class SSHInventory(): _interval = 3600 def __init__(self): self._tmp_conf = OssimConf(Const.CONFIG_FILE) self.inv = Inventory() #Implement cache with timeout????? self.cache = [] #threading.Thread.__init__(self) def connectDB(self): self.db = OssimDB() self.db.connect(self._tmp_conf["ossim_host"], self._tmp_conf["ossim_base"], self._tmp_conf["ossim_user"], self._tmp_conf["ossim_pass"]) def closeDB(self): self.db.close() def run(self): while True: self.process() time.sleep(self._interval) def process(self): #Check host with local credentials hosts = self.inv.getHostWithCredentials("SSH")
def _get_db_conf(self): # Now, complete config info from Ossim database db = OssimDB(self[VAR_DB_HOST], self[VAR_DB_SCHEMA], self[VAR_DB_USER], self[VAR_DB_PASSWORD]) db.connect() #Reads all the frameworkd configuration values. #query = "select * from config where conf like 'frameworkd_%%'" query = "select * from config" fmk_table_values = db.exec_query(query) for row in fmk_table_values: self._conf[row['conf']] = row['value'] query = '' if not self._conf.has_key(VAR_KEY_FILE): #logger.error("Invalid value for %s int the database" % VAR_KEY_FILE) #return self._conf[VAR_KEY_FILE] = '/etc/ossim/framework/db_encryption_key' keyfile = self._conf[VAR_KEY_FILE] useEncryption = False if os.path.isfile(keyfile): config = ConfigParser.ConfigParser() keyfile_fd= open(keyfile,'r') try: config.readfp(keyfile_fd) self._conf[VAR_KEY] = config.get('key-value', 'key') useEncryption = True except Exception, e: logger.error("Invalid key file: %s" % str(e)) finally:
class ControlPanel(threading.Thread): def __init__(self): self.__conf = None # ossim configuration values (ossim.conf) self.__conn = None # cursor to ossim database self.__rrd_path = {} # path for global, net, host and level rrds threading.Thread.__init__(self) def __startup(self): # configuration values self.__conf = OssimConf(Const.CONFIG_FILE) # database connection self.__conn = OssimDB() self.__conn.connect(self.__conf["ossim_host"], self.__conf["ossim_base"], self.__conf["ossim_user"], self.__conf["ossim_pass"]) # rrd paths if self.__conf["rrdtool_path"]: Const.RRD_BIN = os.path.join(self.__conf["rrdtool_path"], "rrdtool") try: for dest in ["global", "net", "host", "level"]: self.__rrd_path[dest] = \ os.path.join(self.__conf["mrtg_rrd_files_path"], '%s_qualification' % (dest)) except OSError, e: logger.error("Error reading RRD path: " + str(e)) sys.exit()
class NtopDiscovery(threading.Thread): _interval = 100 def __init__(self): self._tmp_conf = OssimConf(Const.CONFIG_FILE) #Implement cache with timeout????? self.inv = Inventory() self.cache = [] threading.Thread.__init__(self) def connectDB(self): self.db = OssimDB() self.db.connect(self._tmp_conf["ossim_host"], self._tmp_conf["ossim_base"], self._tmp_conf["ossim_user"], self._tmp_conf["ossim_pass"]) def closeDB(self): self.db.close() def getDataFromSensor(self, ip, port): logger.debug("Retrieving NTOP data from %s" % ip) try: f = urllib.urlopen("http://%s:%s/python/get.py" % (ip, port)) return f.read() except IOError, msg: print msg logger.error("Error retrieving NTOP information from %s - msg:%s" % (ip, msg)) return None
class Vulnerabilities : def __init__ (self) : self.__set_debug = True self.__conf = OssimConf(Const.CONFIG_FILE) self.__conn = OssimDB() self.__conn.connect( self.__conf['ossim_host'], self.__conf['ossim_base'], self.__conf['ossim_user'], self.__conf['ossim_pass']) self.__id_pending = 65001 self.__id_false_positive = 65002 self.__default_incident_type = 'Nessus Vulnerability' self.__nsr_fd = None self.__scanner_type = None self.__scan_time = None self.__ticket_default_user = "******" self.__ticket_default_closed_description = "Automatic closed of the incident" self.__ticket_default_open_description = "Automatic open of the incident" def process(self, nsr_file, scan_date, scan_networks, scan_hosts) : self.__debug("Generating Incidents for found vulnerabilities") self.__scan_time = strftime('%Y-%m-%d %H:%M:%S') self.__scanner_type = self.__scanner_type or \ self.__conf["scanner_type"] or \ "openvas2" try: self.__nsr_fd = open(nsr_file) except Exception, e: self.__debug("Unable to open file %s: %s" % (nsr_file,e)) return self.__parse_vulns_file() self.__debug("Automatic close of vulnerabilities") self.__traverse_vulns_incidents(scan_date, scan_networks, scan_hosts) self.__debug("Generating Incidents finished ok")
