def install_suricata(configuration_directory, install_directory, log_directory, capture_network_interfaces,
download_suricata_archive=True, stdout=True, verbose=False):
"""
Install Suricata
:param configuration_directory: Path to the configuration directory (E.G /etc/dynamite/suricata)
:param install_directory: Path to the install directory (E.G /opt/dynamite/suricata/)
:param log_directory: Path to the log directory (E.G /var/log/dynamite/suricata/)
:param capture_network_interfaces: A list of network interfaces to capture on (E.G ["mon0", "mon1"])
:param download_suricata_archive: If True, download the Suricata archive from a mirror
:param stdout: Print the output to console
:param verbose: Include detailed debug messages
"""
log_level = logging.INFO
if verbose:
log_level = logging.DEBUG
logger = get_logger('SURICATA', level=log_level, stdout=stdout)
suricata_profiler = suricata_profile.ProcessProfiler()
if suricata_profiler.is_installed():
logger.error("Suricata is already installed.")
raise suricata_exceptions.AlreadyInstalledSuricataError()
suricata_installer = InstallManager(configuration_directory, install_directory, log_directory,
capture_network_interfaces=capture_network_interfaces,
download_suricata_archive=download_suricata_archive, stdout=stdout,
verbose=verbose)
suricata_installer.setup_suricata()
suricata_installer.setup_suricata_rules()
def __init__(self, stdout, verbose, status):
execution_strategy.BaseExecStrategy.__init__(
self,
strategy_name="agent_stop",
strategy_description="Stop Agent processes.",
functions=(
utilities.create_dynamite_environment_file,
filebeat_process.stop,
),
arguments=(
# utilities.create_dynamite_environment_file
{},
# filebeat_process.stop
{
"stdout": bool(stdout),
"verbose": bool(verbose)
},
),
return_formats=(None, None))
if zeek_profile.ProcessProfiler().is_installed():
self.add_function(func=zeek_process.stop,
argument_dict={
"stdout": bool(stdout),
"verbose": bool(verbose)
})
if suricata_profile.ProcessProfiler().is_installed():
self.add_function(func=suricata_process.stop,
argument_dict={
"stdout": bool(stdout),
"verbose": bool(verbose)
})
if status:
self.add_function(get_agent_status, {"pretty_print_status": True},
return_format="text")
def __init__(self, prompt_user, stdout, verbose):
execution_strategy.BaseExecStrategy.__init__(
self,
strategy_name="agent_uninstall",
strategy_description="Uninstall Agent.",
functions=(
utilities.create_dynamite_environment_file,
prompt_agent_uninstall,
),
arguments=(
# utilities.create_dynamite_environment_file
{},
# prompt_user
{
"prompt_user": bool(prompt_user),
"stdout": bool(stdout),
},
),
return_formats=(
None,
None,
))
if filebeat_profile.ProcessProfiler().is_installed():
self.add_function(func=filebeat_install.uninstall_filebeat,
argument_dict={
'prompt_user': False,
'stdout': bool(stdout),
'verbose': bool(verbose)
})
if zeek_profile.ProcessProfiler().is_installed():
self.add_function(func=zeek_install.uninstall_zeek,
argument_dict={
'prompt_user': False,
'stdout': bool(stdout),
'verbose': bool(verbose)
})
if suricata_profile.ProcessProfiler().is_installed():
self.add_function(func=suricata_install.uninstall_suricata,
argument_dict={
'prompt_user': False,
'stdout': bool(stdout),
'verbose': bool(verbose)
})
if get_installed_agent_analyzers():
self.add_function(func=log_message,
argument_dict={
"msg":
'*** Agent uninstalled successfully. ***',
'stdout': bool(stdout),
'verbose': bool(verbose)
})
else:
self.add_function(func=log_message,
argument_dict={
"msg": '*** Agent is not installed. ***',
'stdout': bool(stdout),
'verbose': bool(verbose)
})
def get_installed_agent_analyzers():
zeek_profiler = zeek_profile.ProcessProfiler()
suricata_profiler = suricata_profile.ProcessProfiler()
filebeat_profiler = filebeat_profile.ProcessProfiler()
agent_analyzers = []
if zeek_profiler.is_installed():
agent_analyzers.append('Zeek')
if suricata_profiler.is_installed():
agent_analyzers.append('Suricata')
if filebeat_profiler.is_installed():
agent_analyzers.append('Filebeat')
return agent_analyzers
def stop(self) -> bool:
"""Stop agent processes
Returns:
True, if successful
"""
filebeat_res, suricata_res, zeek_res = True, True, True
if not filebeat_profile.ProcessProfiler().is_installed():
self.logger.error('You must install Filebeat to run this command.')
