def update_hids_agents(): """ Task to update the info of hids agents of each sensor """ insert_message = False send_refresh = False not_linked_assets = 0 msg_id_binary = get_bytes_from_uuid("00000000-0000-0000-0000-000000010032") delete_current_status_messages([msg_id_binary]) try: success, systems = get_systems(system_type='Sensor', directly_connected=True) if not success: logger.error("[update_hids_agents] %s" % str(systems)) raise APICannotRetrieveSystems() success, local_system_id = get_system_id_from_local() if not success: logger.error("[update_hids_agents] %s" % str(local_system_id)) raise APICannotResolveLocalSystemID() system_ids = [x[0] for x in systems] if local_system_id not in system_ids: system_ids.append(local_system_id) for system_id in system_ids: try: not_linked_assets_by_sensor, new_host = update_system_hids_agents( system_id) # Update counter not_linked_assets = not_linked_assets + not_linked_assets_by_sensor if not_linked_assets_by_sensor > 0: insert_message = True if not send_refresh and new_host: send_refresh = True except APIException as e: logger.error("[update_hids_agents] %s" % str(e)) except Exception as e: logger.error("[update_hids_agents] %s" % str(e)) return False if insert_message: success, local_system_id = get_system_id_from_local() additional_info = json.dumps({"not_linked_assets": not_linked_assets}) insert_current_status_message("00000000-0000-0000-0000-000000010032", local_system_id, "system", additional_info) if send_refresh: refresh_hosts() return True
def start(self): """ Starts the monitor activity :return: True on success, False otherwise """ self.remove_monitor_data() monitor_data = {} success, system_id = get_system_id_from_local() if not success: return False # Just return if there is no internet connection. if not self.__check_internet_connection__(): logger.error("Cannot connect to the Telemetry Server") monitor_data['telemetry_server_connectivity'] = False self.save_data(system_id, ComponentTypes.SYSTEM, self.get_json_message(monitor_data)) return True # Find the list of connected systems. (result, sensor_dict) = get_systems('Sensor', convert_to_dict=True, exclusive=True) if not result: logger.error("Cannot retrieve connected sensors") return False (result, database_dict) = get_systems('Database', convert_to_dict=True, exclusive=True) if not result: logger.error("Cannot retrieve connected databases") return False system_dict = dict(sensor_dict, **database_dict) result, local_system_id = get_system_id_from_local() if not result: logger.error("Cannot retrieve the local id") return False result, local_system_ip = get_system_ip_from_system_id(local_system_id) if not result: logger.error("Cannot retrieve the local IP address") return False system_dict = dict({local_system_id: local_system_ip}, **system_dict) args = { 'output_type': 'ansible', 'plugin_list': ','.join(self.__strike_zone_plugins), 'verbose': 2 } ansible_output = get_doctor_data(system_dict.values(), args) if ansible_output.get('dark'): logger.error('Cannot collect telemetry data: %s' % str(ansible_output.get('dark'))) return False return self.__send_data__(local_system_id, ansible_output)
def update_hids_agents(): """ Task to update the info of hids agents of each sensor """ insert_message = False send_refresh = False not_linked_assets = 0 msg_id_binary = get_bytes_from_uuid("00000000-0000-0000-0000-000000010032") delete_current_status_messages([msg_id_binary]) try: success, systems = get_systems(system_type='Sensor', directly_connected=True) if not success: logger.error("[update_hids_agents] %s" % str(systems)) raise APICannotRetrieveSystems() success, local_system_id = get_system_id_from_local() if not success: logger.error("[update_hids_agents] %s" % str(local_system_id)) raise APICannotResolveLocalSystemID() system_ids = [x[0] for x in systems] if local_system_id not in system_ids: system_ids.append(local_system_id) for system_id in system_ids: try: not_linked_assets_by_sensor, new_host = update_system_hids_agents(system_id) # Update counter not_linked_assets = not_linked_assets + not_linked_assets_by_sensor if not_linked_assets_by_sensor > 0: insert_message = True if not send_refresh and new_host: send_refresh = True except APIException as e: logger.error("[update_hids_agents] %s" % str(e)) except Exception as e: logger.error("[update_hids_agents] %s" % str(e)) return False if insert_message: success, local_system_id = get_system_id_from_local() additional_info = json.dumps({"not_linked_assets": not_linked_assets}) insert_current_status_message("00000000-0000-0000-0000-000000010032", local_system_id, "system", additional_info) if send_refresh: refresh_hosts() return True
def start(self): """ Starts the monitor activity :return: True on success, False otherwise """ self.remove_monitor_data() monitor_data = {} success, system_id = get_system_id_from_local() if not success: return False # Just return if there is no internet connection. if not self.__check_internet_connection__(): logger.error("Cannot connect to the Telemetry Server") monitor_data['telemetry_server_connectivity'] = False self.save_data(system_id, ComponentTypes.SYSTEM, self.get_json_message(monitor_data)) return True # Find the list of connected systems. (result, sensor_dict) = get_systems('Sensor', convert_to_dict=True, exclusive=True) if not result: logger.error("Cannot retrieve connected sensors") return False (result, database_dict) = get_systems('Database', convert_to_dict=True, exclusive=True) if not result: logger.error("Cannot retrieve connected databases") return False system_dict = dict(sensor_dict, **database_dict) result, local_system_id = get_system_id_from_local() if not result: logger.error("Cannot retrieve the local id") return False result, local_system_ip = get_system_ip_from_system_id(local_system_id) if not result: logger.error("Cannot retrieve the local IP address") return False system_dict = dict({local_system_id: local_system_ip}, **system_dict) args = {'output_type': 'ansible', 'plugin_list': ','.join(self.__strike_zone_plugins), 'verbose': 2} ansible_output = get_doctor_data(system_dict.values(), args) if ansible_output.get('dark'): logger.error('Cannot collect telemetry data: %s' % str(ansible_output.get('dark'))) return False return self.__send_data__(local_system_id, ansible_output)
