def __init__(self, systemd_service, name, log_path=None, pid_file=None, stdout=True, verbose=False, pretty_print_status=False): log_level = logging.INFO if verbose: log_level = logging.DEBUG self.logger = get_logger(str(name).upper(), level=log_level, stdout=stdout) self.pid = None self.systemd_service = systemd_service self.name = name self.log_path = log_path self.pid_file = pid_file self.stdout = stdout self.verbose = verbose self.pretty_print_status = pretty_print_status self.sysctl = systemctl.SystemCtl() if pid_file: self.pid = self._get_pid(pid_file)
def setup_dynamited(self): env_file = os.path.join(const.CONFIG_PATH, 'environment') self.logger.info('Creating dynamited installation, configuration, and logging directories.') try: utilities.makedirs(os.path.join(self.install_directory, 'bin'), exist_ok=True) utilities.makedirs(self.configuration_directory, exist_ok=True) utilities.makedirs(os.path.join(self.log_directory, 'logs'), exist_ok=True) except Exception as e: self.logger.error('Failed to create required directory structure.') self.logger.debug("Failed to create required directory structure; {}".format(e)) raise dynamited_exceptions.InstallDynamiteDaemonError( "Failed to create required directory structure; {}".format(e)) try: dynamited_bin_path = os.path.join(const.INSTALL_CACHE, 'dynamited') shutil.copy(dynamited_bin_path, os.path.join(self.install_directory, 'bin', 'dynamited')) except Exception as e: self.logger.error('Failed to install dynamited.') self.logger.debug("Failed to install dynamited; {}".format(e)) raise dynamited_exceptions.InstallDynamiteDaemonError("Failed to install dynamited; {}".format(e)) try: dynamited_config_path = os.path.join(const.DEFAULT_CONFIGS, 'dynamited', 'config.yml') shutil.copy(dynamited_config_path, os.path.join(self.configuration_directory, 'config.yml')) except Exception as e: self.logger.error('Failed to install dynamited config.yml.') self.logger.debug("Failed to install dynamited config.yml; {}".format(e)) raise dynamited_exceptions.InstallDynamiteDaemonError( "Failed to install dynamited config.yml; {}".format(e)) try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise dynamited_exceptions.InstallDynamiteDaemonError("Could not find systemctl.") self.logger.info("Installing dynamited systemd Service.") if not sysctl.install_and_enable(os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'dynamited.service')): raise dynamited_exceptions.InstallDynamiteDaemonError("Failed to install dynamited systemd service.") try: with open(env_file) as env_f: env_f_text = env_f.read() if 'DYNAMITED_INSTALL' not in env_f_text: self.logger.info('Updating dynamited default install path [{}]'.format(self.install_directory)) subprocess.call('echo DYNAMITED_INSTALL="{}" >> {}'.format(self.install_directory, env_file), shell=True) if 'DYNAMITED_CONFIG' not in env_f_text: self.logger.info('Updating dynamited default config path [{}]'.format(self.configuration_directory)) subprocess.call('echo DYNAMITED_CONFIG="{}" >> {}'.format(self.configuration_directory, env_file), shell=True) if 'DYNAMITED_LOGS' not in env_f_text: self.logger.info('Updating dynamited default log path [{}]'.format(self.log_directory)) subprocess.call('echo DYNAMITED_LOGS="{}" >> {}'.format(self.log_directory, env_file), shell=True) except Exception as e: self.logger.error("General error occurred while attempting to install dynamited.") self.logger.debug("General error occurred while attempting to install dynamited; {}".format(e)) raise dynamited_exceptions.InstallDynamiteDaemonError( "General error occurred while attempting to install FileBeat; {}".format(e))
