def initialize_db(): os.umask(0) if not os.path.exists(VFENSE_TMP_PATH): os.mkdir(VFENSE_TMP_PATH, 0755) if not os.path.exists(RETHINK_CONF): subprocess.Popen(['ln', '-s', RETHINK_SOURCE_CONF, RETHINK_CONF], ) if not os.path.exists('/var/lib/rethinkdb/vFense'): os.makedirs('/var/lib/rethinkdb/vFense') subprocess.Popen([ 'chown', '-R', 'rethinkdb.rethinkdb', '/var/lib/rethinkdb/vFense' ], ) if not os.path.exists(VFENSE_LOG_PATH): os.mkdir(VFENSE_LOG_PATH, 0755) if not os.path.exists(VFENSE_SCHEDULER_PATH): os.mkdir(VFENSE_SCHEDULER_PATH, 0755) if not os.path.exists(VFENSE_APP_PATH): os.mkdir(VFENSE_APP_PATH, 0755) if not os.path.exists(VFENSE_APP_TMP_PATH): os.mkdir(VFENSE_APP_TMP_PATH, 0775) if not os.path.exists(os.path.join(VFENSE_VULN_PATH, 'windows/data/xls')): os.makedirs(os.path.join(VFENSE_VULN_PATH, 'windows/data/xls'), 0755) if not os.path.exists(os.path.join(VFENSE_VULN_PATH, 'cve/data/xml')): os.makedirs(os.path.join(VFENSE_VULN_PATH, 'cve/data/xml'), 0755) if not os.path.exists(os.path.join(VFENSE_VULN_PATH, 'ubuntu/data/html')): os.makedirs(os.path.join(VFENSE_VULN_PATH, 'ubuntu/data/html'), 0755) if get_distro() in DEBIAN_DISTROS: subprocess.Popen(['update-rc.d', 'vFense', 'defaults'], ) if not os.path.exists('/etc/init.d/vFense'): subprocess.Popen([ 'ln', '-s', os.path.join(VFENSE_BASE_SRC_PATH, 'daemon/vFense'), VFENSE_INIT_D ], ) if get_distro() in REDHAT_DISTROS: if os.path.exists('/usr/bin/rqworker'): subprocess.Popen( ['ln', '-s', '/usr/bin/rqworker', '/usr/local/bin/rqworker'], ) if os.path.exists(get_sheduler_location()): subprocess.Popen([ 'patch', '-N', get_sheduler_location(), os.path.join(VFENSE_CONF_PATH, 'patches/scheduler.patch') ], ) try: tp_exists = pwd.getpwnam('vfense') except Exception as e: if get_distro() in DEBIAN_DISTROS: subprocess.Popen([ 'adduser', '--disabled-password', '--gecos', '', 'vfense', ], ) elif get_distro() in REDHAT_DISTROS: subprocess.Popen([ 'useradd', 'vfense', ], ) rethink_start = subprocess.Popen(['service', 'rethinkdb', 'start']) while not db_connect(): print 'Sleeping until rethink starts' sleep(2) completed = True if completed: conn = db_connect() r.db_create('vFense').run(conn) db = r.db('vFense') conn.close() ci.initialize_indexes_and_create_tables() conn = db_connect() default_customer = Customer(DefaultCustomers.DEFAULT, server_queue_ttl=args.queue_ttl, package_download_url=url) customers.create_customer(default_customer, init=True) group_data = group.create_group(DefaultGroups.ADMIN, DefaultCustomers.DEFAULT, [Permissions.ADMINISTRATOR]) admin_group_id = group_data['generated_ids'] user.create_user( DefaultUsers.ADMIN, 'vFense Admin Account', args.admin_password, admin_group_id, DefaultCustomers.DEFAULT, '', ) print 'Admin username = admin' print 'Admin password = %s' % (args.admin_password) agent_pass = generate_pass() while not check_password(agent_pass)[0]: agent_pass = generate_pass() user.create_user( DefaultUsers.AGENT, 'vFense Agent Communication Account', agent_pass, admin_group_id, DefaultCustomers.DEFAULT, '', ) print 'Agent api user = agent_api' print 'Agent password = %s' % (agent_pass) monit.monit_initialization() if args.cve_data: print "Updating CVE's..." load_up_all_xml_into_db() print "Done Updating CVE's..." print "Updating Microsoft Security Bulletin Ids..." parse_bulletin_and_updatedb() print "Done Updating Microsoft Security Bulletin Ids..." print "Updating Ubuntu Security Bulletin Ids...( This can take a couple of minutes )" begin_usn_home_page_processing(full_parse=True) print "Done Updating Ubuntu Security Bulletin Ids..." conn.close() completed = True msg = 'Rethink Initialization and Table creation is now complete' #rethink_stop = subprocess.Popen(['service', 'rethinkdb','stop']) rql_msg = 'Rethink stopped successfully\n' return completed, msg else: completed = False msg = 'Failed during Rethink startup process' return completed, msg
