def ossec_get_check(system_ip, check_type, agent_ip="", agent_name=""):
"""This function checks whether an ossec check has been made or not"""
script_second_parameter = ""
if check_type not in ["lastip", "lastscan"]:
return False, "Invalid check type. Allowed values are [lastip, syscheck, rootcheck]"
if check_type == 'lastip':
if re.match(r"[a-zA-Z0-9_\-\(\)]+", agent_name) is None:
return False, r"Invalid agent name. Allowed characters are [^a-zA-Z0-9_\-()]+"
script_second_parameter = agent_name
else:
if not is_valid_ipv4(agent_ip):
return False, "Invalid ossec agent ip. Allowed format is: xxx.yyy.zzz.ddd"
script_second_parameter = agent_ip
try:
if check_type == "lastscan":
# We need to exec TWO results
result_dict = {}
command = "/usr/share/ossim/scripts/ossec_check.sh %s %s" % ("lastscan", script_second_parameter)
response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True)
result, msg = ansible_is_valid_response(system_ip, response)
if not result:
return False, msg
script_return_code = int(response['contacted'][system_ip]['rc'])
script_output = response['contacted'][system_ip]['stdout'].split("\n")
if script_return_code != 0:
return False, "[ossec_get_check] Something wrong happened while running ansible command ->'%s'" % str(response)
if len(script_output) != 2: #IP not found
return True, {'syscheck':'','rootcheck':''}
matched_object = re.match(r"!(?P<start_time>\d{10})!(?P<end_time>\d{10}) Starting \S+ scan.", script_output[0])
last_syscheck = ""
if matched_object is not None:
last_syscheck = matched_object.groupdict()['start_time']
result_dict['syscheck'] = last_syscheck
matched_object = re.match(r"!(?P<start_time>\d{10})!(?P<end_time>\d{10}) Starting \S+ scan.", script_output[1])
last_rootcheck = ""
if matched_object is not None:
last_rootcheck = matched_object.groupdict()['start_time']
result_dict['rootcheck'] = last_rootcheck
data = result_dict
if check_type == "lastip":
command = "/usr/share/ossim/scripts/ossec_check.sh %s %s" % (check_type, script_second_parameter)
response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True)
result, msg = ansible_is_valid_response(system_ip, response)
if not result:
return False, msg
script_return_code = int(response['contacted'][system_ip]['rc'])
script_output = response['contacted'][system_ip]['stdout']
if script_return_code != 0:
return False, "[ossec_get_check] Something wrong happened while running ansible command ->'%s'" % str(response)
if not is_valid_ipv4(script_output):#IP not found
return True, ""
data = script_output
except Exception as err:
return False, "[ossec_get_check] Something wrong happened while running ansible command -> '%s'" % str(err)
return True, data
def add_server(server_ip, password):
"""
Add a new system.
"""
if not is_valid_ipv4(server_ip):
return False, "Invalid IP format: %s" % server_ip
(success, local_system_id) = get_system_id_from_local()
if not success:
return success, "Error retrieving the local system id"
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=server_ip,
password=password)
if not success:
return success, "Cannot add the server to the system"
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-add-server")
if not trigger_success:
api_log.error(msg)
(success, response) = get_remote_server_id_from_server_ip(server_ip)
return (success, response)
def ossec_add_new_agent(sensor_id):
"""
Call API method to run ossec_create_new_agent script
"""
agent_name = request.args.get('agent_name', None)
agent_ip = request.args.get('agent_ip', None)
asset_id = request.args.get('asset_id', None)
# Check valid input
valid_str = re.compile('^[-.\w]+$')
if not valid_str.match(agent_name) or not (is_valid_ipv4(agent_ip) or is_valid_ipv4_cidr(agent_ip)):
return make_bad_request("Invalid agent name or address")
# Now call the api method to create the new agent - If everything is right it returns the agent id of the new agent
(success, data) = api_ossec_add_new_agent(sensor_id, agent_name, agent_ip, asset_id)
if not success:
current_app.logger.error("ossec_agent: error creating new agent: " + str(data))
return make_error(data, 500)
# Now we get the agent detail
try:
agent_id = data
(success, data) = apimethod_ossec_get_agent_from_db(sensor_id, agent_id)
except APIException as e:
return make_error_from_exception(e)
if success:
return make_ok(agent_detail=data)
else:
return make_error(data, 500)
def ossec_add_new_agent(sensor_id):
"""
Call API method to run ossec_create_new_agent script
"""
agent_name = request.args.get('agent_name', None)
agent_ip = request.args.get('agent_ip', None)
# Check valid input
valid_str = re.compile('^[-.\w]+$')
if not valid_str.match(agent_name) or not (is_valid_ipv4(agent_ip) or
is_valid_ipv4_cidr(agent_ip)):
return make_bad_request("Invalid agent name or address")
# Now call the api method to create the new agent - If everything is right it returns the agent id of the new agent
(success, data) = api_ossec_add_new_agent(sensor_id, agent_name, agent_ip)
if not success:
current_app.logger.error("ossec_agent: error creating new agent: " +
str(data))
return make_error(data, 500)