def get_sensor_by_sensor_id(sensor_id): """Returns a Sensor object given a Sensor ID""" try: # Getting Sensor ID for local system if sensor_id.lower() == 'local': (success, system_id) = get_system_id_from_local() if not success: raise APICannotResolveLocalSystemID() (success, local_sensor_id) = get_sensor_id_from_system_id(system_id) if success and local_sensor_id: sensor_id = local_sensor_id if not is_valid_uuid(sensor_id): raise APICannotResolveSensorID(sensor_id) # Getting sensor information success = True sensor_id_bin = get_bytes_from_uuid(sensor_id.lower()) data = db.session.query(Sensor).filter(Sensor.id == sensor_id_bin).one() except NoResultFound: success = False data = "No sensor found with the given ID" except MultipleResultsFound: success = False data = "More than one sensor found with the given ID" except Exception as ex: db.session.rollback() success = False data = "Something wrong happen while retrieving the sensor {0}".format(ex) return success, data
def start(self): """ Starts the monitor activity """ self.remove_monitor_data() monitor_data = {} success, system_id = get_system_id_from_local() if not success: return False # Load all system from current_local logger.info("MCServer downloading messages") messages, conn_failed = get_message_center_messages() if conn_failed: monitor_data['mc_server_connectivity'] = False logger.error("Cannot connect to Message Center server") self.save_data(system_id, ComponentTypes.SYSTEM, self.get_json_message(monitor_data)) return True # Save a current status message for each message on the list success, data = load_external_messages_on_db(messages) logger.info("MCServer messages donwloaded.. %s:%s" % (success, str(data))) return True
def get_plugin_sids_package(system_id, md5): """ Check the :system_id: system if its alienvault-plugin-sids package has md5 sum of :md5:. Download the package from remote system. check if not reconfig / update is running. Install package """ # First, check remote md5 rt = False emsg = '' try: result, info = get_plugin_package_info_from_system_id(system_id) if not result: raise Exception("Can't obtain alienvault-plugin-sid info for system %s : %s" % (system_id, str(info))) if info['md5'] != md5: raise Exception("md5 provided doesn't match with stored md5") # Use ansible to download file to temp directory result, ipremote = get_system_ip_from_system_id(system_id) if not result: raise Exception("Can't obtain remote system ip") result, iplocal = get_system_ip_from_local() if not result: raise Exception("Can't obtain local system ip") result, idlocal = get_system_id_from_local() if not result: raise Exception("Can't obtain local system id") # Create a temp file temp = NamedTemporaryFile(delete=True) tempname = temp.name plugin_package = "alienvault-plugin-sids_" + info['version'] + "_all.deb" remote_path = "/var/cache/apt/archives" result, emsg = fetch_if_changed(ipremote, os.path.join(remote_path, plugin_package), iplocal, tempname) if not result: raise Exception("Can't copy remote from %s file name %s Error: %s" % (ipremote, os.path.join(remote_path, plugin_package), emsg)) shutil.copy(tempname, remote_path) # Atomic rename os.rename(os.path.join(remote_path, os.path.basename(tempname)), os.path.join(remote_path, plugin_package)) # Check if we're not updaing / configuring result, status = check_update_and_reconfig_status(idlocal) if not result: raise Exception("Can't check current status reconfig / update") if status['alienvault-update']['job_status'] == 'running': raise Exception("alienvault-update running") if status['alienvault-reconfig']['job_status'] == 'running': raise Exception("alienvault-reconfig running") if status['ossim-reconfig']['job_status'] == 'running': raise Exception("ossim-reconfig running") # Okey, install package result, status = install_debian_package([iplocal], os.path.join(remote_path, plugin_package)) if not result: raise Exception("Can't install %s" % os.path.join(remote_path, plugin_package)) rt = True emsg = '' except Exception as excep: emsg = str(excep) rt = False return (rt, emsg)
def main(): profile = ossim_setup.get_general_profile() if profile == 'Database': return try: status, ip_list = db_get_systems() except AssertionError: # Show additional notification on sensors. print("Warning: Please reset the AlienVault API key on connected server to avoid connectivity issues!\n") return if not status or not ip_list: return (success, local_system_id) = get_system_id_from_local() if not success: return local_ip = ossim_setup.get_general_admin_ip(refresh=True) # There is no need to add system itself - remove it from list. if local_ip in ip_list: ip_list.remove(local_ip) last_asset = ip_list[-1] if ip_list else None for remote_system_ip in ip_list: if not add_system_with_new_key(local_system_id, remote_system_ip): # Skip this step if current asset is the last in the list. if remote_system_ip != last_asset and not confirm('Do you want to continue with other components?', default=True): sys.exit('Failed to add remote system {} with a new API key. Exiting...'.format(remote_system_ip))
def start(self): """ Starts the monitor activity """ monitor_data = {"pulses_download_fail": False, "old_otx_key": False} self.remove_monitor_data() success, system_id = get_system_id_from_local() if not success: return False # Load all system from current_local logger.info("[MonitorDownloadPulses] downloading pulses started...") success, otx_config = apimethod_get_open_threat_exchange_config() if success: if otx_config["token"]: try: otx = OTXv2(key=otx_config["token"]) #Checking that the key is an valid OTX v2 if otx_config["key_version"] < "2": monitor_data['old_otx_key'] = True otx.download_pulses() except Exception, err: logger.error("Cannot Download Pulses: %s" % str(err)) monitor_data['pulses_download_fail'] = True
def add_server(server_ip, password): """ Add a new system. """ if not is_valid_ipv4(server_ip): return False, "Invalid IP format: %s" % server_ip (success, local_system_id) = get_system_id_from_local() if not success: return success, "Error retrieving the local system id" (success, response) = ansible_add_system(local_system_id=local_system_id, remote_system_ip=server_ip, password=password) if not success: return success, "Cannot add the server to the system" trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-add-server") if not trigger_success: api_log.error(msg) (success, response) = get_remote_server_id_from_server_ip(server_ip) return (success, response)
def make_backup_in_all_systems(backup_type): """ Make the backup for: - Local system - All connected remote sensors return True if all the backups finished successfully, False otherwise """ result, systems = get_systems(system_type='Sensor', directly_connected=True) if not result: notifier.error("An error occurred while making the Backup " + "[%s]. Cant' retrieve the systems " % backup_type) return False result, local_system_id = get_system_id_from_local() if not result: notifier.error("An error occurred while making the Backup " + "[%s]. Cant' retrieve the systems " % backup_type) return False system_ids = [x[0] for x in systems] if local_system_id not in system_ids: system_ids.append(local_system_id) all_backups_ok = True for system_id in system_ids: success, msg = make_system_backup(system_id=system_id, backup_type=backup_type, rotate=True) if not success: all_backups_ok = False return all_backups_ok
