def signal_handler(signal, frame): print ("Interrupted") exit(1) signal.signal(signal.SIGINT, signal_handler) # Import framework try: # Search path path.append(dirname(argv[0]) + '/../framework') # Import Wazuh and Initialize from wazuh import Wazuh from wazuh.exception import WazuhException myWazuh = Wazuh(get_init=True) # Import cluster from wazuh.cluster.cluster import read_config, check_cluster_config, get_status_json from wazuh.cluster.control import check_cluster_status, get_nodes, get_healthcheck, get_agents, sync, get_files except Exception as e: print("Error importing 'Wazuh' package.\n\n{0}\n".format(e)) exit() logging.basicConfig(level=logging.INFO, format='%(levelname)s: %(message)s') def get_parser(type): if type == "master": class WazuhHelpFormatter(argparse.ArgumentParser): def format_help(self):
def main(): # Capture Cntrl + C signal(SIGINT, signal_handler) # Parse arguments arguments = { 'n_args': 0, 'n_actions': 0, 'group': None, 'agent-id': None, 'list': False, 'list-files': False, 'add-group': False, 'replace-group': False, 'show-group': False, 'show-sync': False, 'remove-group': False, 'quiet': False } try: opts, args = getopt(argv[1:], "lcafsSri:g:qdh", [ "list", "list-files", "add-group", "replace-group", "show-group", "show-sync", "remove-group", "agent-id=", "group=", "quiet", "debug", "help" ]) arguments['n_args'] = len(opts) except GetoptError as err: print(str(err) + "\n" + "Try '--help' for more information.") exit(1) for o, a in opts: if o in ("-l", "--list"): arguments['list'] = True arguments['n_actions'] += 1 elif o in ("-c", "--list-files"): arguments['list-files'] = True arguments['n_actions'] += 1 elif o in ("-a", "--add-group"): arguments['add-group'] = True arguments['n_actions'] += 1 elif o in ("-f", "--replace-group"): arguments['replace-group'] = True elif o in ("-s", "--show-group"): arguments['show-group'] = True arguments['n_actions'] += 1 elif o in ("-S", "--show-sync"): arguments['show-sync'] = True arguments['n_actions'] += 1 elif o in ("-r", "--remove-group"): arguments['remove-group'] = True arguments['n_actions'] += 1 elif o in ("-i", "--agent-id"): arguments['agent-id'] = a elif o in ("-g", "--group"): arguments['group'] = a elif o in ("-q", "--quiet"): arguments['quiet'] = True elif o in ("-d", "--debug"): global debug debug = True elif o in ("-h", "--help"): usage() exit(0) else: invalid_option() # Initialize framework myWazuh = Wazuh(get_init=True) # Actions if arguments['n_args'] > 5 or arguments['n_actions'] > 1: invalid_option("Bad argument combination.") # ./agent_groups.py if arguments['n_args'] == 0: show_groups() # ./agent_groups.py -l [ -g group_id ] elif arguments['list']: if arguments['group']: show_agents_with_group(arguments['group']) else: show_groups() # -c -g group_id elif arguments['list-files']: show_group_files( arguments['group']) if arguments['group'] else invalid_option( "Missing group.") # -a (-i agent_id -g groupd_id | -g group_id) [-q] [-e] elif arguments['add-group']: if arguments['agent-id'] and arguments['group']: set_group(arguments['agent-id'], arguments['group'], arguments['quiet'], arguments['replace-group']) elif arguments['group']: create_group(arguments['group'], arguments['quiet']) else: invalid_option("Missing agent ID or group.") # -s -i agent_id elif arguments['show-group']: show_group( arguments['agent-id'] ) if arguments['agent-id'] else invalid_option("Missing agent ID.") # -S -i agent_id elif arguments['show-sync']: show_synced_agent( arguments['agent-id'] ) if arguments['agent-id'] else invalid_option("Missing agent ID.") # -r (-g group_id | -i agent_id) [-q] elif arguments['remove-group']: if arguments['agent-id']: unset_group(arguments['agent-id'], arguments['group'], arguments['quiet']) elif arguments['group']: remove_group(arguments['group'], arguments['quiet']) else: invalid_option("Missing agent ID or group.") else: invalid_option("Bad argument combination.")
