Exemple #1
0
 def save_object(self, **kwargs):
     """ Add the contents of a policy object to the database. """
     
     print '\n\n Save object \n\n'
     try:
         content = escape_string(kwargs['object-content'])
         object_id = int(kwargs['object-id'])
         type = kwargs['object-type']
         item_id = kwargs['policy-id']
         if object_id == 0:
             policy_item = Session.query(PolicyChain).filter(
             PolicyChain.id == item_id).one()
             
             policy_object = PolicyObject(type, content)
             Session.add(policy_object)
             Session.flush()
             
             policy_item.policyobject_id = policy_object.id
         else:
             policy_object= Session.query(PolicyObject).filter(PolicyObject.id == object_id).one()
         
             policy_object.contents = content
             policy_object.type = type
         
         Session.merge(policy_object)
         Session.flush()
         
     except KeyError as e:
         print e
     except NoResultFound as e:
         #policy_object = PolicyObject(type, content)
         #Session.add(policy_object)
         #Session.flush()
         print 'no result found'
         pass
Exemple #2
0
 def get_object(self, id=0):
     """ Return policy object as a JSON string.
     
     Produces slightly different output than get_policy_item().
     """
     if id == 0:
         policy_object = Session.query(PolicyObject).first()
     else:
         policy_object = Session.query(PolicyObject).filter(
         PolicyObject.id == id).one()
     
     return simplejson.dumps(policy_object.make_json())                
Exemple #3
0
 def index(self):
     """ The main page shown for sensor, lists all activated sensors, grouped by location. """
     
     location_list = Session.query(SensorLocation)\
              .join(Sensor)\
              .filter(Sensor.active == 1)\
              .all()
     
     locations = Session.query(SensorLocation).all()
     
     return ({ 'page_title': 'Sensor', 'secondmenu': self._create_sidemenu(),
      'location_list' : location_list, 'locations' : locations})
Exemple #4
0
    def save_sensor_data(self, **kwargs):
        """ Get a sensors data provided bu a form, and either change it or add new. """
     
        try:
            """ Retrieves information from web request. """
            addName = escape_string(kwargs['sensor_name'])
            addIp = escape_string(kwargs['sensor_ip'])
            addLocation = kwargs['sensor_location']
            addDescription = escape_string(kwargs['sensor_description'])
            sensor_id = kwargs['sensor_id']
        except KeyError as e:
            print 'There was a key error %s' % (e)

        
        try: 
            """ In case sensor does not excist. """
            if sensor_id == 0:    
                raise NoResultFound
                
            sensor = Session.query(Sensor).filter(Sensor.id == sensor_id).one()
            sensor.name = addName
            sensor.ip = addIp
            sensor.description = addDescription
            
            Session.merge(sensor)
            
        except NoResultFound: # Sensor does not exsist, add new.
            new_sensor = Sensor(addName, addIp, addLocation, addDescription)
            Session.add(new_sensor)
        finally:
            Session.flush()
        
        Session.flush()
Exemple #5
0
    def add_object(self, **kwargs):
        """ Creates a new policy object. """
        try:

            if kwargs['object_id'] is None or not kwargs['object_id'].isdigit():
                raise TypeError('Policy ID is either None or ID is not int')
            if kwargs ['object_content'] is None:
                raise TypeError('Policy content None')
        except KeyError as e:
            return 'Key %s does not exist' % e
        except TypeError as e:
            return '<p>An error occured</p><p><b>Errorinfo:</b><br/>%s' % e
        
        policy_id = kwargs['object_id'] 
        try:
        
            policy_object = Session.query(PolicyObject).filter(PolicyObject.id == policy_id).one()
            policy_object.contents = escape_string(kwargs['object_content'])
            Session.merge(policy_object)
            Session.flush()
        except NoResultFound:
            policy_object = PolicyObject(contents = escape_string(kwargs['object_content']))
            Session.add(policy_object)
            Session.flush()
        
        finally:
            raise cherrypy.HTTPRedirect("/policy/")
Exemple #6
0
    def register_source(self, **kwargs):
        """ Register source data, and adds to database. 
        