# Now we get the agent detail to return it.
(success, data) = apimethod_ossec_get_agent_detail(sensor_id, data)
if success:
return make_ok(agent_detail=data)
else:
return make_error(data, 500)
def db_system_update_admin_ip(system_id, admin_ip):
if not is_valid_ipv4(admin_ip):
api_log.error('Invalid admin_ip %s' % str(admin_ip))
return False, 'Invalid admin ip %s' % str(admin_ip)
try:
sp_call = sqltext(
"CALL system_update('%s','','%s','','','','','','','')" %
(system_id, admin_ip))
db.session.begin()
result = db.session.connection(mapper=System).execute(sp_call)
data = result.fetchall()
db.session.commit()
if len(data) <= 0:
return False, "Something wrong happened while updating system info in the database: %s" % str(
data)
if str(data[0]).find("updated") < 0 and str(
data[0]).find("created") < 0:
return False, "Something wrong happened while updating system info in the database: %s" % str(
data[0])
except Exception, e:
api_log.error(str(e))
db.session.rollback()
return False, 'Something wrong happened while updating system info in the database'
def add_system():
if not is_valid_ipv4(request.form['system_ip']):
return make_bad_request("Bad system_ip: %s" % request.form['system_ip'])
(success, system_data) = system.add_system_from_ip(request.form['system_ip'],
request.form['password'])
if not success:
current_app.logger.error("system: add_system error: " + str(system_data))
return make_error(system_data, 500)
return make_ok(**system_data)
def get_server_address_from_config():
"""Returns the server_address parameter
:returns the server ip address string or None when the ip is not a valid ip or
a problem happen while getting it from the database
"""
try:
result = None
data = db.session.query(Config).filter(Config.conf == "server_address").one()
if data.value is not None:
if is_valid_ipv4(data.value):
result = data.value
except Exception as e:
api_log.error("[get_server_address_from_config] {0}".format(str(e)))
result = None
return result
def get_server_address_from_config():
"""Returns the server_address parameter
:returns the server ip address string or None when the ip is not a valid ip or
a problem happen while getting it from the database
"""
try:
result = None
data = db.session.query(Config).filter(Config.conf == 'server_address').one()
if data.value is not None:
if is_valid_ipv4(data.value):
result = data.value
except Exception as e:
db.session.rollback()
result = None
return result
def get_server_address_from_config():
"""Returns the server_address parameter
:returns the server ip address string or None when the ip is not a valid ip or
a problem happen while getting it from the database
"""
try:
result = None
data = db.session.query(Config).filter(
Config.conf == 'server_address').one()
if data.value is not None:
if is_valid_ipv4(data.value):
result = data.value
except Exception as e:
db.session.rollback()
result = None
return result
def ossec_delete_agentless(sensor_id):
"""
Call API method to run ossec_delete_agentless script
"""
agent_ip = request.args.get('agent_ip', None)
# Check valid input
if not is_valid_ipv4(agent_ip):
return make_bad_request("Invalid agent IP")
# Now call the api method to create the new agent
(success, data) = api_ossec_delete_agentless(sensor_id, agent_ip)
if not success:
current_app.logger.error("ossec_agent: error deleting agentless queue: " + str(data))
return make_error(data, 500)
return make_ok(messages=data)
def add_server(server_ip, password):
"""
Add a new system.
"""
if not is_valid_ipv4(server_ip):
return False, "Invalid IP format: %s" % server_ip
(success, local_system_id) = get_system_id_from_local()
if not success:
return success, "Error retrieving the local system id"
(success, response) = ansible_add_system(local_system_id=local_system_id,
remote_system_ip=server_ip,
password=password)
if not success:
return success, "Cannot add the server to the system"
(success, response) = get_remote_server_id_from_server_ip(server_ip)
return (success, response)
def db_system_update_admin_ip(system_id, admin_ip):
if not is_valid_ipv4(admin_ip):
api_log.error('Invalid admin_ip %s' % str(admin_ip))
return False, 'Invalid admin ip %s' % str(admin_ip)
try:
sp_call = sqltext("CALL system_update('%s','','%s','','','','','','','')" % (system_id, admin_ip))
db.session.begin()
result = db.session.connection(mapper=System).execute(sp_call)
data = result.fetchall()
db.session.commit()
if len(data) <= 0:
return False, "Something wrong happened while updating system info in the database: %s" % str(data)
if str(data[0]).find("updated") < 0 and str(data[0]).find("created") < 0:
return False, "Something wrong happened while updating system info in the database: %s" % str(data[0])
except Exception, e:
api_log.error(str(e))
db.session.rollback()
return False, 'Something wrong happened while updating system info in the database'
def get_ossec_check(sensor_id):
"""Creates a new preconfigured agent and return the local path
:param sensor_id: Sensor id
:param agent_id: Agent id. Must be a string that match [0-9]{1,4}
:param agent_type: Type of agent to be generated.
"""
agent_ip = request.args.get("agent_ip", None)
agent_name = request.args.get("agent_name", None)
check_type = request.args.get("check_type", None)
if check_type not in ["lastscan", "lastip"]:
return make_bad_request("Invalid check_type value. Allowed values are(lastscan, lastip)")
if check_type == 'lastip':
if agent_name is None:
return make_bad_request("Agent name not specified. Allowed characters are [^a-zA-Z0-9_\\-()]+")
if re.match(r"[a-zA-Z0-9_\-\(\)]+", agent_name) is None:
return make_bad_request("Invalid agent name. Allowed characters are [^a-zA-Z0-9_\\-()]+")
elif not is_valid_ipv4(agent_ip):
return make_bad_request("Invalid agent_ip value. It should be a valid IP v4 dotted address")
(result, data) = ossec_get_check(sensor_id=sensor_id, agent_ip=agent_ip, agent_name=agent_name, check_type=check_type)
if result:
return make_ok(check=data)
return make_error(data, 500)
def make_tunnel_with_vpn(system_ip, password):
"""Build the VPN tunnel with the given node"""
if not is_valid_ipv4(system_ip):
return False, "Invalid system ip: %s" % str(system_ip)
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Error while retrieving " + \
"server_id from local: %s" % str(own_server_id)
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Cannot retrieve the local ip <%s>" % str(local_ip)
success, data = ansible_make_tunnel_with_vpn(
system_ip=system_ip,
local_server_id=get_hex_string_from_uuid(own_server_id),
password=password)
if not success:
return success, data
print "Set VPN IP on the system table"
new_node_vpn_ip = data['client_end_point1']
if new_node_vpn_ip is None:
return False, "Cannot retrieve the new node VPN IP"
print "New Node VPN IP %s" % new_node_vpn_ip
success, data = get_system_id_from_system_ip(system_ip)
if success: # If the system is not on the system table is doesn't matter
success, data = set_system_vpn_ip(data, new_node_vpn_ip)
if not success:
return False, "Cannot set the new node vpn ip on the system table"
flush_cache(namespace="support_tunnel")
# Restart frameworkd
print "Restarting ossim-framework"
success, data = ansible_restart_frameworkd(system_ip=local_ip)
if not success:
print "Restarting %s ossim-framework failed (%s)" % (local_ip, data)
return True, "VPN node successfully connected."