def __init__(self, conf): self.__newConfigFileTemplateName = "/etc/apache2/conf.d/ntop-%s.conf" self.__sensorVar = "$(SENSOR_IP)" self.__myDB = OssimDB() self.__myDB_connected = False self.__myconf = conf self.__sensors = []
def __init__(self): self.__conf = OssimConf(Const.CONFIG_FILE) self.__db = OssimDB() self.__stored_id = 0 self.__stored_num = 0 self.__header_id = 0 threading.Thread.__init__(self)
def __init__(self, request): self.__request = self.parseRequest(request) self.__responses = {} self.__conf = OssimConf(Const.CONFIG_FILE) self.__db = OssimDB() threading.Thread.__init__(self)
def __startup(self): # configuration values self.__conf = OssimConf(Const.CONFIG_FILE) # database connection self.__conn = OssimDB() self.__conn.connect(self.__conf["ossim_host"], self.__conf["ossim_base"], self.__conf["ossim_user"], self.__conf["ossim_pass"]) # rrd paths if self.__conf["rrdtool_path"]: Const.RRD_BIN = os.path.join(self.__conf["rrdtool_path"], "rrdtool") try: for dest in ["global", "net", "host", "level"]: self.__rrd_path[dest] = \ os.path.join(self.__conf["mrtg_rrd_files_path"], '%s_qualification' % (dest)) except OSError, e: logger.error("Error reading RRD path: " + str(e)) sys.exit()
class Vulnerabilities: def __init__(self): self.__set_debug = True self.__conf = OssimConf(Const.CONFIG_FILE) self.__conn = OssimDB() self.__conn.connect(self.__conf['ossim_host'], self.__conf['ossim_base'], self.__conf['ossim_user'], self.__conf['ossim_pass']) self.__id_pending = 65001 self.__id_false_positive = 65002 self.__default_incident_type = 'Nessus Vulnerability' self.__nsr_fd = None self.__scanner_type = None self.__scan_time = None self.__ticket_default_user = "******" self.__ticket_default_closed_description = "Automatic closed of the incident" self.__ticket_default_open_description = "Automatic open of the incident" def process(self, nsr_file, scan_date, scan_networks, scan_hosts): self.__debug("Generating Incidents for found vulnerabilities") self.__scan_time = strftime('%Y-%m-%d %H:%M:%S') self.__scanner_type = self.__scanner_type or \ self.__conf["scanner_type"] or \ "openvas2" try: self.__nsr_fd = open(nsr_file) except Exception, e: self.__debug("Unable to open file %s: %s" % (nsr_file, e)) return self.__parse_vulns_file() self.__debug("Automatic close of vulnerabilities") self.__traverse_vulns_incidents(scan_date, scan_networks, scan_hosts) self.__debug("Generating Incidents finished ok")
class ControlPanel (threading.Thread) : def __init__ (self) : self.__conf = None # ossim configuration values (ossim.conf) self.__conn = None # cursor to ossim database self.__rrd_path = {} # path for global, net, host and level rrds threading.Thread.__init__(self) def __startup (self) : # configuration values self.__conf = OssimConf (Const.CONFIG_FILE) # database connection self.__conn = OssimDB() self.__conn.connect ( self.__conf["ossim_host"], self.__conf["ossim_base"], self.__conf["ossim_user"], self.__conf["ossim_pass"]) # rrd paths if self.__conf["rrdtool_path"]: Const.RRD_BIN = os.path.join(self.__conf["rrdtool_path"], "rrdtool") try: for dest in [ "global", "net", "host", "level" ] : self.__rrd_path[dest] = \ os.path.join(self.__conf["mrtg_rrd_files_path"], '%s_qualification' % (dest)) except OSError, e: print >>sys.stderr, "Error reading RRD path: " + e sys.exit()
class NtopDiscovery(threading.Thread): _interval = 100 def __init__(self): self._tmp_conf = OssimConf (Const.CONFIG_FILE) #Implement cache with timeout????? self.inv = Inventory() self.cache = [] threading.Thread.__init__(self) def connectDB(self): self.db = OssimDB() self.db.connect (self._tmp_conf["ossim_host"], self._tmp_conf["ossim_base"], self._tmp_conf["ossim_user"], self._tmp_conf["ossim_pass"]) def closeDB(self): self.db.close() def getDataFromSensor(self, ip, port): logger.debug("Retrieving NTOP data from %s" % ip) try: f = urllib.urlopen("http://%s:%s/python/get.py" % (ip, port)) return f.read() except IOError, msg: #print msg logger.error("Error retrieving NTOP information from %s - msg:%s" % (ip, msg)) return None
