def ossec_get_check(system_ip, check_type, agent_ip="", agent_name=""): """This function checks whether an ossec check has been made or not""" script_second_parameter = "" if check_type not in ["lastip", "lastscan"]: return False, "Invalid check type. Allowed values are [lastip, syscheck, rootcheck]" if check_type == 'lastip': if re.match(r"[a-zA-Z0-9_\-\(\)]+", agent_name) is None: return False, r"Invalid agent name. Allowed characters are [^a-zA-Z0-9_\-()]+" script_second_parameter = agent_name else: if not is_valid_ipv4(agent_ip): return False, "Invalid ossec agent ip. Allowed format is: xxx.yyy.zzz.ddd" script_second_parameter = agent_ip try: if check_type == "lastscan": # We need to exec TWO results result_dict = {} command = "/usr/share/ossim/scripts/ossec_check.sh %s %s" % ("lastscan", script_second_parameter) response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'].split("\n") if script_return_code != 0: return False, "[ossec_get_check] Something wrong happened while running ansible command ->'%s'" % str(response) if len(script_output) != 2: #IP not found return True, {'syscheck':'','rootcheck':''} matched_object = re.match(r"!(?P<start_time>\d{10})!(?P<end_time>\d{10}) Starting \S+ scan.", script_output[0]) last_syscheck = "" if matched_object is not None: last_syscheck = matched_object.groupdict()['start_time'] result_dict['syscheck'] = last_syscheck matched_object = re.match(r"!(?P<start_time>\d{10})!(?P<end_time>\d{10}) Starting \S+ scan.", script_output[1]) last_rootcheck = "" if matched_object is not None: last_rootcheck = matched_object.groupdict()['start_time'] result_dict['rootcheck'] = last_rootcheck data = result_dict if check_type == "lastip": command = "/usr/share/ossim/scripts/ossec_check.sh %s %s" % (check_type, script_second_parameter) response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] if script_return_code != 0: return False, "[ossec_get_check] Something wrong happened while running ansible command ->'%s'" % str(response) if not is_valid_ipv4(script_output):#IP not found return True, "" data = script_output except Exception as err: return False, "[ossec_get_check] Something wrong happened while running ansible command -> '%s'" % str(err) return True, data
def ossec_create_preconfigured_agent(sensor_ip, agent_id, agent_type="windows", destination_path=""): """Creates a preconfigured agent on the given sensor :param sensor_ip: The sensor ip where you want to create the preconfigured agent :param agent_id: The agent id for which you want to generate a preconfigured executable. It had to be registered previously on ossec-server :agent_type: The agent type to be generated (unix, windows) :destination_path: Local path where the binary should be copied""" generated_agent_path = "" if agent_type not in ["unix", "windows"]: return False, "Invalid agent type. Allowed values are [unix, windows]" if re.match(r"^[0-9]{1,4}$", agent_id) is None: return False, "Invalid agent ID. The agent ID has to be 1-4 digital characters" try: command = "/usr/share/ossim/scripts/ossec-download-agent.sh %s %s" % ( agent_id, agent_type) response = _ansible.run_module(host_list=[sensor_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(sensor_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][sensor_ip]['rc']) script_stdout = response['contacted'][sensor_ip]['stdout'] if script_return_code != 0: return False, "An error occurred while generating the ossec agent. Script return code is %s. Output: %s" % ( script_return_code, script_stdout) # unix agent generation is not available. The script should fail before arrive to this point if agent_type == "windows": generated_agent_path = "/usr/share/ossec-generator/agents/ossec_installer_%s.exe" % agent_id # We have to copy the remote binary to our local system. if not os.path.exists(destination_path): return False, "Destination folder doesn't exists" response = _ansible.run_module( host_list=[sensor_ip], module="fetch", args="dest=%s src=%s flat=yes" % (destination_path, generated_agent_path), use_sudo=True) result, msg = ansible_is_valid_response(sensor_ip, response) if not result: return False, "Something wrong happen while fetching the file %s" % msg except Exception as err: return False, "An error occurred while generating the ossec agent. %s" % str( err) return True, "%sossec_installer_%s.exe" % (destination_path, agent_id)
def system_reboot_needed(system_ip): """ Check if the system needs to be rebooted after an update. Args: system_ip (str): The system ip where the procedure must be run Returns: 'True' if the system needs to be rebooted, 'False' otherwise. """ # Check parameters if not system_ip: return False, "[system_reboot_needed] Invalid parameters" response = ansible.run_module(host_list=[system_ip], module="av_system_reboot_needed", use_sudo=True, args={}) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, "[system_reboot_needed] Something went wrong: %s" % msg try: needs_reboot = response['contacted'][system_ip]['data'] except Exception, e: return False, "[system_reboot_needed] Something went wrong: %s" % str( e)
def ansible_launch_compliance_procedure(system_ip): """ Launch compliance procedure Args: system_ip (str): The system ip where the procedure must be run Returns: success (bool): True if procedure launched OK. False elsewhere. """ # Check parameters if not system_ip: return False, "[ansible_launch_compliance_procedure] Invalid parameters" cmd_args = "echo 'CALL compliance_aggregate();' | /usr/bin/ossim-db" response = ansible.run_module(host_list=[system_ip], module="shell", use_sudo=True, args=cmd_args) (success, msg) = ansible_is_valid_response(system_ip, response) if not success: return False, "[ansible_launch_compliance_procedure] Failed to launch compliance procedure: %s" % msg if response['contacted'][system_ip]['stderr']: return False, "[ansible_launch_compliance_procedure] Error in compliance procedure: %s" % response[ 'contacted'][system_ip]['stderr'] return True, "[ansible_launch_compliance_procedure] Compliance procedure launch OK"
