def get_os_agent(agent_id, offset=0, limit=common.database_limit, select={}, search={}, sort={}, filters={}, q='',
nested=True):
"""
Get info about an agent's OS
:param agent_id: Agent ID
:param offset: First item to return
:param limit: Maximum number of items to return
:param select: Select fields to return. Format: {"fields": ["field1", "field2"]}
:param search: Looks for items with the specified string. Format: {"fields": ["field1", "field2"]}
:param sort: Sorts the items. Format: {"fields": ["field1", "field2"], "order": "asc|desc"}
:param filters: Defines field filters required by the user. Format: {"field1": "value1", "field2": ["value2","value3"]}
:param q: Defines query to filter
:param nested: Fields to nest
:return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)}
"""
agent_obj = Agent(agent_id)
agent_obj.get_basic_information()
# The osinfo fields in database are different in Windows and Linux
os_name = agent_obj.get_agent_attr('os_name')
windows_fields = {'hostname': 'hostname', 'os_version': 'os_version', 'os_name': 'os_name',
'architecture': 'architecture', 'os_major': 'os_major', 'os_minor': 'os_minor',
'os_build': 'os_build', 'version': 'version', 'os_release': 'os_release', 'scan_time': 'scan_time',
'scan_id': 'scan_id'}
linux_fields = {**windows_fields, **{'os_codename': 'os_codename', 'os_platform': 'os_platform',
'sysname': 'sysname', 'release': 'release'}}
valid_select_fields = windows_fields if 'Windows' in os_name else linux_fields
return get_item_agent(agent_id=agent_id, offset=offset, limit=limit, select=select, nested=nested,
search=search, sort=sort, filters=filters, valid_select_fields=valid_select_fields,
table='sys_osinfo', query=q)
def last_scan(agent_id):
"""
Gets the last scan of the agent.
:param agent_id: Agent ID.
:return: Dictionary: end, start.
"""
my_agent = Agent(agent_id)
# if agent status is never connected, a KeyError happens
try:
agent_version = my_agent.get_basic_information(select={'fields': ['version']})['version']
except KeyError:
# if the agent is never connected, it won't have either version (key error) or last scan information.
return {'start': 'ND', 'end': 'ND'}
if agent_version < 'Wazuh v3.7.0':
db_agent = glob('{0}/{1}-*.db'.format(common.database_path_agents, agent_id))
if not db_agent:
raise WazuhException(1600)
else:
db_agent = db_agent[0]
conn = Connection(db_agent)
# end time
query = "SELECT date_last, log FROM pm_event WHERE log LIKE '% syscheck scan.'"
conn.execute(query)
return {'end' if log.startswith('End') else 'start': date_last for date_last, log in conn}
else:
fim_scan_info = my_agent._load_info_from_agent_db(table='scan_info', select={'end_scan', 'start_scan'},
filters={'module': 'fim'})[0]
end = 'ND' if not fim_scan_info['end_scan'] else datetime.fromtimestamp(float(fim_scan_info['end_scan'])).strftime('%Y-%m-%d %H:%M:%S')
start = 'ND' if not fim_scan_info['start_scan'] else datetime.fromtimestamp(float(fim_scan_info['start_scan'])).strftime('%Y-%m-%d %H:%M:%S')
# if start is 'ND', end will be as well.
return {'start': start, 'end': 'ND' if start == 'ND' else end}
def get_os_agent(agent_id,
offset=0,
limit=common.database_limit,
select={},
search={},
sort={},
filters={},
nested=True):
"""
Get info about an agent's OS
"""
agent_obj = Agent(agent_id)
agent_obj.get_basic_information()
offset = int(offset)
limit = int(limit)
# The osinfo fields in database are different in Windows and Linux
os_name = agent_obj.get_agent_attr('os_name')
windows_fields = {
'hostname', 'os_version', 'os_name', 'architecture', 'os_major',
'os_minor', 'os_build', 'version', 'scan_time', 'scan_id'
}
linux_fields = windows_fields | {
'os_codename', 'os_platform', 'sysname', 'release'
}
valid_select_fields = windows_fields if 'Windows' in os_name else linux_fields
allowed_sort_fields = {'os_name', 'hostname', 'architecture'}
return get_item_agent(agent_id=agent_id,
offset=offset,
limit=limit,
select=select,
search=search,
sort=sort,
filters=filters,
allowed_sort_fields=allowed_sort_fields,
valid_select_fields=valid_select_fields,
table='sys_osinfo',
nested=nested)
def last_scan(agent_id):
"""
Gets the last scan of the agent.
:param agent_id: Agent ID.
:return: Dictionary: end, start.
"""
my_agent = Agent(agent_id)
# if agent status is never connected, a KeyError happens
try:
agent_version = my_agent.get_basic_information(
select={'fields': ['version']})['version']
except KeyError:
# if the agent is never connected, it won't have either version (key error) or last scan information.
return {'start': 'ND', 'end': 'ND'}
if WazuhVersion(agent_version) < WazuhVersion('Wazuh v3.7.0'):
db_agent = glob('{0}/{1}-*.db'.format(common.database_path_agents,
agent_id))
if not db_agent:
raise WazuhException(1600)
else:
db_agent = db_agent[0]
conn = Connection(db_agent)
data = {}
# end time
query = "SELECT max(date_last) FROM pm_event WHERE log = 'Ending rootcheck scan.'"
conn.execute(query)
for tuple in conn:
data['end'] = tuple['max(date_last)'] if tuple[
'max(date_last)'] is not None else "ND"
# start time
query = "SELECT max(date_last) FROM pm_event WHERE log = 'Starting rootcheck scan.'"
conn.execute(query)
for tuple in conn:
data['start'] = tuple['max(date_last)'] if tuple[
'max(date_last)'] is not None else "ND"
return data
else:
fim_scan_info = WazuhDBQuerySyscheck(
agent_id=agent_id,
query='module=fim',
offset=0,
sort=None,
search=None,
limit=common.database_limit,
select={
'fields': ['end', 'start']
},
fields={
'end': 'end_scan',
'start': 'start_scan',
'module': 'module'
},
table='scan_info',
default_sort_field='start_scan').run()['items'][0]
return fim_scan_info