def _get_db_conf(self): # Now, complete config info from Ossim database db = OssimDB(self[VAR_DB_HOST], self[VAR_DB_SCHEMA], self[VAR_DB_USER], self[VAR_DB_PASSWORD]) db.connect() #Reads all the frameworkd configuration values. query = "select * from config" fmk_table_values = db.exec_query(query) for row in fmk_table_values: self._conf[row['conf']] = row['value'] query = '' if not self._conf.has_key(VAR_KEY_FILE): self._conf[VAR_KEY_FILE] = '/etc/ossim/framework/db_encryption_key' keyfile = self._conf[VAR_KEY_FILE] useEncryption = False if os.path.isfile(keyfile): config = ConfigParser.ConfigParser() keyfile_fd= open(keyfile,'r') try: config.readfp(keyfile_fd) self._conf[VAR_KEY] = config.get('key-value', 'key') useEncryption = True except Exception, e: logger.error("Invalid key file: %s" % str(e)) finally:
class SSHInventory: _interval = 3600 def __init__(self): self._tmp_conf = OssimConf(Const.CONFIG_FILE) self.inv = Inventory() # Implement cache with timeout????? self.cache = [] # threading.Thread.__init__(self) def connectDB(self): self.db = OssimDB() self.db.connect( self._tmp_conf["ossim_host"], self._tmp_conf["ossim_base"], self._tmp_conf["ossim_user"], self._tmp_conf["ossim_pass"], ) def closeDB(self): self.db.close() def run(self): while True: self.process() time.sleep(self._interval) def process(self): # Check host with local credentials hosts = self.inv.getHostWithCredentials("SSH")
class ApacheNtopProxyManager: def __init__(self, conf): self.__newConfigFileTemplateName = "/etc/apache2/conf.d/ntop-%s.conf" self.__sensorVar = "$(SENSOR_IP)" self.__myDB = OssimDB() self.__myDB_connected = False self.__myconf = conf self.__sensors = [] def __reloadApache(self): logger.info("Reloading apache...") status, output = commands.getstatusoutput('/etc/init.d/apache2 reload') if status == 0: logger.info("Reloading apache .... OK") else: logger.error("Reloading apache .... FAIL ..status code:%s" % status) def __getSensorList(self): if not self.__myDB_connected: self.__myDB.connect(self.__myconf["ossim_host"], self.__myconf["ossim_base"], self.__myconf["ossim_user"], self.__myconf["ossim_pass"]) self.__myDB_connected = True #read sensor list. query = 'select sensor.ip from sensor join sensor_properties where sensor.ip = sensor_properties.ip and sensor_properties.has_ntop =1;' tmp = self.__myDB.exec_query(query) for sensor in tmp: self.__sensors.append(sensor['ip']) self.__myDB.close() self.__myDB_connected = False def __buildNtopConfigurationForSensor(self, sensor_ip): #Create a the new file: newfile_name = self.__newConfigFileTemplateName % sensor_ip logger.info("Creating ntop proxy configuration %s" % newfile_name) new_config_file = open(newfile_name, 'w') template = open(Const.NTOP_APACHE_PROXY_TEMPLATE) for line in template: new_config_file.write(line.replace(self.__sensorVar, sensor_ip)) new_config_file.close() template.close() def refreshConfiguration(self): #remove old configuration status, output = commands.getstatusoutput( ' rm /etc/apache2/conf.d/ntop-*.conf') if not os.path.isfile(Const.NTOP_APACHE_PROXY_TEMPLATE): logger.error( "I can't create Ntop proxy configurations. Template file: %s not exist!" % Const.NTOP_APACHE_PROXY_TEMPLATE) else: self.__getSensorList() time.sleep(1) logger.info("Sensors are loaded") for sensor in self.__sensors: self.__buildNtopConfigurationForSensor(sensor) self.__reloadApache()
def __startup (self) : # configuration values self.__conf = OssimConf (Const.CONFIG_FILE) # database connection self.__conn = OssimDB() self.__rand = random.randrange(60, 300)
def __init__(self, conf): self.__newConfigFileTemplateName = "/etc/apache2/conf.d/ntop-%s.conf" self.__sensorVar = "$(SENSOR_IP)" self.__myDB = OssimDB(conf[VAR_DB_HOST], conf[VAR_DB_SCHEMA], conf[VAR_DB_USER], conf[VAR_DB_PASSWORD]) self.__myDB_connected = False self.__myconf = conf self.__sensors = {} #ip = name self.__firstValidSensorConnected = False
class ControlManager: def __init__(self, conf): logger.debug("Initialising ControlManager...") self.control_agents = {} self.transaction_map = {} self.__myDB = OssimDB() self.__myDB_connected = False self.__myconf = conf self.__transaction_timeout = 60 self.__ntop_apache_manager = ApacheNtopProxyManager(conf) self.__control = DoControl(self) self.__control.start() self.__ntop_configuration_checked = False self.__mutexRquest = Lock() def refreshAgentCache(self, requestor, agent_id,agent_name): if not self.__myDB_connected: self.__myDB.connect (self.__myconf["ossim_host"], self.__myconf["ossim_base"], self.__myconf["ossim_user"], self.__myconf["ossim_pass"]) self.__myDB_connected = True #read host list query = 'select hostname,ip,fqdns from host where ip in (select host_ip from host_sensor_reference where sensor_name="%s");' % agent_name tmp = self.