def get_base_path_from_sensor_id(sensor_id):
if sensor_id == 'local':
rt, system_id = get_system_id_from_local()
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
rt, system_id = get_system_id_from_sensor_id(sensor_id)
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
def get_base_path_from_sensor_id(sensor_id):
if sensor_id == 'local':
rt, system_id = get_system_id_from_local()
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
rt, system_id = get_system_id_from_sensor_id(sensor_id)
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
def create_directory_for_ossec_remote(system_id):
path = get_base_path_from_system_id(system_id) + "/ossec/"
success, msg = create_local_directory(path)
if not success:
return False, msg
return True, ""
def get_base_path_from_server_id(server_id):
""" Get base path from server ID
Args:
server_id (str): Server ID
Returns:
String with the corresponding base path
"""
if server_id == 'local':
rt, system_id = get_system_id_from_local()
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
rt, system_id = get_system_id_from_server_id(server_id)
if not rt:
return False, "Can't retrieve the system id for server id %s: %s" % (server_id, system_id)
return True, get_base_path_from_system_id(system_id)
def get_base_path_from_server_id(server_id):
""" Get base path from server ID
Args:
server_id (str): Server ID
Returns:
String with the corresponding base path
"""
if server_id == 'local':
rt, system_id = get_system_id_from_local()
if not rt:
return False, "Can't retrieve the system id"
return True, get_base_path_from_system_id(system_id)
rt, system_id = get_system_id_from_server_id(server_id)
if not rt:
return False, "Can't retrieve the system id for server id %s: %s" % (
server_id, system_id)
return True, get_base_path_from_system_id(system_id)
def sync_database_from_child(system_id):
"""
Check SQL sync file in system_id and if it differs from the local one,
get it and add to local database
Then, check if we have to propagate changes upwards
and generate sync.sql if so
"""
# Get remote and local IPs
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "[Apimethod sync_database_from_child] " + \
"Error retrieving the system ip for the system id " + \
"%s -> %s" % (system_ip, str(system_ip))
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "[Apimethod sync_database_from_child] " + \
"Error while getting the local ip: %s" % str(local_ip)
return success, error_msg
# SQL file changed. Get it, check md5 and apply
# Get MD5SUM file for the SQL file
remote_md5file_path = "/var/lib/alienvault-center/db/sync.md5"
local_md5file_path = "%s" % get_base_path_from_system_id(system_id) + \
"/sync_%s.md5" % system_id
(retrieved, msg) = rsync_pull(system_ip,
remote_md5file_path,
local_ip,
local_md5file_path)
if not retrieved and 'already in sync' not in msg:
return False, "[Apimethod sync_database_from_child] %s" % msg
# Check SQL file MD5
local_file_path = "%s" % get_base_path_from_system_id(system_id) + \
"/sync_%s.sql" % system_id
with open(local_md5file_path) as m:
md5_read = m.readline()
p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE)
md5_calc, err = p.communicate()
if err:
return False, "[Apimethod sync_database_from_child] %s" % err
if str(md5_read.rstrip('\n')) in str(md5_calc):
return True, "[Apimethod sync_database_from_child] SQL already synced"
# Get remote sync file if changed
remote_file_path = "/var/lib/alienvault-center/db/sync.sql"
(retrieved, msg) = rsync_pull(system_ip,
remote_file_path,
local_ip,
local_file_path)
if not retrieved:
if 'already in sync' in msg:
true_msg = "[Apimethod sync_database_from_child] " + \
"Databases already in sync"
return True, true_msg
else:
false_msg = "[Apimethod sync_database_from_child] " + \
"%s" % msg
return False, false_msg
# Check SQL file MD5
p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE)
md5_calc, err = p.communicate()
if err:
