api_log.error( "[ansible_get_child_alarms] Bad response from child server: %s" & str(output)) return False, "[ansible_get_child_alarms] Bad response from child server" return True, data
def __process_connection_message_response(self, response): api_log.debug("IDM connector - Recv: %s" % response) success = False if response == 'ok id="' + str(self.sequence_id) + '"\n': success = True else: api_log.error("IDM connector - Bad response from %s (seq_exp:%s): %s " % (self.ip, self.sequence_id, str(response))) return success
def __process_connection_message_response(self, response): api_log.debug("IDM connector - Recv: %s" % response) success = False if response == 'ok id="' + str(self.sequence_id) + '"\n': success = True else: api_log.error( "IDM connector - Bad response from %s (seq_exp:%s): %s " % (self.ip, self.sequence_id, str(response))) return success
def connect(self, attempts=3, wait_time=10): """Connects to the server and starts the handshake""" try: tries = 0 connected = False self.close() while tries < attempts and connected is False: if tries > 0: time.sleep(wait_time) tries += 1 api_log.debug("IDM connector - Tries: %s connected: %s" % (tries, connected)) api_log.debug("IDM connector - Conn: %s" % self.conn) if self.conn is not None: self.conn.close() self.conn = None self.conn = Connection(ip=self.ip, port=self.port) api_log.debug( "IDM connector - Creating a new Connection object") if not self.conn.connect(attempts=attempts, default_wait=wait_time): continue # Send the connection message: self.sequence_id += 1 if self.sensor_id is None: connect_message = self.CONNECT_MESSAGE_2.format( self.sequence_id) else: connect_message = self.CONNECT_MESSAGE.format( self.sequence_id, self.sensor_id) api_log.error( "IDM connector - Send: {0}".format(connect_message)) if not self.send(connect_message): api_log.error( "IDM connector - Cannot send the connection message") self.conn.close() continue connection_message_response = self.recv() if not self.__process_connection_message_response( connection_message_response): api_log.error( "IDM connector - Cannot connect to the server, invalid response" ) self.conn.close() continue connected = True if not connected: return False except Exception as err: api_log.debug( "IDM connector - Cannot connect to the server.... %s" % str(err)) self.close() return False return True
def reload_hosts(self): """Builds an IDM message to reload the hosts""" try: self.sequence_id += 1 message = 'reload-hosts id="' + str(self.sequence_id) + '"\n' api_log.info("Sending the reload host message") self.send(message) connection_message_response = self.recv() if not self.__process_connection_message_response(connection_message_response): api_log.error("Server connector - Cannot connect to the server, invalid response") except Exception as e: api_log.debug("Server connector, cannot send the reload host message")
def get_local_alarms(delay=1, delta=3): """ Get the local alarms By default alarms older than 1 hours and delta 3 """ data = [] try: query = "select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status=0 AND timestamp " \ "between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) " \ "UNION select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status=1 AND " \ "timestamp between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) " \ "ORDER BY timestamp DESC;" % (delta + delay, delay, delta + delay, delay) api_log.debug("[get_local_alarms] Query:" + query) rows = db.session.connection(mapper=Server).execute(query) data = [row[0] for row in rows] except NoResultFound: pass except Exception, msg: api_log.error("[get_local_alarms] %s" % str(msg)) return False, str(msg)
def connect(self, attempts=3, default_wait=10): """Connects to the given endpoint""" while self.__sock is None and self.__wait < MAX_WAIT and self.__tries < MAX_TRIES: api_log.debug("Connection [%s:%s] - Trying to connect ... " % (self.ip, self.port )) # Create a new socket try: plain_sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) except Exception as err: api_log.error("Connection [%s:%s] - Cannot create a new socket %s" % (self.ip, self.port, str(err))) self.__tries += 1 self.__wait += default_wait time.sleep(default_wait) continue # Set socket options: plain_sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 2) # Enable keep alive plain_sock.setsockopt(socket.SOL_TCP, socket.TCP_KEEPIDLE, 5) # Start to send keepalieves after this period plain_sock.setsockopt(socket.SOL_TCP, socket.TCP_KEEPINTVL, 3) # interval between keepalieves. plain_sock.setsockopt(socket.SOL_TCP, socket.TCP_KEEPCNT, 5) # number of keep alieves before deadth self.__sock = plain_sock try: api_log.debug("Connection [%s:%s] - Connect using plain socket" % (self.ip, self.port)) self.__sock.connect((self.__ip, self.__port)) except Exception as err: api_log.error("Connection [%s:%s] - Cannot establish a plain connection" "with the remote server, waiting for %d seconds: %s" % ( self.__ip, self.__port, default_wait, str(err))) self.__tries += 1 self.__wait += default_wait time.sleep(default_wait) continue else: api_log.error("Connection [%s:%s] - Plain socket connected..." % (self.ip, self.port)) self.__connected = True return self.__connected
