def deploy_conf(self):
with self.get_tmp_dir(self.pk) as tmp_dir:
with open(tmp_dir + "broctl_cfg.conf", 'w', encoding='utf_8') as f:
f.write(self.configuration.broctl_cfg_text.replace('\r', ''))
with open(tmp_dir + "node_cfg.conf", 'w', encoding='utf_8') as f:
f.write(self.configuration.node_cfg_text.replace('\r', ''))
with open(tmp_dir + "networks_cfg.conf", 'w', encoding='utf_8') as f:
f.write(self.configuration.networks_cfg_text.replace('\r', ''))
with open(tmp_dir + "local_bro.conf", 'w', encoding='utf_8') as f:
f.write(self.configuration.local_bro_text.replace('\r', ''))
deploy = True
errors = list()
response = dict()
try:
response = execute_copy(self.server, src=os.path.abspath(tmp_dir + 'broctl_cfg.conf'),
dest=self.configuration.broctl_cfg, become=True)
response = execute_copy(self.server, src=os.path.abspath(tmp_dir + 'node_cfg.conf'),
dest=self.configuration.node_cfg, become=True)
response = execute_copy(self.server, src=os.path.abspath(tmp_dir + 'networks_cfg.conf'),
dest=self.configuration.networks_cfg, become=True)
response = execute_copy(self.server, src=os.path.abspath(tmp_dir + 'local_bro.conf'),
dest=self.configuration.local_bro, become=True)
response = execute_copy(self.server, src=os.path.abspath(settings.BASE_DIR + '/bro/default-intel.bro'),
dest=self.configuration.policydir + 'site/intel.bro', become=True)
self.reload()
except Exception as e: # pragma: no cover
logger.exception('deploy conf failed')
deploy = False
errors.append(str(e))
logger.debug("output : " + str(response))
if deploy:
return {'status': deploy}
else: # pragma: no cover
return {'status': deploy, 'errors': errors}
def deploy_rules(self):
deploy = True
tmpdir = settings.BASE_DIR + "/tmp/" + self.name + "/"
if not os.path.exists(tmpdir):
os.makedirs(tmpdir)
# Rules
value = ""
for ruleset in self.rulesets.all():
for rule in ruleset.rules.all():
if rule.enabled:
value += rule.rule_full + os.linesep
f = open(tmpdir + "temp.rules", 'w', encoding='utf_8')
f.write(value)
f.close()
# Decoders
value = ""
for ruleset in self.rulesets.all():
for decoder in ruleset.decoders.all():
if decoder.enabled:
value += decoder.rule_full + os.linesep
f = open(tmpdir + "temp.decoders", 'w', encoding='utf_8')
f.write(value)
f.close()
# write files
try:
response_rules = execute_copy(
self.server,
src=tmpdir + 'temp.rules',
dest=self.configuration.conf_rules_file,
become=True)
response_decoders = execute_copy(
self.server,
src=tmpdir + 'temp.decoders',
dest=self.configuration.conf_decoders_file,
become=True)
logger.debug("output : " + str(response_rules) + " - " +
str(response_decoders))
except Exception as e:
logger.error(e)
deploy = False
# clean
if os.path.isfile(tmpdir + 'temp.rules'):
os.remove(tmpdir + "temp.rules")
if os.path.isfile(tmpdir + 'temp.decoders'):
os.remove(tmpdir + "temp.decoders")
if deploy:
self.rules_updated_date = timezone.now()
self.save()
return deploy
def test_execute_become(self):
server = Server.get_by_id(1)
self.assertEqual(execute(server, {'test_hostame': "hostname"}, become=True),
{'test_hostame': 'test-travis'})
self.assertIn('ssh.service', execute(server, {'test_status': "service ssh status"}, become=True)['test_status'])
server.become_pass = None
server.save()
with self.assertRaises(Exception):
execute(server, {'test_hostame': "hostname"}, become=True)
server.become = False
server.save()