def monitor_download_pulses_ha(): """Monitor for new pulses (HA Environments) Returns: True if successful, False otherwise """ rt = False ha_enabled = False try: is_otx_enabled = apimethod_is_otx_enabled() if is_otx_enabled is True: system_id = get_system_id_from_local()[1] success, system_info = system_status(system_id) if success is False: APICannotRetrieveSystems() if 'ha_status' in system_info and system_info['ha_status'] == 'up': logger.info("Monitor MonitorDownloadPulses [HA] started") ha_enabled = True monitor = MonitorDownloadPulses() rt = monitor.start() except: rt = False if ha_enabled is True: logger.info("Monitor MonitorDownloadPulses [HA] stopped") return rt
def put_passfile_scenario1_restore(): result, system_id = get_system_id_from_local() if not result: raise KeyboardInterrupt() base_path = "/var/alienvault/%s/ossec/" % system_id pass_file = base_path + "agentless/.passlist" pass_file_backup = base_path + "agentless/.passlist.bk" remotely_restore_file(ossim_setup.get_general_admin_ip(), pass_file_backup, pass_file) remotely_remove_file(ossim_setup.get_general_admin_ip(), pass_file_backup)
def get_plugin_package_info_local(): """ Get the alienvault-plugin-sids version from local system """ (success, system_id) = get_system_id_from_local() if success: result = get_plugin_package_info_from_system_id(system_id) else: api_log.error(str(system_id)) result = (False, "Can't get plugins version/md5 information for local system") return result
def get_base_path_from_sensor_id(sensor_id): if sensor_id == 'local': rt, system_id = get_system_id_from_local() if not rt: return False, "Can't retrieve the system id" return True, get_base_path_from_system_id(system_id) rt, system_id = get_system_id_from_sensor_id(sensor_id) if not rt: return False, "Can't retrieve the system id" return True, get_base_path_from_system_id(system_id)
def add_ha_system(system_ip, password, add_to_database=True): """ Add an HA system using system ip. Args: system_ip (str): IP address of the system to add to HA password (str): root password of the system to add Returns: success (bool): True if OK, False elsewhere response (str): Result message """ # Get local IP (success, local_system_id) = get_system_id_from_local() if not success: error_msg = "[add_ha_system] Something wrong happened retrieving " + \ "the local system id" return success, error_msg # Exchange certificates (success, response) = ansible_add_system(local_system_id=local_system_id, remote_system_ip=system_ip, password=password) if not success: api_log.error(response) return success, "Something wrong happened adding the system" # Get remote system info (success, system_info) = ansible_get_system_info(system_ip) if not success: api_log.error(system_info) return success, "Something wrong happened getting the system info" # Insert system into the database if not system_info['admin_ip']: system_info['admin_ip'] = system_ip if add_to_database: profile_str = ','.join(system_info['profile']) (success, msg) = db_add_system(system_id=system_info['system_id'], name=system_info['hostname'], admin_ip=system_info['admin_ip'], vpn_ip=system_info['vpn_ip'], profile=profile_str, server_id=system_info['server_id'], sensor_id=system_info['sensor_id']) if not success: api_log.error(msg) error_msg = "Something wrong happened inserting " + \ "the system into the database" return (False, error_msg) return success, response
def insert_current_status_message(message_id, component_id, component_type, additional_info=None, replace=False): """Inserts a new notification on the system. The related message id should exists. Args: message_id (str:uuid string): Message id related with the notification component_id(str:uuid string): Component id related with the notification (Could be none for external messages) component_type(str): Component type. Allowed values: ('net','host','user','sensor','server','system','external') additional_info (str:json): Additional information you want to store. Returns: success(bool): True if the operation went well, False otherwise msg(str): A message string that will contain some kind of information in case of error""" if component_id == "local": success, component_id = get_system_id_from_local() if not success: return False, "Cannot retrieve the local system id" return db_insert_current_status_message(message_id, component_id, component_type, additional_info, replace)
def add_sensor(sensor_id, password): """ Add the system for sensor_id """ (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id) if not success: return (False, system_ip) (success, local_system_id) = ret = get_system_id_from_local() if not success: return ret (success, response) = ansible_add_system(local_system_id=local_system_id, remote_system_ip=system_ip, password=password) return (success, response)
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: return success, "Error: Can not retrieve the local system id. %s" %str(local_system_id) if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id): return False, "Error: You're trying to remove the local system, which it's not allowed" (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: return success, "Error retrieving the system ip for the system id %s -> %s" % (system_ip, str(system_ip)) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: return success, "Error while removing the system from the database: %s" % str(msg) # 2 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return success, "Error while removing the remote certificates: %s" % str(msg) # 3 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: return success, "Error while getting the local ip: %s" % str(local_ip) success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Error while removing the local certificates: %s" % str(msg) # 4 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: return False, "An error occurred while removing the system from the ansible inventory file: %s" % str(aim_error) # 5 - Try to connect to the child and remove the parent using it's server_id success, own_server_id = get_server_id_from_local() if not success: return success, "Error while retrieving server_id from local: %s" % str(msg) success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: return success, "Error while deleting parent server in child: %s" % str(msg) return True, ""
