예제 #1
0
def ossec_add_new_agent(sensor_id, agent_name, agent_ip, asset_id):
    """
        Add a new agent
    """
    (success, sensor_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Bad sensor_id"

    (success, data) = ans_ossec_add_new_agent(sensor_ip, agent_name, agent_ip)

    # Add HIDS information to database and restart ossec server if it is necessary
    if success:
        # Default values
        agent_id = data
        agent_status = 'Never connected'

        try:
            add_hids_agent(agent_id, sensor_id, agent_name, agent_ip, agent_status, asset_id)
        except APIException as e:
            success = False
            data = str(e)

        (result, status) = ans_ossec_control(sensor_ip, 'status', '')

        if result and status['general_status']['remoted'] == 'DOWN':
            ans_ossec_control(sensor_ip, 'restart', '')

    return success, data
예제 #2
0
def update_system_hids_agents(system_id):
    """"
    Update information about HIDS agents connected to a system
    @param system_id: system_id of the sensor to update
    """

    # Getting system information
    success, system_info = get_system_info(system_id)

    # Getting sensor ID
    if success:
        sensor_id = system_info['sensor_id']
    else:
        raise APICannotRetrieveSystem(system_id)

    stored_agents = get_hids_agents_by_sensor(sensor_id)

    success, agents = ossec_get_available_agents(sensor_id=sensor_id,
                                                 op_ossec='list_available_agents',
                                                 agent_id='')

    if not success:
        raise APICannotRunHIDSCommand(sensor_id, 'list_available_agents')

    added_agents = [agent_id for agent_id in agents.keys() if agent_id not in stored_agents]
    present_agents = [agent_id for agent_id in agents.keys() if agent_id in stored_agents]
    deleted_agents = [agent for agent in stored_agents if agent not in agents.keys()]

    # Add new agents to database
    for agent_id in added_agents:
        try:
            agent = agents[agent_id]
            add_hids_agent(agent_id=agent_id,
                           sensor_id=sensor_id,
                           agent_name=agent['name'],
                           agent_ip=agent['ip'],
                           agent_status=agent['status'])
        except APIException as e:
            logger.error("Error adding hids agent: {0}".format(e))

    not_linked_assets = 0
    refresh_idm = False

    # Update agent status and check asset_id in database
    for agent_id in present_agents:
        try:
            # Update HIDS agent status
            update_hids_agent_status(agent_id=agent_id,
                                     sensor_id=sensor_id,
                                     agent_status=agents[agent_id]['status'])

            agent_data = get_hids_agent_by_sensor(sensor_id, agent_id)

            # Check HIDS agent asset id
            if agent_data['host_id'] == '':
                # Try to update HIDS agent asset id
                linked_assets = get_linked_assets()

                agent_ip_cidr = agent_data['ip_cidr']
                asset_id = None

                # Getting current IP
                if agent_ip_cidr == '127.0.0.1':
                    # Special case: Local agent
                    agent_ip_cidr = system_info['ha_ip'] if system_info['ha_ip'] else system_info['admin_ip']
                elif agent_ip_cidr.lower() == 'any' or agent_ip_cidr.lower() == '0.0.0.0' or (
                            is_valid_ipv4_cidr(agent_ip_cidr) and agent_ip_cidr.find('/') != -1):
                    # DHCP environments (Get the latest IP)
                    success, agent_ip_cidr = ossec_get_check(sensor_id, agent_data['name'], "lastip")

                # Search asset_id
                if is_valid_ipv4(agent_ip_cidr):
                    success, sensor_ctx = get_sensor_ctx_by_sensor_id(sensor_id)

                    if success:
                        success, asset_id = get_host_id_by_ip_ctx(agent_ip_cidr, sensor_ctx, output='str')

                    if not is_valid_uuid(asset_id):
                        success, new_asset_id = create_host([agent_ip_cidr], sensor_id)

                        if is_valid_uuid(new_asset_id):
                            asset_id = new_asset_id
                            refresh_idm = True

                # Linking asset to agent
                if is_valid_uuid(asset_id) and asset_id not in linked_assets:
                    update_asset_id(sensor_id=sensor_id, agent_id=agent_id, asset_id=asset_id)
                    linked_assets[asset_id] = {'ha_id': agent_id, 'sensor_id': sensor_id}
                else:
                    not_linked_assets += 1
        except APIException as e:
            logger.error('[update_system_hids_agents]: {0}'.format(e))

