def __init__(self,
systemd_service,
name,
log_path=None,
pid_file=None,
stdout=True,
verbose=False,
pretty_print_status=False):
log_level = logging.INFO
if verbose:
log_level = logging.DEBUG
self.logger = get_logger(str(name).upper(),
level=log_level,
stdout=stdout)
self.pid = None
self.systemd_service = systemd_service
self.name = name
self.log_path = log_path
self.pid_file = pid_file
self.stdout = stdout
self.verbose = verbose
self.pretty_print_status = pretty_print_status
self.sysctl = systemctl.SystemCtl()
if pid_file:
self.pid = self._get_pid(pid_file)
def setup_dynamited(self):
env_file = os.path.join(const.CONFIG_PATH, 'environment')
self.logger.info('Creating dynamited installation, configuration, and logging directories.')
try:
utilities.makedirs(os.path.join(self.install_directory, 'bin'), exist_ok=True)
utilities.makedirs(self.configuration_directory, exist_ok=True)
utilities.makedirs(os.path.join(self.log_directory, 'logs'), exist_ok=True)
except Exception as e:
self.logger.error('Failed to create required directory structure.')
self.logger.debug("Failed to create required directory structure; {}".format(e))
raise dynamited_exceptions.InstallDynamiteDaemonError(
"Failed to create required directory structure; {}".format(e))
try:
dynamited_bin_path = os.path.join(const.INSTALL_CACHE, 'dynamited')
shutil.copy(dynamited_bin_path, os.path.join(self.install_directory, 'bin', 'dynamited'))
except Exception as e:
self.logger.error('Failed to install dynamited.')
self.logger.debug("Failed to install dynamited; {}".format(e))
raise dynamited_exceptions.InstallDynamiteDaemonError("Failed to install dynamited; {}".format(e))
try:
dynamited_config_path = os.path.join(const.DEFAULT_CONFIGS, 'dynamited', 'config.yml')
shutil.copy(dynamited_config_path, os.path.join(self.configuration_directory, 'config.yml'))
except Exception as e:
self.logger.error('Failed to install dynamited config.yml.')
self.logger.debug("Failed to install dynamited config.yml; {}".format(e))
raise dynamited_exceptions.InstallDynamiteDaemonError(
"Failed to install dynamited config.yml; {}".format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise dynamited_exceptions.InstallDynamiteDaemonError("Could not find systemctl.")
self.logger.info("Installing dynamited systemd Service.")
if not sysctl.install_and_enable(os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'dynamited.service')):
raise dynamited_exceptions.InstallDynamiteDaemonError("Failed to install dynamited systemd service.")
try:
with open(env_file) as env_f:
env_f_text = env_f.read()
if 'DYNAMITED_INSTALL' not in env_f_text:
self.logger.info('Updating dynamited default install path [{}]'.format(self.install_directory))
subprocess.call('echo DYNAMITED_INSTALL="{}" >> {}'.format(self.install_directory, env_file),
shell=True)
if 'DYNAMITED_CONFIG' not in env_f_text:
self.logger.info('Updating dynamited default config path [{}]'.format(self.configuration_directory))
subprocess.call('echo DYNAMITED_CONFIG="{}" >> {}'.format(self.configuration_directory, env_file),
shell=True)
if 'DYNAMITED_LOGS' not in env_f_text:
self.logger.info('Updating dynamited default log path [{}]'.format(self.log_directory))
subprocess.call('echo DYNAMITED_LOGS="{}" >> {}'.format(self.log_directory, env_file),
shell=True)
except Exception as e:
self.logger.error("General error occurred while attempting to install dynamited.")
