def put_sensor_detector(sensor_id): """ Set the [sensor]/detectors list on ossim_setup.conf of the sensor """ # Get the 'plugins' param list, with contains the detector plugins # It must be a comma separate list plugins = request.args.get('plugins') if plugins is None: current_app.logger.error( "detector: put_sensor_detector error: Missing parameter 'plugins'") return make_bad_request("Missing parameter plugins") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error( "detector: put_sensor_detector error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") (success, data) = set_sensor_detectors(sensor_ip, plugins) if not success: current_app.logger.error("detector: put_sensor_detector error %s" % data) return make_error("Error setting sensor detector plugins", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def put_sensor_detector(sensor_id): """ Set the [sensor]/detectors list on ossim_setup.conf of the sensor """ # Get the 'plugins' param list, with contains the detector plugins # It must be a comma separate list plugins = request.args.get('plugins') if plugins is None: current_app.logger.error("detector: put_sensor_detector error: Missing parameter 'plugins'") return make_bad_request("Missing parameter plugins") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") (success, data) = set_sensor_detectors(sensor_ip, plugins) if not success: current_app.logger.error("detector: put_sensor_detector error %s" % data) return make_error("Error setting sensor detector plugins", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def sync_asec_plugins(plugin=None, enable=True): """ Send the ASEC generated plugins to the system sensors and enable them Args: plugin: plugin name enable: wether we should enable the plugin or not. Default = True Returns: success (bool): msg (str): Success message/Error info """ if not plugin: return False, "No plugin to sync" try: plugin_path = "/var/lib/asec/plugins/" + plugin + ".cfg" sql_path = plugin_path + ".sql" sensors = [] (success, sensors) = get_systems(system_type='sensor') if not success: return False, "Unable to get sensors list: %s" % sensors # Bug in ansible copy module prevents us from copying the files from # /var/lib/asec/plugins as it has permissions 0 for "other" # Workaround: make a local copy using ansible command module plugin_tmp_path = "/tmp/" + plugin + ".cfg" sql_tmp_path = plugin_tmp_path + ".sql" success, local_ip = get_system_ip_from_local() if not success: error_msg = "[ansible_install_plugin] " + \ "Failed to make get local IP: %s" % local_ip return False, error_msg (success, msg) = local_copy_file(local_ip, plugin_path, plugin_tmp_path) if not success: error_msg = "[ansible_install_plugin] " + \ "Failed to make temp copy of plugin file: %s" % msg return False, error_msg (success, msg) = local_copy_file(local_ip, sql_path, sql_tmp_path) if not success: error_msg = "[ansible_install_plugin] " + \ "Failed to make temp copy of sql file: %s" % msg return False, error_msg all_ok = True for (sensor_id, sensor_ip) in sensors: (success, msg) = ansible_install_plugin(sensor_ip, plugin_tmp_path, sql_tmp_path) if success and enable: # Get list of active plugins and add the new one. # Then send the list back to the sensor? (success, data) = get_sensor_detectors(sensor_ip) if success: data['sensor_detectors'].append(plugin) sensor_det = ','.join(data['sensor_detectors']) (success, msg) = set_sensor_detectors(sensor_ip, sensor_det) if not success: error_msg = "[sync_asec_plugins] " + \ "Error enabling plugin %s " % plugin + \ "for sensor %s: %s" % (sensor_ip, msg) api_log.error(error_msg) all_ok = False else: # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) else: error_msg = "[sync_asec_plugins] " + \ "Error installing plugin %s " % plugin + \ "in sensor %s: %s" % (sensor_ip, msg) api_log.error(error_msg) all_ok = False # Delete temporal copies of the files remove_file([local_ip], plugin_tmp_path) remove_file([local_ip], sql_tmp_path) if not all_ok: error_msg = "Plugin %s installation failed " % plugin + \ "for some sensors" return False, error_msg info_msg = "Plugin %s installed. Enabled = %s" % (plugin, str(enable)) return True, info_msg except Exception as e: api_log.error("[sync_asec_plugins] Exception catched: %s" % str(e)) return False, "[sync_asec_plugins] Unknown error"