def is_running(self):
if self.zeek_home:
try:
return zeek_process.ProcessManager().status()['running']
except KeyError:
return zeek_process.ProcessManager().status()['RUNNING']
return False
def is_running(self) -> bool:
"""
Determine of Zeek is running
Returns:
True, if running
"""
if self.zeek_home:
try:
return zeek_process.ProcessManager().status()['running']
except KeyError:
return zeek_process.ProcessManager().status()['RUNNING']
return False
def stop(self) -> bool:
"""Stop agent processes
Returns:
True, if successful
"""
filebeat_res, suricata_res, zeek_res = True, True, True
if not filebeat_profile.ProcessProfiler().is_installed():
self.logger.error('You must install Filebeat to run this command.')
return False
filebeat_res = filebeat_process.ProcessManager().stop()
if suricata_profile.ProcessProfiler().is_installed():
suricata_res = suricata_process.ProcessManager().stop()
if zeek_profile.ProcessProfiler().is_installed():
zeek_res = zeek_process.ProcessManager().stop()
return filebeat_res and zeek_res and suricata_res
def get_agent_status(verbose=False, pretty_print_status=True):
zeek_profiler = zeek_profile.ProcessProfiler()
suricata_profiler = suricata_profile.ProcessProfiler()
status_tables = "\n"
agent_status = {}
filebeat_status = filebeat_process.ProcessManager(
verbose=verbose, pretty_print_status=pretty_print_status).status()
status_tables += filebeat_status + '\n\n'
agent_status.update({'filebeat': filebeat_status})
if zeek_profiler.is_installed():
zeek_status = zeek_process.ProcessManager(
verbose=verbose, pretty_print_status=pretty_print_status).status()
status_tables += zeek_status + '\n\n'
agent_status.update({'zeek': zeek_status})
if suricata_profiler.is_installed():
suricata_status = suricata_process.ProcessManager(
verbose=verbose, pretty_print_status=pretty_print_status).status()
status_tables += suricata_status + '\n\n'
agent_status.update({'suricata': suricata_status})
if pretty_print_status:
return status_tables
return agent_status
def uninstall_zeek(prompt_user=True, stdout=True, verbose=False):
"""
Uninstall Zeek
:param prompt_user: Print a warning before continuing
:param stdout: Print the output to console
:param verbose: Include detailed debug messages
"""
log_level = logging.INFO
if verbose:
log_level = logging.DEBUG
logger = get_logger('ZEEK', level=log_level, stdout=stdout)
logger.info("Uninstalling Zeek.")
env_file = os.path.join(const.CONFIG_PATH, 'environment')
environment_variables = utilities.get_environment_file_dict()
zeek_profiler = zeek_profile.ProcessProfiler()
if not zeek_profiler.is_installed():
logger.error("Zeek is not installed. Cannot uninstall.")
raise zeek_exceptions.UninstallZeekError("Zeek is not installed.")
if prompt_user:
sys.stderr.write('\n\033[93m[-] WARNING! Removing Zeek Will Remove Critical Agent Functionality.\033[0m\n')
resp = utilities.prompt_input('\033[93m[?] Are you sure you wish to continue? ([no]|yes): \033[0m')
while resp not in ['', 'no', 'yes']:
resp = utilities.prompt_input('\033[93m[?] Are you sure you wish to continue? ([no]|yes): \033[0m')
if resp != 'yes':
if stdout:
sys.stdout.write('\n[+] Exiting\n')
exit(0)
if zeek_profiler.is_running():
try:
zeek_process.ProcessManager().stop()
except zeek_exceptions.CallZeekProcessError as e:
logger.error("Could not kill Zeek process. Cannot uninstall.")
logger.debug("Could not kill Zeek process. Cannot uninstall; {}".format(e))
raise zeek_exceptions.UninstallZeekError("Could not kill Zeek process; {}".format(e))
install_directory = environment_variables.get('ZEEK_HOME')
config_directory = environment_variables.get('ZEEK_SCRIPTS')
try:
with open(env_file) as env_fr:
env_lines = ''
for line in env_fr.readlines():
if 'ZEEK_HOME' in line:
continue
elif 'ZEEK_SCRIPTS' in line:
continue
elif 'PF_RING_HOME' in line:
continue
elif line.strip() == '':
continue
env_lines += line.strip() + '\n'
with open(env_file, 'w') as env_fw:
env_fw.write(env_lines)
if zeek_profiler.is_installed():
shutil.rmtree(install_directory, ignore_errors=True)
shutil.rmtree(config_directory, ignore_errors=True)
except Exception as e:
logger.error("General error occurred while attempting to uninstall Zeek.")
logger.debug("General error occurred while attempting to uninstall Zeek; {}".format(e))
raise zeek_exceptions.UninstallZeekError(
"General error occurred while attempting to uninstall Zeek; {}".format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise zeek_exceptions.UninstallZeekError("Could not find systemctl.")
sysctl.uninstall_and_disable('zeek')
def status(self) -> Optional[Union[Dict, str]]:
"""Get the status of a processes
Returns:
A dictionary containing process status or a tabulated string if `pretty_print` is True.
"""
if not filebeat_profile.ProcessProfiler().is_installed():
self.logger.error('You must install filebeat to run this command.')
return None
agent_status = {}
filebeat_status, zeek_status, suricata_status = {}, {}, {}
filebeat_status = filebeat_process.ProcessManager().status()
agent_status.update({
'filebeat': {
'running': filebeat_status.get('running'),
'enabled_on_startup': filebeat_status.get('enabled_on_startup')
}
})
if zeek_profile.ProcessProfiler().is_installed():
zeek_status = zeek_process.ProcessManager().status()
agent_status.update({
'zeek': {
'running': zeek_status.get('running'),
'enabled_on_startup': zeek_status.get('enabled_on_startup')
}
})
if suricata_profile.ProcessProfiler().is_installed():
suricata_status = suricata_process.ProcessManager().status()
agent_status.update({
'suricata': {
'running': suricata_status.get('running'),
'enabled_on_startup':
suricata_status.get('enabled_on_startup')
}
})
if self.pretty_print_status:
colorize = utilities.PrintDecorations.colorize
child_services = [
['Service', 'Running', 'Enabled on Startup'],
[
'filebeat',
colorize('yes', 'green') if filebeat_status.get('running')
else colorize('no', 'red'),
colorize('yes', 'green')
if filebeat_status.get('enabled_on_startup') else colorize(
'no', 'red')
]
]
if zeek_status:
child_services.append([
'zeek',
colorize('yes', 'green')
if zeek_status.get('running') else colorize('no', 'red'),
colorize('yes', 'green')
if zeek_status.get('enabled_on_startup') else colorize(
'no', 'red')
])
if suricata_status:
child_services.append([
'suricata',
colorize('yes', 'green')
if zeek_status.get('running') else colorize('no', 'red'),
colorize('yes', 'green')
if zeek_status.get('enabled_on_startup') else colorize(
'no', 'red')
])
return tabulate.tabulate(child_services, tablefmt='fancy_grid')
return agent_status