def ansible_run_async_reconfig(system_ip, log_file="/var/log/alienvault/update/system_reconfigure.log"): """Runs an asynchronous reconfigure on the given system Args: system_ip(str): The system_ip of the system to configure. log_file(str): The path where the the alienvault-reconfig command should throw the logs. Returns: (boolean, str): A tuple containing the result of the execution. On success msg will be the remote log file. Examples: >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log") (True,"/var/log/alienvault/update/update.log") >>> ansible_run_async_update("192.168.5.999","/var/log/alienvault/update/update.log") (False, "Something wrong happened while running ansible command {'192.168.1.198': {'unreachable': 1, 'skipped': 0, 'ok': 0, 'changed': 0, 'failures': 0}}") """ log_file = "/var/log/alienvault/update/" + \ "system_reconfigure_%10.2f.log" % time.time() evars = {"target": "%s" % system_ip, "log_file": "%s" % log_file} ansible_purge_logs(system_ip, 'reconfigure') response = ansible.run_playbook(playbook=PLAYBOOKS['ASYNC_RECONFIG'], host_list=[system_ip], extra_vars=evars, use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, msg return success, log_file
def connect_tunnel(system_ip, case_id): """ Connect to :system_ip: and enable the reverse tunnel with case :case_id: """ evars = { 'ca_root': '/etc/ansible/playbooks/cacert.pem', 'remote_server': 'tractorbeam.alienvault.com', 'remote_port': '443', 'remote_user': '******', 'case_id': case_id, 'target': system_ip } response = ansible.run_playbook(playbook=PLAYBOOKS['ENABLE_TUNNEL'], host_list=[system_ip], extra_vars=evars, use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: # Log all the error to api_log # First api_log.error("ERROR: ansible.run_playbook " + msg) try: err = response['alienvault']['lasterror'] if type(err) == dict: return False, response['alienvault']['lasterror'][system_ip][ 'msg'] else: return False, msg except KeyError: return False, msg else: return True, ''
def connect_tunnel(system_ip, case_id): """ Connect to :system_ip: and enable the reverse tunnel with case :case_id: """ evars = {'ca_root': '/etc/ansible/playbooks/cacert.pem', 'remote_server': 'tractorbeam.alienvault.com', 'remote_port': '443', 'remote_user': '******', 'case_id': case_id, 'target': system_ip} response = ansible.run_playbook(playbook=PLAYBOOKS['ENABLE_TUNNEL'], host_list=[system_ip], extra_vars=evars, use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: # Log all the error to api_log # First api_log.error("ERROR: ansible.run_playbook " + msg) try: err = response['alienvault']['lasterror'] if type(err) == dict: return False, response['alienvault']['lasterror'][system_ip]['msg'] else: return False, msg except KeyError: return False, msg else: return True, ''
def ansible_run_async_update( system_ip, log_file="/var/log/alienvault/update/system_update.log", only_feed=False, update_key=""): """Runs an asynchronous update on the given system Args: system_ip(str): The system_ip of the system to update. log_file(str): The path where the the alienvault-update command should throw the logs. only_feed(boolean): Update only the feed update_key(str): Upgrade key Returns: (boolean, str): A tuple containing the result of the execution. On success msg will be the remote log file. Examples: >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log") (True,"/var/log/alienvault/update/update.log") >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log",only_feed=True) (True,"/var/log/alienvault/update/update.log") >>> ansible_run_async_update("192.168.5.999","/var/log/alienvault/update/update.log") (False, "Something wrong happened while running ansible command {'192.168.1.198': {'unreachable': 1, 'skipped': 0, 'ok': 0, 'changed': 0, 'failures': 0}}") """ log_file = "/var/log/alienvault/update/" + \ "system_update_%10.2f.log" % time.time() if only_feed: log_file = "/var/log/alienvault/update/" + \ "system_update_feed_%10.2f.log" % time.time() if update_key != "": log_file = "/var/log/alienvault/update/" + \ "system_update_uc_%10.2f.log" % time.time() evars = { "target": "%s" % system_ip, "log_file": "%s" % log_file, "only_feed": only_feed, "update_key": update_key } ansible_purge_logs(system_ip, 'update') response = ansible.run_playbook(playbook=PLAYBOOKS['ASYNC_UPDATE'], host_list=[system_ip], extra_vars=evars, use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, msg return success, log_file