        If source exsists, it will be updated. If the source does not excist it will be added.
        """


        try: # Check if source is active, deactivate if necessary.
            if 'active' not in kwargs or kwargs['active'] == 'off':
                active = 0
            else:
                active = 1
                
            url = kwargs['source-url']
        except KeyError:
            raise

        if 'source-id' in kwargs:
            id = kwargs['source-id']
        else:
            id = None
         

    	if id:
    	    sourceUrl = Session.query(UpdateSource).get(id)
    	    sourceUrl.url = url
    	    sourceUrl.active = active
    	else:
            sourceUrl = UpdateSource(active, url)
    	Session.merge(sourceUrl)
    	
    	raise cherrypy.HTTPRedirect('/rules/')
Exemple #7
0
 def new_object(self, id = 0):
     """ Adds a new object to the end of the policy """
     if 'Referer' in cherrypy.request.headers:
         return_url = cherrypy.request.headers['Referer']
     else:
         return_url = '/policy/'
     
     try:
         last_object = Session.query(PolicyChain).filter(and_(
         PolicyChain.chain_id == id, PolicyChain.child == 0)).one();
         parent = last_object.id
     
         new_object = PolicyChain(id, 0, parent, 0)   
         Session.add(new_object)
         Session.flush()
     
         last_object.child = new_object.id
         Session.merge(last_object)
         Session.flush()
     except NoResultFound:
         new_object = PolicyChain(id, 0, 0, 0)   
         Session.add(new_object)
         Session.flush()
     
     raise cherrypy.HTTPRedirect(return_url)
Exemple #8
0
 def index(self):
     """ Returns a list of sources.
     
     Landing page for Snort rule sources, returns a list of all the sources registered in the system.
     """
     sources = Session.query(UpdateSource)
     
     return (self.render({ 'page_title': 'Rules', 'sources': sources }))
Exemple #9
0
 def source(self, id = 0):
     """ Returns interface to add Snort sources. """
 	source_url = None
     
 	if id is not 0:
 	    source_url = Session.query(UpdateSource).get(id)
 	    
 	    
 	return { 'page_title': 'Rules', 'source_url': source_url}
Exemple #10
0
    def add_rules_to_database(self, file_id, ruleList):
        """ Add rules to database based on file """
        stored_rules = Session.query(Rules).filter(Rules.file == file_id).all()  # Returns entire set of rules
        stored_list = {}  # Cache of already accessed rules
        rules_to_add = []  # List of rule to add to database
        for new_rule in ruleList:
            try:

                try:
                    if int(new_rule.sid) not in stored_list or stored_list[new_rule.sid] is None:
                        stored_list[int(new_rule.sid)] = self._find_local_rule(stored_rules, int(new_rule.sid))

                    stored_local_rules = stored_list[int(new_rule.sid)]

                    if stored_local_rules is None or len(stored_local_rules) == 0:
                        # 					    print 'print %s is not in DB. Type %s' % (int(new_rule.sid), type(new_rule.sid))
                        # 					    for rules in stored_rules:
                        # 					        print 'Sid: %s Rev: %s\nRule: %s' % (rules.sid, rules.rev, rules.rule)

                        raise NoResultFound

                    old_rule = stored_local_rules[0]
                    # print '--#--\n SID: %s' % (new_rule.sid)
                    # print '---\n ID: %s \n Rule: %s --#--' % (old_rule.sid, old_rule.rule)

                    # print '-#- \n %s \n -#- \n %s-#-'  % (old_rule, new_rule)

                    if int(old_rule.rev) < int(new_rule.rev) or str(old_rule.rule) != str(new_rule.raw):
                        old_rule = self.deactivate_rule(old_rule)
                        print "Different revision or content %s" % old_rule.sid
                        raise NoResultFound

                    if new_rule.active != old_rule.active:
                        print "Rule is deactiviated: %s" % old_rule.sid
                        old_rule = deactiviate_rule(old_rule)

                    stored_local_rules[0] = old_rule
                    stored_list[int(new_rule.sid)] = stored_local_rules
                except NoResultFound:  # No result found, add rule
                    new_rule_add = Rules(new_rule, file_id)
                    rules_to_add.append(new_rule_add)
                except IndexError as e:
                    print "List index: %s" % (e)
                    print stored_local_rules
                    exit(1)
                except TypeError as e:
                    print "Type error: %s" % (e)
                    # 					print type(new_rule.sid)
                    # 					print stored_local_rules
                    exit(1)

            except OperationalError as e:
                print "EXCEPTION in add_rules_to_database\nError information: %s" % (e)  # TODO: Needs to f**k off