__myDB.exec_query(query) new_command = 'action="refresh_asset_list" list={' sendCommand = False for host in tmp: host_cmd = "%s=%s," % (host['ip'],host['hostname']) if host['fqdns'] is not None and host['fqdns'] != '': fqdns_list = host['fqdns'].split(',') for name in fqdns_list: host_cmd += "%s," % name host_cmd = host_cmd[:-1] host_cmd+=';' sendCommand = True new_command += host_cmd new_command[:-1] new_command += '}' # add this connection to the transaction map #transaction = self.__transaction_id_get() #self.transaction_map[transaction] = {'socket':requestor, 'time':time.time()} # append the transaction to the message for tracking if sendCommand: if self.control_agents.has_key(agent_id): try: self.control_agents[agent_id].wfile.write(new_command + ' transaction="NA"\n') logger.info("Updating asset list to agent: %s " % (agent_id)) logger.debug("Cmd: %s" % new_command) except socket.error,e: logger.warning("it can't send messages to :%s" % agent_id) else: logger.warning("No agent :%s" % agent_id) else:
def __init__(self, conf): logger.debug("Initialising ControlManager...") self.control_agents = {} self.transaction_map = {} self.__myDB = OssimDB() self.__myDB_connected = False self.__myconf = conf self.__transaction_timeout = 60 self.__control = DoControl(self) self.__control.start()
def __init__(self): self.__conf = OssimConf() self.__db = OssimDB(self.__conf[VAR_DB_HOST], self.__conf[VAR_DB_SCHEMA], self.__conf[VAR_DB_USER], self.__conf[VAR_DB_PASSWORD]) self.__stored_id = 0 self.__stored_num = 0 self.__header_id = 0 self.__ntop_apache_manager = ApacheNtopProxyManager(self.__conf) self.__last_ntop_link = "" threading.Thread.__init__(self)
def __init__(self, conf): logger.debug("Initialising ControlManager...") self.control_agents = {} self.__control_agents_connection_ip_vs_sensor_ip = {} self.transaction_map = {} self.__myconf = conf self.__myDB = OssimDB(conf[VAR_DB_HOST], conf[VAR_DB_SCHEMA], conf[VAR_DB_USER], conf[VAR_DB_PASSWORD]) self.__myDB_connected = self.__myDB.connect() self.__transaction_timeout = 60 self.__control = DoControl(self) self.__control.start() self.__mutexRquest = Lock()
def setUp(self): self.__db = "test" self.__db_user = "******" self.__db_pass = "******" self.__db_host = "localhost" self.__db_query = "select" self.__db_query_result = ["test_row1", "test_row2", "test_row3"] self.__db_query_empty_result = [] self.__db_autocommit = True self.__db_autocommit_default = False self.__db_error_code = 2006 self.__db_param_query = "select where a = %s and b = %s" self.__db_params = (1, 2) self.__ossim_db = OssimDB(self.__db_host, self.__db, self.__db_user, self.__db_pass)
def __init__(self): """Default constructor. """ threading.Thread.__init__(self) self.__myDB = OssimDB(_CONF[VAR_DB_HOST], _CONF[VAR_DB_SCHEMA], _CONF[VAR_DB_USER], _CONF[VAR_DB_PASSWORD]) self.__myDB_connected = False self.__keepWorking = True #self.__mutex = Lock() self.__bkConfig = {} self.__loadConfiguration() self.__stopE = threading.Event() self.__stopE.clear()
def __init__(self, conf): logger.debug("Initialising ControlManager...") self.control_agents = {} self.transaction_map = {} self.__myconf = conf self.__myDB = OssimDB(conf[VAR_DB_HOST], conf[VAR_DB_SCHEMA], conf[VAR_DB_USER], conf[VAR_DB_PASSWORD]) self.__myDB_connected = self.__myDB.connect () self.__transaction_timeout = 60 self.__ntop_apache_manager = ApacheNtopProxyManager(conf) self.__control = DoControl(self) self.__control.start() self.__ntop_configuration_checked = False self.__mutexRquest = Lock()
def __init__(self): """Default constructor. """ self._tmp_conf = OssimConf () threading.Thread.__init__(self) self.__active_hosts = {} #key = ip value=hostname self.__test_create_dir(self._tmp_conf[VAR_NAGIOS_CFG]) self.__test_create_dir(os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hosts")) self.__test_create_dir(os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "host-services")) self.__test_create_dir(os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hostgroups")) self.__test_create_dir(os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hostgroup-services")) self.__dbConnection = OssimDB(self._tmp_conf[VAR_DB_HOST], self._tmp_conf[VAR_DB_SCHEMA], self._tmp_conf[VAR_DB_USER], self._tmp_conf[VAR_DB_PASSWORD]) self.__dbConnected = False
