class SSHInventory():
_interval = 3600
def __init__(self):
self._tmp_conf = OssimConf(Const.CONFIG_FILE)
self.inv = Inventory()
#Implement cache with timeout?????
self.cache = []
#threading.Thread.__init__(self)
def connectDB(self):
self.db = OssimDB()
self.db.connect(self._tmp_conf["ossim_host"],
self._tmp_conf["ossim_base"],
self._tmp_conf["ossim_user"],
self._tmp_conf["ossim_pass"])
def closeDB(self):
self.db.close()
def run(self):
while True:
self.process()
time.sleep(self._interval)
def process(self):
#Check host with local credentials
hosts = self.inv.getHostWithCredentials("SSH")
def _get_db_conf(self):
# Now, complete config info from Ossim database
db = OssimDB(self[VAR_DB_HOST], self[VAR_DB_SCHEMA], self[VAR_DB_USER], self[VAR_DB_PASSWORD])
db.connect()
#Reads all the frameworkd configuration values.
#query = "select * from config where conf like 'frameworkd_%%'"
query = "select * from config"
fmk_table_values = db.exec_query(query)
for row in fmk_table_values:
self._conf[row['conf']] = row['value']
query = ''
if not self._conf.has_key(VAR_KEY_FILE):
#logger.error("Invalid value for %s int the database" % VAR_KEY_FILE)
#return
self._conf[VAR_KEY_FILE] = '/etc/ossim/framework/db_encryption_key'
keyfile = self._conf[VAR_KEY_FILE]
useEncryption = False
if os.path.isfile(keyfile):
config = ConfigParser.ConfigParser()
keyfile_fd= open(keyfile,'r')
try:
config.readfp(keyfile_fd)
self._conf[VAR_KEY] = config.get('key-value', 'key')
useEncryption = True
except Exception, e:
logger.error("Invalid key file: %s" % str(e))
finally:
class ControlPanel(threading.Thread):
def __init__(self):
self.__conf = None # ossim configuration values (ossim.conf)
self.__conn = None # cursor to ossim database
self.__rrd_path = {} # path for global, net, host and level rrds
threading.Thread.__init__(self)
def __startup(self):
# configuration values
self.__conf = OssimConf(Const.CONFIG_FILE)
# database connection
self.__conn = OssimDB()
self.__conn.connect(self.__conf["ossim_host"],
self.__conf["ossim_base"],
self.__conf["ossim_user"],
self.__conf["ossim_pass"])
# rrd paths
if self.__conf["rrdtool_path"]:
Const.RRD_BIN = os.path.join(self.__conf["rrdtool_path"],
"rrdtool")
try:
for dest in ["global", "net", "host", "level"]:
self.__rrd_path[dest] = \
os.path.join(self.__conf["mrtg_rrd_files_path"],
'%s_qualification' % (dest))
except OSError, e:
logger.error("Error reading RRD path: " + str(e))
sys.exit()
class NtopDiscovery(threading.Thread):
_interval = 100
def __init__(self):
self._tmp_conf = OssimConf(Const.CONFIG_FILE)
#Implement cache with timeout?????
self.inv = Inventory()
self.cache = []
threading.Thread.__init__(self)
def connectDB(self):
self.db = OssimDB()
self.db.connect(self._tmp_conf["ossim_host"],
self._tmp_conf["ossim_base"],
self._tmp_conf["ossim_user"],
self._tmp_conf["ossim_pass"])
def closeDB(self):
self.db.close()
def getDataFromSensor(self, ip, port):
logger.debug("Retrieving NTOP data from %s" % ip)
try:
f = urllib.urlopen("http://%s:%s/python/get.py" % (ip, port))
return f.read()
except IOError, msg:
print msg
logger.error("Error retrieving NTOP information from %s - msg:%s" %
(ip, msg))
return None
class Vulnerabilities :
def __init__ (self) :
self.__set_debug = True
self.__conf = OssimConf(Const.CONFIG_FILE)
self.__conn = OssimDB()
self.__conn.connect( self.__conf['ossim_host'],
self.__conf['ossim_base'],
self.__conf['ossim_user'],
self.__conf['ossim_pass'])
self.__id_pending = 65001
self.__id_false_positive = 65002
self.__default_incident_type = 'Nessus Vulnerability'
self.__nsr_fd = None
self.__scanner_type = None
self.__scan_time = None
self.__ticket_default_user = "******"
self.__ticket_default_closed_description = "Automatic closed of the incident"
self.__ticket_default_open_description = "Automatic open of the incident"
def process(self, nsr_file, scan_date, scan_networks, scan_hosts) :
self.__debug("Generating Incidents for found vulnerabilities")
self.__scan_time = strftime('%Y-%m-%d %H:%M:%S')
self.__scanner_type = self.__scanner_type or \
self.__conf["scanner_type"] or \
"openvas2"
try:
self.__nsr_fd = open(nsr_file)
except Exception, e:
self.__debug("Unable to open file %s: %s" % (nsr_file,e))
return
self.__parse_vulns_file()
self.__debug("Automatic close of vulnerabilities")
self.__traverse_vulns_incidents(scan_date, scan_networks, scan_hosts)
