def run(agent_list=None):
"""Run syscheck scan.
:param agent_list: Run syscheck in the agent.
:return: AffectedItemsWazuhResult.
"""
result = AffectedItemsWazuhResult(all_msg='Syscheck scan was restarted on returned agents',
some_msg='Syscheck scan was not restarted on some agents',
none_msg='No syscheck scan was restarted')
for agent_id in agent_list:
try:
agent_info = Agent(agent_id).get_basic_information()
agent_status = agent_info.get('status', 'N/A')
if agent_status.lower() != 'active':
result.add_failed_item(
id_=agent_id, error=WazuhError(1601, extra_message='Status - {}'.format(agent_status)))
else:
oq = OssecQueue(common.ARQUEUE)
oq.send_msg_to_agent(OssecQueue.HC_SK_RESTART, agent_id)
result.affected_items.append(agent_id)
oq.close()
except WazuhError as e:
result.add_failed_item(id_=agent_id, error=e)
result.affected_items = sorted(result.affected_items, key=int)
result.total_affected_items = len(result.affected_items)
return result
def send_ar_message(agent_id: str = '',
oq: OssecQueue = None,
command: str = '',
arguments: list = None,
custom: bool = False,
alert: dict = None) -> None:
"""Send the active response message to the agent.
Parameters
----------
agent_id : str
ID specifying the agent where the msg_queue will be sent to.
oq : OssecQueue
OssecQueue used for the active response messages.
command : str
Command running in the agents. If this value starts with !, then it refers to a script name instead of a
command name.
custom : bool
Whether the specified command is a custom command or not.
arguments : list
Command arguments.
alert : dict
Alert information depending on the AR executed.
Raises
------
WazuhError(1651)
If the agent with ID agent_id is not active.
"""
# Agent basic information
agent_info = Agent(agent_id).get_basic_information()
# Check if agent is active
if agent_info['status'].lower() != 'active':
raise WazuhError(1651,
extra_message='{0}'.format(agent_info['status']))
# Once we know the agent is active, store version
agent_version = agent_info['version']
# Check if AR is enabled
agent_conf = Agent(agent_id).getconfig('com', 'active-response',
agent_version)
if agent_conf['active-response']['disabled'] == 'yes':
raise WazuhError(1750)
# Create classic msg or JSON msg depending on the agent version
if WazuhVersion(agent_version) >= WazuhVersion(common.AR_LEGACY_VERSION):
msg_queue = create_json_message(command=command,
arguments=arguments,
alert=alert)
else:
msg_queue = create_message(command=command,
arguments=arguments,
custom=custom)
oq.send_msg_to_agent(msg=msg_queue,
agent_id=agent_id,
msg_type=OssecQueue.AR_TYPE)
def test_OssecQueue_send_msg_to_agent_ko(mock_send, mock_conn, msg, agent_id, msg_type, expected_exception):
"""Tests OssecQueue.send_msg_to_agent function exception works"""
queue = OssecQueue('test_path')
with pytest.raises(WazuhException, match=f'.* {expected_exception} .*'):
queue.send_msg_to_agent(msg, agent_id, msg_type)
mock_conn.assert_called_once_with('test_path')
def test_OssecQueue_send_msg_to_agent(mock_send, mock_conn, msg, agent_id, msg_type):
"""Tests OssecQueue.send_msg_to_agent function works"""
queue = OssecQueue('test_path')
response = queue.send_msg_to_agent(msg, agent_id, msg_type)
assert isinstance(response, str)
mock_conn.assert_called_once_with('test_path')