def setup_suricata(self): """ Setup Suricata IDS with AF_PACKET support """ env_file = os.path.join(const.CONFIG_PATH, 'environment') self._copy_suricata_files_and_directories() self._configure_and_compile_suricata() try: with open(env_file) as env_f: if 'SURICATA_HOME' not in env_f.read(): self.logger.info('Updating Suricata default home path [{}]'.format(self.install_directory)) subprocess.call('echo SURICATA_HOME="{}" >> {}'.format(self.install_directory, env_file), shell=True) if 'SURICATA_CONFIG' not in env_f.read(): self.logger.info('Updating Suricata default config path [{}]'.format(self.configuration_directory)) subprocess.call('echo SURICATA_CONFIG="{}" >> {}'.format( self.configuration_directory, env_file), shell=True) except IOError: self.logger.error("Failed to open {} for reading.".format(env_file)) raise suricata_exceptions.InstallSuricataError( "Failed to open {} for reading.".format(env_file)) except Exception as e: self.logger.error("General error while creating environment variables in {}.".format(env_file)) self.logger.debug("General error while creating environment variables in {}; {}".format(env_file, e)) raise suricata_exceptions.InstallSuricataError( "General error while creating environment variables in {}; {}".format(env_file, e)) try: config = suricata_configs.ConfigManager(self.configuration_directory) except suricata_exceptions.ReadsSuricataConfigError: self.logger.error("Failed to read Suricata configuration.") raise suricata_exceptions.InstallSuricataError("Failed to read Suricata configuration.") config.af_packet_interfaces = [] for interface in self.capture_network_interfaces: config.add_afpacket_interface(interface, threads='auto', cluster_id=99) try: config.write_config() except suricata_exceptions.WriteSuricataConfigError: self.logger.error("Failed to write Suricata configuration.") suricata_exceptions.InstallSuricataError("Could not write Suricata configurations.") try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise suricata_exceptions.InstallSuricataError("Could not find systemctl.") self.logger.info("Installing Suricata systemd Service.") if not sysctl.install_and_enable(os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'suricata.service')): raise suricata_exceptions.InstallSuricataError("Failed to install Suricata systemd service.")
def setup_elasticsearch(self): """ Create required directories, files, and variables to run ElasticSearch successfully; Setup Java environment """ self._create_elasticsearch_directories() self._copy_elasticsearch_files_and_directories() self._create_elasticsearch_environment_variables() self._setup_default_elasticsearch_configs() self._update_sysctl() try: utilities.set_ownership_of_file(self.configuration_directory, user='******', group='dynamite') utilities.set_ownership_of_file(self.install_directory, user='******', group='dynamite') utilities.set_ownership_of_file(self.log_directory, user='******', group='dynamite') except Exception as e: self.logger.error( "General error occurred while attempting to set permissions on root directories." ) self.logger.debug( "General error occurred while attempting to set permissions on root directories; {}" .format(e)) raise elastic_exceptions.InstallElasticsearchError( "General error occurred while attempting to set permissions on root directories; {}" .format(e)) try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise elastic_exceptions.InstallElasticsearchError( "Could not find systemctl.") self.logger.info("Installing ElasticSearch systemd Service.") if not sysctl.install_and_enable( os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'elasticsearch.service')): raise elastic_exceptions.InstallElasticsearchError( "Failed to install ElasticSearch systemd service.") self.setup_passwords()
def setup_kibana(self): """ Create required directories, files, and variables to run ElasticSearch successfully; """ try: pacman = package_manager.OSPackageManager(stdout=self.stdout, verbose=self.verbose) except general_exceptions.InvalidOsPackageManagerDetectedError: self.logger.error("No valid OS package manager detected.") raise kibana_exceptions.InstallKibanaError("No valid OS package manager detected.") try: pacman.refresh_package_indexes() pacman.install_packages(['curl']) except (general_exceptions.OsPackageManagerInstallError, general_exceptions.OsPackageManagerRefreshError): self.logger.error("Failed to install one or more packages; {}".format(["curl"])) raise kibana_exceptions.InstallKibanaError("Failed to install one or more