return False
filebeat_res = filebeat_process.ProcessManager().stop()
if suricata_profile.ProcessProfiler().is_installed():
suricata_res = suricata_process.ProcessManager().stop()
if zeek_profile.ProcessProfiler().is_installed():
zeek_res = zeek_process.ProcessManager().stop()
return filebeat_res and zeek_res and suricata_res
def actionHighlighted(self, act_on_this, keypress):
zeek_installed, suricata_installed, filebeat_installed = zeek_profile.ProcessProfiler().is_installed(), \
suricata_profile.ProcessProfiler().is_installed(), \
filebeat_profile.ProcessProfiler().is_installed()
app_mapping = {}
if filebeat_installed:
if zeek_installed and suricata_installed:
app_mapping = zeek_and_suricata_mapping
elif zeek_installed:
app_mapping = zeek_only_mapping
elif suricata_installed:
app_mapping = suricata_only_mapping
npyscreen.notify_wait(act_on_this, form_color='GOODHL')
app_mapping[act_on_this]().run()
exit(0)
def create(self):
zeek_installed, suricata_installed, filebeat_installed = zeek_profile.ProcessProfiler().is_installed(), \
suricata_profile.ProcessProfiler().is_installed(), \
filebeat_profile.ProcessProfiler().is_installed()
app_mapping = {}
if filebeat_installed:
if zeek_installed and suricata_installed:
app_mapping = zeek_and_suricata_mapping
elif zeek_installed:
app_mapping = zeek_only_mapping
elif suricata_installed:
app_mapping = suricata_only_mapping
self.add(AgentConfigMultiSelect,
values=sorted(app_mapping.keys()),
max_height=5)
def uninstall(self) -> None:
"""Uninstall Zeek, Suricata and Filebeat from this instance.
Returns:
None
"""
from dynamite_nsm.services.zeek import profile as zeek_profile
from dynamite_nsm.services.suricata import profile as suricata_profile
filebeat_install.UninstallManager(self.stdout,
self.verbose).uninstall()
if zeek_profile.ProcessProfiler().is_installed():
zeek_install.UninstallManager(purge_config=True,
stdout=self.stdout,
verbose=self.verbose).uninstall()
if suricata_profile.ProcessProfiler().is_installed():
suricata_install.UninstallManager(
purge_config=True, stdout=self.stdout,
verbose=self.verbose).uninstall()
def __init__(self,
stdout: Optional[bool] = True,
verbose: Optional[bool] = False,
pretty_print_status: Optional[bool] = False):
"""Manage Suricata processes and sub-processes
Args:
stdout: Print output to console
verbose: Include detailed debug messages
pretty_print_status: If true, status will be printed in a tabular form
"""
process.BaseProcessManager.__init__(
self,
'suricata.service',
'suricata.process',
log_path=None,
stdout=stdout,
verbose=verbose,
pretty_print_status=pretty_print_status)
if not profile.ProcessProfiler().is_installed():
raise exceptions.CallProcessError("Suricata is not installed.")