self.__debug("Generating Incidents finished ok")
def __init__(self, conf):
self.__newConfigFileTemplateName = "/etc/apache2/conf.d/ntop-%s.conf"
self.__sensorVar = "$(SENSOR_IP)"
self.__myDB = OssimDB()
self.__myDB_connected = False
self.__myconf = conf
self.__sensors = []
def __init__(self):
self.__conf = OssimConf(Const.CONFIG_FILE)
self.__db = OssimDB()
self.__stored_id = 0
self.__stored_num = 0
self.__header_id = 0
threading.Thread.__init__(self)
def __init__(self, request):
self.__request = self.parseRequest(request)
self.__responses = {}
self.__conf = OssimConf(Const.CONFIG_FILE)
self.__db = OssimDB()
threading.Thread.__init__(self)
def __startup(self):
# configuration values
self.__conf = OssimConf(Const.CONFIG_FILE)
# database connection
self.__conn = OssimDB()
self.__conn.connect(self.__conf["ossim_host"],
self.__conf["ossim_base"],
self.__conf["ossim_user"],
self.__conf["ossim_pass"])
# rrd paths
if self.__conf["rrdtool_path"]:
Const.RRD_BIN = os.path.join(self.__conf["rrdtool_path"],
"rrdtool")
try:
for dest in ["global", "net", "host", "level"]:
self.__rrd_path[dest] = \
os.path.join(self.__conf["mrtg_rrd_files_path"],
'%s_qualification' % (dest))
except OSError, e:
logger.error("Error reading RRD path: " + str(e))
sys.exit()
class Vulnerabilities:
def __init__(self):
self.__set_debug = True
self.__conf = OssimConf(Const.CONFIG_FILE)
self.__conn = OssimDB()
self.__conn.connect(self.__conf['ossim_host'],
self.__conf['ossim_base'],
self.__conf['ossim_user'],
self.__conf['ossim_pass'])
self.__id_pending = 65001
self.__id_false_positive = 65002
self.__default_incident_type = 'Nessus Vulnerability'
self.__nsr_fd = None
self.__scanner_type = None
self.__scan_time = None
self.__ticket_default_user = "******"
self.__ticket_default_closed_description = "Automatic closed of the incident"
self.__ticket_default_open_description = "Automatic open of the incident"
def process(self, nsr_file, scan_date, scan_networks, scan_hosts):
self.__debug("Generating Incidents for found vulnerabilities")
self.__scan_time = strftime('%Y-%m-%d %H:%M:%S')
self.__scanner_type = self.__scanner_type or \
self.__conf["scanner_type"] or \
"openvas2"
try:
self.__nsr_fd = open(nsr_file)
except Exception, e:
self.__debug("Unable to open file %s: %s" % (nsr_file, e))
return
self.__parse_vulns_file()
self.__debug("Automatic close of vulnerabilities")
self.__traverse_vulns_incidents(scan_date, scan_networks, scan_hosts)
self.__debug("Generating Incidents finished ok")
class ControlPanel (threading.Thread) :
def __init__ (self) :
self.__conf = None # ossim configuration values (ossim.conf)
self.__conn = None # cursor to ossim database
self.__rrd_path = {} # path for global, net, host and level rrds
threading.Thread.__init__(self)
def __startup (self) :
# configuration values
self.__conf = OssimConf (Const.CONFIG_FILE)
# database connection
self.__conn = OssimDB()
self.__conn.connect ( self.__conf["ossim_host"],
self.__conf["ossim_base"],
self.__conf["ossim_user"],
self.__conf["ossim_pass"])
# rrd paths
if self.__conf["rrdtool_path"]:
Const.RRD_BIN = os.path.join(self.__conf["rrdtool_path"], "rrdtool")
try:
for dest in [ "global", "net", "host", "level" ] :
self.__rrd_path[dest] = \
os.path.join(self.__conf["mrtg_rrd_files_path"],
'%s_qualification' % (dest))
except OSError, e:
print >>sys.stderr, "Error reading RRD path: " + e
sys.exit()
class NtopDiscovery(threading.Thread):
_interval = 100
def __init__(self):
self._tmp_conf = OssimConf (Const.CONFIG_FILE)
#Implement cache with timeout?????
self.inv = Inventory()
self.cache = []
threading.Thread.__init__(self)
def connectDB(self):
self.db = OssimDB()
self.db.connect (self._tmp_conf["ossim_host"],
self._tmp_conf["ossim_base"],
self._tmp_conf["ossim_user"],
self._tmp_conf["ossim_pass"])
def closeDB(self):
self.db.close()
def getDataFromSensor(self, ip, port):
logger.debug("Retrieving NTOP data from %s" % ip)
try:
f = urllib.urlopen("http://%s:%s/python/get.py" % (ip, port))
return f.read()
except IOError, msg:
#print msg
logger.error("Error retrieving NTOP information from %s - msg:%s" % (ip, msg))
return None
def _get_db_conf(self):
# Now, complete config info from Ossim database
db = OssimDB(self[VAR_DB_HOST], self[VAR_DB_SCHEMA], self[VAR_DB_USER], self[VAR_DB_PASSWORD])
db.connect()
#Reads all the frameworkd configuration values.
