def get_agent_groups(group_list=None,
offset=0,
limit=None,
sort=None,
search=None,
hash_algorithm='md5'):
"""Gets the existing groups.
:param group_list: List of Group names.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort: Fields to sort the items by.
:param search: Text to search.
:param hash_algorithm: hash algorithm used to get mergedsum and configsum.
:return: AffectedItemsWazuhResult.
"""
affected_groups = list()
result = AffectedItemsWazuhResult(
all_msg='All selected groups information was returned',
some_msg='Some groups information was not returned',
none_msg='No group information was returned')
if group_list:
# Add failed items
for invalid_group in set(group_list) - get_groups():
result.add_failed_item(id_=invalid_group,
error=WazuhResourceNotFound(1710))
rbac_filters = get_rbac_filters(system_resources=get_groups(),
permitted_resources=group_list)
group_query = WazuhDBQueryGroup(offset=offset,
limit=limit,
sort=sort,
search=search,
**rbac_filters)
query_data = group_query.run()
for group in query_data['items']:
full_entry = path.join(common.shared_path, group['name'])
# merged.mg and agent.conf sum
merged_sum = get_hash(path.join(full_entry, "merged.mg"),
hash_algorithm)
conf_sum = get_hash(path.join(full_entry, "agent.conf"),
hash_algorithm)
if merged_sum:
group['mergedSum'] = merged_sum
if conf_sum:
group['configSum'] = conf_sum
affected_groups.append(group)
result.affected_items = affected_groups
result.total_affected_items = query_data['totalItems']
return result
def remove_agents_from_group(agent_list=None, group_list=None):
"""Remove a list of agents assignment from a specified group.
:param agent_list: List of agents ID's.
:param group_list: List of Group names.
:return: AffectedItemsWazuhResult.
"""
group_id = group_list[0]
result = AffectedItemsWazuhResult(
all_msg=f'All selected agents were removed from group {group_id}',
some_msg=f'Some agents were not removed from group {group_id}',
none_msg=f'No agent was removed from group {group_id}')
system_groups = get_groups()
system_agents = get_agents_info()
# Check if group exists
if group_id not in system_groups:
raise WazuhResourceNotFound(1710)
for agent_id in agent_list:
try:
if agent_id == '000':
raise WazuhError(1703)
elif agent_id not in system_agents:
raise WazuhResourceNotFound(1701)
Agent.unset_single_group_agent(agent_id=agent_id,
group_id=group_id,
force=True)
result.affected_items.append(agent_id)
except WazuhException as e:
result.add_failed_item(id_=agent_id, error=e)
result.total_affected_items = len(result.affected_items)
result.affected_items.sort(key=int)
return result
def get_agents_in_group(group_list,
offset=0,
limit=common.database_limit,
sort=None,
search=None,
select=None,
filters=None,
q=None):
"""Gets a list of available agents with basic attributes.
:param group_list: Group ID.
:param offset: First item to return.
:param limit: Maximum number of items to return.
:param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}.
:param select: Select fields to return. Format: {"fields":["field1","field2"]}.
:param search: Looks for items with the specified string. Format: {"fields": ["field1","field2"]}.
:param filters: Defines required field filters. Format: {"field1":"value1", "field2":["value2","value3"]}.
:param q: Defines query to filter in DB.
:return: AffectedItemsWazuhResult.
"""
system_groups = get_groups()
if group_list[0] not in system_groups:
raise WazuhResourceNotFound(1710)
q = 'group=' + group_list[0] + (';' + q if q else '')
return get_agents(offset=offset,
limit=limit,
sort=sort,
search=search,
select=select,
filters=filters,
q=q)
def delete_groups(group_list=None):
"""Delete a list of groups and remove it from every agent assignments.
:param group_list: List of Group names.
:return: AffectedItemsWazuhResult.
