Exemplo n.º 1
0
def update_dynamic_fields():
    """
    Executes the following functions that update dynamic field entries:

       skaldship.general.do_host_status
       skaldship.exploits.connect_exploits
    """
    response.title = "%s :: Update Dynamic Fields" % (settings.title)

    users = db(db.auth_user).select()
    userlist = []
    for user in users:
        userlist.append([user.id, user.username])

    ag = db(db.t_hosts).select(db.t_hosts.f_asset_group, distinct=True).as_list()
    asset_groups = map((lambda x: x["f_asset_group"]), ag)

    form = SQLFORM.factory(
        Field("f_exploit_link", type="boolean", default=True, label=T("Exploit linking")),
        Field("f_host_status", type="boolean", default=True, label=T("Host Service/Vuln counts")),
        Field(
            "f_asset_group",
            type="list:string",
            label=T("Asset Group"),
            requires=IS_EMPTY_OR(IS_IN_SET(asset_groups, multiple=False)),
        ),
        Field("f_taskit", type="boolean", default=auth.user.f_scheduler_tasks, label=T("Run in background task")),
    )

    from skaldship.general import do_host_status
    from skaldship.exploits import connect_exploits

    if form.accepts(request.vars, session):
        if form.vars.f_exploit_link:
            connect_exploits()
        if form.vars.f_host_status:
            if form.vars.f_taskit:
                task = scheduler.queue_task(
                    do_host_status,
                    pvars=dict(asset_group=form.vars.f_asset_group),
                    group_name=settings.scheduler_group_name,
                    sync_output=5,
                    timeout=300,  # 5 minutes
                )
                if task.id:
                    redirect(URL("tasks", "status", args=task.id))
                else:
                    resp_text = "Error submitting job: %s" % (task.errors)
            else:
                do_host_status(asset_group=form.vars.f_asset_group)
        response.flash = "Task completed!"

    elif form.errors:
        response.flash = "Error in form"

    return dict(form=form, err404=get_oreally_404(request.folder))
Exemplo n.º 2
0
def update_dynamic_fields():
    """
    Executes the following functions that update dynamic field entries:

       skaldship.hosts.do_host_status
       skaldship.exploits.connect_exploits
    """
    response.title = "%s :: Update Dynamic Fields" % (settings.title)

    users = db(db.auth_user).select()
    userlist = []
    for user in users:
        userlist.append( [ user.id, user.username ] )

    ag = db(db.t_hosts).select(db.t_hosts.f_asset_group, distinct=True).as_list()
    asset_groups = map((lambda x: x['f_asset_group']), ag)

    form = SQLFORM.factory(
        Field('f_exploit_link', type='boolean', default=True, label=T('Exploit linking')),
        Field('f_host_status', type='boolean', default=True, label=T('Host Service/Vuln counts')),
        Field('f_asset_group', type='list:string', label=T('Asset Group'), requires=IS_EMPTY_OR(IS_IN_SET(asset_groups, multiple=False))),
        Field('f_taskit', type='boolean', default=auth.user.f_scheduler_tasks, label=T('Run in background task')),
    )

    from skaldship.hosts import do_host_status
    from skaldship.exploits import connect_exploits
    if form.accepts(request.vars, session):
        if form.vars.f_exploit_link:
            connect_exploits()
        if form.vars.f_host_status:
            if form.vars.f_taskit:
                task = scheduler.queue_task(
                    do_host_status,
                    pvars=dict(asset_group=form.vars.f_asset_group),
                    group_name=settings.scheduler_group_name,
                    sync_output=5,
                    timeout=settings.scheduler_timeout,
                )
                if task.id:
                    redirect(URL('tasks', 'status', args=task.id))
                else:
                    resp_text = "Error submitting job: %s" % (task.errors)
            else:
                do_host_status(asset_group=form.vars.f_asset_group)
        response.flash = "Task completed!"

    elif form.errors:
        response.flash = 'Error in form'

    return dict(
        form=form,
        err404=get_oreally_404(request.folder),
    )
Exemplo n.º 3
0
def purge_data():
    # Purges all the data except user tables
    response.title = "%s :: Database Purge" % (settings.title)

    users = db(db.auth_user).select()
    userlist = []
    for user in users:
        userlist.append([user.id, user.username])

    hosts = db(db.t_hosts).select()
    hostlist = []
    for host in hosts:
        hostlist.append([host.id, host_title_maker(host)])

    ag_rows = db(db.t_hosts).select(db.t_hosts.f_asset_group,
                                    distinct=True).as_list()
    asset_groups = []
    for ag in ag_rows:
        asset_groups.append(ag['f_asset_group'])

    form = SQLFORM.factory(
        Field('host',
              type='list:integer',
              label=T('Delete a host'),
              requires=IS_EMPTY_OR(IS_IN_SET(hostlist))),
        Field('engineer',
              type='list:integer',
              label=T('Hosts by user'),
              requires=IS_EMPTY_OR(IS_IN_SET(userlist))),
        Field('asset_group',
              type='string',
              label=T('Asset Group'),
              requires=IS_EMPTY_OR(IS_IN_SET(asset_groups))),
        Field('all_data', type='boolean', label=T('Truncate all tables')),
        Field('are_you_sure',
              type='boolean',
              label=T('Are you sure?'),
              requires=IS_NOT_EMPTY(error_message='ARE YOU SURE?!?!')),
    )