def __startup(self): # configuration values self.__conf = OssimConf(Const.CONFIG_FILE) # database connection self.__conn = OssimDB() self.__conn.connect(self.__conf["ossim_host"], self.__conf["ossim_base"], self.__conf["ossim_user"], self.__conf["ossim_pass"]) # rrd paths if self.__conf["rrdtool_path"]: Const.RRD_BIN = os.path.join(self.__conf["rrdtool_path"], "rrdtool")
def __startup (self) : # configuration values self.__conf = OssimConf () self.__rddbinary = self.__conf[VAR_RRD_BINARY] self.__interval = 300 try: self.__interval = int(self.__conf[VAR_RRD_TIME_PERIOD]) except ValueError: logger.error("Invalid value for %s" % VAR_RRD_TIME_PERIOD) # database connection self.__conn = OssimDB(self.__conf[VAR_DB_HOST], self.__conf[VAR_DB_SCHEMA], self.__conf[VAR_DB_USER], self.__conf[VAR_DB_PASSWORD]) self.__conn.connect ()
def __startup (self): self._CONF = OssimConf(Const.CONFIG_FILE) self._DB = OssimDB() self._DB.connect(self._CONF['ossim_host'], self._CONF['ossim_base'], self._CONF['ossim_user'], self._CONF['ossim_pass'])
def connectDB(self): self.db = OssimDB() self.db.connect( self._tmp_conf["ossim_host"], self._tmp_conf["ossim_base"], self._tmp_conf["ossim_user"], self._tmp_conf["ossim_pass"], )
def __init__(self): self.__set_debug = True self.__conf = OssimConf(Const.CONFIG_FILE) self.__conn = OssimDB() self.__conn.connect(self.__conf['ossim_host'], self.__conf['ossim_base'], self.__conf['ossim_user'], self.__conf['ossim_pass']) self.__id_pending = 65001 self.__id_false_positive = 65002 self.__default_incident_type = 'Nessus Vulnerability' self.__nsr_fd = None self.__scanner_type = None self.__scan_time = None self.__ticket_default_user = "******" self.__ticket_default_closed_description = "Automatic closed of the incident" self.__ticket_default_open_description = "Automatic open of the incident"
def __init__(self, conf): self.__newConfigFileTemplateName = "/etc/apache2/conf.d/ntop-%s.conf" self.__sensorVar = "$(SENSOR_IP)" self.__myDB = OssimDB() self.__myDB_connected = False self.__myconf = conf self.__sensors = {} #ip = name self.__firstValidSensorConnected = False
def __get_latest_scan_dates(self): scan_date_array = {} tmp_conf = OssimConf (Const.CONFIG_FILE) tmp_conn = None self.__debug("Getting latest scan dates") tmp_conn = OssimDB() tmp_conn.connect ( tmp_conf["ossim_host"], tmp_conf["ossim_base"], tmp_conf["ossim_user"], tmp_conf["ossim_pass"]) query = "SELECT hostvul.ip as ip, date_format(hostvul.scan_date,\"%Y%m%d%H%i%s\") as scan_date FROM (SELECT ip, max(scan_date) AS mymax FROM host_vulnerability group by ip) AS myvul, host_vulnerability AS hostvul WHERE hostvul.ip=myvul.ip AND hostvul.scan_date=myvul.mymax" hash = tmp_conn.exec_query(query) for row in hash: scan_date_array[row["ip"]] = row["scan_date"] return scan_date_array
def __check_sensor_ip(self, addr): """ Checks if the request is coming from a sensor. Args: addr: tuple with ip address and port of the request Returns: True if address corresponds to a sensor, false otherwise. """ try: conf = OssimConf() myDB = OssimDB(conf[VAR_DB_HOST], conf[VAR_DB_SCHEMA], conf[VAR_DB_USER], conf[VAR_DB_PASSWORD]) myDB_connected = myDB.connect() except Exception, msg: # Cannot connect to database, return false. logger.warning("Cannot find registered sensors: %s" % str(msg)) return False
def _get_db_conf(self): # Now, complete config info from Ossim database # from OssimDB import OssimDB db = OssimDB() db.connect(self["ossim_host"], self["ossim_base"], self["ossim_user"], self["ossim_pass"]) query = '' useEncryption = False if self["encryptionKey"]: query = "SELECT * FROM config where conf not like '%%_pass%%'" useEncryption = True else: query = "SELECT * FROM config" hash = db.exec_query(query) for row in hash: # values declared at config file override the database ones if row["conf"] not in self._conf: self[row["conf"]] = row["value"] #Now read pass nones_list = [] if useEncryption: logger.debug("using key: %s" % self['encryptionKey']) hash = db.exec_query( "SELECT *, AES_DECRYPT(value,'%s') as dvalue FROM config where conf like '%%_pass%%'" % self["encryptionKey"]) for row in hash: # values declared at config file override the database ones if row["conf"] not in self._conf: logger.debug("PASSWD Row: %s Value:%s " % (row["conf"], row["dvalue"])) if row["dvalue"] is not None: self[row["conf"]] = row["dvalue"] else: nones_list.append(row["conf"]) if len(nones_list) > 0: logger.debug("Reading without decryption....") hash = db.exec_query( "SELECT * FROM config where conf like '%%_pass%%'") for row in hash: self[row["conf"]] = row["value"] logger.debug( "Reading pass without decrypt Row: %s Value:%s " % (row["conf"], row["value"])) db.close()
