Пример #1
0
    def __generate_blocked_output(self, config_file, plugin, plugin_data, sections, error_msg):
        # Parse the plugin configuration file.
        checks = {}
        if config_file:
            try:
                data = {'filename': '', 'command': ''}
                for section in sections:
                    if section != 'properties':
                        pass
                    else:
                        items = dict(config_file.items(section))
                        if 'type' in plugin_data.keys() and plugin_data['type'] == "file":
                            data['filename'] = items['filename']
                        elif plugin_data and plugin_data['type'] == "command":
                            data['command'] = items['command']
                        break

                for section in sections:
                    if section != 'properties':
                        items = dict(config_file.items(section))
                        aux_app_type = []
                        for x in items['appliance_type'].split(','):
                            aux_app_type += Wildcard.appliance_exec(x.strip())
                        if self.__alienvault_config['hw_profile'].lower() not in aux_app_type:
                            continue
                        if 'type' in plugin_data.keys() and plugin_data['type'] == "db":
                            try:
                                data['command'] = "echo '%s;' | ossim-db" % items['query']
                            except Exception:
                                pass
                        elif 'type' in plugin_data.keys() and plugin_data['type'] == "file":
                            try:
                                data['command'] = "cat %s" % data['filename']
                            except Exception:
                                pass

                        checks[section] = {'result': 'blocked',
                                           'detail': error_msg,
                                           'description': items['description'],
                                           'command': data['command'],
                                           'severity': items['severity']}

                # No checks for this plugin in the current appliance --> do not return plugin details
                if not checks:
                    return

            except Exception as e:
                checks = {}

        self.__summary[plugin] = {'result': 'blocked',
                                  'summary': error_msg,
                                  'checks': checks}
Пример #2
0
    def __init__(self, plugin, section):

        # 'check' properties.
        self.__name = ''
        self.__type = ''
        self.__pattern = ''
        self.__category = ''
        self.__description = ''
        self.__summary_passed = ''
        self.__summary_failed = ''
        self.__remediation = ''
        self.__plugin = None

        # 'file' type checks only.
        self.__checksums = []

        # 'file' and 'command' checks.
        self.__regex = None

        # 'db' type checks.
        self.__query = ''
        self.__pivot = False

        self.__introduced = ''
        self.__output = ''
        self.__formatted_output = ''
        self.__appliance_type = []
        self.__fail_if_empty = True
        self.__fail_if_empty_output = ''
        self.__fail_only_if_all_failed = False
        self.__split_by_comma = False
        self.__ha_dependant = False
        self.__severity = 'Warning'
        self.__conditions = {'basic': [], 'set': []}
        self.__actions = []
        self.__aux_data = {}
        self.__strike_zone = False
        self.__version_type = ''

        config_file = plugin.get_config_file()

        self.__name = section
        self.__plugin = plugin

        # Parse section options.
        # Different sections or check 'types' are mutually exclusive.
        items = config_file.items(section)

        try:
            # Retrieve first the formatted_output field
            for (name, value) in items:
                if name == 'formatted_output':
                    self.__formatted_output = value.replace("{nl}", "\n")
                    items.remove((name, value))
                    break

            # Now the rest
            for (name, value) in items:
                if name == 'checksum':
                    self.__type = name
                    self.__checksums = [
                        tuple(x.split(':')) for x in value.split(';')
                    ]
                elif name == 'pattern':
                    self.__type = name
                    self.__pattern = str(value)
                    value = Wildcard.av_config(value, escape=True)
                    self.__regex = re.compile(value, re.MULTILINE)
                elif name == 'query':
                    self.__type = name
                    if value.startswith("@pivot@:"):
                        self.__query = value[8:]
                        self.__pivot = True
                    else:
                        self.__query = value
                    self.__query = Wildcard.av_config(self.__query,
                                                      escape=True)
                elif name == 'hardware':
                    self.__type = name
                    self.__hw_list = value
                elif name == 'category':
                    self.__category = value
                elif name == 'fail_if_empty':
                    if value in ['True', 'False']:
                        self.__fail_if_empty = eval(value)
                elif name == 'fail_if_empty_output':
                    self.__fail_if_empty_output = value
                elif name == 'fail_only_if_all_failed':
                    if value in ['True', 'False']:
                        self.__fail_only_if_all_failed = eval(value)
                elif name == 'split_by_comma':
                    if value in ['True', 'False']:
                        self.__split_by_comma = eval(value)
                elif name == 'ha_dependant':
                    if value in ['True', 'False']:
                        self.__ha_dependant = eval(value)
                elif name == 'version_type':
                    self.__version_type = value
                elif name == 'severity':
                    if value in default.severity:
                        self.__severity = value
                elif name == 'min_doctor_version':
                    self.__min_doctor_version = value
                elif name == 'appliance_type':
                    for x in value.split(','):
                        self.__appliance_type += Wildcard.appliance_exec(
                            x.strip())
                elif name == 'conditions':
                    self.__init_conditions__(value)
                elif name == 'actions':
                    self.__init_actions__(value)
                elif name == 'description':
                    self.__description = value
                elif name == 'summary_passed':
                    self.__summary_passed = value
                elif name == 'summary_failed':
                    self.__summary_failed = value
                elif name == 'remediation':
                    self.__remediation = value
                elif name == 'affects_strike_zone':
                    if value in ['True', 'False']:
                        self.__strike_zone = eval(value)
                else:
                    Output.warning('Unknown field in check "%s": %s' %
                                   (self.__name, name))
        except CheckError:
            raise
        except Exception, msg:
            Output.error('Cannot parse check "%s" in plugin "%s": %s' %
                         (self.__name, self.__plugin.get_name(), msg))
            raise
Пример #3
0
    def __generate_blocked_output(self, config_file, plugin, plugin_data,
                                  sections, error_msg):
        # Parse the plugin configuration file.
        checks = {}
        if config_file:
            try:
                data = {'filename': '', 'command': ''}
                for section in sections:
                    if section != 'properties':
                        pass
                    else:
                        items = dict(config_file.items(section))
                        if 'type' in plugin_data.keys(
                        ) and plugin_data['type'] == "file":
                            data['filename'] = items['filename']
                        elif plugin_data and plugin_data['type'] == "command":
                            data['command'] = items['command']
                        break

