示例#1
0
def ossec_get_server_config(sensor_id):
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id %s" % sensor_id

    success, ossec_directory = get_ossec_directory(sensor_id)
    if not success:
        api_log.error(str(ossec_directory))
        return False, ossec_directory
    server_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_SERVER_FILE_NAME)

    success, filename = fetch_file(system_ip=system_ip,
                                   src_file_path=OSSEC_CONFIG_SERVER_PATH,
                                   dst_file_path=server_config_file,
                                   fail_on_missing=True,
                                   flat=True)

    if not success:
        if str(filename).find('the remote file does not exist') > 0:
            if touch_file(server_config_file):
                filename = server_config_file
        else:
            api_log.error(str(filename))
            return False, "Something wrong happened getting the HIDS server configuration file"

    success, result = set_ossec_file_permissions(server_config_file)
    if not success:
        return False, str(result)
    return True, filename
示例#2
0
def get_support_info (system_id, ticket):
    args = {}
    args['output_type'] = 'support'
    args['output_raw'] = 'True'
    args['output_file_prefix'] = ticket

    (success, ip) = get_system_ip_from_system_id(system_id)
    if not success:
        return (False, "Bad system_id '%s'" % system_id)

    if not ticket.isdigit() or len(ticket) != 8:
        return (False, "Bad ticket id format: %s" % ticket)

    file_uploaded = False
    file_name = ''

    data = get_doctor_data ([ip], args)
    if ip in data['dark']:
        return (False, data['dark'][ip]['msg'])

    if data['contacted'][ip]['rc'] == 0:
        file_uploaded = True
    elif data['contacted'][ip]['rc'] == 1:
        file_name = data['contacted'][ip]['data'].replace('\n', '')
    else:
        return (False, "Error Calling support tool")

    if not file_uploaded:
        (success, data) = fetch_file(ip, file_name, file_name)

    return (True, {'file_uploaded': file_uploaded, 'file_name': file_name})
示例#3
0
def ansible_get_agent_config_yml(sensor_ip):
    """Get config.yml file and parse it"""
    config_file = '/etc/ossim/agent/config.yml'
    local_file = '/var/tmp/{0}{1}'.format(sensor_ip, config_file)
    device_list = {}
    try:
        success, dst = fetch_file(sensor_ip, config_file, '/var/tmp')
    except Exception as exc:
        api_log.error("[ansible_get_agent_config_yml] Error: %s" % str(exc))
        return False, str(exc)
    if not os.path.exists(local_file):
        api_log.info("[ansible_get_agent_config_yml] File {0} not found in {1}".format(config_file, local_file))
    else:
        try:
            with open(local_file, 'r') as f:
                content = yaml.load(f.read())
            if "plugins" in content:
                for plg in content['plugins']:
                    for path,info in plg.iteritems():
                        if "DEFAULT" in info:
                            data = info['DEFAULT']
                            device_list[data['device_id']] = [] # Support more than one plugin per asset
                for plg in content['plugins']:
                    for path,info in plg.iteritems():
                        if "DEFAULT" in info:
                            data = info['DEFAULT']
                            device_list[data['device_id']].append(data['pid']) # Support more than one plugin per asset
            os.remove(local_file)
        except Exception as exc:
            api_log.error("[ansible_get_agent_config_yml] Unable to parse yml: %s" % str(exc))
            return False, str(exc)

    return True, device_list
示例#4
0
def ossec_get_agent_config(sensor_id):
    (success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
    if not success:
        return False, "Invalid sensor id %s" % sensor_id

    success, ossec_directory = get_ossec_directory(sensor_id)
    if not success:
        api_log.error(str(ossec_directory))
        return False, ossec_directory
    agent_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_AGENT_FILE_NAME)

    success, filename = fetch_file(system_ip=system_ip,
                                   src_file_path=OSSEC_CONFIG_AGENT_PATH,
                                   dst_file_path=agent_config_file,
                                   fail_on_missing=True,
                                   flat=True)
    try:
        if not success:
            if str(filename).find('the remote file does not exist') > 0:
                if touch_file(agent_config_file):
                    success = True
                    filename = agent_config_file
    except Exception as err:
        import traceback
        api_log.error("EX: %s, %s" % (str(err), traceback.format_exc()))

    if not success:
        api_log.error(str(filename))
        return False, "Something wrong happened getting the HIDS agent configuration file"

    success, result = set_ossec_file_permissions(agent_config_file)
    if not success:
        return False, str(result)

    return True, filename
示例#5
0
def get_support_info (system_id, ticket):
    args = {}
    args['output_type'] = 'support'
    args['output_raw'] = 'True'
    args['verbose'] = 2
    args['output_file_prefix'] = ticket

