def create_host(ips, sensor_id, hostname='', fqdns='', asset_value=2, threshold_c=30, threshold_a=30, alert=0, persistence=0, nat=None, rrd_profile=None, descr='', lat=0, lon=0, icon=None, country=None, external_host=0, permissions=0, av_component=0, output='str', refresh=False): """ Creates a new host in the database Args: Host data Return: Tuple (boolean, msg) - boolean indicates whether the operation was successful or not - msg will be the host ID, or the error string otherwise """ if len(ips) == 0: return False, "At least one IP is required" succes, ctx = get_sensor_ctx_by_sensor_id(sensor_id) if not is_valid_uuid(ctx): return False, "ctx is not a valid canonical uuid" ctx = get_bytes_from_uuid(ctx) host_id = str(uuid.uuid4()) if hostname == '': hostname = "Host-%s" % (ips[0].replace(".", "-")) try: db.session.begin() for host_ip in ips: host_ip_object = Host_Ip(host_id=get_bytes_from_uuid(host_id), ip=get_ip_bin_from_str(host_ip), mac=None, interface=None) db.session.merge(host_ip_object) host = Host(id=get_bytes_from_uuid(host_id), ctx=ctx, hostname=hostname, fqdns=fqdns, asset=asset_value, threshold_c=threshold_c, threshold_a=threshold_a, alert=alert, persistence=persistence, nat=nat, rrd_profile=rrd_profile, descr=descr, lat=lat, lon=lon, icon=icon, country=country, external_host=external_host, permissions=permissions, av_component=av_component) db.session.merge(host) hs_reference = Host_Sensor_Reference(host_id=get_bytes_from_uuid(host_id), sensor_id=get_bytes_from_uuid(sensor_id)) db.session.merge(hs_reference) db.session.commit() except Exception, msg: db.session.rollback() message = "There was a problem adding new Host %s to the database: %s" % (hostname, str(msg)) api_log.error(message) return False, message
def update_system_hids_agents(system_id): """" Update information about HIDS agents connected to a system @param system_id: system_id of the sensor to update """ # Getting system information success, system_info = get_system_info(system_id) # Getting sensor ID if success: sensor_id = system_info['sensor_id'] else: raise APICannotRetrieveSystem(system_id) stored_agents = get_hids_agents_by_sensor(sensor_id) success, agents = ossec_get_available_agents( sensor_id=sensor_id, op_ossec='list_available_agents', agent_id='') if not success: raise APICannotRunHIDSCommand(sensor_id, 'list_available_agents') added_agents = [ agent_id for agent_id in agents.keys() if agent_id not in stored_agents ] present_agents = [ agent_id for agent_id in agents.keys() if agent_id in stored_agents ] deleted_agents = [ agent for agent in stored_agents if agent not in agents.keys() ] # Add new agents to database for agent_id in added_agents: try: agent = agents[agent_id] add_hids_agent(agent_id=agent_id, sensor_id=sensor_id, agent_name=agent['name'], agent_ip=agent['ip'], agent_status=agent['status']) except APIException as e: logger.error("Error adding hids agent: {0}".format(e)) not_linked_assets = 0 refresh_idm = False # Update agent status and check asset_id in database for agent_id in present_agents: try: # Update HIDS agent status update_hids_agent_status(agent_id=agent_id, sensor_id=sensor_id, agent_status=agents[agent_id]['status']) agent_data = get_hids_agent_by_sensor(sensor_id, agent_id) # Check HIDS agent asset id if agent_data['host_id'] == '': # Try to update HIDS agent asset id linked_assets = get_linked_assets() agent_ip_cidr = agent_data['ip_cidr'] asset_id = None # Getting current IP if agent_ip_cidr == '127.0.0.1': # Special case: Local agent agent_ip_cidr = system_info['ha_ip'] if system_info[ 'ha_ip'] else system_info['admin_ip'] elif agent_ip_cidr.lower() == 'any' or agent_ip_cidr.lower( ) == '0.0.0.0' or (is_valid_ipv4_cidr(agent_ip_cidr) and agent_ip_cidr.find('/') != -1): # DHCP environments (Get the latest IP) success, agent_ip_cidr = ossec_get_check( sensor_id, agent_data['name'], "lastip") # Search asset_id if is_valid_ipv4(agent_ip_cidr): success, sensor_ctx = get_sensor_ctx_by_sensor_id( sensor_id) if success: success, asset_id = get_host_id_by_ip_ctx( agent_ip_cidr, sensor_ctx, output='str') if not is_valid_uuid(asset_id): success, new_asset_id = create_host([agent_ip_cidr], sensor_id) if is_valid_uuid(new_asset_id): asset_id = new_asset_id refresh_idm = True # Linking asset to agent if is_valid_uuid(asset_id) and asset_id not in linked_assets: update_asset_id(sensor_id=sensor_id, agent_id=agent_id, asset_id=asset_id) linked_assets[asset_id] = { 'ha_id': agent_id, 'sensor_id': sensor_id } else: not_linked_assets += 1 except APIException as e: logger.error('[update_system_hids_agents]: {0}'.format(e)) # Remove deleted agents from database for agent_id in deleted_agents: try: delete_hids_agent(agent_id, sensor_id) except APIException as e: logger.error('[update_system_hids_agents]: {0}'.format(e)) return not_linked_assets, refresh_idm