def build_conf(node_logger, frontend_id=None): """ Generate conf of rsyslog inputs, based on all frontends LOG ruleset of frontend outputs of all frontends :param node_logger: Logger sent to all API requests :param frontend_id: The name of the frontend in conf file :return: """ result = "" """ Firstly, try to retrieve Frontend with given id """ if frontend_id: try: frontend = Frontend.objects.get(pk=frontend_id) """ Generate ruleset conf of asked frontend """ frontend_conf = frontend.generate_rsyslog_conf() """ And write-it """ write_conf(node_logger, [frontend.get_rsyslog_filename(), frontend_conf, RSYSLOG_OWNER, RSYSLOG_PERMS]) result += "Frontend '{}' conf written.\n".format(frontend_id) except ObjectDoesNotExist: raise VultureSystemError("Frontend with id {} not found, failed to generate conf.".format(frontend_id), "build rsyslog conf", traceback=" ") """ Generate inputs configutation """ service = RsyslogService() """ If frontend was given we cannot check if its conf has changed to restart service and if reload_conf is True, conf has changed so restart service """ if service.reload_conf() or frontend_id: result += "Rsyslog conf updated. Restarting service." result += service.restart() else: result += "Rsyslog conf hasn't changed." return result
def delete_conf(logger, filename): """ """ # Import here to prevent circular import from system.error_templates.models import CONF_PATH as ERROR_TPL_PATH from applications.reputation_ctx.models import DATABASES_PATH as REPUTATION_CTX_DB_PATH from system.pki.models import CERT_PATH from darwin.defender_policy.models import DEFENDER_PATH from darwin.defender_policy.policy import HAPROXY_PATH from services.darwin.darwin import DARWIN_PATH from services.rsyslogd.rsyslog import RSYSLOG_PATH allowed_files_regex = [ "{}/\w+_\d+\.html".format(ERROR_TPL_PATH), "{}/reputation_ctx_\d+\.mmdb".format(REPUTATION_CTX_DB_PATH), "{}/[\w\_\-\.]+-\d\.(chain|crt|pem|key)".format(CERT_PATH), "{}/defender_[0-9]+?\.conf".format(DEFENDER_PATH), "{}/spoe_defender_[0-9]+?\.txt".format(HAPROXY_PATH), "{}/backend_defender_[0-9]+?\.cfg".format(HAPROXY_PATH), "{}/parser_[0-9]+\.rb".format(RSYSLOG_PATH), "{}/f[\w-]+/f[\w-]+_[0-9]+.conf".format(DARWIN_PATH) ] allowed = False for regex in allowed_files_regex: if re_match(regex, filename): allowed = True break if not allowed: raise VultureSystemConfigError( "File '{}' not allowed to be deleted.".format(filename)) try: cmd_res = check_output(["/bin/rm", filename], stderr=PIPE).decode('utf8') if cmd_res: raise VultureSystemConfigError("'{}' : {}".format( filename, cmd_res.strip()), "delete config file", traceback=" ") return "Config'{}' successfully deleted.".format(filename) except CalledProcessError as e: """ Command raise if permission denied or file does not exist """ stdout = e.stdout.decode('utf8') stderr = e.stderr.decode('utf8') # logger.exception("Failed to delete frontend filename '{}': {}".format(frontend_filename, stderr or stdout)) raise VultureSystemError("'{}' : {}".format(filename, (stderr or stdout)), "delete config file", traceback=" ")
def download_mmdb(self): """ Always call this method first, to be sure the MMDB is OK """ content = self.download_file() if self.db_type in ("ipv4", "ipv6", "GeoIP"): try: return open_mmdb_database(content) except Exception as e: logger.error("Downloaded content is not a valid MMDB database") raise VultureSystemError( "Downloaded content is not a valid MMDB database", "download '{}'".format(self.url)) else: return None
def build_conf(node_logger, frontend_id): """ Generate conf of rsyslog inputs, based on all frontends LOG ruleset of frontend outputs of all frontends :param node_logger: Logger sent to all API requests :param frontend_id: The name of the frontend in conf file :return: """ result = "" node = Cluster.get_current_node() reload = False """ Firstly, try to retrieve Frontend with given id """ from services.frontend import models # because of circular imports try: frontend = models.Frontend.objects.get(pk=frontend_id) """ Generate ruleset conf of asked frontend """ tmp = frontend.generate_conf() if frontend.configuration[node.name] != tmp: frontend.configuration[node.name] = tmp reload = True """ And write-it """ write_conf(node_logger, [ frontend.get_filename(), frontend.configuration[node.name], models.FRONTEND_OWNER, models.FRONTEND_PERMS ]) result += "Frontend '{}' conf written.\n".format(frontend_id) except ObjectDoesNotExist: raise VultureSystemError( "Frontend with id {} not found, failed to generate conf.".format( frontend_id), "build HAProxy conf", traceback=" ") """ Generate inputs configuration """ service = HaproxyService() """ If frontend was given we cannot check if its conf has changed to restart service and if reload_conf is True, conf has changed so restart service """ if reload: result = "HAProxy conf updated. Restarting service." result += service.restart() else: result += "HAProxy conf hasn't changed." return result
def download_file(self): """ """ """ If we haven't already downloaded url """ if self.content: return self.content """ Retrieve url and content """ auth = None if self.auth_type: auth_type = AUTH_TYPE_CLASSES.get(self.auth_type) if auth_type: auth = auth_type(self.user, self.password) logger.debug("Try to get URL {}".format(self.url)) try: response = requests.request( self.method, self.url, data=self.post_data if self.method == "POST" else None, headers=self.custom_headers, auth=auth, allow_redirects=True, proxies=get_proxy(), timeout=(2.0, 2.0)) # logger.info("URL '{}' retrieved, status code = {}".format(self.url, response.status_code)) assert response.status_code == 200, "Response code is not 200 ({})".format( response.status_code) """ If its a .gz file, dezip-it """ if self.url[-3:] == ".gz": self.filename = self.url.split('/')[-1][:-3] return gzip_decompress(response.content) if response.headers.get("Content-Disposition"): match = REGEX_GZ.search( response.headers.get("Content-Disposition")) if match and match[1][-3:] == ".gz": self.filename = match[1][:-3] return gzip_decompress(response.content) if not self.filename: self.filename = self.url.split('/')[-1] except Exception as e: raise VultureSystemError(str(e), "download '{}'".format(self.url)) return response.content
def delete_policy_conf(node_logger, policy_id): logger.info("deleting policy {} filter's confs".format(policy_id)) error = False result = "" for darwin_filter in DarwinFilter.objects.exclude(name="session"): fullpath = get_darwin_conf_path(policy_id, darwin_filter.name) logger.info("deleting file {}".format(fullpath)) try: delete_conf_file(node_logger, fullpath) result += "Conf of filter {} deleted\n".format(darwin_filter.name) except VultureSystemError as e: if "No such file or directory" in str(e): node_logger.info("File {} already deleted".format( darwin_filter.name)) else: result += "Failed to delete conf of filter {} : {}\n".format( darwin_filter.name, e) error = True except ServiceExit as e: # DO NOT REMOVE IT - Needed to stop Vultured service ! raise if error: raise VultureSystemError(result) return result