def ansible_download_release_info(system_ip): """Download release notes from alienvault.com Args: system_ip (str): ip of the host where we will download the release info file Returns: success (bool): True if successful, False otherwise msg (str): success/error message """ try: args = "url=http://data.alienvault.com/alienvault5/RELEASES/release_info " + \ "dest=/var/alienvault force=yes" response = ansible.run_module(host_list=[system_ip], module="get_url", use_sudo=True, args=args) (success, msg) = ansible_is_valid_response(system_ip, response) if success: msg = response['contacted'][system_ip]['msg'] except Exception as err: error_msg = "[ansible_download_release_info] An error occurred " + \ "while retrieving the release info <%s>" % str(err) api_log.error(error_msg) return False, error_msg return success, msg
def ansible_get_update_info(system_ip): """Retrieves information about the system packages. Args: system_ip(str): IP of the system of which we want info Returns: success(Boolean), msg(str): A tuple containing the result of the query and the data """ try: response = ansible.run_module(host_list=[system_ip], module="av_update_info", use_sudo=True, args={}) (success, msg) = ansible_is_valid_response(system_ip, response) if success: msg = response['contacted'][system_ip]['data'] except Exception as err: error_msg = "[get_packages_info] An error occurred while " + \ "retrieving the system's package info <%s>" % str(err) api_log.error(error_msg) return False, error_msg return success, msg
def ansible_get_process_pid(system_ip, ps_filter): """Check whether a process is running or not Args: system_ip(str): The system IP where we would like to run the ps filter ps_filter(str): Filter to grep the ps aux command Returns: (boolean,int): A tuple containing whether the operation was well or not and the PID of the process running that meet the filter (0 = not running) """ try: cmd = ('ps aux | grep \"%s\" | grep -v grep | ' 'grep -v tail | tr -s \" \" | cut -d \" \" -f 2 | ' 'head -n 1' % str(re.escape(ps_filter))) response = ansible.run_module(host_list=[system_ip], module="shell", use_sudo="True", args=cmd) (success, msg) = ansible_is_valid_response(system_ip, response) if not success: api_log.error("[ansible_get_process_pid] Error: %s" % str(msg)) return False, 0 pid = response['contacted'][system_ip]['stdout'] if pid: pid = int(pid) else: pid = 0 except Exception as exc: api_log.error("[ansible_get_process_pid] Error: %s" % str(exc)) return False, 0 return success, pid
def ansible_pgrep(system_ip, pgrep_filter="''"): """ Launch a pgrep in system :system_ip: with filter :pgrep_filter: matched against all the command line (-f). Return a tuple list with (pid,command line for each filter) """ result = [] try: cmd = "/usr/bin/pgrep -a -f '%s'" % pgrep_filter response = ansible.run_module(host_list=[system_ip], module="shell", use_sudo=True, args=cmd) (success, msg) = ansible_is_valid_response(system_ip, response) if not success: api_log.error("[ansible_pgrep] Error: %s" % str(msg)) return False, str(msg) if response['contacted'][system_ip]['stdout'] != '': data = response['contacted'][system_ip]['stdout'].split("\n") else: data = [] result = [tuple(x.split(" ", 1)) for x in data] except Exception as exc: api_log.error("[ansible_pgrep] Error: %s" % str(exc)) return False, str(exc) return True, result
def ansible_check_if_process_is_running(system_ip, ps_filter): """Check whether a process is running or not Args: system_ip(str): The system IP where we would like to run the ps filter ps_filter(str): Filter to grep the ps aux command Returns: (boolean,int): A tuple containing whether the operation was well or not and the number the process running that meet the filter """ try: rc = 0 cmd = 'ps aux | grep "%s" | grep -v grep | ' \ 'grep -v tail | wc -l' % re.escape(ps_filter) response = ansible.run_module(host_list=[system_ip], module="shell", use_sudo="True", args=cmd) (success, msg) = ansible_is_valid_response(system_ip, response) if not success: return False, msg rc = int(response['contacted'][system_ip]['stdout']) except Exception as exc: api_log.error("ansible_check_if_process_is_running: <%s>" % str(exc)) return False, 0 return success, rc
def ansible_remove_certificates(system_ip, system_id_to_remove): """Removes all the ssh certificates data: :param system_ip: The system ip where you want to remove the keys :param system_id_to_remove: The system_id of the system you want to remove.""" try: command = "rm -r /var/ossim/ssl/%s || true" % system_id_to_remove response = ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: error_msg = "Something wrong happened while removing " + \ "the ssl folder: " error_msg = error_msg + "%s" % str(msg) return False, error_msg return_code = int(response['contacted'][system_ip]['rc']) output_error = response['contacted'][system_ip]['stderr'] if return_code != 0: error_msg = "Something wrong happened while removing " + \ "the ssl folder: %s" % str(output_error) return False, error_msg except Exception as err: error_msg = "Something wrong happened while removing the ssl folder: " error_msg = error_msg + "%s" % str(err) return False, error_msg return True, ""
def ansible_resend_alarms(system_ip, alarms): if alarms: chunk_size = 10 for alarm_chunk in [ alarms[x:x + chunk_size] for x in xrange(0, len(alarms), chunk_size) ]: # alarm_chunks are 10 alarms # event_id = str(uuid.UUID(alarm)) events = "\n".join(map(lambda x: str(uuid.UUID(x)), alarm_chunk)) api_log.info( "[ansible_resend_alarms] Resending event '%s' to server '%s'" % (str(events), system_ip)) cmd = "echo -e \"%s\" | nc 127.0.0.1 40004 -w1" % events #api_log.debug("Remote command: %s " % cmd) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd) success, msg = ansible_is_valid_response(system_ip, response) if not success: api_log.error( "[ansible_resend_alarms] Can't resend to '%s' event_id '%s'.Bailing out" % (system_ip, event_id)) return False, str(err) return True, ''