with self.assertRaises(Exception):
execute(server, {'test_hostame': "hostname"}, become=True)
with self.assertRaises(Exception):
execute_copy(server, src=settings.ROOT_DIR + '/LICENSE', dest='/tmp/LICENSE', become=True)
def deploy_conf(self):
errors = list()
tmpdir = settings.BASE_DIR + "/tmp/" + self.name + "/"
if not os.path.exists(tmpdir):
os.makedirs(tmpdir)
value = self.configuration.conf_file_text
f = open(tmpdir + "temp.conf", 'w', encoding='utf_8')
f.write(value)
f.close()
deploy = True
try:
response = execute_copy(self.server,
src=os.path.abspath(tmpdir + 'temp.conf'),
dest=settings.OSSEC_CONFIG,
become=True)
logger.debug("output : " + str(response))
except Exception as e:
logger.error(e)
deploy = False
errors.append(str(e))
if os.path.isfile(tmpdir + 'temp.conf'):
os.remove(tmpdir + "temp.conf")
if deploy:
return {'status': True}
else:
return {'status': deploy, 'errors': errors}
def deploy_rules(self):
deploy = True
response = dict()
errors = list()
value_signatures = ""
value_scripts = ""
for ruleset in self.rulesets.all():
for signature in ruleset.signatures.all():
if signature.enabled:
value_signatures += signature.rule_full + '\n'
for script in ruleset.scripts.all():
if script.enabled:
value_scripts += script.rule_full + '\n'
with self.get_tmp_dir(self.pk) as tmp_dir:
with open(tmp_dir + "signatures.txt", 'w', encoding='utf_8') as f:
f.write(value_signatures.replace('\r', ''))
try:
response = execute_copy(self.server, src=tmp_dir + 'signatures.txt',
dest=self.configuration.my_signatures,
become=True)
except Exception as e: # pragma: no cover
logger.exception('excecute_copy failed')
deploy = False
errors.append(str(e))
with open(tmp_dir + "scripts.txt", 'w', encoding='utf_8') as f:
f.write(value_scripts.replace('\r', ''))
try:
response = execute_copy(self.server, src=tmp_dir + 'scripts.txt',
dest=self.configuration.my_scripts,
become=True)
except Exception as e: # pragma: no cover
logger.exception('excecute_copy failed')
deploy = False
errors.append(str(e))
logger.debug("output : " + str(response))
# Deploy intels
Intel.deploy(self)
result = self.reload()
if deploy and result['status']:
self.rules_updated_date = timezone.now()
self.save()
return {"status": deploy}
else: # pragma: no cover
return {'status': deploy, 'errors': errors}
def deploy(cls, bro_instance):
deploy = True
errors = ""
response = dict()
try:
with cls.get_tmp_dir() as tmp_dir:
intel_file = cls.store(tmp_dir)
response = execute_copy(bro_instance.server, src=intel_file,
dest=bro_instance.configuration.policydir + 'site/' +
os.path.basename(intel_file),
become=True)
except Exception as e: # pragma: no cover
logger.exception('excecute_copy failed')
deploy = False
errors = str(e)
if deploy:
return {'status': deploy}
else: # pragma: no cover
return {'status': deploy, 'errors': errors + ' - ' + str(response)}
def test_execute_copy_put_become(self):
server = Server.get_by_id(1)
result = execute_copy(server, src=settings.ROOT_DIR + '/LICENSE', dest='/tmp/LICENSE', become=True)
self.assertEqual(result, {'copy': 'OK', 'mv': {'mv': 'OK'}})
def test_execute_copy_put(self):
server = Server.get_by_id(1)
result = execute_copy(server, src=settings.ROOT_DIR + '/LICENSE', dest='LICENSE')
self.assertEqual(result, {'copy': 'OK'})
with self.assertRaises(Exception):
execute_copy(server, src=settings.ROOT_DIR + '/LICENSE', dest='/')