    if form.accepts(request.vars, session):
        if not form.vars.are_you_sure:
            form.errors.are_you_sure = 'ARE YOU SURE?'
        else:
            if form.vars.all_data:
                db.t_hosts.truncate(mode="CASCADE")
                db.t_services.truncate(mode="CASCADE")
                db.t_os.truncate(mode="CASCADE")
                db.t_host_os_refs.truncate(mode="CASCADE")
                db.t_apps.truncate(mode="CASCADE")
                db.t_services_apps_refs.truncate(mode="CASCADE")
                db.t_service_vulns.truncate(mode="CASCADE")
                db.t_service_info.truncate(mode="CASCADE")
                db.t_accounts.truncate(mode="CASCADE")
                db.t_host_notes.truncate(mode="CASCADE")
                db.t_evidence.truncate(mode="CASCADE")
                db.t_snmp.truncate(mode="CASCADE")
                db.commit()
                response.flash = 'All data purged'
            elif form.vars.host:
                host_id = form.vars.host
                del db.t_hosts[host_id]
                response.flash = "Host %s purged" % (form.vars.host)
            elif form.vars.engineer:
                # TODO: Test this
                delcnt = db(
                    db.t_hosts.f_engineer == form.vars.engineer).delete()
                db.commit()
                response.flash = "Hosts owned by %s purged (%d records)" % (
                    form.vars.engineer, delcnt)
            elif form.vars.asset_group:
                delcnt = db(db.t_hosts.f_asset_group ==
                            form.vars.asset_group).delete()
                db.commit()
                response.flash = "Asset group %s purged (%d records)" % (
                    form.vars.asset_group, delcnt)
    elif form.errors:
        response.flash = 'Error in form'

    return dict(
        form=form,
        err404=get_oreally_404(request.folder),
    )
Exemplo n.º 4
0
def error():
    response.title = "%s :: Error!" % (settings.title)
    return dict(err404=get_oreally_404(request.folder), msg=request.vars.msg)
Exemplo n.º 5
0
def purge_data():
    # Purges all the data except user tables
    response.title = "%s :: Database Purge" % (settings.title)

    users = db(db.auth_user).select()
    userlist = []
    for user in users:
        userlist.append( [ user.id, user.username ] )

    hosts = db(db.t_hosts).select()
    hostlist = []
    for host in hosts:
        hostlist.append( [ host.id, host_title_maker(host) ] )

    ag_rows = db(db.t_hosts).select(db.t_hosts.f_asset_group, distinct=True).as_list()
    asset_groups = []
    for ag in ag_rows:
        asset_groups.append(ag['f_asset_group'])

    form = SQLFORM.factory(
        Field('host', type='list:integer', label=T('Delete a host'), requires=IS_EMPTY_OR(IS_IN_SET(hostlist))),
        Field('engineer', type='list:integer', label=T('Hosts by user'), requires=IS_EMPTY_OR(IS_IN_SET(userlist))),
        Field('asset_group', type='string', label=T('Asset Group'), requires=IS_EMPTY_OR(IS_IN_SET(asset_groups))),
        Field('all_data', type='boolean', label=T('Truncate all tables')),
        Field('are_you_sure', type='boolean', label=T('Are you sure?'), requires=IS_NOT_EMPTY(error_message='ARE YOU SURE?!?!')),
        )

    if form.accepts(request.vars, session):
        if not form.vars.are_you_sure:
            form.errors.are_you_sure = 'ARE YOU SURE?'
        else:
            if form.vars.all_data:
                db.t_hosts.truncate(mode="CASCADE")
                db.t_services.truncate(mode="CASCADE")
                db.t_os.truncate(mode="CASCADE")
                db.t_host_os_refs.truncate(mode="CASCADE")
                db.t_apps.truncate(mode="CASCADE")
                db.t_services_apps_refs.truncate(mode="CASCADE")
                db.t_service_vulns.truncate(mode="CASCADE")
                db.t_service_info.truncate(mode="CASCADE")
                db.t_accounts.truncate(mode="CASCADE")
                db.t_host_notes.truncate(mode="CASCADE")
                db.t_evidence.truncate(mode="CASCADE")
                db.t_snmp.truncate(mode="CASCADE")
                db.commit()
                response.flash = 'All data purged'
            elif form.vars.host:
                host_id = form.vars.host
                del db.t_hosts[host_id]
                response.flash = "Host %s purged" % (form.vars.host)
            elif form.vars.engineer:
                # TODO: Test this
                delcnt = db(db.t_hosts.f_engineer == form.vars.engineer).delete()
                db.commit()
                response.flash = "Hosts owned by %s purged (%d records)" % (form.vars.engineer, delcnt)
            elif form.vars.asset_group:
                delcnt = db(db.t_hosts.f_asset_group == form.vars.asset_group).delete()
                db.commit()
                response.flash = "Asset group %s purged (%d records)" % (form.vars.asset_group, delcnt)
    elif form.errors:
        response.flash = 'Error in form'

    return dict(
        form=form,
        err404=get_oreally_404(request.folder),
    )
Exemplo n.º 6
0
def error():
    response.title = "%s :: Error!" % (settings.title)
    return dict(
        err404=get_oreally_404(request.folder),
        msg=request.vars.msg
    )