コード例 #1
0
ファイル: api.py プロジェクト: alienfault/ossim
def save_current_status_message(component_id, component_type, message_code, data=""):
    """Saves or merges the status_message
    Args:
        component_id(uuid canonical string)
        message_code(uuid cannonical string):Message id
        data (str): Message data
        component_type(str): Component tyep
    """
    result = True
    try:
        message = get_current_status_message(component_id, message_code)
        db.session.begin()
        if message is not None:

            message_data = message
            #message_data.creation_time = datetime.now()
            message_data.additional_info = data
            db.session.merge(message_data)
        else:
            message_data = Current_Status()
            message_data.id = uuid.uuid4().bytes
            message_data.component_id = get_bytes_from_uuid(component_id)
            message_data.component_type = component_type
            message_data.creation_time = datetime.utcnow()
            message_data.message_id = get_bytes_from_uuid(message_code)
            message_data.additional_info = data
            message_data.supressed = 0
            message_data.viewed = 0
            db.session.add(message_data)
        db.session.commit()
    except Exception as error:
        db.session.rollback()
        result = False

    return result
コード例 #2
0
ファイル: hids.py プロジェクト: alienfault/ossim
def update_asset_id(sensor_id, agent_id, asset_id):
    """ Update Asset ID related to agent

    Raises:
        APICannotResolveSensorID
        APIInvalidHIDSAgentID
        APICannotUpdateHIDSAgent
        APICannotResolveAssetID
    """

    if sensor_id is None:
        api_log.error("[update_asset_id]: Sensor ID could not be empty")
        raise APICannotResolveSensorID(sensor_id)

    if agent_id is None:
        api_log.error("[update_asset_id]: Agent ID could not be empty")
        raise APIInvalidHIDSAgentID(agent_id)

    if asset_id is None:
        api_log.error("[update_asset_id]: Asset ID could not be empty")
        raise APICannotResolveAssetID(asset_id)

    try:
        sensor_id_bin = get_bytes_from_uuid(sensor_id)
        asset_id_bin = get_bytes_from_uuid(asset_id)

        db.session.query(Hids_Agents).filter(
            and_(Hids_Agents.agent_id == agent_id,
                 Hids_Agents.sensor_id == sensor_id_bin)).update({"host_id": asset_id_bin})
    except Exception as msg:
        api_log.error("[update_asset_id]: %s" % str(msg))
        raise APICannotUpdateHIDSAgent(agent_id, sensor_id)
コード例 #3
0
ファイル: data.py プロジェクト: jpalanco/alienvault-ossim
def given_create_or_update_current_status_entry(context, var_cid, var_mid, var_type, viewed):
    #Using merging http://docs.sqlalchemy.org/en/latest/orm/session.html#merging to create or update    
    # Check if we must create or delete
    print (context.alienvault[var_cid])
    print (context.alienvault[var_mid])
    try:
        entry = db.session.query(Current_Status).filter(and_(  Current_Status.component_id == get_bytes_from_uuid(context.alienvault[var_cid]),
             Current_Status.message_id ==  context.alienvault[var_mid])).one()
        entry.component_type =  context.alienvault[var_type]
        entry.viewed = viewed
    except  NoResultFound:
        # Create a new entry 
        entry = Current_Status()
        entry.id = uuid.uuid4().bytes
        entry.message_id = get_bytes_from_uuid(context.alienvault[var_mid])
        entry.component_id = get_bytes_from_uuid(context.alienvault[var_cid])
        entry.component_type = context.alienvault[var_type]
        entry.viewed = viewed
    try:
        db.session.begin()
        new_obj = db.session.merge(entry)
        db.session.commit()
    except Exception,e:
        print ("Error: %s" %str(e))
        db.session.rollback()
コード例 #4
0
ファイル: api.py プロジェクト: qiwihui/alienvault-ossim
def get_current_status_message(component_id, message_id):
    """
    Returns the message object from a message code and a component id
    Args:
        component_id(UUID canonical string)
        message id(UUID cannonical string)
    """
    try:
        component_id_binary = get_bytes_from_uuid(component_id)
        message = (
            db.session.query(Current_Status)
            .filter(
                and_(
                    Current_Status.message_id == get_bytes_from_uuid(message_id),
                    Current_Status.component_id == get_bytes_from_uuid(component_id),
                )
            )
            .one()
        )
    except NoResultFound:
        message = None
    except MultipleResultsFound:
        message = message[0]
    except Exception as e:
        message = None
    return message
コード例 #5
0
ファイル: sensor.py プロジェクト: alienfault/ossim
def get_base_path(sensor_id):
    """
        Return the base PATH taking into account the ha configuration
    """
    try:
        data = db.session.query(System).filter(or_(System.sensor_id == get_bytes_from_uuid(sensor_id),
                                                   System.server_id == get_bytes_from_uuid(sensor_id))).order_by(
            asc(System.ha_name)).limit(1).one()
        result = True, os.path.join("/var/alienvault/", data.serialize['uuid'])
    except NoResultFound:
        db.session.rollback()
        result = False, "No sensor identified by " + sensor_id
    return result
コード例 #6
0
ファイル: data.py プロジェクト: jpalanco/alienvault-ossim
def given_store_current_status_entry_id(context, comp_id_key, msg_id_key, type_key, stat_id_key):
    entry = None
    try:
        entry = db.session.query(Current_Status).filter(
            and_(
                Current_Status.component_id == get_bytes_from_uuid(context.alienvault[comp_id_key]),
                Current_Status.message_id == get_bytes_from_uuid(context.alienvault[msg_id_key]),
                Current_Status.component_type == context.alienvault[type_key]
            )
        ).one()
    except NoResultFound:
        assert None, "Current_Status entry was not found"

    context.alienvault[stat_id_key] = entry.serialize['id'] if entry is not None else ""
コード例 #7
0
ファイル: data.py プロジェクト: jpalanco/alienvault-ossim
def db_insert_current_status_message(message_id, component_id, component_type, additional_info, replace, created=None):
    """Inserts a new notification on the system. The related message id should exists.
    Args:
        message_id (str:uuid string): Message id related with the notification
        component_id(str:uuid string): Component id related with the notification (Could be none for external messages)
        component_type(str): Component type. Allowed values: ('net','host','user','sensor','server','system','external')
        additional_info (str:json): Additional information you want to store.
    Returns:
        success(bool): True if the operation went well, False otherwise
        msg(str): A message string that will contain some kind of information in case of error"""

    if created is None:
        created = datetime.utcnow()

    if component_type not in ['net', 'host', 'user', 'sensor', 'server', 'system', 'external']:
        return False, "Invalid component_type"
    if component_type != "external" and component_id is None:
        return False, "Component id cannot be none for the given component_type"