self.logger.debug("General error occurred while attempting to install dynamited; {}".format(e))
raise dynamited_exceptions.InstallDynamiteDaemonError(
"General error occurred while attempting to install FileBeat; {}".format(e))
def setup_suricata(self):
"""
Setup Suricata IDS with AF_PACKET support
"""
env_file = os.path.join(const.CONFIG_PATH, 'environment')
self._copy_suricata_files_and_directories()
self._configure_and_compile_suricata()
try:
with open(env_file) as env_f:
if 'SURICATA_HOME' not in env_f.read():
self.logger.info('Updating Suricata default home path [{}]'.format(self.install_directory))
subprocess.call('echo SURICATA_HOME="{}" >> {}'.format(self.install_directory, env_file),
shell=True)
if 'SURICATA_CONFIG' not in env_f.read():
self.logger.info('Updating Suricata default config path [{}]'.format(self.configuration_directory))
subprocess.call('echo SURICATA_CONFIG="{}" >> {}'.format(
self.configuration_directory, env_file), shell=True)
except IOError:
self.logger.error("Failed to open {} for reading.".format(env_file))
raise suricata_exceptions.InstallSuricataError(
"Failed to open {} for reading.".format(env_file))
except Exception as e:
self.logger.error("General error while creating environment variables in {}.".format(env_file))
self.logger.debug("General error while creating environment variables in {}; {}".format(env_file, e))
raise suricata_exceptions.InstallSuricataError(
"General error while creating environment variables in {}; {}".format(env_file, e))
try:
config = suricata_configs.ConfigManager(self.configuration_directory)
except suricata_exceptions.ReadsSuricataConfigError:
self.logger.error("Failed to read Suricata configuration.")
raise suricata_exceptions.InstallSuricataError("Failed to read Suricata configuration.")
config.af_packet_interfaces = []
for interface in self.capture_network_interfaces:
config.add_afpacket_interface(interface, threads='auto', cluster_id=99)
try:
config.write_config()
except suricata_exceptions.WriteSuricataConfigError:
self.logger.error("Failed to write Suricata configuration.")
suricata_exceptions.InstallSuricataError("Could not write Suricata configurations.")
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise suricata_exceptions.InstallSuricataError("Could not find systemctl.")
self.logger.info("Installing Suricata systemd Service.")
if not sysctl.install_and_enable(os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'suricata.service')):
raise suricata_exceptions.InstallSuricataError("Failed to install Suricata systemd service.")
def setup_elasticsearch(self):
"""
Create required directories, files, and variables to run ElasticSearch successfully;
Setup Java environment
"""
self._create_elasticsearch_directories()
self._copy_elasticsearch_files_and_directories()
self._create_elasticsearch_environment_variables()
self._setup_default_elasticsearch_configs()
self._update_sysctl()
try:
utilities.set_ownership_of_file(self.configuration_directory,
user='******',
group='dynamite')
utilities.set_ownership_of_file(self.install_directory,
user='******',
group='dynamite')
utilities.set_ownership_of_file(self.log_directory,
user='******',
group='dynamite')
except Exception as e:
self.logger.error(
"General error occurred while attempting to set permissions on root directories."
)
self.logger.debug(
"General error occurred while attempting to set permissions on root directories; {}"
.format(e))
raise elastic_exceptions.InstallElasticsearchError(
"General error occurred while attempting to set permissions on root directories; {}"
.format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise elastic_exceptions.InstallElasticsearchError(
"Could not find systemctl.")
self.logger.info("Installing ElasticSearch systemd Service.")
if not sysctl.install_and_enable(
os.path.join(const.DEFAULT_CONFIGS, 'systemd',
'elasticsearch.service')):
raise elastic_exceptions.InstallElasticsearchError(
"Failed to install ElasticSearch systemd service.")
self.setup_passwords()
def setup_kibana(self):
"""
Create required directories, files, and variables to run ElasticSearch successfully;
"""
try:
pacman = package_manager.OSPackageManager(stdout=self.stdout, verbose=self.verbose)
except general_exceptions.InvalidOsPackageManagerDetectedError:
self.logger.error("No valid OS package manager detected.")
raise kibana_exceptions.InstallKibanaError("No valid OS package manager detected.")
try:
pacman.refresh_package_indexes()
pacman.install_packages(['curl'])
except (general_exceptions.OsPackageManagerInstallError, general_exceptions.OsPackageManagerRefreshError):
self.logger.error("Failed to install one or more packages; {}".format(["curl"]))
raise kibana_exceptions.InstallKibanaError("Failed to install one or more packages; {}".format(["curl"]))
self._create_kibana_directories()
self._copy_kibana_files_and_directories()
self._create_kibana_environment_variables()
self._setup_default_kibana_configs()
try:
utilities.set_ownership_of_file(self.configuration_directory, user='******', group='dynamite')
utilities.set_ownership_of_file(self.install_directory, user='******', group='dynamite')
utilities.set_ownership_of_file(self.log_directory, user='******', group='dynamite')
except Exception as e:
self.logger.error("General error occurred while attempting to set permissions on root directories.")
