def is_local(system_id): if system_id.lower() == 'local': return True success, local_system_id = get_system_id_from_local() return success and get_hex_string_from_uuid( local_system_id) == get_hex_string_from_uuid(system_id)
def get_hids_agents_by_asset(asset_id, sensor_id=None): """ Get HIDS agents by asset Args: asset_id(str): Asset ID sensor_id(str): Sensor ID Returns: Dictionary with HIDS agents related to asset in the database Raises: APICannotGetHIDSAgentByAsset APICannotResolveAssetID """ hids_agents = {} if asset_id is None: api_log.error( "[get_hids_agents_by_asset]: Asset ID could not be empty") raise APICannotResolveAssetID(asset_id) query = "SELECT HEX(ha.sensor_id) AS sensor_id, ha.agent_id, ha.agent_name, ha.agent_ip, " \ "ha.agent_status, HEX(ha.host_id) AS host_id " \ "FROM hids_agents ha WHERE ha.host_id = UNHEX('{0}')".format(get_hex_string_from_uuid(asset_id)) if sensor_id is not None: query = query + " AND ha.sensor_id = UNHEX('{0}')".format( get_hex_string_from_uuid(sensor_id)) try: ha_list = db.session.connection(mapper=Hids_Agents).execute(query) for hids_agent in ha_list: ha_id = hids_agent.agent_id ha_name = hids_agent.agent_name ha_ip = hids_agent.agent_ip ha_status = hids_agent.agent_status ha_sensor_id = hids_agent.sensor_id ha_host_id = hids_agent.host_id if hids_agent.host_id is not None else '' ha_key = ha_sensor_id + '#' + ha_id hids_agents[ha_key] = { 'id': ha_id, 'name': ha_name, 'ip_cidr': ha_ip, 'status': { 'id': ha_status, 'descr': Hids_Agents.get_status_string_from_integer(ha_status) }, 'sensor_id': ha_sensor_id, 'host_id': ha_host_id } except Exception as msg: api_log.error("[get_hids_agents_by_asset]: %s" % str(msg)) raise APICannotGetHIDSAgentByAsset(asset_id) return hids_agents
def get_hids_agents_by_asset(asset_id, sensor_id=None): """ Get HIDS agents by asset Args: asset_id(str): Asset ID sensor_id(str): Sensor ID Returns: Dictionary with HIDS agents related to asset in the database Raises: APICannotGetHIDSAgentByAsset APICannotResolveAssetID """ hids_agents = {} if asset_id is None: api_log.error("[get_hids_agents_by_asset]: Asset ID could not be empty") raise APICannotResolveAssetID(asset_id) query = "SELECT HEX(ha.sensor_id) AS sensor_id, ha.agent_id, ha.agent_name, ha.agent_ip, " \ "ha.agent_status, HEX(ha.host_id) AS host_id " \ "FROM hids_agents ha WHERE ha.host_id = UNHEX('{0}')".format(get_hex_string_from_uuid(asset_id)) if sensor_id is not None: query = query + " AND ha.sensor_id = UNHEX('{0}')".format(get_hex_string_from_uuid(sensor_id)) try: ha_list = db.session.connection(mapper=Hids_Agents).execute(query) for hids_agent in ha_list: ha_id = hids_agent.agent_id ha_name = hids_agent.agent_name ha_ip = hids_agent.agent_ip ha_status = hids_agent.agent_status ha_sensor_id = hids_agent.sensor_id ha_host_id = hids_agent.host_id if hids_agent.host_id is not None else '' ha_key = ha_sensor_id + '#' + ha_id hids_agents[ha_key] = { 'id': ha_id, 'name': ha_name, 'ip_cidr': ha_ip, 'status': { 'id': ha_status, 'descr': Hids_Agents.get_status_string_from_integer(ha_status) }, 'sensor_id': ha_sensor_id, 'host_id': ha_host_id } except Exception as msg: api_log.error("[get_hids_agents_by_asset]: %s" % str(msg)) raise APICannotGetHIDSAgentByAsset(asset_id) return hids_agents
def ans_add_server_hierarchy(system_ip, parent_id, child_id): """ Add server_hierarchy entry on system_ip """ hex_parent_id = None hex_child_id = None try: hex_parent_id = get_hex_string_from_uuid(parent_id) hex_child_id = get_hex_string_from_uuid(child_id) except Exception, msg: api_log.error(str(msg)) return False, "[ans_add_server_hierarchy] Bad params: %s" % str(msg)
def ans_add_server_hierarchy(system_ip, parent_id, child_id): """ Add server_hierarchy entry on system_ip """ hex_parent_id = None hex_child_id = None try: hex_parent_id = get_hex_string_from_uuid(parent_id) hex_child_id = get_hex_string_from_uuid(child_id) except Exception, msg: api_log.error(str(msg)) return False, "[ans_add_server_hierarchy] Bad params: %s" % str(msg)
def update_host_net_reference(hostid=None): """ Update host_net_reference table with hosts data. Modified to only update host provided. This query locks the asset db, if you have a large number of assets this can cause issues when adding hosts. Will default to previous behavior if no host is passed. """ # Original Query query = ("REPLACE INTO host_net_reference " "SELECT host.id, net_id FROM host, host_ip, net_cidrs " "WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end") # Check if hostid is passed and valid, if yes modify original query if hostid is not None and is_valid_uuid(hostid): query += " AND host.id = unhex(\'%s\')" % get_hex_string_from_uuid(hostid) try: db.session.begin() db.session.connection(mapper=Host_Net_Reference).execute(query) db.session.commit() except Exception as err_detail: db.session.rollback() api_log.error("There was a problem while updating host net reference: %s" % str(err_detail)) return False return True