def ansible_run_async_update(system_ip, log_file="/var/log/alienvault/update/system_update.log", only_feed=False, update_key=""): """Runs an asynchronous update on the given system Args: system_ip(str): The system_ip of the system to update. log_file(str): The path where the the alienvault-update command should throw the logs. only_feed(boolean): Update only the feed update_key(str): Upgrade key Returns: (boolean, str): A tuple containing the result of the execution. On success msg will be the remote log file. Examples: >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log") (True,"/var/log/alienvault/update/update.log") >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log",only_feed=True) (True,"/var/log/alienvault/update/update.log") >>> ansible_run_async_update("192.168.5.999","/var/log/alienvault/update/update.log") (False, "Something wrong happened while running ansible command {'192.168.1.198': {'unreachable': 1, 'skipped': 0, 'ok': 0, 'changed': 0, 'failures': 0}}") """ log_file = "/var/log/alienvault/update/" + \ "system_update_%10.2f.log" % time.time() if only_feed: log_file = "/var/log/alienvault/update/" + \ "system_update_feed_%10.2f.log" % time.time() if update_key != "": log_file = "/var/log/alienvault/update/" + \ "system_update_uc_%10.2f.log" % time.time() evars = {"target": "%s" % system_ip, "log_file": "%s" % log_file, "only_feed": only_feed, "update_key": update_key} ansible_purge_logs(system_ip, 'update') response = ansible.run_playbook(playbook=PLAYBOOKS['ASYNC_UPDATE'], host_list=[system_ip], extra_vars=evars, use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, msg return success, log_file
def delete_tunnel(system_ip): """ Stop the tunnel in system_ip. Also we must REMOVE the generate rsa keys """ (success, result) = ret = ansible_pkill(system_ip, r"ssh\s+-o\s+StrictHostKeyChecking=no\s+-fNnT\s+-R\s+[0-9]+:localhost:(22|443)\s+.*?\[email protected]") if not success: return ret evars = { 'target': system_ip} response = ansible.run_playbook(playbook=PLAYBOOKS['DISABLE_TUNNEL'], host_list=[system_ip], extra_vars=evars, use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, msg else: return True, ''
def check_support_tunnels(system_ip): """ Check the tunnels in machine :system_ip: """ success, tunnels = ret = status_tunnel(system_ip) if not success: return ret if len(tunnels) > 0: # Tunnels UP return True, "tunnel(s) up" # Okey tunnels down, I'm not going to check # if user / keys exists. Directy clean the remote system? evars = {'target': system_ip} response = ansible.run_playbook(playbook=PLAYBOOKS['DISABLE_TUNNEL'], host_list=[system_ip], extra_vars=evars, use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, msg else: return True, 'Clean up ok'
def delete_tunnel(system_ip): """ Stop the tunnel in system_ip. Also we must REMOVE the generate rsa keys """ (success, result) = ret = ansible_pkill( system_ip, r"ssh\s+-o\s+StrictHostKeyChecking=no\s+-fNnT\s+-R\s+[0-9]+:localhost:(22|443)\s+.*?\[email protected]" ) if not success: return ret evars = {'target': system_ip} response = ansible.run_playbook(playbook=PLAYBOOKS['DISABLE_TUNNEL'], host_list=[system_ip], extra_vars=evars, use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, msg else: return True, ''
def check_support_tunnels(system_ip): """ Check the tunnels in machine :system_ip: """ success, tunnels = ret = status_tunnel(system_ip) if not success: return ret if len(tunnels) > 0: # Tunnels UP return True, "tunnel(s) up" # Okey tunnels down, I'm not going to check # if user / keys exists. Directy clean the remote system? evars = { 'target': system_ip} response = ansible.run_playbook(playbook=PLAYBOOKS['DISABLE_TUNNEL'], host_list=[system_ip], extra_vars=evars, use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, msg else: return True, 'Clean up ok'
def ansible_run_async_reconfig( system_ip, log_file="/var/log/alienvault/update/system_reconfigure.log"): """Runs an asynchronous reconfigure on the given system Args: system_ip(str): The system_ip of the system to configure. log_file(str): The path where the the alienvault-reconfig command should throw the logs. Returns: (boolean, str): A tuple containing the result of the execution. On success msg will be the remote log file. Examples: >>> ansible_run_async_update("192.168.5.123","/var/log/alienvault/update/update.log") (True,"/var/log/alienvault/update/update.log") >>> ansible_run_async_update("192.168.5.999","/var/log/alienvault/update/update.log") (False, "Something wrong happened while running ansible command {'192.168.1.198': {'unreachable': 1, 'skipped': 0, 'ok': 0, 'changed': 0, 'failures': 0}}") """ log_file = "/var/log/alienvault/update/" + \ "system_reconfigure_%10.2f.log" % time.time() evars = {"target": "%s" % system_ip, "log_file": "%s" % log_file} ansible_purge_logs(system_ip, 'reconfigure') response = ansible.run_playbook(playbook=PLAYBOOKS['ASYNC_RECONFIG'], host_list=[system_ip], extra_vars=evars, use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, msg return success, log_file