def add_server(server_ip, password): """ Add a new system. """ if not is_valid_ipv4(server_ip): return False, "Invalid IP format: %s" % server_ip (success, local_system_id) = get_system_id_from_local() if not success: return success, "Error retrieving the local system id" (success, response) = ansible_add_system(local_system_id=local_system_id, remote_system_ip=server_ip, password=password) if not success: return success, "Cannot add the server to the system" (success, response) = get_remote_server_id_from_server_ip(server_ip) return (success, response)
def make_backup_in_all_systems(backup_type): """ Make the backup for: - Local system - All connected remote sensors return True if all the backups finished successfully, False otherwise """ result, systems = get_systems(system_type='Sensor', directly_connected=True) if not result: notifier.error( "An error occurred while making the Backup [%s]. Cant' retrieve the systems " % backup_type) return False result, local_system_id = get_system_id_from_local() if not result: notifier.error( "An error occurred while making the Backup [%s]. Cant' retrieve the system ID" % backup_type) return False system_ids = [x[0] for x in systems] if local_system_id not in system_ids: system_ids.append(local_system_id) # Get server ip in case of distributed deployment (Because only server has the UI / possibility to set backup_pass) success, server_ip = get_system_ip_from_system_id(local_system_id) if not success: return False all_backups_ok = True backup_config_pass = ansible_get_backup_config_pass(server_ip) for system_id in system_ids: success, msg = make_system_backup(system_id=system_id, backup_type=backup_type, rotate=True, backup_pass=backup_config_pass) if not success: all_backups_ok = False return all_backups_ok
def get_base_path_from_server_id(server_id): """ Get base path from server ID Args: server_id (str): Server ID Returns: String with the corresponding base path """ if server_id == 'local': rt, system_id = get_system_id_from_local() if not rt: return False, "Can't retrieve the system id" return True, get_base_path_from_system_id(system_id) rt, system_id = get_system_id_from_server_id(server_id) if not rt: return False, "Can't retrieve the system id for server id %s: %s" % (server_id, system_id) return True, get_base_path_from_system_id(system_id)
def start(self): """ Start monitor. Connect to database is local """ (success, system_id) = get_system_id_from_local() if not success: api_log.error("Can't get local system_id") return False self.remove_monitor_data() # OSSIM must not tell to migrate the DB rc, pro = system_is_professional(system_id) if not pro: return True (success, result) = check_any_innodb_tables() mresult = False if success: if len(result) > 0: # I need the component ID # (success, result) = insert_current_status_message("00000000-0000-0000-0000-000000010017", # system_id, "system", str(result)) self.save_data( system_id, ComponentTypes.SYSTEM, self.get_json_message({ "has_innodb": True, "innodb_tables": result })) if not success: api_log.error("Can't insert notification into system: %s" % str(result)) mresult = False else: mresult = True else: mresult = True # No messages to insert else: api_log.error("Can't check current database engine") mresult = False return mresult
def get_base_path_from_server_id(server_id): """ Get base path from server ID Args: server_id (str): Server ID Returns: String with the corresponding base path """ if server_id == 'local': rt, system_id = get_system_id_from_local() if not rt: return False, "Can't retrieve the system id" return True, get_base_path_from_system_id(system_id) rt, system_id = get_system_id_from_server_id(server_id) if not rt: return False, "Can't retrieve the system id for server id %s: %s" % ( server_id, system_id) return True, get_base_path_from_system_id(system_id)
def get_system(self): _, system_id = get_system_id_from_local() system_id_bin = get_bytes_from_uuid(system_id) system_info = db.session.query( System.name, System.admin_ip, System.vpn_ip, System.ha_ip ).filter(System.id == system_id_bin).one() system_name = system_info[0] system_admin_ip = get_ip_str_from_bytes(system_info[1]) system_vpn_ip = get_ip_str_from_bytes(system_info[2]) system_ha_ip = get_ip_str_from_bytes(system_info[3]) return self._system_constructor( system_id, system_name, system_admin_ip, system_vpn_ip, system_ha_ip )
def get_local_info(): """ Get all the information available about the local system. """ success, local_system_id = get_system_id_from_local() if not success: error_msg = "Something wrong happened retrieving " + \ "the local system id" return success, error_msg success, system_data = get_all() if not success: error_msg = "Something wrong happened retrieving " + \ "the system info" return success, error_msg if local_system_id in system_data: return True, system_data[local_system_id] else: error_msg = "Something wrong happened retrieving " + \ "the local system info" return False, error_msg
def start(self): """ Start monitor. Connect to database is local """ (success, system_id) = get_system_id_from_local() if not success: api_log.error("Can't get local system_id") return False self.remove_monitor_data() # OSSIM must not tell to migrate the DB rc, pro = system_is_professional(system_id) if not pro: return True (success, result) = check_any_innodb_tables() mresult = False if success: if len(result) > 0: # I need the component ID # (success, result) = insert_current_status_message("00000000-0000-0000-0000-000000010017", # system_id, "system", str(result)) self.save_data(system_id, ComponentTypes.SYSTEM, self.get_json_message({"has_innodb": True, "innodb_tables": result})) if not success: api_log.error("Can't insert notification into system: %s" % str(result)) mresult = False else: mresult = True else: mresult = True # No messages to insert else: api_log.error("Can't check current database engine") mresult = False return mresult
def put_passfile_scenario2_prepare(): raw_file="""[email protected]|mypasss123|""" result, system_id = get_system_id_from_local() if not result: raise KeyboardInterrupt() base_path = "/var/alienvault/%s/ossec/" % system_id pass_file = base_path + "agentless/.passlist" pass_file_backup = base_path + "agentless/.passlist.bk" ossec_pass_file = "/var/ossec/agentless/.passlist" ossec_pass_file_backup = "/var/ossec/agentless/.passlist.bk" remotely_backup_file(ossim_setup.get_general_admin_ip(),pass_file, pass_file_backup) remotely_remove_file(ossim_setup.get_general_admin_ip(), pass_file) remotely_backup_file(ossim_setup.get_general_admin_ip(),ossec_pass_file, ossec_pass_file_backup) remotely_remove_file(ossim_setup.get_general_admin_ip(), ossec_pass_file) f = open(pass_file,"w") f.write(raw_file) f.close()
