def test_execute(self): server = Server.get_by_id(1) self.assertEqual(execute(server, {'test_hostame': "hostname"}, become=False), {'test_hostame': 'test-travis'}) self.assertEqual(execute(server, {'test_ok': "hostname 1>/dev/null"}, become=False), {'test_ok': 'OK'}) with self.assertRaises(Exception): execute(server, {'test_fail': "service ssh status"}, become=False)
def install(self, version=settings.OSSEC_VERSION): if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu': install_script = """ if ! type ${binary_dir}ossec ; then wget https://github.com/ossec/ossec-hids/archive/${version}.tar.gz tar xf ${version}.tar.gz cp probemanager/ossec/preloaded-vars-agent.conf ossec-hids-${version}/etc/preloaded-vars.conf chmod +x ossec-hids-${version}/etc/preloaded-vars.conf (cd ossec-hids-${version}/ && sudo ./install.sh) rm ${version}.tar.gz && rm -rf ossec-hids-" + version cp probemanager/ossec/ossec-conf-agent.xml /var/ossec/etc/ossec.conf ${binary_dir}agent-auth -m ${ossec_server_ip} exit 0 else echo "Already installed" exit 0 fi """ t = Template_string(install_script) command = "sh -c '" + t.safe_substitute( version=version, binary_dir=settings.OSSEC_BINARY, ossec_server_ip=settings.OSSEC_SERVER_IP) + "'" else: raise NotImplementedError tasks = {"install": command} try: response = execute(self.server, tasks, become=True) except Exception as e: logger.error(e) return False logger.debug("output : " + str(response)) return True
def stop(self): if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu': command = self.configuration.bin_directory + "broctl stop" else: # pragma: no cover raise NotImplementedError tasks = {"stop": command} try: response = execute(self.server, tasks, become=True) except Exception: # pragma: no cover logger.exception("Error during stop") return {'status': False, 'errors': "Error during stop"} logger.debug("output : " + str(response)) return {'status': True}
def status(self): if self.server.os.name == 'debian': command = settings.OSSEC_BINARY + "ossec-control status" else: raise NotImplementedError tasks = {"status": command} try: response = execute(self.server, tasks, become=True) except Exception as e: logger.error('Failed to get status : ' + str(e)) return 'Failed to get status : ' + str(e) logger.debug("output : " + str(response)) return response['status']
def reload(self): if self.server.os.name == 'debian': command = settings.OSSEC_BINARY + "ossec-control reload" else: raise NotImplementedError tasks = {"reload": command} try: response = execute(self.server, tasks, become=True) except Exception as e: logger.error(str(e)) return {'status': False, 'errors': str(e)} logger.debug("output : " + str(response)) return {'status': True}
def test(self): if self.server.os.name == 'debian': command1 = settings.OSSEC_BINARY + "ossec-monitord -t" command2 = settings.OSSEC_BINARY + "ossec-agentd -t" else: raise NotImplementedError tasks = {"test monitord": command1, "test remoted": command2} try: response = execute(self.server, tasks, become=True) except Exception as e: logger.error(str(e)) return False logger.debug("output : " + str(response)) return True
def restart(self): if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu': command1 = self.configuration.bin_directory + "broctl stop" command2 = self.configuration.bin_directory + "broctl deploy" else: # pragma: no cover raise NotImplementedError tasks_unordered = {"1_stop": command1, "3_deploy": command2} tasks = OrderedDict(sorted(tasks_unordered.items(), key=lambda t: t[0])) try: response = execute(self.server, tasks, become=True) except Exception: # pragma: no cover logger.exception("Error during restart") return {'status': False, 'errors': "Error during restart"} logger.debug("output : " + str(response)) return {'status': True}
def status(self): if self.installed: if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu': command = self.configuration.bin_directory + "broctl status | sed -n 2p" else: # pragma: no cover raise NotImplementedError tasks = {"status": command} try: response = execute(self.server, tasks, become=True) except Exception: # pragma: no cover logger.exception('Failed to get status') return 'Failed to get status' logger.debug("output : " + str(response)) return response['status'] else: return 'Not installed'