def make_tunnel_with_vpn(system_ip, password):
"""Build the VPN tunnel with the given node"""
if not is_valid_ipv4(system_ip):
return False, "Invalid system ip: %s" % str(system_ip)
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Error while retrieving " + \
"server_id from local: %s" % str(own_server_id)
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Cannot retrieve the local ip <%s>" % str(local_ip)
success, data = ansible_make_tunnel_with_vpn(system_ip=system_ip,
local_server_id=get_hex_string_from_uuid(own_server_id),
password=password)
if not success:
return success, data
print "Set VPN IP on the system table"
new_node_vpn_ip = data['client_end_point1']
if new_node_vpn_ip is None:
return False, "Cannot retrieve the new node VPN IP"
print "New Node VPN IP %s" % new_node_vpn_ip
success, data = get_system_id_from_system_ip(system_ip)
if success: # If the system is not on the system table is doesn't matter
success, data = set_system_vpn_ip(data, new_node_vpn_ip)
if not success:
return False, "Cannot set the new node vpn ip on the system table"
flush_cache(namespace="support_tunnel")
# Restart frameworkd
print "Restarting ossim-framework"
success, data = ansible_restart_frameworkd(system_ip=local_ip)
if not success:
print "Restarting %s ossim-framework failed (%s)" % (local_ip, data)
return True, "VPN node successfully connected."
def make_tunnel_with_vpn(system_ip,password):
"""Build the VPN tunnel with the given node"""
if not is_valid_ipv4(system_ip):
return False, "Invalid system ip: %s" % str(system_ip)
success, own_server_id = get_server_id_from_local()
if not success:
return success, "Error while retrieving server_id from local: %s" % str(own_server_id)
success, data = ansible_make_tunnel_with_vpn(system_ip=system_ip, local_server_id= get_hex_string_from_uuid(own_server_id), password=password)
if not success:
return success, data
print "Set VPN IP on the system table"
new_node_vpn_ip = data['client_end_point1']
if new_node_vpn_ip is None:
return False, "Cannot retrieve the new node VPN IP"
print "New Node VPN IP %s" % new_node_vpn_ip
success, data = get_system_id_from_system_ip(system_ip)
if success:# If the system is not on the system table is doesn't matter
success, data = set_system_vpn_ip(data, new_node_vpn_ip)
if not success:
return False, "Cannot set the new node vpn ip on the system table"
flush_cache(namespace="system")
return True, "VPN node successfully connected."
def update_system_hids_agents(system_id):
""""
Update information about HIDS agents connected to a system
@param system_id: system_id of the sensor to update
"""
# Getting system information
success, system_info = get_system_info(system_id)
# Getting sensor ID
if success:
sensor_id = system_info['sensor_id']
else:
raise APICannotRetrieveSystem(system_id)
stored_agents = get_hids_agents_by_sensor(sensor_id)
success, agents = ossec_get_available_agents(
sensor_id=sensor_id, op_ossec='list_available_agents', agent_id='')
if not success:
raise APICannotRunHIDSCommand(sensor_id, 'list_available_agents')
added_agents = [
agent_id for agent_id in agents.keys() if agent_id not in stored_agents
]
present_agents = [
agent_id for agent_id in agents.keys() if agent_id in stored_agents
]
deleted_agents = [
agent for agent in stored_agents if agent not in agents.keys()
]
# Add new agents to database
for agent_id in added_agents:
try:
agent = agents[agent_id]
add_hids_agent(agent_id=agent_id,
sensor_id=sensor_id,
agent_name=agent['name'],
agent_ip=agent['ip'],
agent_status=agent['status'])
except APIException as e:
logger.error("Error adding hids agent: {0}".format(e))
not_linked_assets = 0
refresh_idm = False
# Update agent status and check asset_id in database
for agent_id in present_agents:
try:
# Update HIDS agent status
update_hids_agent_status(agent_id=agent_id,
sensor_id=sensor_id,
agent_status=agents[agent_id]['status'])
agent_data = get_hids_agent_by_sensor(sensor_id, agent_id)
# Check HIDS agent asset id
if agent_data['host_id'] == '':
# Try to update HIDS agent asset id
linked_assets = get_linked_assets()
agent_ip_cidr = agent_data['ip_cidr']
asset_id = None
# Getting current IP
if agent_ip_cidr == '127.0.0.1':
# Special case: Local agent
agent_ip_cidr = system_info['ha_ip'] if system_info[
'ha_ip'] else system_info['admin_ip']
elif agent_ip_cidr.lower() == 'any' or agent_ip_cidr.lower(
) == '0.0.0.0' or (is_valid_ipv4_cidr(agent_ip_cidr)
and agent_ip_cidr.find('/') != -1):
# DHCP environments (Get the latest IP)
success, agent_ip_cidr = ossec_get_check(
sensor_id, agent_data['name'], "lastip")
# Search asset_id
if is_valid_ipv4(agent_ip_cidr):
success, sensor_ctx = get_sensor_ctx_by_sensor_id(
sensor_id)
if success:
success, asset_id = get_host_id_by_ip_ctx(
agent_ip_cidr, sensor_ctx, output='str')
if not is_valid_uuid(asset_id):
success, new_asset_id = create_host([agent_ip_cidr],
sensor_id)
if is_valid_uuid(new_asset_id):
asset_id = new_asset_id
refresh_idm = True
# Linking asset to agent
if is_valid_uuid(asset_id) and asset_id not in linked_assets:
update_asset_id(sensor_id=sensor_id,
agent_id=agent_id,
asset_id=asset_id)
linked_assets[asset_id] = {
'ha_id': agent_id,
'sensor_id': sensor_id
}
else:
not_linked_assets += 1
except APIException as e:
logger.error('[update_system_hids_agents]: {0}'.format(e))
# Remove deleted agents from database
for agent_id in deleted_agents:
try:
delete_hids_agent(agent_id, sensor_id)
except APIException as e:
logger.error('[update_system_hids_agents]: {0}'.format(e))
return not_linked_assets, refresh_idm
def get_host_fqdn(system_id):
host_ip = request.form.get('host_ip')
if not is_valid_ipv4(host_ip):
return make_error("Invalid host IP address", 500)
return make_ok(fqdn=get_fqdn_api(system_id, host_ip))
def start(self):
try:
