def get_agent_groups(group_list=None, offset=0, limit=None, sort=None, search=None, hash_algorithm='md5'): """Gets the existing groups. :param group_list: List of Group names. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort: Fields to sort the items by. :param search: Text to search. :param hash_algorithm: hash algorithm used to get mergedsum and configsum. :return: AffectedItemsWazuhResult. """ affected_groups = list() result = AffectedItemsWazuhResult( all_msg='All selected groups information was returned', some_msg='Some groups information was not returned', none_msg='No group information was returned') if group_list: # Add failed items for invalid_group in set(group_list) - get_groups(): result.add_failed_item(id_=invalid_group, error=WazuhResourceNotFound(1710)) rbac_filters = get_rbac_filters(system_resources=get_groups(), permitted_resources=group_list) group_query = WazuhDBQueryGroup(offset=offset, limit=limit, sort=sort, search=search, **rbac_filters) query_data = group_query.run() for group in query_data['items']: full_entry = path.join(common.shared_path, group['name']) # merged.mg and agent.conf sum merged_sum = get_hash(path.join(full_entry, "merged.mg"), hash_algorithm) conf_sum = get_hash(path.join(full_entry, "agent.conf"), hash_algorithm) if merged_sum: group['mergedSum'] = merged_sum if conf_sum: group['configSum'] = conf_sum affected_groups.append(group) result.affected_items = affected_groups result.total_affected_items = query_data['totalItems'] return result
def remove_agents_from_group(agent_list=None, group_list=None): """Remove a list of agents assignment from a specified group. :param agent_list: List of agents ID's. :param group_list: List of Group names. :return: AffectedItemsWazuhResult. """ group_id = group_list[0] result = AffectedItemsWazuhResult( all_msg=f'All selected agents were removed from group {group_id}', some_msg=f'Some agents were not removed from group {group_id}', none_msg=f'No agent was removed from group {group_id}') system_groups = get_groups() system_agents = get_agents_info() # Check if group exists if group_id not in system_groups: raise WazuhResourceNotFound(1710) for agent_id in agent_list: try: if agent_id == '000': raise WazuhError(1703) elif agent_id not in system_agents: raise WazuhResourceNotFound(1701) Agent.unset_single_group_agent(agent_id=agent_id, group_id=group_id, force=True) result.affected_items.append(agent_id) except WazuhException as e: result.add_failed_item(id_=agent_id, error=e) result.total_affected_items = len(result.affected_items) result.affected_items.sort(key=int) return result
def get_agents_in_group(group_list, offset=0, limit=common.database_limit, sort=None, search=None, select=None, filters=None, q=None): """Gets a list of available agents with basic attributes. :param group_list: Group ID. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}. :param select: Select fields to return. Format: {"fields":["field1","field2"]}. :param search: Looks for items with the specified string. Format: {"fields": ["field1","field2"]}. :param filters: Defines required field filters. Format: {"field1":"value1", "field2":["value2","value3"]}. :param q: Defines query to filter in DB. :return: AffectedItemsWazuhResult. """ system_groups = get_groups() if group_list[0] not in system_groups: raise WazuhResourceNotFound(1710) q = 'group=' + group_list[0] + (';' + q if q else '') return get_agents(offset=offset, limit=limit, sort=sort, search=search, select=select, filters=filters, q=q)
def delete_groups(group_list=None): """Delete a list of groups and remove it from every agent assignments. :param group_list: List of Group names. :return: AffectedItemsWazuhResult. """ result = AffectedItemsWazuhResult(all_msg='All selected groups were deleted', some_msg='Some groups were not deleted', none_msg='No group was deleted') system_groups = get_groups() for group_id in group_list: try: # Check if group exists if group_id not in system_groups: raise WazuhResourceNotFound(1710) elif group_id == 'default': raise WazuhError(1712) agent_list = [agent['id'] for agent in WazuhDBQueryMultigroups(group_id=group_id, limit=None).run()['items']] try: affected_agents_result = remove_agents_from_group(agent_list=agent_list, group_list=[group_id]) if affected_agents_result.total_failed_items != 0: raise WazuhError(4015) except WazuhError: raise WazuhError(4015) Agent.delete_single_group(group_id) affected_agents_result.affected_items.sort(key=int) result.affected_items.append({group_id: affected_agents_result.affected_items}) except WazuhException as e: result.add_failed_item(id_=group_id, error=e) result.affected_items.sort(key=lambda x: next(iter(x))) result.total_affected_items = len(result.affected_items) return result
def _expand_resource(resource): """This function expand a specified resource depending of its type. Parameters ---------- resource : str Resource to be expanded Returns ------- str Result of the resource expansion. """ name, attribute, value = resource.split(':') resource_type = ':'.join([name, attribute]) # This is the special case, expand_group can receive * or the name of the group. That's why it' s always called if resource_type == 'agent:group': return expand_group(value) # We need to transform the wildcard * to the resource of the system if value == '*': if resource_type == 'agent:id': return get_agents_info() elif resource_type == 'group:id': return get_groups() elif resource_type == 'role:id': with RolesManager() as rm: roles = rm.get_roles() return {str(role_id.id) for role_id in roles} elif resource_type == 'policy:id': with PoliciesManager() as pm: policies = pm.get_policies() return {str(policy_id.id) for policy_id in policies} elif resource_type == 'user:id': users_system = set() with AuthenticationManager() as auth: users = auth.get_users() for user in users: users_system.add(str(user['user_id'])) return users_system elif resource_type == 'rule:id': with RulesManager() as rum: rules = rum.get_rules() return {str(rule_id.id) for rule_id in rules} elif resource_type == 'rule:file': return expand_rules() elif resource_type == 'decoder:file': return expand_decoders() elif resource_type == 'list:file': return expand_lists() elif resource_type == 'node:id': return set(cluster_nodes.get()) elif resource_type == '*:*': # Resourceless return {'*'} return set() # We return the value casted to set else: return {value}