    msg_id_binary = get_bytes_from_uuid(message_id)
    success, status_message = get_status_message_from_id(message_id=msg_id_binary, is_admin=True, serialize=False)
    if not success:
        return False, "The given message_id doesn't exist"
    if status_message is None:
        return False, "The given message_id doesn't exist. Message is None"
    component_id_binary = get_bytes_from_uuid(component_id)
    if (component_id_binary is None or component_id_binary == "") and component_type != "external":
        return False, "Invalid component_id"
    if replace is True:
        success, msg = delete_current_status_messages([msg_id_binary])
        if not success:
            return success, "Unable to remove previous messages for the given message ID."
    try:
        db.session.begin()
        current_status_message = Current_Status()
        current_status_message.id = uuid4().bytes
        current_status_message.component_type = component_type
        current_status_message.creation_time = created
        current_status_message.message_id = msg_id_binary
        current_status_message.additional_info = additional_info
        current_status_message.suppressed = 0
        current_status_message.viewed = 0
        current_status_message.component_id = component_id_binary
        db.session.add(current_status_message)
        db.session.commit()
    except Exception, e:
        db.session.rollback()
        return False, "%s" % str(e)
コード例 #8
0
ファイル: host.py プロジェクト: alienfault/ossim
def update_host_plugins(data):
    """
        Save data{device_id: [plugin_id, ...]} in alienvault.host_scan table
    """
    result = True
    msg = ''
    try:
        if data:
            db.session.begin()
            for device_id, plugin_ids in data.iteritems():
                host_id = get_bytes_from_uuid(device_id)
                db.session.query(Host_Scan).filter(Host_Scan.host_id == host_id).delete()
                if plugin_ids:
                    for pid in plugin_ids:
                        host_scan = Host_Scan(host_id=host_id,
                                              plugin_id=int(pid),
                                              plugin_sid=0)
                        db.session.merge(host_scan)
            db.session.commit()
    except Exception as e:
        result = False
        db.session.rollback()
        msg = "Unable to save data into database {0}".format(str(e))

    return result, msg
コード例 #9
0
ファイル: sensor.py プロジェクト: alienfault/ossim
def get_sensor_ctx_by_sensor_id(sensor_id, output='str'):
    """
        Returns a sensor CTX given a sensor ID
    """
    sensor_ctx = None

    try:
        if sensor_id:
            sensor_id_bin = get_bytes_from_uuid(sensor_id)

            query = db.session.query(Acl_Sensors.entity_id).filter(Acl_Sensors.sensor_id == sensor_id_bin)
            sensor = query.join(Acl_Entities, Acl_Entities.id == Acl_Sensors.entity_id).filter(
                Acl_Entities.entity_type == 'context').one()
            sensor_ctx = sensor.entity_id
        else:
            return False, "Sensor ID could not be empty"
    except NoResultFound:
        return True, sensor_ctx
    except Exception as msg:
        msg = str(msg)
        api_log.error(msg)
        return False, msg

    if output == 'str':
        return True, get_uuid_string_from_bytes(sensor_ctx)
    else:
        return True, sensor_ctx
コード例 #10
0
    def get_control_node(self):
        server_id = self.__config_repository.get_config(CONFIG_SERVER_ID).value
        software_version = self.__config_repository.get_config(CONFIG_VERSION).value
        system = self.__system_repository.get_system()
        server = self.__server_repository.get_server(get_bytes_from_uuid(server_id))
        contact_person = self.__contact_person_repository.get_contact_person()
        platform = self.__platform_repo.get_platform(system.admin_ip)

        # Public IP is configured on AMI systems only and should be used as a control node's IP for such systems.
        # For other systems, high availability configuration IP (if configured) has more priority than admin IP.
        control_node_ip = platform and platform.public_ip or system.ha_ip or system.admin_ip

        return self.__model_constructor(
            system.id,
            system.name,
            server.descr,
            platform and platform.name,
            platform and platform.appliance_type,
            software_version,
            platform and platform.threat_intelligence_version,
            contact_person and contact_person.email,
            contact_person and contact_person.name,
            control_node_ip,
            system.vpn_ip
        )
コード例 #11
0
ファイル: api.py プロジェクト: jpalanco/alienvault-ossim
def given_get_system_ifaces (context,var_uuid,var_ifaces):
    uuid = get_bytes_from_uuid(context.alienvault[var_uuid])
    tempdir= ""
    try:
        dbsensor = db.session.query(System).filter(System.id  == uuid).one()
        ip_system = dbsensor.serialize.get("admin_ip")
        # Create a tempdir
        tempdir =  tempfile.mkdtemp (suffix =".behave")
        # Get the private pass used in ssh to communicate with other sensors
        config = ConfigParser()
        assert config.read ("/etc/ansible/ansible.cfg")[0] == "/etc/ansible/ansible.cfg", "Can\'t load ansible.cfg file"
        sshkey = config.get("defaults","private_key_file")
        ssh = Popen(
            ["ssh", "-i", sshkey, "-l", "avapi", ip_system, "/sbin/ifconfig -s -a"],
            shell=False,
            stdout=PIPE,
            stderr=PIPE
        )
        (stdoutdata, stderrdata) = ssh.communicate()
        lines = filter(None, stdoutdata.splitlines())
        # The format is
        # Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR Flg
        # eth0       1500 0    339579      0      0 0         47558      0      0      0 BMPRU
        # lo        16436 0  1336360692      0      0 0      1336360692      0      0      0 LRU
        context.alienvault[var_ifaces] = ",".join([ x.split()[0].strip() for x in lines[1:] if x.split()[0].strip() != 'lo'])
    except NoResultFound:
        assert False,"Can't find sensor with uuid %s in database " % context.alienvault[var_uuid]
    except MultipleResultsFound, msg:
        assert False,"Multiples result for query. Internal database error uuid => %s" % var_uuid
コード例 #12
0
ファイル: sensor.py プロジェクト: alienfault/ossim
def get_sensor_properties(sensor_id):
    result = True
    try:
        properties = db.session.query(Sensor_Properties).filter(
            Sensor_Properties.sensor_id == get_bytes_from_uuid(sensor_id)).one()
        message = {'has_nagios': bool(properties.has_nagios),
                   'has_ntop': bool(properties.has_ntop),
                   'has_vuln_scanner': bool(properties.has_vuln_scanner),
                   'has_kismet': bool(properties.has_kismet),
                   'ids': bool(properties.ids),
                   'passive_inventory': bool(properties.passive_inventory),
                   'netflows': bool(properties.netflows)}

    except NoResultFound:
        db.session.rollback()
        result = False
        message = "No properties found for sensor %s" % str(sensor_id)
    except MultipleResultsFound:
        db.session.rollback()
        result = False
        message = "More than one set of properties found for sensor %s" % str(sensor_id)
    except Exception, msg:
        db.session.rollback()
        result = False
        message = "An error occurred while retrieving properties for sensor %s: %s" % (str(sensor_id), str(msg))
コード例 #13
0
ファイル: system.py プロジェクト: alienfault/ossim
def db_get_hostname(system_id):
    try:
        system_id_bin = get_bytes_from_uuid(system_id)
        system = db.session.query(System).filter(System.id == system_id_bin).one()
    except Exception, msg:
        db.session.rollback()
        return False, "Error while querying for system with id '%s': %s" % (system_id, str(msg))
コード例 #14
0
ファイル: data.py プロジェクト: qiwihui/alienvault-ossim
def given_gen_monitor_data(context,var_n,var_type):
    db.session.query(Monitor_Data).delete() # Delete all current_status entries
    ctypes = var_type.split(",")
    for x in range (0,int(var_n)):
        ctype = random.choice (ctypes)
        
        assert (ctype in ['net','host','user','sensor','server','system']) == True, "Unknown type '%s'" % ctype
        entry = Monitor_Data()
        # Select a entry 
        try:
            c_id = {
                'user': str(uuid.UUID(db.session.query(Users).order_by(func.rand()).limit(1).one().serialize['uuid'])),
                'net' : str(uuid.UUID(db.session.query(Net).order_by(func.rand()).limit(1).one().serialize['id'])),
                'host': str(uuid.UUID(db.session.query(Host).order_by(func.rand()).limit(1).one().serialize['id'])),
                'sensor': str(uuid.UUID(db.session.query(Host).order_by(func.rand()).limit(1).one().serialize['id'])),
                'system': str(uuid.UUID(db.session.query(System).order_by(func.rand()).limit(1).one().serialize['uuid'])),
                'server':  str(uuid.UUID(db.session.query(Server).order_by(func.rand()).limit(1).one().serialize['id'])),