        Session.add_all(rules_to_add)
        Session.flush()
Exemple #11
0
    def remove_object(self, **kwargs):
        """ Remove the object from the list """
        
        if 'Referer' in cherrypy.request.headers:
            return_url = cherrypy.request.headers['Referer']
        else:
            return_url = '/policy/'
        try:
            if kwargs['object-id'] is None or not kwargs['object-id'].isdigit():
                raise TypeError('Policy ID is either None or ID is not int')
            if kwargs['policy-id'] is None:
                raise TypeError('Policy content None')

            object_id = int(kwargs['object-id'])
            policy_id = int(kwargs['policy-id'])
            
            delete_object = Session.query(PolicyChain).filter(and_(
            PolicyChain.chain_id == policy_id, PolicyChain.id == object_id)).one()
            parent = delete_object.parent
            child = delete_object.child
            Session.delete(delete_object)
            
            if parent != 0:
                parent_object = Session.query(PolicyChain).filter(and_(
                PolicyChain.id == parent, PolicyChain.chain_id == policy_id)).one()
                parent_object.child = child
                Session.merge(parent_object)
            
            if child != 0:
                child_object = Session.query(PolicyChain).filter(and_(
                PolicyChain.id == child, PolicyChain.chain_id == policy_id)).one()
                
                child_object.parent = parent
                Session.merge(child_object)
            
            Session.flush()
            
            raise cherrypy.HTTPRedirect(return_url)
        except NoResultFound:
            raise cherrypy.HTTPRedirect(return_url)
        except KeyError as e:
            raise
Exemple #12
0
    def get_policy_item(self, id=0):
        """ Return a policy item as a JSON string. """
        cherrypy.response.headers['Content-Type'] = 'application/json'
        try:
                policy_item = Session.query(PolicyChain).join(PolicyObject).filter(
                PolicyChain.id == id).one()
                policy_object = policy_item.policyobject
        except NoResultFound:
            return simplejson.dumps({'id' : 0, 'active' : 0, 'type' : 0, 'contents' : '' })

        return simplejson.dumps(policy_object.make_json())                
Exemple #13
0
 def index(self):
     """ Returns a list of the active policies in the system.
     
     Provides a list of active policies and the ability to create more.
     """
     policy_chain = Session.query(PolicyChainMeta).filter(PolicyChainMeta.active == 1).all()
     
     for item in policy_chain:
         if item.name is None:
             item.name = 'N/A'
     
     return self.render({ 'page_title': 'Policy chains', 'policy_chain': policy_chain})
Exemple #14
0
 def delete_sensor(self, **kwargs):
     """ Deactivates a sensor in the system. """
     try:
         id = kwargs['sensor_id']
         sensor = Session.query(Sensor).filter(Sensor.id == id).one()
         sensor.active = 0
         Session.merge(sensor)
         Session.flush()
     except NoResultFound:
         print 'No result found'
     except KeyError as e:
         print 'Key error occured %s' % e
Exemple #15
0
    def get_ignore_list(self, urlID):
        """ Gets the list of files to ignore """
        filesToIgnore = []  # List of files and folders to ignore

        try:
            IgnoreList = Session.query(UpdateFilter).filter(UpdateFilter.updateurl == urlID)
            for item in IgnoreList:
                filesToIgnore.append(item.path)
        except Exception as e:
            print ("Exception; problem with generation of ignore list")
            print e
            exit(1)

        return filesToIgnore
Exemple #16
0
    def download_rules(self):
        """ Downloads all the rules from a provided array of lists and reads from file """
        # PROPER VALUES
        tempDownloadFolder = self.tempDownloadFolder
        try:
            listOfUrl = Session.query(UpdateSource).filter(
                UpdateSource.active == 1
            )  # sql.execute("SELECT id, url FROM UpdateUrl WHERE active = 1")