def update_host_net_reference(hostid=None): """ Update host_net_reference table with hosts data. Modified to only update host provided. This query locks the asset db, if you have a large number of assets this can cause issues when adding hosts. Will default to previous behavior if no host is passed. """ # Original Query query = ( "REPLACE INTO host_net_reference " "SELECT host.id, net_id FROM host, host_ip, net_cidrs " "WHERE host.id = host_ip.host_id AND host_ip.ip >= net_cidrs.begin AND host_ip.ip <= net_cidrs.end" ) # Check if hostid is passed and valid, if yes modify original query if hostid is not None and is_valid_uuid(hostid): query += " AND host.id = unhex(\'%s\')" % get_hex_string_from_uuid( hostid) try: db.session.begin() db.session.connection(mapper=Host_Net_Reference).execute(query) db.session.commit() except Exception as err_detail: db.session.rollback() api_log.error( "There was a problem while updating host net reference: %s" % str(err_detail)) return False return True
def delete_orphan_hids_agents(agent_list, sensor_id): """ Delete orphan HIDS agents Args: agent_list(list): List of active HIDS agents sensor_id(str): Sensor ID Raises: APICannotResolveSensorID APICannotDeleteHIDSAgentList """ if sensor_id is None: api_log.error( "[delete_orphan_hids_agents]: Sensor ID could not be empty") raise APICannotResolveSensorID(sensor_id) try: if agent_list: q_agent_list = "'" + "','".join(agent_list) + "'" sensor_id_hex = get_hex_string_from_uuid(sensor_id) query = "DELETE FROM hids_agents WHERE sensor_id = UNHEX('{0}') " \ "AND agent_id NOT IN ({1})".format(sensor_id_hex, q_agent_list) db.sesion.begin() db.session.connection(mapper=Hids_Agents).execute(query) db.session.commit() except Exception as msg: db.session.rollback() api_log.error("[delete_orphan_hids_agents]: %s" % str(msg)) raise APICannotDeleteHIDSAgentList(agent_list, sensor_id)
def delete_orphan_hids_agents(agent_list, sensor_id): """ Delete orphan HIDS agents Args: agent_list(list): List of active HIDS agents sensor_id(str): Sensor ID Raises: APICannotResolveSensorID APICannotDeleteHIDSAgentList """ if sensor_id is None: api_log.error("[delete_orphan_hids_agents]: Sensor ID could not be empty") raise APICannotResolveSensorID(sensor_id) try: if agent_list: q_agent_list = "'" + "','".join(agent_list) + "'" sensor_id_hex = get_hex_string_from_uuid(sensor_id) query = "DELETE FROM hids_agents WHERE sensor_id = UNHEX('{0}') " \ "AND agent_id NOT IN ({1})".format(sensor_id_hex, q_agent_list) db.session.connection(mapper=Hids_Agents).execute(query) except Exception as msg: api_log.error("[delete_orphan_hids_agents]: %s" % str(msg)) raise APICannotDeleteHIDSAgentList(agent_list, sensor_id)
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: return success, "Error: Can not retrieve the local system id. %s" %str(local_system_id) if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id): return False, "Error: You're trying to remove the local system, which it's not allowed" (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: return success, "Error retrieving the system ip for the system id %s -> %s" % (system_ip, str(system_ip)) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: return success, "Error while removing the system from the database: %s" % str(msg) # 2 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return success, "Error while removing the remote certificates: %s" % str(msg) # 3 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: return success, "Error while getting the local ip: %s" % str(local_ip) success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Error while removing the local certificates: %s" % str(msg) # 4 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: return False, "An error occurred while removing the system from the ansible inventory file: %s" % str(aim_error) # 5 - Try to connect to the child and remove the parent using it's server_id success, own_server_id = get_server_id_from_local() if not success: return success, "Error while retrieving server_id from local: %s" % str(msg) success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: return success, "Error while deleting parent server in child: %s" % str(msg) return True, ""
