def get_sensor_by_sensor_id(sensor_id): """Returns a Sensor object given a Sensor ID""" try: # Getting Sensor ID for local system if sensor_id.lower() == 'local': (success, system_id) = get_system_id_from_local() if not success: raise APICannotResolveLocalSystemID() (success, local_sensor_id) = get_sensor_id_from_system_id(system_id) if success and local_sensor_id: sensor_id = local_sensor_id if not is_valid_uuid(sensor_id): raise APICannotResolveSensorID(sensor_id) # Getting sensor information success = True sensor_id_bin = get_bytes_from_uuid(sensor_id.lower()) data = db.session.query(Sensor).filter(Sensor.id == sensor_id_bin).one() except NoResultFound: success = False data = "No sensor found with the given ID" except MultipleResultsFound: success = False data = "More than one sensor found with the given ID" except Exception as ex: db.session.rollback() success = False data = "Something wrong happen while retrieving the sensor {0}".format(ex) return success, data
def start(self): """ Start monitor """ rt = True try: self.remove_monitor_data() logger.info("Monitor %s Working..." % self.monitor_id) rc, sensor_list = get_systems(system_type="Sensor") (success, version) = get_plugin_package_info_local() if not success: raise Exception(str(version)) (success, local_version) = get_plugin_package_info_local() for (system_id, _) in sensor_list: (success, sensor_id) = get_sensor_id_from_system_id(system_id) #logger.info("INFO => " + str(sensor_id)) if success: if sensor_id == '': logger.warning("Sensor (%s) ID not found" % sensor_id) continue (success, info) = get_plugin_package_info_from_sensor_id(sensor_id) if success: if info['version'] != '': data_sensor = { 'version': info['version'], 'md5': info['md5'], 'comparison': compare_dpkg_version(info['version'], local_version['version']) } else: data_sensor = { 'version': info['version'], 'md5': info['md5'], 'comparison': '' } if not self.save_data( sensor_id, ComponentTypes.SENSOR, self.get_json_message(data_sensor)): logger.error( "Can't save monitor info for sensor '%s'" % sensor_id) else: logger.warning( "Can't obtain plugin version for sensor '%s'", sensor_id) else: logger.warning("Can't obtain sensor_id for system_id '%s'", system_id) except Exception, e: logger.error( "Something wrong happen while running the monitor..%s, %s" % (self.get_monitor_id(), str(e))) rt = False
def start(self): """ Starts the monitor activity """ # Remove the previous monitor data. self.remove_monitor_data() # Iterate over the sensors. success, systems = get_systems(system_type="Sensor") if not success: logger.error("[MonitorUpdateHostPlugins] " "Can't retrieve the system info: {0}".format( str(systems))) return False assets = {} for (system_id, system_ip) in systems: success, sensor_id = get_sensor_id_from_system_id(system_id) if not success: logger.error( "[MonitorUpdateHostPlugins] " "Can't resolve senor_id of system {0}: {1}".format( system_id, sensor_id)) continue try: sensor_plugins = get_sensor_plugins_enabled_by_asset( sensor_id=sensor_id, no_cache=True) except APIException as e: logger.error( "[MonitorUpdateHostPlugins] " "Can't obtain plugin information from system {0}: {1}". format(system_id, str(e))) continue # Add asset plugin sids to assets list try: for asset, asset_plugins in sensor_plugins.iteritems(): if asset not in assets: assets[asset] = [] assets[asset] += [ plugin['plugin_id'] for plugin in asset_plugins.values() ] except KeyError as e: logger.warning( "[MonitorUpdateHostPlugins] " "Bad format in plugins enabled by asset: {0}".format( str(e))) success, msg = update_host_plugins(data=assets) if not success: logger.error( "[MonitorUpdateHostPlugins] " "Can't update host plugin information: {0}".format(msg)) return False return True
def get_sensors(): ret, sensor_data = get_systems_full(system_type='Sensor') if ret is True: sensor_list = [] for sensor in sensor_data: ret, sensor_id = get_sensor_id_from_system_id(sensor[0]) if ret: sensor_list.append((sensor_id, {'admin_ip': sensor[1]['admin_ip'], 'hostname': sensor[1]['hostname'], 'system_id': sensor[1]['uuid']})) return make_ok(sensors=dict(sensor_list)) current_app.logger.error("sensor: get_sensors error: " + str(sensor_data)) return make_error("Cannot retrieve sensors info", 500)