    (success, ip) = get_system_ip_from_system_id(system_id)
    if not success:
        return (False, "Bad system_id '%s'" % system_id)

    if not ticket.isdigit() or len(ticket) != 8:
        return (False, "Bad ticket id format: %s" % ticket)

    file_uploaded = False
    file_name = ''

    data = get_doctor_data ([ip], args)
    if ip in data['dark']:
        return (False, data['dark'][ip]['msg'])

    if data['contacted'][ip]['rc'] == 0:
        file_uploaded = True
    elif data['contacted'][ip]['rc'] == 1:
        file_name = data['contacted'][ip]['data'].replace('\n', '')
        # Clean to extract the filename
        file_name = re.sub(r'.*\/var\/ossim', '/var/ossim', file_name)
        file_name = re.sub(r'\.doctor.*', '.doctor', file_name)
    else:
        return (False, "Error Calling support tool")

    if not file_uploaded:
        (success, data) = fetch_file(ip, file_name, file_name)

    return (True, {'file_uploaded': file_uploaded, 'file_name': file_name})
示例#6
0
def get_support_info(system_id, ticket):
    args = {}
    args["output_type"] = "support"
    args["output_raw"] = "True"
    args["output_file_prefix"] = ticket

    (success, ip) = get_system_ip_from_system_id(system_id)
    if not success:
        return (False, "Bad system_id '%s'" % system_id)

    if not ticket.isdigit() or len(ticket) != 8:
        return (False, "Bad ticket id format: %s" % ticket)

    file_uploaded = False
    file_name = ""

    data = get_doctor_data([ip], args)
    if ip in data["dark"]:
        return (False, data["dark"][ip]["msg"])

    if data["contacted"][ip]["rc"] == 0:
        file_uploaded = True
    elif data["contacted"][ip]["rc"] == 1:
        file_name = data["contacted"][ip]["data"].replace("\n", "")
    else:
        return (False, "Error Calling support tool")

    if not file_uploaded:
        (success, data) = fetch_file(ip, file_name, file_name)

    return (True, {"file_uploaded": file_uploaded, "file_name": file_name})
示例#7
0
def ansible_get_partial_results(sensor_ip, task_id):
    """Get partial nmap results if exists"""
    try:
        scan_file = "/tmp/{0}.scan".format(task_id)
        (success, dst) = fetch_file(sensor_ip, scan_file, '/var/tmp')
        if not success:
            return False, dst
    except Exception as exc:
        api_log.error("[ansible_get_partial_results] Error: %s" % str(exc))
        return False, str(exc)
    return True, dst
示例#8
0
def ansible_get_partial_results(sensor_ip, task_id):
    """Get partial nmap results if exists"""
    try:
        scan_file = "/tmp/{0}.scan".format(task_id)
        (success, dst) = fetch_file(sensor_ip, scan_file, '/var/tmp')
        if not success:
            return False, dst
    except Exception as exc:
        api_log.error("[ansible_get_partial_results] Error: %s" % str(exc))
        return False, str(exc)
    return True, dst
示例#9
0
def get_license_info (system_ip='127.0.0.1'):
    """
    Return a dictionary with the license information on '[appliance]' section
    @system_ip: The IP address of the system
    """
    license_info = 'NA'
    (success, dst) = fetch_file(system_ip, '/etc/ossim/ossim.lic', '/tmp')
    if not success:
        return (False, dst)

    parsed = ConfigParser.ConfigParser()
    parsed.read(dst)
    if 'appliance' in parsed.sections():
        license_info = dict(parsed.items('appliance'))

    return (True, license_info)
示例#10
0
def get_license_info(system_ip='127.0.0.1'):
    """
    Return a dictionary with the license information on '[appliance]' section
    @system_ip: The IP address of the system
    """
    license_info = 'NA'
    (success, dst) = fetch_file(system_ip, '/etc/ossim/ossim.lic', '/tmp')
    if not success:
        return (False, dst)

    parsed = ConfigParser.ConfigParser()
    parsed.read(dst)
    if 'appliance' in parsed.sections():
        license_info = dict(parsed.items('appliance'))

    return (True, license_info)
示例#11
0
def get_backup_file(backup_name,
                    system_id='local',
                    backup_type='configuration'):
    """
    Get a backup file from a remote system.
    """
    success, system_ip = get_system_ip_from_system_id(system_id)
    if not success:
        return False

    backup_path = "/var/alienvault/backup/"
    backup_download_path = "/var/alienvault/backup/downloaded/"
    success, src_file_path = secure_path_join(backup_path, backup_name)
    if not success:
        notifier.warning("Invalid backup name %s" % backup_name)
        return False
    success, dst_file_path = secure_path_join(backup_download_path, backup_name)
    if not success:
        notifier.warning("Invalid backup name %s" % backup_name)
        return False

    return fetch_file(system_ip, src_file_path, dst_file_path, flat=True)
示例#12
0
def get_backup_file(backup_name,
                    system_id='local',
                    backup_type='configuration'):
    """
    Get a backup file from a remote system.
    """
    success, system_ip = get_system_ip_from_system_id(system_id)
    if not success:
        return False

    backup_path = "/var/alienvault/backup/"
    backup_download_path = "/var/alienvault/backup/downloaded/"
    success, src_file_path = secure_path_join(backup_path, backup_name)
    if not success:
        notifier.warning("Invalid backup name %s" % backup_name)
        return False
    success, dst_file_path = secure_path_join(backup_download_path,
                                              backup_name)
    if not success:
        notifier.warning("Invalid backup name %s" % backup_name)
        return False

    return fetch_file(system_ip, src_file_path, dst_file_path, flat=True)