help='ssl certificate to use, default is to use server.key') parser.add_argument('--cve-data', dest='cve_data', action='store_true', help='Initialize CVE data. This is the default.') parser.add_argument( '--no-cve-data', dest='cve_data', action='store_false', help='Not to initialize CVE data. This is for testing purposes.') parser.set_defaults(cve_data=True) args = parser.parse_args() if args.admin_password: password_validated = check_password(args.admin_password) if not password_validated[0]: print( 'Password failed to meet the minimum requirements.\n' + 'Uppercase, Lowercase, Numeric, Special ' + 'and a minimum of 8 characters.\nYour password: %s is %s' % (args.admin_password, password_validated[1])) sys.exit(1) if args.queue_ttl: args.queue_ttl = int(args.queue_ttl) if args.queue_ttl < 2: args.queue_ttl = 10 if args.dns_name: url = 'https://%s/packages/' % (args.dns_name)
def initialize_db(): os.umask(0) if not os.path.exists(VFENSE_TMP_PATH): os.mkdir(VFENSE_TMP_PATH, 0755) if not os.path.exists(RETHINK_CONF): subprocess.Popen(["ln", "-s", RETHINK_SOURCE_CONF, RETHINK_CONF]) if not os.path.exists("/var/lib/rethinkdb/vFense"): os.makedirs("/var/lib/rethinkdb/vFense") subprocess.Popen(["chown", "-R", "rethinkdb.rethinkdb", "/var/lib/rethinkdb/vFense"]) if not os.path.exists(VFENSE_LOG_PATH): os.mkdir(VFENSE_LOG_PATH, 0755) if not os.path.exists(VFENSE_SCHEDULER_PATH): os.mkdir(VFENSE_SCHEDULER_PATH, 0755) if not os.path.exists(VFENSE_APP_PATH): os.mkdir(VFENSE_APP_PATH, 0755) if not os.path.exists(VFENSE_APP_TMP_PATH): os.mkdir(VFENSE_APP_TMP_PATH, 0775) if not os.path.exists(os.path.join(VFENSE_VULN_PATH, "windows/data/xls")): os.makedirs(os.path.join(VFENSE_VULN_PATH, "windows/data/xls"), 0755) if not os.path.exists(os.path.join(VFENSE_VULN_PATH, "cve/data/xml")): os.makedirs(os.path.join(VFENSE_VULN_PATH, "cve/data/xml"), 0755) if not os.path.exists(os.path.join(VFENSE_VULN_PATH, "ubuntu/data/html")): os.makedirs(os.path.join(VFENSE_VULN_PATH, "ubuntu/data/html"), 0755) if get_distro() in DEBIAN_DISTROS: subprocess.Popen(["update-rc.d", "vFense", "defaults"]) if not os.path.exists("/etc/init.d/vFense"): subprocess.Popen(["ln", "-s", os.path.join(VFENSE_BASE_SRC_PATH, "daemon/vFense"), VFENSE_INIT_D]) if get_distro() in REDHAT_DISTROS: if os.path.exists("/usr/bin/rqworker"): subprocess.Popen(["ln", "-s", "/usr/bin/rqworker", "/usr/local/bin/rqworker"]) if os.path.exists(get_sheduler_location()): subprocess.Popen( ["patch", "-N", get_sheduler_location(), os.path.join(VFENSE_CONF_PATH, "patches/scheduler.patch")] ) try: tp_exists = pwd.getpwnam("vfense") except Exception as e: if get_distro() in DEBIAN_DISTROS: subprocess.Popen(["adduser", "--disabled-password", "--gecos", "", "vfense"]) elif get_distro() in REDHAT_DISTROS: subprocess.Popen(["useradd", "vfense"]) rethink_start = subprocess.Popen(["service", "rethinkdb", "start"]) while not db_connect(): print "Sleeping until rethink starts" sleep(2) completed = True if completed: conn = db_connect() r.db_create("vFense").run(conn) db = r.db("vFense") conn.close() ci.initialize_indexes_and_create_tables() conn = db_connect() default_customer = Customer(DefaultCustomers.DEFAULT, server_queue_ttl=args.queue_ttl, package_download_url=url) customers.create_customer(default_customer, init=True) group_data = group.create_group(DefaultGroups.ADMIN, DefaultCustomers.DEFAULT, [Permissions.ADMINISTRATOR]) admin_group_id = group_data["generated_ids"] user.create_user( DefaultUsers.ADMIN, "vFense Admin Account", args.admin_password, admin_group_id, DefaultCustomers.DEFAULT, "", ) print "Admin username = admin" print "Admin password = %s" % (args.admin_password) agent_pass = generate_pass() while