def ansible_get_child_alarms(system_ip, delay=1, delta=3): """ Get the alarms from remote system """ cmd = "echo \"select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status='closed' AND timestamp between DATE_SUB(utc_timestamp(), " \ "interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) UNION select hex(event_id), timestamp, hex(backlog_id) " \ "FROM alarm WHERE status='open' AND " \ "timestamp between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) ORDER BY timestamp DESC;\" | ossim-db " % ( delta + delay, delay, delta + delay, delay) api_log.debug("Query: %s" % cmd) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, "[ansible_get_child_alarms] Can't retrieve remote alarms (%s) : %s" % ( system_ip, msg) data = [] try: output = str(response['contacted'][system_ip]['stdout']) split = output.splitlines() # Discard first line if split: for line in split[1:]: # Omit header (event_id, timestamp, backlog_id) = line.split('\t') data.append(event_id) except KeyError: api_log.error( "[ansible_get_child_alarms] Bad response from child server: %s" & str(output)) return False, "[ansible_get_child_alarms] Bad response from child server" return True, data
def ossec_add_agentless(system_ip, host=None, user=None, password=None, supassword=None): """ Add a agentless monitoring system @param system_ip Sensor IP where we're going to modify the ossec configuration @param host we're going to add @param user user we use to connect to host @param password password for user @param supassword optional password use. """ if not (host and user and password): api_log.error("[ossec_add_agentless] Missing mandatory parameter: Host, user or password (%s, %s, %s)" % (host, user, password)) return (False, "[ossec_add_agentless] Missing mandatory parameter: Host, user or password (%s, %s, %s)" % (host, user, password)) try: command = "/var/ossec/agentless/register_host.sh add %s@%s %s %s" % (user, host, password, supassword if supassword != None else '') response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] if script_return_code != 0: return False, "[ossec_add_agentless] Something wrong happened while running ansible command ->'%s'" % str(response) return True, script_output except Exception as err: return False, "[ossec_control] Something wrong happened while running ansible command -> '%s'" % str(err)
def ossec_get_syscheck(system_ip, agent_id): """ Retrieves the modified files detected by the agent (/var/ossec/bin/syscheck_control -s -i <agent_id> :param system_ip: IP of the sensor :param agent_id: Agent id, must be \d{1,4} :return (success, data) where success is True in success, False otherwise. Data is a list of modified files """ if re.match(r"^[0-9]{1,4}$", agent_id) is None: return False, "Invalid agent ID. The agent ID has to be 1-4 digital characters" try: command = "/var/ossec/bin/syscheck_control -s -i %s " % agent_id response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] if script_return_code != 0: return False, "[ossec_get_syscheck] Something wrong happened while running ansible command %s" % str( response['contacted'][system_ip]) output = {} index = 0 for line in script_output.split("\n"): if line != '': output[index] = line index += 1 except Exception as err: return False, "[ossec_get_syscheck] Something wrong happened while running ansible command %s" % str( err) return (True, output) # Ignore the header and return the list
def ansible_get_asynchronous_command_log_file(system_ip, log_file): """Retrieves the asynchronous command log file Args: system_ip(str): The system IP where we would like to run rc_file(str): The return code file Returns: (boolean,int): A tuple containing whether the operation was well """ reg = r"/tmp/system_(update|update_feed|update_uc|reconfigure)_\d{10}\.\d{2}\.log" if re.match(reg, log_file) is None: return False, "Invalid return code file" try: destination_path = "/tmp/ansible/logs/" response = ansible.run_module(host_list=[system_ip], module="fetch", args="dest=%s src=%s flat=yes" % (destination_path, log_file), use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result or not 'dest' in response['contacted'][system_ip]: return False, "Something wrong happen while fetching the return code file: %s" % msg # The content of the return code file should be a number. # The content of the return code file should be 0 for success. rc_file_path = response['contacted'][system_ip]['dest'] if not os.path.exists(rc_file_path): return False, "The local return code file doesn't exist" except Exception as err: return False, "An error occurred while retrieving the return code file <%s>" % str(err) return True, rc_file_path
def ossec_get_syscheck(system_ip, agent_id): """ Retrieves the modified files detected by the agent (/var/ossec/bin/syscheck_control -s -i <agent_id> :param system_ip: IP of the sensor :param agent_id: Agent id, must be \d{1,4} :return (success, data) where success is True in success, False otherwise. Data is a list of modified files """ status, msg = is_valid_agent_id(agent_id) if not status: return False, msg try: command = "/var/ossec/bin/syscheck_control -s -i %s " % agent_id response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] if script_return_code != 0: return False, "[ossec_get_syscheck] Something wrong happened while running ansible command %s" % str(response['contacted'][system_ip]) output = {} index = 0 for line in script_output.split("\n"): if line != '': output[index] = line index += 1 except Exception as err: return False, make_err_message("[ossec_get_syscheck]", DEFAULT_ERR_MSG, str(err)) return True, output # Ignore the header and return the list
def ossec_rootcheck(system_ip, agent_id=""): """ @param system_ip: System ip from we're going to get the logs @param agent_id: Agent_id """ if re.match(r"^[0-9]{1,4}$", agent_id) is None: return False, "Invalid agent ID. The agent ID has to be 1-4 digital characters" try: command = "/usr/share/ossim/scripts/ossec-rootcheck.sh %s" % agent_id response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] if script_return_code != 0: return False, "[ossec_rootcheck] Something wrong happened while running ansible command %s" % str( response) except Exception as err: return False, "[ossec_rootcheck] Something wrong happened while running ansible command %s" % str( err) #Splitting by char an empty string returns [''] and we need [] output = script_output.split("\n") if script_output else [] return (True, output)