def get_agent_status(verbose=False, pretty_print_status=True):
zeek_profiler = zeek_profile.ProcessProfiler()
suricata_profiler = suricata_profile.ProcessProfiler()
status_tables = "\n"
agent_status = {}
filebeat_status = filebeat_process.ProcessManager(
verbose=verbose, pretty_print_status=pretty_print_status).status()
status_tables += filebeat_status + '\n\n'
agent_status.update({'filebeat': filebeat_status})
if zeek_profiler.is_installed():
zeek_status = zeek_process.ProcessManager(
verbose=verbose, pretty_print_status=pretty_print_status).status()
status_tables += zeek_status + '\n\n'
agent_status.update({'zeek': zeek_status})
if suricata_profiler.is_installed():
suricata_status = suricata_process.ProcessManager(
verbose=verbose, pretty_print_status=pretty_print_status).status()
status_tables += suricata_status + '\n\n'
agent_status.update({'suricata': suricata_status})
if pretty_print_status:
return status_tables
return agent_status
def get_available_cpus(self) -> list:
"""Get the CPU core numbers that are not currently being utilized
Returns:
A list of available CPUs
"""
zeek_profiler = zeek_profile.ProcessProfiler()
suricata_profiler = suricata_profile.ProcessProfiler()
available_cpus = [c for c in range(0, utilities.get_cpu_core_count())]
reserved_cpus = []
zeek_cpus = []
suricata_cpus = []
if zeek_profiler.is_installed():
zeek_node_config_mng = zeek_config.NodeConfigManager(
install_directory=self.zeek_install_directory,
stdout=self.stdout,
verbose=self.verbose)
for worker in zeek_node_config_mng.workers:
zeek_cpus.extend(worker.pinned_cpus)
if suricata_profiler.is_installed():
suricata_config_mng = suricata_config.ConfigManager(
configuration_directory=self.suricata_configuration_directory,
stdout=self.stdout,
verbose=self.verbose)
if suricata_config_mng.threading.worker_cpu_set:
suricata_cpus.extend(
suricata_config_mng.threading.worker_cpu_set)
if suricata_config_mng.threading.receive_cpu_set:
suricata_cpus.extend(
suricata_config_mng.threading.receive_cpu_set)
if suricata_config_mng.threading.management_cpu_set:
suricata_cpus.extend(
suricata_config_mng.threading.management_cpu_set)
reserved_cpus.extend(suricata_cpus)
reserved_cpus.extend(zeek_cpus)
return list(set([c for c in available_cpus if c not in reserved_cpus]))
def __init__(self, stdout, verbose, status):
execution_strategy.BaseExecStrategy.__init__(
self,
strategy_name="agent_restart",
strategy_description="Restart Agent processes.")
self.add_function(func=filebeat_process.stop,
argument_dict={
'stdout': bool(stdout),
'verbose': bool(verbose)
})
self.add_function(func=filebeat_process.start,
argument_dict={'stdout': bool(stdout)})
if zeek_profile.ProcessProfiler().is_installed():
self.add_function(func=zeek_process.stop,
argument_dict={
'stdout': bool(stdout),
'verbose': bool(verbose)
})
self.add_function(func=zeek_process.start,
argument_dict={
'stdout': bool(stdout),
'verbose': bool(verbose)
})
if suricata_profile.ProcessProfiler().is_installed():
self.add_function(func=suricata_process.stop,
argument_dict={
'stdout': bool(stdout),
'verbose': bool(verbose)
})
self.add_function(func=suricata_process.start,
argument_dict={
'stdout': bool(stdout),
'verbose': bool(verbose)
})
if status:
self.add_function(get_agent_status, {"pretty_print_status": True},
return_format="text")
def optimize(self, available_cpus: Optional[List[int]] = None) -> None:
"""Apply the best CPU-affinity related configurations to Zeek and Suricata
Returns:
None
"""
zeek_profiler = zeek_profile.ProcessProfiler()
suricata_profiler = suricata_profile.ProcessProfiler()
if not available_cpus:
available_cpus = [
c for c in range(0, utilities.get_cpu_core_count())
]
self.logger.info(f'{len(available_cpus)} CPU cores detected.')
if zeek_profiler.is_attached_to_network(
) and suricata_profiler.is_attached_to_network():
self.logger.info(
'Both Zeek and Suricata are installed. Allocating 60% of resources to Zeek, '
'30% to Suricata, and 10% to Kernel.')
kern_alloc, zeek_alloc, suricata_alloc = .1, .6, .3
elif zeek_profiler.is_attached_to_network():
self.logger.info(
'Only Zeek is installed. Allocating 90% of resources to it and 10% to Kernel.'