def reload_hosts(self): """Builds an IDM message to reload the hosts""" try: self.sequence_id += 1 message = 'reload-hosts id="' + str(self.sequence_id) + '"\n' api_log.info("Sending the reload host message") self.send(message) connection_message_response = self.recv() if not self.__process_connection_message_response( connection_message_response): api_log.error( "Server connector - Cannot connect to the server, invalid response" ) except Exception as e: api_log.debug( "Server connector, cannot send the reload host message")
def connect(self, attempts=3, wait_time=10): """Connects to the server and starts the handshake""" try: tries = 0 connected = False self.close() while tries < attempts and connected is False: if tries > 0: time.sleep(wait_time) tries += 1 api_log.debug("IDM connector - Tries: %s connected: %s" % (tries, connected)) api_log.debug("IDM connector - Conn: %s" % self.conn) if self.conn is not None: self.conn.close() self.conn = None self.conn = Connection(ip=self.ip, port=self.port) api_log.debug("IDM connector - Creating a new Connection object") if not self.conn.connect(attempts=attempts, default_wait=wait_time): continue # Send the connection message: self.sequence_id += 1 if self.sensor_id is None: connect_message = self.CONNECT_MESSAGE_2.format(self.sequence_id) else: connect_message = self.CONNECT_MESSAGE.format(self.sequence_id, self.sensor_id) api_log.error("IDM connector - Send: {0}".format(connect_message)) if not self.send(connect_message): api_log.error("IDM connector - Cannot send the connection message") self.conn.close() continue connection_message_response = self.recv() if not self.__process_connection_message_response(connection_message_response): api_log.error("IDM connector - Cannot connect to the server, invalid response") self.conn.close() continue connected = True if not connected: return False except Exception as err: api_log.debug("IDM connector - Cannot connect to the server.... %s" % str(err)) self.close() return False return True
def start(self): """ Starts the monitor activity """ try: # Remove the previous monitor data. self.remove_monitor_data() monitor_data = {} success, system_id = get_system_id_from_local() if not success: return False # Now now = int(time.time()) # Firstly, wizard data! wizard_dict = {} success, start_welcome_wizard, welcome_wizard_date = get_wizard_data( ) if not success: api_log.error("There was an error retrieving the wizard data") wizard_shown = True if start_welcome_wizard == 2: # if difference between now and welcome_wizard_date is less # than a week, display message if (now - welcome_wizard_date) < 420: wizard_shown = False wizard_dict['wizard_shown'] = wizard_shown monitor_data[ self.__WEB_MESSAGES['MESSAGE_WIZARD_SHOWN']] = wizard_dict # Time to look for orphan sensors orphan_sensors_dict = {} success, message = check_any_orphan_sensor() orphan_sensors = False if not success: api_log.error(message) orphan_sensors = True orphan_sensors_dict['orphan_sensors'] = orphan_sensors monitor_data[self.__WEB_MESSAGES[ 'MESSAGE_SENSOR_NOT_INSERTED']] = orphan_sensors_dict # Has the trial version expired? success, expires, message = get_trial_expiration_date() trial_expired = False trial_expires_7days = False trial_expires_2days = False if not success: rc, pro = system_is_professional() if rc: if pro: # OK, we have an error here api_log.error(message) else: pass else: # expire=9999-12-31 expiration_date = expires.split('=')[1] if expiration_date: mktime_expression = datetime.datetime.strptime( expiration_date, "%Y-%m-%d").timetuple() expires = int(time.mktime(mktime_expression)) one_week_left = now - 604800 two_days_left = now - 172800 if expires < one_week_left: trial_expires_7days = True elif expires < two_days_left: trial_expires_2days = True elif expires < now: trial_expired = True else: pass else: if os.path.isfile("/etc/ossim/ossim.lic"): api_log.warning( "Valid license but no web admin user found!") else: api_log.debug( "Expiration date can't be determined: License file not found" ) monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRED"]] = { 'trial_checked': success, 'trial_expired': trial_expired } monitor_data[ self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_7DAYS"]] = { 'trial_checked': success, 'trial_expired': trial_expires_7days } monitor_data[ self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_2DAYS"]] = { 'trial_checked': success, 'trial_expired': trial_expires_2days } # Check max number of assets assets = len(get_asset_list()) contracted_devices = get_license_devices() over_assets = False exceeding_assets = 0 #if assets > contracted_devices: # exceeding_assets = assets - contracted_devices # over_assets = True monitor_data[self.