def get_logfiles_for_host(system_ip, host_ips): """Returns a list of log files where the host ip have been found Args: system_ip(str): System IP host_ips(): list of hosts Returns: On success, it returns a hash table with the correct values, otherwise it returns an empty dict Note: DEPRECATED (Not used) """ logfiles = [] try: grep_filter = "|".join(ip for ip in host_ips) command = """executable=/bin/bash grep --exclude=\*.{tar.gz,dat,gz} -rIEo '%s' /var/log/ | sort -u """ % grep_filter response = ansible.run_module(host_list=[system_ip], module="shell", args=command) (success, msg) = ansible_is_valid_response(system_ip, response) if success: response = response['contacted'][system_ip]['stdout'].split('\n') for line in response: splitted_line = line.split(':') if len(splitted_line) != 2: continue log_filename = splitted_line[0] if log_filename not in logfiles: logfiles.append(log_filename) except Exception, e: api_log.error("get_logfiles_for_host: %s, r: %s" % (str(e), response))
def rsync(local_ip, src, dest): """ Rsync pull remote file to local path :param remote_ip: The system ip where the remote file is :param remote_file_path: Path to remote file :param local_ip: The local system ip :param local_file_path: Path to local file :returns True if the file was fetched, False elsewhere """ # Check parameters if not all((local_ip, src, dest)): return False, "Invalid parameters: {}".format(locals()) ssh_key_file = '/var/ossim/ssl/local/private/cakey_avapi.pem' # Use -i option to know if the file has changed # To avoid warning massage in ansible output "-q" key has been added: # u'stderr': u"Warning: Permanently added '192.168.87.198' (RSA) to the list of known hosts.", rsync_command = 'rsync -aizPe "ssh -q -o UserKnownHostsFile=/dev/null ' \ '-o StrictHostKeyChecking=no -i {}" {} {}'.format(ssh_key_file, src, dest) # Rsync pull remote file try: response = ansible.run_module(host_list=[local_ip], module='command', args=rsync_command, use_sudo=False) except Exception as e: return False, "Ansible Error: An error occurred while rsyncing file(s): {}".format(e) success, msg = ansible_is_valid_response(local_ip, response) if not success or response['contacted'][local_ip]['stderr'] != '': return success, "Could't retrieve file" elif response['contacted'][local_ip]['stdout'] == '': return False, "File(s) already in sync" else: return success, "File(s) synced"
def get_network_devices_for_sensor(sensor_ip): """Returns the list of devices logging to alienvault-sensor Args: sensor_ip (str): Sensor IP Returns: On success, it returns a hash table with device_id:device_ip, otherwise it returns an empty dict """ dev_hash = {} try: command = "grep cpe /etc/ossim/agent/config.yml | sed 's/.*device: \([^,]*\), device_id: \([^,]*\).*/\\2:\\1/g'" response = ansible.run_module([sensor_ip], module="shell", args=command) (success, msg) = ansible_is_valid_response(sensor_ip, response) if success: response = response['contacted'][sensor_ip]['stdout'].split('\n') for i in response: if i and ':' in i: k, v = i.split(':') if k and v and k not in dev_hash.keys(): dev_hash[k] = v except Exception, e: api_log.error("[get_network_devices_for_sensor error]: %s, %s" % (str(e), traceback.format_exc()))
def get_devices_logging(system_ip): """Returns the list of devices logging to alienvault-sensor Args: system_ip (str): System IP Returns: On success, it returns a hash table with the correct values, otherwise it returns an empty dict """ # Added #10576 device_hash = {} try: command = """find /var/log/alienvault/devices/* -type d -exec basename {} \;""" response = ansible.run_module(host_list=[system_ip], module="shell", args=command) (success, msg) = ansible_is_valid_response(system_ip, response) if success: response = response['contacted'][system_ip]['stdout'].split('\n') for device in response: device_hash[device] = [ "/var/log/alienvault/devices/%s/%s.log" % (device, device) ] except Exception, e: api_log.error("get_hosts_in_syslog error: %s, %s" % (str(e), traceback.format_exc()))
def ossec_get_ossec_agent_detail(system_ip, agent_id): """Retrieves information about the given agent id :param system_ip: System ip The ip of the sensor we are going to consult :param agent_id: Agent_id :return (success,data) where success is True on success False otherwise """ if re.match(r"^[0-9]{1,4}$", agent_id) is None: return False, "Invalid agent ID. The agent ID has to be 1-4 digital characters" try: command = "/var/ossec/bin/agent_control -i %s -s" % agent_id response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] if script_return_code != 0: return False, "[ossec_get_ossec_agent_detail] Something wrong happened while running ansible command %s" % str(script_output) output = [] for line in script_output.split("\n"): if line != '': output.append(line) except Exception as err: return False, "[ossec_get_ossec_agent_detail] Something wrong happened while running ansible command %s" % str(err) return (True, output)
def ansible_purge_logs(system_ip, log_type): """ Delete update/reconfigure log files older than a year Args: system_ip(str): System IP log_type (str): reconfigure or update Returns: success (bool): OK/ERROR msg (str): info message """ if not (system_ip or log_type): return False, "[ansible_purge_logs]: Missing arguments" response = ansible.run_module(host_list=[system_ip], module="av_purge_logs", use_sudo=True, args="log_type=%s" % log_type) success, msg = ansible_is_valid_response(system_ip, response) if success: if response['contacted'][system_ip]['changed']: api_log.info(response['contacted'][system_ip]['msg']) return True, "[ansible_purge_logs] Purge logs OK" return False, "[ansible_purge_logs] Purge logs error: %s"
