def stop_agent():
"""
Stop the Zeek (BroCtl) and FileBeats processes
:return: True, if stopped successfully
"""
sys.stdout.write('[+] Stopping agent processes.\n')
# Load service profilers
filebeat_profiler = filebeat.FileBeatProfiler()
zeek_profiler = zeek.ZeekProfiler()
suricata_profiler = suricata.SuricataProfiler()
# Load service processes
zeek_p = zeek.ZeekProcess()
filebeat_p = filebeat.FileBeatProcess()
if not (filebeat_profiler.is_installed or zeek_profiler.is_installed):
sys.stderr.write('[-] Could not start agent. Is it installed?\n')
sys.stderr.write('[-] dynamite install agent\n')
return False
if suricata_profiler.is_installed:
# Load Suricata process
suricata_p = suricata.SuricataProcess()
if not suricata_p.stop(stdout=True):
sys.stderr.write('[-] Could not stop agent.suricata_process.\n')
return False
if not zeek_p.stop(stdout=True):
sys.stderr.write('[-] Could not stop agent.zeek_process.\n')
return False
elif not filebeat_p.stop(stdout=True):
sys.stderr.write('[-] Could not stop agent.filebeat.\n')
return False
return True
def status_agent():
"""
Retrieve the status of the agent processes
:return: A tuple, where the first element is the zeek process status (string), and second element are
the FileBeats and PF_RING status
"""
# Load service processes
zeek_p = zeek.ZeekProcess()
filebeat_p = filebeat.FileBeatProcess()
# Load service profilers
pf_ring_profiler = pf_ring.PFRingProfiler(stderr=False)
filebeat_profiler = filebeat.FileBeatProfiler(stderr=False)
zeek_profiler = zeek.ZeekProfiler(stderr=False)
suricata_profiler = suricata.SuricataProfiler(stderr=False)
if not (filebeat_profiler.is_installed or zeek_profiler.is_installed):
sys.stderr.write('[-] Could not start agent. Is it installed?\n')
sys.stderr.write('[-] dynamite install agent\n')
return False
agent_status = dict(
agent_processes={
'zeek': zeek_p.status(),
'pf_ring': pf_ring_profiler.get_profile(),
'filebeat': filebeat_p.status()
})
if suricata_profiler.is_installed:
# Load Suricata process
suricata_p = suricata.SuricataProcess()
agent_status['agent_processes']['suricata'] = suricata_p.status()
return agent_status
def start_agent():
"""
Start the Zeek (BroCtl) and FileBeats processes
:return: True, if started successfully
"""
# Load service profilers
pf_ring_profiler = pf_ring.PFRingProfiler(stderr=False)
filebeat_profiler = filebeat.FileBeatProfiler(stderr=False)
zeek_profiler = zeek.ZeekProfiler(stderr=False)
suricata_profiler = suricata.SuricataProfiler(stderr=False)
# Load service processes
filebeat_p = filebeat.FileBeatProcess(
install_directory=environment_variables.get('FILEBEAT_HOME'))
zeek_p = zeek.ZeekProcess(
install_directory=environment_variables.get('ZEEK_HOME'))
if not (filebeat_profiler.is_installed or zeek_profiler.is_installed):
sys.stderr.write('[-] Could not start agent. Is it installed?\n')
sys.stderr.write('[-] dynamite install agent\n')
return False
if not pf_ring_profiler.is_running:
sys.stderr.write(
'[-] PF_RING kernel modules were not loaded. Try running '
'\'modprobe pf_ring min_num_slots=32768\' as root.\n')
return False
sys.stdout.write('[+] Starting agent processes.\n')
if suricata_profiler.is_installed:
# Load Suricata process
suricata_p = suricata.SuricataProcess(
install_directory=environment_variables.get('SURICATA_HOME'),
configuration_directory=environment_variables.get(
'SURICATA_CONFIG'))
if not suricata_p.start(stdout=True):
sys.stderr.write('[-] Could not start agent.suricata_process.\n')
return False
if not zeek_p.start(stdout=True):
sys.stderr.write('[-] Could not start agent.zeek_process.\n')
return False
if not filebeat_p.start(stdout=True):
sys.stderr.write('[-] Could not start agent.filebeat.\n')
return False
return True
def stop_agent():
"""
Stop the Zeek (BroCtl) and FileBeats processes
:return: True, if stopped successfully
"""
sys.stdout.write('[+] Stopping agent processes.\n')
# Load service profilers
filebeat_profiler = filebeat.FileBeatProfiler()
zeek_profiler = zeek.ZeekProfiler()
suricata_profiler = suricata.SuricataProfiler()
# Load service processes
zeek_p = zeek.ZeekProcess()
filebeat_p = filebeat.FileBeatProcess(
install_directory=environment_variables.get('FILEBEAT_HOME'))
if not (filebeat_profiler.is_installed or zeek_profiler.is_installed):
sys.stderr.write('[-] Could not start agent. Is it installed?\n')
sys.stderr.write('[-] dynamite install agent\n')
return False
if suricata_profiler.is_installed:
# Load Suricata process
suricata_p = suricata.SuricataProcess(
install_directory=environment_variables.get('SURICATA_HOME'),
configuration_directory=environment_variables.get(
'SURICATA_CONFIG'))
if not suricata_p.stop(stdout=True):
sys.stderr.write('[-] Could not stop agent.suricata_process.\n')
return False
if not zeek_p.stop(stdout=True):
sys.stderr.write('[-] Could not stop agent.zeek_process.\n')
return False
elif not filebeat_p.stop(stdout=True):
sys.stderr.write('[-] Could not stop agent.filebeat.\n')
return False
return True
def status_agent():
"""
Retrieve the status of the agent processes
:return: A tuple, where the first element is the zeek process status (string), and second element are
the FileBeats and PF_RING status
"""
# Load service processes
zeek_p = zeek.ZeekProcess(
install_directory=environment_variables.get('ZEEK_HOME'))
filebeat_p = filebeat.FileBeatProcess(
environment_variables.get('FILEBEAT_HOME'))
# Load service profilers
pf_ring_profiler = pf_ring.PFRingProfiler(stderr=False)
filebeat_profiler = filebeat.FileBeatProfiler(stderr=False)
zeek_profiler = zeek.ZeekProfiler(stderr=False)
suricata_profiler = suricata.SuricataProfiler(stderr=False)
if not (filebeat_profiler.is_installed or zeek_profiler.is_installed):
sys.stderr.write('[-] Could not start agent. Is it installed?\n')
sys.stderr.write('[-] dynamite install agent\n')
return False
agent_status = dict(agent_processes={
'pf_ring': pf_ring_profiler.get_profile(),
'filebeat': filebeat_p.status()
})
if suricata_profiler.is_installed:
# Load Suricata process
suricata_p = suricata.SuricataProcess(
install_directory=environment_variables.get('SURICATA_HOME'),
configuration_directory=environment_variables.get(
'SURICATA_CONFIG'))
agent_status['agent_processes']['suricata'] = suricata_p.status()
return zeek_p.status(), agent_status