query = "select * from config"
fmk_table_values = db.exec_query(query)
for row in fmk_table_values:
self._conf[row['conf']] = row['value']
query = ''
if not self._conf.has_key(VAR_KEY_FILE):
self._conf[VAR_KEY_FILE] = '/etc/ossim/framework/db_encryption_key'
keyfile = self._conf[VAR_KEY_FILE]
useEncryption = False
if os.path.isfile(keyfile):
config = ConfigParser.ConfigParser()
keyfile_fd= open(keyfile,'r')
try:
config.readfp(keyfile_fd)
self._conf[VAR_KEY] = config.get('key-value', 'key')
useEncryption = True
except Exception, e:
logger.error("Invalid key file: %s" % str(e))
finally:
class SSHInventory:
_interval = 3600
def __init__(self):
self._tmp_conf = OssimConf(Const.CONFIG_FILE)
self.inv = Inventory()
# Implement cache with timeout?????
self.cache = []
# threading.Thread.__init__(self)
def connectDB(self):
self.db = OssimDB()
self.db.connect(
self._tmp_conf["ossim_host"],
self._tmp_conf["ossim_base"],
self._tmp_conf["ossim_user"],
self._tmp_conf["ossim_pass"],
)
def closeDB(self):
self.db.close()
def run(self):
while True:
self.process()
time.sleep(self._interval)
def process(self):
# Check host with local credentials
hosts = self.inv.getHostWithCredentials("SSH")
class ApacheNtopProxyManager:
def __init__(self, conf):
self.__newConfigFileTemplateName = "/etc/apache2/conf.d/ntop-%s.conf"
self.__sensorVar = "$(SENSOR_IP)"
self.__myDB = OssimDB()
self.__myDB_connected = False
self.__myconf = conf
self.__sensors = []
def __reloadApache(self):
logger.info("Reloading apache...")
status, output = commands.getstatusoutput('/etc/init.d/apache2 reload')
if status == 0:
logger.info("Reloading apache .... OK")
else:
logger.error("Reloading apache .... FAIL ..status code:%s" %
status)
def __getSensorList(self):
if not self.__myDB_connected:
self.__myDB.connect(self.__myconf["ossim_host"],
self.__myconf["ossim_base"],
self.__myconf["ossim_user"],
self.__myconf["ossim_pass"])
self.__myDB_connected = True
#read sensor list.
query = 'select sensor.ip from sensor join sensor_properties where sensor.ip = sensor_properties.ip and sensor_properties.has_ntop =1;'
tmp = self.__myDB.exec_query(query)
for sensor in tmp:
self.__sensors.append(sensor['ip'])
self.__myDB.close()
self.__myDB_connected = False
def __buildNtopConfigurationForSensor(self, sensor_ip):
#Create a the new file:
newfile_name = self.__newConfigFileTemplateName % sensor_ip
logger.info("Creating ntop proxy configuration %s" % newfile_name)
new_config_file = open(newfile_name, 'w')
template = open(Const.NTOP_APACHE_PROXY_TEMPLATE)
for line in template:
new_config_file.write(line.replace(self.__sensorVar, sensor_ip))
new_config_file.close()
template.close()
def refreshConfiguration(self):
#remove old configuration
status, output = commands.getstatusoutput(
' rm /etc/apache2/conf.d/ntop-*.conf')
if not os.path.isfile(Const.NTOP_APACHE_PROXY_TEMPLATE):
logger.error(
"I can't create Ntop proxy configurations. Template file: %s not exist!"
% Const.NTOP_APACHE_PROXY_TEMPLATE)
else:
self.__getSensorList()
time.sleep(1)
logger.info("Sensors are loaded")
for sensor in self.__sensors:
self.__buildNtopConfigurationForSensor(sensor)
self.__reloadApache()
def __startup (self) :
# configuration values
self.__conf = OssimConf (Const.CONFIG_FILE)
# database connection
self.__conn = OssimDB()
self.__rand = random.randrange(60, 300)
def __init__(self, conf):
self.__newConfigFileTemplateName = "/etc/apache2/conf.d/ntop-%s.conf"
self.__sensorVar = "$(SENSOR_IP)"
self.__myDB = OssimDB(conf[VAR_DB_HOST], conf[VAR_DB_SCHEMA],
conf[VAR_DB_USER], conf[VAR_DB_PASSWORD])
self.__myDB_connected = False
self.__myconf = conf
self.__sensors = {} #ip = name
self.__firstValidSensorConnected = False
class ControlManager:
def __init__(self, conf):
logger.debug("Initialising ControlManager...")
self.control_agents = {}
self.transaction_map = {}
self.__myDB = OssimDB()
self.__myDB_connected = False
self.__myconf = conf
self.__transaction_timeout = 60
self.__ntop_apache_manager = ApacheNtopProxyManager(conf)
self.__control = DoControl(self)
self.__control.start()
self.__ntop_configuration_checked = False
self.__mutexRquest = Lock()
def refreshAgentCache(self, requestor, agent_id,agent_name):
if not self.__myDB_connected:
self.__myDB.connect (self.__myconf["ossim_host"],
self.__myconf["ossim_base"],
self.__myconf["ossim_user"],
self.__myconf["ossim_pass"])
self.__myDB_connected = True
#read host list
query = 'select hostname,ip,fqdns from host where ip in (select host_ip from host_sensor_reference where sensor_name="%s");' % agent_name
tmp = self.__myDB.exec_query(query)
new_command = 'action="refresh_asset_list" list={'
sendCommand = False
for host in tmp:
host_cmd = "%s=%s," % (host['ip'],host['hostname'])
if host['fqdns'] is not None and host['fqdns'] != '':
fqdns_list = host['fqdns'].split(',')
for name in fqdns_list:
host_cmd += "%s," % name
host_cmd = host_cmd[:-1]
host_cmd+=';'
sendCommand = True
new_command += host_cmd
new_command[:-1]
new_command += '}'
# add this connection to the transaction map
#transaction = self.__transaction_id_get()
#self.transaction_map[transaction] = {'socket':requestor, 'time':time.time()}
# append the transaction to the message for tracking
if sendCommand:
if self.control_agents.has_key(agent_id):
try:
self.control_agents[agent_id].wfile.write(new_command + ' transaction="NA"\n')
logger.info("Updating asset list to agent: %s " % (agent_id))
logger.debug("Cmd: %s" % new_command)
except socket.error,e:
logger.warning("it can't send messages to :%s" % agent_id)
else:
logger.warning("No agent :%s" % agent_id)
else:
def __init__(self, conf):
logger.debug("Initialising ControlManager...")
