Exemple #1
0
def test_OssecSocket_receive_ko(mock_recv, mock_conn):
    """Tests OssecSocket.receive function exception works"""

    queue = OssecSocket('test_path')

    with pytest.raises(WazuhException, match=".* 1014 .*"):
        queue.receive()

    mock_conn.assert_called_once_with('test_path')
Exemple #2
0
def test_OssecSocket_receive(mock_recv, mock_unpack, mock_conn):
    """Tests OssecSocket.receive function works"""

    queue = OssecSocket('test_path')

    response = queue.receive()

    assert isinstance(response, MagicMock)
    mock_conn.assert_called_once_with('test_path')
Exemple #3
0
def get_daemons_stats_from_socket(agent_id, daemon):
    """Get a daemon stats from an agent or manager.

    Parameters
    ----------
    agent_id : string
        Id of the agent to get stats from.
    daemon : string
        Name of the service to get stats from.

    Returns
    -------
    Dict
        Object with daemon's stats.
    """
    if not agent_id or not daemon:
        raise WazuhError(1307)

    sockets_path = os.path.join(common.ossec_path, "queue", "sockets")

    if str(agent_id).zfill(3) == '000':
        # Some daemons do not exist in agent 000
        if daemon in {'agent'}:
            raise WazuhError(1310)
        dest_socket = os.path.join(sockets_path, daemon)
        command = "getstate"
    else:
        dest_socket = os.path.join(sockets_path, "request")
        command = f"{str(agent_id).zfill(3)} {daemon} getstate"

    # Socket connection
    try:
        s = OssecSocket(dest_socket)
    except Exception:
        raise WazuhInternalError(1121)

    # Send message
    s.send(command.encode())

    # Receive response
    try:
        rec_msg = s.receive().decode()
    except ValueError:
        raise WazuhInternalError(1118, extra_message="Data could not be received")

    s.close()

    # Format response
    try:
        return json.loads(rec_msg)['data']
    except Exception:
        rec_msg = rec_msg.split(" ", 1)[1]
        raise WazuhError(1117, extra_message=rec_msg)
Exemple #4
0
def send_to_tasks_socket(command):
    """Send command to task module

    Parameters
    ----------
    command : dict
        Command to be sent to task module

    Returns
    -------
    Message received from the socket
    """
    try:
        s = OssecSocket(common.TASKS_SOCKET)
    except Exception:
        raise WazuhInternalError(1121)
    s.send(dumps(command).encode())
    data = loads(s.receive().decode())
    s.close()

    return data
Exemple #5
0
def get_active_configuration(agent_id, component, configuration):
    """
    Reads agent loaded configuration in memory
    """
    if not component or not configuration:
        raise WazuhError(1307)

    components = {
        "agent", "agentless", "analysis", "auth", "com", "csyslog",
        "integrator", "logcollector", "mail", "monitor", "request", "syscheck",
        "wmodules"
    }

    # checks if the component is correct
    if component not in components:
        raise WazuhError(1101, f'Valid components: {", ".join(components)}')

    sockets_path = os_path.join(common.ossec_path, "queue", "ossec")

    if agent_id == '000':
        dest_socket = os_path.join(sockets_path, component)
        command = f"getconfig {configuration}"
    else:
        dest_socket = os_path.join(sockets_path, "request")
        command = f"{str(agent_id).zfill(3)} {component} getconfig {configuration}"

    # Socket connection
    try:
        s = OssecSocket(dest_socket)
    except Exception:
        raise WazuhInternalError(1121)

    # Send message
    s.send(command.encode())

    # Receive response
    try:
        # Receive data length
        rec_msg_ok, rec_msg = s.receive().decode().split(" ", 1)
    except ValueError:
        raise WazuhInternalError(1118,
                                 extra_message="Data could not be received")

    s.close()

    if rec_msg_ok.startswith('ok'):
        msg = json.loads(rec_msg)

        # Include password if auth->use_password enabled and authd.pass file exists
        if msg.get('auth', {}).get('use_password') == 'yes':
            try:
                with open(os_path.join(common.ossec_path, "etc", "authd.pass"),
                          'r') as f:
                    msg['authd.pass'] = f.read().rstrip()
            except IOError:
                pass

        return msg
    else:
        raise WazuhError(1117 if "No such file or directory" in rec_msg
                         or "Cannot send request" in rec_msg else 1116,
                         extra_message='{0}:{1}'.format(
                             component, configuration))