def add_server_to_system(): password = request.args.get('password', None) server_ip = request.args.get('server_ip', None) success, msg = add_server(server_ip, password) if not success: return make_error(msg, 500) make_ok(data=msg)
def alienvault_reconfig(system_ip, operation, jobid): current_job_id = None is_finished = False job_status = None job_data = None jobs_active = None job = None msg = "" if operation == "start": print "Starting a new job..." job = alienvault_reconfigure.delay(system_ip) msg = "Job launched!" elif operation == "status": print "Status..." job = AsyncResult(jobid, backend=alienvault_reconfigure.backend) elif operation == "list": i = inspect() jobs_active = i.active() else: print "operation (%s) not allowed!!" % operation if job: current_job_id = job.id job_data = job.info job_status = job.status return make_ok(job_id=current_job_id, finished=is_finished, status=job_status, task_data=job_data, active_jobs=jobs_active, message=msg)
def set_config_alienvault(system_id): param_names = [ 'framework_framework_ip', 'sensor_detectors', 'sensor_interfaces', 'sensor_mservers', 'sensor_networks', 'server_server_ip' ] (success, system_ip) = ret = get_system_ip_from_system_id(system_id) if not success: return make_error(system_ip, 500) set_values = {} for key, value in request.args.iteritems(): if key not in param_names: return make_error("Bad param %s" % key, 400) else: set_values[key] = value (success, config_values) = set_av_config(system_ip, set_values) if not success: current_app.logger.error("system: set_config_alienvault error: " + str(config_values)) return make_error( "Cannot set AlienVault configuration info %s" % str(config_values), 500) flush_cache(namespace="system") job = alienvault_asynchronous_reconfigure.delay(system_id) return make_ok(job_id=job.id)
def delete_status_message(): (success, data) = delete_orphan_status_message() if not success: make_error(data, 500) return make_ok(data=data)
def delete_host(host_id): (success, data) = delete_host_references(host_id) if not success: make_error(data, 500) return make_ok()
def get_host_info_list(): (success, data) = get_host_details_list() if not success: make_error(data, 500) return make_ok(**data)
def put_system_update_feed(system_id): """Blueprint to launch local/remote feed update Args: system_id (UUID): system to update Returns: data: JSON with status and job ID or error message success example: { "data": { "job_id": "fe7df875-1939-4c55-a499-af99880f3351" }, "status": "success" } error example: { "message": "Cannot update system 564D9762-9196-99CD-46E6-3D941F32AA6. Please verify that the system is reachable.", "status": "error", "status_code": 500, "status_long_message": "Server got itself in trouble", "status_short_message": "Internal Server Error" } """ (success, job_id) = asynchronous_update(system_id, only_feed=True) if not success: error_msg = "Cannot update system %s" % system_id api_log.error(error_msg + ": %s" % job_id) error_msg += ". Please verify that the system is reachable." return make_error(error_msg, 500) return make_ok(job_id=job_id)
def send_mail(system_id): # TODO: If the user wants to attach some files, this files should be # on our system. So, we need a way to allow the user to upload files to our system # Be aware of the file permissions. host = request.args.get('host', None) port = request.args.get('port', None) sender = request.args.get('sender', None) recipients = request.args.get("recipients", None) #b64 data subject = request.args.get("subject", None) #b64 data body = request.args.get("body", None) user = request.args.get("user", None) passwd = request.args.get("passwd", None) use_ssl = request.args.get("use_ssl", None) # NOTE: Think about this..... attachments = request.args.get("attachments", "") # Comma separated file list (success, data) = run_send_email(system_id, host, port, sender, recipients, subject, body, user, passwd, use_ssl, attachments) if not success: return make_error(data, 404) return make_ok(result=data)
def remove(): try: plugin_file = request.args.get('plugin_file') apimethod_remove_plugin(plugin_file=plugin_file) except APIException as e: return make_error_from_exception(e) return make_ok()
