def get_sensor_detectors (system_ip):
"""
@param system_ip: The system IP where you want to get the [sensor]/detectors from ossim_setup.conf
@return A tuple (sucess|error, data|msgerror)
"""
response = ansible.run_module(host_list=[system_ip],
module="av_config",
args="sensor_detectors=True op=get",
use_sudo=True)
return parse_av_config_response(response, system_ip)
def set_sensor_detectors (system_ip, plugins):
"""
@param system_ip: The system IP where you want to get the [sensor]/detectors from ossim_setup.conf
@param Comma separate list of detector plugins to activate. Must exists in the machine
@return A tuple (sucess|error, data|msgerror)
"""
response = ansible.run_module(host_list=[system_ip],
module="av_config",
args="sensor_detectors=%s op=set" % plugins)
return parse_av_config_response(response, system_ip)
def get_av_config(system_ip, path_dict):
"""
@param system_ip: The system IP
@param path: the av_config file path dictionary (i.e '[sensor]detectors')
@return A tuple (sucess|error, data|msgerror)
"""
path_str = ' '.join(['%s=True' % (key) for (key, _value) in path_dict.items()])
response = ansible.run_module(host_list=[system_ip],
module="av_config",
args="op=get %s" % path_str)
return parse_av_config_response(response, system_ip)
def get_av_config(system_ip, path_dict):
"""
@param system_ip: The system IP
@param path: the av_config file path dictionary (i.e '[sensor]detectors')
@return A tuple (sucess|error, data|msgerror)
"""
path_str = ' '.join(
['%s=True' % (key) for (key, _value) in path_dict.items()])
response = ansible.run_module(host_list=[system_ip],
module="av_config",
args="op=get %s" % path_str)
return parse_av_config_response(response, system_ip)
def set_sensor_detectors (system_ip, plugins):
"""
@param system_ip: The system IP where you want to get the [sensor]/detectors from ossim_setup.conf
@param Comma separate list of detector plugins to activate. Must exists in the machine
@return A tuple (sucess|error, data|msgerror)
"""
# Need to flush namespace "system" as alienvault_config is cached in that namespace and
# is used to show the active plugins, so we flush it to refresh the active plugins
flush_cache(namespace="system")
response = ansible.run_module(host_list=[system_ip],
module="av_config",
args="sensor_detectors=%s op=set" % plugins)
return parse_av_config_response(response, system_ip)
def get_sensor_detectors (system_ip):
"""
@param system_ip: The system IP where you want to get the [sensor]/detectors from ossim_setup.conf
@return A tuple (sucess|error, data|msgerror)
"""
response = ansible.run_module(host_list=[system_ip],
module="av_config",
args="sensor_detectors=True op=get",
use_sudo=True)
parsed_return = parse_av_config_response(response, system_ip)
# Fugly hack to replace ossec and suricata references in enabled plugins
parsed_return[1]['sensor_detectors'] = ["AlienVault_NIDS" if p == "suricata" else p for p in parsed_return[1]['sensor_detectors']]
parsed_return[1]['sensor_detectors'] = ["AlienVault_HIDS" if p == "ossec-single-line" else p for p in parsed_return[1]['sensor_detectors']]
parsed_return[1]['sensor_detectors'] = ["AlienVault_HIDS-IDM" if p == "ossec-idm-single-line" else p for p in parsed_return[1]['sensor_detectors']]
parsed_return[1]['sensor_detectors'] = ["availability_monitoring" if p == "nagios" else p for p in parsed_return[1]['sensor_detectors']]
return parsed_return
def get_sensor_interfaces (sensor_ip):
"""
@param sensor_ip: The system IP where you want to get the [sensor]/interfaces from ossim_setup.conf
@return A tuble (sucess|error, data | msgerror)
"""
result = False
data = None
try:
response = ansible.run_module(host_list=[sensor_ip], module="av_config",
args="sensor_interfaces=True op=get", use_sudo=True)
return parse_av_config_response(response, sensor_ip)
except Exception, e:
trace = traceback.format_exc()
data = "Ansible Error: Can't get [sensor]/interfaces from ossim_setup.conf: %s \n trace: %s" % (
str(e), trace)
result = False
def set_sensor_interfaces (sensor_ip, interfaces):
"""
@param sensor_ip: The system IP where you want to get the [sensor]/interfaces from ossim_setup.conf
@param Comma separate list of interfaces to activate. Must exists in the machine
@return A tuble (sucess|error, data | msgerror)
"""
result = False
try:
response = ansible.run_module(host_list=[sensor_ip], module="av_config",
args="sensor_interfaces=%s op=set" % interfaces)
return parse_av_config_response(response, sensor_ip)
except Exception, e:
trace = traceback.format_exc()
data = "Ansible Error: Can't get [sensor]/interfaces from ossim_setup.conf: %s \n trace: %s" % (
str(e), trace)
result = False
def get_sensor_interfaces(sensor_ip):
"""
@param sensor_ip: The system IP where you want to get the [sensor]/interfaces from ossim_setup.conf
@return A tuble (sucess|error, data | msgerror)
"""
result = False
data = None
try:
response = ansible.run_module(host_list=[sensor_ip],
module="av_config",
args="sensor_interfaces=True op=get",
use_sudo=True)
return parse_av_config_response(response, sensor_ip)
except Exception, e:
trace = traceback.format_exc()
data = "Ansible Error: Can't get [sensor]/interfaces from ossim_setup.conf: %s \n trace: %s" % (
str(e), trace)
result = False
def set_sensor_interfaces(sensor_ip, interfaces):
"""
@param sensor_ip: The system IP where you want to get the [sensor]/interfaces from ossim_setup.conf
@param Comma separate list of interfaces to activate. Must exists in the machine
@return A tuble (sucess|error, data | msgerror)
"""
result = False
try:
response = ansible.run_module(host_list=[sensor_ip],
module="av_config",
args="sensor_interfaces=%s op=set" %
interfaces)
return parse_av_config_response(response, sensor_ip)
except Exception, e:
trace = traceback.format_exc()
data = "Ansible Error: Can't get [sensor]/interfaces from ossim_setup.conf: %s \n trace: %s" % (
str(e), trace)
result = False
