def update_hids_agents():
""" Task to update the info of hids agents of each sensor
"""
insert_message = False
send_refresh = False
not_linked_assets = 0
msg_id_binary = get_bytes_from_uuid("00000000-0000-0000-0000-000000010032")
delete_current_status_messages([msg_id_binary])
try:
success, systems = get_systems(system_type='Sensor',
directly_connected=True)
if not success:
logger.error("[update_hids_agents] %s" % str(systems))
raise APICannotRetrieveSystems()
success, local_system_id = get_system_id_from_local()
if not success:
logger.error("[update_hids_agents] %s" % str(local_system_id))
raise APICannotResolveLocalSystemID()
system_ids = [x[0] for x in systems]
if local_system_id not in system_ids:
system_ids.append(local_system_id)
for system_id in system_ids:
try:
not_linked_assets_by_sensor, new_host = update_system_hids_agents(
system_id)
# Update counter
not_linked_assets = not_linked_assets + not_linked_assets_by_sensor
if not_linked_assets_by_sensor > 0:
insert_message = True
if not send_refresh and new_host:
send_refresh = True
except APIException as e:
logger.error("[update_hids_agents] %s" % str(e))
except Exception as e:
logger.error("[update_hids_agents] %s" % str(e))
return False
if insert_message:
success, local_system_id = get_system_id_from_local()
additional_info = json.dumps({"not_linked_assets": not_linked_assets})
insert_current_status_message("00000000-0000-0000-0000-000000010032",
local_system_id, "system",
additional_info)
if send_refresh:
refresh_hosts()
return True
def update_hids_agents():
""" Task to update the info of hids agents of each sensor
"""
insert_message = False
send_refresh = False
not_linked_assets = 0
msg_id_binary = get_bytes_from_uuid("00000000-0000-0000-0000-000000010032")
delete_current_status_messages([msg_id_binary])
try:
success, systems = get_systems(system_type='Sensor', directly_connected=True)
if not success:
logger.error("[update_hids_agents] %s" % str(systems))
raise APICannotRetrieveSystems()
success, local_system_id = get_system_id_from_local()
if not success:
logger.error("[update_hids_agents] %s" % str(local_system_id))
raise APICannotResolveLocalSystemID()
system_ids = [x[0] for x in systems]
if local_system_id not in system_ids:
system_ids.append(local_system_id)
for system_id in system_ids:
try:
not_linked_assets_by_sensor, new_host = update_system_hids_agents(system_id)
# Update counter
not_linked_assets = not_linked_assets + not_linked_assets_by_sensor
if not_linked_assets_by_sensor > 0:
insert_message = True
if not send_refresh and new_host:
send_refresh = True
except APIException as e:
logger.error("[update_hids_agents] %s" % str(e))
except Exception as e:
logger.error("[update_hids_agents] %s" % str(e))
return False
if insert_message:
success, local_system_id = get_system_id_from_local()
additional_info = json.dumps({"not_linked_assets": not_linked_assets})
insert_current_status_message("00000000-0000-0000-0000-000000010032", local_system_id, "system",
additional_info)
if send_refresh:
refresh_hosts()
return True
def ossec_win_deploy(sensor_id,
asset_id,
windows_ip,
windows_username,
windows_password,
windows_domain,
agent_id=None):
""" Deploy HIDS agent on a Windows System
Args:
sensor_id(str): Sensor ID
asset_id(str): Asset ID
windows_ip(str) : Deployment IP (where we are going to deploy the HIDS Agent)
windows_username(str) : Windows Username
windows_password(str) : Windows Password
windows_domain(str) : Windows Domain
agent_id(str) : Agent ID
Returns:
True if HIDS agent was properly deployed
Raises:
APICannotResolveAssetID
APICannotCreateHIDSAgent
APICannotGetHIDSAgentByAsset
APICannotResolveSensorID
APICannotDeployHIDSAgent
APIInvalidDeploymentIP
APIInvalidWindowsUsername
APIInvalidWindowsPassword
APIInvalidAgentID
"""
# Setting default values
agent_name = None
sensor_ip = None
sensor_name = None
asset_name = None
try:
# Validate deployment parameters
if not is_valid_uuid(asset_id):
raise APICannotResolveAssetID(asset_id)
if not is_valid_ipv4(windows_ip):