def get_hids_agent_by_sensor(sensor_id, agent_id): """ Get HIDS agent by sensor Args: sensor_id(str): Sensor ID agent_id(str): Agent ID Returns: Dictionary with the HIDS agent of the sensor in the database Raises: APICannotResolveSensorID APIInvalidHIDSAgentID APICannotGetHIDSAgents """ if sensor_id is None: api_log.error("[get_hids_agent_by_sensor]: Sensor ID could not be empty") raise APICannotResolveSensorID(sensor_id) if agent_id is None: api_log.error("[get_hids_agent_by_sensor]: Agent ID could not be empty") raise APIInvalidHIDSAgentID(agent_id) hids_agent = {} try: sensor_id_hex = get_hex_string_from_uuid(sensor_id) query = "SELECT HEX(ha.sensor_id) AS sensor_id, ha.agent_id, ha.agent_name, ha.agent_ip, " \ "ha.agent_status, HEX(ha.host_id) AS host_id " \ "FROM hids_agents ha WHERE ha.sensor_id = UNHEX('{0}') AND ha.agent_id = '{1}' " \ "LIMIT 1".format(sensor_id_hex, agent_id) ha_list = db.session.connection(mapper=Hids_Agents).execute(query).fetchall() if ha_list: ha_list = ha_list[0] ha_id = ha_list.agent_id ha_name = ha_list.agent_name ha_ip = ha_list.agent_ip ha_status = ha_list.agent_status ha_host_id = ha_list.host_id if ha_list.host_id is not None else '' hids_agent = { 'id': ha_id, 'name': ha_name, 'ip_cidr': ha_ip, 'status': { 'id': ha_status, 'descr': Hids_Agents.get_status_string_from_integer(ha_status) }, 'host_id': ha_host_id } except Exception as msg: api_log.error("[get_hids_agent_by_sensor]: %s" % str(msg)) raise APICannotGetHIDSAgents(sensor_id) return hids_agent
def ans_add_server(system_ip, server_id, server_name, server_ip, server_port, server_descr=''): """ Add server entry on system_ip """ hex_server_id = None hex_server_ip = None try: hex_server_id = get_hex_string_from_uuid(server_id) hex_server_ip = get_ip_hex_from_str(server_ip) except Exception, msg: api_log.error(str(msg)) return False, "[ans_add_server] Bad params: %s" % str(msg)
def ans_add_server(system_ip, server_id, server_name, server_ip, server_port, server_descr=''): """ Add server entry on system_ip """ hex_server_id = None hex_server_ip = None try: hex_server_id = get_hex_string_from_uuid(server_id) hex_server_ip = get_ip_hex_from_str(server_ip) except Exception, msg: api_log.error(str(msg)) return False, "[ans_add_server] Bad params: %s" % str(msg)
def get_hids_agents_by_sensor(sensor_id): """ Get HIDS agents by sensor Args: sensor_id(str): Sensor ID Returns: Dictionary with HIDS agents of the sensor in the database Raises: APICannotResolveSensorID APICannotGetHIDSAgents """ hids_agents = {} if sensor_id is None: api_log.error( "[get_hids_agents_by_sensor]: Sensor ID could not be empty") raise APICannotResolveSensorID(sensor_id) try: sensor_id_hex = get_hex_string_from_uuid(sensor_id) query = "SELECT HEX(ha.sensor_id) AS sensor_id, ha.agent_id, ha.agent_name, ha.agent_ip, " \ "ha.agent_status, HEX(ha.host_id) AS host_id " \ "FROM hids_agents ha WHERE ha.sensor_id = UNHEX('{0}')".format(sensor_id_hex) ha_list = db.session.connection(mapper=Hids_Agents).execute(query) for hids_agent in ha_list: ha_id = hids_agent.agent_id ha_name = hids_agent.agent_name ha_ip = hids_agent.agent_ip ha_status = hids_agent.agent_status ha_host_id = hids_agent.host_id if hids_agent.host_id is not None else '' hids_agents[ha_id] = { 'id': ha_id, 'name': ha_name, 'ip_cidr': ha_ip, 'status': { 'id': ha_status, 'descr': Hids_Agents.get_status_string_from_integer(ha_status) }, 'host_id': ha_host_id } except Exception as msg: api_log.error("[get_hids_agents_by_sensor]: %s" % str(msg)) raise APICannotGetHIDSAgents(sensor_id) return hids_agents
def get_name_by_host_id(host_id): """ Returns an asset name given an asset ID """ host_name = '' try: host_id_hex = get_hex_string_from_uuid(host_id) query = "SELECT hostname FROM host WHERE id = UNHEX('{0}')".format(host_id_hex) host_data = db.session.connection(mapper=Host).execute(query).first() if host_data: host_name = host_data.hostname except Exception as msg: api_log.error("[get_name_by_host_id] {0}".format(msg)) raise APICannotGetAssetName(host_id) return host_name
