def update_asset_id(sensor_id, agent_id, asset_id):
""" Update Asset ID related to agent
Raises:
APICannotResolveSensorID
APIInvalidHIDSAgentID
APICannotUpdateHIDSAgent
APICannotResolveAssetID
"""
if sensor_id is None:
api_log.error("[update_asset_id]: Sensor ID could not be empty")
raise APICannotResolveSensorID(sensor_id)
if agent_id is None:
api_log.error("[update_asset_id]: Agent ID could not be empty")
raise APIInvalidHIDSAgentID(agent_id)
if asset_id is None:
api_log.error("[update_asset_id]: Asset ID could not be empty")
raise APICannotResolveAssetID(asset_id)
try:
sensor_id_bin = get_bytes_from_uuid(sensor_id)
asset_id_bin = get_bytes_from_uuid(asset_id)
db.session.query(Hids_Agents).filter(
and_(Hids_Agents.agent_id == agent_id,
Hids_Agents.sensor_id == sensor_id_bin)).update(
{"host_id": asset_id_bin})
except Exception as msg:
api_log.error("[update_asset_id]: %s" % str(msg))
raise APICannotUpdateHIDSAgent(agent_id, sensor_id)
def get_hids_agents_by_asset(asset_id, sensor_id=None):
""" Get HIDS agents by asset
Args:
asset_id(str): Asset ID
sensor_id(str): Sensor ID
Returns:
Dictionary with HIDS agents related to asset in the database
Raises:
APICannotGetHIDSAgentByAsset
APICannotResolveAssetID
"""
hids_agents = {}
if asset_id is None:
api_log.error(
"[get_hids_agents_by_asset]: Asset ID could not be empty")
raise APICannotResolveAssetID(asset_id)
query = "SELECT HEX(ha.sensor_id) AS sensor_id, ha.agent_id, ha.agent_name, ha.agent_ip, " \
"ha.agent_status, HEX(ha.host_id) AS host_id " \
"FROM hids_agents ha WHERE ha.host_id = UNHEX('{0}')".format(get_hex_string_from_uuid(asset_id))
if sensor_id is not None:
query = query + " AND ha.sensor_id = UNHEX('{0}')".format(
get_hex_string_from_uuid(sensor_id))
try:
ha_list = db.session.connection(mapper=Hids_Agents).execute(query)
for hids_agent in ha_list:
ha_id = hids_agent.agent_id
ha_name = hids_agent.agent_name
ha_ip = hids_agent.agent_ip
ha_status = hids_agent.agent_status
ha_sensor_id = hids_agent.sensor_id
ha_host_id = hids_agent.host_id if hids_agent.host_id is not None else ''
ha_key = ha_sensor_id + '#' + ha_id
hids_agents[ha_key] = {
'id': ha_id,
'name': ha_name,
'ip_cidr': ha_ip,
'status': {
'id': ha_status,
'descr':
Hids_Agents.get_status_string_from_integer(ha_status)
},
'sensor_id': ha_sensor_id,
'host_id': ha_host_id
}
except Exception as msg:
api_log.error("[get_hids_agents_by_asset]: %s" % str(msg))
raise APICannotGetHIDSAgentByAsset(asset_id)
return hids_agents
def ossec_win_deploy(sensor_id,
asset_id,
windows_ip,
windows_username,
windows_password,
windows_domain,
agent_id=None):
""" Deploy HIDS agent on a Windows System
Args:
sensor_id(str): Sensor ID
asset_id(str): Asset ID
windows_ip(str) : Deployment IP (where we are going to deploy the HIDS Agent)
windows_username(str) : Windows Username
windows_password(str) : Windows Password
windows_domain(str) : Windows Domain
agent_id(str) : Agent ID
Returns:
True if HIDS agent was properly deployed
Raises:
APICannotResolveAssetID
APICannotCreateHIDSAgent
APICannotGetHIDSAgentByAsset
APICannotResolveSensorID
APICannotDeployHIDSAgent
APIInvalidDeploymentIP
APIInvalidWindowsUsername
APIInvalidWindowsPassword
APIInvalidAgentID
"""
# Setting default values
agent_name = None
sensor_ip = None
sensor_name = None
asset_name = None
try:
# Validate deployment parameters
if not is_valid_uuid(asset_id):
raise APICannotResolveAssetID(asset_id)
if not is_valid_ipv4(windows_ip):
raise APIInvalidDeploymentIP(windows_ip)