self.logger.debug(
"General error occurred while attempting to set permissions on root directories; {}".format(e))
raise kibana_exceptions.InstallKibanaError(
"General error occurred while attempting to set permissions on root directories; {}".format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise kibana_exceptions.InstallKibanaError("Could not find systemctl.")
self.logger.info("Installing Kibana systemd Service.")
if not sysctl.install_and_enable(os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'kibana.service')):
raise kibana_exceptions.InstallKibanaError("Failed to install Kibana systemd service.")
self._install_kibana_objects()
def uninstall_zeek(prompt_user=True, stdout=True, verbose=False):
"""
Uninstall Zeek
:param prompt_user: Print a warning before continuing
:param stdout: Print the output to console
:param verbose: Include detailed debug messages
"""
log_level = logging.INFO
if verbose:
log_level = logging.DEBUG
logger = get_logger('ZEEK', level=log_level, stdout=stdout)
logger.info("Uninstalling Zeek.")
env_file = os.path.join(const.CONFIG_PATH, 'environment')
environment_variables = utilities.get_environment_file_dict()
zeek_profiler = zeek_profile.ProcessProfiler()
if not zeek_profiler.is_installed():
logger.error("Zeek is not installed. Cannot uninstall.")
raise zeek_exceptions.UninstallZeekError("Zeek is not installed.")
if prompt_user:
sys.stderr.write('\n\033[93m[-] WARNING! Removing Zeek Will Remove Critical Agent Functionality.\033[0m\n')
resp = utilities.prompt_input('\033[93m[?] Are you sure you wish to continue? ([no]|yes): \033[0m')
while resp not in ['', 'no', 'yes']:
resp = utilities.prompt_input('\033[93m[?] Are you sure you wish to continue? ([no]|yes): \033[0m')
if resp != 'yes':
if stdout:
sys.stdout.write('\n[+] Exiting\n')
exit(0)
if zeek_profiler.is_running():
try:
zeek_process.ProcessManager().stop()
except zeek_exceptions.CallZeekProcessError as e:
logger.error("Could not kill Zeek process. Cannot uninstall.")
logger.debug("Could not kill Zeek process. Cannot uninstall; {}".format(e))
raise zeek_exceptions.UninstallZeekError("Could not kill Zeek process; {}".format(e))
install_directory = environment_variables.get('ZEEK_HOME')
config_directory = environment_variables.get('ZEEK_SCRIPTS')
try:
with open(env_file) as env_fr:
env_lines = ''
for line in env_fr.readlines():
if 'ZEEK_HOME' in line:
continue
elif 'ZEEK_SCRIPTS' in line:
continue
elif 'PF_RING_HOME' in line:
continue
elif line.strip() == '':
continue
env_lines += line.strip() + '\n'
with open(env_file, 'w') as env_fw:
env_fw.write(env_lines)
if zeek_profiler.is_installed():
shutil.rmtree(install_directory, ignore_errors=True)
shutil.rmtree(config_directory, ignore_errors=True)
except Exception as e:
logger.error("General error occurred while attempting to uninstall Zeek.")
logger.debug("General error occurred while attempting to uninstall Zeek; {}".format(e))
raise zeek_exceptions.UninstallZeekError(
"General error occurred while attempting to uninstall Zeek; {}".format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise zeek_exceptions.UninstallZeekError("Could not find systemctl.")
sysctl.uninstall_and_disable('zeek')
def setup_zeek(self):
"""
Setup Zeek NSM with PF_RING support
"""
env_file = os.path.join(const.CONFIG_PATH, 'environment')
self.logger.info('Creating Zeek installation, configuration and logging directories.')
try:
utilities.makedirs(self.install_directory, exist_ok=True)
utilities.makedirs(self.configuration_directory, exist_ok=True)
except Exception as e:
self.logger.error('General error occurred while attempting to create root directories.')
self.logger.debug("General error occurred while attempting to create root directories; {}".format(e))
raise zeek_exceptions.InstallZeekError(
"General error occurred while attempting to create root directories; {}".format(e))
self.logger.info('Compiling Zeek from source. This can take up to 30 minutes.')