def ansible_get_child_alarms(system_ip, delay=1, delta=3): """ Get the alarms from remote system """ cmd = "echo \"select hex(event_id), timestamp, hex(backlog_id) FROM alarm WHERE status='closed' AND timestamp between DATE_SUB(utc_timestamp(), " \ "interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) UNION select hex(event_id), timestamp, hex(backlog_id) " \ "FROM alarm WHERE status='open' AND " \ "timestamp between DATE_SUB(utc_timestamp(), interval %u hour) AND DATE_SUB(utc_timestamp(), interval %u hour) ORDER BY timestamp DESC;\" | ossim-db " % ( delta + delay, delay, delta + delay, delay) api_log.debug("Query: %s" % cmd) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, "[ansible_get_child_alarms] Can't retrieve remote alarms (%s) : %s" % (system_ip, msg) data = [] try: output = str(response['contacted'][system_ip]['stdout']) split = output.splitlines() # Discard first line if split: for line in split[1:]: # Omit header (event_id, timestamp, backlog_id) = line.split('\t') data.append(event_id) except KeyError: api_log.error("[ansible_get_child_alarms] Bad response from child server: %s" & str(output)) return False, "[ansible_get_child_alarms] Bad response from child server" return True, data
def ossec_get_ossec_agent_detail(system_ip, agent_id): """Retrieves information about the given agent id :param system_ip: System ip The ip of the sensor we are going to consult :param agent_id: Agent_id :return (success,data) where success is True on success False otherwise """ if re.match(r"^[0-9]{1,4}$", agent_id) is None: return False, "Invalid agent ID. The agent ID has to be 1-4 digital characters" try: command = "/var/ossec/bin/agent_control -i %s -s" % agent_id response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] if script_return_code != 0: return False, "[ossec_get_ossec_agent_detail] Something wrong happened while running ansible command %s" % str( script_output) output = [] for line in script_output.split("\n"): if line != '': output.append(line) except Exception as err: return False, "[ossec_get_ossec_agent_detail] Something wrong happened while running ansible command %s" % str( err) return (True, output)
def ossec_get_agentless_list(system_ip): """Retrieves the list of configured agentless :param system_ip: System ip The ip of the sensor we are going to consult :return (success,data) where success is True on success False otherwise """ try: #command = "/var/ossec/agentless/register_host.sh list" command = "cat /var/ossec/agentless/.passlist || true" response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] if script_return_code != 0: return False, "[ossec_get_agentless_list] Something wrong happened while running ansible command %s" % str( response) output = {} for line in script_output.split("\n"): if line != '' and line.find("Available host") < 0: parts = line.split('|') if len(parts) == 3: output[parts[0]] = {'pass': parts[1], 'ppass': parts[2]} except Exception as err: return False, "[ossec_get_agentless_list] Something wrong happened while running ansible command %s" % str( err) return (True, output)
def ossec_get_configuration_rule(system_ip, rule_filename, destination_path=""): #file name validation: if not re.match(r'[A-Za-z0-9_\-]+\.xml', rule_filename): return False, "Invalid rule filename <%s> " % str(rule_filename) try: ossec_rule_path = "/var/ossec/rules/%s" % rule_filename if not os.path.exists(destination_path): return False, "Destination folder doesn't exists" # From ansible doc: Recursive fetching may be supported in a later release. response = _ansible.run_module( host_list=[system_ip], module="fetch", args="dest=%s src=%s flat=yes fail_on_missing=yes" % (destination_path, ossec_rule_path), use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, str(msg) success, result = set_ossec_file_permissions(destination_path + rule_filename) if not success: return False, str(result) except Exception as err: return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str( err) return True, destination_path + rule_filename
def ansible_nmap_get_scan_progress(sensor_ip, task_id): """Retrieves the scan progress Args: sensor_ip: the sensor ip where the scan is running task_id: The task id to identify the scan progress. Returns: success (boolean): True or False data(dict) {"scanned_hosts":-1, "target_number":-1} """ data = {"scanned_hosts": -1, "target_number": -1} try: scan_file = "/tmp/{0}.scan".format(task_id) targets_file = "/tmp/{0}.targets".format(task_id) command = "wc -l {0} {1} | head -2 | awk '{2}' | xargs".format(scan_file, targets_file, '{print $1}') response = ansible.run_module([sensor_ip], "shell", command) (success, msg) = ansible_is_valid_response(sensor_ip, response) if not success: raise Exception("Invalid response {0}".format(msg)) if response['contacted'][sensor_ip]['stdout'] != '': (shosts, nhosts) = response['contacted'][sensor_ip]['stdout'].split(' ', 1) data['scanned_hosts'] = int(shosts) data['target_number'] = int(nhosts) except Exception as exc: raise return data
def ansible_nmap_get_scan_progress(sensor_ip, task_id): """Retrieves the scan progress Args: sensor_ip: the sensor ip where the scan is running task_id: The task id to identify the scan progress. Returns: success (boolean): True or False data(dict) {"scanned_hosts":-1, "target_number":-1} """ data = {"scanned_hosts": -1, "target_number": -1} try: scan_file = "/tmp/{0}.scan".format(task_id) targets_file = "/tmp/{0}.targets".format(task_id) command = "wc -l {0} {1} | head -2 | awk '{2}' | xargs".format( scan_file, targets_file, '{print $1}') response = ansible.run_module([sensor_ip], "shell", command) (success, msg) = ansible_is_valid_response(sensor_ip, response) if not success: raise Exception("Invalid response {0}".format(msg)) if response['contacted'][sensor_ip]['stdout'] != '': (shosts, nhosts) = response['contacted'][sensor_ip]['stdout'].split( ' ', 1) data['scanned_hosts'] = int(shosts) data['target_number'] = int(nhosts) except Exception as exc: raise return data