packages; {}".format(["curl"])) self._create_kibana_directories() self._copy_kibana_files_and_directories() self._create_kibana_environment_variables() self._setup_default_kibana_configs() try: utilities.set_ownership_of_file(self.configuration_directory, user='******', group='dynamite') utilities.set_ownership_of_file(self.install_directory, user='******', group='dynamite') utilities.set_ownership_of_file(self.log_directory, user='******', group='dynamite') except Exception as e: self.logger.error("General error occurred while attempting to set permissions on root directories.") self.logger.debug( "General error occurred while attempting to set permissions on root directories; {}".format(e)) raise kibana_exceptions.InstallKibanaError( "General error occurred while attempting to set permissions on root directories; {}".format(e)) try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise kibana_exceptions.InstallKibanaError("Could not find systemctl.") self.logger.info("Installing Kibana systemd Service.") if not sysctl.install_and_enable(os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'kibana.service')): raise kibana_exceptions.InstallKibanaError("Failed to install Kibana systemd service.") self._install_kibana_objects()
def uninstall_zeek(prompt_user=True, stdout=True, verbose=False): """ Uninstall Zeek :param prompt_user: Print a warning before continuing :param stdout: Print the output to console :param verbose: Include detailed debug messages """ log_level = logging.INFO if verbose: log_level = logging.DEBUG logger = get_logger('ZEEK', level=log_level, stdout=stdout) logger.info("Uninstalling Zeek.") env_file = os.path.join(const.CONFIG_PATH, 'environment') environment_variables = utilities.get_environment_file_dict() zeek_profiler = zeek_profile.ProcessProfiler() if not zeek_profiler.is_installed(): logger.error("Zeek is not installed. Cannot uninstall.") raise zeek_exceptions.UninstallZeekError("Zeek is not installed.") if prompt_user: sys.stderr.write('\n\033[93m[-] WARNING! Removing Zeek Will Remove Critical Agent Functionality.\033[0m\n') resp = utilities.prompt_input('\033[93m[?] Are you sure you wish to continue? ([no]|yes): \033[0m') while resp not in ['', 'no', 'yes']: resp = utilities.prompt_input('\033[93m[?] Are you sure you wish to continue? ([no]|yes): \033[0m') if resp != 'yes': if stdout: sys.stdout.write('\n[+] Exiting\n') exit(0) if zeek_profiler.is_running(): try: zeek_process.ProcessManager().stop() except zeek_exceptions.CallZeekProcessError as e: logger.error("Could not kill Zeek process. Cannot uninstall.") logger.debug("Could not kill Zeek process. Cannot uninstall; {}".format(e)) raise zeek_exceptions.UninstallZeekError("Could not kill Zeek process; {}".format(e)) install_directory = environment_variables.get('ZEEK_HOME') config_directory = environment_variables.get('ZEEK_SCRIPTS') try: with open(env_file) as env_fr: env_lines = '' for line in env_fr.readlines(): if 'ZEEK_HOME' in line: continue elif 'ZEEK_SCRIPTS' in line: continue elif 'PF_RING_HOME' in line: continue elif line.strip() == '': continue env_lines += line.strip() + '\n' with open(env_file, 'w') as env_fw: env_fw.write(env_lines) if zeek_profiler.is_installed(): shutil.rmtree(install_directory, ignore_errors=True) shutil.rmtree(config_directory, ignore_errors=True) except Exception as e: logger.error("General error occurred while attempting to uninstall Zeek.") logger.debug("General error occurred while attempting to uninstall Zeek; {}".format(e)) raise zeek_exceptions.UninstallZeekError( "General error occurred while attempting to uninstall Zeek; {}".format(e)) try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise zeek_exceptions.UninstallZeekError("Could not find systemctl.") sysctl.uninstall_and_disable('zeek')