def put_passfile_scenario2_prepare(): raw_file = """[email protected]|mypasss123|""" result, system_id = get_system_id_from_local() if not result: raise KeyboardInterrupt() base_path = "/var/alienvault/%s/ossec/" % system_id pass_file = base_path + "agentless/.passlist" pass_file_backup = base_path + "agentless/.passlist.bk" ossec_pass_file = "/var/ossec/agentless/.passlist" ossec_pass_file_backup = "/var/ossec/agentless/.passlist.bk" remotely_backup_file(ossim_setup.get_general_admin_ip(), pass_file, pass_file_backup) remotely_remove_file(ossim_setup.get_general_admin_ip(), pass_file) remotely_backup_file(ossim_setup.get_general_admin_ip(), ossec_pass_file, ossec_pass_file_backup) remotely_remove_file(ossim_setup.get_general_admin_ip(), ossec_pass_file) f = open(pass_file, "w") f.write(raw_file) f.close()
def update_newest_plugin_sids(): """ Update plugins in the local system """ result = False emsg = '' try: # Get the local system_id result, local_system_id = get_system_id_from_local() if not result: raise Exception("Can't obtain the local system_id") remote_system_id, md5 = get_newest_plugin_system() if remote_system_id is None or local_system_id == remote_system_id: raise Exception('Nothing to update') result, emsg = get_plugin_sids_package(remote_system_id, md5) if not result: raise Exception(emsg) result = True emsg = 'System update correctly' except Exception as excep: result = False emsg = str(excep) return (result, emsg)
def get_sensor_by_sensor_id(sensor_id): """Returns a Sensor object given a Sensor ID""" try: # Getting Sensor ID for local system if sensor_id.lower() == 'local': (success, system_id) = get_system_id_from_local() if not success: raise APICannotResolveLocalSystemID() (success, local_sensor_id) = get_sensor_id_from_system_id(system_id) if success and local_sensor_id: sensor_id = local_sensor_id if not is_valid_uuid(sensor_id): raise APICannotResolveSensorID(sensor_id) # Getting sensor information success = True sensor_id_bin = get_bytes_from_uuid(sensor_id.lower()) data = db.session.query(Sensor).filter( Sensor.id == sensor_id_bin).one() except NoResultFound: success = False data = "No sensor found with the given ID" except MultipleResultsFound: success = False data = "More than one sensor found with the given ID" except Exception as ex: db.session.rollback() success = False data = "Something wrong happen while retrieving the sensor {0}".format( ex) return success, data
def make_backup_in_all_systems(backup_type): """ Make the backup for: - Local system - All connected remote sensors return True if all the backups finished successfully, False otherwise """ result, systems = get_systems(system_type='Sensor', directly_connected=True) if not result: notifier.error("An error occurred while making the Backup [%s]. Cant' retrieve the systems " % backup_type) return False result, local_system_id = get_system_id_from_local() if not result: notifier.error("An error occurred while making the Backup [%s]. Cant' retrieve the system ID" % backup_type) return False system_ids = [x[0] for x in systems] if local_system_id not in system_ids: system_ids.append(local_system_id) # Get server ip in case of distributed deployment (Because only server has the UI / possibility to set backup_pass) success, server_ip = get_system_ip_from_system_id(local_system_id) if not success: return False all_backups_ok = True backup_config_pass = ansible_get_backup_config_pass(server_ip) for system_id in system_ids: success, msg = make_system_backup(system_id=system_id, backup_type=backup_type, rotate=True, backup_pass=backup_config_pass) if not success: all_backups_ok = False return all_backups_ok
except Exception, msg: app.logger.warning("Error loading messages in database") # Log permissions try: if os.path.isdir("/var/log/alienvault/api"): for api_logfile in os.listdir("/var/log/alienvault/api"): os.chmod("/var/log/alienvault/api/%s" % api_logfile, 0644) except Exception as e: pass # Purge celery-once references from redis from celery_once.helpers import queue_once_key from celery_once.tasks import QueueOnce from db.methods.system import get_system_id_from_local system_id = get_system_id_from_local()[1] args = {'system_id': u'%s' % system_id} task_name = "celerymethods.tasks.backup_tasks.backup_configuration_for_system_id" key = queue_once_key(task_name, args, None) aux = QueueOnce() aux.clear_lock(key) # This is the recommended way of packaging a Flask app. # This seems to be a hack to avoid circulat imports. # See http://flask.pocoo.org/docs/patterns/packages/ import api.views # (Keep pyflakes quiet) views login_manager.login_view = "auth.login"
def add_system_from_ip(system_ip, password, add_to_database=True): """ Add a new system usign system ip. """ (success, local_system_id) = get_system_id_from_local() if not success: return success, "Something wrong happened retrieving the local system id" (success, response) = ansible_add_system(local_system_id=local_system_id, remote_system_ip=system_ip, password=password) if not success: api_log.error(response) return success, response (success, system_info) = ansible_get_system_info(system_ip) if not success: api_log.error(system_info) return success, "Something wrong happened getting the system info" sensor_id = None if 'server' in system_info['profile']: # - Do not add the child server when I'm myself if system_info['server_id'] != local_system_id: success, msg = add_child_server(system_ip, system_info['server_id']) if not success: api_log.error(str(msg)) return False, "Something wrong happened setting the child server" if 'sensor' in system_info['profile']: if 'server' in system_info['profile'] and system_info['sensor_id']: # sensor and sensor profiles come with its own sensor_id sensor_id = system_info['sensor_id'] else: # get sensor_id from ip sensor_ip = system_ip if system_info['vpn_ip']: sensor_ip = system_info['vpn_ip'] (success, sensor_id) = get_sensor_id_from_sensor_ip(sensor_ip) if not success: api_log.error(str(sensor_id)) sensor_id = None system_info['sensor_id'] = sensor_id if not system_info['admin_ip']: system_info['admin_ip'] = system_ip if add_to_database: profile_str = ','.join(system_info['profile']) (success, msg) = db_add_system(system_id=system_info['system_id'], name=system_info['hostname'], admin_ip=system_info['admin_ip'], vpn_ip=system_info['vpn_ip'], profile=profile_str, server_id=system_info['server_id'], sensor_id=system_info['sensor_id']) if not success: api_log.error(msg) return (False, "Something wrong happened inserting the system into the database") (success, msg) = create_directory_for_ossec_remote(system_info['system_id']) if not success: api_log.error(msg) return (False, msg) return (True, system_info)