"""
result = AffectedItemsWazuhResult(all_msg='All selected groups were deleted',
some_msg='Some groups were not deleted',
none_msg='No group was deleted')
system_groups = get_groups()
for group_id in group_list:
try:
# Check if group exists
if group_id not in system_groups:
raise WazuhResourceNotFound(1710)
elif group_id == 'default':
raise WazuhError(1712)
agent_list = [agent['id'] for agent in WazuhDBQueryMultigroups(group_id=group_id, limit=None).run()['items']]
try:
affected_agents_result = remove_agents_from_group(agent_list=agent_list, group_list=[group_id])
if affected_agents_result.total_failed_items != 0:
raise WazuhError(4015)
except WazuhError:
raise WazuhError(4015)
Agent.delete_single_group(group_id)
affected_agents_result.affected_items.sort(key=int)
result.affected_items.append({group_id: affected_agents_result.affected_items})
except WazuhException as e:
result.add_failed_item(id_=group_id, error=e)
result.affected_items.sort(key=lambda x: next(iter(x)))
result.total_affected_items = len(result.affected_items)
return result
def _expand_resource(resource):
"""This function expand a specified resource depending of its type.
Parameters
----------
resource : str
Resource to be expanded
Returns
-------
str
Result of the resource expansion.
"""
name, attribute, value = resource.split(':')
resource_type = ':'.join([name, attribute])
# This is the special case, expand_group can receive * or the name of the group. That's why it' s always called
if resource_type == 'agent:group':
return expand_group(value)
# We need to transform the wildcard * to the resource of the system
if value == '*':
if resource_type == 'agent:id':
return get_agents_info()
elif resource_type == 'group:id':
return get_groups()
elif resource_type == 'role:id':
with RolesManager() as rm:
roles = rm.get_roles()
return {str(role_id.id) for role_id in roles}
elif resource_type == 'policy:id':
with PoliciesManager() as pm:
policies = pm.get_policies()
return {str(policy_id.id) for policy_id in policies}
elif resource_type == 'user:id':
users_system = set()
with AuthenticationManager() as auth:
users = auth.get_users()
for user in users:
users_system.add(str(user['user_id']))
return users_system
elif resource_type == 'rule:id':
with RulesManager() as rum:
rules = rum.get_rules()
return {str(rule_id.id) for rule_id in rules}
elif resource_type == 'rule:file':
return expand_rules()
elif resource_type == 'decoder:file':
return expand_decoders()
elif resource_type == 'list:file':
return expand_lists()
elif resource_type == 'node:id':
return set(cluster_nodes.get())
elif resource_type == '*:*': # Resourceless
return {'*'}
return set()
# We return the value casted to set
else:
return {value}
def remove_agent_from_group(group_list=None, agent_list=None):
"""Removes an agent assignment from a specified group.
:param group_list: List of Group names.
:param agent_list: List of Agent IDs.
:return: Confirmation message.
"""
group_id = group_list[0]
agent_id = agent_list[0]
# Check if agent and group exist and it is not 000
if agent_id not in get_agents_info():
raise WazuhResourceNotFound(1701)
if agent_id == '000':
raise WazuhError(1703)
if group_id not in get_groups():
raise WazuhResourceNotFound(1710)
return WazuhResult({'message': Agent.unset_single_group_agent(agent_id=agent_id, group_id=group_id, force=True)})
def delete_groups(group_list=None):
"""Delete a list of groups and remove it from every agent assignments.
:param group_list: List of Group names.
:return: AffectedItemsWazuhResult.
"""
result = AffectedItemsWazuhResult(
all_msg='All selected groups were deleted',
some_msg='Some groups were not deleted',
none_msg='No group was deleted')
affected_agents = set()
system_groups = get_groups()
for group_id in group_list:
try:
# Check if group exists
if group_id not in system_groups:
raise WazuhError(1710)
if group_id == 'default':
raise WazuhError(1712)
agent_list = list(
map(
operator.itemgetter('id'),
WazuhDBQueryMultigroups(group_id=group_id,
limit=None).run()['items']))
try:
affected_agents_result = remove_agents_from_group(
agent_list=agent_list, group_list=[group_id])
if affected_agents_result.total_failed_items != 0:
raise WazuhError(4015)
except WazuhError:
raise WazuhError(4015)
Agent.delete_single_group(group_id)
result.affected_items.append(group_id)
affected_agents.update(affected_agents_result.affected_items)
except WazuhException as e:
result.add_failed_item(id_=group_id, error=e)
result['affected_agents'] = sorted(affected_agents, key=int)
result.affected_items.sort()
result.total_affected_items = len(result.affected_items)
return result
def remove_agent_from_groups(agent_list=None, group_list=None):
"""Removes an agent assigment from a list of groups.