self.remove_monitor_data()
rc, system_list = get_systems(directly_connected=False)
if not rc:
logger.error("Can't retrieve systems..%s" % str(system_list))
return False
for (system_id, system_ip) in system_list:
success, sensor_id = get_sensor_id_from_system_id(system_id)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] "
"get_sensor_id_from_system_id failed for system %s (%s)"
% (system_ip, system_id))
sensor_id = None
ha_name = None
success, result = system_all_info(system_id, no_cache=True)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] "
"system_all_info failed for system %s (%s)" %
(system_ip, system_id))
continue
if 'ha_status' in result:
ha_name = 'active' if result[
'ha_status'] == 'up' else 'passive'
success, result = network_status(system_id, no_cache=True)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"network_status failed for system %s (%s)" %
(system_ip, system_id))
continue
success, result = alienvault_status(system_id, no_cache=True)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] "
"alienvault_status failed for system %s (%s)" %
(system_ip, system_id))
continue
success, result = status_tunnel(system_id, no_cache=True)
if not success:
logger.warning("[MonitorRetrievesRemoreInfo] "
"status_tunnel failed for system %s (%s)" %
(system_ip, system_id))
continue
success, result = get_system_config_general(system_id,
no_cache=True)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] "
"get_system_config_general failed for system %s (%s)" %
(system_ip, system_id))
continue
hostname = result.get('general_hostname', None)
if hostname is not None:
success, hostname_old = db_get_hostname(system_id)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] "
"db_get_hostname failed for system %s (%s)" %
(system_ip, system_id))
continue
if hostname == hostname_old:
hostname = None
# Getting config params from the system,
# we do use this result var so do not change the order of the calls!
success, config_alienvault = get_system_config_alienvault(
system_id, no_cache=True)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] "
"get_system_config_alienvault failed for system %s (%s)"
% (system_ip, system_id))
continue
ha_ip = None
ha_role = None
if 'ha_ha_virtual_ip' in config_alienvault:
ha_ip = config_alienvault['ha_ha_virtual_ip']
if not is_valid_ipv4(ha_ip):
ha_ip = None
if 'ha_ha_role' in config_alienvault:
ha_role = config_alienvault['ha_ha_role']
if ha_role not in ['master', 'slave']:
ha_role = None
# Update interfaces cache
success, result = get_interfaces(system_id, no_cache=True)
if not success:
continue
# Update system setup data cache
success, result = system_get(system_id, no_cache=True)
if not success:
continue
vpn_ip = None
if "ansible_tun0" in result:
try:
vpn_ip = result['ansible_tun0']['ipv4']['address']
except Exception:
vpn_ip = None
# Sensor exclusive
if sensor_id is not None and sensor_id != '':
self.__update_sensor_properties(
sensor_id=sensor_id,
config_alienvault=config_alienvault)
# Refresh sensor plugins cache
try:
get_sensor_plugins(sensor_id, no_cache=True)
except APIException:
logger.warning(
"[MonitorRetrievesRemoteInfo] "
"error getting plugins from sensor '{0}' {1}".
format(sensor_id, system_ip))
if vpn_ip is not None:
success, message = set_system_vpn_ip(system_id, vpn_ip)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] set_system_vpn_ip failed: %s"
% message)
if ha_role is not None:
success, message = set_system_ha_role(system_id, ha_role)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] set_system_ha_role failed: %s"
% message)
else:
success, message = set_system_ha_role(system_id, 'NULL')
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] set_system_ha_role failed: %s"
% message)
if ha_ip is not None:
success, message = set_system_ha_ip(system_id, ha_ip)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] set_system_ha_ip: %s"
% message)
success, message = fix_system_references()
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] fix_system_references: %s"
% message)
if ha_name is not None:
success, message = set_system_ha_name(
system_id, ha_name)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] set_system_ha_name failed: %s"
% message)
else:
success, message = set_system_ha_ip(system_id, '')
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] set_system_ha_ip failed: %s"
% message)
if hostname is not None:
success, message = db_system_update_hostname(
system_id, hostname)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] db_system_update_hostname failed: %s"
% message)
# Backups
success, message = get_backup_list(system_id=system_id,
backup_type="configuration",
no_cache=True)
if not success:
logger.warning(
"[MonitorRetrievesRemoteInfo] get_backup_list failed: %s"
% message)
except Exception as err:
api_log.error(
"Something wrong happened while running the MonitorRetrievesRemoteInfo monitor %s"
% str(err))
return False
return True
def start(self):
try:
self.remove_monitor_data()
rc, system_list = get_systems()
if not rc:
logger.error("Can't retrieve systems..%s" % str(system_list))
return False
for (system_id, system_ip) in system_list:
success, sensor_id = get_sensor_id_from_system_id(system_id)
if not success:
continue
success, result = get_plugins_from_yaml(sensor_id,
no_cache=True)
if not success:
continue
success, result = system_all_info(system_id, no_cache=True)
if not success:
continue
success, result = network_status(system_id, no_cache=True)
if not success:
continue
success, result = alienvault_status(system_id, no_cache=True)
if not success:
continue
success, result = get_system_config_general(system_id,
no_cache=True)
if not success:
continue
#Getting config params from the system, we do use this result var so do not change the order of the calls!