def __init__(self): self.__conf = OssimConf(Const.CONFIG_FILE) self.__db = OssimDB() self.__stored_id = 0 self.__stored_num = 0 self.__header_id = 0 self.__ntop_apache_manager = ApacheNtopProxyManager(self.__conf) self.__last_ntop_link = "" threading.Thread.__init__(self)
def __check_sensor_ip(self, addr): """ Checks if the request is coming from a sensor. Args: addr: tuple with ip address and port of the request Returns: True if address corresponds to a sensor, false otherwise. """ try: conf = OssimConf() myDB = OssimDB(conf[VAR_DB_HOST], conf[VAR_DB_SCHEMA], conf[VAR_DB_USER], conf[VAR_DB_PASSWORD]) myDB_connected = myDB.connect () except Exception, msg: # Cannot connect to database, return false. logger.warning("Cannot find registered sensors: %s" % str(msg)) return False
def __init__(self): self.__conf = OssimConf() self.__db = OssimDB(self.__conf[VAR_DB_HOST], self.__conf[VAR_DB_SCHEMA], self.__conf[VAR_DB_USER], self.__conf[VAR_DB_PASSWORD]) self.__stored_id = 0 self.__stored_num = 0 self.__header_id = 0 threading.Thread.__init__(self)
def __startup (self) : # configuration values self.__conf = OssimConf (Const.CONFIG_FILE) # database connection self.__conn = OssimDB() self.__conn.connect ( self.__conf["ossim_host"], self.__conf["ossim_base"], self.__conf["ossim_user"], self.__conf["ossim_pass"])
def __startup (self) : # configuration values self.__conf = OssimConf (Const.CONFIG_FILE) # database connection self.__conn = OssimDB() self.__conn.connect ( self.__conf["ossim_host"], self.__conf["ossim_base"], self.__conf["ossim_user"], self.__conf["ossim_pass"]) self.__snort_conn = OssimDB() self.__snort_conn.connect ( self.__conf["snort_host"], self.__conf["snort_base"], self.__conf["snort_user"], self.__conf["snort_pass"]) # rrd paths if self.__conf["rrdtool_path"]: Const.RRD_BIN = os.path.join(self.__conf["rrdtool_path"], "rrdtool")
def __init__(self): # configure logging, databases (alienvault + osvdb) self.logger = Logger.logger _CONF = OssimConf() _OSVDB = "osvdb" self._DB = OssimDB(_CONF[VAR_DB_HOST], _CONF[VAR_DB_SCHEMA], _CONF[VAR_DB_USER], _CONF[VAR_DB_PASSWORD]) self._osvdb = OssimDB(_CONF[VAR_DB_HOST], _OSVDB, _CONF[VAR_DB_USER], _CONF[VAR_DB_PASSWORD]) # connect databases avbool = self._DB.connect() osvbool = self._osvdb.connect() if not avbool: self.logger.error( "[vcad][x] error connecting to database alienvault") if not osvbool: self.logger.error("[vcad][x] error connecting to database osvdb") self.invertedIndex = InvertedIndex.InvertedIndex() self.logger.info("[vcad][+] init complete.") return
def get_nets(self, netgroups, nets): netgroups_l = netgroups.split(",") nets_l = [] if not nets == "": nets_l = nets.split(",") net_list = [] tmp_conf = OssimConf (Const.CONFIG_FILE) tmp_conn = None tmp_conn = OssimDB() tmp_conn.connect ( tmp_conf["ossim_host"], tmp_conf["ossim_base"], tmp_conf["ossim_user"], tmp_conf["ossim_pass"]) for group in netgroups_l: self.__debug(group) query = "SELECT * FROM net_group_reference where net_group_name='%s'" % group hash = tmp_conn.exec_query(query) for row in hash: if not row["net_name"] in net_list: net_list.append(row["net_name"]) for net in nets_l: if not net in net_list: net_list.append(net) tmp_conn.close() return net_list
class OptimizeDB (threading.Thread): def __init__ (self) : self.__conf = None self.__conn = None self.__sleep = 86400 self.__rand = 60 threading.Thread.__init__(self) def __startup (self) : # configuration values self.__conf = OssimConf (Const.CONFIG_FILE) # database connection self.__conn = OssimDB() self.__rand = random.randrange(60, 300) def __cleanup (self) : self.__conn.close() def optimize (self, host, base, user, password): self.__conn.connect (host , base, user, password) print __name__, "Optimizing tables for database: %s" % base; query = "SHOW TABLES;"; try: hash = self.__conn.exec_query(query) except Exception, e: print __name__, \ ': Error executing query (%s) """%s"""' % (query, e) return [] hash = self.__conn.exec_query(query) for row in hash: print __name__, \ "Optimizing %s.%s" % (base, row["tables_in_" + base]) query = "OPTIMIZE TABLE `%s`;" % row["tables_in_" + base] hash = self.__conn.exec_query(query)