:param agent_list: List of agents ID's.
:param group_list: List of Group names.
:return: AffectedItemsWazuhResult.
"""
agent_id = agent_list[0]
result = AffectedItemsWazuhResult(
all_msg='Specified agent was removed from returned groups',
some_msg='Specified agent was not removed from some groups',
none_msg='Specified agent was not removed from any group')
# Check if agent exists and it is not 000
if agent_id == '000':
raise WazuhError(1703)
if agent_id not in get_agents_info():
raise WazuhResourceNotFound(1701)
# We move default group to last position in case it is contained in group_list. When an agent is removed from all
# groups it is reverted to 'default'. We try default last to avoid removing it and then adding again.
try:
group_list.append(group_list.pop(group_list.index('default')))
except ValueError:
pass
system_groups = get_groups()
for group_id in group_list:
try:
if group_id not in system_groups:
raise WazuhResourceNotFound(1710)
Agent.unset_single_group_agent(agent_id=agent_id,
group_id=group_id,
force=True)
result.affected_items.append(group_id)
except WazuhException as e:
result.add_failed_item(id_=group_id, error=e)
result.total_affected_items = len(result.affected_items)
result.affected_items.sort()
return result
def _expand_resource(resource):
"""This function expand a specified resource depending of it type.
:param resource: Resource to be expanded
:return expanded_resource: Returns the result of the resource expansion
"""
name, attribute, value = resource.split(':')
resource_type = ':'.join([name, attribute])
# This is the special case, expand_group can receive * or the name of the group. That's why it' s always called
if resource_type == 'agent:group':
return expand_group(value)
# We need to transform the wildcard * to the resource of the system
if value == '*':
if resource_type == 'agent:id':
return get_agents_info()
elif resource_type == 'group:id':
return get_groups()
elif resource_type == 'role:id':
with RolesManager() as rm:
roles = rm.get_roles()
return {str(role_id.id) for role_id in roles}
elif resource_type == 'policy:id':
with PoliciesManager() as pm:
policies = pm.get_policies()
return {str(policy_id.id) for policy_id in policies}
elif resource_type == 'user:id':
users_system = set()
with AuthenticationManager() as auth:
users = auth.get_users()
for user in users:
users_system.add(user['user_id'])
return users_system
elif resource_type == 'rule:id':
with RulesManager() as rum:
rules = rum.get_rules()
return {str(rule_id.id) for rule_id in rules}
elif resource_type == 'rule:file':
tags = ['rule_include', 'rule_exclude', 'rule_dir']
format_rules = format_rule_decoder_file(
get_ossec_conf(section='ruleset')['ruleset'], {
'status': Status.S_ALL.value,
'relative_dirname': None,
'filename': None
}, tags)
return {rule['filename'] for rule in format_rules}
elif resource_type == 'decoder:file':
tags = ['decoder_include', 'decoder_exclude', 'decoder_dir']
format_decoders = format_rule_decoder_file(
get_ossec_conf(section='ruleset')['ruleset'], {
'status': Status.S_ALL.value,
'relative_dirname': None,
'filename': None
}, tags)
return {decoder['filename'] for decoder in format_decoders}
elif resource_type == 'list:path':
return {
os.path.join(cdb_list['relative_dirname'],
cdb_list['filename'])
for cdb_list in iterate_lists(only_names=True)
}
elif resource_type == 'node:id':
return set(cluster_nodes.get())
elif resource_type == 'file:path':
return get_files()
elif resource_type == '*:*': # Resourceless
return {'*'}
return set()
# We return the value casted to set
else:
return {value}