success, result = get_system_config_alienvault(system_id,
no_cache=True)
if not success:
continue
prads_enabled = False
suricata_snort_enabled = False
netflow_enabled = False
ha_ip = None
ha_role = None
if 'sensor_detectors' in result:
prads_enabled = True if 'prads' in result[
'sensor_detectors'] else False
suricata_snort_enabled = True if 'snort' in result[
'sensor_detectors'] or 'suricata' in result[
'sensor_detectors'] else False
if 'sensor_netflow' in result:
netflow_enabled = True if result[
'sensor_netflow'] == 'yes' else False
if 'ha_ha_virtual_ip' in result:
ha_ip = result['ha_ha_virtual_ip']
if not is_valid_ipv4(ha_ip):
ha_ip = None
if 'ha_ha_role' in result:
ha_role = result['ha_ha_role']
if ha_role not in ['master', 'slave']:
ha_role = None
success, result = get_interfaces(system_id, no_cache=True)
if not success:
continue
success, result = system_get(system_id, no_cache=True)
if not success:
continue
vpn_ip = None
if "ansible_tun0" in result:
try:
vpn_ip = result['ansible_tun0']['ipv4']['address']
except:
vpn_ip = None
# TO DB; vpn_ip, netflow, active inventory, passive inventory
# ha_ip
success, message = set_sensor_properties_active_inventory(
sensor_id, suricata_snort_enabled)
if not success:
continue
success, message = set_sensor_properties_passive_inventory(
sensor_id, prads_enabled)
if not success:
continue
success, message = set_sensor_properties_netflow(
sensor_id, netflow_enabled)
if not success:
continue
if vpn_ip is not None:
success, message = set_system_vpn_ip(system_id, vpn_ip)
if not success:
continue
if ha_role is not None:
success, message = set_system_ha_role(system_id, ha_role)
if not success:
continue
if ha_ip is not None:
success, message = set_system_ha_ip(system_id, ha_ip)
if not success:
continue
except Exception as err:
api_log.error(
"Something wrong happened while running the MonitorRetrievesRemoteInfo monitor %s"
% str(err))
return False
return True
def start(self):
try:
self.remove_monitor_data()
rc, system_list = get_systems(directly_connected=False)
if not rc:
logger.error("Can't retrieve systems..%s" % str(system_list))
return False
for (system_id, system_ip) in system_list:
success, sensor_id = get_sensor_id_from_system_id(system_id)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"get_sensor_id_from_system_id failed for system %s (%s)" % (system_ip, system_id))
sensor_id = None
ha_name = None
success, result = system_all_info(system_id, no_cache=True)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"system_all_info failed for system %s (%s)" % (system_ip, system_id))
continue
if 'ha_status' in result:
ha_name = 'active' if result['ha_status'] == 'up' else 'passive'
success, result = network_status(system_id, no_cache=True)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"network_status failed for system %s (%s)" % (system_ip, system_id))
continue
success, result = alienvault_status(system_id, no_cache=True)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"alienvault_status failed for system %s (%s)" % (system_ip, system_id))
continue
success, result = status_tunnel(system_id, no_cache=True)
if not success:
logger.warning("[MonitorRetrievesRemoreInfo] "
"status_tunnel failed for system %s (%s)" % (system_ip, system_id))
continue
success, result = get_system_config_general(system_id, no_cache=True)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"get_system_config_general failed for system %s (%s)" % (system_ip, system_id))
continue
hostname = result.get('general_hostname', None)
if hostname is not None:
success, hostname_old = db_get_hostname(system_id)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"db_get_hostname failed for system %s (%s)" % (system_ip, system_id))
continue
if hostname == hostname_old:
hostname = None
# Getting config params from the system,
# we do use this result var so do not change the order of the calls!
success, config_alienvault = get_system_config_alienvault(system_id, no_cache=True)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] "
"get_system_config_alienvault failed for system %s (%s)" % (system_ip, system_id))
continue
ha_ip = None
ha_role = None
if 'ha_ha_virtual_ip' in config_alienvault:
ha_ip = config_alienvault['ha_ha_virtual_ip']
if not is_valid_ipv4(ha_ip):
ha_ip = None
if 'ha_ha_role' in config_alienvault:
ha_role = config_alienvault['ha_ha_role']
if ha_role not in ['master', 'slave']:
ha_role = None
# Update interfaces cache
success, result = get_interfaces(system_id, no_cache=True)
if not success:
continue
# Update system setup data cache
success, result = system_get(system_id, no_cache=True)
if not success:
continue
vpn_ip = None
if "ansible_tun0" in result:
try:
vpn_ip = result['ansible_tun0']['ipv4']['address']
except Exception:
vpn_ip = None
# Sensor exclusive
if sensor_id is not None and sensor_id != '':
self.__update_sensor_properties(sensor_id=sensor_id,
config_alienvault=config_alienvault)
# Refresh sensor plugins cache
try:
get_sensor_plugins(sensor_id, no_cache=True)
except APIException:
logger.warning("[MonitorRetrievesRemoteInfo] "
"error getting plugins from sensor '{0}' {1}".format(sensor_id, system_ip))
if vpn_ip is not None:
success, message = set_system_vpn_ip(system_id, vpn_ip)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] set_system_vpn_ip failed: %s" % message)
if ha_role is not None:
success, message = set_system_ha_role(system_id, ha_role)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] set_system_ha_role failed: %s" % message)
else:
success, message = set_system_ha_role(system_id, 'NULL')
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] set_system_ha_role failed: %s" % message)
if ha_ip is not None:
success, message = set_system_ha_ip(system_id, ha_ip)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] set_system_ha_ip: %s" % message)
success, message = fix_system_references()
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] fix_system_references: %s" % message)