raise APIInvalidDeploymentIP(windows_ip)
if not is_valid_windows_user(windows_username):
raise APIInvalidWindowsUsername(windows_username)
if not is_valid_user_password(windows_password):
raise APIInvalidWindowsPassword()
if agent_id and not is_valid_ossec_agent_id(agent_id):
raise APIInvalidAgentID(agent_id)
# Getting Sensor Information
(success, sensor) = get_sensor_by_sensor_id(sensor_id)
if not success:
raise APICannotResolveSensorID(sensor_id)
sensor_id = get_uuid_string_from_bytes(sensor.id)
sensor_id = sensor_id.replace('-', '').upper()
sensor_ip = get_ip_str_from_bytes(sensor.ip)
sensor_name = sensor.name
# Getting agent related to assets
hids_agents = get_hids_agents_by_asset(asset_id, sensor_id)
# Getting asset info
asset_name = get_name_by_host_id(asset_id)
if len(hids_agents) == 0:
# Creating agent if doesn't exists
agent_name = asset_name
(success,
data) = apimethod_ossec_add_new_agent(sensor_id, agent_name,
windows_ip, asset_id)
if not success:
raise APICannotCreateHIDSAgent(agent_name, sensor_id)
else:
agent_id = data
else:
# Getting agent information
if agent_id:
agent_key = sensor_id + '#' + agent_id
else:
agent_key = hids_agents.keys().pop(0)
if agent_key in hids_agents:
agent_name = hids_agents[agent_key].get('name')
agent_id = hids_agents[agent_key].get('id')
else:
raise APICannotGetHIDSAgentByAsset(asset_id)
# Deploy HIDS Agent
ansible_result = ansible_ossec_win_deploy(sensor_ip, agent_name,
windows_ip, windows_username,
windows_domain,
windows_password)
if ansible_result[sensor_ip]['unreachable'] == 0 and ansible_result[
sensor_ip]['failures'] == 0:
# No error, update agent status in database
time.sleep(2)
(success,
data) = apimethod_ossec_get_agent_detail(sensor_id, agent_id)
if success:
agent_info = data[0].split(',')
agent_status = agent_info[3]
update_hids_agent_status(agent_id, sensor_id, agent_status)
else:
ans_last_error = ""
if ansible_result[sensor_ip]['unreachable'] == 1:
ans_last_error = "System is unreachable"
elif 'msg' in ansible_result['alienvault']['lasterror'][
sensor_ip] and ansible_result['alienvault']['lasterror'][
sensor_ip]['msg'] != "":
ans_last_error = ansible_result['alienvault']['lasterror'][
sensor_ip]['msg']
elif 'stderr' in ansible_result['alienvault']['lasterror'][
sensor_ip] and ansible_result['alienvault']['lasterror'][
sensor_ip]['stderr'] != "":
ans_last_error = ansible_result['alienvault']['lasterror'][
sensor_ip]['stderr']
elif 'stdout' in ansible_result['alienvault']['lasterror'][
sensor_ip] and ansible_result['alienvault']['lasterror'][
sensor_ip]['stdout'] != "":
ans_last_error = ansible_result['alienvault']['lasterror'][
sensor_ip]['stdout']
error_msg = 'HIDS Agent cannot be deployed. Reason: {0}'.format(
ans_last_error)
raise APICannotDeployHIDSAgent(error_msg)
res = True
message = 'HIDS agent successfully deployed'
except APICannotDeployHIDSAgent as err:
message = str(err)
res = False
except Exception as err:
message = str(err)
logger.error(message)
res = False
# Create message in Message Center
mc_id = "00000000-0000-0000-0000-000000010033" if res is True else "00000000-0000-0000-0000-000000010031"
additional_info = {
"asset_id": asset_id,
"sensor_id": sensor_id,
"agent_id": agent_id,
"asset_name": asset_name,
"asset_ip": windows_ip,
"sensor_ip": sensor_ip,
"sensor_name": sensor_name,
"agent_name": agent_name,
"deploy_status": message
}
additional_info = json.dumps(additional_info)
insert_current_status_message(mc_id, asset_id, "host", additional_info)
return res, message
def make_system_backup(system_id,
backup_type,
rotate=True,
retry=True,
method="auto",
backup_pass=""):
"""
Run backup_type for system_id
:param system_id
:param backup_type
"""
success, system_ip = get_system_ip_from_system_id(system_id)
if not success:
return False, system_ip # here system_ip contains an error msg
additional_info = json.dumps({
'system_id': system_id,
'system_ip': system_ip
})
if not backup_pass or backup_pass == 'NULL':
msg = 'Password for configuration backups was not set. Backups will be disabled...'