if self.stdout:
utilities.print_coffee_art()
time.sleep(1)
self.logger.info('Configuring Zeek.')
if self.verbose:
zeek_config_p = subprocess.Popen('./configure --prefix={} --scriptdir={} --enable-jemalloc'.format(
self.install_directory, self.configuration_directory),
shell=True, cwd=os.path.join(const.INSTALL_CACHE, const.ZEEK_DIRECTORY_NAME))
else:
zeek_config_p = subprocess.Popen('./configure --prefix={} --scriptdir={} --enable-jemalloc'.format(
self.install_directory, self.configuration_directory),
shell=True, cwd=os.path.join(const.INSTALL_CACHE, const.ZEEK_DIRECTORY_NAME), stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
try:
zeek_config_p.communicate()
except Exception as e:
self.logger.error("General error occurred while configuring Zeek.")
self.logger.debug("General error occurred while configuring Zeek; {}".format(e))
raise zeek_exceptions.InstallZeekError(
"General error occurred while configuring Zeek; {}".format(e))
if zeek_config_p.returncode != 0:
self.logger.error(
"Zeek configuration process returned non-zero; exit-code: {}".format(zeek_config_p.returncode))
raise zeek_exceptions.InstallZeekError(
"Zeek configuration process returned non-zero; exit-code: {}".format(zeek_config_p.returncode))
time.sleep(1)
self.logger.info("Compiling Zeek.")
if utilities.get_cpu_core_count() > 1:
parallel_threads = utilities.get_cpu_core_count() - 1
else:
parallel_threads = 1
if self.verbose:
compile_zeek_process = subprocess.Popen('make -j {}; make install'.format(parallel_threads), shell=True,
cwd=os.path.join(const.INSTALL_CACHE, const.ZEEK_DIRECTORY_NAME))
try:
compile_zeek_process.communicate()
except Exception as e:
self.logger.error("General error occurred while compiling Zeek.")
self.logger.debug("General error occurred while compiling Zeek; {}".format(e))
raise zeek_exceptions.InstallZeekError(
"General error occurred while compiling Zeek; {}".format(e))
compile_zeek_return_code = compile_zeek_process.returncode
else:
compile_zeek_process = subprocess.Popen('make -j {}; make install'.format(parallel_threads), shell=True,
cwd=os.path.join(const.INSTALL_CACHE, const.ZEEK_DIRECTORY_NAME),
stdout=subprocess.PIPE, stderr=subprocess.PIPE)
try:
compile_zeek_return_code = utilities.run_subprocess_with_status(compile_zeek_process,
expected_lines=6779)
except Exception as e:
self.logger.error("General error occurred while compiling Zeek.")
self.logger.debug("General error occurred while compiling Zeek; {}".format(e))
raise zeek_exceptions.InstallZeekError(
"General error occurred while compiling Zeek; {}".format(e))
if compile_zeek_return_code != 0:
self.logger.error(
"Failed to compile Zeek from source; error code: {}; run with --verbose flag for more info.".format(
compile_zeek_return_code))
raise zeek_exceptions.InstallZeekError(
"Zeek compilation process returned non-zero; exit-code: {}".format(compile_zeek_return_code))
try:
with open(env_file) as env_f:
if 'ZEEK_HOME' not in env_f.read():
self.logger.info('Updating Zeek default home path [{}]'.format(self.install_directory))
subprocess.call('echo ZEEK_HOME="{}" >> {}'.format(self.install_directory, env_file),
shell=True)
if 'ZEEK_SCRIPTS' not in env_f.read():
self.logger.info('Updating Zeek default script path [{}]'.format(self.configuration_directory))
subprocess.call('echo ZEEK_SCRIPTS="{}" >> {}'.format(self.configuration_directory, env_file),
shell=True)
except IOError as e:
self.logger.error("Failed to open {} for reading.".format(env_file))
self.logger.debug("Failed to open {} for reading; {}".format(env_file, e))
raise zeek_exceptions.InstallZeekError(
"Failed to open {} for reading; {}".format(env_file, e))
except Exception as e:
self.logger.error("General error while creating environment variables in {}.".format(env_file))
self.logger.debug("General error while creating environment variables in {}; {}".format(env_file, e))
raise zeek_exceptions.InstallZeekError(
"General error while creating environment variables in {}; {}".format(env_file, e))
self.logger.info("Overwriting Zeek node.cfg file with our changes.")