    # Remove deleted agents from database
    for agent_id in deleted_agents:
        try:
            delete_hids_agent(agent_id, sensor_id)
        except APIException as e:
            logger.error('[update_system_hids_agents]: {0}'.format(e))

    return not_linked_assets, refresh_idm
예제 #3
0
파일: hids.py 프로젝트: zoe-mora-imdc/Ossim
def update_system_hids_agents(system_id):
    """"
    Update information about HIDS agents connected to a system
    @param system_id: system_id of the sensor to update
    """

    # Getting system information
    success, system_info = get_system_info(system_id)

    # Getting sensor ID
    if success:
        sensor_id = system_info['sensor_id']
    else:
        raise APICannotRetrieveSystem(system_id)

    stored_agents = get_hids_agents_by_sensor(sensor_id)

    success, agents = ossec_get_available_agents(
        sensor_id=sensor_id, op_ossec='list_available_agents', agent_id='')

    if not success:
        raise APICannotRunHIDSCommand(sensor_id, 'list_available_agents')

    added_agents = [
        agent_id for agent_id in agents.keys() if agent_id not in stored_agents
    ]
    present_agents = [
        agent_id for agent_id in agents.keys() if agent_id in stored_agents
    ]
    deleted_agents = [
        agent for agent in stored_agents if agent not in agents.keys()
    ]

    # Add new agents to database
    for agent_id in added_agents:
        try:
            agent = agents[agent_id]
            add_hids_agent(agent_id=agent_id,
                           sensor_id=sensor_id,
                           agent_name=agent['name'],
                           agent_ip=agent['ip'],
                           agent_status=agent['status'])
        except APIException as e:
            logger.error("Error adding hids agent: {0}".format(e))

    not_linked_assets = 0
    refresh_idm = False

    # Update agent status and check asset_id in database
    for agent_id in present_agents:
        try:
            # Update HIDS agent status
            update_hids_agent_status(agent_id=agent_id,
                                     sensor_id=sensor_id,
                                     agent_status=agents[agent_id]['status'])

            agent_data = get_hids_agent_by_sensor(sensor_id, agent_id)

            # Check HIDS agent asset id
            if agent_data['host_id'] == '':
                # Try to update HIDS agent asset id
                linked_assets = get_linked_assets()

                agent_ip_cidr = agent_data['ip_cidr']
                asset_id = None

                # Getting current IP
                if agent_ip_cidr == '127.0.0.1':
                    # Special case: Local agent
                    agent_ip_cidr = system_info['ha_ip'] if system_info[
                        'ha_ip'] else system_info['admin_ip']
                elif agent_ip_cidr.lower() == 'any' or agent_ip_cidr.lower(
                ) == '0.0.0.0' or (is_valid_ipv4_cidr(agent_ip_cidr)
                                   and agent_ip_cidr.find('/') != -1):
                    # DHCP environments (Get the latest IP)
                    success, agent_ip_cidr = ossec_get_check(
                        sensor_id, agent_data['name'], "lastip")

                # Search asset_id
                if is_valid_ipv4(agent_ip_cidr):
                    success, sensor_ctx = get_sensor_ctx_by_sensor_id(
                        sensor_id)

                    if success:
                        success, asset_id = get_host_id_by_ip_ctx(
                            agent_ip_cidr, sensor_ctx, output='str')

                    if not is_valid_uuid(asset_id):
                        success, new_asset_id = create_host([agent_ip_cidr],
                                                            sensor_id)

                        if is_valid_uuid(new_asset_id):
                            asset_id = new_asset_id
                            refresh_idm = True

                # Linking asset to agent
                if is_valid_uuid(asset_id) and asset_id not in linked_assets:
                    update_asset_id(sensor_id=sensor_id,
                                    agent_id=agent_id,
                                    asset_id=asset_id)
                    linked_assets[asset_id] = {
                        'ha_id': agent_id,
                        'sensor_id': sensor_id
                    }
                else:
                    not_linked_assets += 1
        except APIException as e:
            logger.error('[update_system_hids_agents]: {0}'.format(e))

    # Remove deleted agents from database
    for agent_id in deleted_agents:
        try:
            delete_hids_agent(agent_id, sensor_id)
        except APIException as e:
            logger.error('[update_system_hids_agents]: {0}'.format(e))

    return not_linked_assets, refresh_idm