def get_config_alienvault(system_id): (success, config_values) = get_system_config_alienvault(system_id) if not success: return make_error(config_values, 500) return make_ok(**config_values)
def put_sensor_detector(sensor_id): """ Set the [sensor]/detectors list on ossim_setup.conf of the sensor """ # Get the 'plugins' param list, with contains the detector plugins # It must be a comma separate list plugins = request.args.get('plugins') if plugins is None: current_app.logger.error("detector: put_sensor_detector error: Missing parameter 'plugins'") return make_bad_request("Missing parameter plugins") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") (success, data) = set_sensor_detectors(sensor_ip, plugins) if not success: current_app.logger.error("detector: put_sensor_detector error %s" % data) return make_error("Error setting sensor detector plugins", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def get_data_status_message_by_id(message_id): (success, data) = get_status_message_by_id(message_id, is_admin_user()) if not success: return make_error(data, 500) return make_ok(**data)
def get_system(system_id): (success, ip) = system.get(system_id) if not success: current_app.logger.error("system: get_system error: " + str(ip)) return make_error("Cannot retrieve system %s info" % system_id, 500) return make_ok(info=ip)
def ossec_add_new_agent(sensor_id): """ Call API method to run ossec_create_new_agent script """ agent_name = request.args.get('agent_name', None) agent_ip = request.args.get('agent_ip', None) asset_id = request.args.get('asset_id', None) # Check valid input valid_str = re.compile('^[-.\w]+$') if not valid_str.match(agent_name) or not (is_valid_ipv4(agent_ip) or is_valid_ipv4_cidr(agent_ip)): return make_bad_request("Invalid agent name or address") # Now call the api method to create the new agent - If everything is right it returns the agent id of the new agent (success, data) = api_ossec_add_new_agent(sensor_id, agent_name, agent_ip, asset_id) if not success: current_app.logger.error("ossec_agent: error creating new agent: " + str(data)) return make_error(data, 500) # Now we get the agent detail try: agent_id = data (success, data) = apimethod_ossec_get_agent_from_db(sensor_id, agent_id) except APIException as e: return make_error_from_exception(e) if success: return make_ok(agent_detail=data) else: return make_error(data, 500)
def get_local_info(): success, system_data = system.get_local_info() if not success: current_app.logger.error("system: get_local_info error: " + str(system_data)) return make_error("Cannot retrieve local system info", 500) return make_ok(**system_data)
def get_systems(): (success, system_data) = system.get_all() if not success: current_app.logger.error("system: get_systems error: " + str(system_data)) return make_error("Cannot retrieve systems info", 500) return make_ok(systems=system_data)
def get_jobs(system_id): """ Blueprint to get the jobs running on a system GET /av/api/1.0/system/<system_id>/jobs Args: system_id (str): String with system id (uuid) or local. Returns: data: JSON with job ID, job name and its start time, or error message { "status": "success", "data": { "jobs": [ { "job_id": "9c83c664-5d8a-4daf-ac2c-532c0209a734", "name": "configuration_backup", "time_start": 1381734702 }, ... } """ success, jobs = get_jobs_running(system_id) if not success: error_msg = "Can't retrieve jobs running for system %s. Please verify that the system is reachable." % system_id return make_error(error_msg, 500) return make_ok(jobs=jobs)
def set_config_general(system_id): param_names = ['general_admin_dns', 'general_admin_gateway', 'general_admin_ip', 'general_admin_netmask', 'general_hostname', 'general_mailserver_relay', 'general_mailserver_relay_passwd', 'general_mailserver_relay_port', 'general_mailserver_relay_user', 'general_ntp_server', 'firewall_active'] set_values = {} for key, value in request.args.iteritems(): if key not in param_names: return make_error("Bad param %s" % key, 400) else: set_values[key] = value (success, job_id) = set_system_config(system_id, set_values) if not success: return make_error("Error setting new configuration: %s" % job_id, 500) return make_ok(job_id=job_id)
