def __init__(self, request_rec):
"""
Zabbix API インスタンスを返す
[引数]
request_rec: 対象ZABBIX監視マスタレコード
"""
self.request_id = 1
self.host = request_rec.hostname
self.protocol = request_rec.protocol
self.port = request_rec.port
self.auth_token = None
req_pw = request_rec.password
cipher = AESCipher(settings.AES_KEY)
decrypted_password = cipher.decrypt(req_pw)
try:
result = self._request('user.login', {
'user': request_rec.username,
'password': decrypted_password
})
except Exception as e:
# ログインできなかった場合は上位で処理
logger.system_log('LOSM25000', 'Zabbix Login error.')
raise
if self._has_error(result):
logger.system_log('LOSM25000', 'GetResponse error.')
raise Exception('login response has an error')
self.auth_token = result.get('result')
def _protect(self):
"""
[メソッド概要]
Tablesシート全体の処理
"""
# パスワードを取得して復号
password = System.objects.get(config_id='PROTECTION_PW').value
cipher = AESCipher(settings.AES_KEY)
password = cipher.decrypt(password)
# パスワードをセット
self.tables_ws.protection.password = password
self.example_ws.protection.password = password
self.lists_ws.protection.password = password
# シートを保護する
self.tables_ws.protection.enable()
self.example_ws.protection.enable()
self.lists_ws.protection.enable()
# 特定のセルの保護を解除
self.tables_ws.protection.formatColumns = False
self.tables_ws.protection.formatRows = False
unprotection = Protection(locked=False, hidden=False)
for c in range(1, 3 + self.len_condition + self.len_act):
for r in range(12, 19):
self.tables_ws.cell(row=r, column=c).protection = unprotection
# 折り畳む
self.tables_ws.row_dimensions.group(2, 10, hidden=True)
def _get_system_confs(self):
"""
[概要]
AD認証に必要なシステム設定取得
"""
self.__logger.logic_log('LOSI00001', os.path.abspath(__file__), sys._getframe().f_code.co_name, None)
system_confs = System.objects.filter(category='ACTIVE_DIRECTORY').values('config_id', 'value')
system_confs_dict = {key_value['config_id']: key_value['value'] for key_value in system_confs}
# AccessPointのカンマ区切り文字列を、分割して配列化
tmp_hosts = system_confs_dict['ACCESS_POINT']
hosts = [host_str.strip() for host_str in tmp_hosts.split(',')]
system_confs_dict['hosts'] = hosts
# Group情報の文字列をkey-value化
tmp_groups = system_confs_dict['TARGET_GROUP_LIST']
groups_list = ast.literal_eval(tmp_groups)
groups_dict = {}
for g in groups_list:
groups_dict.update(g)
system_confs_dict['groups'] = groups_dict
# パスワードの暗号化解除
cipher = AESCipher(settings.AES_KEY)
tmp_password = system_confs_dict['ADMINISTRATOR_PW']
system_confs_dict['ADMINISTRATOR_PW'] = cipher.decrypt(tmp_password)
self.__logger.logic_log('LOSI00002', '')
return system_confs_dict
def get_info_list(cls, user_groups):
try:
ita_driver_obj_list = ItaDriver.objects.all()
except Exception as e:
# ここでの例外は大外で拾う
raise
protocol_dict = cls.get_define()['dict']
permission_list = cls.get_permission(ita_driver_obj_list)
editable_ids = cls.get_driver_ids(ita_driver_obj_list, user_groups, [
defs.ALLOWED_MENTENANCE,
])
ref_ids = cls.get_driver_ids(ita_driver_obj_list, user_groups,
[defs.ALLOWED_MENTENANCE, defs.VIEW_ONLY])
ita_driver_dto_list = []
cipher = AESCipher(settings.AES_KEY)
for ita_obj in ita_driver_obj_list:
if ita_obj.ita_driver_id not in ref_ids:
continue
ita_info = ita_obj.__dict__
ita_info['password'] = cipher.decrypt(ita_obj.password)
ita_info['protocol_str'] = protocol_dict[ita_obj.protocol]
ita_info[
'editable'] = True if ita_obj.ita_driver_id in editable_ids else False
ita_info['permission'] = permission_list[ita_obj.ita_driver_id] if ita_obj.ita_driver_id in permission_list else []
ita_driver_dto_list.append(ita_info)
return ita_driver_dto_list
def get_info_list(self, request):
protocol_dict = self.get_define()['dict']
rule_type_data_obj_dict = get_rule_type_data_obj_dict(request)
try:
zabbix_adapter_obj_list = ZabbixAdapter.objects.filter(
rule_type_id__in=rule_type_data_obj_dict.keys())
except Exception as e:
# ここでの例外は大外で拾う
raise
zabbix_adapter_dto_list = []
cipher = AESCipher(settings.AES_KEY)
for zabbix_obj in zabbix_adapter_obj_list:
zabbix_info = zabbix_obj.__dict__
if zabbix_obj.password:
zabbix_info['password'] = cipher.decrypt(zabbix_obj.password)
zabbix_info['protocol_str'] = protocol_dict[
zabbix_obj.protocol]
zabbix_info['editable'] = rule_type_data_obj_dict[
zabbix_obj.rule_type_id]['editable']
zabbix_info['active'] = rule_type_data_obj_dict[
zabbix_obj.rule_type_id]['active']
if zabbix_info['active']:
zabbix_info['rule_type_name'] = rule_type_data_obj_dict[
zabbix_obj.rule_type_id]['rule_type_name']
zmi_list = []
# 突合情報取得
try:
zmi_list = list(
ZabbixMatchInfo.objects.filter(
zabbix_adapter_id=zabbix_obj.zabbix_adapter_id).
