def get_base_path_from_sensor_id(sensor_id): if sensor_id == 'local': rt, system_id = get_system_id_from_local() if not rt: return False, "Can't retrieve the system id" return True, get_base_path_from_system_id(system_id) rt, system_id = get_system_id_from_sensor_id(sensor_id) if not rt: return False, "Can't retrieve the system id" return True, get_base_path_from_system_id(system_id)
def create_directory_for_ossec_remote(system_id): path = get_base_path_from_system_id(system_id) + "/ossec/" success, msg = create_local_directory(path) if not success: return False, msg return True, ""
def get_base_path_from_server_id(server_id): """ Get base path from server ID Args: server_id (str): Server ID Returns: String with the corresponding base path """ if server_id == 'local': rt, system_id = get_system_id_from_local() if not rt: return False, "Can't retrieve the system id" return True, get_base_path_from_system_id(system_id) rt, system_id = get_system_id_from_server_id(server_id) if not rt: return False, "Can't retrieve the system id for server id %s: %s" % (server_id, system_id) return True, get_base_path_from_system_id(system_id)
def get_base_path_from_server_id(server_id): """ Get base path from server ID Args: server_id (str): Server ID Returns: String with the corresponding base path """ if server_id == 'local': rt, system_id = get_system_id_from_local() if not rt: return False, "Can't retrieve the system id" return True, get_base_path_from_system_id(system_id) rt, system_id = get_system_id_from_server_id(server_id) if not rt: return False, "Can't retrieve the system id for server id %s: %s" % ( server_id, system_id) return True, get_base_path_from_system_id(system_id)
def sync_database_from_child(system_id): """ Check SQL sync file in system_id and if it differs from the local one, get it and add to local database Then, check if we have to propagate changes upwards and generate sync.sql if so """ # Get remote and local IPs (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: error_msg = "[Apimethod sync_database_from_child] " + \ "Error retrieving the system ip for the system id " + \ "%s -> %s" % (system_ip, str(system_ip)) return success, error_msg success, local_ip = get_system_ip_from_local() if not success: error_msg = "[Apimethod sync_database_from_child] " + \ "Error while getting the local ip: %s" % str(local_ip) return success, error_msg # SQL file changed. Get it, check md5 and apply # Get MD5SUM file for the SQL file remote_md5file_path = "/var/lib/alienvault-center/db/sync.md5" local_md5file_path = "%s" % get_base_path_from_system_id(system_id) + \ "/sync_%s.md5" % system_id (retrieved, msg) = rsync_pull(system_ip, remote_md5file_path, local_ip, local_md5file_path) if not retrieved and 'already in sync' not in msg: return False, "[Apimethod sync_database_from_child] %s" % msg # Check SQL file MD5 local_file_path = "%s" % get_base_path_from_system_id(system_id) + \ "/sync_%s.sql" % system_id with open(local_md5file_path) as m: md5_read = m.readline() p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE) md5_calc, err = p.communicate() if err: return False, "[Apimethod sync_database_from_child] %s" % err if str(md5_read.rstrip('\n')) in str(md5_calc): return True, "[Apimethod sync_database_from_child] SQL already synced" # Get remote sync file if changed remote_file_path = "/var/lib/alienvault-center/db/sync.sql" (retrieved, msg) = rsync_pull(system_ip, remote_file_path, local_ip, local_file_path) if not retrieved: if 'already in sync' in msg: true_msg = "[Apimethod sync_database_from_child] " + \ "Databases already in sync" return True, true_msg else: false_msg = "[Apimethod sync_database_from_child] " + \ "%s" % msg return False, false_msg # Check SQL file MD5 p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE) md5_calc, err = p.communicate() if err: return False, "[Apimethod sync_database_from_child] %s" % err if not str(md5_read.rstrip('\n')) in str(md5_calc): error_msg = "[Apimethod sync_database_from_child] " + \ "Corrupt or incomplete SQL file (bad md5sum)" return False, error_msg # SQL file OK. Apply with open(local_file_path) as f: if call(['/usr/bin/ossim-db'], stdin=f): error_msg = "[Apimethod sync_database_from_child] " + \ "Error applying SQL file to ossim-db" return False, error_msg else: info_msg = "[Apimethod sync_database_from_child] " + \ "SQL applied successfully" api_log.info(info_msg) # Check first line of sync.sql file for mySQL restart option f.seek(0, 0) restart_db = "RESTART OSSIM-SERVER" in f.readline() # Restart SQL server if needed if restart_db: try: restart_ossim_server(local_ip) except Exception, err: error_msg = "An error occurred while restarting " + \ "MySQL server: %s" % str(err) return False, error_msg