def make_tunnel(system_ip, local_server_id, password=""): """ Builds the vpn node configuration for the given system ip. When possible, it tries to deploy the given configuration on the remote node. Args: system_ip: The VPN node you want to configure local_server_id: The local server id. password: The VPN node password """ host = '127.0.0.1' src = '/etc/openvpn/nodes/%s.tar.gz' % system_ip dst = '/tmp/' rt = True try: end_points = {} if not os.path.exists(src): response = ansible.run_module(host_list=[host], module='av_vpn', args={'system_ip': system_ip}) # 1 - Create the server configuration print "Building the VPN node configuration..." success, msg = ansible_is_valid_response(host, response) if not success: api_log.error("[make_tunnel] Cannot create the VPN node configuration. %s" % str(msg)) return False, "Cannot create the VPN node configuration" end_points = response['contacted'][host]['data'] else: # VPN configuration for the given node already exists with open("/etc/openvpn/ccd/%s" % system_ip, "r") as client_file: for line in client_file.readlines(): matchobj = re.match( "ifconfig-push (?P<client_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (?P<client_ip2>)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", line) if matchobj is not None: end_points['client_end_point1'] = matchobj.groupdict()['client_ip'] end_points['client_end_point2'] = matchobj.groupdict()['client_ip2'] if 'client_end_point1' not in end_points: api_log.error("[make_tunnel] end_points %s" % str(end_points)) return False, "Cannot retrieve the end points information" # Restart the OpenVPN server print "Restarting OpenVPN server..." response = ansible.run_module(host_list=[host], module="service", args="name=openvpn state=restarted") success, msg = ansible_is_valid_response(host, response) if not success: api_log.error("[make_tunnel] %s" % str(msg)) return False, "Cannot restart the OpenVPN server" print "Retrieving the local vpn server ip..." # 2- Retrieve the OpenVPN server ip response = ansible.run_module(host_list=[host], module="av_system_info", args="") success, msg = ansible_is_valid_response(host, response) if not success: api_log.error("[make_tunnel] Cannot retrieve the current vpn server ip: %s" % str(msg)) return False, "Cannot retrieve the VPN server ip" try: server_vpn_ip = response['contacted'][host]['data']['vpn_ip'] except Exception as error: api_log.error("[make_tunnel] tun0 doesn't exists. <%s>" % str(error)) return False, "Cannot retrieve the VPN server ip" # 3 - Copy the cliente configuration to its destination print "Trying to deploy the VPN configuration on the remote AlienVault appliance..." args = {'src': src, 'dest': dst} response = ansible.run_module(host_list=[system_ip], module='copy', args=args, ans_remote_pass=password, ans_remote_user="******", use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, show_vpn_offline_instructions(src, system_ip) print "Extracting the remote AlienVault appliance VPN configuration..." evars = {"tar_file": "%s.tar.gz" % system_ip, "target": "%s" % system_ip} response = ansible.run_playbook(playbook=PLAYBOOKS['UNTAR_VPN_AND_START'], host_list=[system_ip], extra_vars=evars, ans_remote_pass=password, ans_remote_user="******", use_sudo=True) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, "Cannot extract the OpenVPN configuration in the remote AlienVault appliance" print "Restarting remote OpenVPN service..." response = ansible.run_module(host_list=[system_ip], module="service", args="name=openvpn state=restarted", ans_remote_pass=password, ans_remote_user="******", use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, "Cannot restart OpenVPN service in the remote AlienVault appliance" # Retrieve remote system information. We need to know the remote system profile response = ansible.run_module(host_list=[system_ip], module="av_system_info", args="", ans_remote_pass=password, ans_remote_user="******", use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, "Cannot retrieve the remote AlienVault