values('data_object_id', 'zabbix_response_key'))
except Exception as e:
# ここでの例外は大外で拾う
raise
zabbix_info['match_list'] = {
str(match_info['data_object_id']):
match_info['zabbix_response_key']
for match_info in zmi_list
}
else:
zabbix_info['rule_type_id'] = -1
zabbix_info['rule_type_name'] = ""
zabbix_info['match_list'] = {}
zabbix_adapter_dto_list.append(zabbix_info)
return zabbix_adapter_dto_list
def set_ary_ita_config(self):
"""
ary_ita_configの設定
"""
cipher = AESCipher(settings.AES_KEY)
password = cipher.decrypt(self.ita_driver.password)
self.ary_ita_config['Protocol'] = self.ita_driver.protocol
self.ary_ita_config['Host'] = self.ita_driver.hostname
self.ary_ita_config['PortNo'] = self.ita_driver.port
self.ary_ita_config['user'] = self.ita_driver.username
self.ary_ita_config['password'] = password
self.ary_ita_config['menuID'] = '2100000303'
def get_info_list(cls):
try:
ita_driver_obj_list = ItaDriver.objects.all()
except Exception as e:
# ここでの例外は大外で拾う
raise
protocol_dict = cls.get_define()['dict']
ita_driver_dto_list = []
cipher = AESCipher(settings.AES_KEY)
for ita_obj in ita_driver_obj_list:
ita_info = ita_obj.__dict__
ita_info['password'] = cipher.decrypt(ita_obj.password)
ita_info['protocol_str'] = protocol_dict[ita_obj.protocol]
ita_driver_dto_list.append(ita_info)
return ita_driver_dto_list
def get_info_list(cls):
try:
mail_driver_obj_list = MailDriver.objects.all()
except Exception as e:
# ここでの例外は大外で拾う
raise
protocol_dict = cls.get_define()['dict']
mail_driver_dto_list = []
cipher = AESCipher(settings.AES_KEY)
for mail_obj in mail_driver_obj_list:
mail_info = mail_obj.__dict__
if mail_obj.password:
mail_info['password'] = cipher.decrypt(mail_obj.password)
mail_info['protocol_str'] = protocol_dict[mail_obj.protocol]
mail_driver_dto_list.append(mail_info)
return mail_driver_dto_list
def __init__(self, drv_info, user_name, now=None):
"""
[概要]
コンストラクタ
[引数]
drv_info : dict : ITAアクション設定
"""
cipher = AESCipher(settings.AES_KEY)
self.now = now if now else datetime.datetime.now()
self.user_name = user_name
self.drv_id = drv_info['ita_driver_id']
self.ita_config = {}
self.ita_config['Protocol'] = drv_info['protocol']
self.ita_config['Host'] = drv_info['hostname']
self.ita_config['PortNo'] = drv_info['port']
self.ita_config['user'] = drv_info['username']
self.ita_config['password'] = cipher.decrypt(drv_info['password'])
self.ita_config['menuID'] = ''
self.ita_core = ITA1Core('TOS_Backyard_ParameterSheetMenuManager', 0, 0, 0)
def edit(request):
"""
[メソッド概要]
システム設定ページの一覧画面
"""
logger.logic_log('LOSI00001', 'None', request=request)
msg = ''
system_log_list = []
system_session_list = []
system_password_list = []
system_actdir_list = []
system_targro_list = []
output_flag = 0
pass_flag = 0
permission_type = request.user_config.get_menu_auth_type(MENU_ID)
edit = True if permission_type == defs.ALLOWED_MENTENANCE else False