    
          }.get(ctype)
        except NoResultFound:
           assert None,"Can't load a asset of type '%s'" % ctype
       # We have now the component_id
       # Select a msg_id
        entry.component_id =  get_bytes_from_uuid (c_id)
        entry.monitor_id = 1
        entry.component_type = "system"
        sleep(1)
        entry.data = "{\"msg\": \"Texto de prueba\"}"
        db.session.begin() 
        db.session.merge(entry)
        db.session.commit()
コード例 #15
0
ファイル: hids.py プロジェクト: alienfault/ossim
def update_hids_agent_status(agent_id, sensor_id, agent_status):
    """ Update status of HIDS agent

    Raises:
        APICannotResolveSensorID
        APIInvalidHIDSAgentID
        APICannotUpdateHIDSAgent
    """

    if sensor_id is None:
        api_log.error("[update_hids_agent_status]: Sensor ID could not be empty")
        raise APICannotResolveSensorID(sensor_id)

    if agent_id is None:
        api_log.error("[update_hids_agent_status]: Agent ID could not be empty")
        raise APIInvalidHIDSAgentID(agent_id)

    try:
        sensor_id_bin = get_bytes_from_uuid(sensor_id)
        status_integer = Hids_Agents.get_status_integer_from_string(agent_status)

        db.session.query(Hids_Agents).filter(
            and_(Hids_Agents.agent_id == agent_id,
                 Hids_Agents.sensor_id == sensor_id_bin)).update({"agent_status": status_integer})
    except Exception as msg:
        api_log.error("[update_hids_agent_status]: %s" % str(msg))
        raise APICannotUpdateHIDSAgent(agent_id, sensor_id)
コード例 #16
0
ファイル: system.py プロジェクト: alienfault/ossim
def get_system_info(system_id):
    """
    Return all information related to system
    :param System ID
    """
    system_info = {}
    try:
        system_id_bin = get_bytes_from_uuid(system_id)
        system = db.session.query(System).filter(System.id == system_id_bin).one()

        if system:
            system_info = {
                'id': get_uuid_string_from_bytes(system.id),
                'name': system.name,
                'admin_ip': get_ip_str_from_bytes(system.admin_ip) if system.admin_ip is not None else None,
                'vpn_ip': get_ip_str_from_bytes(system.vpn_ip) if system.vpn_ip is not None else None,
                'profile': system.profile,
                'sensor_id': get_uuid_string_from_bytes(system.sensor_id) if system.sensor_id is not None else None,
                'server_id': get_uuid_string_from_bytes(system.server_id) if system.server_id is not None else None,
                'database_id': get_uuid_string_from_bytes(
                    system.database_id) if system.database_id is not None else None,
                'host_id': get_uuid_string_from_bytes(system.host_id) if system.host_id is not None else None,
                'ha_ip': get_ip_str_from_bytes(system.ha_ip) if system.ha_ip is not None else None,
                'ha_name': system.ha_name,
                'ha_role': system.ha_role
            }
    except Exception as err:
        db.session.rollback()
        return False, "Error while querying system {0}.  Reason: {1}".format(system_id, err)

    return True, system_info
コード例 #17
0
ファイル: hids.py プロジェクト: alienfault/ossim
def delete_hids_agent(agent_id, sensor_id):
    """ Delete a HIDS agent
    Args:
        agent_id(str): HIDS agent ID
        sensor_id(str): Sensor ID

    Raises:
        APICannotResolveSensorID
        APIInvalidHIDSAgentID
        APICannotDeleteHIDSAgent
    """
    if sensor_id is None:
        api_log.error("[delete_hids_agent]: Sensor ID could not be empty")
        raise APICannotResolveSensorID(sensor_id)

    if agent_id is None:
        api_log.error("[delete_hids_agent]: Agent ID could not be empty")
        raise APIInvalidHIDSAgentID(agent_id)

    try:
        sensor_id_bin = get_bytes_from_uuid(sensor_id)
        db.session.query(Hids_Agents).filter(and_(Hids_Agents.agent_id == agent_id,
                                                  Hids_Agents.sensor_id == sensor_id_bin)).delete()
    except Exception as msg:
        api_log.error("[delete_hids_agent] %s" % str(msg))
        raise APICannotDeleteHIDSAgent(agent_id, sensor_id)
コード例 #18
0
ファイル: sensor.py プロジェクト: alienfault/ossim
def get_sensor_by_sensor_id(sensor_id):
    """Returns a Sensor object given a Sensor ID"""
    try:
        # Getting Sensor ID for local system
        if sensor_id.lower() == 'local':
            (success, system_id) = get_system_id_from_local()

            if not success:
                raise APICannotResolveLocalSystemID()

            (success, local_sensor_id) = get_sensor_id_from_system_id(system_id)

            if success and local_sensor_id:
                sensor_id = local_sensor_id

        if not is_valid_uuid(sensor_id):
            raise APICannotResolveSensorID(sensor_id)

        # Getting sensor information
        success = True
        sensor_id_bin = get_bytes_from_uuid(sensor_id.lower())
        data = db.session.query(Sensor).filter(Sensor.id == sensor_id_bin).one()
    except NoResultFound:
        success = False
        data = "No sensor found with the given ID"
    except MultipleResultsFound:
        success = False
        data = "More than one sensor found with the given ID"
    except Exception as ex:
        db.session.rollback()
        success = False
        data = "Something wrong happen while retrieving the sensor {0}".format(ex)

    return success, data
コード例 #19
0
ファイル: host.py プロジェクト: alienfault/ossim
def get_host_id_by_ip_ctx(ip, ctx, output='str'):
    """
        Returns an Asset ID given an IP address and context
    """
    host_id = None

    try:
        if ip and ctx:
            ip_bin = get_ip_bin_from_str(ip)
            ctx_bin = get_bytes_from_uuid(ctx)

            query = db.session.query(Host.id).filter(Host.ctx == ctx_bin)
            host = query.join(Host_Ip, Host_Ip.host_id == Host.id).filter(Host_Ip.ip == ip_bin).one()
            host_id = host.id
        else:
            return False, "IP address and/or context could not be empty"
    except NoResultFound:
        return True, host_id
    except Exception as msg:
        msg = str(msg)
        api_log.error(msg)
        return False, "Asset ID not found in the system"

    if output == 'str':
        return True, get_uuid_string_from_bytes(host_id)
    else:
        return True, host_id
コード例 #20
0
ファイル: sensor.py プロジェクト: alienfault/ossim
def set_sensor_properties_value(sensor_id, property_name, value):
    result = True
    try:
        message = ""
        db.session.begin()
        sensor_id_binary = get_bytes_from_uuid(sensor_id)
        property = db.session.query(Sensor_Properties).filter(Sensor_Properties.sensor_id == sensor_id_binary).one()
        if property is not None:
            if hasattr(property, property_name):
                setattr(property, property_name, value)
                db.session.merge(property)
            else:
                result = False
                message = "Invalid property name <%s>" % property_name
        db.session.commit()
    except NoResultFound:
        db.session.rollback()
        result = False
        message = "No property found "
    except MultipleResultsFound:
        db.session.rollback()
        result = False
        message = "More than one value for the property!! "
    except Exception as err:
        db.session.rollback()
        result = False
        message = "An error occurred while setting the sensor_property value %s" % str(err)