try:
shutil.copy(os.path.join(const.DEFAULT_CONFIGS, 'zeek', 'broctl-nodes.cfg'),
os.path.join(self.install_directory, 'etc', 'node.cfg'))
shutil.copy(os.path.join(const.DEFAULT_CONFIGS, 'zeek', 'local.zeek'),
os.path.join(self.configuration_directory, 'site', 'local.zeek'))
except Exception as e:
self.logger.error("General error occurred while copying default Zeek configurations.")
self.logger.debug("General error occurred while copying default Zeek configurations; {}".format(e))
raise zeek_exceptions.InstallZeekError(
"General error occurred while copying default Zeek configurations; {}".format(e))
try:
node_config = zeek_configs.NodeConfigManager(self.install_directory)
except zeek_exceptions.ReadsZeekConfigError:
self.logger.error("An error occurred while reading Zeek configurations.")
raise zeek_exceptions.InstallZeekError("An error occurred while reading Zeek configurations.")
# Clear out pre-set workers.
for key in list(node_config.node_config):
if node_config.node_config[key]['type'] == 'worker':
del node_config.node_config[key]
# Calculate new workers.
for worker in node_config.get_optimal_zeek_worker_config(self.capture_network_interfaces, stdout=self.stdout,
verbose=self.verbose):
node_config.add_worker(name=worker['name'],
host=worker['host'],
interface=worker['interface'],
lb_procs=worker['lb_procs'],
pin_cpus=worker['pinned_cpus']
)
try:
node_config.write_config()
except zeek_exceptions.WriteZeekConfigError:
self.logger.error("An error occurred while writing Zeek configurations.")
raise zeek_exceptions.InstallZeekError("An error occurred while writing Zeek configurations.")
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise zeek_exceptions.InstallZeekError("Could not find systemctl.")
self.logger.info("Installing Zeek systemd service.")
if not sysctl.install_and_enable(os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'zeek.service')):
raise zeek_exceptions.InstallZeekError("Failed to install Zeek systemd service.")
def setup_filebeat(self):
"""
Creates necessary directory structure, and copies required files, generates a default configuration
"""
env_file = os.path.join(const.CONFIG_PATH, 'environment')
self.logger.info('Creating FileBeat install directory.')
utilities.makedirs(self.install_directory, exist_ok=True)
self.logger.info('Copying FileBeat to install directory.')
try:
utilities.copytree(
os.path.join(const.INSTALL_CACHE,
const.FILE_BEAT_DIRECTORY_NAME),
self.install_directory)
shutil.copy(
os.path.join(const.DEFAULT_CONFIGS, 'filebeat',
'filebeat.yml'), self.install_directory)
except Exception as e:
self.logger.error(
"General error occurred while copying Filebeat configs.")
self.logger.debug(
"General error occurred while copying Filebeat configs; {}".
format(e))
raise filebeat_exceptions.InstallFilebeatError(
"General error occurred while copying Filebeat configs; {}".
format(e))
self.logger.info("Building configurations and setting up permissions.")
try:
beats_config = filebeat_configs.ConfigManager(
self.install_directory)
except filebeat_exceptions.ReadFilebeatConfigError:
self.logger.error("Failed to read Filebeat configuration.")
raise filebeat_exceptions.InstallFilebeatError(
"Failed to read Filebeat configuration.")
beats_config.set_monitor_target_paths(self.monitor_paths)
beats_config.set_agent_tag(self.agent_tag)
if (self.kafka_password
or self.kafka_username) and not self.kafka_topic:
self.logger.error(
"You have specified Kafka config options without specifying a Kafka topic."
)
raise filebeat_exceptions.InstallFilebeatError(
"You have specified Kafka config options without specifying a Kafka topic."
)
if self.kafka_topic:
self.logger.warning(
"You have enabled the Agent's Kafka output which does integrate natively with Dynamite "
"Monitor/LogStash component. You will have to bring your own broker. Happy Hacking!"