)
kern_alloc, zeek_alloc, suricata_alloc = .1, .9, 0
elif suricata_profiler.is_attached_to_network():
self.logger.info(
'Only Suricata is installed. Allocating 90% of resources to it and 10% to Kernel.'
)
kern_alloc, zeek_alloc, suricata_alloc = .1, 0, .9
else:
self.logger.error(
'Neither Zeek nor Suricata is installed. You must install at least one of these in order '
'to run this command.')
return None
if len(available_cpus) > 4:
round_func = math.ceil
else:
round_func = math.floor
kern_cpu_count = math.ceil(kern_alloc * len(available_cpus))
zeek_cpu_count = round_func(zeek_alloc * len(available_cpus))
suricata_cpu_count = round_func(suricata_alloc * len(available_cpus))
zeek_cpus = [
c for c in available_cpus[kern_cpu_count:kern_cpu_count +
zeek_cpu_count]
]
suricata_cpus = [
c for c in available_cpus[kern_cpu_count +
zeek_cpu_count:kern_cpu_count +
zeek_cpu_count + suricata_cpu_count]
]
if zeek_profiler.is_attached_to_network():
zeek_node_config_mng = zeek_config.NodeConfigManager(
install_directory=self.zeek_install_directory,
stdout=self.stdout,
verbose=self.verbose)
zeek_node_config_mng.workers = zeek_node_config_mng.get_optimal_zeek_worker_config(
zeek_profiler.get_attached_interfaces(),
available_cpus=tuple(zeek_cpus))
zeek_node_config_mng.commit()
if suricata_profiler.is_attached_to_network():
suricata_config_mng = suricata_config.ConfigManager(
configuration_directory=self.suricata_configuration_directory,
stdout=self.stdout,
verbose=self.verbose)
suricata_config_mng.threading = suricata_config_mng.get_optimal_suricata_threading_config(
available_cpus=tuple(suricata_cpus))
suricata_config_mng.runmode = 'workers'
for suricata_iface in suricata_config_mng.af_packet_interfaces:
suricata_iface.threads = round_func(
len(suricata_config_mng.threading.worker_cpu_set) /
len(suricata_profiler.get_attached_interfaces()))
suricata_iface.cluster_type = 'cluster_qm'
suricata_config_mng.commit()
def setup(self, targets: List[str], target_type: Optional[str] = 'elasticsearch',
monitor_log_paths: Optional[List[str]] = None, agent_tag: Optional[str] = None) -> None:
"""Setup Filebeat
Args:
targets: A list of Elasticsearch/Kafka/Logstash targets to forward events to (E.G ["192.168.0.9 5044", ...])
target_type: The target type; current supported: elasticsearch (default), logstash, kafka, redis
monitor_log_paths: A tuple of log paths to monitor
agent_tag: A friendly name for the agent (defaults to the hostname with no spaces and _agt suffix)
Returns:
None
"""
from dynamite_nsm.services.zeek import profile as zeek_profile
from dynamite_nsm.services.suricata import profile as suricata_profile
sysctl = systemctl.SystemCtl()
zeek_log_root, suricata_log_root = None, None
# Directory setup
self.logger.debug(f'Creating directory: {self.install_directory}')
utilities.makedirs(self.install_directory)
utilities.makedirs(f'{self.install_directory}/logs')
self.logger.info('Installing files and directories.')