    return result, message
コード例 #21
0
ファイル: data.py プロジェクト: hellogitcn/ossim-1
def get_current_status_message_from_id(current_status_id):
    """Retrieves the Current_Status message id with the given id"""
    try:
        data = db.session.query(Current_Status).filter(
            Current_Status.message_id == get_bytes_from_uuid(
                current_status_id)).one()
    except NoResultFound:
        return (False, "No Current_Status found with id '%s'" %
                str(current_status_id))
    except MultipleResultsFound:
        return (False, "More than one Current_Status found with id '%s'" %
                str(current_status_id))
    except Exception, msg:
        db.session.rollback()
        return (False,
                "Unknown error while querying for status message '%s': %s" %
                (str(current_status_id), str(msg)))
コード例 #22
0
ファイル: data.py プロジェクト: hellogitcn/ossim-1
def load_messages_to_db(msg_list):
    """
    Load list of messages into DB Status_Message table

    Args:
        msg_list ([Message]): Message list
        purge (boolean): Indicates when the fucntion should purge old messages.

    Returns:
        success (bool): True if successful, False elsewhere
        result  (str): Error message (if any)
    """
    success = True
    result = ""
    try:
        if msg_list:
            db.session.begin()

            for msg in msg_list:
                db_msg = Status_Message(
                    id=get_bytes_from_uuid(msg.id),
                    level=Status_Message.get_level_integer_from_string(
                        msg.level),
                    type=msg.type,
                    message_role=msg.message_role,
                    action_role=msg.action_role,
                    title=msg.title,
                    description=msg.description,
                    actions=msg.actions,
                    alternative_actions=msg.alternative_actions,
                    source=msg.source)
                db.session.merge(db_msg)  # insert or update
            # remove those messages that have been dissapeared
            messsages_ids_str = ','.join(
                ["'%s'" % msg.id.replace('-', '').upper() for msg in msg_list])
            cmd = "delete from status_message  where  hex(id) not in (%s) and source='monitor'" % (
                messsages_ids_str)
            db.session.connection(mapper=Status_Message).execute(cmd)
            #cmd = "delete current_status from current_status left join status_message on current_status.message_id=status_message.id where status_message.id is null;"
            #db.session.connection(mapper=Current_Status).execute(cmd)
            #success, result = purge_current_status_messages()
            db.session.commit()
    except Exception, e:
        success = False
        result = "[load_messages_to_db] Error: %s" % str(e)
        db.session.rollback()
コード例 #23
0
ファイル: system.py プロジェクト: zoe-mora-imdc/Ossim
def get_system_ip_from_system_id(system_id, output='str', local_loopback=True):
    """
    Return the ip of a system using its id.
    """
    try:
        if is_local(system_id):
            success, system_ip = get_system_ip_from_local(
                output='bin', local_loopback=local_loopback)
            if not success:
                return success, system_ip

        else:
            system_id_bin = get_bytes_from_uuid(system_id.lower())
            system = db.session.query(System).filter(
                System.id == system_id_bin).one()
            system_ip = system.vpn_ip if system.vpn_ip else system.admin_ip
    except NoResultFound, msg:
        return False, "No system found with id '%s'" % str(system_id)
コード例 #24
0
ファイル: host.py プロジェクト: hellogitcn/ossim-1
def get_host_by_host_id(host_id):
    """
    Returns a Host object given its host_id
    Args:
        host_id (uuid): Host ID
    Return:
        Tuple (boolean,data)
        - boolean indicates whether the operation was successful or not
        - data will contain the data in case the operation was successful,
          or the error string otherwise
    """

    host_id_bin = get_bytes_from_uuid(host_id)

    try:
        host = db.session.query(Host).filter(Host.id == host_id_bin).one()
    except NoResultFound, msg:
        return (True, None)
コード例 #25
0
ファイル: api.py プロジェクト: vitty84/alienvault-ossim
def save_monitor_data(monitor_id, component_id, component_type, data):
    result = True
    try:
        db.session.begin()
        monitor_data = Monitor_Data()
        monitor_data.component_id = get_bytes_from_uuid(component_id)
        monitor_data.timestamp = datetime.now()
        monitor_data.monitor_id = monitor_id
        monitor_data.data = data
        monitor_data.component_type = component_type
        db.session.add(monitor_data)
        db.session.commit()
    except Exception:
        import traceback
        print traceback.format_exc()
        db.session.rollback()
        result = False

    return result
コード例 #26
0
def then_very_component_id_and_levels(context, var_cid, var_info):
    q = db.session.query(Current_Status).filter(
        Current_Status.component_id == get_bytes_from_uuid(
            context.alienvault[var_cid]))
    levels = var_info.split(",")
    f = [Current_Status.message.has(level=x) for x in levels]
    q = q.filter(or_(*f))
    results = q.all()
    #print [x.serialize for x in results]
    total = len(results)
    j = json.loads(context.result.getvalue())
    resp_total = j['data']['total']
    assert_equal(total, int(resp_total))
    for msg in j['data']['messages']:
        assert msg['component_id'] == context.alienvault[
            var_cid], "Bad component_id in response from API: %s" % msg[
                'component_id']
        assert (msg['message_level']
                in levels) == True, "Bad level %s" % msg['message_level']
コード例 #27
0
ファイル: server.py プロジェクト: zoe-mora-imdc/Ossim
def db_get_server(server_id):
    """
    Return the Server db object with server_id
    """
    server = None

    if server_id.lower() == 'local':
        success, server_id = get_server_id_from_local()
        if not success:
            api_log.error(str(server_id))
            return False, server_id

    try:
        server_id_bin = get_bytes_from_uuid(server_id)
        server = db.session.query(Server).filter(
            Server.id == server_id_bin).one()
    except NoResultFound, msg:
        return (False,
                "No server entry found with server id '%s'" % str(server_id))
コード例 #28
0
    def get_control_node(self):
        server_id = self.__config_repository.get_config(CONFIG_SERVER_ID).value
        software_version = self.__config_repository.get_config(
            CONFIG_VERSION).value
        system = self.__system_repository.get_system()
        server = self.__server_repository.get_server(
            get_bytes_from_uuid(server_id))
        contact_person = self.__contact_person_repository.get_contact_person()
        platform = self.__platform_repo.get_platform(system.admin_ip)