)
time.sleep(2)
beats_config.set_kafka_targets(target_hosts=self.targets,
topic=self.kafka_topic,
username=self.kafka_username,
password=self.kafka_password)
# setup example upstream LogStash example, just in case you want to configure later
beats_config.set_logstash_targets(target_hosts=['localhost:5601'])
beats_config.enable_kafka_output()
else:
# setup example upstream Kafka example, just in case you want to configure later
beats_config.set_kafka_targets(target_hosts=['localhost:9092'],
topic='dynamite-nsm-events')
beats_config.enable_logstash_output()
beats_config.set_logstash_targets(self.targets)
try:
beats_config.write_config()
except filebeat_exceptions.WriteFilebeatConfigError:
self.logger.error("Failed to write filebeat configuration.")
raise filebeat_exceptions.InstallFilebeatError(
"Failed to write filebeat configuration.")
try:
utilities.set_permissions_of_file(os.path.join(
self.install_directory, 'filebeat.yml'),
unix_permissions_integer=501)
except Exception as e:
self.logger.error(
"Failed to set permissions of filebeat.yml file.")
self.logger.debug(
"Failed to set permissions of filebeat.yml file; {}".format(e))
filebeat_exceptions.InstallFilebeatError(
"Failed to set permissions of filebeat.yml file; {}".format(e))
try:
with open(env_file) as env_f:
if 'FILEBEAT_HOME' not in env_f.read():
self.logger.info(
'Updating FileBeat default script path [{}]'.format(
self.install_directory))
subprocess.call('echo FILEBEAT_HOME="{}" >> {}'.format(
self.install_directory, env_file),
shell=True)
except Exception as e:
self.logger.error(
"General error occurred while attempting to install FileBeat.")
self.logger.debug(
"General error occurred while attempting to install FileBeat; {}"
.format(e))
raise filebeat_exceptions.InstallFilebeatError(
"General error occurred while attempting to install FileBeat; {}"
.format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise filebeat_exceptions.InstallFilebeatError(
"Could not find systemctl.")
self.logger.info("Installing Filebeat systemd service.")
if not sysctl.install_and_enable(
os.path.join(const.DEFAULT_CONFIGS, 'systemd',
'filebeat.service')):
raise filebeat_exceptions.InstallFilebeatError(
"Failed to install Filebeat systemd service.")
sysctl.install_and_enable(
os.path.join(const.DEFAULT_CONFIGS, 'systemd',
'dynamite-agent.target'))
zeek_logs = None
zeek_home = self.environ.get('ZEEK_HOME')
suricata_logs = os.path.join(const.LOG_PATH, 'suricata')
if zeek_home:
zeek_logs = os.path.join(zeek_home, 'logs', 'current')
try:
self.logger.info('Patching Zeek/Suricata modules.')
beats_config.patch_modules(zeek_log_directory=zeek_logs,
suricata_log_directory=suricata_logs)
except filebeat_exceptions.WriteFilebeatModuleError:
self.logger.error('Could not patch Zeek/Suricata modules.')
raise filebeat_exceptions.InstallFilebeatError(
"Could not patch Zeek/Suricata modules.")
def uninstall_dynamited(prompt_user=True, stdout=True, verbose=False):
"""
Uninstall dynamited
:param prompt_user: Print a warning before continuing
:param stdout: Print the output to console
:param verbose: Include detailed debug messages
"""
log_level = logging.INFO
if verbose:
log_level = logging.DEBUG
logger = get_logger('DYNAMITED', level=log_level, stdout=stdout)
env_file = os.path.join(const.CONFIG_PATH, 'environment')
environment_variables = utilities.get_environment_file_dict()
dynamited_profiler = dynamited_profile.ProcessProfiler()
if not dynamited_profiler.is_installed():
raise dynamited_exceptions.UninstallDynamiteDaemonError("dynamited is not installed.")