not check_password(agent_pass)[0]: agent_pass = generate_pass() user.create_user( DefaultUsers.AGENT, "vFense Agent Communication Account", agent_pass, admin_group_id, DefaultCustomers.DEFAULT, "", ) print "Agent api user = agent_api" print "Agent password = %s" % (agent_pass) monit.monit_initialization() if args.cve_data: print "Updating CVE's..." load_up_all_xml_into_db() print "Done Updating CVE's..." print "Updating Microsoft Security Bulletin Ids..." parse_bulletin_and_updatedb() print "Done Updating Microsoft Security Bulletin Ids..." print "Updating Ubuntu Security Bulletin Ids...( This can take a couple of minutes )" begin_usn_home_page_processing(full_parse=True) print "Done Updating Ubuntu Security Bulletin Ids..." conn.close() completed = True msg = "Rethink Initialization and Table creation is now complete" # rethink_stop = subprocess.Popen(['service', 'rethinkdb','stop']) rql_msg = "Rethink stopped successfully\n" return completed, msg else: completed = False msg = "Failed during Rethink startup process" return completed, msg
) parser.add_argument( "--cve-data", dest="cve_data", action="store_true", help="Initialize CVE data. This is the default." ) parser.add_argument( "--no-cve-data", dest="cve_data", action="store_false", help="Not to initialize CVE data. This is for testing purposes.", ) parser.set_defaults(cve_data=True) args = parser.parse_args() if args.admin_password: password_validated = check_password(args.admin_password) if not password_validated[0]: print ( "Password failed to meet the minimum requirements.\n" + "Uppercase, Lowercase, Numeric, Special " + "and a minimum of 8 characters.\nYour password: %s is %s" % (args.admin_password, password_validated[1]) ) sys.exit(1) if args.queue_ttl: args.queue_ttl = int(args.queue_ttl) if args.queue_ttl < 2: args.queue_ttl = 10 if args.dns_name: url = "https://%s/packages/" % (args.dns_name)
def create_user( username, fullname, password, group_ids, customer_name, email, enabled=CommonKeys.YES, user_name=None, uri=None, method=None ): """Add a new user into vFense Args: username (str): The name of the user you are creating. fullname (str): The full name of the user you are creating. password (str): The unencrypted password of the user. group_ids (list): List of vFense group ids to add the user too. customer_name (str): The customer, this user will be part of. email (str): Email address of the user. enabled (str): yes or no Default=no Kwargs: user_name (str): The name of the user who called this function. uri (str): The uri that was used to call this function. method (str): The HTTP methos that was used to call this function. Basic Usage: >>> from vFense.user.users import create_user >>> username = '******' >>> fullname = 'testing 4 life' >>> password = '******' >>> group_ids = ['8757b79c-7321-4446-8882-65457f28c78b'] >>> customer_name = 'default' >>> email = '*****@*****.**' >>> enabled = 'yes' >>> create_user( username, fullname, password, group_ids, customer_name, email, enabled ) Return: Dictionary of the status of the operation. { 'uri': None, 'rv_status_code': 1010, 'http_method': None, 'http_status': 200, 'message': 'None - create user testing123 was created', 'data': { 'current_customer': 'default', 'full_name': 'tester4life', 'default_customer': 'default', 'password': '******', 'user_name': 'testing123', 'enabled': 'yes', 'email': '*****@*****.