def clear(agent_list=None): """Clear the rootcheck database for a list of agents. Parameters ---------- agent_list : list List of agent ids. Returns ------- result : AffectedItemsWazuhResult JSON containing the affected agents. """ result = AffectedItemsWazuhResult( all_msg='Rootcheck database was cleared on returned agents', some_msg='Rootcheck database was not cleared on some agents', none_msg="No rootcheck database was cleared") wdb_conn = WazuhDBConnection() for agent_id in agent_list: if agent_id not in get_agents_info(): result.add_failed_item(id_=agent_id, error=WazuhResourceNotFound(1701)) else: try: wdb_conn.execute(f"agent {agent_id} rootcheck delete", delete=True) result.affected_items.append(agent_id) except WazuhError as e: result.add_failed_item(id_=agent_id, error=e) result.affected_items.sort(key=int) result.total_affected_items = len(result.affected_items) return result
def last_scan(agent_id): """Get the last rootcheck scan of an agent. :param agent_id: Agent ID. :return: Dictionary: end, start. """ Agent(agent_id).get_basic_information() wdb_conn = WazuhDBConnection() # end time result = wdb_conn.execute( f"agent {agent_id} sql SELECT max(date_last) FROM pm_event WHERE " "log = 'Ending rootcheck scan.'") time = list(result[0].values())[0] if result else None end = datetime.utcfromtimestamp(time).strftime( date_format) if time is not None else None # start time result = wdb_conn.execute( f"agent {agent_id} sql SELECT max(date_last) FROM pm_event " "WHERE log = 'Starting rootcheck scan.'") time = list(result[0].values())[0] if result else None start = datetime.utcfromtimestamp(time).strftime( date_format) if time is not None else None return { 'start': start, 'end': None if start is None else None if end is None or end < start else end }
def test_execute(send_mock, socket_send_mock, connect_mock): mywdb = WazuhDBConnection() mywdb.execute('agent 000 sql delete from test', delete=True) mywdb.execute("agent 000 sql update test set value = 'test' where key = 'test'", update=True) with patch("wazuh.core.wdb.WazuhDBConnection._send", return_value=[{'total':5}]): mywdb.execute("agent 000 sql select test from test offset 1 limit 1") mywdb.execute("agent 000 sql select test from test offset 1 limit 1", count=True) mywdb.execute("agent 000 sql select test from test offset 1 count")
def test_failed_execute(send_mock, connect_mock, error_query, error_type, expected_exception, delete, update): mywdb = WazuhDBConnection() if not error_type: with pytest.raises(exception.WazuhException, match=f'.* {expected_exception} .*'): mywdb.execute(error_query, delete=delete, update=update) else: with patch("wazuh.core.wdb.WazuhDBConnection._send", return_value=[{'total': 5}]): with patch("wazuh.core.wdb.range", side_effect=error_type): with pytest.raises(exception.WazuhException, match=f'.* {expected_exception} .*'): mywdb.execute(error_query, delete=delete, update=update)
def test_execute(send_mock, socket_send_mock, connect_mock): def send_mock(obj, msg, raw=False): return ['ok', '{"total": 5}'] if raw else [{"total": 5}] mywdb = WazuhDBConnection() mywdb.execute('agent 000 sql delete from test', delete=True) mywdb.execute("agent 000 sql update test set value = 'test' where key = 'test'", update=True) with patch("wazuh.core.wdb.WazuhDBConnection._send", new=send_mock): mywdb.execute("agent 000 sql select test from test offset 1 limit 1") mywdb.execute("agent 000 sql select test from test offset 1 limit 1", count=True) mywdb.execute("agent 000 sql select test from test offset 1 count")