def setup_zeek(self): """ Setup Zeek NSM with PF_RING support """ env_file = os.path.join(const.CONFIG_PATH, 'environment') self.logger.info('Creating Zeek installation, configuration and logging directories.') try: utilities.makedirs(self.install_directory, exist_ok=True) utilities.makedirs(self.configuration_directory, exist_ok=True) except Exception as e: self.logger.error('General error occurred while attempting to create root directories.') self.logger.debug("General error occurred while attempting to create root directories; {}".format(e)) raise zeek_exceptions.InstallZeekError( "General error occurred while attempting to create root directories; {}".format(e)) self.logger.info('Compiling Zeek from source. This can take up to 30 minutes.') if self.stdout: utilities.print_coffee_art() time.sleep(1) self.logger.info('Configuring Zeek.') if self.verbose: zeek_config_p = subprocess.Popen('./configure --prefix={} --scriptdir={} --enable-jemalloc'.format( self.install_directory, self.configuration_directory), shell=True, cwd=os.path.join(const.INSTALL_CACHE, const.ZEEK_DIRECTORY_NAME)) else: zeek_config_p = subprocess.Popen('./configure --prefix={} --scriptdir={} --enable-jemalloc'.format( self.install_directory, self.configuration_directory), shell=True, cwd=os.path.join(const.INSTALL_CACHE, const.ZEEK_DIRECTORY_NAME), stdout=subprocess.PIPE, stderr=subprocess.PIPE) try: zeek_config_p.communicate() except Exception as e: self.logger.error("General error occurred while configuring Zeek.") self.logger.debug("General error occurred while configuring Zeek; {}".format(e)) raise zeek_exceptions.InstallZeekError( "General error occurred while configuring Zeek; {}".format(e)) if zeek_config_p.returncode != 0: self.logger.error( "Zeek configuration process returned non-zero; exit-code: {}".format(zeek_config_p.returncode)) raise zeek_exceptions.InstallZeekError( "Zeek configuration process returned non-zero; exit-code: {}".format(zeek_config_p.returncode)) time.sleep(1) self.logger.info("Compiling Zeek.") if utilities.get_cpu_core_count() > 1: parallel_threads = utilities.get_cpu_core_count() - 1 else: parallel_threads = 1 if self.verbose: compile_zeek_process = subprocess.Popen('make -j {}; make install'.format(parallel_threads), shell=True, cwd=os.path.join(const.INSTALL_CACHE, const.ZEEK_DIRECTORY_NAME)) try: compile_zeek_process.communicate() except Exception as e: self.logger.error("General error occurred while compiling Zeek.") self.logger.debug("General error occurred while compiling Zeek; {}".format(e)) raise zeek_exceptions.InstallZeekError( "General error occurred while compiling Zeek; {}".format(e)) compile_zeek_return_code = compile_zeek_process.returncode else: compile_zeek_process = subprocess.Popen('make -j {}; make install'.format(parallel_threads), shell=True, cwd=os.path.join(const.INSTALL_CACHE, const.ZEEK_DIRECTORY_NAME), stdout=subprocess.PIPE, stderr=subprocess.PIPE) try: compile_zeek_return_code = utilities.run_subprocess_with_status(compile_zeek_process, expected_lines=6779) except Exception as e: self.logger.error("General error occurred while compiling Zeek.") self.logger.debug("General error occurred while compiling Zeek; {}".format(e)) raise zeek_exceptions.InstallZeekError( "General error occurred while compiling Zeek; {}".format(e)) if compile_zeek_return_code != 0: self.logger.error( "Failed to compile Zeek from source; error code: {}; run with --verbose flag for more info.".format( compile_zeek_return_code)) raise zeek_exceptions.InstallZeekError( "Zeek compilation process returned non-zero; exit-code: {}".format(compile_zeek_return_code)) try: with open(env_file) as env_f: if 'ZEEK_HOME' not in env_f.read(): self.logger.info('Updating Zeek default home path [{}]'.format(self.install_directory)) subprocess.call('echo ZEEK_HOME="{}" >> {}'.format(self.install_directory, env_file), shell=True) if 'ZEEK_SCRIPTS' not in env_f.read(): self.logger.info('Updating Zeek default script path [{}]'.format(self.configuration_directory)) subprocess.call('echo ZEEK_SCRIPTS="{}" >> {}'.format(self.configuration_directory, env_file), shell=True) except IOError as e: self.logger.error("Failed to open {} for reading.".format(env_file)) self.logger.debug("Failed to open {} for reading; {}".format(env_file, e)) raise zeek_exceptions.InstallZeekError( "Failed to open {} for