def create_host(ips, sensor_id, hostname='', fqdns='', asset_value=2, threshold_c=30, threshold_a=30, alert=0, persistence=0, nat=None,
rrd_profile=None, descr='', lat=0, lon=0, icon=None, country=None, external_host=0, permissions=0, av_component=0, output='str', refresh=False):
"""
Creates a new host in the database
Args:
Host data
Return:
Tuple (boolean, msg)
- boolean indicates whether the operation was successful or not
- msg will be the host ID,
or the error string otherwise
"""
if len(ips) == 0:
return False, "At least one IP is required"
succes, ctx = get_sensor_ctx_by_sensor_id(sensor_id)
if not is_valid_uuid(ctx):
return False, "ctx is not a valid canonical uuid"
ctx = get_bytes_from_uuid(ctx)
host_id = str(uuid.uuid4())
if hostname == '':
hostname = "Host-%s" % (ips[0].replace(".", "-"))
try:
db.session.begin()
for host_ip in ips:
host_ip_object = Host_Ip(host_id=get_bytes_from_uuid(host_id),
ip=get_ip_bin_from_str(host_ip),
mac=None,
interface=None)
db.session.merge(host_ip_object)
host = Host(id=get_bytes_from_uuid(host_id),
ctx=ctx,
hostname=hostname,
fqdns=fqdns,
asset=asset_value,
threshold_c=threshold_c,
threshold_a=threshold_a,
alert=alert,
persistence=persistence,
nat=nat,
rrd_profile=rrd_profile,
descr=descr,
lat=lat,
lon=lon,
icon=icon,
country=country,
external_host=external_host,
permissions=permissions,
av_component=av_component)
db.session.merge(host)
hs_reference = Host_Sensor_Reference(host_id=get_bytes_from_uuid(host_id),
sensor_id=get_bytes_from_uuid(sensor_id))
db.session.merge(hs_reference)
db.session.commit()
except Exception, msg:
db.session.rollback()
message = "There was a problem adding new Host %s to the database: %s" % (hostname, str(msg))
api_log.error(message)
return False, message
def update_system_hids_agents(system_id):
""""
Update information about HIDS agents connected to a system
@param system_id: system_id of the sensor to update
"""
# Getting system information
success, system_info = get_system_info(system_id)
# Getting sensor ID
if success:
sensor_id = system_info['sensor_id']
else:
raise APICannotRetrieveSystem(system_id)
stored_agents = get_hids_agents_by_sensor(sensor_id)
success, agents = ossec_get_available_agents(
sensor_id=sensor_id, op_ossec='list_available_agents', agent_id='')
if not success:
raise APICannotRunHIDSCommand(sensor_id, 'list_available_agents')
added_agents = [
agent_id for agent_id in agents.keys() if agent_id not in stored_agents
]
present_agents = [
agent_id for agent_id in agents.keys() if agent_id in stored_agents
]
deleted_agents = [
agent for agent in stored_agents if agent not in agents.keys()
]
# Add new agents to database
for agent_id in added_agents:
try:
agent = agents[agent_id]
add_hids_agent(agent_id=agent_id,
sensor_id=sensor_id,
agent_name=agent['name'],
agent_ip=agent['ip'],
agent_status=agent['status'])
except APIException as e:
logger.error("Error adding hids agent: {0}".format(e))
not_linked_assets = 0
refresh_idm = False
# Update agent status and check asset_id in database
for agent_id in present_agents:
try:
# Update HIDS agent status
update_hids_agent_status(agent_id=agent_id,
sensor_id=sensor_id,
agent_status=agents[agent_id]['status'])
agent_data = get_hids_agent_by_sensor(sensor_id, agent_id)
# Check HIDS agent asset id
if agent_data['host_id'] == '':
# Try to update HIDS agent asset id
linked_assets = get_linked_assets()
agent_ip_cidr = agent_data['ip_cidr']
asset_id = None
# Getting current IP
if agent_ip_cidr == '127.0.0.1':
# Special case: Local agent
agent_ip_cidr = system_info['ha_ip'] if system_info[
'ha_ip'] else system_info['admin_ip']
elif agent_ip_cidr.lower() == 'any' or agent_ip_cidr.lower(
) == '0.0.0.0' or (is_valid_ipv4_cidr(agent_ip_cidr)
and agent_ip_cidr.find('/') != -1):
# DHCP environments (Get the latest IP)
success, agent_ip_cidr = ossec_get_check(
sensor_id, agent_data['name'], "lastip")
# Search asset_id
if is_valid_ipv4(agent_ip_cidr):
success, sensor_ctx = get_sensor_ctx_by_sensor_id(
sensor_id)
if success:
success, asset_id = get_host_id_by_ip_ctx(
agent_ip_cidr, sensor_ctx, output='str')
if not is_valid_uuid(asset_id):
success, new_asset_id = create_host([agent_ip_cidr],
sensor_id)
if is_valid_uuid(new_asset_id):
asset_id = new_asset_id
refresh_idm = True
# Linking asset to agent
if is_valid_uuid(asset_id) and asset_id not in linked_assets:
update_asset_id(sensor_id=sensor_id,
agent_id=agent_id,
asset_id=asset_id)
linked_assets[asset_id] = {
'ha_id': agent_id,
'sensor_id': sensor_id
}
else:
not_linked_assets += 1
except APIException as e:
logger.error('[update_system_hids_agents]: {0}'.format(e))
# Remove deleted agents from database
for agent_id in deleted_agents:
try:
delete_hids_agent(agent_id, sensor_id)
except APIException as e:
logger.error('[update_system_hids_agents]: {0}'.format(e))
return not_linked_assets, refresh_idm