def start(self): """ Starts the monitor activity """ # Remove the previous monitor data. self.remove_monitor_data() # Iterate over the sensors. success, systems = get_systems(system_type="Sensor") if not success: logger.error("[MonitorUpdateHostPlugins] " "Can't retrieve the system info: {0}".format(str(systems))) return False assets = {} for (system_id, system_ip) in systems: success, sensor_id = get_sensor_id_from_system_id(system_id) if not success: logger.error("[MonitorUpdateHostPlugins] " "Can't resolve senor_id of system {0}: {1}".format(system_id, sensor_id)) continue try: sensor_plugins = get_sensor_plugins_enabled_by_asset(sensor_id=sensor_id, no_cache=True) except APIException as e: logger.error("[MonitorUpdateHostPlugins] " "Can't obtain plugin information from system {0}: {1}".format( system_id, str(e))) continue # Add asset plugin sids to assets list try: for asset, asset_plugins in sensor_plugins.iteritems(): if asset not in assets: assets[asset] = [] assets[asset] += [plugin['plugin_id'] for plugin in asset_plugins.values()] except KeyError as e: logger.warning("[MonitorUpdateHostPlugins] " "Bad format in plugins enabled by asset: {0}".format(str(e))) success, msg = update_host_plugins(data=assets) if not success: logger.error("[MonitorUpdateHostPlugins] " "Can't update host plugin information: {0}".format(msg)) return False return True
def start(self): """ Starts the monitor activity """ # Remove the previous monitor data. self.remove_monitor_data() # Iterate over the sensors. success, systems = get_systems(system_type="Sensor") if not success: logger.error("[MonitorEnabledPluginsLimit] Can't retrieve the system info: {0}".format(str(systems))) return False for (system_id, system_ip) in systems: success, sensor_id = get_sensor_id_from_system_id(system_id) if not success: logger.error("[MonitorEnabledPluginsLimit] " "Can't resolve sensor_id of system {0}: {1}".format(system_id, sensor_id)) continue try: sensor_plugins = get_sensor_plugins(sensor_id=sensor_id, no_cache=True) enabled_plugins = sensor_plugins.get('enabled', {}) enabled_global_count = len(enabled_plugins.get('detectors', [])) enabled_per_asset_count = len(list(chain.from_iterable(enabled_plugins.get('devices', {}).values()))) enabled_total = enabled_global_count + enabled_per_asset_count # Temporal, should read it from from agent config (ansible method needed) warning_threshold = 85 max_limit_threshold = 100 monitor_data = { 'system_id': system_id, 'system_ip': system_ip, 'plugins_enabled_total': enabled_total, 'plugins_allowed_to_add': max_limit_threshold - enabled_total, 'limit_reached': enabled_total >= max_limit_threshold, 'warning_reached': (warning_threshold <= enabled_total) and (enabled_total < max_limit_threshold) } if not self.save_data(sensor_id, ComponentTypes.SENSOR, self.get_json_message(monitor_data)): logger.error("[MonitorEnabledPluginsLimit] Cannot save monitor info") except APIException as e: logger.error("[MonitorEnabledPluginsLimit] " "Can't obtain plugin information from system {0}: {1}".format(system_id, str(e))) continue return True
def get_sensors(): ret, sensor_data = get_systems_full(system_type='Sensor') if ret is True: sensor_list = [] for sensor in sensor_data: ret, sensor_id = get_sensor_id_from_system_id(sensor[0]) if ret: sensor_list.append((sensor_id, { 'admin_ip': sensor[1]['admin_ip'], 'hostname': sensor[1]['hostname'], 'system_id': sensor[1]['uuid'] })) return make_ok(sensors=dict(sensor_list)) current_app.logger.error("sensor: get_sensors error: " + str(sensor_data)) return make_error("Cannot retrieve sensors info", 500)