        # Public IP is configured on AMI systems only and should be used as a control node's IP for such systems.
        # For other systems, high availability configuration IP (if configured) has more priority than admin IP.
        control_node_ip = platform and platform.public_ip or system.ha_ip or system.admin_ip

        return self.__model_constructor(
            system.id, system.name, server.descr, platform and platform.name,
            platform and platform.appliance_type, software_version, platform
            and platform.threat_intelligence_version, contact_person
            and contact_person.email, contact_person and contact_person.name,
            control_node_ip, system.vpn_ip)
コード例 #29
0
 def append_monitor_object(self, component_id, component_type, data):
     """
     Save the monitor data.
     :param component_id: The component id - uuid canonical string
     :param component_type: Component type (see Component Types)
     :param data: The monitor json data.
     :return: True is successful, False otherwise
     """
     return_value = True
     try:
         monitor_data = Monitor_Data()
         monitor_data.component_id = get_bytes_from_uuid(component_id)
         monitor_data.timestamp = datetime.now()
         monitor_data.monitor_id = self.monitor_id
         monitor_data.data = data
         monitor_data.component_type = component_type
         #db.session.add(monitor_data)
         self.monitor_objects.append(monitor_data)
     except Exception:
         return_value = False
     return return_value
コード例 #30
0
    def get_system(self):
        _, system_id = get_system_id_from_local()
        system_id_bin = get_bytes_from_uuid(system_id)
        system_info = db.session.query(
            System.name,
            System.admin_ip,
            System.vpn_ip,
            System.ha_ip
        ).filter(System.id == system_id_bin).one()

        system_name = system_info[0]
        system_admin_ip = get_ip_str_from_bytes(system_info[1])
        system_vpn_ip = get_ip_str_from_bytes(system_info[2])
        system_ha_ip = get_ip_str_from_bytes(system_info[3])

        return self._system_constructor(
            system_id,
            system_name,
            system_admin_ip,
            system_vpn_ip,
            system_ha_ip
        )
コード例 #31
0
def load_external_messages_on_db(messages):
    """Loads the downloaded messages into the database"""
    message_list = []
    messages_to_be_removed = []
    for message in messages:
        msg_id_binary = get_bytes_from_uuid(str(message['msg_id']))
        if message['status'] == 'delete':
            messages_to_be_removed.append(msg_id_binary)
            continue
        message_list.append(message)
    success = True
    data = ""
    if len(message_list) > 0:
        success, data = load_mcserver_messages(message_list)
    success_remove = True
    data_remove = ""
    if len(messages_to_be_removed) > 0:
        success_remove, data_remove = delete_messages(messages_to_be_removed)
    return ((success and success_remove), {
        'loaded': data,
        'removed': data_remove
    })
コード例 #32
0
def when_select_random_asset (context,var_type,var_uuid):
    # First, select net,host,system,server,user,sensor
    value = None
    while  value is None:
        asset = var_type
        try:
            value = {
                'user': str(uuid.UUID(db.session.query(Users).order_by(func.rand()).limit(1).one().serialize['uuid'])),
                'net' : str(uuid.UUID(db.session.query(Net).order_by(func.rand()).limit(1).one().serialize['id'])),
                'host': str(uuid.UUID(db.session.query(Host).order_by(func.rand()).limit(1).one().serialize['id'])),
                'sensor': str(uuid.UUID(db.session.query(Sensor).order_by(func.rand()).limit(1).one().serialize['id'])),
                'system': str(uuid.UUID(db.session.query(System).order_by(func.rand()).limit(1).one().serialize['uuid'])),
                'server': str(uuid.UUID(db.session.query(Server).order_by(func.rand()).limit(1).one().serialize['id'])),
    
          }.get(asset)
        except NoResultFound:
            assert None,"No asset of type '%s' in system" % asset
        # Verify if the hosts is in the current_status
        q = db.session.query(Current_Status).filter(Current_Status.component_id == get_bytes_from_uuid (value)).all()
        if len(q) == 0:
            value = None
            
    context.alienvault[var_uuid] = value
コード例 #33
0
def get_sensor_by_sensor_id(sensor_id):
    """Returns a Sensor object given a Sensor ID"""
    try:
        # Getting Sensor ID for local system
        if sensor_id.lower() == 'local':
            (success, system_id) = get_system_id_from_local()

            if not success:
                raise APICannotResolveLocalSystemID()

            (success,
             local_sensor_id) = get_sensor_id_from_system_id(system_id)

            if success and local_sensor_id:
                sensor_id = local_sensor_id

        if not is_valid_uuid(sensor_id):
            raise APICannotResolveSensorID(sensor_id)

        # Getting sensor information
        success = True
        sensor_id_bin = get_bytes_from_uuid(sensor_id.lower())
        data = db.session.query(Sensor).filter(
            Sensor.id == sensor_id_bin).one()
    except NoResultFound:
        success = False
        data = "No sensor found with the given ID"
    except MultipleResultsFound:
        success = False
        data = "More than one sensor found with the given ID"
    except Exception as ex:
        db.session.rollback()
        success = False
        data = "Something wrong happen while retrieving the sensor {0}".format(
            ex)

    return success, data
コード例 #34
0
ファイル: system.py プロジェクト: hellogitcn/ossim-1
def has_forward_role(server_id):
    """Check if server_id has forward role

    Checks the Server_Forward_Role table and returns True/False depending
    on wether the server_id appears as server_src_id on that table

    Args:
        server_id (str): server_id to check for forward role

    Returns:
        bool: True if server_id has forward role, False elsewhere

    """
    is_forwarder = False

    try:
        forwarder_id = db.session.query(Server_Forward_Role).filter(
            Server_Forward_Role.server_src_id == get_bytes_from_uuid(
                server_id)).first()
        if forwarder_id:
            is_forwarder = True
    except Exception, e:
        api_log.error(
            "An error occurred when checking server_forward_role: %s" % str(e))
コード例 #35
0
    def set_up_db_schema(self):
        self.cursor.execute("""
           CREATE TABLE `sensor` (
          `id` binary(16) NOT NULL,
          `name` varchar(64) NOT NULL,
          `ip` varbinary(16) DEFAULT NULL,
          `priority` smallint(6) NOT NULL,
          `port` int(11) NOT NULL,
          `connect` smallint(6) NOT NULL,
          `descr` varchar(255) NOT NULL,
          `tzone` float NOT NULL DEFAULT '0',
          PRIMARY KEY (`id`)
        ) ENGINE=InnoDB DEFAULT CHARSET=utf8
        """)
        self.cursor.execute(
            """
           CREATE TABLE `sensor_properties` (
          `sensor_id` binary(16) NOT NULL,
          `version` varchar(64) NOT NULL,
          `has_nagios` tinyint(1) NOT NULL DEFAULT '1',
          `has_ntop` tinyint(1) NOT NULL DEFAULT '1',
          `has_vuln_scanner` tinyint(1) NOT NULL DEFAULT '1',
          `has_kismet` tinyint(1) NOT NULL DEFAULT '0',
          `ids` tinyint(1) NOT NULL DEFAULT '0',
          `passive_inventory` tinyint(1) NOT NULL DEFAULT '0',
          `netflows` tinyint(1) NOT NULL DEFAULT '0',
          PRIMARY KEY (`sensor_id`)
        ) ENGINE=InnoDB DEFAULT CHARSET=utf8
            """
        )
        self.cursor.execute(
            """
          CREATE TABLE `config` (
          `conf` varchar(255) NOT NULL,
          `value` text CHARACTER SET latin1 COLLATE latin1_general_ci,
          PRIMARY KEY (`conf`)
        ) ENGINE=InnoDB DEFAULT CHARSET=utf8
            """
        )

        self.expected_sensor_id = str(uuid.uuid4())
        self.expected_name = 'sensor_name'
        self.expected_is_connected = True
        self.expected_descr = 'sensor description'
        self.cursor.execute("""
        INSERT INTO sensor (id, name, ip, priority, port, connect, descr)
        VALUES (%s, %s, %s, %s, %s, %s, %s)""", (
            get_bytes_from_uuid(self.expected_sensor_id),
            self.expected_name,
            socket.inet_aton(self.expected_ip),
            1,
            8080,
            0,
            self.expected_descr
        ))