**' } } """ user_exist = get_user(username) pass_strength = check_password(password) status = create_user.func_name + ' - ' generated_ids = [] generic_status_code = 0 vfense_status_code = 0 user_data = ( { UserKeys.CurrentCustomer: customer_name, UserKeys.DefaultCustomer: customer_name, UserKeys.FullName: fullname, UserKeys.UserName: username, UserKeys.Enabled: enabled, UserKeys.Email: email } ) if enabled != CommonKeys.YES or enabled != CommonKeys.NO: enabled = CommonKeys.NO valid_user_name = ( re.search('([A-Za-z0-9_-]{1,24})', username) ) valid_user_length = ( len(username) <= DefaultStringLength.USER_NAME ) try: if (not user_exist and pass_strength[0] and valid_user_length and valid_user_name): encrypted_password = Crypto().hash_bcrypt(password) user_data[UserKeys.Password] = encrypted_password customer_is_valid = get_customer(customer_name) validated_groups, _, invalid_groups = validate_group_ids( group_ids, customer_name ) if customer_is_valid and validated_groups: object_status, _, _, generated_ids = ( insert_user(user_data) ) generated_ids.append(username) add_user_to_customers( username, [customer_name], user_name, uri, method ) add_user_to_groups( username, customer_name, group_ids, user_name, uri, method ) if object_status == DbCodes.Inserted: msg = 'user name %s created' % (username) generic_status_code = GenericCodes.ObjectCreated vfense_status_code = UserCodes.UserCreated user_data.pop(UserKeys.Password) elif not customer_is_valid and validated_groups: msg = 'customer name %s does not exist' % (customer_name) object_status = DbCodes.Skipped generic_status_code = GenericCodes.InvalidId vfense_status_code = CustomerFailureCodes.CustomerDoesNotExist elif not validated_groups and customer_is_valid: msg = 'group ids %s does not exist' % (invalid_groups) object_status = DbCodes.Skipped generic_status_code = GenericCodes.InvalidId vfense_status_code = GroupFailureCodes.InvalidGroupId else: group_error = ( 'group ids %s does not exist' % (invalid_groups) ) customer_error = ( 'customer name %s does not exist' % (customer_name) ) msg = group_error + ' and ' + customer_error object_status = DbCodes.Errors generic_status_code = GenericFailureCodes.FailedToCreateObject vfense_status_code = UserFailureCodes.FailedToCreateUser elif user_exist: msg = 'username %s already exists' % (username) object_status = GenericCodes.ObjectExists generic_status_code = GenericCodes.ObjectExists vfense_status_code = UserFailureCodes.UserNameExists elif not pass_strength[0]: msg = ( 'password does not meet the min requirements: strength=%s' % (pass_strength[1]) ) object_status = GenericFailureCodes.FailedToCreateObject generic_status_code = GenericFailureCodes.FailedToCreateObject vfense_status_code = UserFailureCodes.WeakPassword elif not valid_user_name or not valid_user_length: status_code = DbCodes.Errors msg = ( 'user name is not within the 24 character range '+ 'or contains unsupported characters :%s' % (username) ) generic_status_code = GenericCodes.InvalidId vfense_status_code = UserFailureCodes.InvalidUserName results = { ApiResultKeys.DB_STATUS_CODE: object_status, ApiResultKeys.GENERIC_STATUS_CODE: generic_status_code, ApiResultKeys.VFENSE_STATUS_CODE: vfense_status_code, ApiResultKeys.MESSAGE: status + msg, ApiResultKeys.GENERATED_IDS: generated_ids, ApiResultKeys.DATA: [user_data], ApiResultKeys.USERNAME: user_name, ApiResultKeys.URI: uri, ApiResultKeys.HTTP_METHOD: method } except Exception as e: logger.exception(e) msg = 'Failed to create user %s: %s' % (username, str(e)) status_code = DbCodes.Errors generic_status_code = GenericFailureCodes.FailedToCreateObject vfense_status_code = UserFailureCodes.FailedToCreateUser results = { ApiResultKeys.DB_STATUS_CODE: status_code, ApiResultKeys.GENERIC_STATUS_CODE: generic_status_code, ApiResultKeys.VFENSE_STATUS_CODE: vfense_status_code, ApiResultKeys.MESSAGE: status + msg, ApiResultKeys.GENERATED_IDS: [], ApiResultKeys.DATA: [user_data], ApiResultKeys.USERNAME: user_name, ApiResultKeys.URI: uri, ApiResultKeys.HTTP_METHOD: method } return(results)
