def ossec_add_new_agent(sensor_id, agent_name, agent_ip, asset_id): """ Add a new agent """ (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: return False, "Bad sensor_id" (success, data) = ans_ossec_add_new_agent(sensor_ip, agent_name, agent_ip) # Add HIDS information to database and restart ossec server if it is necessary if success: # Default values agent_id = data agent_status = 'Never connected' try: add_hids_agent(agent_id, sensor_id, agent_name, agent_ip, agent_status, asset_id) except APIException as e: success = False data = str(e) (result, status) = ans_ossec_control(sensor_ip, 'status', '') if result and status['general_status']['remoted'] == 'DOWN': ans_ossec_control(sensor_ip, 'restart', '') return success, data
def update_system_hids_agents(system_id): """" Update information about HIDS agents connected to a system @param system_id: system_id of the sensor to update """ # Getting system information success, system_info = get_system_info(system_id) # Getting sensor ID if success: sensor_id = system_info['sensor_id'] else: raise APICannotRetrieveSystem(system_id) stored_agents = get_hids_agents_by_sensor(sensor_id) success, agents = ossec_get_available_agents(sensor_id=sensor_id, op_ossec='list_available_agents', agent_id='') if not success: raise APICannotRunHIDSCommand(sensor_id, 'list_available_agents') added_agents = [agent_id for agent_id in agents.keys() if agent_id not in stored_agents] present_agents = [agent_id for agent_id in agents.keys() if agent_id in stored_agents] deleted_agents = [agent for agent in stored_agents if agent not in agents.keys()] # Add new agents to database for agent_id in added_agents: try: agent = agents[agent_id] add_hids_agent(agent_id=agent_id, sensor_id=sensor_id, agent_name=agent['name'], agent_ip=agent['ip'], agent_status=agent['status']) except APIException as e: logger.error("Error adding hids agent: {0}".format(e)) not_linked_assets = 0 refresh_idm = False # Update agent status and check asset_id in database for agent_id in present_agents: try: # Update HIDS agent status update_hids_agent_status(agent_id=agent_id, sensor_id=sensor_id, agent_status=agents[agent_id]['status']) agent_data = get_hids_agent_by_sensor(sensor_id, agent_id) # Check HIDS agent asset id if agent_data['host_id'] == '': # Try to update HIDS agent asset id linked_assets = get_linked_assets() agent_ip_cidr = agent_data['ip_cidr'] asset_id = None # Getting current IP if agent_ip_cidr == '127.0.0.1': # Special case: Local agent agent_ip_cidr = system_info['ha_ip'] if system_info['ha_ip'] else system_info['admin_ip'] elif agent_ip_cidr.lower() == 'any' or agent_ip_cidr.lower() == '0.0.0.0' or ( is_valid_ipv4_cidr(agent_ip_cidr) and agent_ip_cidr.find('/') != -1): # DHCP environments (Get the latest IP) success, agent_ip_cidr = ossec_get_check(sensor_id, agent_data['name'], "lastip") # Search asset_id if is_valid_ipv4(agent_ip_cidr): success, sensor_ctx = get_sensor_ctx_by_sensor_id(sensor_id) if success: success, asset_id = get_host_id_by_ip_ctx(agent_ip_cidr, sensor_ctx, output='str') if not is_valid_uuid(asset_id): success, new_asset_id = create_host([agent_ip_cidr], sensor_id) if is_valid_uuid(new_asset_id): asset_id = new_asset_id refresh_idm = True # Linking asset to agent if is_valid_uuid(asset_id) and asset_id not in linked_assets: update_asset_id(sensor_id=sensor_id, agent_id=agent_id, asset_id=asset_id) linked_assets[asset_id] = {'ha_id': agent_id, 'sensor_id': sensor_id} else: not_linked_assets += 1 except APIException as e: logger.error('[update_system_hids_agents]: {0}'.format(e)) # Remove deleted agents from database for agent_id in deleted_agents: try: delete_hids_agent(agent_id, sensor_id) except APIException as e: logger.error('[update_system_hids_agents]: {0}'.format(e)) return not_linked_assets, refresh_idm
def update_system_hids_agents(system_id): """" Update information about HIDS agents connected to a system @param system_id: system_id of the sensor to update """ # Getting system information success, system_info = get_system_info(system_id) # Getting sensor ID if success: sensor_id = system_info['sensor_id'] else: raise APICannotRetrieveSystem(system_id) stored_agents = get_hids_agents_by_sensor(sensor_id) success, agents = ossec_get_available_agents( sensor_id=sensor_id, op_ossec='list_available_agents', agent_id='') if not success: raise APICannotRunHIDSCommand(sensor_id, 'list_available_agents') added_agents = [ agent_id for agent_id in agents.keys() if agent_id not in stored_agents ] present_agents = [ agent_id for agent_id in agents.keys() if agent_id in stored_agents ] deleted_agents = [ agent for agent in stored_agents if agent not in agents.keys() ] # Add new agents to database for agent_id in added_agents: try: agent = agents[agent_id] add_hids_agent(agent_id=agent_id, sensor_id=sensor_id, agent_name=agent['name'], agent_ip=agent['ip'], agent_status=agent['status']) except APIException as e: logger.error("Error adding hids agent: {0}".format(e)) not_linked_assets = 0 refresh_idm = False # Update agent status and check asset_id in database for agent_id in present_agents: try: # Update HIDS agent status update_hids_agent_status(agent_id=agent_id, sensor_id=sensor_id, agent_status=agents[agent_id]['status']) agent_data = get_hids_agent_by_sensor(sensor_id, agent_id) # Check HIDS agent asset id if agent_data['host_id'] == '': # Try to update HIDS agent asset id linked_assets = get_linked_assets() agent_ip_cidr = agent_data['ip_cidr'] asset_id = None # Getting current IP if agent_ip_cidr == '127.0.0.1': # Special case: Local agent agent_ip_cidr = system_info['ha_ip'] if system_info[ 'ha_ip'] else system_info['admin_ip'] elif agent_ip_cidr.lower() == 'any' or agent_ip_cidr.lower( ) == '0.0.0.0' or (is_valid_ipv4_cidr(agent_ip_cidr) and agent_ip_cidr.find('/') != -1): # DHCP environments (Get the latest IP) success, agent_ip_cidr = ossec_get_check( sensor_id, agent_data['name'], "lastip") # Search asset_id if is_valid_ipv4(agent_ip_cidr): success, sensor_ctx = get_sensor_ctx_by_sensor_id( sensor_id) if success: success, asset_id = get_host_id_by_ip_ctx( agent_ip_cidr, sensor_ctx, output='str') if not is_valid_uuid(asset_id): success, new_asset_id = create_host([agent_ip_cidr], sensor_id) if is_valid_uuid(new_asset_id): asset_id = new_asset_id refresh_idm = True # Linking asset to agent if is_valid_uuid(asset_id) and asset_id not in linked_assets: update_asset_id(sensor_id=sensor_id, agent_id=agent_id, asset_id=asset_id) linked_assets[asset_id] = { 'ha_id': agent_id, 'sensor_id': sensor_id } else: not_linked_assets += 1 except APIException as e: logger.error('[update_system_hids_agents]: {0}'.format(e)) # Remove deleted agents from database for agent_id in deleted_agents: try: delete_hids_agent(agent_id, sensor_id) except APIException as e: logger.error('[update_system_hids_agents]: {0}'.format(e)) return not_linked_assets, refresh_idm