def modified_registry_entries_restore(): remotely_remove_file( ossim_setup.get_general_admin_ip(), "/var/ossec/queue/syscheck/\"(windows_behave) 172.17.2.99->syscheck-registry\"" ) remotely_restore_file(ossim_setup.get_general_admin_ip(), "/var/ossec/etc/client.keys.bk", "/var/ossec/etc/client.keys")
def put_passfile_scenario1_restore(): result, system_id = get_system_id_from_local() if not result: raise KeyboardInterrupt() base_path = "/var/alienvault/%s/ossec/" % system_id pass_file = base_path + "agentless/.passlist" pass_file_backup = base_path + "agentless/.passlist.bk" remotely_restore_file(ossim_setup.get_general_admin_ip(), pass_file_backup, pass_file) remotely_remove_file(ossim_setup.get_general_admin_ip(), pass_file_backup)
def after_feature(context, feature): celerybeat_start = ["Status operations","Host operations"] # Start celery beat if feature.name in celerybeat_start: #ret = call(["/usr/share/python/alienvault-api/scripts/venv_celerybeat.sh","start"]) #assert_equal (0, ret, "Can't start celery beat") # Wait for start time.sleep(10) if feature.name == "Status operations": restore_database_tables (context,context.tempfile) os.remove (context.tempfile) if feature.name == "Sensor detector operations": if not set_plugin_delete_hosts(): print ("Can't delete hosts") raise KeyboardInterrupt() if not remotely_restore_file(ossim_setup.get_general_admin_ip(), "/tmp/config.yml.bddbk","/etc/ossim/agent/config.yml"): print ("Something wrong happen while restoring the yml file") raise KeyboardInterrupt() files_to_remove = ["/tmp/config.yml.bddbk", "/tmp/config_test.yml"] for f in files_to_remove: if not remotely_remove_file(ossim_setup.get_general_admin_ip(), f): print ("Can't remove the file %s" % f) raise KeyboardInterrupt()
def after_feature(context, feature): celerybeat_start = ["Status operations", "Host operations"] # Start celery beat if feature.name in celerybeat_start: #ret = call(["/usr/share/python/alienvault-api/scripts/venv_celerybeat.sh","start"]) #assert_equal (0, ret, "Can't start celery beat") # Wait for start time.sleep(10) if feature.name == "Status operations": restore_database_tables(context, context.tempfile) os.remove(context.tempfile) if feature.name == "Sensor detector operations": if not set_plugin_delete_hosts(): print("Can't delete hosts") raise KeyboardInterrupt() if not remotely_restore_file(ossim_setup.get_general_admin_ip(), "/tmp/config.yml.bddbk", "/etc/ossim/agent/config.yml"): print("Something wrong happen while restoring the yml file") raise KeyboardInterrupt() files_to_remove = ["/tmp/config.yml.bddbk", "/tmp/config_test.yml"] for f in files_to_remove: if not remotely_remove_file(ossim_setup.get_general_admin_ip(), f): print("Can't remove the file %s" % f) raise KeyboardInterrupt()
def put_passfile_scenario2_prepare(): raw_file = """[email protected]|mypasss123|""" result, system_id = get_system_id_from_local() if not result: raise KeyboardInterrupt() base_path = "/var/alienvault/%s/ossec/" % system_id pass_file = base_path + "agentless/.passlist" pass_file_backup = base_path + "agentless/.passlist.bk" ossec_pass_file = "/var/ossec/agentless/.passlist" ossec_pass_file_backup = "/var/ossec/agentless/.passlist.bk" remotely_backup_file(ossim_setup.get_general_admin_ip(), pass_file, pass_file_backup) remotely_remove_file(ossim_setup.get_general_admin_ip(), pass_file) remotely_backup_file(ossim_setup.get_general_admin_ip(), ossec_pass_file, ossec_pass_file_backup) remotely_remove_file(ossim_setup.get_general_admin_ip(), ossec_pass_file) f = open(pass_file, "w") f.write(raw_file) f.close()
def put_passfile_scenario2_prepare(): raw_file="""[email protected]|mypasss123|""" result, system_id = get_system_id_from_local() if not result: raise KeyboardInterrupt() base_path = "/var/alienvault/%s/ossec/" % system_id pass_file = base_path + "agentless/.passlist" pass_file_backup = base_path + "agentless/.passlist.bk" ossec_pass_file = "/var/ossec/agentless/.passlist" ossec_pass_file_backup = "/var/ossec/agentless/.passlist.bk" remotely_backup_file(ossim_setup.get_general_admin_ip(),pass_file, pass_file_backup) remotely_remove_file(ossim_setup.get_general_admin_ip(), pass_file) remotely_backup_file(ossim_setup.get_general_admin_ip(),ossec_pass_file, ossec_pass_file_backup) remotely_remove_file(ossim_setup.get_general_admin_ip(), ossec_pass_file) f = open(pass_file,"w") f.write(raw_file) f.close()
def get_passlist_scenario1_prepare(): remotely_backup_file(ossim_setup.get_general_admin_ip(), "/var/ossec/agentless/.passlist", "/var/ossec/agentless/.passlist.bk") remotely_remove_file(ossim_setup.get_general_admin_ip(), "/var/ossec/agentless/.passlist")
def restore_ossec_keys_file(): remotely_restore_file("127.0.0.1", "/var/ossec/etc/client.keys.bk", "/var/ossec/etc/client.keys") remotely_remove_file("127.0.0.1", "/var/ossec/etc/client.keys.bk")
def empty_ossec_keys_file(): remotely_backup_file("127.0.0.1", "/var/ossec/etc/client.keys", "/var/ossec/etc/client.keys.bk") remotely_remove_file("127.0.0.1", "/var/ossec/etc/client.keys")
def modified_registry_entries_restore(): remotely_remove_file(ossim_setup.get_general_admin_ip(), "/var/ossec/queue/syscheck/\"(windows_behave) 172.17.2.99->syscheck-registry\"") remotely_restore_file(ossim_setup.get_general_admin_ip(), "/var/ossec/etc/client.keys.bk","/var/ossec/etc/client.keys")