def build_conf(node_logger, frontend_id=None):
""" Generate conf of rsyslog inputs, based on all frontends LOG
ruleset of frontend
outputs of all frontends
:param node_logger: Logger sent to all API requests
:param frontend_id: The name of the frontend in conf file
:return:
"""
result = ""
""" Firstly, try to retrieve Frontend with given id """
if frontend_id:
try:
frontend = Frontend.objects.get(pk=frontend_id)
""" Generate ruleset conf of asked frontend """
frontend_conf = frontend.generate_rsyslog_conf()
""" And write-it """
write_conf(node_logger, [frontend.get_rsyslog_filename(), frontend_conf, RSYSLOG_OWNER, RSYSLOG_PERMS])
result += "Frontend '{}' conf written.\n".format(frontend_id)
except ObjectDoesNotExist:
raise VultureSystemError("Frontend with id {} not found, failed to generate conf.".format(frontend_id),
"build rsyslog conf", traceback=" ")
""" Generate inputs configutation """
service = RsyslogService()
""" If frontend was given we cannot check if its conf has changed to restart service
and if reload_conf is True, conf has changed so restart service
"""
if service.reload_conf() or frontend_id:
result += "Rsyslog conf updated. Restarting service."
result += service.restart()
else:
result += "Rsyslog conf hasn't changed."
return result
def delete_conf(logger, filename):
""" """
# Import here to prevent circular import
from system.error_templates.models import CONF_PATH as ERROR_TPL_PATH
from applications.reputation_ctx.models import DATABASES_PATH as REPUTATION_CTX_DB_PATH
from system.pki.models import CERT_PATH
from darwin.defender_policy.models import DEFENDER_PATH
from darwin.defender_policy.policy import HAPROXY_PATH
from services.darwin.darwin import DARWIN_PATH
from services.rsyslogd.rsyslog import RSYSLOG_PATH
allowed_files_regex = [
"{}/\w+_\d+\.html".format(ERROR_TPL_PATH),
"{}/reputation_ctx_\d+\.mmdb".format(REPUTATION_CTX_DB_PATH),
"{}/[\w\_\-\.]+-\d\.(chain|crt|pem|key)".format(CERT_PATH),
"{}/defender_[0-9]+?\.conf".format(DEFENDER_PATH),
"{}/spoe_defender_[0-9]+?\.txt".format(HAPROXY_PATH),
"{}/backend_defender_[0-9]+?\.cfg".format(HAPROXY_PATH),
"{}/parser_[0-9]+\.rb".format(RSYSLOG_PATH),
"{}/f[\w-]+/f[\w-]+_[0-9]+.conf".format(DARWIN_PATH)
]
allowed = False
for regex in allowed_files_regex:
if re_match(regex, filename):
allowed = True
break
if not allowed:
raise VultureSystemConfigError(
"File '{}' not allowed to be deleted.".format(filename))
try:
cmd_res = check_output(["/bin/rm", filename],
stderr=PIPE).decode('utf8')
if cmd_res:
raise VultureSystemConfigError("'{}' : {}".format(
filename, cmd_res.strip()),
"delete config file",
traceback=" ")
return "Config'{}' successfully deleted.".format(filename)
except CalledProcessError as e:
""" Command raise if permission denied or file does not exist """
stdout = e.stdout.decode('utf8')
stderr = e.stderr.decode('utf8')
# logger.exception("Failed to delete frontend filename '{}': {}".format(frontend_filename, stderr or stdout))
raise VultureSystemError("'{}' : {}".format(filename,
(stderr or stdout)),
"delete config file",
traceback=" ")
def download_mmdb(self):
""" Always call this method first, to be sure the MMDB is OK """
content = self.download_file()
if self.db_type in ("ipv4", "ipv6", "GeoIP"):
try:
return open_mmdb_database(content)
except Exception as e:
logger.error("Downloaded content is not a valid MMDB database")
raise VultureSystemError(
"Downloaded content is not a valid MMDB database",
"download '{}'".format(self.url))
else:
return None
def build_conf(node_logger, frontend_id):
""" Generate conf of rsyslog inputs, based on all frontends LOG
ruleset of frontend
outputs of all frontends
:param node_logger: Logger sent to all API requests
:param frontend_id: The name of the frontend in conf file
:return:
"""
result = ""
node = Cluster.get_current_node()
reload = False
""" Firstly, try to retrieve Frontend with given id """
from services.frontend import models # because of circular imports
try:
frontend = models.Frontend.objects.get(pk=frontend_id)
""" Generate ruleset conf of asked frontend """
tmp = frontend.generate_conf()
if frontend.configuration[node.name] != tmp:
frontend.configuration[node.name] = tmp
reload = True
""" And write-it """
write_conf(node_logger, [
frontend.get_filename(), frontend.configuration[node.name],
models.FRONTEND_OWNER, models.FRONTEND_PERMS
])
result += "Frontend '{}' conf written.\n".format(frontend_id)
except ObjectDoesNotExist:
raise VultureSystemError(
"Frontend with id {} not found, failed to generate conf.".format(
frontend_id),
"build HAProxy conf",
traceback=" ")
""" Generate inputs configuration """
service = HaproxyService()
""" If frontend was given we cannot check if its conf has changed to restart service
and if reload_conf is True, conf has changed so restart service
"""
if reload:
result = "HAProxy conf updated. Restarting service."
result += service.restart()
else:
result += "HAProxy conf hasn't changed."
return result
def download_file(self):
""" """
""" If we haven't already downloaded url """
if self.content:
return self.content
""" Retrieve url and content """
auth = None
if self.auth_type:
auth_type = AUTH_TYPE_CLASSES.get(self.auth_type)
if auth_type:
auth = auth_type(self.user, self.password)
logger.debug("Try to get URL {}".format(self.url))
try:
response = requests.request(
self.method,
self.url,
data=self.post_data if self.method == "POST" else None,
headers=self.custom_headers,
auth=auth,
allow_redirects=True,
proxies=get_proxy(),
timeout=(2.0, 2.0))
# logger.info("URL '{}' retrieved, status code = {}".format(self.url, response.status_code))
assert response.status_code == 200, "Response code is not 200 ({})".format(
response.status_code)
""" If its a .gz file, dezip-it """
if self.url[-3:] == ".gz":
self.filename = self.url.split('/')[-1][:-3]
return gzip_decompress(response.content)
if response.headers.get("Content-Disposition"):
match = REGEX_GZ.search(
response.headers.get("Content-Disposition"))
if match and match[1][-3:] == ".gz":
self.filename = match[1][:-3]
return gzip_decompress(response.content)
if not self.filename:
self.filename = self.url.split('/')[-1]
except Exception as e:
raise VultureSystemError(str(e), "download '{}'".format(self.url))
return response.content
def delete_policy_conf(node_logger, policy_id):
logger.info("deleting policy {} filter's confs".format(policy_id))
error = False
result = ""
for darwin_filter in DarwinFilter.objects.exclude(name="session"):
fullpath = get_darwin_conf_path(policy_id, darwin_filter.name)
logger.info("deleting file {}".format(fullpath))
try:
delete_conf_file(node_logger, fullpath)
result += "Conf of filter {} deleted\n".format(darwin_filter.name)
except VultureSystemError as e:
if "No such file or directory" in str(e):
node_logger.info("File {} already deleted".format(
darwin_filter.name))
else:
result += "Failed to delete conf of filter {} : {}\n".format(
darwin_filter.name, e)
error = True
except ServiceExit as e: # DO NOT REMOVE IT - Needed to stop Vultured service !
raise
if error:
raise VultureSystemError(result)
return result