self.control_agents = {}
self.transaction_map = {}
self.__myDB = OssimDB()
self.__myDB_connected = False
self.__myconf = conf
self.__transaction_timeout = 60
self.__control = DoControl(self)
self.__control.start()
def __init__(self):
self.__conf = OssimConf()
self.__db = OssimDB(self.__conf[VAR_DB_HOST],
self.__conf[VAR_DB_SCHEMA],
self.__conf[VAR_DB_USER],
self.__conf[VAR_DB_PASSWORD])
self.__stored_id = 0
self.__stored_num = 0
self.__header_id = 0
self.__ntop_apache_manager = ApacheNtopProxyManager(self.__conf)
self.__last_ntop_link = ""
threading.Thread.__init__(self)
def __init__(self, conf):
logger.debug("Initialising ControlManager...")
self.control_agents = {}
self.__control_agents_connection_ip_vs_sensor_ip = {}
self.transaction_map = {}
self.__myconf = conf
self.__myDB = OssimDB(conf[VAR_DB_HOST], conf[VAR_DB_SCHEMA],
conf[VAR_DB_USER], conf[VAR_DB_PASSWORD])
self.__myDB_connected = self.__myDB.connect()
self.__transaction_timeout = 60
self.__control = DoControl(self)
self.__control.start()
self.__mutexRquest = Lock()
def setUp(self):
self.__db = "test"
self.__db_user = "******"
self.__db_pass = "******"
self.__db_host = "localhost"
self.__db_query = "select"
self.__db_query_result = ["test_row1", "test_row2", "test_row3"]
self.__db_query_empty_result = []
self.__db_autocommit = True
self.__db_autocommit_default = False
self.__db_error_code = 2006
self.__db_param_query = "select where a = %s and b = %s"
self.__db_params = (1, 2)
self.__ossim_db = OssimDB(self.__db_host, self.__db, self.__db_user, self.__db_pass)
def __init__(self):
"""Default constructor.
"""
threading.Thread.__init__(self)
self.__myDB = OssimDB(_CONF[VAR_DB_HOST],
_CONF[VAR_DB_SCHEMA],
_CONF[VAR_DB_USER],
_CONF[VAR_DB_PASSWORD])
self.__myDB_connected = False
self.__keepWorking = True
#self.__mutex = Lock()
self.__bkConfig = {}
self.__loadConfiguration()
self.__stopE = threading.Event()
self.__stopE.clear()
def __init__(self, conf):
logger.debug("Initialising ControlManager...")
self.control_agents = {}
self.transaction_map = {}
self.__myconf = conf
self.__myDB = OssimDB(conf[VAR_DB_HOST],
conf[VAR_DB_SCHEMA],
conf[VAR_DB_USER],
conf[VAR_DB_PASSWORD])
self.__myDB_connected = self.__myDB.connect ()
self.__transaction_timeout = 60
self.__ntop_apache_manager = ApacheNtopProxyManager(conf)
self.__control = DoControl(self)
self.__control.start()
self.__ntop_configuration_checked = False
self.__mutexRquest = Lock()
def __init__(self):
"""Default constructor.
