def ossec_get_configuration_rule(system_ip,
rule_filename,
destination_path=""):
#file name validation:
if not re.match(r'[A-Za-z0-9_\-]+\.xml', rule_filename):
return False, "Invalid rule filename <%s> " % str(rule_filename)
try:
ossec_rule_path = "/var/ossec/rules/%s" % rule_filename
if not os.path.exists(destination_path):
return False, "Destination folder doesn't exists"
# From ansible doc: Recursive fetching may be supported in a later release.
response = _ansible.run_module(
host_list=[system_ip],
module="fetch",
args="dest=%s src=%s flat=yes fail_on_missing=yes" %
(destination_path, ossec_rule_path),
use_sudo=True)
result, msg = ansible_is_valid_response(system_ip, response)
if not result:
return False, str(msg)
success, result = set_ossec_file_permissions(destination_path +
rule_filename)
if not success:
return False, str(result)
except Exception as err:
return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str(
err)
return True, destination_path + rule_filename
def apimethod_get_agentless_passlist(sensor_id):
(success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
return False, "Invalid sensor id %s" % sensor_id
success, base_path = get_base_path_from_sensor_id(sensor_id)
if not success:
return False, "Can't retrieve the destination path: %s" % base_path
destination_path = base_path + "/ossec/agentless/"
success, msg = create_local_directory(destination_path)
if not success:
api_log.error(str(msg))
return False, "Error creating directory '%s'" % destination_path
dst_filename = destination_path+".passlist"
success, msg = ans_ossec_get_agentless_passlist(system_ip=system_ip,
destination_path=dst_filename)
if not success:
if str(msg).find('the remote file does not exist') > 0:
if touch_file(dst_filename):
success = True
msg = dst_filename
success, result = set_ossec_file_permissions(dst_filename)
if not success:
return False, str(result)
return success, msg
def ossec_get_server_config(sensor_id):
(success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
return False, "Invalid sensor id %s" % sensor_id
success, ossec_directory = get_ossec_directory(sensor_id)
if not success:
api_log.error(str(ossec_directory))
return False, ossec_directory
server_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_SERVER_FILE_NAME)
success, filename = fetch_file(system_ip=system_ip,
src_file_path=OSSEC_CONFIG_SERVER_PATH,
dst_file_path=server_config_file,
fail_on_missing=True,
flat=True)
if not success:
if str(filename).find('the remote file does not exist') > 0:
if touch_file(server_config_file):
filename = server_config_file
else:
api_log.error(str(filename))
return False, "Something wrong happened getting the HIDS server configuration file"
success, result = set_ossec_file_permissions(server_config_file)
if not success:
return False, str(result)
return True, filename
def ossec_get_agent_config(sensor_id):
(success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
return False, "Invalid sensor id %s" % sensor_id
success, ossec_directory = get_ossec_directory(sensor_id)
if not success:
api_log.error(str(ossec_directory))
return False, ossec_directory
agent_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_AGENT_FILE_NAME)
success, filename = fetch_file(system_ip=system_ip,
src_file_path=OSSEC_CONFIG_AGENT_PATH,
dst_file_path=agent_config_file,
fail_on_missing=True,
flat=True)
try:
if not success:
if str(filename).find('the remote file does not exist') > 0:
if touch_file(agent_config_file):
success = True
filename = agent_config_file
except Exception as err:
import traceback
api_log.error("EX: %s, %s" % (str(err), traceback.format_exc()))
if not success:
api_log.error(str(filename))
return False, "Something wrong happened getting the HIDS agent configuration file"
success, result = set_ossec_file_permissions(agent_config_file)
if not success:
return False, str(result)
return True, filename
def ossec_get_agentless_passlist(system_ip, destination_path=""):
try:
agentless_passfile = "/var/ossec/agentless/.passlist"
# From ansible doc: Recursive fetching may be supported in a later release.
response = _ansible.run_module(host_list=[system_ip], module="fetch", args="dest=%s src=%s flat=yes fail_on_missing=yes" % (destination_path, agentless_passfile), use_sudo=True)
result, msg = ansible_is_valid_response(system_ip, response)
if not result:
return False, str(msg)
success, result = set_ossec_file_permissions(destination_path)
if not success:
return False, str(result)
except Exception as err:
return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str(err)
return True, destination_path
def ossec_get_agentless_passlist(system_ip, destination_path=""):
try:
agentless_passfile = "/var/ossec/agentless/.passlist"
# From ansible doc: Recursive fetching may be supported in a later release.
response = _ansible.run_module(
host_list=[system_ip],
module="fetch",
args="dest=%s src=%s flat=yes fail_on_missing=yes" %
(destination_path, agentless_passfile),
use_sudo=True)
result, msg = ansible_is_valid_response(system_ip, response)
if not result:
return False, str(msg)
success, result = set_ossec_file_permissions(destination_path)
if not success:
return False, str(result)
except Exception as err:
return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str(
err)
return True, destination_path
def ossec_get_configuration_rule(system_ip, rule_filename, destination_path=""):
#file name validation:
if not re.match(r'[A-Za-z0-9_\-]+\.xml', rule_filename):
return False, "Invalid rule filename <%s> " % str(rule_filename)
try:
ossec_rule_path = "/var/ossec/alienvault/rules/%s" % rule_filename
if not os.path.exists(destination_path):
return False, "Destination folder doesn't exists"
# From ansible doc: Recursive fetching may be supported in a later release.
response = _ansible.run_module(host_list=[system_ip], module="fetch", args="dest=%s src=%s flat=yes fail_on_missing=yes" % (destination_path, ossec_rule_path), use_sudo=True)
result, msg = ansible_is_valid_response(system_ip, response)
if not result:
return False, str(msg)
success, result = set_ossec_file_permissions(destination_path+rule_filename)
if not success:
return False, str(result)
except Exception as err:
return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str(err)
return True,destination_path+rule_filename