def get_ossec_check_integrity_agent(sensor_id, agent_id): (result, data) = ossec_get_available_agents(sensor_id, 'integrity_check', agent_id) if result: return make_ok(msg=data) else: return make_error(data, 500)
def get_service_status(sensor_id): (success, data) = get_service_status_by_id(sensor_id) if not success: current_app.logger.error("sensor: Can't get services status " + str(sensor_id) + " msg: " + str(data)) return make_bad_request(sensor_id) else: return make_ok(**data)
def get_list_nmap_scans(): try: user_scans = apimethod_get_nmap_scan_list(user=current_user.login) except Exception as exp: app.logger.error("Cannot retrieve the scan list {0}".format(str(exp))) return make_error("Cannot retrieve the scan list", 500) return make_ok(result=user_scans)
def sync_asec_plugins(): """Send ASEC plugins to all sensors The blueprint handle the following url: PUT /av/api/1.0/system/asec?plugins=<plugins> Args: plugins (str): Comma separated plugin list """ plugins = request.args.get("plugins") plugin_list = plugins.split(',') all_ok = True failed_plugins = [] for plugin in plugin_list: (success, msg) = api_sync_asec(plugin=plugin, enable=True) if not success: all_ok = False failed_plugins.append(plugin) api_log.error("Sync failed for plugin %s: %s" % (plugin, msg)) else: api_log.debug("Sync OK for plugin %s" % plugin) if not all_ok: error_msg = "ASEC plugins sync failed for plugins: %s" % ','.join(failed_plugins) return make_error(error_msg, 500) return make_ok(msg="ASEC plugins sync OK")
def get_alienvault_status(system_id): """Get the status of each profile from a given AlienVault system The blueprint handle the following url: GET /av/api/1.0/system/<system_id>/status/alienvault?no_cache=<boolean> Args: system_id (str): String with system id (uuid) or local no_cache (boolean): Flag to indicate whether load cached data or fresh one. """ no_cache = True if request.args.get('no_cache', 'false') == 'true' else False success, result = alienvault_status(system_id, no_cache=no_cache) if not success: api_log.error( "Cannot retrieve AlienVault status for system_id %s. Error: %s" % (system_id, str(result))) api_log.error( "Failed API call: remote addr = %s, host addr = %s, blueprint = %s, URL = %s" % (request.remote_addr, request.host, request.blueprint, request.base_url)) return make_error( "Cannot retrieve AlienVault status for system %s" % system_id, 500) return make_ok(**result)
def get_ossec_active_agents(sensor_id): (result, data) = ossec_get_available_agents(sensor_id, 'list_online_agents') if result: return make_ok(agents=data) else: return make_error(data, 500)
def get_ossec_restart_agent(sensor_id, agent_id): (result, data) = ossec_get_available_agents(sensor_id, 'restart_agent', agent_id) if result: return make_ok(msg=data) else: return make_error(data, 500)
def get_ossec_check(sensor_id): """Creates a new preconfigured agent and return the local path :param sensor_id: Sensor id :param agent_id: Agent id. Must be a string that match [0-9]{1,4} :param agent_type: Type of agent to be generated. """ agent_ip = request.args.get("agent_ip", None) agent_name = request.args.get("agent_name", None) check_type = request.args.get("check_type", None) if check_type not in ["lastscan", "lastip"]: return make_bad_request( "Invalid check_type value. Allowed values are(lastscan, lastip)") if check_type == 'lastip': if agent_name is None: return make_bad_request( "Agent name not specified. Allowed characters are [^a-zA-Z0-9_\\-()]+" ) if re.match(r"[a-zA-Z0-9_\-\(\)]+", agent_name) is None: return make_bad_request( "Invalid agent name. Allowed characters are [^a-zA-Z0-9_\\-()]+" ) elif not is_valid_ipv4(agent_ip): return make_bad_request( "Invalid agent_ip value. It should be a valid IP v4 dotted address" ) (result, data) = ossec_get_check(sensor_id=sensor_id, agent_ip=agent_ip, agent_name=agent_name, check_type=check_type) if result: return make_ok(check=data) return make_error(data, 500)