if not is_valid_windows_user(windows_username):
raise APIInvalidWindowsUsername(windows_username)
if not is_valid_user_password(windows_password):
raise APIInvalidWindowsPassword()
if agent_id and not is_valid_ossec_agent_id(agent_id):
raise APIInvalidAgentID(agent_id)
# Getting Sensor Information
(success, sensor) = get_sensor_by_sensor_id(sensor_id)
if not success:
raise APICannotResolveSensorID(sensor_id)
sensor_id = get_uuid_string_from_bytes(sensor.id)
sensor_id = sensor_id.replace('-', '').upper()
sensor_ip = get_ip_str_from_bytes(sensor.ip)
sensor_name = sensor.name
# Getting agent related to assets
hids_agents = get_hids_agents_by_asset(asset_id, sensor_id)
# Getting asset info
asset_name = get_name_by_host_id(asset_id)
if len(hids_agents) == 0:
# Creating agent if doesn't exists
agent_name = asset_name
(success,
data) = apimethod_ossec_add_new_agent(sensor_id, agent_name,
windows_ip, asset_id)
if not success:
raise APICannotCreateHIDSAgent(agent_name, sensor_id)
else:
agent_id = data
else:
# Getting agent information
if agent_id:
agent_key = sensor_id + '#' + agent_id
else:
agent_key = hids_agents.keys().pop(0)
if agent_key in hids_agents:
agent_name = hids_agents[agent_key].get('name')
agent_id = hids_agents[agent_key].get('id')
else:
raise APICannotGetHIDSAgentByAsset(asset_id)
# Deploy HIDS Agent
ansible_result = ansible_ossec_win_deploy(sensor_ip, agent_name,
windows_ip, windows_username,
windows_domain,
windows_password)
if ansible_result[sensor_ip]['unreachable'] == 0 and ansible_result[
sensor_ip]['failures'] == 0:
# No error, update agent status in database
time.sleep(2)
(success,
data) = apimethod_ossec_get_agent_detail(sensor_id, agent_id)
if success:
agent_info = data[0].split(',')
agent_status = agent_info[3]
update_hids_agent_status(agent_id, sensor_id, agent_status)
else:
ans_last_error = ""
if ansible_result[sensor_ip]['unreachable'] == 1:
ans_last_error = "System is unreachable"
elif 'msg' in ansible_result['alienvault']['lasterror'][
sensor_ip] and ansible_result['alienvault']['lasterror'][
sensor_ip]['msg'] != "":
ans_last_error = ansible_result['alienvault']['lasterror'][
sensor_ip]['msg']
elif 'stderr' in ansible_result['alienvault']['lasterror'][
sensor_ip] and ansible_result['alienvault']['lasterror'][
sensor_ip]['stderr'] != "":
ans_last_error = ansible_result['alienvault']['lasterror'][
sensor_ip]['stderr']
elif 'stdout' in ansible_result['alienvault']['lasterror'][
sensor_ip] and ansible_result['alienvault']['lasterror'][
sensor_ip]['stdout'] != "":
ans_last_error = ansible_result['alienvault']['lasterror'][
sensor_ip]['stdout']
error_msg = 'HIDS Agent cannot be deployed. Reason: {0}'.format(
ans_last_error)
raise APICannotDeployHIDSAgent(error_msg)
res = True
message = 'HIDS agent successfully deployed'
except APICannotDeployHIDSAgent as err:
message = str(err)
res = False
except Exception as err:
message = str(err)
logger.error(message)
res = False
# Create message in Message Center
mc_id = "00000000-0000-0000-0000-000000010033" if res is True else "00000000-0000-0000-0000-000000010031"
additional_info = {
"asset_id": asset_id,
"sensor_id": sensor_id,
"agent_id": agent_id,
"asset_name": asset_name,
"asset_ip": windows_ip,
"sensor_ip": sensor_ip,
"sensor_name": sensor_name,
"agent_name": agent_name,
"deploy_status": message
}
additional_info = json.dumps(additional_info)
insert_current_status_message(mc_id, asset_id, "host", additional_info)
return res, message