"""
self._tmp_conf = OssimConf ()
threading.Thread.__init__(self)
self.__active_hosts = {} #key = ip value=hostname
self.__test_create_dir(self._tmp_conf[VAR_NAGIOS_CFG])
self.__test_create_dir(os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hosts"))
self.__test_create_dir(os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "host-services"))
self.__test_create_dir(os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hostgroups"))
self.__test_create_dir(os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hostgroup-services"))
self.__dbConnection = OssimDB(self._tmp_conf[VAR_DB_HOST],
self._tmp_conf[VAR_DB_SCHEMA],
self._tmp_conf[VAR_DB_USER],
self._tmp_conf[VAR_DB_PASSWORD])
self.__dbConnected = False
def __startup(self):
# configuration values
self.__conf = OssimConf(Const.CONFIG_FILE)
# database connection
self.__conn = OssimDB()
self.__conn.connect(self.__conf["ossim_host"],
self.__conf["ossim_base"],
self.__conf["ossim_user"],
self.__conf["ossim_pass"])
# rrd paths
if self.__conf["rrdtool_path"]:
Const.RRD_BIN = os.path.join(self.__conf["rrdtool_path"],
"rrdtool")
def __init__(self, request):
self.__request = self.parseRequest(request)
self.__responses = {}
self.__conf = OssimConf(Const.CONFIG_FILE)
self.__db = OssimDB()
threading.Thread.__init__(self)
def __init__(self):
self.__conf = OssimConf(Const.CONFIG_FILE)
self.__db = OssimDB()
self.__stored_id = 0
self.__stored_num = 0
self.__header_id = 0
threading.Thread.__init__(self)
def __startup (self) :
# configuration values
self.__conf = OssimConf ()
self.__rddbinary = self.__conf[VAR_RRD_BINARY]
self.__interval = 300
try:
self.__interval = int(self.__conf[VAR_RRD_TIME_PERIOD])
except ValueError:
logger.error("Invalid value for %s" % VAR_RRD_TIME_PERIOD)
# database connection
self.__conn = OssimDB(self.__conf[VAR_DB_HOST],
self.__conf[VAR_DB_SCHEMA],
self.__conf[VAR_DB_USER],
self.__conf[VAR_DB_PASSWORD])
self.__conn.connect ()
def __startup (self):
self._CONF = OssimConf(Const.CONFIG_FILE)
self._DB = OssimDB()
self._DB.connect(self._CONF['ossim_host'],
self._CONF['ossim_base'],
self._CONF['ossim_user'],
self._CONF['ossim_pass'])
def connectDB(self):
self.db = OssimDB()
self.db.connect(
self._tmp_conf["ossim_host"],
self._tmp_conf["ossim_base"],
self._tmp_conf["ossim_user"],
self._tmp_conf["ossim_pass"],
)
def __init__(self):
self.__set_debug = True
self.__conf = OssimConf(Const.CONFIG_FILE)
self.__conn = OssimDB()
self.__conn.connect(self.__conf['ossim_host'],
self.__conf['ossim_base'],
self.__conf['ossim_user'],
self.__conf['ossim_pass'])
self.__id_pending = 65001
self.__id_false_positive = 65002
self.__default_incident_type = 'Nessus Vulnerability'
self.__nsr_fd = None
self.__scanner_type = None
self.__scan_time = None
self.__ticket_default_user = "******"
self.__ticket_default_closed_description = "Automatic closed of the incident"
self.__ticket_default_open_description = "Automatic open of the incident"
def __init__(self, conf):
self.__newConfigFileTemplateName = "/etc/apache2/conf.d/ntop-%s.conf"
self.__sensorVar = "$(SENSOR_IP)"
self.__myDB = OssimDB()
self.__myDB_connected = False
self.__myconf = conf
self.__sensors = {} #ip = name
self.__firstValidSensorConnected = False
def __get_latest_scan_dates(self):
scan_date_array = {}
tmp_conf = OssimConf (Const.CONFIG_FILE)
tmp_conn = None
self.__debug("Getting latest scan dates")
tmp_conn = OssimDB()
tmp_conn.connect ( tmp_conf["ossim_host"],
tmp_conf["ossim_base"],
tmp_conf["ossim_user"],
tmp_conf["ossim_pass"])
query = "SELECT hostvul.ip as ip, date_format(hostvul.scan_date,\"%Y%m%d%H%i%s\") as scan_date FROM (SELECT ip, max(scan_date) AS mymax FROM host_vulnerability group by ip) AS myvul, host_vulnerability AS hostvul WHERE hostvul.ip=myvul.ip AND hostvul.scan_date=myvul.mymax"
hash = tmp_conn.exec_query(query)
for row in hash:
scan_date_array[row["ip"]] = row["scan_date"]
return scan_date_array
def __check_sensor_ip(self, addr):
"""
Checks if the request is coming from a sensor.
Args:
addr: tuple with ip address and port of the request
Returns:
True if address corresponds to a sensor, false otherwise.
"""
try:
conf = OssimConf()
myDB = OssimDB(conf[VAR_DB_HOST], conf[VAR_DB_SCHEMA],
conf[VAR_DB_USER], conf[VAR_DB_PASSWORD])
myDB_connected = myDB.connect()
except Exception, msg:
# Cannot connect to database, return false.
logger.warning("Cannot find registered sensors: %s" % str(msg))
return False
def _get_db_conf(self):
# Now, complete config info from Ossim database
#
from OssimDB import OssimDB
db = OssimDB()
db.connect(self["ossim_host"], self["ossim_base"], self["ossim_user"],
self["ossim_pass"])
query = ''
useEncryption = False
if self["encryptionKey"]:
query = "SELECT * FROM config where conf not like '%%_pass%%'"
useEncryption = True
else:
query = "SELECT * FROM config"
hash = db.exec_query(query)
for row in hash:
# values declared at config file override the database ones
if row["conf"] not in self._conf:
self[row["conf"]] = row["value"]
#Now read pass
nones_list = []
if useEncryption:
logger.debug("using key: %s" % self['encryptionKey'])
hash = db.exec_query(
"SELECT *, AES_DECRYPT(value,'%s') as dvalue FROM config where conf like '%%_pass%%'"
% self["encryptionKey"])
for row in hash:
# values declared at config file override the database ones
if row["conf"] not in self._conf:
logger.debug("PASSWD Row: %s Value:%s " %
(row["conf"], row["dvalue"]))
if row["dvalue"] is not None:
self[row["conf"]] = row["dvalue"]
else:
nones_list.append(row["conf"])
if len(nones_list) > 0:
logger.debug("Reading without decryption....")
hash = db.exec_query(
"SELECT * FROM config where conf like '%%_pass%%'")
for row in hash:
self[row["conf"]] = row["value"]
logger.debug(
"Reading pass without decrypt Row: %s Value:%s " %
(row["conf"], row["value"]))
db.close()
def __init__(self):
self.__conf = OssimConf(Const.CONFIG_FILE)
self.__db = OssimDB()
self.__stored_id = 0
self.__stored_num = 0
self.__header_id = 0
self.__ntop_apache_manager = ApacheNtopProxyManager(self.__conf)
self.__last_ntop_link = ""
threading.Thread.__init__(self)
def __check_sensor_ip(self, addr):
"""
Checks if the request is coming from a sensor.