api_log.info(info_msg) # Check first line of sync.sql file for mySQL restart option f.seek(0, 0) restart_db = "RESTART OSSIM-SERVER" in f.readline() # Restart SQL server if needed if restart_db: try: restart_ossim_server(local_ip) except Exception, err: error_msg = "An error occurred while restarting " + \ "MySQL server: %s" % str(err) return False, error_msg # Check server_forward_role and generate sync.sql (success, local_id) = get_system_id_from_local() if success and has_forward_role(local_id): try: generate_sync_sql(local_ip, restart_db) except Exception, err: error_msg = "An error occurred while generating " + \ "sync.sql file: %s" % str(err) return False, error_msg return True, "[Apimethod sync_database_from_child] SQL sync successful" @use_cache(namespace="system_packages", expire=84600) def apimethod_get_update_info(system_id, no_cache=False): """Retrieves the system update information Args:
def start(self): """ Starts the monitor activity """ try: # Remove the previous monitor data. self.remove_monitor_data() monitor_data = {} success, system_id = get_system_id_from_local() if not success: return False # Now now = int(time.time()) # Firstly, wizard data! wizard_dict = {} success, start_welcome_wizard, welcome_wizard_date = get_wizard_data( ) if not success: api_log.error("There was an error retrieving the wizard data") wizard_shown = True if start_welcome_wizard == 2: # if difference between now and welcome_wizard_date is less # than a week, display message if (now - welcome_wizard_date) < 420: wizard_shown = False wizard_dict['wizard_shown'] = wizard_shown monitor_data[ self.__WEB_MESSAGES['MESSAGE_WIZARD_SHOWN']] = wizard_dict # Time to look for orphan sensors orphan_sensors_dict = {} success, message = check_any_orphan_sensor() orphan_sensors = False if not success: api_log.error(message) orphan_sensors = True orphan_sensors_dict['orphan_sensors'] = orphan_sensors monitor_data[self.__WEB_MESSAGES[ 'MESSAGE_SENSOR_NOT_INSERTED']] = orphan_sensors_dict # Has the trial version expired? success, expires, message = get_trial_expiration_date() trial_expired = False trial_expires_7days = False trial_expires_2days = False if not success: rc, pro = system_is_professional() if rc: if pro: # OK, we have an error here api_log.error(message) else: pass else: # expire=9999-12-31 expiration_date = expires.split('=')[1] if expiration_date: mktime_expression = datetime.datetime.strptime( expiration_date, "%Y-%m-%d").timetuple() expires = int(time.mktime(mktime_expression)) one_week_left = now - 604800 two_days_left = now - 172800 if expires < one_week_left: trial_expires_7days = True elif expires < two_days_left: trial_expires_2days = True elif expires < now: trial_expired = True else: pass else: if os.path.isfile("/etc/ossim/ossim.lic"): api_log.warning( "Valid license but no web admin user found!") else: api_log.debug( "Expiration date can't be determined: License file not found" ) monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRED"]] = { 'trial_checked': success, 'trial_expired': trial_expired } monitor_data[ self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_7DAYS"]] = { 'trial_checked': success, 'trial_expired': trial_expires_7days } monitor_data[ self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_2DAYS"]] = { 'trial_checked': success, 'trial_expired': trial_expires_2days } # Check max number of assets assets = len(get_asset_list()) contracted_devices = get_license_devices() over_assets = False exceeding_assets = 0 #if assets > contracted_devices: # exceeding_assets = assets - contracted_devices # over_assets = True monitor_data[self.__WEB_MESSAGES["MESSAGE_LICENSE_VIOLATION"]] = { 'over_assets': over_assets, 'exceeding_assets': exceeding_assets } # OTX contribution otx_enabled = apimethod_is_otx_enabled() monitor_data[self.__WEB_MESSAGES["MESSAGE_OTX_CONNECTION"]] = { 'otx_enabled': otx_enabled } # Backup in progress? success, running, message = check_backup_process_running() if not success: api_log.error(message) monitor_data[self.__WEB_MESSAGES["MESSAGE_BACKUP_RUNNING"]] = { 'backup_check': success, 'backup_running': running } # Save monitor data self.save_data(system_id, ComponentTypes.SYSTEM, self.get_json_message(monitor_data)) except Exception as err: api_log.error( "Error processing WebUIData monitor information: %s" % str(err)) return False return True
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: error_msg = "Cannot retrieve the " + \ "local system id. %s" % str(local_system_id) return success, error_msg if system_id == 'local' or get_hex_string_from_uuid( local_system_id) == get_hex_string_from_uuid(system_id): error_msg = "You're trying to remove the local system, " + \ "which it's not allowed" return False, error_msg (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: error_msg = "Cannot retrieve the system ip " + \ "for the given system-id %s" % (str(system_ip)) return success, error_msg # Check whether the remote system is reachable or not: try: remote_system_is_reachable = ping_system(system_id, no_cache=True) except APIException: remote_system_is_reachable = False # We need to take the sensor_id from the database before removing it from the db (success_f, sensor_id) = get_sensor_id_from_system_id(system_id) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: error_msg = "Cannot remove the system " + \ "from the database <%s>" % str(msg) return success, error_msg # 2 - Remove the firewall rules. if success_f: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-sensor") if not trigger_success: api_log.error(msg) else: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-server") if not trigger_success: api_log.error(msg) # 3 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return (success, # "Error while removing the remote certificates: %s" % str(msg)) # 4 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: error_msg = "Cannot retrieve the local ip " + \ "<%s>" % str(local_ip) return success, error_msg #Remove remote system certificates on the local system success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Cannot remove the local certificates <%s>" % str(msg) # 5 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: error_msg = "Cannot remove the system from the " + \ "ansible inventory file " + \ "<%s>" % str(aim_error) return False, error_msg # 6 - Try to connect to the child and remove the parent # using it's server_id success, own_server_id = get_server_id_from_local() if not success: error_msg = "Cannot retrieve the server-id " + \ "from local <%s>" % str(msg) return success, error_msg if remote_system_is_reachable: success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: error_msg = "Cannot delete parent server in child <%s>" % str(msg) return success, error_msg return True, "" msg = "The remote system is not reachable. " + \ "We had not been able to remove the parent configuration" return True, msg