        self.expected_software_version = '100500'
        self.cursor.execute("""
                INSERT INTO sensor_properties (sensor_id, version)
                VALUES (%s, %s)
                """, (
            get_bytes_from_uuid(self.expected_sensor_id),
            self.expected_software_version
        ))

        self.expected_platform_name = 'alienvault-hyperv'
        self.expected_platform_by_ansible = 'alienvault-hyperv'
        self.expected_appliance_type_by_ansible = 'alienvault-vmware-aio-6x1gb'
        self.expected_intelligence_version = '100501'

        self.db.commit()
コード例 #36
0
def given_gen_status_message(context, var_n):
    db.session.query(
        Current_Status).delete()  # Delete all current_status entries
    total = 0
    total_msg = _return_total_status()
    assert int(
        var_n
    ) <= total_msg, "We don't have enought messages and asset to generate %d current_status entries " % int(
        var_n)
    while total < int(var_n):
        ctype = random.choice(
            ['net', 'host', 'user', 'sensor', 'server', 'system'])

        entry = Current_Status()
        try:
            c_id = {
                'user':
                str(
                    uuid.UUID(
                        db.session.query(Users).order_by(
                            func.rand()).limit(1).one().serialize['uuid'])),
                'net':
                str(
                    uuid.UUID(
                        db.session.query(Net).order_by(
                            func.rand()).limit(1).one().serialize['id'])),
                'host':
                str(
                    uuid.UUID(
                        db.session.query(Host).order_by(
                            func.rand()).limit(1).one().serialize['id'])),
                'sensor':
                str(
                    uuid.UUID(
                        db.session.query(Sensor).order_by(
                            func.rand()).limit(1).one().serialize['id'])),
                'system':
                str(
                    uuid.UUID(
                        db.session.query(System).order_by(
                            func.rand()).limit(1).one().serialize['uuid'])),
                'server':
                str(
                    uuid.UUID(
                        db.session.query(Server).order_by(
                            func.rand()).limit(1).one().serialize['id'])),
            }.get(ctype)
        except NoResultFound:
            assert None, "Can't load a asset of type '%s'" % ctype
    # We have now the component_id
    # Select a msg_id
        try:
            msg_entry = db.session.query(Status_Message).order_by(
                func.rand()).limit(1).one().serialize
        except NoResultFound:
            assert None, "Can't load a message entry"
        entry.id = get_bytes_from_uuid(str(uuid.uuid1()))
        entry.message_id = get_bytes_from_uuid(msg_entry['id'])
        entry.component_id = get_bytes_from_uuid(c_id)
        entry.component_type = ctype
        entry.viewed = random.choice([True, False])
        entry.additional_info = """{"msg_id": "Random generate message"}"""
        # check
        q = db.session.query(Current_Status).filter(
            and_(Current_Status.message_id == entry.message_id,
                 Current_Status.component_id == entry.component_id)).all()
        if len(q) > 0:
            continue
        db.session.begin()
        db.session.merge(entry)
        db.session.commit()
        total = total + 1
コード例 #37
0
def given_gen_status_message(context, var_n, var_type):
    db.session.query(
        Current_Status).delete()  # Delete all current_status entries
    ctypes = var_type.split(",")
    total = 0
    while (total < 100):
        ctype = random.choice(ctypes)

        assert (ctype in ['net', 'host', 'user', 'sensor', 'server',
                          'system']) == True, "Unknown type '%s'" % ctype
        entry = Current_Status()
        # Select a entry
        try:
            c_id = {
                'user':
                str(
                    uuid.UUID(
                        db.session.query(Users).order_by(
                            func.rand()).limit(1).one().serialize['uuid'])),
                'net':
                str(
                    uuid.UUID(
                        db.session.query(Net).order_by(
                            func.rand()).limit(1).one().serialize['id'])),
                'host':
                str(
                    uuid.UUID(
                        db.session.query(Host).order_by(
                            func.rand()).limit(1).one().serialize['id'])),
                'sensor':
                str(
                    uuid.UUID(
                        db.session.query(Sensor).order_by(
                            func.rand()).limit(1).one().serialize['id'])),
                'system':
                str(
                    uuid.UUID(
                        db.session.query(System).order_by(
                            func.rand()).limit(1).one().serialize['uuid'])),
                'server':
                str(
                    uuid.UUID(
                        db.session.query(Server).order_by(
                            func.rand()).limit(1).one().serialize['id']))
            }.get(ctype)
        except NoResultFound:
            assert None, "Can't load a asset of type '%s'" % ctype
    # We have now the component_id
    # Select a msg_id
        try:
            msg_entry = db.session.query(Status_Message).order_by(
                func.rand()).limit(1).one().serialize
        except NoResultFound:
            assert None, "Can't load a message entry"
        entry.id = get_bytes_from_uuid(str(uuid.uuid1()))
        entry.message_id = get_bytes_from_uuid(msg_entry['id'])
        entry.component_id = get_bytes_from_uuid(c_id)

        entry.component_type = ctype
        entry.viewed = False
        entry.suppressed = False
        entry.additional_info = """{"id": "Random generate message"}"""
        db.session.begin()
        db.session.merge(entry)
        db.session.commit()
        total = total + 1
コード例 #38
0
ファイル: host.py プロジェクト: zoe-mora-imdc/Ossim
def get_host_by_host_id(host_id):
    """
    Returns a Host object given its host_id
    Args:
        host_id (uuid): Host ID
    Return:
        Tuple (boolean,data)
        - boolean indicates whether the operation was successful or not
        - data will contain the data in case the operation was successful,
          or the error string otherwise
    """

    host_id_bin = get_bytes_from_uuid(host_id)

    try:
        host = db.session.query(Host).filter(Host.id == host_id_bin).one()
    except NoResultFound:
        return True, None
    except Exception as err_detail:
        return False, "Error captured while querying for host id '%s': %s" % (
            str(host_id), str(err_detail))

    # Build the output
    host_output = {}
    if host is not None:

        host_dict = host.__dict__
        for key, value in host_dict.iteritems():
            if key in ('_sa_instance_state', ):
                continue
            if key in ('ctx', 'id'):
                host_output[key] = get_uuid_string_from_bytes(value)
                continue
            if key == "permissions":
                host_output[key] = str(value)
            if key == 'asset':
                host_output['asset_value'] = value
            else:
                host_output[key] = value

        host_output['os'] = ""
        host_output['model'] = ""
        for host_property in host.host_properties:
            if host_property.property_ref == 3:
                host_output['os'] = host_property.value
                continue
            if host_property.property_ref == 14:
                host_output['model'] = host_property.value
                continue

        host_output['ips'] = [
            get_ip_str_from_bytes(x.ip) for x in host.host_ips
        ]
        host_output['sensors'] = [
            get_uuid_string_from_bytes(x.sensor_id)
            for x in host.host_sensor_reference
        ]
        host_output['services'] = [x.service for x in host.host_services]
        host_output['networks'] = [
            get_uuid_string_from_bytes(x.net_id)
            for x in host.host_net_reference
        ]