def put_sensor_interface(sensor_id): """ Set the [sensor]/interfaces list on ossim_setup.conf of the sensor """ # Get the 'ifaces' param list, with contains the ifaces # It must be a comma separate list ifaces = request.args.get('ifaces') if ifaces is None: current_app.logger.error("interfaces: put_sensor_interface error: Missing parameter 'ifaces'") return make_bad_request("Missing parameter ifaces") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error("interfaces: put_sensor_interface error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") # Call the ansible module to obtain the [sensor]/iface (success, data) = set_sensor_interfaces(sensor_ip, ifaces) if not success: current_app.logger.error("interfaces: put_sensor_interfaces_from_conf error: %s" % data) return make_error("Error setting sensor interfaces", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def update_system(system_id): """Blueprint to update system asynchronously Args: system_id (UUID): system to update Returns: data: JSON with status and OK/ERROR message success example: { "data": { "job_id": "fe7df875-1939-4c55-a499-af99880f3351" }, "status": "success" } error example: { "message": "Cannot update system 564D9762-9196-99CD-46E6-3D941F32AA6. Please verify that the system is reachable.", "status": "error", "status_code": 500, "status_long_message": "Server got itself in trouble", "status_short_message": "Internal Server Error" } """ job = alienvault_asynchronous_update.delay(system_id, only_feed=False) if not job: api_log.error( "Cannot update system %s. Please verify that the system is reachable." % system_id, 500) return make_error( "Cannot update system %s. Please verify that the system is reachable." % system_id, 500) return make_ok(job_id=job.id)
def explain_nmap(): nmap_explain = { "params": { "target": "192.168.7.0/16", "scan_type": "fast", "rdns": "false", "scan_timing": "T3", "autodetect": "true", "scan_ports": "" }, "scan_list": [{ "sensor_id": 1234, "sensor_up": "true", "scan_list": [{ "targets": ["192.168.7.1", "192.168.7.2"] }, { "targets": ["192.168.7.3", "192.168.7.4"] }], }, { "sensor_id": 1235, "sensor_up": "false", "scan_list": [{ "targets": ["192.168.7.5", "192.168.7.6"] }], }], "total_assets": 4, } return make_ok(nmap_explain=nmap_explain)
def put_sensor_detector(sensor_id): """ Set the [sensor]/detectors list on ossim_setup.conf of the sensor """ # Get the 'plugins' param list, with contains the detector plugins # It must be a comma separate list plugins = request.args.get('plugins') if plugins is None: current_app.logger.error( "detector: put_sensor_detector error: Missing parameter 'plugins'") return make_bad_request("Missing parameter plugins") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error( "detector: put_sensor_detector error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") (success, data) = set_sensor_detectors(sensor_ip, plugins) if not success: current_app.logger.error("detector: put_sensor_detector error %s" % data) return make_error("Error setting sensor detector plugins", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def alienvault_reconfig(system_ip,operation,jobid): current_job_id = None is_finished = False job_status = None job_data = None jobs_active = None job = None msg = "" if operation == "start": print "Starting a new job..." job = alienvault_reconfigure.delay(system_ip) msg ="Job launched!" elif operation == "status": print "Status..." job = AsyncResult(jobid,backend=alienvault_reconfigure.backend) elif operation == "list": i = inspect() jobs_active = i.active() else: print "operation (%s) not allowed!!" % operation if job: current_job_id = job.id job_data = job.info job_status = job.status return make_ok(job_id=current_job_id, finished=is_finished, status=job_status, task_data=job_data, active_jobs=jobs_active, message=msg)
