def get_sensor_detector(sensor_id): """ Return the [sensor]/plugin list from ossim_setup.conf of sensor """ (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error("detector: get_sensor_detector: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") # Now call the ansible module to obtain the [sensor]/iface (success, data) = get_sensor_detectors(sensor_ip) if not success: current_app.logger.error("detector: get_sensor_detector: %s" % str(data)) return make_error("Error getting sensor plugins", 500) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(plugins=data)
def bp_get_sensor_plugins_detector_enabled(sensor_id): """ Return the [sensor]/plugin list from ossim_setup.conf of sensor """ (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error("detector: get_sensor_detector: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") # Now call the ansible module to obtain the [sensor]/iface (success, data) = get_sensor_detectors(sensor_ip) if not success: current_app.logger.error("detector: get_sensor_detector: %s" % str(data)) return make_error("Error getting sensor plugins", 500) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(plugins=data)
def sync_asec_plugins(plugin=None, enable=True): """ Send the ASEC generated plugins to the system sensors and enable them Args: plugin: plugin name enable: wether we should enable the plugin or not. Default = True Returns: success (bool): msg (str): Success message/Error info """ if not plugin: return False, "No plugin to sync" try: plugin_path = "/var/lib/asec/plugins/" + plugin + ".cfg" sql_path = plugin_path + ".sql" sensors = [] (success, sensors) = get_systems(system_type='sensor') if not success: return False, "Unable to get sensors list: %s" % sensors # Bug in ansible copy module prevents us from copying the files from # /var/lib/asec/plugins as it has permissions 0 for "other" # Workaround: make a local copy using ansible command module plugin_tmp_path = "/tmp/" + plugin + ".cfg" sql_tmp_path = plugin_tmp_path + ".sql" success, local_ip = get_system_ip_from_local() if not success: error_msg = "[ansible_install_plugin] " + \ "Failed to make get local IP: %s" % local_ip return False, error_msg (success, msg) = local_copy_file(local_ip, plugin_path, plugin_tmp_path) if not success: error_msg = "[ansible_install_plugin] " + \ "Failed to make temp copy of plugin file: %s" % msg return False, error_msg (success, msg) = local_copy_file(local_ip, sql_path, sql_tmp_path) if not success: error_msg = "[ansible_install_plugin] " + \ "Failed to make temp copy of sql file: %s" % msg return False, error_msg all_ok = True for (sensor_id, sensor_ip) in sensors: (success, msg) = ansible_install_plugin(sensor_ip, plugin_tmp_path, sql_tmp_path) if success and enable: # Get list of active plugins and add the new one. # Then send the list back to the sensor? (success, data) = get_sensor_detectors(sensor_ip) if success: data['sensor_detectors'].append(plugin) sensor_det = ','.join(data['sensor_detectors']) (success, msg) = set_sensor_detectors(sensor_ip, sensor_det) if not success: error_msg = "[sync_asec_plugins] " + \ "Error enabling plugin %s " % plugin + \ "for sensor %s: %s" % (sensor_ip, msg) api_log.error(error_msg) all_ok = False else: # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) else: error_msg = "[sync_asec_plugins] " + \ "Error installing plugin %s " % plugin + \ "in sensor %s: %s" % (sensor_ip, msg) api_log.error(error_msg) all_ok = False # Delete temporal copies of the files remove_file([local_ip], plugin_tmp_path) remove_file([local_ip], sql_tmp_path) if not all_ok: error_msg = "Plugin %s installation failed " % plugin + \ "for some sensors" return False, error_msg info_msg = "Plugin %s installed. Enabled = %s" % (plugin, str(enable)) return True, info_msg except Exception as e: api_log.error("[sync_asec_plugins] Exception catched: %s" % str(e)) return False, "[sync_asec_plugins] Unknown error"