def forward_check(): """ Check the forward events for consistence issues Returns: bool: True if successful, False otherwhise Message (str): Error description (if any) """ logger.info("Forward consistence check") (success, local_id) = get_server_id_from_local() if not success: logger.error("Can't retrieve system_id.") return False, "Can't retrieve system_id." success, server_list = get_children_servers(local_id) if not server_list: return True, '' if not success: logger.error("Can't retrieve children system list.") return False, "Can't retrieve children system list." # Get the current alarms # Check 8 hours back success, local_alarms = get_local_alarms(delay=1, delta=3) # local_alarms => hash, key => event_id data => server_id if not success: logger.error("Can't retrieve local alarms") return False, "Can't retrieve local alarms" for server in server_list: success, child_alarms = get_child_alarms(server, delay=1, delta=3) if not success: logger.error( "Can't retrieve remote alarms for server '%s'. Skiping" % str(server)) continue missing_alarms = [ event_id for event_id in child_alarms if event_id not in local_alarms ] if missing_alarms: # This check is list is empty success, message = resend_alarms(server, missing_alarms) if not success: logger.error( "Can't resend remote alarams from server '%s': %s. Skiping" % (message, str(server))) return True, ""
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: return success, "Error: Can not retrieve the local system id. %s" %str(local_system_id) if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id): return False, "Error: You're trying to remove the local system, which it's not allowed" (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: return success, "Error retrieving the system ip for the system id %s -> %s" % (system_ip, str(system_ip)) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: return success, "Error while removing the system from the database: %s" % str(msg) # 2 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return success, "Error while removing the remote certificates: %s" % str(msg) # 3 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: return success, "Error while getting the local ip: %s" % str(local_ip) success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Error while removing the local certificates: %s" % str(msg) # 4 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: return False, "An error occurred while removing the system from the ansible inventory file: %s" % str(aim_error) # 5 - Try to connect to the child and remove the parent using it's server_id success, own_server_id = get_server_id_from_local() if not success: return success, "Error while retrieving server_id from local: %s" % str(msg) success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: return success, "Error while deleting parent server in child: %s" % str(msg) return True, ""
def forward_check(): """ Check the forward events for consistence issues Returns: bool: True if successful, False otherwhise Message (str): Error description (if any) """ logger.info("Forward consistence check") (success, local_id) = get_server_id_from_local() if not success: logger.error("Can't retrieve system_id.") return False, "Can't retrieve system_id." success, server_list = get_children_servers(local_id) if not server_list: return True, '' if not success: logger.error("Can't retrieve children system list.") return False, "Can't retrieve children system list." # Get the current alarms # Check 8 hours back success, local_alarms = get_local_alarms(delay=1, delta=3) # local_alarms => hash, key => event_id data => server_id if not success: logger.error("Can't retrieve local alarms") return False, "Can't retrieve local alarms" for server in server_list: success, child_alarms = get_child_alarms(server, delay=1, delta=3) if not success: logger.error("Can't retrieve remote alarms for server '%s'. Skiping" % str(server)) continue missing_alarms = [event_id for event_id in child_alarms if event_id not in local_alarms] if missing_alarms: # This check is list is empty success, message = resend_alarms(server, missing_alarms) if not success: logger.error("Can't resend remote alarams from server '%s': %s. Skiping" % (message, str(server))) return True, ""
def make_tunnel_with_vpn(system_ip, password): """Build the VPN tunnel with the given node""" if not is_valid_ipv4(system_ip): return False, "Invalid system ip: %s" % str(system_ip) success, own_server_id = get_server_id_from_local() if not success: error_msg = "Error while retrieving " + \ "server_id from local: %s" % str(own_server_id) return success, error_msg success, local_ip = get_system_ip_from_local() if not success: return success, "Cannot retrieve the local ip <%s>" % str(local_ip) success, data = ansible_make_tunnel_with_vpn( system_ip=system_ip, local_server_id=get_hex_string_from_uuid(own_server_id), password=password) if not success: return success, data print "Set VPN IP on the system table" new_node_vpn_ip = data['client_end_point1'] if new_node_vpn_ip is None: return False, "Cannot retrieve the new node VPN IP" print "New Node VPN IP %s" % new_node_vpn_ip success, data = get_system_id_from_system_ip(system_ip) if success: # If the system is not on the system table is doesn't matter success, data = set_system_vpn_ip(data, new_node_vpn_ip) if not success: return False, "Cannot set the new node vpn ip on the system table" flush_cache(namespace="support_tunnel") # Restart frameworkd print "Restarting ossim-framework" success, data = ansible_restart_frameworkd(system_ip=local_ip) if not success: print "Restarting %s ossim-framework failed (%s)" % (local_ip, data) return True, "VPN node successfully connected."