def get_system_id(system_ip): """ Returns the system Id from a given ip @param system_ip: the host system ip """ host_list = [] host_list.append(system_ip) uuid_regex = re.compile('^[a-fA-F0-9]{8}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{4}\-[a-fA-F0-9]{12}$') # 1- Try alienvault-system-id response = ansible.run_module([system_ip], "command", "/usr/bin/alienvault-system-id") success, msg = ansible_is_valid_response(system_ip, response) if success: system_id = response['contacted'][system_ip]['stdout'] # 2- When error, try the old way else: # 2.1- Read center file (success, system_id) = read_file(system_ip, "/etc/alienvault-center/alienvault-center-uuid") if not success: # 2.2- Call ansible method response = ansible.run_module(host_list, "av_setup", "filter=ansible_product_uuid") if system_ip in response['dark']: return (False, "[get_system_id]: " + response['dark'][system_ip]['msg']) else: if system_ip in response['contacted']: system_id = response['contacted'][system_ip]['ansible_facts']['ansible_product_uuid'].lower() else: return (False, "[get_system_id]: Error getting system ID") # Check the system_id is valid if not system_id or not uuid_regex.match(system_id): return (False, "[get_system_id]: Error getting system ID") return (True, system_id)
def ossec_get_agentless_list(system_ip): """Retrieves the list of configured agentless :param system_ip: System ip The ip of the sensor we are going to consult :return (success,data) where success is True on success False otherwise """ try: #command = "/var/ossec/agentless/register_host.sh list" command = "cat /var/ossec/agentless/.passlist || true" response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] if script_return_code != 0: return False, "[ossec_get_agentless_list] Something wrong happened while running ansible command %s" % str(response) output = {} for line in script_output.split("\n"): if line != '' and line.find("Available host") < 0: parts = line.split('|') if len(parts)==3: output[parts[0]] = {'pass':parts[1],'ppass':parts[2]} except Exception as err: return False, "[ossec_get_agentless_list] Something wrong happened while running ansible command %s" % str(err) return (True, output)
def ossec_get_available_agents(system_ip, op_ossec='list_available_agents', agent_id=''): """ @param system_ip: System ip of the sensor we're going to check @param op_ossec: Operation. One in list_available_agents, list_online_agents, restart_agent, integrity_check @param agent_id: Agent id, we need it in the restar_agent or integrity_check """ AgentParams = namedtuple('AgentParams', ['agent_id', 'ansible_args', 'proc_func']) ops = { 'list_available_agents': AgentParams(False, 'command=agent_control list_available_agents=true', _ossec_parse_agent_list), 'list_online_agents': AgentParams(False, 'command=agent_control list_online_agents=true', _ossec_parse_agent_list), 'restart_agent': AgentParams(True, 'command=agent_control restart_agent=%s', None), 'integrity_check': AgentParams(True, 'command=agent_control integrity_check=%s', None), } try: if op_ossec not in ops.keys(): return (False, "[ossec_get_available_agents] Bad op '%s'" % op_ossec) ansp = ops[op_ossec] if ansp.agent_id: if re.match(r"^[0-9]{1,4}$", agent_id) is None: return (False, "[ossec_get_available_Agents] Bad agent_id '%s'" % agent_id) args = ansp.ansible_args % agent_id else: args = ansp.ansible_args # Run module response = _ansible.run_module(host_list=[system_ip], module='ossec_agent', args=args, use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg # Now check the 'rc' field ans_rc = response['contacted'][system_ip]['rc'] if ans_rc != 0: return False, "[ossec_get_available_agents] Error: %s" % response[ 'contacted'][system_ip]['data'] # The msg field doesn't work in this case. The data is in 'data' if ansp.proc_func != None: data = ansp.proc_func(response['contacted'][system_ip]['data']) else: data = response['contacted'][system_ip]['data'] # I need to make some process if list_available_agents or list_online_agents are called except Exception as err: return False, "[ossec_get_available_agents] Something wrong happened while running ansible command %s" % str( err) return True, data
def ansible_get_backup_list(target=None): args = {"backup_type": "%s" % "configuration"} response = ansible.run_module([target], "av_get_backup_files", args) success, msg = ansible_is_valid_response(target, response) if not success: return False, "Cannot retrieve the list of backups" return success, response['contacted'][target]['data']
def ansible_get_hostname(system_ip): """ Returns the system hostname from a given ip @param system_ip: the host system ip """ response = ansible.run_module([system_ip], "av_setup", "filter=ansible_hostname") if not ansible_is_valid_response(system_ip, response): return (False, "Something wrong happend getting the system hostname") hostname = response['contacted'][system_ip]['ansible_facts']['ansible_hostname'] return (True, hostname)
def ossec_get_status(system_ip): try: response = _ansible.run_module(host_list=[system_ip], module="av_ossec_status", args="", use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg data = response['contacted'][system_ip]['data'] except Exception as err: return False, "[ossec_get_status] Something wrong happened while running ansible command -> '%s'" % str(err) return True, data
def ossec_control(system_ip, operation, option): """Interface with the ossec-control binary""" # TODO: This can be implemented as a module as well if operation not in ["start", "stop", "restart", "enable", "disable", "status"]: return False, "Invalid operation. Allowed values are: ['start','stop','restart','enable','disable','status']" if operation == "enable" or operation == "disable": if option not in ["client-syslog", "agentless", "debug"]: return False, "Invalid option. Allowed values are: ['client-syslog','agentless','debug']" try: # Note: # if you run the following command: # >>> ansible <yourip> -m shell -a "/var/ossec/bin/ossec-control restart " -s # ps output: # avapi 12326 1.6 0.1 63308 14512 pts/2 S+ 02:17 0:00 /usr/share/alienvault/api_core/bin/python /usr/share/alienvault/api_core/bin/ansible <yourip> -m command -a /var/ossec/bin/ossec-control restart -s # root 12349 0.2 0.0 0 0 pts/7 Z+ 02:17 0:00 [ossec-control] <defunct> # # The ossec-control becomes a defunct process. We've to investigate this in deep # I think it's something related with the way ossec-control script works with the restart command # The workaround is to redirect the standard output and error to /dev/null data = {} command = "/var/ossec/bin/ossec-control %s" % operation if operation in ["enable", "disable"]: command = "/var/ossec/bin/ossec-control %s %s" % (operation, option) if operation == "restart": command += " > /dev/null 2>&1" response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] #status operation can return !