            for listUrl in listOfUrl:
                try:
                    # Get ignores
                    self.register_update_in_database(listUrl.id)  # Register
                    IgnoreList = self.get_ignore_list(listUrl.id)
                    FileUrl = listUrl.url  # TODO: DELETE
                    urlHandler = urllib2.urlopen(FileUrl)
                    localFileName = re.search(r"(?<=/{1})[\w\-\.]+\.(rules|tar\.gz|zip|conf)", FileUrl)
                    localFilePath = os.path.join(tempDownloadFolder, os.path.basename(localFileName.group(0)))
                    localFile = open(localFilePath, "w")
                    localFile.write(urlHandler.read())
                    localFile.close()
                    isArchive = self.check_if_file_is_archive(localFilePath)
                    if isArchive == None:
                        self.read_rule_file(localFilePath, listUrl.id, IgnoreList)  # Traverse dir
                    else:
                        for file in isArchive:
                            full_path = os.path.join(tempDownloadFolder, file)
                            # 							print 'Reading file name %s' % full_path
                            self.read_rule_file(full_path, listUrl.id, IgnoreList)
                            # self.get_rule_contents(os.path.join(tempDownloadFolder, file), listUrl.id, IgnoreList)
                except urllib2.HTTPError, e:
                    errorCodes = {404: "Not Found", 403: "Forbidden"}
                    print r"""
===================
Error while downloading updates
Url: %s
Error code: %i
Error message: %s
===================
""" % (
                        FileUrl,
                        e.code,
                        errorCodes[e.code],
                    )

                except urllib2.URLError, e:
                    print "Error with URL", e.reason  # TODO: OVERSETT
Exemple #17
0
 def get_sensor_data(self, id):
     """ Returns a JSON string containing a sensors data.
     
     This function takes a sensors ID as paramater, and providing it exists will return all its data as JSON string.
     
     The function is used by AJAX to populate forms. """
     try:
         if not id.isdigit():
             raise TypeError
         
         sensor = Session.query(Sensor).filter(Sensor.id == id).one()
     except TypeError:
         print 'Type error occured'
     except NoResultFound:
         print 'No result found'
                 
     return simplejson.dumps(sensor.make_json())
Exemple #18
0
    def delete_policy(self, id = 0):
        """ Sets a policy to deactive in the database. """
        try:
            self.check_status()
        except SystemLockedException:
            raise cherrypy.HTTPRedirect('/policy/')

        if id == 0:
            raise NoResultFound
        
        try:
            policy = Session.query(PolicyChainMeta).filter(PolicyChainMeta.id == id).one()
            policy.active = 0
            Session.merge(policy)
            Session.flush()
        except NoResultFound:
            pass
        finally:
            raise cherrypy.HTTPRedirect('/policy/')
Exemple #19
0
 def choose_object(self, **kwargs):
     """ Choose a excisting policy object. """
     try:
         if 'object-id' not in kwargs and 'policy-id' not in kwargs:
             raise KeyError
         
         object_id = kwargs['object-id']
         policy_id = kwargs['policy-id']
         
         policy_object = Session.query(PolicyChain).filter(
         PolicyChain.id == policy_id).one()
         
         policy_object.policyobject_id = object_id
         
         Session.merge(policy_object)
         Session.flush()
     
     except KeyError:
         print 'KeyError'
Exemple #20
0
    def register_file_in_database(self, file, urlid):
        """ Register a Snort rule in the database
		
		This method will register a Snort rule file with its full path and file name.
		
		:param file: the full path with filename.
		:param urlid: the update source. Used to connect registered file to correct source in the database.
		"""
        try:
            base_path = str(self.tempDownloadFolder)
            search_pattern = re.compile(r"(?P<path>[A-z]+)/(?P<name>(\w|\.|-)+)$")  # Search for file ending
            file_attributes = search_pattern.search(file)  #
            file_name = file_attributes.group("name")
            file_path = file_attributes.group("path")

            try:

                file_from_db = (
                    Session.query(UpdateFile)
                    .filter(and_(UpdateFile.name == file_name, UpdateFile.updatesource == urlid))
                    .one()
                )

                if file_from_db is None:
                    raise NoResulFound
                else:
                    return file_from_db.id
            except NoResultFound:
                new_file = UpdateFile(file_name, urlid, file_path)
                Session.add(new_file)
                Session.flush()
                return new_file.id
        except ImportError:
            # print('') #TODO: TRANSLATe
            # raise
            # exit(1)
            print e
            exit()
        return 0
Exemple #21
0
 def edit_policy(self, id = 0):
     """ Returns a interface to edit entire policies.
     