def make_tunnel_with_vpn(system_ip, password): """Build the VPN tunnel with the given node""" if not is_valid_ipv4(system_ip): return False, "Invalid system ip: %s" % str(system_ip) success, own_server_id = get_server_id_from_local() if not success: error_msg = "Error while retrieving " + \ "server_id from local: %s" % str(own_server_id) return success, error_msg success, local_ip = get_system_ip_from_local() if not success: return success, "Cannot retrieve the local ip <%s>" % str(local_ip) success, data = ansible_make_tunnel_with_vpn(system_ip=system_ip, local_server_id=get_hex_string_from_uuid(own_server_id), password=password) if not success: return success, data print "Set VPN IP on the system table" new_node_vpn_ip = data['client_end_point1'] if new_node_vpn_ip is None: return False, "Cannot retrieve the new node VPN IP" print "New Node VPN IP %s" % new_node_vpn_ip success, data = get_system_id_from_system_ip(system_ip) if success: # If the system is not on the system table is doesn't matter success, data = set_system_vpn_ip(data, new_node_vpn_ip) if not success: return False, "Cannot set the new node vpn ip on the system table" flush_cache(namespace="support_tunnel") # Restart frameworkd print "Restarting ossim-framework" success, data = ansible_restart_frameworkd(system_ip=local_ip) if not success: print "Restarting %s ossim-framework failed (%s)" % (local_ip, data) return True, "VPN node successfully connected."
def make_tunnel_with_vpn(system_ip,password): """Build the VPN tunnel with the given node""" if not is_valid_ipv4(system_ip): return False, "Invalid system ip: %s" % str(system_ip) success, own_server_id = get_server_id_from_local() if not success: return success, "Error while retrieving server_id from local: %s" % str(own_server_id) success, data = ansible_make_tunnel_with_vpn(system_ip=system_ip, local_server_id= get_hex_string_from_uuid(own_server_id), password=password) if not success: return success, data print "Set VPN IP on the system table" new_node_vpn_ip = data['client_end_point1'] if new_node_vpn_ip is None: return False, "Cannot retrieve the new node VPN IP" print "New Node VPN IP %s" % new_node_vpn_ip success, data = get_system_id_from_system_ip(system_ip) if success:# If the system is not on the system table is doesn't matter success, data = set_system_vpn_ip(data, new_node_vpn_ip) if not success: return False, "Cannot set the new node vpn ip on the system table" flush_cache(namespace="system") return True, "VPN node successfully connected."