                for section in sections:
                    if section != 'properties':
                        items = dict(config_file.items(section))
                        aux_app_type = []
                        for x in items['appliance_type'].split(','):
                            aux_app_type += Wildcard.appliance_exec(x.strip())
                        if self.__alienvault_config['hw_profile'].lower(
                        ) not in aux_app_type:
                            continue
                        if 'type' in plugin_data.keys(
                        ) and plugin_data['type'] == "db":
                            try:
                                data[
                                    'command'] = "echo '%s;' | ossim-db" % items[
                                        'query']
                            except Exception:
                                pass
                        elif 'type' in plugin_data.keys(
                        ) and plugin_data['type'] == "file":
                            try:
                                data['command'] = "cat %s" % data['filename']
                            except Exception:
                                pass

                        checks[section] = {
                            'result': 'blocked',
                            'detail': error_msg,
                            'description': items['description'],
                            'command': data['command'],
                            'severity': items['severity']
                        }

                # No checks for this plugin in the current appliance --> do not return plugin details
                if not checks:
                    return

            except Exception as e:
                checks = {}

        self.__summary[plugin] = {
            'result': 'blocked',
            'summary': error_msg,
            'checks': checks
        }
Пример #4
0
    def __init__(self, plugin, section):

        # 'check' properties.
        self.__name = ''
        self.__type = ''
        self.__pattern = ''
        self.__category = ''
        self.__description = ''
        self.__summary_passed = ''
        self.__summary_failed = ''
        self.__remediation = ''
        self.__plugin = None

        # 'file' type checks only.
        self.__checksums = []

        # 'file' and 'command' checks.
        self.__regex = None

        # 'db' type checks.
        self.__query = ''
        self.__pivot = False

        self.__introduced = ''
        self.__output = ''
        self.__formatted_output = ''
        self.__appliance_type = []
        self.__fail_if_empty = True
        self.__fail_if_empty_output = ''
        self.__fail_only_if_all_failed = False
        self.__split_by_comma = False
        self.__ha_dependant = False
        self.__severity = 'Warning'
        self.__conditions = {'basic': [], 'set': []}
        self.__actions = []
        self.__aux_data = {}
        self.__strike_zone = False
        self.__version_type = ''

        config_file = plugin.get_config_file()

        self.__name = section
        self.__plugin = plugin

        # Parse section options.
        # Different sections or check 'types' are mutually exclusive.
        items = config_file.items(section)

        try:
            # Retrieve first the formatted_output field
            for (name, value) in items:
                if name == 'formatted_output':
                    self.__formatted_output = value.replace("{nl}", "\n")
                    items.remove((name, value))
                    break

            # Now the rest
            for (name, value) in items:
                if name == 'checksum':
                    self.__type = name
                    self.__checksums = [tuple(x.split(':')) for x in value.split(';')]
                elif name == 'pattern':
                    self.__type = name
                    self.__pattern = str(value)
                    value = Wildcard.av_config(value, escape=True)
                    self.__regex = re.compile(value, re.MULTILINE)
                elif name == 'query':
                    self.__type = name
                    if value.startswith("@pivot@:"):
                        self.__query = value[8:]
                        self.__pivot = True
                    else:
                        self.__query = value
                    self.__query = Wildcard.av_config(self.__query, escape=True)
                elif name == 'hardware':
                    self.__type = name
                    self.__hw_list = value
                elif name == 'category':
                    self.__category = value
                elif name == 'fail_if_empty':
                    if value in ['True', 'False']:
                        self.__fail_if_empty = eval(value)
                elif name == 'fail_if_empty_output':
                    self.__fail_if_empty_output = value
                elif name == 'fail_only_if_all_failed':
                    if value in ['True', 'False']:
                        self.__fail_only_if_all_failed = eval(value)
                elif name == 'split_by_comma':
                    if value in ['True', 'False']:
                        self.__split_by_comma = eval(value)
                elif name == 'ha_dependant':
                    if value in ['True', 'False']:
                        self.__ha_dependant = eval(value)
                elif name == 'version_type':
                    self.__version_type = value
                elif name == 'severity':
                    if value in default.severity:
                        self.__severity = value
                elif name == 'min_doctor_version':
                    self.__min_doctor_version = value
                elif name == 'appliance_type':
                    for x in value.split(','):
                        self.__appliance_type += Wildcard.appliance_exec(x.strip())
                elif name == 'conditions':
                    self.__init_conditions__(value)
                elif name == 'actions':
                    self.__init_actions__(value)
                elif name == 'description':
                    self.__description = value
                elif name == 'summary_passed':
                    self.__summary_passed = value
                elif name == 'summary_failed':
                    self.__summary_failed = value
                elif name == 'remediation':
                    self.__remediation = value
                elif name == 'affects_strike_zone':
                    if value in ['True', 'False']:
                        self.__strike_zone = eval(value)
                else:
                    Output.warning('Unknown field in check "%s": %s' % (self.__name, name))
        except CheckError:
            raise
        except Exception, msg:
            Output.error('Cannot parse check "%s" in plugin "%s": %s' % (self.__name, self.__plugin.get_name(), msg))
            raise