def get_sensor_detector_by_device(sensor_id): """ Return the [sensor]/plugin list for a given sensor :param sensor_id: The sensor which we want to get the data :param device_id: Filter by device (canonical uuid) """ (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error( "detector: get_sensor_detector: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") device_id = request.args.get('device_id', None) # Now call the ansible module to obtain the [sensor]/iface (success, data) = get_sensor_detectors_from_yaml(sensor_ip) if not success: current_app.logger.error( "detector: get_sensor_detector_by_device: %s" % str(data)) return make_error("Error getting sensor plugins", 500) try: yaml_data = get_plugin_get_request_from_yml( data['contacted'][sensor_ip]['plugins'], device_id) except: return make_error( "Something wrong while parsing the yml file. %s" % data, 500) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(plugins=yaml_data)
def get_jobs(system_id): """ Blueprint to get the jobs running on a system GET /av/api/1.0/system/<system_id>/jobs Args: system_id (str): String with system id (uuid) or local. Returns: data: JSON with job ID, job name and its start time, or error message { "status": "success", "data": { "jobs": [ { "job_id": "9c83c664-5d8a-4daf-ac2c-532c0209a734", "name": "configuration_backup", "time_start": 1381734702 }, ... } """ success, jobs = get_jobs_running(system_id) if not success: error_msg = "Cannot retrieve jobs running for system %s. " % system_id error_msg = error_msg + "Please verify that the system is reachable." return make_error(error_msg, 500) return make_ok(jobs=jobs)
def put_system_update_feed(system_id): """Blueprint to launch local/remote feed update Args: system_id (UUID): system to update Returns: data: JSON with status and job ID or error message success example: { "data": { "job_id": "fe7df875-1939-4c55-a499-af99880f3351" }, "status": "success" } error example: { "message": "Cannot update system 564D9762-9196-99CD-46E6-3D941F32AA6. Please verify that the system is reachable.", "status": "error", "status_code": 500, "status_long_message": "Server got itself in trouble", "status_short_message": "Internal Server Error" } """ (success, job_id) = asynchronous_update(system_id, only_feed=True) if not success: error_msg = "Cannot update system %s" % system_id api_log.error(error_msg + ": %s" % job_id) error_msg = error_msg + ". Please verify that the system is reachable." return make_error(error_msg, 500) return make_ok(job_id=job_id)
def sync_asec_plugins(): """Send ASEC plugins to all sensors The blueprint handle the following url: PUT /av/api/1.0/system/asec?plugins=<plugins> Args: plugins (str): Comma separated plugin list """ plugins = request.args.get("plugins") plugin_list = plugins.split(',') all_ok = True failed_plugins = [] for plugin in plugin_list: (success, msg) = api_sync_asec(plugin=plugin, enable=True) if not success: all_ok = False failed_plugins.append(plugin) api_log.error("Sync failed for plugin %s: %s" % (plugin, msg)) else: api_log.debug("Sync OK for plugin %s" % plugin) if not all_ok: error_msg = "ASEC plugins sync failed for plugins: " error_msg = error_msg + "%s" % ','.join(failed_plugins) return make_error(error_msg, 500) return make_ok(msg="ASEC plugins sync OK")
def get_system_network_traffic_stats(system_id): (success, data) = get_traffic_stats(system_id) if not success: current_app.logger.error("network: get_system_network_traffic_stats error: " + str(data)) return make_error("Error getting iface list", 500) return make_ok(stats=data)
def get_system_network_resolve(system_id): (success, data) = dns_resolution(system_id) if not success: current_app.logger.error("network: get_system_network_resolve error: " + str(data)) return make_error(data, 500) return make_ok(dns_resolution=data)
def get_data_from_status(server_id, dataname): rc, server_ip = get_server_ip_from_server_id(server_id) if not rc: return make_error( "Error while retrieving the server ip:%s" % server_ip, 500) rc, data = get_server_status(server_ip) if not rc: return make_error(data, 500) try: json_data = json.loads(data) if not json_data.has_key("result"): return make_error( "Invalid Json Data from the server. Result Not found", 500) if not json_data["result"].has_key(dataname): return make_error( "Invalid Json Data from the server. %s Not found" % dataname, 500) return make_ok(serverid=server_id, registered_sensors=json_data['result'][dataname]) except Exception as e: return make_error( "An error occurred while parsing the status message from the server", 500) return make_error("Unexpected behaviour", 500)