self.copy_filebeat_files_and_directories()
self.copy_file_or_directory_to_destination(f'{const.DEFAULT_CONFIGS}/filebeat/filebeat.yml',
self.install_directory)
# Overwrite with dynamite default configurations
self.copy_file_or_directory_to_destination(f'{const.DEFAULT_CONFIGS}/filebeat/module/', self.install_directory)
self.copy_file_or_directory_to_destination(f'{const.DEFAULT_CONFIGS}/filebeat/modules.d/',
self.install_directory)
filebeat_config = config.ConfigManager(self.install_directory, verbose=self.verbose, stdout=self.stdout)
if target_type == 'elasticsearch':
filebeat_config.switch_to_elasticsearch_target()
filebeat_config.elasticsearch_targets.target_strings = targets
self.logger.info(f'Enabling Elasticsearch connector: '
f'{filebeat_config.elasticsearch_targets.target_strings}')
elif target_type == 'logstash':
filebeat_config.switch_to_logstash_target()
filebeat_config.logstash_targets.target_strings = targets
elif target_type == 'kafka':
filebeat_config.switch_to_kafka_target()
filebeat_config.kafka_targets.target_strings = targets
elif target_type == 'redis':
filebeat_config.switch_to_redis_target()
filebeat_config.redis_targets.target_strings = targets
filebeat_config.input_logs = misc_filebeat_objs.InputLogs(
monitor_log_paths=[]
)
filebeat_config.field_processors.originating_agent_tag = agent_tag
if not monitor_log_paths:
environ = utilities.get_environment_file_dict()
zeek_log_root = f'{environ.get("ZEEK_HOME", "")}/logs/current/'
suricata_log_root = environ.get('SURICATA_LOGS', '')
zeek_profiler = zeek_profile.ProcessProfiler()
suricata_profiler = suricata_profile.ProcessProfiler()
if zeek_profiler.is_installed():
self.logger.info(f'Zeek installation found; monitoring: {zeek_log_root}*.log')
filebeat_config.input_logs.monitor_log_paths.append(f'{zeek_log_root}*.log')
if suricata_profiler.is_installed():
self.logger.info(f'Suricata installation found; monitoring: {suricata_log_root}/eve.json')
filebeat_config.input_logs.monitor_log_paths.append(f'{suricata_log_root}/eve.json')
else:
filebeat_config.input_logs = misc_filebeat_objs.InputLogs(
monitor_log_paths=monitor_log_paths
)
self.logger.info(f'Monitoring Paths = {filebeat_config.input_logs.monitor_log_paths}')
if not agent_tag:
filebeat_config.field_processors.originating_agent_tag = utilities.get_default_agent_tag()
self.logger.info(f'Agent Tag = {filebeat_config.field_processors.originating_agent_tag}')
self.logger.debug(filebeat_config.elasticsearch_targets.get_raw())
filebeat_config.commit()
self.logger.info('Applying configuration.')
# Fix Permissions
self.logger.info('Installing modules.')
filebeat_config.patch_modules(zeek_log_directory=zeek_log_root, suricata_log_directory=suricata_log_root)
# Setting up permissions
self.logger.info('Setting up file permissions.')
config_file = f'{self.install_directory}/filebeat.yml'
utilities.set_ownership_of_file(self.install_directory, user='******', group='dynamite')
utilities.set_permissions_of_file(f'{self.install_directory}/modules.d/',
unix_permissions_integer='go-w')
utilities.set_permissions_of_file(f'{self.install_directory}/module/', unix_permissions_integer='go-w')
utilities.set_ownership_of_file(config_file, user='******', group='dynamite')
utilities.set_permissions_of_file(config_file, unix_permissions_integer=644)
filebeat_config.enable_ecs_normalization()
# Install and enable service
self.logger.info(f'Installing service -> {const.DEFAULT_CONFIGS}/systemd/filebeat.service')
sysctl.install_and_enable(f'{const.DEFAULT_CONFIGS}/systemd/filebeat.service')
# Update environment file
self.create_update_filebeat_environment_variables()
def status(self) -> Optional[Union[Dict, str]]:
"""Get the status of a processes
Returns:
A dictionary containing process status or a tabulated string if `pretty_print` is True.