appliance configuration" try: remote_profiles = response['contacted'][system_ip]['data']['profile'] remote_server_id = None if 'server_id' in response['contacted'][system_ip]['data'] and \ response['contacted'][system_ip]['data']['server_id'] is not None: remote_server_id = response['contacted'][system_ip]['data']['server_id'] remote_server_id = remote_server_id.replace('-', '') except Exception as err: api_log.error("Error getting the remote profile: %s" % str(err)) return False, "Cannot retrieve the remote AlienVault appliance configuration" # UPDATE LOCAL SERVER TABLE: Set the local vpn ip cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % ( server_vpn_ip, local_server_id.upper()) response = ansible.run_module(host_list=[host], module="shell", args=cmd) success, msg = ansible_is_valid_response(host, response) if not success: api_log.error("Cannot update the local server information in the database. %s" % msg) return False, "Cannot update the local server information in the database" if response['contacted'][host]['rc'] != 0: api_log.error("Cannot update the local server information in the database. %s" % str(response)) return False, "Cannot update the local server information in the database" if "server" in remote_profiles: # IF SERVER PROFILE, UPDATE LOCAL SERVER TABLE AS WELL cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % (end_points['client_end_point1'], remote_server_id.upper()) response = ansible.run_module(host_list=[host], module="shell", args=cmd) success, msg = ansible_is_valid_response(host, response) if not success: api_log.error("Cannot configure the remote server information in the local database {0}".format(str(msg))) return False, "Cannot configure the remote server information in the local database" if response['contacted'][host]['rc'] != 0: api_log.error("Cannot configure the remote server information in the local database {0}".format(str(response))) return False, "Cannot configure the remote server information in the local database" # UPDATE REMOTE SERVER TABLE print "Remote profile server found... configuring it" print "Set VPN server ip oin remote db..." cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % ( server_vpn_ip, local_server_id.upper()) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******", use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: api_log.error("Cannot configure the VPN server ip in the remote AlienVault appliance {0}".format(str(response))) return False, "Cannot configure the VPN server ip in the remote AlienVault appliance" if response['contacted'][system_ip]['rc'] != 0: api_log.error("Cannot configure the VPN server ip in the remote AlienVault appliance {0}".format(str(response))) return False, "Cannot configure the VPN server ip in the remote AlienVault appliance" print "Set local server VPN ip in remote db ..." cmd = """echo \"update alienvault.server set ip=inet6_aton('%s') where id=unhex('%s');\" | ossim-db""" % ( end_points['client_end_point1'], remote_server_id.upper()) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******", use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: api_log.error("Cannot set the local server VPN ip in the remote DB {0}".format(str(msg))) return False, "Cannot set the local server VPN ip in the remote DB" if response['contacted'][system_ip]['rc'] != 0: api_log.error("Cannot set the local server VPN ip in the remote DB {0}".format(str(msg))) return False, "Cannot set the local server VPN ip in the remote DB" # UPDATE REMOTE SYSTEM TABLE cmd = """echo \"update alienvault.system set vpn_ip=inet6_aton('%s') where server_id=unhex('%s');\" | ossim-db""" % (server_vpn_ip, local_server_id.upper()) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******", use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: api_log.error("Cannot update the system information in the database. {0}".format(str(msg))) return False, "Cannot update the system information in the database." if response['contacted'][system_ip]['rc'] != 0: api_log.error("Cannot update the system information in the database. {0}".format(str(msg))) return False, "Cannot update the system information in the database." print "Set local vpn ip on remote db (systems)..." cmd = """echo \"update alienvault.system set vpn_ip=inet6_aton('%s') where server_id=unhex('%s');\" | ossim-db""" % (end_points['client_end_point1'], remote_server_id.upper()) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******", use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: api_log.error("Cannot update the system information in the database. {0}".format(str(msg))) return False, "Cannot update the system information in the database." if response['contacted'][system_ip]['rc'] != 0: api_log.error("Cannot update the system information in the database. {0}".format(str(msg))) return False, "Cannot update the system information in the database." # RESTART SERVICES ON REMOTE: ossim-server and alienvault-forward print "Restarting remote alienvault-forward service..." response = ansible.run_module(host_list=[system_ip], module="service", args="name=alienvault-forward state=restarted", ans_remote_pass=password, ans_remote_user="******", use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: api_log.error("Cannot restart the alienvault-forward service in the remote AlienVault appliance. {0}".format(str(msg))) return False, "Cannot restart the alienvault-forward service in the remote AlienVault appliance." print "Restarting remote ossim-server service..." response = ansible.run_module(host_list=[system_ip], module="service", args="name=ossim-server state=restarted", ans_remote_pass=password, ans_remote_user="******", use_sudo=True) success, msg = ansible_is_valid_response(system_ip, response) if not success: api_log.error("Cannot restart the ossim-server service in the remote AlienVault appliance. {0}".format(str(msg))) return False, "Cannot restart the ossim-server service in the remote AlienVault appliance." print "Restarting ossim-server" response = ansible.run_module(host_list=[host], module="service", args="name=ossim-server state=restarted") success, msg = ansible_is_valid_response(host, response) if not success: api_log.error("Cannot restart the ossim-server service. {0}".format(str(msg))) return False, "Cannot restart the ossim-server service" except Exception as err: api_log.error("Something wrong happened while building the vpn tunnel! %s" % str(err)) return False, "Cannot deploy the VPN tunnel" return True, end_points
def make_tunnel(system_ip, local_server_id, password=""): """ Make a tunnel with system_ip """ host = '127.0.0.1' src = '/etc/openvpn/nodes/%s.tar.gz' % system_ip dst = '/tmp/' rt = True end_points = None try: end_points = {} if not os.path.exists(src): response = ansible.run_module(host_list=[host], module='av_vpn', args={'system_ip': system_ip}) # 1 - Create the server configuration print "Creating node vpn configuration..." success, msg = ansible_is_valid_response(host, response) if not success: return False, msg end_points = response['contacted'][host]['data'] else: #VPN configuration for the given node already exists with open("/etc/openvpn/ccd/%s" % system_ip, "r") as client_file: for line in client_file.readlines(): matchobj = re.match( "ifconfig-push (?P<client_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (?P<client_ip2>)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", line) if matchobj is not None: end_points['client_end_point1'] = matchobj.groupdict( )['client_ip'] end_points['client_end_point2'] = matchobj.groupdict( )['client_ip2'] if 'client_end_point1' not in end_points: return False, "End points are empty" _ # Restart the openvpn server print "Restarting openvpn server..." response = ansible.run_module(host_list=[host], module="service", args="name=openvpn state=restarted") success, msg = ansible_is_valid_response(host, response) if not success: return False, msg print "Retrieving the local vpn server ip..." # 2- Retrieve the openvpn server ip response = ansible.run_module(host_list=[host], module="av_system_info", args="") success, msg = ansible_is_valid_response(host, response) if not success: return False, "[make_tunnel] Cannot retrieve the current vpn server ip: %s" % str( msg) server_vpn_ip = None frameworkd_vpn_ip = None try: server_vpn_ip = response['contacted'][host]['data']['vpn_ip'] frameworkd_vpn_ip = server_vpn_ip except: return False, "[make_tunnel] tun0 doesn't exists. <%s>" % str( response) # 3 - Copy the cliente configuration to its destination print "Copying the openvpn configuration to the node " args = {'src': src, 'dest': dst} response = ansible.run_module(host_list=[system_ip], module='copy', args=args, ans_remote_pass=password, ans_remote_user="******") success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg print "Uncompress the node configuration..." evars = { "tar_file": "%s.tar.gz" % system_ip, "target": "%s" % system_ip } response = ansible.run_playbook( playbook=PLAYBOOKS['UNTAR_VPN_AND_START'], host_list=[system_ip], extra_vars=evars, ans_remote_pass=password, ans_remote_user="******") success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, msg # 4 - Set the ossim_setup.conf variables #ossim_setup_values = {'server_server_ip':server_vpn_ip, # 'framework_framework_ip':frameworkd_vpn_ip} #print "Setting the server_ip and framework ip node values..." #success, msg = set_av_config(system_ip,ossim_setup_values) #if not success: # return False, "Error setting the vpn values on the remote host: %s" % msg #print "Reconfiguring the node..." ## 5 - Run alienvault reconfig in a asynchrnous way #success, msg = ansible_run_async_reconfig(system_ip) #if not success: # return False, "Error running alienvault-reconfigure after the vpn changes %s" % str(msg) print "Restarting remote openvpn service..." response = ansible.run_module(host_list=[system_ip], module="service", args="name=openvpn state=restarted", ans_remote_pass=password, ans_remote_user="******") success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg # Retrieve remote system information. We need to know the remote system profile response = ansible.run_module(host_list=[system_ip], module="av_system_info", args="", ans_remote_pass=password, ans_remote_user="******") success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg try: remote_profiles = response['contacted'][system_ip]['data'][ 'profile'] remote_server_id = None if 'server_id' in response['contacted'][system_ip][ 'data'] and response['contacted'][system_ip]['data'][ 'server_id'] is not None: remote_server_id = response['contacted'][system_ip]['data'][ 'server_id'] remote_server_id = remote_server_id.replace('-', '') except Exception as err: return False, "Error getting the remote profile: %s" % str(err) # UPDATE LOCAL SERVER TABLE: Set the local vpn ip cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % ( server_vpn_ip, local_server_id.upper()) response = ansible.run_module(host_list=[host], module="shell", args=cmd) success, msg = ansible_is_valid_response(host, response) if not success: return False, msg if response['contacted'][host]['rc'] != 0: return False, response['contacted'][host]['stderr'] if "server" in remote_profiles: # IF SERVER PROFILE, UPDATE LOCAL SERVER TABLE AS WELL cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % ( end_points['client_end_point1'], remote_server_id.upper()) response = ansible.run_module(host_list=[host], module="shell", args=cmd) success, msg = ansible_is_valid_response(host, response) if not success: return False, msg if response['contacted'][host]['rc'] != 0: return False, response['contacted'][host]['stderr'] # UPDATE REMOTE SERVER TABLE print "Remote profile server found... configuring it" print "Set vpn server ip on remote db..." cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % ( server_vpn_ip, local_server_id.upper()) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******") success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg if response['contacted'][system_ip]['rc'] != 0: return False, response['contacted'][system_ip]['stderr'] print "Set local vpn ip on remote db ..." cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % ( end_points['client_end_point1'], remote_server_id.upper()) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******") success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg if response['contacted'][system_ip]['rc'] != 0: return False, response['contacted'][system_ip]['stderr'] # UPDATE REMOTE SYSTEM TABLE cmd = """echo \"update alienvault.system set vpn_ip=inet6_pton('%s') where server_id=unhex('%s');\" | ossim-db""" % ( server_vpn_ip, local_server_id.upper()) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******") success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg if response['contacted'][system_ip]['rc'] != 0: return False, response['contacted'][system_ip]['stderr'] print "Set local vpn ip on remote db (systems)..." cmd = """echo \"update alienvault.system set vpn_ip=inet6_pton('%s') where server_id=unhex('%s');\" | ossim-db""" % ( end_points['client_end_point1'], remote_server_id.upper()) response = ansible.run_module(host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******") success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg if response['contacted'][system_ip]['rc'] != 0: return False, response['contacted'][system_ip]['stderr'] # RESTART SERVICES ON REMOTE: ossim-server and alienvault-forward print "Restarting remote alienvault-forward