try:
# システム設定情報取得
system_list = System.objects.filter(
maintenance_flag='1').order_by('item_id')
# システム設定情報作成
for s in system_list:
system_info = {
'item_id': s.item_id,
'config_name': s.config_name,
'category': s.category,
'config_id': s.config_id,
'value': s.value,
'maintenance_flag': s.maintenance_flag,
}
if s.category == "LOG_STORAGE_PERIOD":
system_log_list.append(system_info)
elif s.category == "SESSION_TIMEOUT":
system_session_list.append(system_info)
elif s.category == "PASSWORD":
system_password_list.append(system_info)
elif s.category == "ACTIVE_DIRECTORY":
if s.config_id == "TARGET_GROUP_LIST" and s.value:
system_targro_list = ast.literal_eval(s.value)
# パスワード復号化
if s.config_id == "ADMINISTRATOR_PW" and s.value is not None and len(
s.value) > 0:
cipher = AESCipher(settings.AES_KEY)
s.value = cipher.decrypt(s.value)
# 復号化されたパスワードに更新
system_info['value'] = s.value
system_actdir_list.append(system_info)
if s.config_id == "ADCOLLABORATION" and s.value == '1':
output_flag = 1
if request.user.user_id not in (1, -2140000000):
pass_flag = 1
except:
msg = get_message('MOSJA22016', request.user.get_lang_mode())
logger.logic_log('LOSI00005', traceback.format_exc(), request=request)
logger.system_log('LOSM09001', request=request)
data = {
'mainmenu_list': request.user_config.get_menu_list(),
'user_name': request.user.user_name,
'msg': msg,
'edit': edit,
'system_log_list': system_log_list,
'system_session_list': system_session_list,
'system_password_list': system_password_list,
'system_actdir_list': system_actdir_list,
'system_targro_list': system_targro_list,
'output_flag': output_flag,
'pass_flag': pass_flag,
'disabled_flag': settings.DISABLE_WHITE_BLACK_LIST,
'lang_mode': request.user.get_lang_mode(),
}
logger.logic_log('LOSI00002',
'msg:%s, edit:%s, output:%s, pass:%s' %
(msg, edit, output_flag, pass_flag),
request=request)
return render(request, 'system/system_conf_edit.html', data)
from libs.commonlibs.dt_component import DecisionTableComponent
from libs.commonlibs.aes_cipher import AESCipher
from libs.webcommonlibs.oase_mail import OASEMailSMTP, OASEMailUnknownEventNotify
urllib3.disable_warnings(InsecureRequestWarning)
ssl._create_default_https_context = ssl._create_unverified_context
# --------------------------------
# コンフィグファイル読み込み設定
# --------------------------------
rset = list(
System.objects.filter(category='DMSETTINGS').values('config_id', 'value'))
dmconf = {r['config_id']: r['value'] for r in rset}
# パスワードを復号
cipher = AESCipher(settings.AES_KEY)
dmconf['DM_PASSWD'] = cipher.decrypt(dmconf['DM_PASSWD'])
# --------------------------------
# 負荷テスト設定
# --------------------------------
ENABLE_LOAD_TEST = getattr(settings, 'ENABLE_LOAD_TEST', False)
if ENABLE_LOAD_TEST:
import logging
loadtest_logger = logging.getLogger('oase_agent')
#ホスト名 コンフィグファイルに移動すべきか?