=0. If one of the ossec process is not running the rc >0 if script_return_code != 0 and operation != "status": return False, "[ossec_control] Something wrong happened while running ansible command ->'%s'" % str(response) data['stdout'] = script_output result, msg = ossec_get_status(system_ip) if not result: return False, "[ossec-control] Error getting the ossec status -> '%s'" % msg data.update(msg) except Exception as err: return False, "[ossec_control] Something wrong happened while running ansible command -> '%s'" % str(err) if operation in ["status"]: # remove ossec string data['raw_output_status'] = data['raw_output_status'].replace('ossec-', '') data['stdout'] = data['stdout'].replace('ossec-', '') for key, value in data['general_status'].items(): new_key = key.replace('ossec-', '') data['general_status'][new_key] = value del data['general_status'][key] return True, data
def ossec_put_configuration_rule_file(system_ip, local_rule_filename, remote_rule_name): try: ossec_rule_path = "/var/ossec/alienvault/rules/%s" % remote_rule_name cmd_args = "src=%s dest=%s force=yes owner=root group=ossec mode=644" % (local_rule_filename, ossec_rule_path) response = _ansible.run_module(host_list=[system_ip], module="copy", args=cmd_args, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, str(msg) except Exception as err: return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str(err) return True, "Done"
def ansible_get_hostname(system_ip): """ Returns the system hostname from a given ip @param system_ip: the host system ip """ response = ansible.run_module([system_ip], "av_setup", "filter=ansible_hostname") if not ansible_is_valid_response(system_ip, response): return (False, "Something wrong happend getting the system hostname") hostname = response['contacted'][system_ip]['ansible_facts'][ 'ansible_hostname'] return (True, hostname)
def ossec_control(system_ip, operation, option): """Interface with the ossec-control binary""" # TODO: This can be implemented as a module as well if operation not in [ "start", "stop", "restart", "enable", "disable", "status" ]: return False, "Invalid operation. Allowed values are: ['start','stop','restart','enable','disable','status']" if operation == "enable" or operation == "disable": if option not in ["client-syslog", "agentless", "debug"]: return False, "Invalid option. Allowed values are: ['client-syslog','agentless','debug']" try: # Note: # if you run the following command: # >>> ansible <yourip> -m shell -a "/var/ossec/bin/ossec-control restart " -s # ps output: # avapi 12326 1.6 0.1 63308 14512 pts/2 S+ 02:17 0:00 /usr/share/alienvault/api_core/bin/python /usr/share/alienvault/api_core/bin/ansible <yourip> -m command -a /var/ossec/bin/ossec-control restart -s # root 12349 0.2 0.0 0 0 pts/7 Z+ 02:17 0:00 [ossec-control] <defunct> # # The ossec-control becomes a defunct process. We've to investigate this in deep # I think it's something related with the way ossec-control script works with the restart command # The workaround is to redirect the standard output and error to /dev/null data = {} command = "/var/ossec/bin/ossec-control %s" % operation if operation in ["enable", "disable"]: command = "/var/ossec/bin/ossec-control %s %s" % (operation, option) if operation == "restart": command += " > /dev/null 2>&1" response = _ansible.run_module(host_list=[system_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][system_ip]['rc']) script_output = response['contacted'][system_ip]['stdout'] #status operation can return !=0. If one of the ossec process is not running the rc >0 if script_return_code != 0 and operation != "status": return False, "[ossec_control] Something wrong happened while running ansible command ->'%s'" % str( response) data['stdout'] = script_output result, msg = ossec_get_status(system_ip) if not result: return False, "[ossec-control] Error getting the ossec status -> '%s'" % msg data.update(msg) except Exception as err: return False, "[ossec_control] Something wrong happened while running ansible command -> '%s'" % str( err) return True, data
def ansible_nmap_purge_scan_files(sensor_ip, task_id): """Removes the files used during the scan""" try: command = "rm -rf /tmp/{0}*".format(task_id) response = ansible.run_module([sensor_ip], "shell", command) (success, msg) = ansible_is_valid_response(sensor_ip, response) if not success: api_log.error("[ansible_nmap_purge_scan_files] Error: %s" % str(msg)) return False, str(msg) except Exception as exc: api_log.error("[ansible_nmap_purge_scan_files] Error: %s" % str(exc)) return False, str(exc) return True, ""
def ansible_get_sensor_plugins(system_ip): """ Get the plugins of a sensor Args: system_ip Returns Dictionary with the plugins available and enable on the sensor: {'enabled': {'monitor': <list of monitor plugins enabled>, 'detector': <list of detector plugins enabled>, 'device': {<device_id>: <list of plugins enabled in the device>}}, 'plugins': { <plugin_name>: {"cfg_version": <cfg version>, "last_modification": <last modification>, "legacy": <bool>, "model": <model>, "name": <name>, "path": <plugin full file path>, "per_asset": <bool>, "plugin_id": <plugin_id>, "shipped": <bool>, "type": <detector|monitor>, "vendor": <vendor>, "source": <source>, "location": <location>, "version": <version>}}} """ response = ansible.run_module([system_ip], "av_plugins", "") if not ansible_is_valid_response(system_ip, response): raise APICannotGetSensorPlugins( log="[ansible_get_sensor_plugins] {0}".format(response)) try: plugins = response['contacted'][system_ip]['data'] # Fugly hack to replace ossec and suricata references in enabled plugins