service..." response = ansible.run_module( host_list=[system_ip], module="service", args="name=alienvault-forward state=restarted", ans_remote_pass=password, ans_remote_user="******") success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg print "Restarting remote ossim-server service..." response = ansible.run_module( host_list=[system_ip], module="service", args="name=ossim-server state=restarted", ans_remote_pass=password, ans_remote_user="******") success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg print "Restarting ossim-server" response = ansible.run_module(host_list=[host], module="service", args="name=ossim-server state=restarted") success, msg = ansible_is_valid_response(host, response) if not success: return False, msg except Exception as err: return rt, "Something wrong happened while building the vpn tunnel! %s" % str( err) return True, end_points
def make_tunnel(system_ip, local_server_id, password=""): """ Make a tunnel with system_ip """ host = "127.0.0.1" src = "/etc/openvpn/nodes/%s.tar.gz" % system_ip dst = "/tmp/" rt = True end_points = None try: end_points = {} if not os.path.exists(src): response = ansible.run_module(host_list=[host], module="av_vpn", args={"system_ip": system_ip}) # 1 - Create the server configuration print "Creating node vpn configuration..." success, msg = ansible_is_valid_response(host, response) if not success: return False, msg end_points = response["contacted"][host]["data"] else: # VPN configuration for the given node already exists with open("/etc/openvpn/ccd/%s" % system_ip, "r") as client_file: for line in client_file.readlines(): matchobj = re.match( "ifconfig-push (?P<client_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (?P<client_ip2>)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}", line, ) if matchobj is not None: end_points["client_end_point1"] = matchobj.groupdict()["client_ip"] end_points["client_end_point2"] = matchobj.groupdict()["client_ip2"] if "client_end_point1" not in end_points: return False, "End points are empty" _ # Restart the openvpn server print "Restarting openvpn server..." response = ansible.run_module(host_list=[host], module="service", args="name=openvpn state=restarted") success, msg = ansible_is_valid_response(host, response) if not success: return False, msg print "Retrieving the local vpn server ip..." # 2- Retrieve the openvpn server ip response = ansible.run_module(host_list=[host], module="av_system_info", args="") success, msg = ansible_is_valid_response(host, response) if not success: return False, "[make_tunnel] Cannot retrieve the current vpn server ip: %s" % str(msg) server_vpn_ip = None frameworkd_vpn_ip = None try: server_vpn_ip = response["contacted"][host]["data"]["vpn_ip"] frameworkd_vpn_ip = server_vpn_ip except: return False, "[make_tunnel] tun0 doesn't exists. <%s>" % str(response) # 3 - Copy the cliente configuration to its destination print "Copying the openvpn configuration to the node " args = {"src": src, "dest": dst} response = ansible.run_module( host_list=[system_ip], module="copy", args=args, ans_remote_pass=password, ans_remote_user="******" ) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg print "Uncompress the node configuration..." evars = {"tar_file": "%s.tar.gz" % system_ip, "target": "%s" % system_ip} response = ansible.run_playbook( playbook=PLAYBOOKS["UNTAR_VPN_AND_START"], host_list=[system_ip], extra_vars=evars, ans_remote_pass=password, ans_remote_user="******", ) success, msg = ansible_is_valid_playbook_response(system_ip, response) if not success: return False, msg # 4 - Set the ossim_setup.conf variables # ossim_setup_values = {'server_server_ip':server_vpn_ip, # 'framework_framework_ip':frameworkd_vpn_ip} # print "Setting the server_ip and framework ip node values..." # success, msg = set_av_config(system_ip,ossim_setup_values) # if not success: # return False, "Error setting the vpn values on the remote host: %s" % msg # print "Reconfiguring the node..." ## 5 - Run alienvault reconfig in a asynchrnous way # success, msg = ansible_run_async_reconfig(system_ip) # if not success: # return False, "Error running alienvault-reconfigure after the vpn changes %s" % str(msg) print "Restarting remote openvpn service..." response = ansible.run_module( host_list=[system_ip], module="service", args="name=openvpn state=restarted", ans_remote_pass=password, ans_remote_user="******", ) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg # Retrieve remote system information. We need