if prompt_user:
sys.stderr.write(
'\n\033[93m[-] WARNING! Removing dynamited will disable various performance metric gathering from '
'occurring.\033[0m\n')
resp = utilities.prompt_input('\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m ')
while resp not in ['', 'no', 'yes']:
resp = utilities.prompt_input('\n\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m ')
if resp != 'yes':
if stdout:
sys.stdout.write('\n[+] Exiting\n')
exit(0)
if dynamited_profiler.is_running():
dynamited_process.ProcessManager().stop()
try:
shutil.rmtree(environment_variables['DYNAMITED_LOGS'])
shutil.rmtree(environment_variables['DYNAMITED_INSTALL'])
shutil.rmtree(environment_variables['DYNAMITED_CONFIG'])
shutil.rmtree(const.INSTALL_CACHE, ignore_errors=True)
env_lines = ''
with open(env_file) as env_fr:
for line in env_fr.readlines():
if 'DYNAMITED_LOGS' in line:
continue
elif 'DYNAMITED_INSTALL' in line:
continue
elif 'DYNAMITED_CONFIG' in line:
continue
elif line.strip() == '':
continue
env_lines += line.strip() + '\n'
with open(env_file, 'w') as env_fw:
env_fw.write(env_lines)
except Exception as e:
logger.error("General error occurred while attempting to uninstall dynamited.".format(e))
logger.debug("General error occurred while attempting to uninstall dynamited; {}".format(e))
raise dynamited_exceptions.UninstallDynamiteDaemonError(
"General error occurred while attempting to uninstall dynamited; {}".format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise dynamited_exceptions.UninstallDynamiteDaemonError("Could not find systemctl.")
sysctl.uninstall_and_disable('dynamited')
def uninstall_logstash(prompt_user=True, stdout=True, verbose=False):
"""
Install Logstash with ElastiFlow & Synesis
:param prompt_user: Print a warning before continuing
:param stdout: Print the output to console
:param verbose: Include detailed debug messages
"""
log_level = logging.INFO
if verbose:
log_level = logging.DEBUG
logger = get_logger('LOGSTASH', level=log_level, stdout=stdout)
env_file = os.path.join(const.CONFIG_PATH, 'environment')
environment_variables = utilities.get_environment_file_dict()
configuration_directory = environment_variables.get('LS_PATH_CONF')
ls_profiler = logstash_profile.ProcessProfiler()
ls_config = logstash_config.ConfigManager(
configuration_directory=configuration_directory)
if not ls_profiler.is_installed():
logger.error('LogStash is not installed.')
raise logstash_exceptions.UninstallLogstashError(
"LogStash is not installed.")
if prompt_user:
sys.stderr.write(
'\n\033[93m[-] WARNING! Removing Logstash Will Prevent ElasticSearch From Receiving Events.\033[0m\n'
)
resp = utilities.prompt_input(
'\n\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m '
)
while resp not in ['', 'no', 'yes']:
resp = utilities.prompt_input(
'\033[93m[?] Are you sure you wish to continue? ([no]|yes): \033[0m'
)
if resp != 'yes':
if stdout:
sys.stdout.write('\n[+] Exiting\n')
exit(0)
if ls_profiler.is_running():
logstash_process.ProcessManager().stop()
try:
shutil.rmtree(ls_config.ls_path_conf)
shutil.rmtree(ls_config.ls_home)
shutil.rmtree(ls_config.path_logs)
shutil.rmtree(const.INSTALL_CACHE, ignore_errors=True)
env_lines = ''
with open(env_file) as env_fr:
for line in env_fr.readlines():
if 'LS_PATH_CONF' in line:
continue
elif 'LS_HOME' in line:
continue
elif 'LS_LOGS' in line:
continue
elif 'ELASTIFLOW_' in line:
continue
elif 'SYNLITE_' in line:
continue
elif 'ES_PASSWD' in line:
continue
elif line.strip() == '':
continue
env_lines += line.strip() + '\n'
with open(env_file, 'w') as env_fw:
env_fw.write(env_lines)
except Exception as e:
logger.error(
"General error occurred while attempting to uninstall LogStash.".
format(e))
logger.debug(
"General error occurred while attempting to uninstall LogStash; {}"
.format(e))
raise logstash_exceptions.UninstallLogstashError(
"General error occurred while attempting to uninstall LogStash; {}"
.format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise logstash_exceptions.UninstallLogstashError(
"Could not find systemctl.")