def deploy(self): errors = list() for bro in self.bros.all(): command1 = "critical-stack-intel api " + str(self.api_key) command2 = "critical-stack-intel config --set bro.restart=true" command3 = "critical-stack-intel pull" tasks_unordered = {"1_set_api": command1, "2_set_restart": command2, "3_pull": command3} tasks = OrderedDict(sorted(tasks_unordered.items(), key=lambda t: t[0])) try: response = execute(bro.server, tasks, become=True) except Exception as e: # pragma: no cover logger.exception('deploy failed for ' + str(bro)) errors.append('deploy failed for ' + str(bro) + ': ' + str(e)) else: logger.debug("output : " + str(response)) if errors: # pragma: no cover return {'status': False, 'errors': str(errors)} else: return {'status': True}
def list(self): errors = list() success = list() for bro in self.bros.all(): command1 = "critical-stack-intel api " + str(self.api_key) command2 = "critical-stack-intel list" tasks_unordered = {"1_set_api": command1, "2_list": command2} tasks = OrderedDict(sorted(tasks_unordered.items(), key=lambda t: t[0])) try: response = execute(bro.server, tasks, become=True) except Exception as e: # pragma: no cover logger.exception('list failed for ' + str(bro)) errors.append('list failed for ' + str(bro) + ': ' + str(e)) else: logger.debug("output : " + str(response)) success.append(response['2_list']) if errors: # pragma: no cover return {'status': False, 'errors': str(errors)} else: return {'status': True, 'message': str(success)}
def test_execute_become(self): server = Server.get_by_id(1) self.assertEqual(execute(server, {'test_hostame': "hostname"}, become=True), {'test_hostame': 'test-travis'}) self.assertIn('ssh.service', execute(server, {'test_status': "service ssh status"}, become=True)['test_status']) server.become_pass = None server.save() with self.assertRaises(Exception): execute(server, {'test_hostame': "hostname"}, become=True) server.become = False server.save() with self.assertRaises(Exception): execute(server, {'test_hostame': "hostname"}, become=True) with self.assertRaises(Exception): execute_copy(server, src=settings.ROOT_DIR + '/LICENSE', dest='/tmp/LICENSE', become=True)
def get_version(self, probe): software_by_os = Software.objects.get(name=self.name, os=probe.server.os) command = {'get_version': software_by_os.command} if self.instaled_by == 'apt': command = { 'get_version': "apt-cache policy " + str(self.name) + " | sed -n '2 p' | grep -Po '\d{1,2}\.\d{1,2}\.{0,1}\d{0,2}' | sed -n '1 p'" } elif self.instaled_by == 'brew': command = { 'get_version': "brew list " + str(self.name) + " --versions | cut -d ' ' -f 2" } try: output = execute(probe.server, command) except Exception as e: # pragma: no cover logger.exception('Error during get version') return str(e) logger.info("output : " + str(output)) return output['get_version']
def install(self, version=settings.BRO_VERSION): if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu': install_script = """ if ! type /usr/local/bro/bin/bro ; then apt update apt install -y cmake make gcc g++ flex bison libpcap-dev libssl1.0-dev python-dev swig zlib1g-dev \ libmagic-dev libgeoip-dev sendmail libcap2-bin wget curl ca-certificates wget https://www.bro.org/downloads/bro-${version}.tar.gz tar xf bro-${version}.tar.gz ( cd bro-${version} && ./configure ) ( cd bro-${version} && make -j$(nproc) ) ( cd bro-${version} && make install ) rm bro-${version}.tar.gz && rm -rf bro-${version} export PATH=/usr/local/bro/bin:$PATH && export LD_LIBRARY_PATH=/usr/local/bro/lib/ echo "export PATH=/usr/local/bro/bin:$PATH" >> .bashrc echo "export LD_LIBRARY_PATH=/usr/local/bro/lib/" >> .bashrc /usr/local/bro/bin/broctl deploy exit 0 else echo "Already installed" exit 0 fi """ t = Template(install_script) command = "sh -c '" + t.safe_substitute(version=version) + "'" else: # pragma: no cover raise NotImplementedError tasks = {"install": command} try: response = execute(self.server, tasks, become=True) self.installed = True self.save() except Exception as e: # pragma: no cover logger.exception('install failed') return {'status': False, 'errors': str(e)} logger.debug("output : " + str(response)) return {'status': True}