if ha_name is not None:
success, message = set_system_ha_name(system_id, ha_name)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] set_system_ha_name failed: %s" % message)
else:
success, message = set_system_ha_ip(system_id, '')
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] set_system_ha_ip failed: %s" % message)
if hostname is not None:
success, message = db_system_update_hostname(system_id, hostname)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] db_system_update_hostname failed: %s" % message)
# Backups
success, message = get_backup_list(system_id=system_id,
backup_type="configuration",
no_cache=True)
if not success:
logger.warning("[MonitorRetrievesRemoteInfo] get_backup_list failed: %s" % message)
except Exception as err:
api_log.error("Something wrong happened while running the MonitorRetrievesRemoteInfo monitor %s" % str(err))
return False
return True
def ossec_win_deploy(sensor_id,
asset_id,
windows_ip,
windows_username,
windows_password,
windows_domain,
agent_id=None):
""" Deploy HIDS agent on a Windows System
Args:
sensor_id(str): Sensor ID
asset_id(str): Asset ID
windows_ip(str) : Deployment IP (where we are going to deploy the HIDS Agent)
windows_username(str) : Windows Username
windows_password(str) : Windows Password
windows_domain(str) : Windows Domain
agent_id(str) : Agent ID
Returns:
True if HIDS agent was properly deployed
Raises:
APICannotResolveAssetID
APICannotCreateHIDSAgent
APICannotGetHIDSAgentByAsset
APICannotResolveSensorID
APICannotDeployHIDSAgent
APIInvalidDeploymentIP
APIInvalidWindowsUsername
APIInvalidWindowsPassword
APIInvalidAgentID
"""
# Setting default values
agent_name = None
sensor_ip = None
sensor_name = None
asset_name = None
try:
# Validate deployment parameters
if not is_valid_uuid(asset_id):
raise APICannotResolveAssetID(asset_id)
if not is_valid_ipv4(windows_ip):
raise APIInvalidDeploymentIP(windows_ip)
if not is_valid_windows_user(windows_username):
raise APIInvalidWindowsUsername(windows_username)
if not is_valid_user_password(windows_password):
raise APIInvalidWindowsPassword()
if agent_id and not is_valid_ossec_agent_id(agent_id):
raise APIInvalidAgentID(agent_id)
# Getting Sensor Information
(success, sensor) = get_sensor_by_sensor_id(sensor_id)
if not success:
raise APICannotResolveSensorID(sensor_id)
sensor_id = get_uuid_string_from_bytes(sensor.id)
sensor_id = sensor_id.replace('-', '').upper()
sensor_ip = get_ip_str_from_bytes(sensor.ip)
sensor_name = sensor.name
# Getting agent related to assets
hids_agents = get_hids_agents_by_asset(asset_id, sensor_id)
# Getting asset info
asset_name = get_name_by_host_id(asset_id)
if len(hids_agents) == 0:
# Creating agent if doesn't exists
agent_name = asset_name
(success,
data) = apimethod_ossec_add_new_agent(sensor_id, agent_name,
windows_ip, asset_id)
if not success:
raise APICannotCreateHIDSAgent(agent_name, sensor_id)
else:
agent_id = data
else:
# Getting agent information
if agent_id:
agent_key = sensor_id + '#' + agent_id
else:
agent_key = hids_agents.keys().pop(0)
if agent_key in hids_agents:
agent_name = hids_agents[agent_key].get('name')
agent_id = hids_agents[agent_key].get('id')
else:
raise APICannotGetHIDSAgentByAsset(asset_id)
# Deploy HIDS Agent
ansible_result = ansible_ossec_win_deploy(sensor_ip, agent_name,
windows_ip, windows_username,
windows_domain,
windows_password)
if ansible_result[sensor_ip]['unreachable'] == 0 and ansible_result[
sensor_ip]['failures'] == 0:
# No error, update agent status in database
time.sleep(2)
(success,
data) = apimethod_ossec_get_agent_detail(sensor_id, agent_id)
if success:
agent_info = data[0].split(',')
agent_status = agent_info[3]
update_hids_agent_status(agent_id, sensor_id, agent_status)
else:
ans_last_error = ""
if ansible_result[sensor_ip]['unreachable'] == 1:
ans_last_error = "System is unreachable"
elif 'msg' in ansible_result['alienvault']['lasterror'][
sensor_ip] and ansible_result['alienvault']['lasterror'][
sensor_ip]['msg'] != "":
ans_last_error = ansible_result['alienvault']['lasterror'][
sensor_ip]['msg']
elif 'stderr' in ansible_result['alienvault']['lasterror'][
sensor_ip] and ansible_result['alienvault']['lasterror'][
sensor_ip]['stderr'] != "":
ans_last_error = ansible_result['alienvault']['lasterror'][
sensor_ip]['stderr']
elif 'stdout' in ansible_result['alienvault']['lasterror'][
sensor_ip] and ansible_result['alienvault']['lasterror'][
sensor_ip]['stdout'] != "":
ans_last_error = ansible_result['alienvault']['lasterror'][
sensor_ip]['stdout']
error_msg = 'HIDS Agent cannot be deployed. Reason: {0}'.format(
ans_last_error)
raise APICannotDeployHIDSAgent(error_msg)
res = True
message = 'HIDS agent successfully deployed'
except APICannotDeployHIDSAgent as err:
message = str(err)
res = False
except Exception as err:
message = str(err)
logger.error(message)
res = False
# Create message in Message Center
mc_id = "00000000-0000-0000-0000-000000010033" if res is True else "00000000-0000-0000-0000-000000010031"
additional_info = {
"asset_id": asset_id,
"sensor_id": sensor_id,
"agent_id": agent_id,
"asset_name": asset_name,
"asset_ip": windows_ip,
"sensor_ip": sensor_ip,
"sensor_name": sensor_name,
"agent_name": agent_name,
"deploy_status": message
}
additional_info = json.dumps(additional_info)
insert_current_status_message(mc_id, asset_id, "host", additional_info)
return res, message
def ossec_win_deploy(sensor_id, asset_id, windows_ip, windows_username, windows_password, windows_domain,
agent_id=None):
""" Deploy HIDS agent on a Windows System
Args:
sensor_id(str): Sensor ID
asset_id(str): Asset ID
windows_ip(str) : Deployment IP (where we are going to deploy the HIDS Agent)
windows_username(str) : Windows Username
windows_password(str) : Windows Password
windows_domain(str) : Windows Domain
agent_id(str) : Agent ID
Returns:
True if HIDS agent was properly deployed
Raises:
APICannotResolveAssetID
APICannotCreateHIDSAgent
APICannotGetHIDSAgentByAsset
APICannotResolveSensorID