return False, "[Apimethod sync_database_from_child] %s" % err
if not str(md5_read.rstrip('\n')) in str(md5_calc):
error_msg = "[Apimethod sync_database_from_child] " + \
"Corrupt or incomplete SQL file (bad md5sum)"
return False, error_msg
# SQL file OK. Apply
with open(local_file_path) as f:
if call(['/usr/bin/ossim-db'], stdin=f):
error_msg = "[Apimethod sync_database_from_child] " + \
"Error applying SQL file to ossim-db"
return False, error_msg
else:
info_msg = "[Apimethod sync_database_from_child] " + \
"SQL applied successfully"
api_log.info(info_msg)
# Check first line of sync.sql file for mySQL restart option
f.seek(0, 0)
restart_db = "RESTART OSSIM-SERVER" in f.readline()
# Restart SQL server if needed
if restart_db:
try:
restart_ossim_server(local_ip)
except Exception, err:
error_msg = "An error occurred while restarting " + \
"MySQL server: %s" % str(err)
return False, error_msg
def sync_database_from_child(system_id):
"""
Check SQL sync file in system_id and if it differs from the local one,
get it and add to local database
Then, check if we have to propagate changes upwards
and generate sync.sql if so
"""
# Get remote and local IPs
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "[Apimethod sync_database_from_child] " + \
"Error retrieving the system ip for the system id " + \
"%s -> %s" % (system_ip, str(system_ip))
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "[Apimethod sync_database_from_child] " + \
"Error while getting the local ip: %s" % str(local_ip)
return success, error_msg
# SQL file changed. Get it, check md5 and apply
# Get MD5SUM file for the SQL file
remote_md5file_path = "/var/lib/alienvault-center/db/sync.md5"
local_md5file_path = "%s" % get_base_path_from_system_id(system_id) + \
"/sync_%s.md5" % system_id
(retrieved, msg) = rsync_pull(system_ip, remote_md5file_path, local_ip,
local_md5file_path)
if not retrieved and 'already in sync' not in msg:
return False, "[Apimethod sync_database_from_child] %s" % msg
# Check SQL file MD5
local_file_path = "%s" % get_base_path_from_system_id(system_id) + \
"/sync_%s.sql" % system_id
with open(local_md5file_path) as m:
md5_read = m.readline()
p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE)
md5_calc, err = p.communicate()
if err:
return False, "[Apimethod sync_database_from_child] %s" % err
if str(md5_read.rstrip('\n')) in str(md5_calc):
return True, "[Apimethod sync_database_from_child] SQL already synced"
# Get remote sync file if changed
remote_file_path = "/var/lib/alienvault-center/db/sync.sql"
(retrieved, msg) = rsync_pull(system_ip, remote_file_path, local_ip,
local_file_path)
if not retrieved:
if 'already in sync' in msg:
true_msg = "[Apimethod sync_database_from_child] " + \
"Databases already in sync"
return True, true_msg
else:
false_msg = "[Apimethod sync_database_from_child] " + \
"%s" % msg
return False, false_msg
# Check SQL file MD5
p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE)
md5_calc, err = p.communicate()
if err:
return False, "[Apimethod sync_database_from_child] %s" % err
if not str(md5_read.rstrip('\n')) in str(md5_calc):
error_msg = "[Apimethod sync_database_from_child] " + \
"Corrupt or incomplete SQL file (bad md5sum)"
return False, error_msg
# SQL file OK. Apply
with open(local_file_path) as f:
if call(['/usr/bin/ossim-db'], stdin=f):
error_msg = "[Apimethod sync_database_from_child] " + \
"Error applying SQL file to ossim-db"
return False, error_msg
else:
info_msg = "[Apimethod sync_database_from_child] " + \
"SQL applied successfully"
api_log.info(info_msg)
# Check first line of sync.sql file for mySQL restart option
f.seek(0, 0)
restart_db = "RESTART OSSIM-SERVER" in f.readline()
# Restart SQL server if needed
if restart_db:
try:
restart_ossim_server(local_ip)
except Exception, err:
error_msg = "An error occurred while restarting " + \
"MySQL server: %s" % str(err)
return False, error_msg