def start(self): """ Start monitor """ rt = True try: self.remove_monitor_data() logger.info("Monitor %s Working..." % self.monitor_id) rc, sensor_list = get_systems(system_type="Sensor") (success, version) = get_plugin_package_info_local() if not success: raise Exception(str(version)) (success, local_version) = get_plugin_package_info_local() for (system_id, _) in sensor_list: (success, sensor_id) = get_sensor_id_from_system_id(system_id) #logger.info("INFO => " + str(sensor_id)) if success: if sensor_id == '': logger.warning("Sensor (%s) ID not found" % sensor_id) continue (success, info) = get_plugin_package_info_from_sensor_id(sensor_id) if success: if info['version'] != '': data_sensor = {'version': info['version'], 'md5': info['md5'], 'comparison': compare_dpkg_version(info['version'], local_version['version'])} else: data_sensor = {'version': info['version'], 'md5': info['md5'], 'comparison': ''} if not self.save_data(sensor_id, ComponentTypes.SENSOR, self.get_json_message(data_sensor)): logger.error("Can't save monitor info for sensor '%s'" % sensor_id) else: logger.warning("Can't obtain plugin version for sensor '%s'", sensor_id) else: logger.warning("Can't obtain sensor_id for system_id '%s'", system_id) except Exception, e: logger.error("Something wrong happen while running the monitor..%s, %s" % (self.get_monitor_id(), str(e))) rt = False
def get_sensor_by_sensor_id(sensor_id): """Returns a Sensor object given a Sensor ID""" try: # Getting Sensor ID for local system if sensor_id.lower() == 'local': (success, system_id) = get_system_id_from_local() if not success: raise APICannotResolveLocalSystemID() (success, local_sensor_id) = get_sensor_id_from_system_id(system_id) if success and local_sensor_id: sensor_id = local_sensor_id if not is_valid_uuid(sensor_id): raise APICannotResolveSensorID(sensor_id) # Getting sensor information success = True sensor_id_bin = get_bytes_from_uuid(sensor_id.lower()) data = db.session.query(Sensor).filter( Sensor.id == sensor_id_bin).one() except NoResultFound: success = False data = "No sensor found with the given ID" except MultipleResultsFound: success = False data = "More than one sensor found with the given ID" except Exception as ex: db.session.rollback() success = False data = "Something wrong happen while retrieving the sensor {0}".format( ex) return success, data
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: error_msg = "Cannot retrieve the " + \ "local system id. %s" % str(local_system_id) return success, error_msg if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id): error_msg = "You're trying to remove the local system, " + \ "which it's not allowed" return False, error_msg (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: error_msg = "Cannot retrieve the system ip " + \ "for the given system-id %s" % (str(system_ip)) return success, error_msg # Check whether the remote system is reachable or not: try: remote_system_is_reachable = ping_system(system_id, no_cache=True) except APIException: remote_system_is_reachable = False # We need to take the sensor_id from the database before removing it from the db (success_f, sensor_id) = get_sensor_id_from_system_id(system_id) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: error_msg = "Cannot remove the system " + \ "from the database <%s>" % str(msg) return success, error_msg # 2 - Remove the firewall rules. if success_f: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-sensor") if not trigger_success: api_log.error(msg) else: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-server") if not trigger_success: api_log.error(msg) # 3 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return (success, # "Error while removing the remote certificates: %s" % str(msg)) # 4 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: error_msg = "Cannot retrieve the local ip " + \ "<%s>" % str(local_ip) return success, error_msg #Remove remote system certificates on the local system success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Cannot remove the local certificates <%s>" % str(msg) # 5 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: error_msg = "Cannot remove the system from the " + \ "ansible inventory file " + \ "<%s>" % str(aim_error) return False, error_msg # 6 - Try to connect to the child and remove the parent # using it's server_id success, own_server_id = get_server_id_from_local() if not success: error_msg = "Cannot retrieve the server-id " + \ "from local <%s>" % str(msg) return success, error_msg if remote_system_is_reachable: success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: error_msg = "Cannot delete parent server in child <%s>" % str(msg) return success, error_msg return True, "" msg = "The remote system is not reachable. " + \ "We had not been able to remove the parent configuration" return True, msg