APICannotDeployHIDSAgent
APIInvalidDeploymentIP
APIInvalidWindowsUsername
APIInvalidWindowsPassword
APIInvalidAgentID
"""
# Setting default values
agent_name = None
sensor_ip = None
sensor_name = None
asset_name = None
try:
# Validate deployment parameters
if not is_valid_uuid(asset_id):
raise APICannotResolveAssetID(asset_id)
if not is_valid_ipv4(windows_ip):
raise APIInvalidDeploymentIP(windows_ip)
if not is_valid_windows_user(windows_username):
raise APIInvalidWindowsUsername(windows_username)
if not is_valid_user_password(windows_password):
raise APIInvalidWindowsPassword()
if agent_id and not is_valid_ossec_agent_id(agent_id):
raise APIInvalidAgentID(agent_id)
# Getting Sensor Information
(success, sensor) = get_sensor_by_sensor_id(sensor_id)
if not success:
raise APICannotResolveSensorID(sensor_id)
sensor_id = get_uuid_string_from_bytes(sensor.id)
sensor_id = sensor_id.replace('-', '').upper()
sensor_ip = get_ip_str_from_bytes(sensor.ip)
sensor_name = sensor.name
# Getting agent related to assets
hids_agents = get_hids_agents_by_asset(asset_id, sensor_id)
# Getting asset info
asset_name = get_name_by_host_id(asset_id)
if len(hids_agents) == 0:
# Creating agent if doesn't exists
agent_name = asset_name
(success, data) = apimethod_ossec_add_new_agent(sensor_id, agent_name, windows_ip, asset_id)
if not success:
raise APICannotCreateHIDSAgent(agent_name, sensor_id)
else:
agent_id = data
else:
# Getting agent information
if agent_id:
agent_key = sensor_id + '#' + agent_id
else:
agent_key = hids_agents.keys().pop(0)
if agent_key in hids_agents:
agent_name = hids_agents[agent_key].get('name')
agent_id = hids_agents[agent_key].get('id')
else:
raise APICannotGetHIDSAgentByAsset(asset_id)
# Deploy HIDS Agent
ansible_result = ansible_ossec_win_deploy(sensor_ip, agent_name, windows_ip, windows_username, windows_domain,
windows_password)
if ansible_result[sensor_ip]['unreachable'] == 0 and ansible_result[sensor_ip]['failures'] == 0:
# No error, update agent status in database
time.sleep(2)
(success, data) = apimethod_ossec_get_agent_detail(sensor_id, agent_id)
if success:
agent_info = data[0].split(',')
agent_status = agent_info[3]
update_hids_agent_status(agent_id, sensor_id, agent_status)
else:
ans_last_error = ""
if ansible_result[sensor_ip]['unreachable'] == 1:
ans_last_error = "System is unreachable"
elif 'msg' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['msg']!="":
ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['msg']
elif 'stderr' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['stderr']!="":
ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['stderr']
elif 'stdout' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['stdout']!="":
ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['stdout']
error_msg = 'HIDS Agent cannot be deployed. Reason: {0}'.format(ans_last_error)
raise APICannotDeployHIDSAgent(error_msg)
res = True
message = 'HIDS agent successfully deployed'
except APICannotDeployHIDSAgent as err:
message = str(err)
res = False
except Exception as err:
message = str(err)
logger.error(message)
res = False
# Create message in Message Center
mc_id = "00000000-0000-0000-0000-000000010033" if res is True else "00000000-0000-0000-0000-000000010031"
additional_info = {
"asset_id": asset_id,
"sensor_id": sensor_id,
"agent_id": agent_id,
"asset_name": asset_name,
"asset_ip": windows_ip,
"sensor_ip": sensor_ip,
"sensor_name": sensor_name,
"agent_name": agent_name,
"deploy_status": message
}
additional_info = json.dumps(additional_info)
insert_current_status_message(mc_id, asset_id, "host", additional_info)
return res, message
def update_system_hids_agents(system_id):
""""
Update information about HIDS agents connected to a system
@param system_id: system_id of the sensor to update
"""
# Getting system information
success, system_info = get_system_info(system_id)
# Getting sensor ID
if success:
sensor_id = system_info['sensor_id']
else:
raise APICannotRetrieveSystem(system_id)
stored_agents = get_hids_agents_by_sensor(sensor_id)
success, agents = ossec_get_available_agents(sensor_id=sensor_id,
op_ossec='list_available_agents',
agent_id='')
if not success:
raise APICannotRunHIDSCommand(sensor_id, 'list_available_agents')
added_agents = [agent_id for agent_id in agents.keys() if agent_id not in stored_agents]
present_agents = [agent_id for agent_id in agents.keys() if agent_id in stored_agents]
deleted_agents = [agent for agent in stored_agents if agent not in agents.keys()]
# Add new agents to database
for agent_id in added_agents:
try:
agent = agents[agent_id]
add_hids_agent(agent_id=agent_id,
sensor_id=sensor_id,
agent_name=agent['name'],
agent_ip=agent['ip'],
agent_status=agent['status'])
except APIException as e:
logger.error("Error adding hids agent: {0}".format(e))
not_linked_assets = 0
refresh_idm = False
# Update agent status and check asset_id in database
for agent_id in present_agents:
try:
# Update HIDS agent status
update_hids_agent_status(agent_id=agent_id,
sensor_id=sensor_id,
agent_status=agents[agent_id]['status'])
agent_data = get_hids_agent_by_sensor(sensor_id, agent_id)
# Check HIDS agent asset id
if agent_data['host_id'] == '':
# Try to update HIDS agent asset id
linked_assets = get_linked_assets()
agent_ip_cidr = agent_data['ip_cidr']
asset_id = None
# Getting current IP
if agent_ip_cidr == '127.0.0.1':
# Special case: Local agent
agent_ip_cidr = system_info['ha_ip'] if system_info['ha_ip'] else system_info['admin_ip']
elif agent_ip_cidr.lower() == 'any' or agent_ip_cidr.lower() == '0.0.0.0' or (
is_valid_ipv4_cidr(agent_ip_cidr) and agent_ip_cidr.find('/') != -1):
# DHCP environments (Get the latest IP)
success, agent_ip_cidr = ossec_get_check(sensor_id, agent_data['name'], "lastip")
# Search asset_id
if is_valid_ipv4(agent_ip_cidr):
success, sensor_ctx = get_sensor_ctx_by_sensor_id(sensor_id)
if success:
success, asset_id = get_host_id_by_ip_ctx(agent_ip_cidr, sensor_ctx, output='str')