reading; {}".format(env_file, e)) except Exception as e: self.logger.error("General error while creating environment variables in {}.".format(env_file)) self.logger.debug("General error while creating environment variables in {}; {}".format(env_file, e)) raise zeek_exceptions.InstallZeekError( "General error while creating environment variables in {}; {}".format(env_file, e)) self.logger.info("Overwriting Zeek node.cfg file with our changes.") try: shutil.copy(os.path.join(const.DEFAULT_CONFIGS, 'zeek', 'broctl-nodes.cfg'), os.path.join(self.install_directory, 'etc', 'node.cfg')) shutil.copy(os.path.join(const.DEFAULT_CONFIGS, 'zeek', 'local.zeek'), os.path.join(self.configuration_directory, 'site', 'local.zeek')) except Exception as e: self.logger.error("General error occurred while copying default Zeek configurations.") self.logger.debug("General error occurred while copying default Zeek configurations; {}".format(e)) raise zeek_exceptions.InstallZeekError( "General error occurred while copying default Zeek configurations; {}".format(e)) try: node_config = zeek_configs.NodeConfigManager(self.install_directory) except zeek_exceptions.ReadsZeekConfigError: self.logger.error("An error occurred while reading Zeek configurations.") raise zeek_exceptions.InstallZeekError("An error occurred while reading Zeek configurations.") # Clear out pre-set workers. for key in list(node_config.node_config): if node_config.node_config[key]['type'] == 'worker': del node_config.node_config[key] # Calculate new workers. for worker in node_config.get_optimal_zeek_worker_config(self.capture_network_interfaces, stdout=self.stdout, verbose=self.verbose): node_config.add_worker(name=worker['name'], host=worker['host'], interface=worker['interface'], lb_procs=worker['lb_procs'], pin_cpus=worker['pinned_cpus'] ) try: node_config.write_config() except zeek_exceptions.WriteZeekConfigError: self.logger.error("An error occurred while writing Zeek configurations.") raise zeek_exceptions.InstallZeekError("An error occurred while writing Zeek configurations.") try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise zeek_exceptions.InstallZeekError("Could not find systemctl.") self.logger.info("Installing Zeek systemd service.") if not sysctl.install_and_enable(os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'zeek.service')): raise zeek_exceptions.InstallZeekError("Failed to install Zeek systemd service.")
def setup_filebeat(self): """ Creates necessary directory structure, and copies required files, generates a default configuration """ env_file = os.path.join(const.CONFIG_PATH, 'environment') self.logger.info('Creating FileBeat install directory.') utilities.makedirs(self.install_directory, exist_ok=True) self.logger.info('Copying FileBeat to install directory.') try: utilities.copytree( os.path.join(const.INSTALL_CACHE, const.FILE_BEAT_DIRECTORY_NAME), self.install_directory) shutil.copy( os.path.join(const.DEFAULT_CONFIGS, 'filebeat', 'filebeat.yml'), self.install_directory) except Exception as e: self.logger.error( "General error occurred while copying Filebeat configs.") self.logger.debug( "General error occurred while copying Filebeat configs; {}". format(e)) raise filebeat_exceptions.InstallFilebeatError( "General error occurred while copying Filebeat configs; {}". format(e)) self.logger.info("Building configurations and setting up permissions.") try: beats_config = filebeat_configs.ConfigManager( self.install_directory) except filebeat_exceptions.ReadFilebeatConfigError: self.logger.error("Failed to read Filebeat configuration.") raise filebeat_exceptions.InstallFilebeatError( "Failed to read Filebeat configuration.") beats_config.set_monitor_target_paths(self.monitor_paths) beats_config.set_agent_tag(self.agent_tag) if (self.kafka_password or self.kafka_username) and not self.kafka_topic: self.logger.error( "You have specified Kafka config options without specifying a Kafka topic." ) raise filebeat_exceptions.InstallFilebeatError( "You have specified Kafka config options without specifying a Kafka topic." ) if self.kafka_topic: self.logger.warning( "You have enabled the Agent's Kafka output which does integrate natively with Dynamite " "Monitor/LogStash component. You will have to bring your own broker. Happy Hacking!" ) time.sleep(2) beats_config.set_kafka_targets(target_hosts=self.targets, topic=self.kafka_topic, username=self.kafka_username, password=self.kafka_password) # setup example upstream LogStash example, just in case you want to configure later beats_config.set_logstash_targets(target_hosts=['localhost:5601']) beats_config.enable_kafka_output() else: # setup example upstream Kafka example, just in case you want to configure later beats_config.set_kafka_targets(target_hosts=['localhost:9092'], topic='dynamite-nsm-events') beats_config.enable_logstash_output() beats_config.set_logstash_targets(self.targets) try: beats_config.write_config() except filebeat_exceptions.WriteFilebeatConfigError: self.logger.error("Failed to write filebeat configuration.") raise filebeat_exceptions.InstallFilebeatError( "Failed to write filebeat configuration.") try: utilities.set_permissions_of_file(os.path.join( self.install_directory, 'filebeat.yml'), unix_permissions_integer=501) except Exception as e: self.logger.error( "Failed to set permissions of filebeat.yml file.") self.logger.debug( "Failed to set permissions of filebeat.yml file; {}".format(e)) filebeat_exceptions.InstallFilebeatError( "Failed to set permissions of filebeat.yml file; {}".format(e)) try: with open(env_file) as env_f: if 'FILEBEAT_HOME' not in env_f.read(): self.logger.info( 'Updating FileBeat default script path [{}]'.format( self.install_directory)) subprocess.call('echo FILEBEAT_HOME="{}" >> {}'.format( self.install_directory, env_file), shell=True) except Exception as e: self.logger.error( "General error occurred while attempting to install FileBeat.") self.logger.debug( "General error occurred while attempting to install FileBeat; {}" .format(e)) raise filebeat_exceptions.InstallFilebeatError( "General error occurred while attempting to install FileBeat; {}" .format(e)) try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise filebeat_exceptions.InstallFilebeatError( "Could not find systemctl.") self.logger.info("Installing Filebeat systemd service.") if not sysctl.install_and_enable( os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'filebeat.service')): raise filebeat_exceptions.InstallFilebeatError( "Failed to install Filebeat systemd service.") sysctl.install_and_enable( os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'dynamite-agent.target')) zeek_logs = None zeek_home = self.environ.get('ZEEK_HOME') suricata_logs = os.path.join(const.LOG_PATH, 'suricata') if zeek_home: zeek_logs = os.path.join(zeek_home, 'logs', 'current') try: self.logger.info('Patching Zeek/Suricata modules.') beats_config.patch_modules(zeek_log_directory=zeek_logs, suricata_log_directory=suricata_logs) except filebeat_exceptions.WriteFilebeatModuleError: self.logger.error('Could not patch Zeek/Suricata modules.') raise filebeat_exceptions.InstallFilebeatError( "Could not patch Zeek/Suricata modules.")
def uninstall_dynamited(prompt_user=True, stdout=True, verbose=False): """ Uninstall dynamited :param prompt_user: Print a warning before continuing :param stdout: Print the output to console :param verbose: Include detailed debug messages """ log_level = logging.INFO if verbose: log_level = logging.DEBUG logger = get_logger('DYNAMITED', level=log_level, stdout=stdout) env_file = os.path.join(const.CONFIG_PATH, 'environment') environment_variables = utilities.get_environment_file_dict() dynamited_profiler = dynamited_profile.ProcessProfiler() if not dynamited_profiler.is_installed(): raise dynamited_exceptions.UninstallDynamiteDaemonError("dynamited is not installed.") if prompt_user: sys.stderr.write( '\n\033[93m[-] WARNING! Removing dynamited will disable various performance metric gathering from ' 'occurring.