def write_backend_conf(self):
logger.info("write_backend_conf")
new_conf = self.generate_haproxy_backend_conf()
if not new_conf:
return False
filename = self.get_backend_filename()
try:
with open(filename, 'r') as conf_file:
current_conf = conf_file.read()
except Exception as error:
logger.warning(error)
current_conf = None
# If we don't have any current configuration, or if our new configuration differs
if current_conf is None or new_conf != current_conf:
try:
write_conf(logger,
[filename, new_conf, HAPROXY_OWNER, HAPROXY_PERMS])
return True
except Exception as e:
raise VultureSystemConfigError(
"log viewer: error while writing haproxy configuration (backend) for DefenderPolicy"
)
return False
def build_conf(node_logger, frontend_id=None):
""" Generate conf of rsyslog inputs, based on all frontends LOG
ruleset of frontend
outputs of all frontends
:param node_logger: Logger sent to all API requests
:param frontend_id: The name of the frontend in conf file
:return:
"""
result = ""
""" Firstly, try to retrieve Frontend with given id """
if frontend_id:
try:
frontend = Frontend.objects.get(pk=frontend_id)
""" Generate ruleset conf of asked frontend """
frontend_conf = frontend.generate_rsyslog_conf()
""" And write-it """
write_conf(node_logger, [frontend.get_rsyslog_filename(), frontend_conf, RSYSLOG_OWNER, RSYSLOG_PERMS])
result += "Frontend '{}' conf written.\n".format(frontend_id)
except ObjectDoesNotExist:
raise VultureSystemError("Frontend with id {} not found, failed to generate conf.".format(frontend_id),
"build rsyslog conf", traceback=" ")
""" Generate inputs configutation """
service = RsyslogService()
""" If frontend was given we cannot check if its conf has changed to restart service
and if reload_conf is True, conf has changed so restart service
"""
if service.reload_conf() or frontend_id:
result += "Rsyslog conf updated. Restarting service."
result += service.restart()
else:
result += "Rsyslog conf hasn't changed."
return result
def write_template(self, tpl_name, **kwargs):
""" This method has to be called by api_request (Vultured) """
filename = self.tpl_filename(tpl_name)
write_conf(logger, [
self.tpl_filename(tpl_name, kwargs.get('portal_id')),
HAPROXY_HEADER + self.render_template(tpl_name, **kwargs),
HAPROXY_OWNER, HAPROXY_PERMS
])
return "Template {} successfully written".format(filename)
def configure_pstats(node_logger):
""" Pstats configuration """
node = Cluster.get_current_node()
jinja2_env = Environment(loader=FileSystemLoader(JINJA_PATH))
pstats_template = jinja2_env.get_template("pstats.conf")
write_conf(node_logger, ["{}/pstats.conf".format(RSYSLOG_PATH),
pstats_template.render({'node': node}),
RSYSLOG_OWNER, RSYSLOG_PERMS])
return "Rsyslog configuration 'pstats.conf' written.\n"
def set_rc_conf(self, yes_or_no, service_name=""):
"""
Set service_enable="YES" or "NO"
in /RC_CONF_DIR/service
:param yes_or_no: True if "YES", False if "NO"
:param service_name: Service name to use if different than self.service_name
"""
service_name2 = service_name or self.service_name
filename = "{}/{}".format(RC_CONF_DIR, service_name2)
write_conf(logger, [
filename, "{}_enable=\"{}\"".format(
service_name2, "YES" if yes_or_no else "NO"), RC_CONF_OWNERS,
RC_CONF_PERMS
])
return "{} successfully written.".format(filename)
def build_conf(node_logger, frontend_id):
""" Generate conf of rsyslog inputs, based on all frontends LOG
ruleset of frontend
outputs of all frontends
:param node_logger: Logger sent to all API requests
:param frontend_id: The name of the frontend in conf file
:return:
"""
result = ""
node = Cluster.get_current_node()
reload = False
""" Firstly, try to retrieve Frontend with given id """
from services.frontend import models # because of circular imports
try:
frontend = models.Frontend.objects.get(pk=frontend_id)
""" Generate ruleset conf of asked frontend """
tmp = frontend.generate_conf()
if frontend.configuration[node.name] != tmp:
frontend.configuration[node.name] = tmp
reload = True
""" And write-it """
write_conf(node_logger, [
frontend.get_filename(), frontend.configuration[node.name],
models.FRONTEND_OWNER, models.FRONTEND_PERMS
])
result += "Frontend '{}' conf written.\n".format(frontend_id)
except ObjectDoesNotExist:
raise VultureSystemError(
"Frontend with id {} not found, failed to generate conf.".format(
frontend_id),
"build HAProxy conf",
traceback=" ")
""" Generate inputs configuration """
service = HaproxyService()
""" If frontend was given we cannot check if its conf has changed to restart service
and if reload_conf is True, conf has changed so restart service
"""
if reload:
result = "HAProxy conf updated. Restarting service."
result += service.restart()
else:
result += "HAProxy conf hasn't changed."