def explain_nmap(): nmap_explain = { "params": { "target": "192.168.7.0/16", "scan_type": "fast", "rdns": "false", "scan_timing": "T3", "autodetect": "true", "scan_ports": "" }, "scan_list": [ { "sensor_id": 1234, "sensor_up": "true", "scan_list": [ {"targets": ["192.168.7.1", "192.168.7.2"]}, {"targets": ["192.168.7.3", "192.168.7.4"]} ], }, { "sensor_id": 1235, "sensor_up": "false", "scan_list": [ {"targets": ["192.168.7.5", "192.168.7.6"]} ], } ], "total_assets": 4, } return make_ok(nmap_explain=nmap_explain)
def get_task_status(system_id): """ Blueprint to get the status of system tasks Args: system_id (UUID): system to update Returns: data: JSON with status and job ID or error message success example: { "data": { tasks:{ "alienvault-update" : {"job_id": "XXXXXXXXX", "job_status": "<job_status>"}, "alienvault-reconfig" : {"job_id": "XXXXXXXXX", "job_status": "<job_status>"} } }, "status": "success" } error example: { "message": "Cannot retrieve tasks for system 564D9762-9196-99CD-46E6-3D941F32AA6. Please verify that the system is reachable.", "status": "error", "status_code": 500, "status_long_message": "Server got itself in trouble", "status_short_message": "Internal Server Error" } """ t_list = { "alienvault-update": { 'task': 'alienvault_asynchronous_update', 'process': 'alienvault-update', 'param_value': system_id, 'param_argnum': 0 }, "alienvault-reconfig": { 'task': 'alienvault_asynchronous_reconfigure', 'process': 'alienvault-reconfig', 'param_value': system_id, 'param_argnum': 0 } } """" This is the list of task to check. the format is the following: { <Name of the task>: {'task': <name of the celery task>, 'process': <name of the process>, 'param_value': <task condition>, 'param_argnum': <position of the condition>} } In this particular case, we check the alienvault-update and alienvault-reconfig. The condition is that the task has to belong to the given system_id """ success, tasks = system.apimethod_check_task_status(system_id, t_list) if not success: return make_error( "Cannot retrieve task status for system %s. Please verify that the system is reachable." % system_id, 500) return make_ok(tasks=tasks)
def register_otx_token(otx_token): success, otx_data = apimethod_register_otx_token(otx_token) if not success: current_app.logger.error("OTX: It wasn't possible to register the OTX token: %s" % str(otx_data)) return make_error(otx_data, 500) return make_ok(**otx_data)
def start_contributing_otx(): success, otx_data = apimethod_start_contributing_otx() if not success: current_app.logger.error("OTX: It wasn't possible to start contributing to OTX: %s" % str(otx_data)) return make_error(otx_data, 500) return make_ok()
def get_host_info(host_id): (success, host_data) = get_host_details(host_id) if not success: return make_error(host_data, 500) data = {host_id: host_data} return make_ok(**data)
def get_status(server_id): rc, server_ip = get_server_ip_from_server_id(server_id) if not rc: return make_error("Error while retrieving the server ip:%s" % server_ip, 500) rc, data = get_server_status(server_ip) if not rc: return make_error(data,500) return make_ok(result=rc, data=data)
def remove_otx_account(): success, otx_data = apimethod_remove_otx_account() if not success: current_app.logger.error("OTX: It wasn't possible to remove the OTX account: %s" % str(otx_data)) return make_error(otx_data, 500) return make_ok()
def set_auto_updates(): enabled = is_json_true(request.args.get('enabled')) try: set_feed_auto_update(enabled=enabled) except APIException as e: return make_error_from_exception(e) return make_ok()
def get_otx_config(): success, otx_data = apimethod_get_open_threat_exchange_config() if not success: current_app.logger.error("OTX: It wasn't possible to retrieve the OTX configuration data: %s" % str(otx_data)) return make_error(otx_data, 500) return make_ok(**otx_data)