if not is_valid_uuid(asset_id):
success, new_asset_id = create_host([agent_ip_cidr], sensor_id)
if is_valid_uuid(new_asset_id):
asset_id = new_asset_id
refresh_idm = True
# Linking asset to agent
if is_valid_uuid(asset_id) and asset_id not in linked_assets:
update_asset_id(sensor_id=sensor_id, agent_id=agent_id, asset_id=asset_id)
linked_assets[asset_id] = {'ha_id': agent_id, 'sensor_id': sensor_id}
else:
not_linked_assets += 1
except APIException as e:
logger.error('[update_system_hids_agents]: {0}'.format(e))
# Remove deleted agents from database
for agent_id in deleted_agents:
try:
delete_hids_agent(agent_id, sensor_id)
except APIException as e:
logger.error('[update_system_hids_agents]: {0}'.format(e))
return not_linked_assets, refresh_idm
def ossec_get_check(system_ip, check_type, agent_name=""):
"""This function checks whether an ossec check has been made or not"""
if check_type not in ["lastip", "lastscan"]:
return False, "Invalid check type. Allowed values are [lastip, syscheck, rootcheck]"
if re.match(r"[a-zA-Z0-9_\-\(\)]+", agent_name) is None:
return False, r"Invalid agent name. Allowed characters are [^a-zA-Z0-9_\-()]+"
try:
if check_type == "lastscan":
# We need to exec TWO results
result_dict = {}
command = "/usr/share/ossim/scripts/ossec_check.sh %s '%s'" % (
"lastscan", agent_name)
response = _ansible.run_module(host_list=[system_ip],
module="shell",
args=command,
use_sudo=True)
result, msg = ansible_is_valid_response(system_ip, response)
if not result:
return False, msg
script_return_code = int(response['contacted'][system_ip]['rc'])
script_output = response['contacted'][system_ip]['stdout'].split(
"\n")
if script_return_code != 0:
return False, "[ossec_get_check] Something wrong happened while running ansible command ->'%s'" % str(
response)
if len(script_output) != 2: #IP not found
return True, {'syscheck': '', 'rootcheck': ''}
matched_object = re.match(
r"Last syscheck scan started at: (?P<s_time>\d{10})",
script_output[0])
last_syscheck = ""
if matched_object is not None:
last_syscheck = matched_object.groupdict()['s_time']
result_dict['syscheck'] = last_syscheck
matched_object = re.match(
r"Last rootcheck scan started at: (?P<r_time>\d{10})",
script_output[1])
last_rootcheck = ""
if matched_object is not None:
last_rootcheck = matched_object.groupdict()['r_time']
result_dict['rootcheck'] = last_rootcheck
data = result_dict
if check_type == "lastip":
command = "/usr/share/ossim/scripts/ossec_check.sh %s '%s'" % (
check_type, agent_name)
response = _ansible.run_module(host_list=[system_ip],
module="shell",
args=command,
use_sudo=True)
result, msg = ansible_is_valid_response(system_ip, response)
if not result:
return False, msg
script_return_code = int(response['contacted'][system_ip]['rc'])
script_output = response['contacted'][system_ip]['stdout']
if script_return_code != 0:
return False, "[ossec_get_check] Something wrong happened while running ansible command ->'%s'" % str(
response)
if not is_valid_ipv4(script_output): #IP not found
return True, ""
data = script_output
except Exception as err:
return False, "[ossec_get_check] Something wrong happened while running ansible command -> '%s'" % str(
err)
return True, data
def start(self):
try:
self.remove_monitor_data()
rc, system_list = get_systems()
if not rc:
logger.error("Can't retrieve systems..%s" % str(system_list))
return False
for (system_id, system_ip) in system_list:
success, sensor_id = get_sensor_id_from_system_id(system_id)
if not success:
continue
success, result = get_plugins_from_yaml(sensor_id, no_cache=True)
if not success:
continue
success, result = system_all_info(system_id, no_cache=True)
if not success:
continue
success, result = network_status(system_id, no_cache=True)
if not success:
continue
success, result = alienvault_status(system_id, no_cache=True)
if not success:
continue
success, result = get_system_config_general(system_id, no_cache=True)
if not success:
continue
#Getting config params from the system, we do use this result var so do not change the order of the calls!
success, result = get_system_config_alienvault(system_id, no_cache=True)
if not success:
continue
prads_enabled = False
suricata_snort_enabled = False
netflow_enabled = False
ha_ip = None
ha_role = None
if 'sensor_detectors' in result:
prads_enabled = True if 'prads' in result['sensor_detectors'] else False
suricata_snort_enabled = True if 'snort' in result['sensor_detectors'] or 'suricata' in result['sensor_detectors'] else False
if 'sensor_netflow' in result:
netflow_enabled = True if result['sensor_netflow'] == 'yes' else False
if 'ha_ha_virtual_ip' in result:
ha_ip = result['ha_ha_virtual_ip']
if not is_valid_ipv4(ha_ip):
ha_ip = None
if 'ha_ha_role' in result:
ha_role = result['ha_ha_role']
if ha_role not in ['master', 'slave']:
ha_role = None
success, result = get_interfaces(system_id, no_cache=True)
if not success:
continue
success, result = system_get(system_id, no_cache=True)
if not success:
continue
vpn_ip = None
if "ansible_tun0" in result:
try:
vpn_ip = result['ansible_tun0']['ipv4']['address']
except:
vpn_ip = None
# TO DB; vpn_ip, netflow, active inventory, passive inventory
# ha_ip
success, message = set_sensor_properties_active_inventory(sensor_id, suricata_snort_enabled)
if not success:
continue
success, message = set_sensor_properties_passive_inventory(sensor_id, prads_enabled)
if not success:
continue
success, message = set_sensor_properties_netflow(sensor_id, netflow_enabled)
if not success:
continue
if vpn_ip is not None:
success, message = set_system_vpn_ip(system_id, vpn_ip)
if not success:
continue
if ha_role is not None:
success, message = set_system_ha_role(system_id, ha_role)
if not success:
continue
if ha_ip is not None:
success, message = set_system_ha_ip(system_id, ha_ip)
if not success:
continue
except Exception as err:
api_log.error("Something wrong happened while running the MonitorRetrievesRemoteInfo monitor %s" % str(err))
return False
return True