return result
def write_policy_conf(node_logger, policy_id):
logger.info("writing policy conf for filterpolicy id {}".format(policy_id))
policy = FilterPolicy.objects.get(pk=policy_id)
logger.info("writing policy '{}' conf".format(policy.filter.name))
conf_path = "{darwin_path}/f{filter_name}/f{filter_name}_{darwin_policy_id}.conf".format(
darwin_path=DARWIN_PATH,
filter_name=policy.filter.name,
darwin_policy_id=policy.policy.pk)
write_conf(node_logger, [
conf_path, "{}\n".format(
json_dumps(policy.config, sort_keys=True, indent=4)),
DARWIN_OWNERS, DARWIN_PERMS
])
return "{} successfully written.".format(conf_path)
def configure_node(node_logger):
""" Generate and write netdata conf files """
result = ""
node = Cluster.get_current_node()
global_config = Cluster.get_global_config()
""" For each Jinja templates """
jinja2_env = Environment(loader=FileSystemLoader(JINJA_PATH))
for template_name in jinja2_env.list_templates():
""" Perform only "rsyslog_template_*.conf" templates """
match = re_search("^rsyslog_template_([^\.]+)\.conf$", template_name)
if not match:
continue
template = jinja2_env.get_template(template_name)
template_path = "{}/05-tpl-01-{}.conf".format(RSYSLOG_PATH,
match.group(1))
""" Generate and write the conf depending on all nodes, and current node """
write_conf(node_logger, [
template_path,
template.render({
'node': node,
'global_config': global_config
}), RSYSLOG_OWNER, RSYSLOG_PERMS
])
result += "Rsyslog template '{}' written.\n".format(template_path)
""" PF configuration for Rsyslog """
pf_template = jinja2_env.get_template("pf.conf")
write_conf(node_logger, [
"{}/pf.conf".format(RSYSLOG_PATH),
pf_template.render({'mongodb_uri': MongoBase.get_replicaset_uri()}),
RSYSLOG_OWNER, RSYSLOG_PERMS
])
result += "Rsyslog template 'pf.conf' written.\n"
""" If this method has been called, there is a reason - a Node has been modified
so we need to restart Rsyslog because at least PF conf has been changed
"""
# if Frontend.objects.filter(enable_logging=True).count() > 0:
# node_logger.debug("Logging enabled, reload of Rsyslog needed.")
restart_service(node_logger)
node_logger.info("Rsyslog service restarted.")
result += "Rsyslogd service restarted."
return result
def reload_conf(self):
"""
Write new PF configuration, if needed
:return: True / False
"""
conf_reloaded = super().reload_conf()
config_model = Cluster.get_global_config()
""" Check if firehol and vulture netsets exist """
filepath = DATABASES_PATH + "/firehol_level1.netset"
if not os_path.isfile(filepath):
write_conf(logger,
[filepath, "", DATABASES_OWNER, DATABASES_PERMS])
filepath = DATABASES_PATH + "/vulture-v4.netset"
if not os_path.isfile(filepath):
write_conf(logger,
[filepath, "", DATABASES_OWNER, DATABASES_PERMS])
filepath = DATABASES_PATH + "/vulture-v6.netset"
if not os_path.isfile(filepath):
write_conf(logger,
[filepath, "", DATABASES_OWNER, DATABASES_PERMS])
""" Check if Whitelist and Blacklist has changed """
wl_bl = {
'pf.whitelist.conf': config_model.pf_whitelist,
'pf.blacklist.conf': config_model.pf_blacklist,
}
for filename, liste in wl_bl.items():
file_path = '{}{}'.format(PF_PATH, filename)
config = "\n".join(liste.split(','))
md5_config = md5(config.encode('utf-8')).hexdigest().strip()
md5sum = ""
try:
result = check_output(['/sbin/md5', file_path],
stderr=PIPE).decode('utf8')
md5sum = result.strip().split('= ')[1]
except CalledProcessError as e:
stderr = e.stderr.decode('utf8')
logger.error("Failed to md5sum file '{}' : {}".format(
filename, stderr))
""" If there was an error, bad permissions on file, rewrite-it with correct ones """
if md5_config != md5sum:
conf_reloaded = True
logger.info(
'Packet Filter {} need to be rewrite'.format(filename))
write_conf(logger, [file_path, config, PF_OWNERS, PF_PERMS])
return conf_reloaded
def configure_node(node_logger):
""" Generate and write netdata conf files """
node = Cluster.get_current_node()
nodes = Node.objects.all()
""" For each Jinja templates """
jinja2_env = Environment(loader=FileSystemLoader(JINJA_PATH))
for template_name in jinja2_env.list_templates():
template = jinja2_env.get_template(template_name)
conf_path = CONF_PATH
""" fping.conf has different directory """
if template_name != "fping.conf":
""" Other files than fping are in python.d """
conf_path += "python.d/"
""" Generate and write the conf depending on all nodes, and current node """
write_conf(node_logger, [
conf_path + template_name,
template.render({
'nodes': nodes,
'node': node
}), NETDATA_OWNER, NETDATA_PERMS
])
def write_policy_conf(node_logger, policy_id):
policy = DarwinPolicy.objects.get(pk=policy_id)
logger.info("writing policy conf '{}'".format(policy.name))
for filter in policy.filterpolicy_set.all():
if filter.enabled:
logger.info("writing filter '{}' conf".format(filter.name))
conf_path = get_darwin_conf_path(policy.id, filter.filter.name)
try:
write_conf(node_logger, [
conf_path, "{}\n".format(
json_dumps(filter.config, sort_keys=True, indent=4)),
DARWIN_OWNERS, DARWIN_PERMS
])
except Exception as e:
logger.error(
"Darwin::write_policy_conf:: error while writing conf: {}".
format(e))
continue
else:
logger.info(
"filter '{}' not enabled, deleting potential conf".format(
filter.name))
try:
delete_conf_file(node_logger, filter.conf_path)
except (VultureSystemConfigError, VultureSystemError):
continue
except Exception as e:
logger.error(
"Darwin::write_policy_conf:: error while removing disabled filter config: {}"
.format(e))
def write_conf(self, content, owners=None, perms=None):
write_conf(logger, [
self.jinja_template['tpl_path'], content, owners or "root:wheel",
perms or "644"
])