__WEB_MESSAGES["MESSAGE_LICENSE_VIOLATION"]] = { 'over_assets': over_assets, 'exceeding_assets': exceeding_assets } # OTX contribution otx_enabled = apimethod_is_otx_enabled() monitor_data[self.__WEB_MESSAGES["MESSAGE_OTX_CONNECTION"]] = { 'otx_enabled': otx_enabled } # Backup in progress? success, running, message = check_backup_process_running() if not success: api_log.error(message) monitor_data[self.__WEB_MESSAGES["MESSAGE_BACKUP_RUNNING"]] = { 'backup_check': success, 'backup_running': running } # Save monitor data self.save_data(system_id, ComponentTypes.SYSTEM, self.get_json_message(monitor_data)) except Exception as err: api_log.error( "Error processing WebUIData monitor information: %s" % str(err)) return False return True
def start(self): """ Starts the monitor activity """ try: # Remove the previous monitor data. self.remove_monitor_data() monitor_data = {} success, system_id = get_system_id_from_local() if not success: return False # Now now = int(time.time()) # Firstly, wizard data! wizard_dict = {} success, start_welcome_wizard, welcome_wizard_date = get_wizard_data() if not success: api_log.error("There was an error retrieving the wizard data") wizard_shown = True if start_welcome_wizard == 2: # if difference between now and welcome_wizard_date is less # than a week, display message if (now - welcome_wizard_date) < 420: wizard_shown = False wizard_dict['wizard_shown'] = wizard_shown monitor_data[self.__WEB_MESSAGES['MESSAGE_WIZARD_SHOWN']] = wizard_dict # Time to look for orphan sensors orphan_sensors_dict = {} success, message = check_any_orphan_sensor() orphan_sensors = False if not success: api_log.error(message) orphan_sensors = True orphan_sensors_dict['orphan_sensors'] = orphan_sensors monitor_data[self.__WEB_MESSAGES['MESSAGE_SENSOR_NOT_INSERTED']] = orphan_sensors_dict # Has the trial version expired? success, expires, message = get_trial_expiration_date() trial_expired = False trial_expires_7days = False trial_expires_2days = False if not success: rc, pro = system_is_professional() if rc: if pro: # OK, we have an error here api_log.error(message) else: pass else: # expire=9999-12-31 expiration_date = expires.split('=')[1] if expiration_date: mktime_expression = datetime.datetime.strptime(expiration_date, "%Y-%m-%d").timetuple() expires = int(time.mktime(mktime_expression)) one_week_left = now - 604800 two_days_left = now - 172800 if expires < one_week_left: trial_expires_7days = True elif expires < two_days_left: trial_expires_2days = True elif expires < now: trial_expired = True else: pass else: if os.path.isfile("/etc/ossim/ossim.lic"): api_log.warning("Valid license but no web admin user found!") else: api_log.debug("Expiration date can't be determined: License file not found") monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRED"]] = {'trial_checked': success, 'trial_expired': trial_expired} monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_7DAYS"]] = {'trial_checked': success, 'trial_expired': trial_expires_7days} monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_2DAYS"]] = {'trial_checked': success, 'trial_expired': trial_expires_2days} # Check max number of assets assets = len(get_asset_list()) contracted_devices = get_license_devices() over_assets = False exceeding_assets = 0 #if assets > contracted_devices: # exceeding_assets = assets - contracted_devices # over_assets = True monitor_data[self.__WEB_MESSAGES["MESSAGE_LICENSE_VIOLATION"]] = {'over_assets': over_assets, 'exceeding_assets': exceeding_assets} # OTX contribution otx_enabled = apimethod_is_otx_enabled() monitor_data[self.__WEB_MESSAGES["MESSAGE_OTX_CONNECTION"]] = {'otx_enabled': otx_enabled} # Backup in progress? success, running, message = check_backup_process_running() if not success: api_log.error(message) monitor_data[self.__WEB_MESSAGES["MESSAGE_BACKUP_RUNNING"]] = {'backup_check': success, 'backup_running': running} # Save monitor data self.save_data(system_id, ComponentTypes.SYSTEM, self.get_json_message(monitor_data)) except Exception as err: api_log.error("Error processing WebUIData monitor information: %s" % str(err)) return False return True