\033[0m\n') resp = utilities.prompt_input('\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m ') while resp not in ['', 'no', 'yes']: resp = utilities.prompt_input('\n\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m ') if resp != 'yes': if stdout: sys.stdout.write('\n[+] Exiting\n') exit(0) if dynamited_profiler.is_running(): dynamited_process.ProcessManager().stop() try: shutil.rmtree(environment_variables['DYNAMITED_LOGS']) shutil.rmtree(environment_variables['DYNAMITED_INSTALL']) shutil.rmtree(environment_variables['DYNAMITED_CONFIG']) shutil.rmtree(const.INSTALL_CACHE, ignore_errors=True) env_lines = '' with open(env_file) as env_fr: for line in env_fr.readlines(): if 'DYNAMITED_LOGS' in line: continue elif 'DYNAMITED_INSTALL' in line: continue elif 'DYNAMITED_CONFIG' in line: continue elif line.strip() == '': continue env_lines += line.strip() + '\n' with open(env_file, 'w') as env_fw: env_fw.write(env_lines) except Exception as e: logger.error("General error occurred while attempting to uninstall dynamited.".format(e)) logger.debug("General error occurred while attempting to uninstall dynamited; {}".format(e)) raise dynamited_exceptions.UninstallDynamiteDaemonError( "General error occurred while attempting to uninstall dynamited; {}".format(e)) try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise dynamited_exceptions.UninstallDynamiteDaemonError("Could not find systemctl.") sysctl.uninstall_and_disable('dynamited')
def uninstall_logstash(prompt_user=True, stdout=True, verbose=False): """ Install Logstash with ElastiFlow & Synesis :param prompt_user: Print a warning before continuing :param stdout: Print the output to console :param verbose: Include detailed debug messages """ log_level = logging.INFO if verbose: log_level = logging.DEBUG logger = get_logger('LOGSTASH', level=log_level, stdout=stdout) env_file = os.path.join(const.CONFIG_PATH, 'environment') environment_variables = utilities.get_environment_file_dict() configuration_directory = environment_variables.get('LS_PATH_CONF') ls_profiler = logstash_profile.ProcessProfiler() ls_config = logstash_config.ConfigManager( configuration_directory=configuration_directory) if not ls_profiler.is_installed(): logger.error('LogStash is not installed.') raise logstash_exceptions.UninstallLogstashError( "LogStash is not installed.") if prompt_user: sys.stderr.write( '\n\033[93m[-] WARNING! Removing Logstash Will Prevent ElasticSearch From Receiving Events.\033[0m\n' ) resp = utilities.prompt_input( '\n\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m ' ) while resp not in ['', 'no', 'yes']: resp = utilities.prompt_input( '\033[93m[?] Are you sure you wish to continue? ([no]|yes): \033[0m' ) if resp != 'yes': if stdout: sys.stdout.write('\n[+] Exiting\n') exit(0) if ls_profiler.is_running(): logstash_process.ProcessManager().stop() try: shutil.rmtree(ls_config.ls_path_conf) shutil.rmtree(ls_config.ls_home) shutil.rmtree(ls_config.path_logs) shutil.rmtree(const.INSTALL_CACHE, ignore_errors=True) env_lines = '' with open(env_file) as env_fr: for line in env_fr.readlines(): if 'LS_PATH_CONF' in line: continue elif 'LS_HOME' in line: continue elif 'LS_LOGS' in line: continue elif 'ELASTIFLOW_' in line: continue elif 'SYNLITE_' in line: continue elif 'ES_PASSWD' in line: continue elif line.strip() == '': continue env_lines += line.strip() + '\n' with open(env_file, 'w') as env_fw: env_fw.write(env_lines) except Exception as e: logger.error( "General error occurred while attempting to uninstall LogStash.". format(e)) logger.debug( "General error occurred while attempting to uninstall LogStash; {}" .format(e)) raise logstash_exceptions.UninstallLogstashError( "General error occurred while attempting to uninstall LogStash; {}" .format(e)) try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise logstash_exceptions.UninstallLogstashError( "Could not find systemctl.") sysctl.uninstall_and_disable('logstash')
