def put_sensor_detector(sensor_id): """ Set the [sensor]/detectors list on ossim_setup.conf of the sensor """ # Get the 'plugins' param list, with contains the detector plugins # It must be a comma separate list plugins = request.args.get('plugins') if plugins is None: current_app.logger.error( "detector: put_sensor_detector error: Missing parameter 'plugins'") return make_bad_request("Missing parameter plugins") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error( "detector: put_sensor_detector error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") (success, data) = set_sensor_detectors(sensor_ip, plugins) if not success: current_app.logger.error("detector: put_sensor_detector error %s" % data) return make_error("Error setting sensor detector plugins", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def put_sensor_interface(sensor_id): """ Set the [sensor]/interfaces list on ossim_setup.conf of the sensor """ # Get the 'ifaces' param list, with contains the ifaces # It must be a comma separate list ifaces = request.args.get('ifaces') if ifaces is None: current_app.logger.error("interfaces: put_sensor_interface error: Missing parameter 'ifaces'") return make_bad_request("Missing parameter ifaces") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error("interfaces: put_sensor_interface error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") # Call the ansible module to obtain the [sensor]/iface (success, data) = set_sensor_interfaces(sensor_ip, ifaces) if not success: current_app.logger.error("interfaces: put_sensor_interfaces_from_conf error: %s" % data) return make_error("Error setting sensor interfaces", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def alienvault_reconfig(system_ip,operation,jobid): current_job_id = None is_finished = False job_status = None job_data = None jobs_active = None job = None msg = "" if operation == "start": print "Starting a new job..." job = alienvault_reconfigure.delay(system_ip) msg ="Job launched!" elif operation == "status": print "Status..." job = AsyncResult(jobid,backend=alienvault_reconfigure.backend) elif operation == "list": i = inspect() jobs_active = i.active() else: print "operation (%s) not allowed!!" % operation if job: current_job_id = job.id job_data = job.info job_status = job.status return make_ok(job_id=current_job_id, finished=is_finished, status=job_status, task_data=job_data, active_jobs=jobs_active, message=msg)
def put_sensor_detector(sensor_id): """ Set the [sensor]/detectors list on ossim_setup.conf of the sensor """ # Get the 'plugins' param list, with contains the detector plugins # It must be a comma separate list plugins = request.args.get('plugins') if plugins is None: current_app.logger.error("detector: put_sensor_detector error: Missing parameter 'plugins'") return make_bad_request("Missing parameter plugins") (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: current_app.logger.error("detector: put_sensor_detector error: Bad 'sensor_id'") return make_bad_request("Bad sensor_id") (success, data) = set_sensor_detectors(sensor_ip, plugins) if not success: current_app.logger.error("detector: put_sensor_detector error %s" % data) return make_error("Error setting sensor detector plugins", 500) # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def alienvault_reconfig(system_ip, operation, jobid): current_job_id = None is_finished = False job_status = None job_data = None jobs_active = None job = None msg = "" if operation == "start": print "Starting a new job..." job = alienvault_reconfigure.delay(system_ip) msg = "Job launched!" elif operation == "status": print "Status..." job = AsyncResult(jobid, backend=alienvault_reconfigure.backend) elif operation == "list": i = inspect() jobs_active = i.active() else: print "operation (%s) not allowed!!" % operation if job: current_job_id = job.id job_data = job.info job_status = job.status return make_ok(job_id=current_job_id, finished=is_finished, status=job_status, task_data=job_data, active_jobs=jobs_active, message=msg)
def set_sensor_network(sensor_id): netlist = request.args.get('nets').split(",") (ret, admin_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not ret: current_app.logger.error("sensor: auth_sensor error: " + str(admin_ip)) return make_bad_request(sensor_id) (success, data) = set_sensor_networks(admin_ip, netlist) if not success: current_app.logger.error("sensor: Can't set sensor networks to " + str(netlist)) return make_bad_request(sensor_id) # Launch configure job = alienvault_reconfigure.delay(admin_ip) # Now format the list by a dict which key is the sensor_id and the value if the list of ifaces return make_ok(job_id_reconfig=job.id)
def set_interfaces_roles(system_id, interfaces): """ Set roles for the system network interfaces. """ (success, ip) = ret = get_system_ip_from_system_id (system_id) if not success: return ret # Flush caches flush_cache(namespace="sensor_network") # Next verify that the interfaces param exists, correct decode a base64 string # and this string is a json object (success, msg) = ret = ansiblemethods.system.network.set_interfaces_roles(ip, interfaces) if not success: return ret job = alienvault_reconfigure.delay(ip) if job.state is 'FAILURE': return (False, "Can't start task to delete orphan status message") return (True, job.id)
def sync_asec_plugins(plugin=None, enable=True): """ Send the ASEC generated plugins to the system sensors and enable them Args: plugin: plugin name enable: wether we should enable the plugin or not. Default = True Returns: success (bool): msg (str): Success message/Error info """ if not plugin: return False, "No plugin to sync" try: plugin_path = "/var/lib/asec/plugins/" + plugin + ".cfg" sql_path = plugin_path + ".sql" sensors = [] (success, sensors) = get_systems(system_type='sensor') if not success: return False, "Unable to get sensors list: %s" % sensors # Bug in ansible copy module prevents us from copying the files from # /var/lib/asec/plugins as it has permissions 0 for "other" # Workaround: make a local copy using ansible command module plugin_tmp_path = "/tmp/" + plugin + ".cfg" sql_tmp_path = plugin_tmp_path + ".sql" success, local_ip = get_system_ip_from_local() if not success: error_msg = "[ansible_install_plugin] " + \ "Failed to make get local IP: %s" % local_ip return False, error_msg (success, msg) = local_copy_file(local_ip, plugin_path, plugin_tmp_path) if not success: error_msg = "[ansible_install_plugin] " + \ "Failed to make temp copy of plugin file: %s" % msg return False, error_msg (success, msg) = local_copy_file(local_ip, sql_path, sql_tmp_path) if not success: error_msg = "[ansible_install_plugin] " + \ "Failed to make temp copy of sql file: %s" % msg return False, error_msg all_ok = True for (sensor_id, sensor_ip) in sensors: (success, msg) = ansible_install_plugin(sensor_ip, plugin_tmp_path, sql_tmp_path) if success and enable: # Get list of active plugins and add the new one. # Then send the list back to the sensor? (success, data) = get_sensor_detectors(sensor_ip) if success: data['sensor_detectors'].append(plugin) sensor_det = ','.join(data['sensor_detectors']) (success, msg) = set_sensor_detectors(sensor_ip, sensor_det) if not success: error_msg = "[sync_asec_plugins] " + \ "Error enabling plugin %s " % plugin + \ "for sensor %s: %s" % (sensor_ip, msg) api_log.error(error_msg) all_ok = False else: # Now launch reconfig task job = alienvault_reconfigure.delay(sensor_ip) else: error_msg = "[sync_asec_plugins] " + \ "Error installing plugin %s " % plugin + \ "in sensor %s: %s" % (sensor_ip, msg) api_log.error(error_msg) all_ok = False # Delete temporal copies of the files remove_file([local_ip], plugin_tmp_path) remove_file([local_ip], sql_tmp_path) if not all_ok: error_msg = "Plugin %s installation failed " % plugin + \ "for some sensors" return False, error_msg info_msg = "Plugin %s installed. Enabled = %s" % (plugin, str(enable)) return True, info_msg except Exception as e: api_log.error("[sync_asec_plugins] Exception catched: %s" % str(e)) return False, "[sync_asec_plugins] Unknown error"