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: error_msg = "Cannot retrieve the " + \ "local system id. %s" % str(local_system_id) return success, error_msg if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id): error_msg = "You're trying to remove the local system, " + \ "which it's not allowed" return False, error_msg (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: error_msg = "Cannot retrieve the system ip " + \ "for the given system-id %s" % (str(system_ip)) return success, error_msg # Check whether the remote system is reachable or not: try: remote_system_is_reachable = ping_system(system_id, no_cache=True) except APIException: remote_system_is_reachable = False # We need to take the sensor_id from the database before removing it from the db (success_f, sensor_id) = get_sensor_id_from_system_id(system_id) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: error_msg = "Cannot remove the system " + \ "from the database <%s>" % str(msg) return success, error_msg # 2 - Remove the firewall rules. if success_f: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-sensor") if not trigger_success: api_log.error(msg) else: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-server") if not trigger_success: api_log.error(msg) # 3 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return (success, # "Error while removing the remote certificates: %s" % str(msg)) # 4 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: error_msg = "Cannot retrieve the local ip " + \ "<%s>" % str(local_ip) return success, error_msg #Remove remote system certificates on the local system success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Cannot remove the local certificates <%s>" % str(msg) # 5 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: error_msg = "Cannot remove the system from the " + \ "ansible inventory file " + \ "<%s>" % str(aim_error) return False, error_msg # 6 - Try to connect to the child and remove the parent # using it's server_id success, own_server_id = get_server_id_from_local() if not success: error_msg = "Cannot retrieve the server-id " + \ "from local <%s>" % str(msg) return success, error_msg if remote_system_is_reachable: success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: error_msg = "Cannot delete parent server in child <%s>" % str(msg) return success, error_msg return True, "" msg = "The remote system is not reachable. " + \ "We had not been able to remove the parent configuration" return True, msg
tasks_time_start.append(task_time) prior_task = False for ttime in tasks_time_start: if ttime != my_start_time and ttime < my_start_time: prior_task = True break except Exception, e: logger.error("An error occurred running sync_databases: %s" % (str(e))) return False, str(e) if prior_task: logger.info("Sync Databases: A sync task is already running. Bailing out") return True, "A sync task is already running. Bailing out" (success, local_id) = get_server_id_from_local() if not success: logger.error("Can't retrieve system_id.") return False, "Can't retrieve system_id." success, server_list = get_children_servers(local_id) if not success: logger.error("Can't retrieve children system list.") return False, "Can't retrieve children system list." for server_id in server_list: try: logger.debug("Trying to sync database from server %s" % server_id) (success, msg) = sync_database_from_child(server_id) if not success: logger.debug("Sync database from server %s failed: %s" % (server_id, str(msg)))
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: error_msg = "Cannot retrieve the " + \ "local system id. %s" % str(local_system_id) return success, error_msg if system_id == 'local' or get_hex_string_from_uuid( local_system_id) == get_hex_string_from_uuid(system_id): error_msg = "You're trying to remove the local system, " + \ "which it's not allowed" return False, error_msg (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: error_msg = "Cannot retrieve the system ip " + \ "for the given system-id %s" % (str(system_ip)) return success, error_msg # Check whether the remote system is reachable or not: try: remote_system_is_reachable = ping_system(system_id, no_cache=True) except APIException: remote_system_is_reachable = False # We need to take the sensor_id from the database before removing it from the db (success_f, sensor_id) = get_sensor_id_from_system_id(system_id) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: error_msg = "Cannot remove the system " + \ "from the database <%s>" % str(msg) return success, error_msg # 2 - Remove the firewall rules. if success_f: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-sensor") if not trigger_success: api_log.error(msg) else: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-server") if not trigger_success: api_log.error(msg) # 3 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return (success, # "Error while removing the remote certificates: %s" % str(msg)) # 4 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: error_msg = "Cannot retrieve the local ip " + \ "<%s>" % str(local_ip) return success, error_msg #Remove remote system certificates on the local system success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Cannot remove the local certificates <%s>" % str(msg) # 5 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: error_msg = "Cannot remove the system from the " + \ "ansible inventory file " + \ "<%s>" % str(aim_error) return False, error_msg # 6 - Try to connect to the child and remove the parent # using it's server_id success, own_server_id = get_server_id_from_local() if not success: error_msg = "Cannot retrieve the server-id " + \ "from local <%s>" % str(msg) return success, error_msg if remote_system_is_reachable: success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: error_msg = "Cannot delete parent server in child <%s>" % str(msg) return success, error_msg return True, "" msg = "The remote system is not reachable. " + \ "We had not been able to remove the parent configuration" return True, msg