def __generate_blocked_output(self, config_file, plugin, plugin_data, sections, error_msg): # Parse the plugin configuration file. checks = {} if config_file: try: data = {'filename': '', 'command': ''} for section in sections: if section != 'properties': pass else: items = dict(config_file.items(section)) if 'type' in plugin_data.keys() and plugin_data['type'] == "file": data['filename'] = items['filename'] elif plugin_data and plugin_data['type'] == "command": data['command'] = items['command'] break for section in sections: if section != 'properties': items = dict(config_file.items(section)) aux_app_type = [] for x in items['appliance_type'].split(','): aux_app_type += Wildcard.appliance_exec(x.strip()) if self.__alienvault_config['hw_profile'].lower() not in aux_app_type: continue if 'type' in plugin_data.keys() and plugin_data['type'] == "db": try: data['command'] = "echo '%s;' | ossim-db" % items['query'] except Exception: pass elif 'type' in plugin_data.keys() and plugin_data['type'] == "file": try: data['command'] = "cat %s" % data['filename'] except Exception: pass checks[section] = {'result': 'blocked', 'detail': error_msg, 'description': items['description'], 'command': data['command'], 'severity': items['severity']} # No checks for this plugin in the current appliance --> do not return plugin details if not checks: return except Exception as e: checks = {} self.__summary[plugin] = {'result': 'blocked', 'summary': error_msg, 'checks': checks}
def __init__(self, plugin, section): # 'check' properties. self.__name = '' self.__type = '' self.__pattern = '' self.__category = '' self.__description = '' self.__summary_passed = '' self.__summary_failed = '' self.__remediation = '' self.__plugin = None # 'file' type checks only. self.__checksums = [] # 'file' and 'command' checks. self.__regex = None # 'db' type checks. self.__query = '' self.__pivot = False self.__introduced = '' self.__output = '' self.__formatted_output = '' self.__appliance_type = [] self.__fail_if_empty = True self.__fail_if_empty_output = '' self.__fail_only_if_all_failed = False self.__split_by_comma = False self.__ha_dependant = False self.__severity = 'Warning' self.__conditions = {'basic': [], 'set': []} self.__actions = [] self.__aux_data = {} self.__strike_zone = False self.__version_type = '' config_file = plugin.get_config_file() self.__name = section self.__plugin = plugin # Parse section options. # Different sections or check 'types' are mutually exclusive. items = config_file.items(section) try: # Retrieve first the formatted_output field for (name, value) in items: if name == 'formatted_output': self.__formatted_output = value.replace("{nl}", "\n") items.remove((name, value)) break # Now the rest for (name, value) in items: if name == 'checksum': self.__type = name self.__checksums = [ tuple(x.split(':')) for x in value.split(';') ] elif name == 'pattern': self.__type = name self.__pattern = str(value) value = Wildcard.av_config(value, escape=True) self.__regex = re.compile(value, re.MULTILINE) elif name == 'query': self.__type = name if value.startswith("@pivot@:"): self.__query = value[8:] self.__pivot = True else: self.__query = value self.__query = Wildcard.av_config(self.__query, escape=True) elif name == 'hardware': self.__type = name self.__hw_list = value elif name == 'category': self.__category = value elif name == 'fail_if_empty': if value in ['True', 'False']: self.__fail_if_empty = eval(value) elif name == 'fail_if_empty_output': self.__fail_if_empty_output = value elif name == 'fail_only_if_all_failed': if value in ['True', 'False']: self.__fail_only_if_all_failed = eval(value) elif name == 'split_by_comma': if value in ['True', 'False']: self.__split_by_comma = eval(value) elif name == 'ha_dependant': if value in ['True', 'False']: self.__ha_dependant = eval(value) elif name == 'version_type': self.__version_type = value elif name == 'severity': if value in default.severity: self.__severity = value elif name == 'min_doctor_version': self.__min_doctor_version = value elif name == 'appliance_type': for x in value.split(','): self.__appliance_type += Wildcard.appliance_exec( x.strip()) elif name == 'conditions': self.__init_conditions__(value) elif name == 'actions': self.__init_actions__(value) elif name == 'description': self.__description = value elif name == 'summary_passed': self.__summary_passed = value elif name == 'summary_failed': self.__summary_failed = value elif name == 'remediation': self.__remediation = value elif name == 'affects_strike_zone': if value in ['True', 'False']: self.__strike_zone = eval(value) else: Output.warning('Unknown field in check "%s": %s' % (self.__name, name)) except CheckError: raise except Exception, msg: Output.error('Cannot parse check "%s" in plugin "%s": %s' % (self.__name, self.__plugin.get_name(), msg)) raise