    return True, host_output
コード例 #39
0
def then_current_status_verify (context,var_uuid):
    q =  db.session.query(Current_Status).filter ( Current_Status.component_id ==  get_bytes_from_uuid (context.alienvault[var_uuid])).all()
    assert_equal (0, len(q),"Not all current_status messages deleted")
コード例 #40
0
def then_monitor_data_verify (context,var_uuid):
    q = db.session.query(Monitor_Data).filter (Monitor_Data.component_id ==  get_bytes_from_uuid (context.alienvault[var_uuid])).all()
    assert_equal (0, len(q),"Not all monitor_data messages deleted")
コード例 #41
0
ファイル: system.py プロジェクト: hellogitcn/ossim-1
                System.profile.ilike(system_type)).all()
        else:
            system_list = db.session.query(System).filter(
                System.profile.ilike('%' + system_type + '%')).all()
    except Exception, msg:
        db.session.rollback()
        return False, "Error while querying for '%s' systems: %s" % (
            system_type if system_type != '' else 'all', str(msg))

    if directly_connected:
        try:
            server_ip = get_ip_bin_from_str(
                db.session.query(Config).filter(
                    Config.conf == 'server_address').one().value)
            server_id = get_bytes_from_uuid(
                db.session.query(Config).filter(
                    Config.conf == 'server_id').one().value)
            connected_servers = [
                x.child_id for x in db.session.query(Server_Hierarchy).filter(
                    Server_Hierarchy.parent_id == server_id).all()
            ]
            connected_servers.append(server_id)
        except Exception, msg:
            db.session.rollback()
            return False, "Error while querying for server: '%s'" % str(msg)

        if not system_type or system_type.lower() == 'server':
            system_list = filter(
                lambda x: x.server_id in connected_servers or 'server' not in x
                .profile.lower(), system_list)
コード例 #42
0
ファイル: system.py プロジェクト: zoe-mora-imdc/Ossim
def then_verify_interfaces(context,var_uuid):
    j = json.loads(context.result.getvalue())
    print (j['data']['interfaces'])
    # Verify the correct json
    # Obtain admin_ip from database
    # Log into system, obtain interfaces list
    # Verify interface lists (copy the file from remote system)
    try:
        if context.alienvault[var_uuid] !='local':
            uuid = get_bytes_from_uuid(context.alienvault[var_uuid])
            admin_ip = db.session.query(System).filter(System.id == uuid).one().serialize.get("admin_ip")
        else:
            admin_ip = '127.0.0.1'

        r = re.compile(r'inet\s(.*?)/(.*?)\sbrd\s(.*?)\sscope')
        
        config = ConfigParser()
        assert config.read ("/etc/ansible/ansible.cfg")[0] == "/etc/ansible/ansible.cfg", "Can\'t load ansible.cfg file"
        sshkey = config.get("defaults","private_key_file")
        ssh = Popen(
            ["ssh", "-i", sshkey, "-l", "avapi", admin_ip, "/bin/cat /proc/net/dev"],
            shell=False, # this protects you against most of the risk associated with piping commands to the shell
            stdout=PIPE,
            stderr=PIPE
        )
        (stdoutdata, stderrdata) = ssh.communicate()
        lines = filter(None, stdoutdata.splitlines())
        iface_set = set ([x.split (':',2)[0].strip() for  x in  lines[2:]])
        iface_response = set (j['data']['interfaces'].keys())
        assert iface_set == iface_response, "Bad interfaces returnes from API"
        # Check the properties (ip etc )
        # Flags
        # obtain the flags
        flags = {}
        for iface in  iface_response:
            ssh = Popen(
                ["ssh", "-i", sshkey, "-l", "avapi", admin_ip, "/bin/cat /sys/class/net/%s/flags" % iface],
                shell=False,
                stdout=PIPE,
                stderr=PIPE
            )
            (stdoutdata, stderrdata) = ssh.communicate()
            flaglines = filter(None, stdoutdata.splitlines())
            flags[iface] = {'promisc':(int(flaglines[0].strip(),16) & IFF_PROMISC) == IFF_PROMISC}
            assert j['data']['interfaces'][iface]['promisc'] == flags[iface]['promisc'],"Bad interface promisc flag  API CALL= %s  System = %s " % (j['data']['interfaces'][iface]['promisc'], flags[iface]) 
            ssh = Popen(
                ["ssh", "-i", sshkey, "-l", "avapi", admin_ip, "/bin/ip addr show dev %s" % iface],
                shell=False,
                stdout=PIPE,
                stderr=PIPE
            )
            (stdoutdata, stderrdata) = ssh.communicate()
            ipaddr_lines = filter(None, stdoutdata.splitlines())
            for line in ipaddr_lines[2:]:
                m = r.match(line.strip())
                if m:
                    flags[iface]['ip'] = m.group(1)
                    v = (2**int(m.group(2)))-1
                    flags[iface]['mask'] = "%u.%u.%u.%u" % ((v & 0xFF), \
                                                          (v & 0xFF00) >> 8, \
                                                          (v & 0xFF0000) >> 16, \
                                                           (v & 0xFF000000) >> 24 )
                                                                                                                       
                    #print flags[iface]['mask']
                
                    flags[iface]['bcast'] = m.group(3)
                    assert j['data']['interfaces'][iface]['ipv4']['address'] == flags[iface]['ip'],"Bad address at iface %s" % iface
                    assert j['data']['interfaces'][iface]['ipv4']['netmask'] == flags[iface]['mask'],"Bad mask at iface %s" % iface
                
            
        #print flags     

        
        
    except NoResultFound:
        assert False,"Can't find sensor with uuid %s in database " % var_uuid
    except MultipleResultsFound, msg:
        assert False,"Multiples result for query. Internal database error uuid => %s" % var_uuid
コード例 #43
0
ファイル: data.py プロジェクト: zoe-mora-imdc/Ossim
def get_current_status_messages(component_id=None,
                                message_level=None,
                                order_by=None,
                                page=None,
                                page_row=None,
                                order_desc=None,
                                component_type=None,
                                message_id=None,
                                message_type=None,
                                search=None,
                                only_unread=None,
                                login_user=None,
                                is_admin=False):
    """Returns the list of current_status messages matching the given criteria.
    Args:
        component_id(UUID string): Component ID related with the message
        message_level(list<str>): Message level
        order_by(str): Current status field by which you want to sort the results.
        page(int): Page number
        page_row(int): Number of items per page
        order_desc(Boolean or None): Specify whether you want to sort the results in descendig order or not.
        component_type(str): Component Type related with the message
        message_id(UUID string): The message ID you are looking for
        message_type(list<str>): Kind of message you want to retrieve.
        search(str): It's a free text to search for message title
        only_unread(Boolean or None): If true, retrieve only unread messages
        login_user (admin): logged user on the system
        is_admin(bool): Whether the current user is admin or not.
    Returns:
       [Current_Status] A list of Current_Status Items