def setup_logstash(self): """ Create required directories, files, and variables to run LogStash successfully; """ self._create_logstash_directories() self._copy_logstash_files_and_directories() self._create_logstash_environment_variables() self._setup_default_logstash_configs() self._update_sysctl() self._setup_elastiflow() self._setup_synesis() self._install_logstash_plugins() try: shutil.copy( os.path.join(const.DEFAULT_CONFIGS, 'logstash', 'pipelines.yml'), os.path.join(self.configuration_directory, 'pipelines.yml')) except Exception as e: raise logstash_exceptions.InstallLogstashError( "General error while copying pipeline.yml file; {}".format(e)) try: utilities.makedirs(self.install_directory, exist_ok=True) utilities.makedirs(self.configuration_directory, exist_ok=True) utilities.makedirs(self.log_directory, exist_ok=True) except Exception as e: raise logstash_exceptions.InstallLogstashError( "General error occurred while attempting to create root directories; {}" .format(e)) try: utilities.set_ownership_of_file(self.configuration_directory, user='******', group='dynamite') utilities.set_ownership_of_file(self.install_directory, user='******', group='dynamite') utilities.set_ownership_of_file(self.log_directory, user='******', group='dynamite') except Exception as e: self.logger.error( "General error occurred while attempting to set permissions on root directories." ) self.logger.debug( "General error occurred while attempting to set permissions on root directories; {}" .format(e)) raise logstash_exceptions.InstallLogstashError( "General error occurred while attempting to set permissions on root directories; {}" .format(e)) try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise logstash_exceptions.InstallLogstashError( "Could not find systemctl.") self.logger.info("Installing LogStash systemd Service.") if not sysctl.install_and_enable( os.path.join(const.DEFAULT_CONFIGS, 'systemd', 'logstash.service')): raise logstash_exceptions.InstallLogstashError( "Failed to install LogStash systemd service.")
def uninstall_kibana(prompt_user=True, stdout=True, verbose=False): """ Uninstall Kibana/ElastiFlow/Synesis Dashboards :param prompt_user: Print a warning before continuing :param stdout: Print the output to console :param verbose: Include detailed debug messages """ log_level = logging.INFO if verbose: log_level = logging.DEBUG logger = get_logger('KIBANA', level=log_level, stdout=stdout) env_file = os.path.join(const.CONFIG_PATH, 'environment') environment_variables = utilities.get_environment_file_dict() kb_profiler = kibana_profile.ProcessProfiler() if not kb_profiler.is_installed(): raise kibana_exceptions.UninstallKibanaError("Kibana is not installed.") configuration_directory = environment_variables.get('KIBANA_PATH_CONF') kb_config = kibana_configs.ConfigManager(configuration_directory) if prompt_user: sys.stderr.write( '\n\033[93m[-] WARNING! Removing Kibana will uninstall all visualizations and saved searches previously ' 'created.\033[0m\n') resp = utilities.prompt_input('\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m ') while resp not in ['', 'no', 'yes']: resp = utilities.prompt_input('\n\033[93m[?] Are you sure you wish to continue? ([no]|yes):\033[0m ') if resp != 'yes': if stdout: sys.stdout.write('\n[+] Exiting\n') exit(0) if kb_profiler.is_running(): kibana_process.ProcessManager().stop() try: shutil.rmtree(kb_config.kibana_path_conf) shutil.rmtree(kb_config.kibana_home) shutil.rmtree(kb_config.kibana_logs) shutil.rmtree(const.INSTALL_CACHE, ignore_errors=True) env_lines = '' with open(env_file) as env_fr: for line in env_fr.readlines(): if 'KIBANA_PATH_CONF' in line: continue elif 'KIBANA_HOME' in line: continue elif 'KIBANA_LOGS' in line: continue elif line.strip() == '': continue env_lines += line.strip() + '\n' with open(env_file, 'w') as env_fw: env_fw.write(env_lines) except Exception as e: logger.error("General error occurred while attempting to uninstall Kibana.".format(e)) logger.debug("General error occurred while attempting to uninstall Kibana; {}".format(e)) raise kibana_exceptions.UninstallKibanaError( "General error occurred while attempting to uninstall kibana; {}".format(e)) try: sysctl = systemctl.SystemCtl() except general_exceptions.CallProcessError: raise kibana_exceptions.UninstallKibanaError("Could not find systemctl.") sysctl.uninstall_and_disable('kibana')