def test(self):
if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu':
with self.get_tmp_dir(self.pk) as tmp_dir:
cmd1 = [settings.OSSEC_BINARY + "ossec-montord", "-t"]
cmd2 = [settings.OSSEC_BINARY + "ossec-remoted", "-t"]
response1 = process_cmd(cmd1, tmp_dir)
response2 = process_cmd(cmd2, tmp_dir)
if response1['status'] and response2['status']:
return True
else:
return False
else:
raise NotImplementedError
def list_agents(self):
if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu':
with self.get_tmp_dir(self.pk) as tmp_dir:
cmd = ["sudo", settings.OSSEC_BINARY, "list_agents", "-a"]
return process_cmd(cmd, tmp_dir)
else:
raise NotImplementedError
def install(self, version=settings.OSSEC_VERSION):
if self.server.os.name == 'debian' or self.server.os.name == 'ubuntu':
install_script = """
if [[ ! -d /var/ossec/bin/ ]] ; then
wget https://github.com/ossec/ossec-hids/archive/${version}.tar.gz
tar xf ${version}.tar.gz
cp probemanager/ossec/preloaded-vars-server.conf ossec-hids-${version}/etc/preloaded-vars.conf
chmod +x ossec-hids-${version}/etc/preloaded-vars.conf
(cd ossec-hids-${version}/ && sudo ./install.sh)
rm ${version}.tar.gz && rm -rf ossec-hids-${version}
sudo cp probemanager/ossec/ossec-conf-server.xml /var/ossec/etc/ossec.conf
sudo chown -R $(whoami) /var/ossec/
sudo chown $(whoami) /etc/ossec-init.conf
else
echo "Already installed"
exit 0
fi
"""
else:
raise NotImplementedError
t = Template(install_script)
try:
with self.get_tmp_dir(self.pk) as tmp_dir:
cmd = ["sh", "-c", "'" + t.substitute(version=version) + "'"]
return process_cmd(cmd, tmp_dir)
except Exception as e:
logger.exception('install failed')
return {'status': False, 'errors': str(e)}
def test(self):
with self.get_tmp_dir("test_sig") as tmp_dir:
rule_file = tmp_dir + str(self.sid) + ".sig"
with open(rule_file, 'w', encoding='utf_8') as f:
f.write(self.rule_full.replace('\r', ''))
cmd = [settings.BRO_BINARY,
'-s', rule_file,
'-r', settings.BASE_DIR + "/bro/tests/data/test-signature.pcap"
]
return process_cmd(cmd, tmp_dir, "error")
def test_process_cmd(self):
self.assertTrue(process_cmd(['ls'], settings.BASE_DIR)['status'])
self.assertTrue(
process_cmd(['echo', 'test'], settings.BASE_DIR, 'tset')['status'])
self.assertFalse(
process_cmd(['echo', 'test'], settings.BASE_DIR, 'test')['status'])
self.assertIn(
'',
process_cmd(['echo', 'test'], settings.BASE_DIR, 'test')['errors'])
self.assertFalse(process_cmd('exit 1', settings.BASE_DIR)['status'])
self.assertIn('No such file or directory',
process_cmd('exit 1', settings.BASE_DIR)['errors'])
self.assertFalse(process_cmd(['ls'], "erererer")['status'])
self.assertIn('No such file or directory',
process_cmd(['ls'], "erererer")['errors'])
def test(self):
with self.get_tmp_dir("test_conf") as tmp_dir:
# deploy conf in local
networks_cfg = tmp_dir + "networks.cfg"
with open(networks_cfg, 'w') as f:
f.write(self.networks_cfg_text.replace('\r', ''))
if os.path.exists(settings.BRO_CONFIG + "networks.cfg"):
copyfile(settings.BRO_CONFIG + "networks.cfg", settings.BRO_CONFIG + "networks.cfg.old")
copyfile(networks_cfg, settings.BRO_CONFIG + "networks.cfg")
cmd = [settings.BROCTL_BINARY,
'check'
]
response = process_cmd(cmd, tmp_dir, "failed")
# remove deployed conf in local by default
move(settings.BRO_CONFIG + "networks.cfg.old", settings.BRO_CONFIG + "networks.cfg")
return response
def test(self):
with self.get_tmp_dir("test_script") as tmp_dir:
value_scripts = ""
for script in ScriptBro.get_all():
if script.enabled:
value_scripts += script.rule_full.replace('\r', '') + '\n'
if self.rule_full.replace('\r', '') not in value_scripts:
value_scripts += self.rule_full.replace('\r', '') + '\n'
script_file = tmp_dir + "myscripts.bro"
with open(script_file, 'w', encoding='utf_8') as f:
f.write(value_scripts)
cmd = [settings.BRO_BINARY,
'-a',
script_file,
'-p', 'standalone', '-p', 'local', '-p', 'bro local.bro broctl broctl/standalone broctl/auto'
]
return process_cmd(cmd, tmp_dir, "error")
def test(self):
with self.get_tmp_dir(self.pk) as tmp_dir:
cmd = [settings.OSSEC_BINARY + "ossec-remoted", "-t"]
return process_cmd(cmd, tmp_dir)