     Returns a list of the contents of the policy, correctly ordered. """
     if id == 0:
         raise cherrypy.HTTPRedirect("/policy/") # Return to index
         
     # Get information about policy
     
     chain_contents = [] # List of policy chain objects
     
     policy_info = Session.query(PolicyChainMeta).filter(PolicyChainMeta.id == id).one()
     
     policyContents = Session.query(PolicyChain).join(PolicyObject).filter(
     and_(PolicyChain.chain_id == id, PolicyChain.parent == 0)).first()
     
     if policyContents is None:
         next = 0
         policyContents = Session.query(PolicyChain).filter(
         and_(PolicyChain.chain_id == id, PolicyChain.parent == 0)).first()
         if policyContents is not None:
             chain_contents.append({'id': policyContents.id, 'object': None})
     
     else:
         chain_contents.append({'id': policyContents.id, 'object': policyContents.policyobject})   
         next = int(policyContents.child)
     
     while next is not 0:
         cp = Session.query(PolicyChain).join(PolicyObject).filter(PolicyChain.id == next).first()
        
         if cp is not None:
             chain_contents.append({'id': cp.id, 'object': cp.policyobject})
             next = int(cp.child)
         else:
             cp = Session.query(PolicyChain).filter(PolicyChain.id == next).first()
             chain_contents.append({'id': cp.id, 'object': None})
             next = 0
 
     all_objects = Session.query(PolicyObject).all()
     
     return self.render({'page_title' : 'Edit policy',
     'all_objects' : all_objects,
      'policy' : {'contents' : chain_contents, 'info' : policy_info}})
 def __init__(self):
     """ Create temporary folder and get all the rule files """
     self.temp_sensor_folder = mkdtemp()
     self.rule_files = Session.query(UpdateFile)#.join(PolicyObject).filter(and_(PolicyChain.chain_id == chainId, PolicyChain.parent == 0))
Exemple #23
0
 def index(self):
     """ Returns a list of the 10 last log events. """
     event_content = Session.query(EventLog).limit(10)
     
     return (self.render({ 'page_title': 'Main page', 'event_content': event_content}))
Exemple #24
0
  def addsensorindex(self):
      """ Add a new sensor to the database"""
      
      locations = Session.query(SensorLocation).all()
 
      return ({ 'page_title': 'Add Sensor', 'secondmenu': self._create_sidemenu(), 'locations' : locations})
    def producePolicyChain(self):
        """ Produces configuration file based on contents in policy chain

The job is done in the following way
 #. Compile a list of all the sensor grouped by the policy chain they use
 #. Create a list of policy contents."""

        chainList = {}                       # The list of sensors grouped by policy chain
        
        try:
            """ Compiles the list of sensors and policy chains. """
        
            for sensor in Session.query(Sensor).all():
                if str(sensor.policychain) not in chainList: # If it isn't already in the list
                    chainList[str(sensor.policychain)] = []
                
                chainList[str(sensor.policychain)].append(sensor.ip)
        except KeyError as e:
            print 'Error with key\n', e
        
        
        
        for ipList in chainList.items():
            chainId = ipList[0]
            chain_contents = []	
            
            PolicyFile = {PREPEND : [],
            CONTENTS : [],
            APPEND : []}
            
            policy_contents = Session.query(PolicyChain).join(PolicyObject).filter(and_(PolicyChain.chain_id == chainId, PolicyChain.parent == 0)).first()
            if policy_contents is not None:
                chain_contents.append({'id': policy_contents.id,'object': policy_contents.policyobject})
                next = int(policy_contents.child)
            else:
                next = 0
                
            while next is not 0:
                cp = Session.query(PolicyChain).join(PolicyObject).filter(PolicyChain.id == next).first()

                if cp is not None: # If the chain element doesn't have a Object connected to it
                    chain_contents.append({'id': cp.id, 'object': cp.policyobject})
                else:
                    cp = Session.query(PolicyChain).filter(PolicyChain.id == next).first()
            
                next = int(cp.child)
            	
            for element in chain_contents:
                policy_type = element['object'].type
                
                strings = element['object'].contents.splitlines()
                
                for string in strings:
                    if not string.startswith('#'): # Check if a line is really a comment
                        PolicyFile[policy_type].append(string) # Add to the proper list