to know the remote system profile response = ansible.run_module( host_list=[system_ip], module="av_system_info", args="", ans_remote_pass=password, ans_remote_user="******" ) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg try: remote_profiles = response["contacted"][system_ip]["data"]["profile"] remote_server_id = None if ( "server_id" in response["contacted"][system_ip]["data"] and response["contacted"][system_ip]["data"]["server_id"] is not None ): remote_server_id = response["contacted"][system_ip]["data"]["server_id"] remote_server_id = remote_server_id.replace("-", "") except Exception as err: return False, "Error getting the remote profile: %s" % str(err) # UPDATE LOCAL SERVER TABLE: Set the local vpn ip cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % ( server_vpn_ip, local_server_id.upper(), ) response = ansible.run_module(host_list=[host], module="shell", args=cmd) success, msg = ansible_is_valid_response(host, response) if not success: return False, msg if response["contacted"][host]["rc"] != 0: return False, response["contacted"][host]["stderr"] if "server" in remote_profiles: # IF SERVER PROFILE, UPDATE LOCAL SERVER TABLE AS WELL cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % ( end_points["client_end_point1"], remote_server_id.upper(), ) response = ansible.run_module(host_list=[host], module="shell", args=cmd) success, msg = ansible_is_valid_response(host, response) if not success: return False, msg if response["contacted"][host]["rc"] != 0: return False, response["contacted"][host]["stderr"] # UPDATE REMOTE SERVER TABLE print "Remote profile server found... configuring it" print "Set vpn server ip on remote db..." cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % ( server_vpn_ip, local_server_id.upper(), ) response = ansible.run_module( host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******" ) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg if response["contacted"][system_ip]["rc"] != 0: return False, response["contacted"][system_ip]["stderr"] print "Set local vpn ip on remote db ..." cmd = """echo \"update alienvault.server set ip=inet6_pton('%s') where id=unhex('%s');\" | ossim-db""" % ( end_points["client_end_point1"], remote_server_id.upper(), ) response = ansible.run_module( host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******" ) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg if response["contacted"][system_ip]["rc"] != 0: return False, response["contacted"][system_ip]["stderr"] # UPDATE REMOTE SYSTEM TABLE cmd = ( """echo \"update alienvault.system set vpn_ip=inet6_pton('%s') where server_id=unhex('%s');\" | ossim-db""" % (server_vpn_ip, local_server_id.upper()) ) response = ansible.run_module( host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******" ) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg if response["contacted"][system_ip]["rc"] != 0: return False, response["contacted"][system_ip]["stderr"] print "Set local vpn ip on remote db (systems)..." cmd = ( """echo \"update alienvault.system set vpn_ip=inet6_pton('%s') where server_id=unhex('%s');\" | ossim-db""" % (end_points["client_end_point1"], remote_server_id.upper()) ) response = ansible.run_module( host_list=[system_ip], module="shell", args=cmd, ans_remote_pass=password, ans_remote_user="******" ) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg if response["contacted"][system_ip]["rc"] != 0: return False, response["contacted"][system_ip]["stderr"] # RESTART SERVICES ON REMOTE: ossim-server and alienvault-forward print "Restarting remote alienvault-forward service..." response = ansible.run_module( host_list=[system_ip], module="service", args="name=alienvault-forward state=restarted", ans_remote_pass=password, ans_remote_user="******", ) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg print "Restarting remote ossim-server service..." response = ansible.run_module( host_list=[system_ip], module="service", args="name=ossim-server state=restarted", ans_remote_pass=password, ans_remote_user="******", ) success, msg = ansible_is_valid_response(system_ip, response) if not success: return False, msg print "Restarting ossim-server" response = ansible.run_module(host_list=[host], module="service", args="name=ossim-server state=restarted") success, msg = ansible_is_valid_response(host, response) if not success: return False, msg except Exception as err: return rt, "Something wrong happened while building the vpn tunnel! %s" % str(err) return True, end_points