notifier.warning(msg)
insert_current_status_message("00000000-0000-0000-0000-000000010039",
system_id,
"system",
additional_info=additional_info)
return False, msg
try:
notifier.info("Running Backup [%s - %s]" % (system_ip, backup_type))
if retry:
# This kind of backup is always auto.
make_system_backup_by_system_ip_with_retry(system_ip,
backup_type,
backup_pass=backup_pass)
else:
make_system_backup_by_system_ip(system_ip,
backup_type,
method=method,
backup_pass=backup_pass)
except Exception as e:
notifier.error("Backup fails [%s - %s]: %s" %
(system_ip, backup_type, str(e)))
# To do: Launch a Notification message
success, result = insert_current_status_message(
"00000000-0000-0000-0000-000000010018",
system_id,
"system",
additional_info=additional_info)
if not success:
return False, str(result) + " " + str(e)
else:
return False, str(e)
notifier.info("Backup successfully made [%s - %s]" %
(system_ip, backup_type))
# To do: Launch a Notification message
# Rotate
if rotate:
success, result = rotate_backups(system_id, backup_type, 10)
if not success:
notifier.warning("Error Rotating %s backups in %s" %
(backup_type, system_id))
else:
notifier.info("Backups rotated successfully")
# Refresh cache
try:
get_backup_list(system_id=system_id,
backup_type=backup_type,
no_cache=True)
except Exception as e:
error_msg = "Error when trying to flush the cache after deleting backups: %s" % str(
e)
notifier.warning(error_msg)
return True, None
def ossec_win_deploy(sensor_id, asset_id, windows_ip, windows_username, windows_password, windows_domain,
agent_id=None):
""" Deploy HIDS agent on a Windows System
Args:
sensor_id(str): Sensor ID
asset_id(str): Asset ID
windows_ip(str) : Deployment IP (where we are going to deploy the HIDS Agent)
windows_username(str) : Windows Username
windows_password(str) : Windows Password
windows_domain(str) : Windows Domain
agent_id(str) : Agent ID
Returns:
True if HIDS agent was properly deployed
Raises:
APICannotResolveAssetID
APICannotCreateHIDSAgent
APICannotGetHIDSAgentByAsset
APICannotResolveSensorID
APICannotDeployHIDSAgent
APIInvalidDeploymentIP
APIInvalidWindowsUsername
APIInvalidWindowsPassword
APIInvalidAgentID
"""
# Setting default values
agent_name = None
sensor_ip = None
sensor_name = None
asset_name = None
try:
# Validate deployment parameters
if not is_valid_uuid(asset_id):
raise APICannotResolveAssetID(asset_id)
if not is_valid_ipv4(windows_ip):
raise APIInvalidDeploymentIP(windows_ip)
if not is_valid_windows_user(windows_username):
raise APIInvalidWindowsUsername(windows_username)
if not is_valid_user_password(windows_password):
raise APIInvalidWindowsPassword()
if agent_id and not is_valid_ossec_agent_id(agent_id):
raise APIInvalidAgentID(agent_id)
# Getting Sensor Information
(success, sensor) = get_sensor_by_sensor_id(sensor_id)
if not success:
raise APICannotResolveSensorID(sensor_id)
sensor_id = get_uuid_string_from_bytes(sensor.id)
sensor_id = sensor_id.replace('-', '').upper()
sensor_ip = get_ip_str_from_bytes(sensor.ip)
sensor_name = sensor.name
# Getting agent related to assets
hids_agents = get_hids_agents_by_asset(asset_id, sensor_id)
# Getting asset info
asset_name = get_name_by_host_id(asset_id)
if len(hids_agents) == 0:
# Creating agent if doesn't exists
agent_name = asset_name
(success, data) = apimethod_ossec_add_new_agent(sensor_id, agent_name, windows_ip, asset_id)
if not success:
raise APICannotCreateHIDSAgent(agent_name, sensor_id)
else:
agent_id = data
else:
# Getting agent information
if agent_id:
agent_key = sensor_id + '#' + agent_id
else:
agent_key = hids_agents.keys().pop(0)
if agent_key in hids_agents:
agent_name = hids_agents[agent_key].get('name')
agent_id = hids_agents[agent_key].get('id')
else:
raise APICannotGetHIDSAgentByAsset(asset_id)
# Deploy HIDS Agent
ansible_result = ansible_ossec_win_deploy(sensor_ip, agent_name, windows_ip, windows_username, windows_domain,
windows_password)
if ansible_result[sensor_ip]['unreachable'] == 0 and ansible_result[sensor_ip]['failures'] == 0:
# No error, update agent status in database
time.sleep(2)
(success, data) = apimethod_ossec_get_agent_detail(sensor_id, agent_id)
if success:
agent_info = data[0].split(',')
agent_status = agent_info[3]
update_hids_agent_status(agent_id, sensor_id, agent_status)
else:
ans_last_error = ""
if ansible_result[sensor_ip]['unreachable'] == 1:
ans_last_error = "System is unreachable"
elif 'msg' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['msg']!="":
ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['msg']
elif 'stderr' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['stderr']!="":
ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['stderr']
elif 'stdout' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['stdout']!="":
ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['stdout']
error_msg = 'HIDS Agent cannot be deployed. Reason: {0}'.format(ans_last_error)
raise APICannotDeployHIDSAgent(error_msg)
res = True
message = 'HIDS agent successfully deployed'
except APICannotDeployHIDSAgent as err:
message = str(err)
res = False
except Exception as err:
message = str(err)
logger.error(message)
res = False
# Create message in Message Center
mc_id = "00000000-0000-0000-0000-000000010033" if res is True else "00000000-0000-0000-0000-000000010031"
additional_info = {
"asset_id": asset_id,
"sensor_id": sensor_id,
"agent_id": agent_id,
"asset_name": asset_name,
"asset_ip": windows_ip,
"sensor_ip": sensor_ip,
"sensor_name": sensor_name,
"agent_name": agent_name,
"deploy_status": message
}
additional_info = json.dumps(additional_info)
insert_current_status_message(mc_id, asset_id, "host", additional_info)
return res, message
def make_system_backup(system_id,
backup_type,
rotate=True,
retry=True,
method="auto"):
"""
Run backup_type for system_id
:param system_id
:param backup_type
"""
success, system_ip = get_system_ip_from_system_id(system_id)
if not success:
return False
try:
notifier.info("Running Backup [%s - %s]" % (system_ip, backup_type))
if retry:
make_system_backup_by_system_ip_with_retry(
system_ip, backup_type) # This kind of backup is always auto.
else:
make_system_backup_by_system_ip(system_ip,
backup_type,
method=method)
except Exception as e:
notifier.warning("Backup fails " + "[%s - %s]: %s" %
(system_ip, backup_type, str(e)))
# To do: Launch a Notification message
additional_info = {'system_id': system_id, 'system_ip': system_ip}
additional_info = json.dumps(additional_info)
success, result = insert_current_status_message(
"00000000-0000-0000-0000-000000010018", system_id, "system",
additional_info)
if not success:
return False, str(result) + " " + str(e)
else:
return False, str(e)
notifier.info("Backup successfully made " + "[%s - %s]" %
(system_ip, backup_type))
# To do: Launch a Notification message
# Rotate
if rotate:
success, result = rotate_backups(system_id, backup_type, 10)
if not success:
notifier.warning("Error Rotating %s " % backup_type +
"backups in %s" % (system_id))
else:
notifier.info("Backups rotated successfully")
# Refresh cache
try:
get_backup_list(system_id=system_id,
backup_type=backup_type,
no_cache=True)
except Exception as e:
error_msg = "Error when trying to flush the cache " \
"after deleting backups: %s" % str(e)
notifier.warning(error_msg)
return True, None
def make_system_backup(system_id, backup_type, rotate=True, retry=True, method="auto", backup_pass=""):
"""
Run backup_type for system_id
:param system_id
:param backup_type
"""
success, system_ip = get_system_ip_from_system_id(system_id)
if not success:
return False, system_ip # here system_ip contains an error msg
additional_info = json.dumps({'system_id': system_id,
'system_ip': system_ip})
if not backup_pass or backup_pass == 'NULL':
msg = 'Password for configuration backups was not set. Backups will be disabled...'
notifier.warning(msg)
insert_current_status_message("00000000-0000-0000-0000-000000010039",
system_id,
"system",
additional_info=additional_info)
return False, msg
try:
notifier.info("Running Backup [%s - %s]" % (system_ip, backup_type))
if retry:
# This kind of backup is always auto.
make_system_backup_by_system_ip_with_retry(system_ip, backup_type, backup_pass=backup_pass)
else:
make_system_backup_by_system_ip(system_ip, backup_type, method=method, backup_pass=backup_pass)
except Exception as e:
notifier.error("Backup fails [%s - %s]: %s" % (system_ip, backup_type, str(e)))
# To do: Launch a Notification message
success, result = insert_current_status_message("00000000-0000-0000-0000-000000010018",
system_id,
"system",
additional_info=additional_info)
if not success:
return False, str(result) + " " + str(e)
else:
return False, str(e)
notifier.info("Backup successfully made [%s - %s]" % (system_ip, backup_type))
# To do: Launch a Notification message
# Rotate
if rotate:
success, result = rotate_backups(system_id, backup_type, 10)
if not success:
notifier.warning("Error Rotating %s backups in %s" % (backup_type, system_id))
else:
notifier.info("Backups rotated successfully")
# Refresh cache
try:
get_backup_list(system_id=system_id,
backup_type=backup_type,
no_cache=True)
except Exception as e:
error_msg = "Error when trying to flush the cache after deleting backups: %s" % str(e)
notifier.warning(error_msg)
return True, None