def get_sheduler_list_by_id (self, id, type) : tmp_conf = OssimConf (Const.CONFIG_FILE) tmp_conn = None self.__debug("Getting %s from policy id %d" % (type,int(id))) list = [] tmp_conn = OssimDB() tmp_conn.connect ( tmp_conf["ossim_host"], tmp_conf["ossim_base"], tmp_conf["ossim_user"], tmp_conf["ossim_pass"]) query = "SELECT * FROM plugin_scheduler_%s_reference where plugin_scheduler_id = %d" % (type,int(id)) hash = tmp_conn.exec_query(query) if type == "host": col = "ip" else: col = "%s_name" % type for row in hash: list.append(row[col]) print list tmp_conn.close() return list
def __init__(self, conf): logger.debug("Initialising ControlManager...") self.control_agents = {} self.transaction_map = {} self.__myDB = OssimDB() self.__myDB_connected = False self.__myconf = conf self.__transaction_timeout = 60 self.__ntop_apache_manager = ApacheNtopProxyManager(conf) self.__control = DoControl(self) self.__control.start() self.__ntop_configuration_checked = False self.__mutexRquest = Lock()
def __init__(self): threading.Thread.__init__(self) self.__status = DoRestore.STATUS_OK self.__keepWorking = True self.__myDB = OssimDB(_CONF[VAR_DB_HOST], _CONF[VAR_DB_SCHEMA], _CONF[VAR_DB_USER], _CONF[VAR_DB_PASSWORD]) self.__myDB_connected = False self.__bkConfig = {} self.__loadConfiguration() self.__resetJobParams() self.__mutex = Lock() self.__mutexPurge = Lock() self.__tables = ['acid_event', 'reputation_data', 'idm_data', 'extra_data',] #'ac_acid_event',]#Changes #4376 #'ac_alerts_signature', #'ac_sensor_sid'] self.__msgerror = "" self.__purgeStatus = DoRestore.PURGE_STATUS_OK
def __init__ (self, conf, id): self.__id = id self.__default = {} self.__ops = {} logger.info ("Setting up new WS handler for id '%s'" % id) # Read the configuration from the database. db = OssimDB (conf[VAR_DB_HOST], "alienvault", conf[VAR_DB_USER], conf[VAR_DB_PASSWORD]) db.connect() # Sanitize the id param. Exactly we need 32 hex characters if re.match(r'^[a-fA-F0-9]{32}$',self.__id) == None: raise Exception('Bad webservice id') data = db.exec_query ("SELECT HEX(id), type, name, url, namespace, user, pass FROM alienvault.webservice WHERE id = UNHEX('%s')" % self.__id) if data != []: ws_config = data[0] else: raise Exception('Id %s does not match a valid webservice' % id) ws_default = db.exec_query ("SELECT field, value FROM alienvault.webservice_default WHERE ws_id = UNHEX('%s')" % self.__id) if ws_default != []: for item in ws_default: self.__default[item['field']] = item['value'] ws_oper = db.exec_query ("SELECT op, type, attrs FROM alienvault.webservice_operation WHERE ws_id = UNHEX('%s')" % self.__id) if ws_oper == []: raise Exception('Id %s does not match a valid webservice' % id) for item in ws_oper: self.__ops[item['type']] = {'op': item['op'], 'attrs': [x.replace(' ', '') for x in item['attrs'].split(',')]} # Connect to the WS. self.__server = Client(ws_config['url']) # Authenticate if needed (This may be Remedy specific!!!) authinfo_field = '' username_field = '' password_field = '' authentication_field = '' locale_field = '' timezone_field = '' try: auth_op = self.__ops['auth'] except KeyError: pass else: authinfo_field = auth_op['op'] [username_field, password_field, authentication_field, locale_field, timezone_field] = auth_op['attrs'] token = self.__server.factory.create(authinfo_field) token.__setitem__(username_field, ws_config['user']) token.__setitem__(password_field, ws_config['pass']) # token.__setitem__(authentication_field, ws_config['auth']) # token.__setitem__(locale_field, ws_config['locale']) # token.__setitem__(timezone_field, ws_config['tz']) self.__server.set_options(soapheaders=token)
def __init__(self): # configure logging, databases (alienvault + osvdb) self.logger = Logger.logger _CONF = OssimConf() _OSVDB = "osvdb" self._DB = OssimDB(_CONF[VAR_DB_HOST], _CONF[VAR_DB_SCHEMA], _CONF[VAR_DB_USER], _CONF[VAR_DB_PASSWORD]) self._osvdb = OssimDB(_CONF[VAR_DB_HOST], _OSVDB, _CONF[VAR_DB_USER], _CONF[VAR_DB_PASSWORD]) # connect databases avbool = self._DB.connect() osvbool = self._osvdb.connect() if not avbool: self.logger.error("[vcad][x] error connecting to database alienvault") if not osvbool: self.logger.error("[vcad][x] error connecting to database osvdb") self.invertedIndex = InvertedIndex.InvertedIndex() self.logger.info("[vcad][+] init complete.") return