MAX_WORKER = 5
class ActUtil:
"""
def _validate(self, rq, error_msg, request, mode):
"""
[概要]
入力チェック
[引数]
rq: dict リクエストされた入力データ
error_msg: dict
[戻り値]
"""
logger.logic_log('LOSI00001',
'data: %s, error_msg:%s' % (rq, error_msg))
error_flag = False
emo_chk = UnicodeCheck()
emo_flag_zabbix_disp_name = False
emo_flag_hostname = False
rule_type_id_error_flag = False
lang = request.user.get_lang_mode()
# zabbix_disp_name未入力チェック
if len(rq['zabbix_disp_name']) == 0:
error_flag = True
error_msg['zabbix_disp_name'] += get_message('MOSJA26102',
lang) + '\n'
logger.user_log('LOSM07001', 'zabbix_disp_name', request=request)
# zabbix_disp_name長さチェック
if len(rq['zabbix_disp_name']) > 64:
error_flag = True
error_msg['zabbix_disp_name'] += get_message('MOSJA26103',
lang) + '\n'
logger.user_log('LOSM07002',
'zabbix_disp_name',
64,
rq['zabbix_disp_name'],
request=request)
# zabbix_disp_name絵文字使用チェック
value_list = emo_chk.is_emotion(rq['zabbix_disp_name'])
if len(value_list) > 0:
error_flag = True
emo_flag_zabbix_disp_name = True
error_msg['zabbix_disp_name'] += get_message('MOSJA26104',
lang) + '\n'
logger.user_log('LOSM07008',
rq['zabbix_disp_name'],
request=request)
# protocol未入力チェック
if len(rq['protocol']) == 0:
error_flag = True
error_msg['protocol'] += get_message('MOSJA26105', lang) + '\n'
logger.user_log('LOSM07001', 'protocol', request=request)
# protocol長さチェック
if len(rq['protocol']) > 64:
error_flag = True
error_msg['protocol'] += get_message('MOSJA26106', lang) + '\n'
logger.user_log('LOSM07002',
'protocol',
64,
rq['protocol'],
request=request)
# hostname未入力チェック
if len(rq['hostname']) == 0:
error_flag = True
error_msg['hostname'] += get_message('MOSJA26107', lang) + '\n'
logger.user_log('LOSM07001', 'hostname', request=request)
# hostname長さチェック
if len(rq['hostname']) > 128:
error_flag = True
error_msg['hostname'] += get_message('MOSJA26108', lang) + '\n'
logger.user_log('LOSM07002',
'hostname',
128,
rq['hostname'],
request=request)
# hostname絵文字使用チェック
value_list = emo_chk.is_emotion(rq['hostname'])
if len(value_list) > 0:
error_flag = True
emo_flag_hostname = True
error_msg['hostname'] += get_message('MOSJA26109', lang) + '\n'
logger.user_log('LOSM07008', rq['hostname'], request=request)
# port未入力チェック
if len(rq['port']) == 0:
error_flag = True
error_msg['port'] += get_message('MOSJA26110', lang) + '\n'
logger.user_log('LOSM07001', 'port', request=request)
# port長さチェック
try:
tmp_port = int(rq['port'])
if 0 > tmp_port or tmp_port > 65535:
error_flag = True
error_msg['port'] += get_message('MOSJA26111', lang) + '\n'
logger.user_log('LOSM07003',
'port',
rq['port'],
request=request)
except ValueError:
error_flag = True
error_msg['port'] += get_message('MOSJA26111', lang) + '\n'
logger.user_log('LOSM07003', 'port', rq['port'], request=request)
# username未入力チェック
if len(rq['username']) == 0:
error_flag = True
error_msg['username'] += get_message('MOSJA26112', lang) + '\n'
logger.user_log('LOSM07001', 'username', request=request)
# username長さチェック
if len(rq['username']) > 64:
error_flag = True
error_msg['username'] += get_message('MOSJA26113', lang) + '\n'
logger.user_log('LOSM07002',
'username',
64,
rq['username'],
request=request)
# username絵文字使用チェック
value_list = emo_chk.is_emotion(rq['username'])
if len(value_list) > 0:
error_flag = True
error_msg['username'] += get_message('MOSJA26114', lang) + '\n'
logger.user_log('LOSM07008', rq['username'], request=request)
# password未入力チェック
if len(rq['password']) == 0:
error_flag = True
error_msg['password'] += get_message('MOSJA26115', lang) + '\n'
logger.user_log('LOSM07001', 'password', request=request)
# password長さチェック
# 追加の場合
if rq['zabbix_adapter_id'] == '0':
if len(rq['password']) > 64:
error_flag = True
error_msg['password'] += get_message('MOSJA26116', lang) + '\n'
logger.user_log('LOSM07002',
'password',
64,
rq['password'],
request=request)
# password絵文字使用チェック
value_list = emo_chk.is_emotion(rq['password'])
if len(value_list) > 0:
error_flag = True
error_msg['password'] += get_message('MOSJA26117', lang) + '\n'