sysctl.uninstall_and_disable('logstash')
def setup_logstash(self):
"""
Create required directories, files, and variables to run LogStash successfully;
"""
self._create_logstash_directories()
self._copy_logstash_files_and_directories()
self._create_logstash_environment_variables()
self._setup_default_logstash_configs()
self._update_sysctl()
self._setup_elastiflow()
self._setup_synesis()
self._install_logstash_plugins()
try:
shutil.copy(
os.path.join(const.DEFAULT_CONFIGS, 'logstash',
'pipelines.yml'),
os.path.join(self.configuration_directory, 'pipelines.yml'))
except Exception as e:
raise logstash_exceptions.InstallLogstashError(
"General error while copying pipeline.yml file; {}".format(e))
try:
utilities.makedirs(self.install_directory, exist_ok=True)
utilities.makedirs(self.configuration_directory, exist_ok=True)
utilities.makedirs(self.log_directory, exist_ok=True)
except Exception as e:
raise logstash_exceptions.InstallLogstashError(
"General error occurred while attempting to create root directories; {}"
.format(e))
try:
utilities.set_ownership_of_file(self.configuration_directory,
user='******',
group='dynamite')
utilities.set_ownership_of_file(self.install_directory,
user='******',
group='dynamite')
utilities.set_ownership_of_file(self.log_directory,
user='******',
group='dynamite')
except Exception as e:
self.logger.error(
"General error occurred while attempting to set permissions on root directories."
)
self.logger.debug(
"General error occurred while attempting to set permissions on root directories; {}"
.format(e))
raise logstash_exceptions.InstallLogstashError(
"General error occurred while attempting to set permissions on root directories; {}"
.format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise logstash_exceptions.InstallLogstashError(
"Could not find systemctl.")
self.logger.info("Installing LogStash systemd Service.")
if not sysctl.install_and_enable(
os.path.join(const.DEFAULT_CONFIGS, 'systemd',
'logstash.service')):
raise logstash_exceptions.InstallLogstashError(
"Failed to install LogStash systemd service.")
def uninstall_kibana(prompt_user=True, stdout=True, verbose=False):
"""
Uninstall Kibana/ElastiFlow/Synesis Dashboards
:param prompt_user: Print a warning before continuing
:param stdout: Print the output to console
:param verbose: Include detailed debug messages
"""
log_level = logging.INFO
if verbose:
log_level = logging.DEBUG
logger = get_logger('KIBANA', level=log_level, stdout=stdout)
env_file = os.path.join(const.CONFIG_PATH, 'environment')
environment_variables = utilities.get_environment_file_dict()
kb_profiler = kibana_profile.ProcessProfiler()
if not kb_profiler.is_installed():
raise kibana_exceptions.UninstallKibanaError("Kibana is not installed.")
configuration_directory = environment_variables.get('KIBANA_PATH_CONF')
kb_config = kibana_configs.ConfigManager(configuration_directory)
if prompt_user:
sys.stderr.write(
'\n\033[93m[-] WARNING! Removing Kibana will uninstall all visualizations and saved searches previously '
'created.\033[0m\n')
resp = utilities.prompt_input('\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m ')
while resp not in ['', 'no', 'yes']:
resp = utilities.prompt_input('\n\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m ')
if resp != 'yes':
if stdout:
sys.stdout.write('\n[+] Exiting\n')
exit(0)
if kb_profiler.is_running():
kibana_process.ProcessManager().stop()
try:
shutil.rmtree(kb_config.kibana_path_conf)
shutil.rmtree(kb_config.kibana_home)
shutil.rmtree(kb_config.kibana_logs)
shutil.rmtree(const.INSTALL_CACHE, ignore_errors=True)
env_lines = ''
with open(env_file) as env_fr:
for line in env_fr.readlines():
if 'KIBANA_PATH_CONF' in line:
continue
elif 'KIBANA_HOME' in line:
continue
elif 'KIBANA_LOGS' in line:
continue
elif line.strip() == '':
continue
env_lines += line.strip() + '\n'
with open(env_file, 'w') as env_fw:
env_fw.write(env_lines)
except Exception as e:
logger.error("General error occurred while attempting to uninstall Kibana.".format(e))
logger.debug("General error occurred while attempting to uninstall Kibana; {}".format(e))
raise kibana_exceptions.UninstallKibanaError(
"General error occurred while attempting to uninstall kibana; {}".format(e))
try:
sysctl = systemctl.SystemCtl()
except general_exceptions.CallProcessError:
raise kibana_exceptions.UninstallKibanaError("Could not find systemctl.")
sysctl.uninstall_and_disable('kibana')