def __generate_blocked_output(self, config_file, plugin, plugin_data, sections, error_msg): # Parse the plugin configuration file. checks = {} if config_file: try: data = {'filename': '', 'command': ''} for section in sections: if section != 'properties': pass else: items = dict(config_file.items(section)) if 'type' in plugin_data.keys( ) and plugin_data['type'] == "file": data['filename'] = items['filename'] elif plugin_data and plugin_data['type'] == "command": data['command'] = items['command'] break for section in sections: if section != 'properties': items = dict(config_file.items(section)) aux_app_type = [] for x in items['appliance_type'].split(','): aux_app_type += Wildcard.appliance_exec(x.strip()) if self.__alienvault_config['hw_profile'].lower( ) not in aux_app_type: continue if 'type' in plugin_data.keys( ) and plugin_data['type'] == "db": try: data[ 'command'] = "echo '%s;' | ossim-db" % items[ 'query'] except Exception: pass elif 'type' in plugin_data.keys( ) and plugin_data['type'] == "file": try: data['command'] = "cat %s" % data['filename'] except Exception: pass checks[section] = { 'result': 'blocked', 'detail': error_msg, 'description': items['description'], 'command': data['command'], 'severity': items['severity'] } # No checks for this plugin in the current appliance --> do not return plugin details if not checks: return except Exception as e: checks = {} self.__summary[plugin] = { 'result': 'blocked', 'summary': error_msg, 'checks': checks }
def __init__(self, plugin, section): # 'check' properties. self.__name = '' self.__type = '' self.__pattern = '' self.__category = '' self.__description = '' self.__summary_passed = '' self.__summary_failed = '' self.__remediation = '' self.__plugin = None # 'file' type checks only. self.__checksums = [] # 'file' and 'command' checks. self.__regex = None # 'db' type checks. self.__query = '' self.__pivot = False self.__introduced = '' self.__output = '' self.__formatted_output = '' self.__appliance_type = [] self.__fail_if_empty = True self.__fail_if_empty_output = '' self.__fail_only_if_all_failed = False self.__split_by_comma = False self.__ha_dependant = False self.__severity = 'Warning' self.__conditions = {'basic': [], 'set': []} self.__actions = [] self.__aux_data = {} self.__strike_zone = False self.__version_type = '' config_file = plugin.get_config_file() self.__name = section self.__plugin = plugin # Parse section options. # Different sections or check 'types' are mutually exclusive. items = config_file.items(section) try: # Retrieve first the formatted_output field for (name, value) in items: if name == 'formatted_output': self.__formatted_output = value.replace("{nl}", "\n") items.remove((name, value)) break # Now the rest for (name, value) in items: if name == 'checksum': self.__type = name self.__checksums = [tuple(x.split(':')) for x in value.split(';')] elif name == 'pattern': self.__type = name self.__pattern = str(value) value = Wildcard.av_config(value, escape=True) self.__regex = re.compile(value, re.MULTILINE) elif name == 'query': self.__type = name if value.startswith("@pivot@:"): self.__query = value[8:] self.__pivot = True else: self.__query = value self.__query = Wildcard.av_config(self.__query, escape=True) elif name == 'hardware': self.__type = name self.__hw_list = value elif name == 'category': self.__category = value elif name == 'fail_if_empty': if value in ['True', 'False']: self.__fail_if_empty = eval(value) elif name == 'fail_if_empty_output': self.__fail_if_empty_output = value elif name == 'fail_only_if_all_failed': if value in ['True', 'False']: self.__fail_only_if_all_failed = eval(value) elif name == 'split_by_comma': if value in ['True', 'False']: self.__split_by_comma = eval(value) elif name == 'ha_dependant': if value in ['True', 'False']: self.__ha_dependant = eval(value) elif name == 'version_type': self.__version_type = value elif name == 'severity': if value in default.severity: self.__severity = value elif name == 'min_doctor_version': self.__min_doctor_version = value elif name == 'appliance_type': for x in value.split(','): self.__appliance_type += Wildcard.appliance_exec(x.strip()) elif name == 'conditions': self.__init_conditions__(value) elif name == 'actions': self.__init_actions__(value) elif name == 'description': self.__description = value elif name == 'summary_passed': self.__summary_passed = value elif name == 'summary_failed': self.__summary_failed = value elif name == 'remediation': self.__remediation = value elif name == 'affects_strike_zone': if value in ['True', 'False']: self.__strike_zone = eval(value) else: Output.warning('Unknown field in check "%s": %s' % (self.__name, name)) except CheckError: raise except Exception, msg: Output.error('Cannot parse check "%s" in plugin "%s": %s' % (self.__name, self.__plugin.get_name(), msg)) raise