logger.user_log('LOSM07008', rq['password'], request=request)
# 変更の場合
else:
old_password = ZabbixAdapter.objects.get(
zabbix_adapter_id=rq['zabbix_adapter_id']).password
# パスワード復号
cipher = AESCipher(settings.AES_KEY)
old_password_dec = cipher.decrypt(old_password)
if old_password != rq['password']:
if len(rq['password']) > 64:
error_flag = True
error_msg['password'] += get_message('MOSJA26116',
lang) + '\n'
logger.user_log('LOSM07002',
'password',
64,
rq['password'],
request=request)
# password絵文字使用チェック
value_list = emo_chk.is_emotion(rq['password'])
if len(value_list) > 0:
error_flag = True
error_msg['password'] += get_message('MOSJA26117',
lang) + '\n'
logger.user_log('LOSM07008',
rq['password'],
request=request)
# rule_type_id未入力チェック
if len(rq['rule_type_id']) == 0:
error_flag = True
rule_type_id_error_flag = True
error_msg['rule_type_id'] += get_message('MOSJA26118', lang) + '\n'
logger.user_log('LOSM07001', 'rule_type_id', request=request)
# rule_type_id存在チェック
else:
check_rule_id = RuleType.objects.filter(
rule_type_id=rq['rule_type_id'])
if len(check_rule_id) < 1:
error_flag = True
rule_type_id_error_flag = True
error_msg['rule_type_id'] += get_message('MOSJA26119',
lang) + '\n'
logger.user_log('LOSM07001', 'rule_type_id', request=request)
if not rule_type_id_error_flag:
# 突合情報存在チェック
# 条件名の数を取得
do_list = DataObject.objects.filter(
rule_type_id=rq['rule_type_id']).values_list('data_object_id',
flat=True)
# Zabbix項目チェック
for data_object_id, zabbix_response_key in rq['match_list'].items(
):
id_name = 'zabbix-' + data_object_id
error_msg.setdefault(id_name, '')
# 条件名とZabbix項目の数があっているかチェック
if len(do_list) != len(rq['match_list'].keys()):
error_flag = True
error_msg[id_name] += get_message(
'MOSJA26121', request.user.get_lang_mode()) + '\n'
logger.user_log('LOSM07007',
len(do_list),
len(rq['match_list'].items()),
request=request)
if len(zabbix_response_key) == 0:
error_flag = True
error_msg[id_name] += get_message('MOSJA26122',
lang) + '\n'
logger.user_log('LOSM07001',
'zabbix_response_key',
request=request)
if len(zabbix_response_key) > 32:
error_flag = True
error_msg[id_name] += get_message('MOSJA26128',
lang) + '\n'
logger.user_log('LOSM07002',
'zabbix_response_key',
32,
zabbix_response_key,
request=request)
# Zabbix項目絵文字使用チェック
value_list = emo_chk.is_emotion(zabbix_response_key)
if len(value_list) > 0:
error_flag = True
error_msg[id_name] += get_message('MOSJA26123',
lang) + '\n'
logger.user_log('LOSM07008',
rq['zabbix_disp_name'],
request=request)
# 使用可能名チェック
if zabbix_response_key not in ZABBIX_ITEMS:
error_flag = True
error_msg[id_name] += get_message('MOSJA26147',
lang) + '\n'
logger.user_log('LOSM07009',
rq['zabbix_disp_name'],
request=request)
# zabbix_disp_name重複チェック
if not emo_flag_zabbix_disp_name:
duplication = ZabbixAdapter.objects.filter(
zabbix_disp_name=rq['zabbix_disp_name'])
if len(duplication) == 1 and int(
rq['zabbix_adapter_id']
) != duplication[0].zabbix_adapter_id:
error_flag = True
error_msg['zabbix_disp_name'] += get_message(
'MOSJA26124', lang) + '\n'
logger.user_log('LOSM07004',
'zabbix_disp_name',
rq['zabbix_disp_name'],
request=request)
# hostname重複チェック
if not emo_flag_hostname:
duplication = ZabbixAdapter.objects.filter(
hostname=rq['hostname'], rule_type_id=rq['rule_type_id'])
# ホスト名重複かつルール種別名が同一の場合
if len(duplication) == 1 and int(
rq['zabbix_adapter_id']
) != duplication[0].zabbix_adapter_id:
error_flag = True
error_msg['hostname'] += get_message(
'MOSJA26125', request.user.get_lang_mode()) + '\n'
logger.user_log('LOSM07004',
'hostname',
rq['hostname'],
request=request)
# 疎通確認
if not error_flag:
resp_code = -1
try:
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
resp_code = sock.connect_ex(
(rq['hostname'],
int(rq['port']))) # host名名前解決が必要/etc/hostsとか
sock.close()
except:
pass
if resp_code != 0:
error_flag = True
error_msg['hostname'] += get_message('MOSJA26126', lang) + '\n'
logger.user_log('LOSM07005',
rq['hostname'],
rq['port'],
request=request)
logger.logic_log('LOSI00002', 'return: %s' % error_flag)
return error_flag