plugins['enabled']['detectors'] = ["AlienVault_NIDS" if p == "suricata" else p for p in plugins['enabled']['detectors']] plugins['enabled']['detectors'] = ["AlienVault_HIDS" if p == "ossec-single-line" else p for p in plugins['enabled']['detectors']] plugins['enabled']['detectors'] = ["AlienVault_HIDS-IDM" if p == "ossec-idm-single-line" else p for p in plugins['enabled']['detectors']] plugins['enabled']['detectors'] = ["availability_monitoring" if p == "nagios" else p for p in plugins['enabled']['detectors']] for asset_id in plugins['enabled']['devices']: plugins['enabled']['devices'][asset_id] = ["availability_monitoring" if p == "nagios" else p for p in plugins['enabled']['devices'][asset_id]] # Fugly hack to replace ossec and suricata references in available plugins plugins['plugins']['AlienVault_NIDS'] = plugins['plugins'].pop('suricata') plugins['plugins']['AlienVault_HIDS'] = plugins['plugins'].pop('ossec-single-line') plugins['plugins']['AlienVault_HIDS-IDM'] = plugins['plugins'].pop('ossec-idm-single-line') plugins['plugins']['availability_monitoring'] = plugins['plugins'].pop('nagios') except KeyError: raise APICannotGetSensorPlugins( log="[ansible_get_sensor_plugins] {0}".format(response)) return plugins
def ansible_nmap_stop(sensor_ip, task_id): """Stops the given scan""" try: pid_file = "/tmp/{0}.scan.pid".format(task_id) command = "kill -9 $(cat {0})".format(pid_file) response = ansible.run_module([sensor_ip], "shell", command) (success, msg) = ansible_is_valid_response(sensor_ip, response) if not success: api_log.error("[ansible_nmap_stop] Error: %s" % str(msg)) return False, str(msg) except Exception as exc: api_log.error("[ansible_nmap_stop] Error: %s" % str(exc)) return False, str(exc) return True, ""
def ossec_get_status(system_ip): try: response = _ansible.run_module(host_list=[system_ip], module="av_ossec_status", args="", use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, msg data = response['contacted'][system_ip]['data'] except Exception as err: return False, "[ossec_get_status] Something wrong happened while running ansible command -> '%s'" % str( err) return True, data
def ansible_get_system_info(system_ip): """ Returns: Info from a given ip: - the system id - the system hostname - the system alienvault profile - the server_id @param system_ip: the host system ip """ response = ansible.run_module([system_ip], "av_system_info", args="", use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: api_log.error(msg) return (False, "Something wrong happend getting the system data") return (True, response['contacted'][system_ip]['data'])
def ossec_get_agentless_passlist(system_ip, destination_path=""): try: agentless_passfile = "/var/ossec/agentless/.passlist" # From ansible doc: Recursive fetching may be supported in a later release. response = _ansible.run_module(host_list=[system_ip], module="fetch", args="dest=%s src=%s flat=yes fail_on_missing=yes" % (destination_path, agentless_passfile), use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, str(msg) success, result = set_ossec_file_permissions(destination_path) if not success: return False, str(result) except Exception as err: return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str(err) return True, destination_path
def ossec_create_preconfigured_agent(sensor_ip, agent_id, agent_type="windows", destination_path=""): """Creates a preconfigured agent on the given sensor :param sensor_ip: The sensor ip where you want to create the preconfigured agent :param agent_id: The agent id for which you want to generate a preconfigured executable. It had to be registered previously on ossec-server :agent_type: The agent type to be generated (unix, windows) :destination_path: Local path where the binary should be copied""" generated_agent_path = "" if agent_type not in ["unix", "windows"]: return False, "Invalid agent type. Allowed values are [unix, windows]" if re.match(r"^[0-9]{1,4}$", agent_id) is None: return False, "Invalid agent ID. The agent ID has to be 1-4 digital characters" try: command = "/usr/share/ossim/scripts/ossec-download-agent.sh %s %s" % (agent_id, agent_type) response = _ansible.run_module(host_list=[sensor_ip], module="shell", args=command, use_sudo=True) result, msg = ansible_is_valid_response(sensor_ip, response) if not result: return False, msg script_return_code = int(response['contacted'][sensor_ip]['rc']) script_stdout = response['contacted'][sensor_ip]['stdout'] if script_return_code != 0: return False, "An error occurred while generating the ossec agent. Script return code is %s. Output: %s" % (script_return_code, script_stdout) # unix agent generation is not available. The script should fail before arrive to this point if agent_type == "windows": generated_agent_path = "/usr/share/ossec-generator/agents/ossec_installer_%s.exe" % agent_id # We have to copy the remote binary to our local system. if not os.path.exists(destination_path): return False, "Destination folder doesn't exists" response = _ansible.run_module(host_list=[sensor_ip], module="fetch", args="dest=%s src=%s flat=yes" % (destination_path, generated_agent_path), use_sudo=True) result, msg = ansible_is_valid_response(sensor_ip, response) if not result: return False, "Something wrong happen while fetching the file %s" % msg except Exception as err: return False, "An error occurred while generating the ossec agent. %s" % str(err) return True, "%sossec_installer_%s.exe" % (destination_path, agent_id)
def ossec_put_agentless_passlist(system_ip, local_passfile): """ Return the passlist agentless file """ try: agentless_passfile = "/var/ossec/agentless/.passlist" cmd_args = "src=%s dest=%s force=yes owner=root group=ossec mode=644" % (local_passfile, agentless_passfile) response = _ansible.run_module(host_list=[system_ip], module="copy", args=cmd_args, use_sudo=True) result, msg = ansible_is_valid_response(system_ip, response) if not result: return False, str(msg) except Exception as err: return False, "[ossec_get_configuration_rule] Something wrong happened while running ansible command %s" % str(err) return True, "Done"