def test_execute_pagination(socket_send_mock, connect_mock): mywdb = WazuhDBConnection() # Test pagination with patch("wazuh.core.wdb.WazuhDBConnection._send", side_effect=[[{'total': 5}], exception.WazuhInternalError(2009), ['ok', '{"total": 5}'], ['ok', '{"total": 5}']]): mywdb.execute("agent 000 sql select test from test offset 1 limit 500") # Test pagination error with patch("wazuh.core.wdb.WazuhDBConnection._send", side_effect=[[{'total': 5}], exception.WazuhInternalError(2009)]): with pytest.raises(exception.WazuhInternalError, match=".* 2009 .*"): mywdb.execute("agent 000 sql select test from test offset 1 limit 1")
def _initialize(self): """ Calculates all Wazuh installation metadata """ # info DB if possible try: wdb_conn = WazuhDBConnection() open_ssl = wdb_conn.execute("global sql SELECT value FROM info WHERE key = 'openssl_support'")[0]['value'] self.openssl_support = open_ssl except Exception: self.openssl_support = "N/A" # Ruleset version ruleset_version_file = os.path.join(self.path, 'ruleset', 'VERSION') try: with open(ruleset_version_file, 'r') as f: line_regex = re.compile(r'(^\w+)="(.+)"') for line in f: match = line_regex.match(line) if match and len(match.groups()) == 2: self.ruleset_version = match.group(2) except: raise WazuhInternalError(1005, extra_message=ruleset_version_file) # Timezone info try: self.tz_offset = strftime("%z") self.tz_name = strftime("%Z") except Exception: self.tz_offset = None self.tz_name = None return self.to_dict()
def get_manager_name(): """This function read the manager name from global.db""" wdb_conn = WazuhDBConnection() manager_name = wdb_conn.execute( "global sql SELECT name FROM agent WHERE (id = 0)")[0]['name'] wdb_conn.close() return manager_name
def clear(agent_list=None): """Clear the syscheck database for a list of agents. :param agent_list: List of agent ids :return: AffectedItemsWazuhResult. """ result = AffectedItemsWazuhResult(all_msg='Syscheck database was cleared on returned agents', some_msg='Syscheck database was not cleared on some agents', none_msg="No syscheck database was cleared") wdb_conn = WazuhDBConnection() for agent in agent_list: if agent not in get_agents_info(): result.add_failed_item(id_=agent, error=WazuhResourceNotFound(1701)) else: try: wdb_conn.execute("agent {} sql delete from fim_entry".format(agent), delete=True) # Update key fields which contains keys to value 000 wdb_conn.execute("agent {} sql update metadata set value = '000' " "where key like 'fim_db%'".format(agent), update=True) wdb_conn.execute("agent {} sql update metadata set value = '000' " "where key = 'syscheck-db-completed'".format(agent), update=True) result.affected_items.append(agent) except WazuhError as e: result.add_failed_item(id_=agent, error=e) result.affected_items.sort(key=int) result.total_affected_items = len(result.affected_items) return result
def _initialize(self): """ Calculates all Wazuh installation metadata """ # info DB if possible try: wdb_conn = WazuhDBConnection() open_ssl = wdb_conn.execute("global sql SELECT value FROM info WHERE key = 'openssl_support'")[0]['value'] self.openssl_support = open_ssl except Exception: self.openssl_support = "N/A" # Timezone info try: self.tz_offset = strftime("%z") self.tz_name = strftime("%Z") except Exception: self.tz_offset = None self.tz_name = None return self.to_dict()
def rootcheck_delete_agent(agent: str, wdb_conn: WazuhDBConnection) -> None: wdb_conn.execute(f"agent {agent} rootcheck delete", delete=True)
def test_query_lower_private(send_mock, connect_mock): mywdb = WazuhDBConnection() with pytest.raises(exception.WazuhException, match=".* 2004 .*"): mywdb.execute("Agent sql select 'test'")
def test_query_input_validation_private(send_mock, connect_mock, error_query): mywdb = WazuhDBConnection() with pytest.raises(exception.WazuhException, match=".* 2004 .*"): mywdb.execute(error_query)
def syscheck_delete_agent(agent: str, wdb_conn: WazuhDBConnection) -> None: wdb_conn.execute(f"agent {agent} sql delete from fim_entry", delete=True)