Args:
addr: tuple with ip address and port of the request
Returns:
True if address corresponds to a sensor, false otherwise.
"""
try:
conf = OssimConf()
myDB = OssimDB(conf[VAR_DB_HOST],
conf[VAR_DB_SCHEMA],
conf[VAR_DB_USER],
conf[VAR_DB_PASSWORD])
myDB_connected = myDB.connect ()
except Exception, msg:
# Cannot connect to database, return false.
logger.warning("Cannot find registered sensors: %s" % str(msg))
return False
def __init__(self):
self.__conf = OssimConf()
self.__db = OssimDB(self.__conf[VAR_DB_HOST],
self.__conf[VAR_DB_SCHEMA],
self.__conf[VAR_DB_USER],
self.__conf[VAR_DB_PASSWORD])
self.__stored_id = 0
self.__stored_num = 0
self.__header_id = 0
threading.Thread.__init__(self)
def __startup (self) :
# configuration values
self.__conf = OssimConf (Const.CONFIG_FILE)
# database connection
self.__conn = OssimDB()
self.__conn.connect ( self.__conf["ossim_host"],
self.__conf["ossim_base"],
self.__conf["ossim_user"],
self.__conf["ossim_pass"])
def __startup (self) :
# configuration values
self.__conf = OssimConf (Const.CONFIG_FILE)
# database connection
self.__conn = OssimDB()
self.__conn.connect ( self.__conf["ossim_host"],
self.__conf["ossim_base"],
self.__conf["ossim_user"],
self.__conf["ossim_pass"])
self.__snort_conn = OssimDB()
self.__snort_conn.connect ( self.__conf["snort_host"],
self.__conf["snort_base"],
self.__conf["snort_user"],
self.__conf["snort_pass"])
# rrd paths
if self.__conf["rrdtool_path"]:
Const.RRD_BIN = os.path.join(self.__conf["rrdtool_path"], "rrdtool")
def __init__(self):
# configure logging, databases (alienvault + osvdb)
self.logger = Logger.logger
_CONF = OssimConf()
_OSVDB = "osvdb"
self._DB = OssimDB(_CONF[VAR_DB_HOST], _CONF[VAR_DB_SCHEMA],
_CONF[VAR_DB_USER], _CONF[VAR_DB_PASSWORD])
self._osvdb = OssimDB(_CONF[VAR_DB_HOST], _OSVDB, _CONF[VAR_DB_USER],
_CONF[VAR_DB_PASSWORD])
# connect databases
avbool = self._DB.connect()
osvbool = self._osvdb.connect()
if not avbool:
self.logger.error(
"[vcad][x] error connecting to database alienvault")
if not osvbool:
self.logger.error("[vcad][x] error connecting to database osvdb")
self.invertedIndex = InvertedIndex.InvertedIndex()
self.logger.info("[vcad][+] init complete.")
return
def __init__(self):
self.__conf = OssimConf()
self.__db = OssimDB(self.__conf[VAR_DB_HOST],
self.__conf[VAR_DB_SCHEMA],
self.__conf[VAR_DB_USER],
self.__conf[VAR_DB_PASSWORD])
self.__stored_id = 0
self.__stored_num = 0
self.__header_id = 0
self.__ntop_apache_manager = ApacheNtopProxyManager(self.__conf)
self.__last_ntop_link = ""
threading.Thread.__init__(self)
def get_nets(self, netgroups, nets):
netgroups_l = netgroups.split(",")
nets_l = []
if not nets == "":
nets_l = nets.split(",")
net_list = []
tmp_conf = OssimConf (Const.CONFIG_FILE)
tmp_conn = None
tmp_conn = OssimDB()
tmp_conn.connect ( tmp_conf["ossim_host"],
tmp_conf["ossim_base"],
tmp_conf["ossim_user"],
tmp_conf["ossim_pass"])
for group in netgroups_l:
self.__debug(group)
query = "SELECT * FROM net_group_reference where net_group_name='%s'" % group
hash = tmp_conn.exec_query(query)
for row in hash:
if not row["net_name"] in net_list:
net_list.append(row["net_name"])
for net in nets_l:
if not net in net_list:
net_list.append(net)
tmp_conn.close()
return net_list
class OptimizeDB (threading.Thread):
def __init__ (self) :
self.__conf = None
self.__conn = None
self.__sleep = 86400
self.__rand = 60
threading.Thread.__init__(self)
def __startup (self) :
# configuration values
self.__conf = OssimConf (Const.CONFIG_FILE)
# database connection
self.__conn = OssimDB()
self.__rand = random.randrange(60, 300)
def __cleanup (self) :
self.__conn.close()
def optimize (self, host, base, user, password):
self.__conn.connect (host , base, user, password)
print __name__, "Optimizing tables for database: %s" % base;
query = "SHOW TABLES;";
try:
hash = self.__conn.exec_query(query)
except Exception, e:
print __name__, \
': Error executing query (%s) """%s"""' % (query, e)
return []
hash = self.__conn.exec_query(query)
for row in hash:
print __name__, \
"Optimizing %s.%s" % (base, row["tables_in_" + base])
query = "OPTIMIZE TABLE `%s`;" % row["tables_in_" + base]
hash = self.__conn.exec_query(query)
def get_sheduler_list_by_id (self, id, type) :
tmp_conf = OssimConf (Const.CONFIG_FILE)
tmp_conn = None
self.__debug("Getting %s from policy id %d" % (type,int(id)))
list = []
tmp_conn = OssimDB()
tmp_conn.connect ( tmp_conf["ossim_host"],
tmp_conf["ossim_base"],
tmp_conf["ossim_user"],
tmp_conf["ossim_pass"])
query = "SELECT * FROM plugin_scheduler_%s_reference where plugin_scheduler_id = %d" % (type,int(id))
hash = tmp_conn.exec_query(query)
if type == "host":
col = "ip"
else:
col = "%s_name" % type
for row in hash:
list.append(row[col])
print list
tmp_conn.close()
return list
def __init__(self, conf):
logger.debug("Initialising ControlManager...")