print_json("Wazuh-Python Internal Error: wazuh-framework not found.", 1000) if error_wazuh_package == -2: print_json("Wazuh-Python Internal Error: uncaught exception: {0}".format(exception_error), 1000) exit(0) # error code 0 shows the msg in the API response. if 'function' not in request: print_json("Wazuh-Python Internal Error: 'JSON input' must have the 'function' key", 1000) exit(1) if 'ossec_path' not in request: print_json("Wazuh-Python Internal Error: 'JSON input' must have the 'ossec_path' key", 1000) exit(1) # Main try: wazuh = Wazuh(ossec_path=request['ossec_path']) functions = { '/agents/:agent_id': Agent.get_agent, '/agents/:agent_id/key': Agent.get_agent_key, '/agents': Agent.get_agents_overview, '/agents/summary': Agent.get_agents_summary, 'PUT/agents/:agent_id/restart': Agent.restart_agents, 'PUT/agents/restart': Agent.restart_agents, 'PUT/agents/:agent_name': Agent.add_agent, 'POST/agents': Agent.add_agent, 'POST/agents/insert': Agent.insert_agent, 'DELETE/agents/:agent_id': Agent.remove_agent, '/decoders': Decoder.get_decoders, '/decoders/files': Decoder.get_decoders_files,
# Decoders '/decoders': { 'function': Decoder.get_decoders, 'type': 'local_any', 'is_async': False }, '/decoders/files': { 'function': Decoder.get_decoders_files, 'type': 'local_any', 'is_async': False }, # Managers '/manager/info': { 'function': Wazuh(common.ossec_path).get_ossec_init, 'type': 'local_any', 'is_async': False }, '/manager/status': { 'function': manager.status, 'type': 'local_any', 'is_async': False }, '/manager/configuration': { 'function': configuration.get_ossec_conf, 'type': 'local_any', 'is_async': False }, '/manager/configuration/validation': { 'function': manager.validation,
from wazuh.cluster import (__author__, __licence__, __ossec_name__, __version__, client) from wazuh.cluster import cluster as cluster from wazuh.cluster import common as c_common from wazuh.cluster import control as cluster_control from wazuh.cluster import local_client, local_server, master, server, worker from wazuh.cluster.cluster import read_config from wazuh.cluster.dapi import dapi from wazuh.cluster.dapi import requests_list as rq from wazuh.configuration import get_ossec_conf from wazuh.database import Connection from wazuh.decoder import Decoder from wazuh.exception import WazuhException from wazuh.InputValidator import InputValidator from wazuh.manager import status from wazuh.ossec_queue import OssecQueue from wazuh.ossec_socket import OssecSocket, OssecSocketJSON from wazuh.rule import Rule from wazuh.syscollector import _get_agent_items, get_item_agent from wazuh.utils import (WazuhDBQuery, WazuhDBQueryDistinct, WazuhDBQueryGroupBy, WazuhVersion, chmod_r, chown_r, cut_array, execute, get_fields_to_nest, get_hash, load_wazuh_xml, md5, mkdir_with_mode, plain_dict_to_nested_dict, previous_month, search_array, sort_array, tail) from wazuh.wdb import WazuhDBConnection my_wazuh = Wazuh(get_init=True) print("All modules were imported successfully.")
def main(): # Check arguments if args.list_outdated: list_outdated() exit(0) if not args.agent: arg_parser.print_help() exit(0) if args.silent: args.debug = False # Capture Ctrl + C signal(SIGINT, signal_handler) # Initialize framework myWazuh = Wazuh(get_init=True) agent = Agent(id=args.agent) agent._load_info_from_DB() agent_info = "{0}/queue/agent-info/{1}-{2}".format(common.ossec_path, agent.name, agent.ip) if not os.path.isfile(agent_info): raise WazuhException(1720) # Custom WPK file if args.file: if args.execute: upgrade_command_result = agent.upgrade_custom( file_path=args.file, installer=args.execute, debug=args.debug, show_progress=print_progress if not args.silent else None, chunk_size=args.chunk_size, rl_timeout=args.timeout) if not args.silent: if not args.debug: print( "\n{0}... Please wait.".format(upgrade_command_result)) else: print(upgrade_command_result) counter = 0 agent_info_stat = os.stat(agent_info).st_mtime sleep(10) while agent_info_stat == os.stat( agent_info ).st_mtime and counter < common.agent_info_retries: sleep(common.agent_info_sleep) counter = counter + 1 if agent_info_stat == os.stat(agent_info).st_mtime: raise WazuhException( 1716, "Timeout waiting for agent reconnection.") upgrade_result = agent.upgrade_result(debug=args.debug) if not args.silent: print(upgrade_result) else: print("Error: Need executable filename.") # WPK upgrade file else: prev_ver = agent.version upgrade_command_result = agent.upgrade( wpk_repo=args.repository, debug=args.debug, version=args.version, force=args.force, show_progress=print_progress if not args.silent else None, chunk_size=args.chunk_size, rl_timeout=args.timeout) if not args.silent: if not args.debug: print("\n{0}... Please wait.".format(upgrade_command_result)) else: print(upgrade_command_result) counter = 0 agent_info_stat = os.stat(agent_info).st_mtime while agent_info_stat == os.stat( agent_info).st_mtime and counter < common.agent_info_retries: sleep(common.agent_info_sleep) counter = counter + 1 if agent_info_stat == os.stat(agent_info).st_mtime: raise WazuhException(1716, "Timeout waiting for agent reconnection.") sleep(10) upgrade_result = agent.upgrade_result(debug=args.debug) if not args.silent: if not args.debug: agent._load_info_from_DB() print("Agent upgraded: {0} -> {1}".format( prev_ver, agent.version)) else: print(upgrade_result)
# - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/ossec/framework/lib from sys import path, exit import json # cwd = /var/ossec/api/framework/examples #framework_path = '{0}'.format(path[0][:-9]) # cwd = /var/ossec/api #framework_path = '{0}/framework'.format(path[0]) # Default path framework_path = '/var/ossec/api/framework' path.append(framework_path) try: from wazuh import Wazuh from wazuh.agent import Agent except Exception as e: print("No module 'wazuh' found.") exit() if __name__ == "__main__": # Creating wazuh object # It is possible to specify the ossec path (path argument) or get /etc/ossec-init.conf (get_init argument) print("\nWazuh:") myWazuh = Wazuh() print(myWazuh) print("\nAgents:") agents = Agent.get_agents_overview() print(json.dumps(agents, indent=4, sort_keys=True))
def main(): # Capture Ctrl + C signal(SIGINT, signal_handler) # Initialize framework myWazuh = Wazuh(get_init=True) # Check arguments if args.list_outdated: list_outdated() exit(0) if not args.agent: arg_parser.print_help() exit(0) if args.silent: args.debug = False use_http = False if args.http: use_http = True agent = Agent(id=args.agent) agent._load_info_from_DB() agent_info = "{0}/queue/agent-info/{1}-{2}".format(common.ossec_path, agent.name, agent.ip) if not os.path.isfile(agent_info): raise WazuhException(1720) # Evaluate if the version is correct if args.version is not None: pattern = re.compile("v[0-9]+\.[0-9]+\.[0-9]+") if not pattern.match(args.version): raise WazuhException(1733, "Version received: {0}".format(args.version)) if args.chunk_size is not None: if args.chunk_size < 1 or args.chunk_size > 64000: raise WazuhException(1744, "Chunk defined: {0}".format(args.chunk_size)) # Custom WPK file if args.file: upgrade_command_result = agent.upgrade_custom( file_path=args.file, installer=args.execute if args.execute else "upgrade.sh", debug=args.debug, show_progress=print_progress if not args.silent else None, chunk_size=args.chunk_size, rl_timeout=-1 if args.timeout == None else args.timeout) if not args.silent: if not args.debug: print("\n{0}... Please wait.".format(upgrade_command_result)) else: print(upgrade_command_result) counter = 0 agent_info_stat = os.stat(agent_info).st_mtime sleep(10) while agent_info_stat == os.stat( agent_info).st_mtime and counter < common.agent_info_retries: sleep(common.agent_info_sleep) counter = counter + 1 if agent_info_stat == os.stat(agent_info).st_mtime: raise WazuhException(1716, "Timeout waiting for agent reconnection.") upgrade_result = agent.upgrade_result(debug=args.debug) if not args.silent: print(upgrade_result) # WPK upgrade file else: prev_ver = agent.version upgrade_command_result = agent.upgrade( wpk_repo=args.repository, debug=args.debug, version=args.version, force=args.force, show_progress=print_progress if not args.silent else None, chunk_size=args.chunk_size, rl_timeout=-1 if args.timeout == None else args.timeout, use_http=use_http) if not args.silent: if not args.debug: print("\n{0}... Please wait.".format(upgrade_command_result)) else: print(upgrade_command_result) counter = 0 agent_info_stat = os.stat(agent_info).st_mtime while agent_info_stat == os.stat( agent_info).st_mtime and counter < common.agent_info_retries: sleep(common.agent_info_sleep) counter = counter + 1 if agent_info_stat == os.stat(agent_info).st_mtime: raise WazuhException(1716, "Timeout waiting for agent reconnection.") sleep(10) upgrade_result = agent.upgrade_result(debug=args.debug) if not args.silent: if not args.debug: agent._load_info_from_DB() print("Agent upgraded: {0} -> {1}".format( prev_ver, agent.version)) else: print(upgrade_result)