    """
    if login_user is None or login_user == "":
        return True, {'messages': {}, 'total': 0}

    query = db.session.query(Current_Status)
    # message_type and message_level are fields belonging to the related table status_message
    # We need to deal with this situation when we set the build the order_by clause
    if order_by is not None:
        if order_by not in ['message_level', 'message_type', 'message_title']:
            if order_desc:
                query = query.order_by(desc(order_by))
            else:
                query = query.order_by(asc(order_by))
        else:
            order_by_field = Status_Message.type
            if order_by == 'message_level':
                order_by_field = Status_Message.level
            if order_by == 'message_title':
                order_by_field = Status_Message.title
            if order_desc:
                query = query.join(Status_Message).order_by(
                    desc(order_by_field))
            else:
                query = query.join(Status_Message).order_by(
                    asc(order_by_field))

    if login_user != "admin" and not is_admin:  # neither user admin nor is_admin
        query = query.join(
            UserPermissions,
            UserPermissions.component_id == Current_Status.component_id)
        query = query.filter(and_(UserPermissions.login == login_user))
    query = query.order_by(asc(Current_Status.viewed))

    if component_id is not None:
        query = query.filter(
            and_(Current_Status.component_id == get_bytes_from_uuid(
                component_id)))
    if message_id is not None:
        query = query.filter(
            and_(Current_Status.message_id == get_bytes_from_uuid(message_id)))
    if message_level is not None:
        new_filter = [
            Current_Status.message.has(
                Status_Message.level.like(
                    Status_Message.get_level_integer_from_string(x)))
            for x in message_level
        ]
        query = query.filter(or_(*new_filter))
    if message_type is not None:
        new_filter = [
            Current_Status.message.has(Status_Message.type.like(x))
            for x in message_type
        ]
        query = query.filter(or_(*new_filter))
    if component_type is not None:
        query = query.filter(
            and_(Current_Status.component_type == component_type))
    if search is not None:
        query = query.filter(
            or_(
                Current_Status.message.has(
                    Status_Message.title.like("%" + search + "%")),
                Current_Status.message.has(
                    Status_Message.description.like("%" + search + "%"))))
    if only_unread:
        query = query.filter(and_(Current_Status.viewed == 0))

    query = query.filter(
        or_(Current_Status.suppressed == None, Current_Status.suppressed == 0))
    # Always order by creationtime
    if order_by != "creation_time":
        query = query.order_by(desc(Current_Status.creation_time))
    msgs = {}
    total = 0

    try:
        if page is None:  # return all
            data = query.all()
            msgs = [x.serialize for x in data]
            total = len(data)
        else:
            current_page = paginate(query, page, page_row, error_out=False)
            msgs = [x.serialize for x in current_page['items']]
            total = current_page['total']
    except Exception as err:
        api_log.error("status: get_status_messages: %s" % format_exc())
        return False, "Internal error %s" % str(err)

    return True, {'messages': msgs, 'total': total}
コード例 #44
0
ファイル: data.py プロジェクト: zoe-mora-imdc/Ossim
def load_mcserver_messages(message_list):
    """Adds or updates messages coming from the mcserver

    Args:
        message_list[Status_Message]

    Returns:
        success (bool): True if successful, False elsewhere
        result  (str): Error message (if any)
    """
    result = ""
    success = True
    try:
        db.session.begin()
        for msg in message_list:
            msg_id_str = str(msg['msg_id'])
            msg_id_binary = get_bytes_from_uuid(msg_id_str)
            additional_info_json = ""
            if msg['additional_info'] is not None and msg[
                    'additional_info'] != "":
                try:
                    additional_info_json = json.dumps(msg['additional_info'])
                except Exception as e:
                    api_log.warning(
                        "Message with an invalid additional_info %s -  %s" %
                        (msg_id_str, str(e)))
                    additional_info_json = ""
            success, status_message = get_status_message_from_id(
                message_id=msg_id_binary, is_admin=True, serialize=False)
            if success:
                #update values:
                status_message.level = Status_Message.get_level_integer_from_string(
                    str(msg['level']))
                status_message.title = msg['title']
                status_message.description = msg['description']
                status_message.type = msg['type']
                success, current_status_message = get_current_status_from_message_id(
                    msg_id_str)
                if not success or len(current_status_message) != 1:
                    api_log.error(
                        "Invalid external message %s. Current_Status: %s, tuples(%s)"
                        % (msg_id_str, success, len(current_status_message)))
                    continue
                current_status_message[
                    0].additional_info = additional_info_json
                db.session.merge(current_status_message[0])
                db.session.merge(status_message)
            else:
                new_msg = Status_Message()
                new_msg.id = msg_id_binary
                new_msg.level = Status_Message.get_level_integer_from_string(
                    str(msg['level']))
                new_msg.title = msg['title']
                new_msg.description = msg['description']
                new_msg.type = msg['type']
                new_msg.expire = datetime.strptime(msg['valid_to'],
                                                   "%Y-%m-%dT%H:%M:%S")
                new_msg.actions = ""
                new_msg.alternative_actions = ""
                new_msg.source = "external"
                current_status_message = Current_Status()
                current_status_message.id = uuid4().bytes
                current_status_message.component_type = 'external'
                current_status_message.creation_time = datetime.strptime(
                    msg['valid_from'], "%Y-%m-%dT%H:%M:%S")
                current_status_message.message_id = new_msg.id
                current_status_message.additional_info = ""
                current_status_message.suppressed = 0
                current_status_message.viewed = 0
                current_status_message.additional_info = additional_info_json
                db.session.add(new_msg)
                db.session.add(current_status_message)
        db.session.commit()
    except Exception, e:
        success = False
        result = "[load_mcserver_messages(] Error: %s" % str(e)
        db.session.rollback()
コード例 #45
0
ファイル: host.py プロジェクト: hellogitcn/ossim-1
def create_host(ips, sensor_id, hostname='', fqdns='', asset_value=2, threshold_c=30, threshold_a=30, alert=0, persistence=0, nat=None,
                rrd_profile=None, descr='', lat=0, lon=0, icon=None, country=None, external_host=0, permissions=0, av_component=0, output='str', refresh=False):
    """
    Creates a new host in the database
     Args:
        Host data
     Return:
        Tuple (boolean, msg)
        - boolean indicates whether the operation was successful or not
        - msg will be the host ID,
           or the error string otherwise
    """

    if len(ips) == 0:
        return False, "At least one IP is required"

    succes, ctx = get_sensor_ctx_by_sensor_id(sensor_id)

    if not is_valid_uuid(ctx):
        return False, "ctx is not a valid canonical uuid"

    ctx = get_bytes_from_uuid(ctx)

    host_id = str(uuid.uuid4())

    if hostname == '':
        hostname = "Host-%s" % (ips[0].replace(".", "-"))

    try:
        db.session.begin()
        for host_ip in ips:
            host_ip_object = Host_Ip(host_id=get_bytes_from_uuid(host_id),
                                     ip=get_ip_bin_from_str(host_ip),
                                     mac=None,
                                     interface=None)
            db.session.merge(host_ip_object)

        host = Host(id=get_bytes_from_uuid(host_id),
                    ctx=ctx,
                    hostname=hostname,
                    fqdns=fqdns,
                    asset=asset_value,
                    threshold_c=threshold_c,
                    threshold_a=threshold_a,
                    alert=alert,
                    persistence=persistence,
                    nat=nat,
                    rrd_profile=rrd_profile,
                    descr=descr,
                    lat=lat,
                    lon=lon,
                    icon=icon,
                    country=country,
                    external_host=external_host,
                    permissions=permissions,
                    av_component=av_component)

        db.session.merge(host)

        hs_reference = Host_Sensor_Reference(host_id=get_bytes_from_uuid(host_id),
                                             sensor_id=get_bytes_from_uuid(sensor_id))
        db.session.merge(hs_reference)

        db.session.commit()

    except Exception, msg:
        db.session.rollback()
        message = "There was a problem adding new Host %s to the database: %s" % (hostname, str(msg))
        api_log.error(message)
        return False, message