"""
if not filebeat_profile.ProcessProfiler().is_installed():
self.logger.error('You must install filebeat to run this command.')
return None
agent_status = {}
filebeat_status, zeek_status, suricata_status = {}, {}, {}
filebeat_status = filebeat_process.ProcessManager().status()
agent_status.update({
'filebeat': {
'running': filebeat_status.get('running'),
'enabled_on_startup': filebeat_status.get('enabled_on_startup')
}
})
if zeek_profile.ProcessProfiler().is_installed():
zeek_status = zeek_process.ProcessManager().status()
agent_status.update({
'zeek': {
'running': zeek_status.get('running'),
'enabled_on_startup': zeek_status.get('enabled_on_startup')
}
})
if suricata_profile.ProcessProfiler().is_installed():
suricata_status = suricata_process.ProcessManager().status()
agent_status.update({
'suricata': {
'running': suricata_status.get('running'),
'enabled_on_startup':
suricata_status.get('enabled_on_startup')
}
})
if self.pretty_print_status:
colorize = utilities.PrintDecorations.colorize
child_services = [
['Service', 'Running', 'Enabled on Startup'],
[
'filebeat',
colorize('yes', 'green') if filebeat_status.get('running')
else colorize('no', 'red'),
colorize('yes', 'green')
if filebeat_status.get('enabled_on_startup') else colorize(
'no', 'red')
]
]
if zeek_status:
child_services.append([
'zeek',
colorize('yes', 'green')
if zeek_status.get('running') else colorize('no', 'red'),
colorize('yes', 'green')
if zeek_status.get('enabled_on_startup') else colorize(
'no', 'red')
])
if suricata_status:
child_services.append([
'suricata',
colorize('yes', 'green')
if zeek_status.get('running') else colorize('no', 'red'),
colorize('yes', 'green')
if zeek_status.get('enabled_on_startup') else colorize(
'no', 'red')
])
return tabulate.tabulate(child_services, tablefmt='fancy_grid')
return agent_status
def __init__(self,
capture_network_interfaces,
targets,
kafka_topic=None,
kafka_username=None,
kafka_password=None,
agent_analyzers=('zeek', 'suricata'),
tag=None,
stdout=True,
verbose=False):
execution_strategy.BaseExecStrategy.__init__(
self,
strategy_name="agent_install",
strategy_description=
"Install Zeek and/or Suricata along with FileBeat.",
functions=(utilities.create_dynamite_environment_file, ),
arguments=({}, ),
return_formats=(None, ))
if not zeek_profile.ProcessProfiler().is_installed(
) and 'zeek' in agent_analyzers:
self.add_function(func=zeek_install.install_zeek,
argument_dict={
'configuration_directory':
'/etc/dynamite/zeek/',
'install_directory':
'/opt/dynamite/zeek',
'capture_network_interfaces':
list(capture_network_interfaces),
'download_zeek_archive':
True,
'stdout':
bool(stdout),
'verbose':
bool(verbose)
})
else:
self.add_function(func=log_message,
argument_dict={
"msg": 'Skipping Zeek installation.',
'stdout': bool(stdout),
'verbose': bool(verbose)
},
return_format=None)
if not suricata_profile.ProcessProfiler().is_installed(
) and 'suricata' in agent_analyzers:
self.add_function(func=suricata_install.install_suricata,
argument_dict={
'configuration_directory':
'/etc/dynamite/suricata/',
'install_directory':
'/opt/dynamite/suricata/',
'log_directory':
'/opt/dynamite/suricata/logs/',
'capture_network_interfaces':
list(capture_network_interfaces),
'download_suricata_archive':
True,
'stdout':
bool(stdout),
'verbose':
bool(verbose)
})
else:
self.add_function(func=log_message,
argument_dict={
"msg": 'Skipping Suricata installation.',
'stdout': bool(stdout),
'verbose': bool(verbose)
},
return_format=None)
if not filebeat_profile.ProcessProfiler().is_installed():
filebeat_args = {
'targets': list(targets),
'kafka_topic': kafka_topic,
'kafka_username': kafka_username,
'kafka_password': kafka_password,
