def ossec_get_configuration_rule(system_ip, rule_filename, destination_path=""): #file name validation: if not re.match(r'[A-Za-z0-9_\-]+\.xml', rule_filename): return False, "Invalid rule filename <%s> " % str(rule_filename) try: ossec_rule_path = "/var/ossec/rules/%s" % rule_filename if not os.path.exists(destination_path): return False, "Destination folder doesn't exists" # From ansible doc: Recursive fetching may be supported in a later release. response = _ansible.run_module( host_list=[system_ip], module="fetch", args="dest=%s src=%s flat=yes fail_on_missing=yes" % (destination_path, ossec_rule_path), use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, str(msg) success, result = set_ossec_file_permissions(destination_path + rule_filename) if not success: return False, str(result) except Exception as err: return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str( err) return True, destination_path + rule_filename
def apimethod_get_agentless_passlist(sensor_id): (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: return False, "Invalid sensor id %s" % sensor_id success, base_path = get_base_path_from_sensor_id(sensor_id) if not success: return False, "Can't retrieve the destination path: %s" % base_path destination_path = base_path + "/ossec/agentless/" success, msg = create_local_directory(destination_path) if not success: api_log.error(str(msg)) return False, "Error creating directory '%s'" % destination_path dst_filename = destination_path+".passlist" success, msg = ans_ossec_get_agentless_passlist(system_ip=system_ip, destination_path=dst_filename) if not success: if str(msg).find('the remote file does not exist') > 0: if touch_file(dst_filename): success = True msg = dst_filename success, result = set_ossec_file_permissions(dst_filename) if not success: return False, str(result) return success, msg
def ossec_get_server_config(sensor_id): (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: return False, "Invalid sensor id %s" % sensor_id success, ossec_directory = get_ossec_directory(sensor_id) if not success: api_log.error(str(ossec_directory)) return False, ossec_directory server_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_SERVER_FILE_NAME) success, filename = fetch_file(system_ip=system_ip, src_file_path=OSSEC_CONFIG_SERVER_PATH, dst_file_path=server_config_file, fail_on_missing=True, flat=True) if not success: if str(filename).find('the remote file does not exist') > 0: if touch_file(server_config_file): filename = server_config_file else: api_log.error(str(filename)) return False, "Something wrong happened getting the HIDS server configuration file" success, result = set_ossec_file_permissions(server_config_file) if not success: return False, str(result) return True, filename
def ossec_get_agent_config(sensor_id): (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: return False, "Invalid sensor id %s" % sensor_id success, ossec_directory = get_ossec_directory(sensor_id) if not success: api_log.error(str(ossec_directory)) return False, ossec_directory agent_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_AGENT_FILE_NAME) success, filename = fetch_file(system_ip=system_ip, src_file_path=OSSEC_CONFIG_AGENT_PATH, dst_file_path=agent_config_file, fail_on_missing=True, flat=True) try: if not success: if str(filename).find('the remote file does not exist') > 0: if touch_file(agent_config_file): success = True filename = agent_config_file except Exception as err: import traceback api_log.error("EX: %s, %s" % (str(err), traceback.format_exc())) if not success: api_log.error(str(filename)) return False, "Something wrong happened getting the HIDS agent configuration file" success, result = set_ossec_file_permissions(agent_config_file) if not success: return False, str(result) return True, filename
def ossec_get_agentless_passlist(system_ip, destination_path=""): try: agentless_passfile = "/var/ossec/agentless/.passlist" # From ansible doc: Recursive fetching may be supported in a later release. response = _ansible.run_module(host_list=[system_ip], module="fetch", args="dest=%s src=%s flat=yes fail_on_missing=yes" % (destination_path, agentless_passfile), use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, str(msg) success, result = set_ossec_file_permissions(destination_path) if not success: return False, str(result) except Exception as err: return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str(err) return True, destination_path
def ossec_get_agentless_passlist(system_ip, destination_path=""): try: agentless_passfile = "/var/ossec/agentless/.passlist" # From ansible doc: Recursive fetching may be supported in a later release. response = _ansible.run_module( host_list=[system_ip], module="fetch", args="dest=%s src=%s flat=yes fail_on_missing=yes" % (destination_path, agentless_passfile), use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, str(msg) success, result = set_ossec_file_permissions(destination_path) if not success: return False, str(result) except Exception as err: return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str( err) return True, destination_path
def ossec_get_configuration_rule(system_ip, rule_filename, destination_path=""): #file name validation: if not re.match(r'[A-Za-z0-9_\-]+\.xml', rule_filename): return False, "Invalid rule filename <%s> " % str(rule_filename) try: ossec_rule_path = "/var/ossec/alienvault/rules/%s" % rule_filename if not os.path.exists(destination_path): return False, "Destination folder doesn't exists" # From ansible doc: Recursive fetching may be supported in a later release. response = _ansible.run_module(host_list=[system_ip], module="fetch", args="dest=%s src=%s flat=yes fail_on_missing=yes" % (destination_path, ossec_rule_path), use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, str(msg) success, result = set_ossec_file_permissions(destination_path+rule_filename) if not success: return False, str(result) except Exception as err: return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str(err) return True,destination_path+rule_filename