def __init__(self): """Default constructor. """ self._tmp_conf = OssimConf() threading.Thread.__init__(self) self.__active_hosts = {} # key = ip, value = hostname self.__test_create_dir(self._tmp_conf[VAR_NAGIOS_CFG]) self.__test_create_dir( os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hosts")) self.__test_create_dir( os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "host-services")) self.__test_create_dir( os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hostgroups")) self.__test_create_dir( os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hostgroup-services")) self.__dbConnection = OssimDB(self._tmp_conf[VAR_DB_HOST], self._tmp_conf[VAR_DB_SCHEMA], self._tmp_conf[VAR_DB_USER], self._tmp_conf[VAR_DB_PASSWORD]) self.__dbConnected = False # Set default value for Nagios activity diff and check it in cache. self.__prevhash = 0 self.__get_nagios_activity_diff()
def _get_db_conf(self): # Now, complete config info from Ossim database # from OssimDB import OssimDB db = OssimDB() db.connect(self["ossim_host"], self["ossim_base"], self["ossim_user"], self["ossim_pass"]) query = '' useEncryption = False if self["encryptionKey"]: query = "SELECT * FROM config where conf not like '%%_pass%%'" useEncryption = True else: query = "SELECT * FROM config" hash = db.exec_query(query) for row in hash: # values declared at config file override the database ones if row["conf"] not in self._conf: self[row["conf"]] = row["value"] #Now read pass nones_list = [] if useEncryption: logger.debug("using key: %s" % self['encryptionKey']) hash = db.exec_query("SELECT *, AES_DECRYPT(value,'%s') as dvalue FROM config where conf like '%%_pass%%'" % self["encryptionKey"]) for row in hash: # values declared at config file override the database ones if row["conf"] not in self._conf: logger.debug("PASSWD Row: %s Value:%s " %(row["conf"],row["dvalue"])) if row["dvalue"]is not None: self[row["conf"]] = row["dvalue"] else: nones_list.append(row["conf"]) if len(nones_list) > 0: logger.debug("Reading without decryption....") hash = db.exec_query("SELECT * FROM config where conf like '%%_pass%%'") for row in hash: self[row["conf"]] = row["value"] logger.debug("Reading pass without decrypt Row: %s Value:%s " %(row["conf"],row["value"])) db.close()
def __init__(self, conf): logger.debug("Initialising ControlManager...") self.control_agents = {} self.__control_agents_connection_ip_vs_sensor_ip = {} self.transaction_map = {} self.__myconf = conf self.__myDB = OssimDB(conf[VAR_DB_HOST], conf[VAR_DB_SCHEMA], conf[VAR_DB_USER], conf[VAR_DB_PASSWORD]) self.__myDB_connected = self.__myDB.connect() self.__transaction_timeout = 60 self.__control = DoControl(self) self.__control.start() self.__mutexRequest = Lock()
def make_nagios_changes(self): port = None db = OssimDB() db.connect (self._tmp_conf["ossim_host"], self._tmp_conf["ossim_base"], self._tmp_conf["ossim_user"], self._tmp_conf["ossim_pass"]) query="select port from host_services where (protocol=6 or protocol=0) and nagios=1 group by port" services=db.exec_query(query) path = os.path.join(self._tmp_conf['nagios_cfgs'], "host-services") for fi in os.listdir(path): os.remove(os.path.join(path, fi)) path = os.path.join(self._tmp_conf['nagios_cfgs'], "hostgroup-services") for fi in os.listdir(path): os.remove(os.path.join(path, fi)) i = 0 for port in services: i+=1 query = "select h.hostname, hs.service_type from host_services hs, host_scan h_sc, host h where (hs.protocol=6 or hs.protocol=0) and hs.port=%s and hs.ip=h_sc.host_ip and h_sc.plugin_id=2007 and hs.nagios=1 and h.ip=inet_ntoa(hs.ip) group by h.ip order by h.ip" % port['port'] hosts = db.exec_query(query) list = "" for host in hosts: if list != "": list += "," list += host['hostname'] if list != "": k = nagios_host_service(list, port['port'], host['service_type'], "check_tcp!%d" % port['port'], "0", self._tmp_conf) k.select_command() k.write() hg = nagios_host_group_service(self.serv_port(port['port']),self.serv_name(port['port']),list,self._tmp_conf) hg.write() if port is not None and port in services: logger.debug("Changes where applied! Reloading Nagios config.") self.reload_nagios() db.close()
def get_hostlist_from_hg(self,hgname): query="select host_ip from host_group_reference where host_group_name = '%s'" % hgname db = OssimDB() db.connect (self._tmp_conf["ossim_host"], self._tmp_conf["ossim_base"], self._tmp_conf["ossim_user"], self._tmp_conf["ossim_pass"]) data = db.exec_query(query) db.close() return data