self.control_agents = {}
self.transaction_map = {}
self.__myDB = OssimDB()
self.__myDB_connected = False
self.__myconf = conf
self.__transaction_timeout = 60
self.__ntop_apache_manager = ApacheNtopProxyManager(conf)
self.__control = DoControl(self)
self.__control.start()
self.__ntop_configuration_checked = False
self.__mutexRquest = Lock()
def __init__(self):
threading.Thread.__init__(self)
self.__status = DoRestore.STATUS_OK
self.__keepWorking = True
self.__myDB = OssimDB(_CONF[VAR_DB_HOST],
_CONF[VAR_DB_SCHEMA],
_CONF[VAR_DB_USER],
_CONF[VAR_DB_PASSWORD])
self.__myDB_connected = False
self.__bkConfig = {}
self.__loadConfiguration()
self.__resetJobParams()
self.__mutex = Lock()
self.__mutexPurge = Lock()
self.__tables = ['acid_event',
'reputation_data',
'idm_data',
'extra_data',]
#'ac_acid_event',]#Changes #4376
#'ac_alerts_signature',
#'ac_sensor_sid']
self.__msgerror = ""
self.__purgeStatus = DoRestore.PURGE_STATUS_OK
def __init__ (self, conf, id):
self.__id = id
self.__default = {}
self.__ops = {}
logger.info ("Setting up new WS handler for id '%s'" % id)
# Read the configuration from the database.
db = OssimDB (conf[VAR_DB_HOST], "alienvault", conf[VAR_DB_USER], conf[VAR_DB_PASSWORD])
db.connect()
# Sanitize the id param. Exactly we need 32 hex characters
if re.match(r'^[a-fA-F0-9]{32}$',self.__id) == None:
raise Exception('Bad webservice id')
data = db.exec_query ("SELECT HEX(id), type, name, url, namespace, user, pass FROM alienvault.webservice WHERE id = UNHEX('%s')" % self.__id)
if data != []:
ws_config = data[0]
else:
raise Exception('Id %s does not match a valid webservice' % id)
ws_default = db.exec_query ("SELECT field, value FROM alienvault.webservice_default WHERE ws_id = UNHEX('%s')" % self.__id)
if ws_default != []:
for item in ws_default:
self.__default[item['field']] = item['value']
ws_oper = db.exec_query ("SELECT op, type, attrs FROM alienvault.webservice_operation WHERE ws_id = UNHEX('%s')" % self.__id)
if ws_oper == []:
raise Exception('Id %s does not match a valid webservice' % id)
for item in ws_oper:
self.__ops[item['type']] = {'op': item['op'], 'attrs': [x.replace(' ', '') for x in item['attrs'].split(',')]}
# Connect to the WS.
self.__server = Client(ws_config['url'])
# Authenticate if needed (This may be Remedy specific!!!)
authinfo_field = ''
username_field = ''
password_field = ''
authentication_field = ''
locale_field = ''
timezone_field = ''
try:
auth_op = self.__ops['auth']
except KeyError:
pass
else:
authinfo_field = auth_op['op']
[username_field, password_field, authentication_field, locale_field, timezone_field] = auth_op['attrs']
token = self.__server.factory.create(authinfo_field)
token.__setitem__(username_field, ws_config['user'])
token.__setitem__(password_field, ws_config['pass'])
# token.__setitem__(authentication_field, ws_config['auth'])
# token.__setitem__(locale_field, ws_config['locale'])
# token.__setitem__(timezone_field, ws_config['tz'])
self.__server.set_options(soapheaders=token)
def __init__(self):
# configure logging, databases (alienvault + osvdb)
self.logger = Logger.logger
_CONF = OssimConf()
_OSVDB = "osvdb"
self._DB = OssimDB(_CONF[VAR_DB_HOST],
_CONF[VAR_DB_SCHEMA],
_CONF[VAR_DB_USER],
_CONF[VAR_DB_PASSWORD])
self._osvdb = OssimDB(_CONF[VAR_DB_HOST],
_OSVDB,
_CONF[VAR_DB_USER],
_CONF[VAR_DB_PASSWORD])
# connect databases
avbool = self._DB.connect()
osvbool = self._osvdb.connect()
if not avbool:
self.logger.error("[vcad][x] error connecting to database alienvault")
if not osvbool:
self.logger.error("[vcad][x] error connecting to database osvdb")
self.invertedIndex = InvertedIndex.InvertedIndex()
self.logger.info("[vcad][+] init complete.")
return
def __init__(self):
"""Default constructor.