            
            #Build policychain

            configString = ''
            
            inclusion = {'file': [], 'sid':[], 'regex': []}
            exclusion = {'file': [], 'sid':[]}
            rewrite = {}
            
            action_package = {'enable' : inclusion, 'disable' : exclusion, 'rewrite' : rewrite}
            
            pfinder = re.compile(r'^(?P<action>(disable|enable|set|rewrite))\s+(?P<target>(file|sid|regex)?)\s+(?P<content>(.+)?)$')
            for policy_string in PolicyFile[CONTENTS]:
                p_string_contents = pfinder.search(policy_string) # Builds object from content
                if p_string_contents is not None:

                    policy_action = p_string_contents.group('action')
                    policy_target = p_string_contents.group('target')
                    policy_content = p_string_contents.group('content')                 
                        
                    if policy_action == 'rewrite':
                        find_sid_pattern = re.compile(r'^\d+')
                        rewrite_sid = find_sid_pattern.search(policy_content)
                        action_package[policy_action][rewrite_sid.group(0)] = policy_content
                    else:
                            
                        if policy_action == 'enable' and policy_target != 'regex':
                            try:
                                action_package['disable'][policy_target].remove(policy_content)
                            except ValueError:
                                pass
                        elif policy_action == 'disable':
                            try:
                               action_package['enable'][policy_target].remove(policy_content)
                            except ValueError:
                                pass
                         
                        action_package[policy_action][policy_target].append(policy_content)
            
            # Add content to file
            
            for line in PolicyFile[PREPEND]: # Write all prepend content to file
                configString += line + '\n'
            
            for file in self.rule_files:
                if len(exclusion['file']) is not 0:
                    if file.name not in exclusion['file']:
                        rules = Session.query(Rule).filter(Rule.file == file.id)
                        for rule in rules:
                            if str(rule.sid) not in exclusion['sid'] and rule.active is not 0:
                                if rule.sid in rewrite:
                                    configstring += self.prepare_rule(rule.rule,rewrite[rule.sid])
                                else:
                                    configString += rule.rule

                if len(inclusion['file']) is not 0:

                    if file.name in inclusion['file']:
                        rules = Session.query(Rule).filter(Rule.file == file.id)
                        for rule in rules:
                            if str(rule.sid) not in exclusion['sid'] and rule.active is not 0:
                                if str(rule.sid) == rewrite:
                                    configstring += self.prepare_rule(rule.rule, rewrite[rule.sid])
                                else:
                                    configString += rule.rule
                    
             
            if len(inclusion['sid']) is not 0: 
                for inc_sid in inclusion['sid']:
                    try: 
                        rule = Session.query(Rule).filter(Rule.sid == inc_sid).order_by(Rule.rev.desc()).first()	   
                    
                        if rule is None:
                            raise NoResultFound
                        if str(rule.sid) in rewrite:
                            configString += self.prepare_rule(rule.rule, rewrite[str(rule.sid)])
                        else:
                            configString += rule.rule
                    except NoResultFound:
                        pass
            
                        # Enable from regex

            if len(inclusion['regex']) > 0: # Activates rules based on regex pattern
                """ Will only fetch all the rules __IF__ there's regex item """
                self.all_the_rules = Session.query(Rule).filter(Rule.active == 1).all() # Get ALL the rules
                for sid_expression in inclusion['regex']: # Go through each pattern to search
                    reg_pattern = re.compile(r'%s' % sid_expression)
                    for rule in self.all_the_rules: # Go through rules
                        if reg_pattern.search(rule.rule):

                            if (str(rule.sid) not in inclusion['sid'] and 
                            self.rule_files[rule.file].name not in inclusion['file']):
                                configString += rule.rule
                    
            for line in PolicyFile[APPEND]:			# Write all the append content to file
                configString += line + '\n'

            for sensor in ipList[1]:
                #roll out policychain
                try:
                    f = open(os.path.join(self.temp_sensor_folder, sensor + '.txt'),'w')
                    f.write(configString)
                    f.close()
                except IOError:
                    print 'IOError'