'agent_tag': tag,
'install_directory': '/opt/dynamite/filebeat/',
'download_filebeat_archive': True,
'stdout': bool(stdout)
}
monitor_log_paths = []
if 'zeek' in agent_analyzers:
monitor_log_paths.append(
"/opt/dynamite/zeek/logs/current/*.log")
if 'suricata' in agent_analyzers:
monitor_log_paths.append(
'/opt/dynamite/suricata/logs/eve.json')
filebeat_args.update({'monitor_log_paths': monitor_log_paths})
self.add_function(func=filebeat_install.install_filebeat,
argument_dict=filebeat_args)
else:
self.add_function(
func=log_message,
argument_dict={
"msg": 'Skipping Filebeat installation; already installed',
'stdout': bool(stdout),
'verbose': bool(verbose)
},
return_format=None)
self.add_function(func=log_message,
argument_dict={
"msg": '*** Agent installed successfully. ***',
'verbose': bool(verbose)
})
self.add_function(func=log_message,
argument_dict={
"msg": 'Next, Start your agent: '
'\'dynamite agent start\'.',
'stdout': bool(stdout),
'verbose': bool(verbose)
},
return_format=None)
def uninstall_suricata(prompt_user=True, stdout=True, verbose=False):
"""
Uninstall Suricata
:param prompt_user: Print a warning before continuing
:param stdout: Print the output to console
:param verbose: Include detailed debug messages
"""
log_level = logging.INFO
if verbose:
log_level = logging.DEBUG
logger = get_logger('SURICATA', level=log_level, stdout=stdout)
logger.info("Uninstalling Suricata.")
env_file = os.path.join(const.CONFIG_PATH, 'environment')
environment_variables = utilities.get_environment_file_dict()
suricata_profiler = suricata_profile.ProcessProfiler()
if not suricata_profiler.is_installed():
logger.error("Suricata is not installed. Cannot uninstall.")
raise suricata_exceptions.UninstallSuricataError(
"Suricata is not installed.")
if prompt_user:
sys.stderr.write(
'\n\033[93m[-] WARNING! Removing Suricata Will Remove Critical Agent Functionality.\033[0m\n'
)
resp = utilities.prompt_input(
'\n\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m '
)
while resp not in ['', 'no', 'yes']:
resp = utilities.prompt_input(
'\n\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m '
)
if resp != 'yes':
if stdout:
sys.stdout.write('\n[+] Exiting\n')
exit(0)
if suricata_profiler.is_running():
try:
suricata_process.stop()
except suricata_exceptions.CallSuricataProcessError as e:
logger.error("Could not kill Suricata process. Cannot uninstall.")
logger.debug(
"Could not kill Suricata process. Cannot uninstall; {}".format(
e))
raise suricata_exceptions.UninstallSuricataError(
"Could not kill Suricata process.")
try:
with open(env_file) as env_fr:
env_lines = ''
for line in env_fr.readlines():
if 'SURICATA_HOME' in line:
continue
elif 'SURICATA_CONFIG' in line:
continue
elif 'SURICATA_LOGS' in line:
continue
elif 'OINKMASTER_HOME' in line:
continue
elif line.strip() == '':
continue
env_lines += line.strip() + '\n'
with open(env_file, 'w') as env_fw:
env_fw.write(env_lines)
if suricata_profiler.is_installed():
shutil.rmtree(environment_variables.get('SURICATA_HOME'),
ignore_errors=True)
shutil.rmtree(environment_variables.get('SURICATA_CONFIG'),
ignore_errors=True)
shutil.rmtree(environment_variables.get('OINKMASTER_HOME'),
ignore_errors=True)
except Exception as e:
logger.error(
"General error occurred while attempting to uninstall Suricata.")
logger.debug(
"General error occurred while attempting to uninstall Suricata; {}"
.format(e))
raise suricata_exceptions.UninstallSuricataError(
"General error occurred while attempting to uninstall Suricata; {}"
.format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise suricata_exceptions.UninstallSuricataError(
"Could not find systemctl.")
sysctl.uninstall_and_disable('suricata')