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: error_msg = "Cannot retrieve the " + \ "local system id. %s" % str(local_system_id) return success, error_msg if system_id == 'local' or get_hex_string_from_uuid( local_system_id) == get_hex_string_from_uuid(system_id): error_msg = "You're trying to remove the local system, " + \ "which it's not allowed" return False, error_msg (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: error_msg = "Cannot retrieve the system ip " + \ "for the given system-id %s" % (str(system_ip)) return success, error_msg # Check whether the remote system is reachable or not: try: remote_system_is_reachable = ping_system(system_id, no_cache=True) except APIException: remote_system_is_reachable = False # We need to take the sensor_id from the database before removing it from the db (success_f, sensor_id) = get_sensor_id_from_system_id(system_id) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: error_msg = "Cannot remove the system " + \ "from the database <%s>" % str(msg) return success, error_msg # 2 - Remove the firewall rules. if success_f: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-sensor") if not trigger_success: api_log.error(msg) else: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-server") if not trigger_success: api_log.error(msg) # 3 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return (success, # "Error while removing the remote certificates: %s" % str(msg)) # 4 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: error_msg = "Cannot retrieve the local ip " + \ "<%s>" % str(local_ip) return success, error_msg #Remove remote system certificates on the local system success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Cannot remove the local certificates <%s>" % str(msg) # 5 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: error_msg = "Cannot remove the system from the " + \ "ansible inventory file " + \ "<%s>" % str(aim_error) return False, error_msg # 6 - Try to connect to the child and remove the parent # using it's server_id success, own_server_id = get_server_id_from_local() if not success: error_msg = "Cannot retrieve the server-id " + \ "from local <%s>" % str(msg) return success, error_msg if remote_system_is_reachable: success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: error_msg = "Cannot delete parent server in child <%s>" % str(msg) return success, error_msg return True, "" msg = "The remote system is not reachable. " + \ "We had not been able to remove the parent configuration" return True, msg
def start(self): """ Starts the monitor activity """ # Remove the previous monitor data. self.remove_monitor_data() # Iterate over the sensors. success, systems = get_systems(system_type="Sensor") if not success: logger.error( "[MonitorEnabledPluginsLimit] Can't retrieve the system info: {0}" .format(str(systems))) return False for (system_id, system_ip) in systems: success, sensor_id = get_sensor_id_from_system_id(system_id) if not success: logger.error( "[MonitorEnabledPluginsLimit] " "Can't resolve sensor_id of system {0}: {1}".format( system_id, sensor_id)) continue try: sensor_plugins = get_sensor_plugins(sensor_id=sensor_id, no_cache=True) enabled_plugins = sensor_plugins.get('enabled', {}) enabled_global_count = len(enabled_plugins.get( 'detectors', [])) enabled_per_asset_count = len( list( chain.from_iterable( enabled_plugins.get('devices', {}).values()))) enabled_total = enabled_global_count + enabled_per_asset_count # Temporal, should read it from from agent config (ansible method needed) warning_threshold = 85 max_limit_threshold = 100 monitor_data = { 'system_id': system_id, 'system_ip': system_ip, 'plugins_enabled_total': enabled_total, 'plugins_allowed_to_add': max_limit_threshold - enabled_total, 'limit_reached': enabled_total >= max_limit_threshold, 'warning_reached': (warning_threshold <= enabled_total) and (enabled_total < max_limit_threshold) } if not self.save_data(sensor_id, ComponentTypes.SENSOR, self.get_json_message(monitor_data)): logger.error( "[MonitorEnabledPluginsLimit] Cannot save monitor info" ) except APIException as e: logger.error( "[MonitorEnabledPluginsLimit] " "Can't obtain plugin information from system {0}: {1}". format(system_id, str(e))) continue return True