def make_tunnel_with_vpn(system_ip, password): """Build the VPN tunnel with the given node""" if not is_valid_ipv4(system_ip): return False, "Invalid system ip: %s" % str(system_ip) success, own_server_id = get_server_id_from_local() if not success: error_msg = "Error while retrieving " + \ "server_id from local: %s" % str(own_server_id) return success, error_msg success, local_ip = get_system_ip_from_local() if not success: return success, "Cannot retrieve the local ip <%s>" % str(local_ip) success, data = ansible_make_tunnel_with_vpn( system_ip=system_ip, local_server_id=get_hex_string_from_uuid(own_server_id), password=password) if not success: return success, data print "Set VPN IP on the system table" new_node_vpn_ip = data['client_end_point1'] if new_node_vpn_ip is None: return False, "Cannot retrieve the new node VPN IP" print "New Node VPN IP %s" % new_node_vpn_ip success, data = get_system_id_from_system_ip(system_ip) if success: # If the system is not on the system table is doesn't matter success, data = set_system_vpn_ip(data, new_node_vpn_ip) if not success: return False, "Cannot set the new node vpn ip on the system table" flush_cache(namespace="support_tunnel") # Restart frameworkd print "Restarting ossim-framework" success, data = ansible_restart_frameworkd(system_ip=local_ip) if not success: print "Restarting %s ossim-framework failed (%s)" % (local_ip, data) return True, "VPN node successfully connected."
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: error_msg = "Cannot retrieve the " + \ "local system id. %s" % str(local_system_id) return success, error_msg if system_id == 'local' or get_hex_string_from_uuid( local_system_id) == get_hex_string_from_uuid(system_id): error_msg = "You're trying to remove the local system, " + \ "which it's not allowed" return False, error_msg (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: error_msg = "Cannot retrieve the system ip " + \ "for the given system-id %s" % (str(system_ip)) return success, error_msg # Check whether the remote system is reachable or not: try: remote_system_is_reachable = ping_system(system_id, no_cache=True) except APIException: remote_system_is_reachable = False # We need to take the sensor_id from the database before removing it from the db (success_f, sensor_id) = get_sensor_id_from_system_id(system_id) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: error_msg = "Cannot remove the system " + \ "from the database <%s>" % str(msg) return success, error_msg # 2 - Remove the firewall rules. if success_f: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-sensor") if not trigger_success: api_log.error(msg) else: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-server") if not trigger_success: api_log.error(msg) # 3 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return (success, # "Error while removing the remote certificates: %s" % str(msg)) # 4 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: error_msg = "Cannot retrieve the local ip " + \ "<%s>" % str(local_ip) return success, error_msg #Remove remote system certificates on the local system success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Cannot remove the local certificates <%s>" % str(msg) # 5 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: error_msg = "Cannot remove the system from the " + \ "ansible inventory file " + \ "<%s>" % str(aim_error) return False, error_msg # 6 - Try to connect to the child and remove the parent # using it's server_id success, own_server_id = get_server_id_from_local() if not success: error_msg = "Cannot retrieve the server-id " + \ "from local <%s>" % str(msg) return success, error_msg if remote_system_is_reachable: success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: error_msg = "Cannot delete parent server in child <%s>" % str(msg) return success, error_msg return True, "" msg = "The remote system is not reachable. " + \ "We had not been able to remove the parent configuration" return True, msg
def make_tunnel_with_vpn(system_ip,password): """Build the VPN tunnel with the given node""" if not is_valid_ipv4(system_ip): return False, "Invalid system ip: %s" % str(system_ip) success, own_server_id = get_server_id_from_local() if not success: return success, "Error while retrieving server_id from local: %s" % str(own_server_id) success, data = ansible_make_tunnel_with_vpn(system_ip=system_ip, local_server_id= get_hex_string_from_uuid(own_server_id), password=password) if not success: return success, data print "Set VPN IP on the system table" new_node_vpn_ip = data['client_end_point1'] if new_node_vpn_ip is None: return False, "Cannot retrieve the new node VPN IP" print "New Node VPN IP %s" % new_node_vpn_ip success, data = get_system_id_from_system_ip(system_ip) if success:# If the system is not on the system table is doesn't matter success, data = set_system_vpn_ip(data, new_node_vpn_ip) if not success: return False, "Cannot set the new node vpn ip on the system table" flush_cache(namespace="system") return True, "VPN node successfully connected."