def add_system_from_ip(system_ip, password, add_to_database=True): """ Add a new system using system ip. """ (success, local_system_id) = get_system_id_from_local() if not success: error_msg = "Something wrong happened retrieving " + \ "the local system id" return success, error_msg (success, response) = ansible_add_system(local_system_id=local_system_id, remote_system_ip=system_ip, password=password) if not success: api_log.error(response) return success, response (success, system_info) = ansible_get_system_info(system_ip) if not success: api_log.error(system_info) return success, "Something wrong happened getting the system info" sensor_id = None if 'server' in system_info['profile']: # - Do not add the child server when I'm myself if system_info['server_id'] != local_system_id: success, msg = add_child_server(system_ip, system_info['server_id']) if not success: api_log.error(str(msg)) error_msg = "Something wrong happened setting the child server" return False, error_msg if 'sensor' in system_info['profile']: if 'server' in system_info['profile'] and system_info['sensor_id']: # sensor and sensor profiles come with its own sensor_id sensor_id = system_info['sensor_id'] else: # get sensor_id from ip sensor_ip = system_ip if system_info['vpn_ip']: sensor_ip = system_info['vpn_ip'] (success, sensor_id) = get_sensor_id_from_sensor_ip(sensor_ip) if not success: api_log.error(str(sensor_id)) sensor_id = None system_info['sensor_id'] = sensor_id if not system_info['admin_ip']: system_info['admin_ip'] = system_ip if system_info['admin_ip'] != system_ip: # We're natted system_info['admin_ip'] = system_ip if add_to_database: profile_str = ','.join(system_info['profile']) (success, msg) = db_add_system(system_id=system_info['system_id'], name=system_info['hostname'], admin_ip=system_info['admin_ip'], vpn_ip=system_info['vpn_ip'], profile=profile_str, server_id=system_info['server_id'], sensor_id=system_info['sensor_id']) if not success: api_log.error(msg) error_msg = "Something wrong happened inserting " + \ "the system into the database" return (False, error_msg) else: result, _ = get_system_ip_from_system_id(system_info['system_id']) if not result: error_msg = "System was not inserted, cannot continue" return (False, error_msg) # Now that the system is in the database, check if it is a server and # open the firewall, if it is required. if 'server' in system_info['profile']: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-add-server") if not trigger_success: api_log.error(msg) (success, msg) = create_directory_for_ossec_remote(system_info['system_id']) if not success: api_log.error(msg) return (False, msg) return (True, system_info)
def apimethod_delete_system(system_id): success, local_system_id = get_system_id_from_local() if not success: error_msg = "Cannot retrieve the " + \ "local system id. %s" % str(local_system_id) return success, error_msg if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id): error_msg = "You're trying to remove the local system, " + \ "which it's not allowed" return False, error_msg (success, system_ip) = get_system_ip_from_system_id(system_id) if not success: error_msg = "Cannot retrieve the system ip " + \ "for the given system-id %s" % (str(system_ip)) return success, error_msg # Check whether the remote system is reachable or not: try: remote_system_is_reachable = ping_system(system_id, no_cache=True) except APIException: remote_system_is_reachable = False # We need to take the sensor_id from the database before removing it from the db (success_f, sensor_id) = get_sensor_id_from_system_id(system_id) # 1 - Remove it from the database success, msg = db_remove_system(system_id) if not success: error_msg = "Cannot remove the system " + \ "from the database <%s>" % str(msg) return success, error_msg # 2 - Remove the firewall rules. if success_f: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-sensor") if not trigger_success: api_log.error(msg) else: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-del-server") if not trigger_success: api_log.error(msg) # 3 - Remove the remote certificates # success, msg = ansible_remove_certificates(system_ip) # if not success: # return (success, # "Error while removing the remote certificates: %s" % str(msg)) # 4 - Remove the local certificates and keys success, local_ip = get_system_ip_from_local() if not success: error_msg = "Cannot retrieve the local ip " + \ "<%s>" % str(local_ip) return success, error_msg #Remove remote system certificates on the local system success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id) if not success: return success, "Cannot remove the local certificates <%s>" % str(msg) # 5 - Remove it from the ansible inventory. try: aim = AnsibleInventoryManager() aim.delete_host(system_ip) aim.save_inventory() del aim except Exception as aim_error: error_msg = "Cannot remove the system from the " + \ "ansible inventory file " + \ "<%s>" % str(aim_error) return False, error_msg # 6 - Try to connect to the child and remove the parent # using it's server_id success, own_server_id = get_server_id_from_local() if not success: error_msg = "Cannot retrieve the server-id " + \ "from local <%s>" % str(msg) return success, error_msg if remote_system_is_reachable: success, msg = ansible_delete_parent_server(system_ip, own_server_id) if not success: error_msg = "Cannot delete parent server in child <%s>" % str(msg) return success, error_msg return True, "" msg = "The remote system is not reachable. " + \ "We had not been able to remove the parent configuration" return True, msg