def remove_agent_from_group(group_list=None, agent_list=None): """Removes an agent assignment from a specified group. :param group_list: List of Group names. :param agent_list: List of Agent IDs. :return: Confirmation message. """ group_id = group_list[0] agent_id = agent_list[0] # Check if agent and group exist and it is not 000 if agent_id not in get_agents_info(): raise WazuhResourceNotFound(1701) if agent_id == '000': raise WazuhError(1703) if group_id not in get_groups(): raise WazuhResourceNotFound(1710) return WazuhResult({'message': Agent.unset_single_group_agent(agent_id=agent_id, group_id=group_id, force=True)})
def delete_groups(group_list=None): """Delete a list of groups and remove it from every agent assignments. :param group_list: List of Group names. :return: AffectedItemsWazuhResult. """ result = AffectedItemsWazuhResult( all_msg='All selected groups were deleted', some_msg='Some groups were not deleted', none_msg='No group was deleted') affected_agents = set() system_groups = get_groups() for group_id in group_list: try: # Check if group exists if group_id not in system_groups: raise WazuhError(1710) if group_id == 'default': raise WazuhError(1712) agent_list = list( map( operator.itemgetter('id'), WazuhDBQueryMultigroups(group_id=group_id, limit=None).run()['items'])) try: affected_agents_result = remove_agents_from_group( agent_list=agent_list, group_list=[group_id]) if affected_agents_result.total_failed_items != 0: raise WazuhError(4015) except WazuhError: raise WazuhError(4015) Agent.delete_single_group(group_id) result.affected_items.append(group_id) affected_agents.update(affected_agents_result.affected_items) except WazuhException as e: result.add_failed_item(id_=group_id, error=e) result['affected_agents'] = sorted(affected_agents, key=int) result.affected_items.sort() result.total_affected_items = len(result.affected_items) return result
def remove_agent_from_groups(agent_list=None, group_list=None): """Removes an agent assigment from a list of groups. :param agent_list: List of agents ID's. :param group_list: List of Group names. :return: AffectedItemsWazuhResult. """ agent_id = agent_list[0] result = AffectedItemsWazuhResult( all_msg='Specified agent was removed from returned groups', some_msg='Specified agent was not removed from some groups', none_msg='Specified agent was not removed from any group') # Check if agent exists and it is not 000 if agent_id == '000': raise WazuhError(1703) if agent_id not in get_agents_info(): raise WazuhResourceNotFound(1701) # We move default group to last position in case it is contained in group_list. When an agent is removed from all # groups it is reverted to 'default'. We try default last to avoid removing it and then adding again. try: group_list.append(group_list.pop(group_list.index('default'))) except ValueError: pass system_groups = get_groups() for group_id in group_list: try: if group_id not in system_groups: raise WazuhResourceNotFound(1710) Agent.unset_single_group_agent(agent_id=agent_id, group_id=group_id, force=True) result.affected_items.append(group_id) except WazuhException as e: result.add_failed_item(id_=group_id, error=e) result.total_affected_items = len(result.affected_items) result.affected_items.sort() return result
def _expand_resource(resource): """This function expand a specified resource depending of it type. :param resource: Resource to be expanded :return expanded_resource: Returns the result of the resource expansion """ name, attribute, value = resource.split(':') resource_type = ':'.join([name, attribute]) # This is the special case, expand_group can receive * or the name of the group. That's why it' s always called if resource_type == 'agent:group': return expand_group(value) # We need to transform the wildcard * to the resource of the system if value == '*': if resource_type == 'agent:id': return get_agents_info() elif resource_type == 'group:id': return get_groups() elif resource_type == 'role:id': with RolesManager() as rm: roles = rm.get_roles() return {str(role_id.id) for role_id in roles} elif resource_type == 'policy:id': with PoliciesManager() as pm: policies = pm.get_policies() return {str(policy_id.id) for policy_id in policies} elif resource_type == 'user:id': users_system = set() with AuthenticationManager() as auth: users = auth.get_users() for user in users: users_system.add(user['user_id']) return users_system elif resource_type == 'rule:id': with RulesManager() as rum: rules = rum.get_rules() return {str(rule_id.id) for rule_id in rules} elif resource_type == 'rule:file': tags = ['rule_include', 'rule_exclude', 'rule_dir'] format_rules = format_rule_decoder_file( get_ossec_conf(section='ruleset')['ruleset'], { 'status': Status.S_ALL.value, 'relative_dirname': None, 'filename': None }, tags) return {rule['filename'] for rule in format_rules} elif resource_type == 'decoder:file': tags = ['decoder_include', 'decoder_exclude', 'decoder_dir'] format_decoders = format_rule_decoder_file( get_ossec_conf(section='ruleset')['ruleset'], { 'status': Status.S_ALL.value, 'relative_dirname': None, 'filename': None }, tags) return {decoder['filename'] for decoder in format_decoders} elif resource_type == 'list:path': return { os.path.join(cdb_list['relative_dirname'], cdb_list['filename']) for cdb_list in iterate_lists(only_names=True) } elif resource_type == 'node:id': return set(cluster_nodes.get()) elif resource_type == 'file:path': return get_files() elif resource_type == '*:*': # Resourceless return {'*'} return set() # We return the value casted to set else: return {value}