"""
self._tmp_conf = OssimConf()
threading.Thread.__init__(self)
self.__active_hosts = {} # key = ip, value = hostname
self.__test_create_dir(self._tmp_conf[VAR_NAGIOS_CFG])
self.__test_create_dir(
os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hosts"))
self.__test_create_dir(
os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "host-services"))
self.__test_create_dir(
os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hostgroups"))
self.__test_create_dir(
os.path.join(self._tmp_conf[VAR_NAGIOS_CFG], "hostgroup-services"))
self.__dbConnection = OssimDB(self._tmp_conf[VAR_DB_HOST],
self._tmp_conf[VAR_DB_SCHEMA],
self._tmp_conf[VAR_DB_USER],
self._tmp_conf[VAR_DB_PASSWORD])
self.__dbConnected = False
# Set default value for Nagios activity diff and check it in cache.
self.__prevhash = 0
self.__get_nagios_activity_diff()
def _get_db_conf(self):
# Now, complete config info from Ossim database
#
from OssimDB import OssimDB
db = OssimDB()
db.connect(self["ossim_host"],
self["ossim_base"],
self["ossim_user"],
self["ossim_pass"])
query = ''
useEncryption = False
if self["encryptionKey"]:
query = "SELECT * FROM config where conf not like '%%_pass%%'"
useEncryption = True
else:
query = "SELECT * FROM config"
hash = db.exec_query(query)
for row in hash:
# values declared at config file override the database ones
if row["conf"] not in self._conf:
self[row["conf"]] = row["value"]
#Now read pass
nones_list = []
if useEncryption:
logger.debug("using key: %s" % self['encryptionKey'])
hash = db.exec_query("SELECT *, AES_DECRYPT(value,'%s') as dvalue FROM config where conf like '%%_pass%%'" % self["encryptionKey"])
for row in hash:
# values declared at config file override the database ones
if row["conf"] not in self._conf:
logger.debug("PASSWD Row: %s Value:%s " %(row["conf"],row["dvalue"]))
if row["dvalue"]is not None:
self[row["conf"]] = row["dvalue"]
else:
nones_list.append(row["conf"])
if len(nones_list) > 0:
logger.debug("Reading without decryption....")
hash = db.exec_query("SELECT * FROM config where conf like '%%_pass%%'")
for row in hash:
self[row["conf"]] = row["value"]
logger.debug("Reading pass without decrypt Row: %s Value:%s " %(row["conf"],row["value"]))
db.close()
def __init__(self, conf):
logger.debug("Initialising ControlManager...")
self.control_agents = {}
self.__control_agents_connection_ip_vs_sensor_ip = {}
self.transaction_map = {}
self.__myconf = conf
self.__myDB = OssimDB(conf[VAR_DB_HOST],
conf[VAR_DB_SCHEMA],
conf[VAR_DB_USER],
conf[VAR_DB_PASSWORD])
self.__myDB_connected = self.__myDB.connect()
self.__transaction_timeout = 60
self.__control = DoControl(self)
self.__control.start()
self.__mutexRequest = Lock()
def make_nagios_changes(self):
port = None
db = OssimDB()
db.connect (self._tmp_conf["ossim_host"],
self._tmp_conf["ossim_base"],
self._tmp_conf["ossim_user"],
self._tmp_conf["ossim_pass"])
query="select port from host_services where (protocol=6 or protocol=0) and nagios=1 group by port"
services=db.exec_query(query)
path = os.path.join(self._tmp_conf['nagios_cfgs'], "host-services")
for fi in os.listdir(path):
os.remove(os.path.join(path, fi))
path = os.path.join(self._tmp_conf['nagios_cfgs'], "hostgroup-services")
for fi in os.listdir(path):
os.remove(os.path.join(path, fi))
i = 0
for port in services:
i+=1
query = "select h.hostname, hs.service_type from host_services hs, host_scan h_sc, host h where (hs.protocol=6 or hs.protocol=0) and hs.port=%s and hs.ip=h_sc.host_ip and h_sc.plugin_id=2007 and hs.nagios=1 and h.ip=inet_ntoa(hs.ip) group by h.ip order by h.ip" % port['port']
hosts = db.exec_query(query)
list = ""
for host in hosts:
if list != "":
list += ","
list += host['hostname']
if list != "":
k = nagios_host_service(list, port['port'], host['service_type'], "check_tcp!%d" % port['port'], "0", self._tmp_conf)
k.select_command()
k.write()
hg = nagios_host_group_service(self.serv_port(port['port']),self.serv_name(port['port']),list,self._tmp_conf)
hg.write()
if port is not None and port in services:
logger.debug("Changes where applied! Reloading Nagios config.")
self.reload_nagios()
db.close()
def get_hostlist_from_hg(self,hgname):
query="select host_ip from host_group_reference where host_group_name = '%s'" % hgname
db = OssimDB()
db.connect (self._tmp_conf["ossim_host"],
self._tmp_conf["ossim_base"],
self._tmp_conf["ossim_user"],
self._tmp_conf["ossim_pass"])
data = db.exec_query(query)
db.close()
return data