def add_system_from_ip(system_ip, password, add_to_database=True): """ Add a new system using system ip. """ (success, local_system_id) = get_system_id_from_local() if not success: error_msg = "Something wrong happened retrieving " + \ "the local system id" return success, error_msg (success, response) = ansible_add_system(local_system_id=local_system_id, remote_system_ip=system_ip, password=password) if not success: api_log.error(response) return success, response (success, system_info) = ansible_get_system_info(system_ip) if not success: api_log.error(system_info) return success, "Something wrong happened getting the system info" sensor_id = None if 'server' in system_info['profile']: # - Do not add the child server when I'm myself if system_info['server_id'] != local_system_id: success, msg = add_child_server(system_ip, system_info['server_id']) if not success: api_log.error(str(msg)) error_msg = "Something wrong happened setting the child server" return False, error_msg if 'sensor' in system_info['profile']: if 'server' in system_info['profile'] and system_info['sensor_id']: # sensor and sensor profiles come with its own sensor_id sensor_id = system_info['sensor_id'] else: # get sensor_id from ip sensor_ip = system_ip if system_info['vpn_ip']: sensor_ip = system_info['vpn_ip'] (success, sensor_id) = get_sensor_id_from_sensor_ip(sensor_ip) if not success: api_log.error(str(sensor_id)) sensor_id = None system_info['sensor_id'] = sensor_id if not system_info['admin_ip']: system_info['admin_ip'] = system_ip if system_info['admin_ip'] != system_ip: # We're natted system_info['admin_ip'] = system_ip if add_to_database: profile_str = ','.join(system_info['profile']) (success, msg) = db_add_system(system_id=system_info['system_id'], name=system_info['hostname'], admin_ip=system_info['admin_ip'], vpn_ip=system_info['vpn_ip'], profile=profile_str, server_id=system_info['server_id'], sensor_id=system_info['sensor_id']) if not success: api_log.error(msg) error_msg = "Something wrong happened inserting " + \ "the system into the database" return (False, error_msg) else: result, _ = get_system_ip_from_system_id (system_info['system_id']) if not result: error_msg = "System was not inserted, cannot continue" return (False, error_msg) # Now that the system is in the database, check if it is a server and # open the firewall, if it is required. if 'server' in system_info['profile']: trigger_success, msg = fire_trigger(system_ip="127.0.0.1", trigger="alienvault-add-server") if not trigger_success: api_log.error(msg) (success, msg) = create_directory_for_ossec_remote(system_info['system_id']) if not success: api_log.error(msg) return (False, msg) return (True, system_info)
def start(self): """ Starts the monitor activity """ try: # Remove the previous monitor data. self.remove_monitor_data() monitor_data = {} success, system_id = get_system_id_from_local() if not success: return False # Now now = int(time.time()) # Firstly, wizard data! wizard_dict = {} success, start_welcome_wizard, welcome_wizard_date = get_wizard_data() if not success: api_log.error("There was an error retrieving the wizard data") wizard_shown = True if start_welcome_wizard == 2: # if difference between now and welcome_wizard_date is less # than a week, display message if (now - welcome_wizard_date) < 420: wizard_shown = False wizard_dict['wizard_shown'] = wizard_shown monitor_data[self.__WEB_MESSAGES['MESSAGE_WIZARD_SHOWN']] = wizard_dict # Time to look for orphan sensors orphan_sensors_dict = {} success, message = check_any_orphan_sensor() orphan_sensors = False if not success: api_log.error(message) orphan_sensors = True orphan_sensors_dict['orphan_sensors'] = orphan_sensors monitor_data[self.__WEB_MESSAGES['MESSAGE_SENSOR_NOT_INSERTED']] = orphan_sensors_dict # Has the trial version expired? success, expires, message = get_trial_expiration_date() trial_expired = False trial_expires_7days = False trial_expires_2days = False if not success: rc, pro = system_is_professional() if rc: if pro: # OK, we have an error here api_log.error(message) else: pass else: # expire=9999-12-31 expiration_date = expires.split('=')[1] if expiration_date: mktime_expression = datetime.datetime.strptime(expiration_date, "%Y-%m-%d").timetuple() expires = int(time.mktime(mktime_expression)) one_week_left = now - 604800 two_days_left = now - 172800 if expires < one_week_left: trial_expires_7days = True elif expires < two_days_left: trial_expires_2days = True elif expires < now: trial_expired = True else: pass else: if os.path.isfile("/etc/ossim/ossim.lic"): api_log.warning("Valid license but no web admin user found!") else: api_log.debug("Expiration date can't be determined: License file not found") monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRED"]] = {'trial_checked': success, 'trial_expired': trial_expired} monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_7DAYS"]] = {'trial_checked': success, 'trial_expired': trial_expires_7days} monitor_data[self.__WEB_MESSAGES["MESSAGE_TRIAL_EXPIRES_2DAYS"]] = {'trial_checked': success, 'trial_expired': trial_expires_2days} # Check max number of assets assets = len(get_asset_list()) contracted_devices = get_license_devices() over_assets = False exceeding_assets = 0 #if assets > contracted_devices: # exceeding_assets = assets - contracted_devices # over_assets = True monitor_data[self.__WEB_MESSAGES["MESSAGE_LICENSE_VIOLATION"]] = {'over_assets': over_assets, 'exceeding_assets': exceeding_assets} # OTX contribution otx_enabled = apimethod_is_otx_enabled() monitor_data[self.__WEB_MESSAGES["MESSAGE_OTX_CONNECTION"]] = {'otx_enabled': otx_enabled} # Backup in progress? success, running, message = check_backup_process_running() if not success: api_log.error(message) monitor_data[self.__WEB_MESSAGES["MESSAGE_BACKUP_RUNNING"]] = {'backup_check': success, 'backup_running': running} # Save monitor data self.save_data(system_id, ComponentTypes.SYSTEM, self.get_json_message(monitor_data)) except Exception as err: api_log.error("Error processing WebUIData monitor information: %s" % str(err)) return False return True
except Exception, msg: app.logger.warning("Error loading messages in database") # Log permissions try: if os.path.isdir("/var/log/alienvault/api"): for api_logfile in os.listdir("/var/log/alienvault/api"): os.chmod("/var/log/alienvault/api/%s" % api_logfile, 0644) except Exception as e: pass # Purge celery-once references from redis from celery_once.helpers import queue_once_key from celery_once.tasks import QueueOnce from db.methods.system import get_system_id_from_local system_id=get_system_id_from_local()[1] args={'system_id' : u'%s' % system_id} task_name = "celerymethods.tasks.backup_tasks.backup_configuration_for_system_id" key = queue_once_key(task_name, args, None) aux = QueueOnce() aux.clear_lock(key) # This is the recommended way of packaging a Flask app. # This seems to be a hack to avoid circulat imports. # See http://flask.pocoo.org/docs/patterns/packages/ import api.views # (Keep pyflakes quiet) views login_manager.login_view = "auth.login"