def change_password( username, password, new_password, user_name=None, uri=None, method=None ): """Change password for a user. Args: username (str): The name of the user you are deleteing. password (str): Original password. new_password (str): New password. Kwargs: user_name (str): The name of the user who called this function. uri (str): The uri that was used to call this function. method (str): The HTTP methos that was used to call this function. Return: Dictionary of the status of the operation. { 'uri': None, 'rv_status_code': 1008, 'http_method': None, 'http_status': 200, 'message': 'None - change_password - Password changed for user admin - admin was updated', 'data': [] } """ user_exist = get_user(username, without_fields=None) status = change_password.func_name + ' - ' try: generic_status_code = 0 vfense_status_code = 0 if user_exist: pass_strength = check_password(new_password) original_encrypted_password = user_exist[UserKeys.Password].encode('utf-8') original_password_verified = ( Crypto().verify_bcrypt_hash(password, original_encrypted_password) ) encrypted_new_password = Crypto().hash_bcrypt(new_password) new_password_verified_against_orignal_password = ( Crypto().verify_bcrypt_hash(new_password, original_encrypted_password) ) if (original_password_verified and pass_strength[0] and not new_password_verified_against_orignal_password): user_data = {UserKeys.Password: encrypted_new_password} object_status, _, _, _ = ( update_user(username, user_data) ) if object_status == DbCodes.Replaced: msg = 'Password changed for user %s - ' % (username) generic_status_code = GenericCodes.ObjectUpdated vfense_status_code = UserCodes.PasswordChanged elif new_password_verified_against_orignal_password: msg = 'New password is the same as the original - user %s - ' % (username) object_status = DbCodes.Unchanged generic_status_code = GenericFailureCodes.FailedToUpdateObject vfense_status_code = UserFailureCodes.NewPasswordSameAsOld elif original_password_verified and not pass_strength[0]: msg = 'New password is to weak for user %s - ' % (username) object_status = DbCodes.Unchanged generic_status_code = GenericFailureCodes.FailedToUpdateObject vfense_status_code = UserFailureCodes.WeakPassword elif not original_password_verified: msg = 'Password not verified for user %s - ' % (username) object_status = DbCodes.Unchanged generic_status_code = GenericFailureCodes.FailedToUpdateObject vfense_status_code = UserFailureCodes.InvalidPassword results = { ApiResultKeys.DB_STATUS_CODE: object_status, ApiResultKeys.GENERIC_STATUS_CODE: generic_status_code, ApiResultKeys.VFENSE_STATUS_CODE: vfense_status_code, ApiResultKeys.UPDATED_IDS: [username], ApiResultKeys.MESSAGE: status + msg, ApiResultKeys.DATA: [], ApiResultKeys.USERNAME: user_name, ApiResultKeys.URI: uri, ApiResultKeys.HTTP_METHOD: method } else: msg = 'User %s does not exist - ' % (username) object_status = DbCodes.Skipped generic_status_code = GenericCodes.InvalidId vfense_status_code = UserFailureCodes.UserNameDoesNotExist results = { ApiResultKeys.DB_STATUS_CODE: object_status, ApiResultKeys.GENERIC_STATUS_CODE: generic_status_code, ApiResultKeys.VFENSE_STATUS_CODE: vfense_status_code, ApiResultKeys.MESSAGE: status + msg, ApiResultKeys.DATA: [], ApiResultKeys.USERNAME: user_name, ApiResultKeys.URI: uri, ApiResultKeys.HTTP_METHOD: method } except Exception as e: logger.exception(e) status_code = DbCodes.Errors generic_status_code = GenericFailureCodes.FailedToUpdateObject vfense_status_code = UserFailureCodes.FailedToUpdateUser msg = 'Failed to update password for user %s: %s' % (username, str(e)) results = { ApiResultKeys.DB_STATUS_CODE: status_code, ApiResultKeys.GENERIC_STATUS_CODE: generic_status_code, ApiResultKeys.VFENSE_STATUS_CODE: vfense_status_code, ApiResultKeys.MESSAGE: status + msg, ApiResultKeys.DATA: [], ApiResultKeys.USERNAME: user_name, ApiResultKeys.URI: uri, ApiResultKeys.HTTP_METHOD: method } return(results)