def ossec_get_server_config(sensor_id):
(success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
return False, "Invalid sensor id %s" % sensor_id
success, ossec_directory = get_ossec_directory(sensor_id)
if not success:
api_log.error(str(ossec_directory))
return False, ossec_directory
server_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_SERVER_FILE_NAME)
success, filename = fetch_file(system_ip=system_ip,
src_file_path=OSSEC_CONFIG_SERVER_PATH,
dst_file_path=server_config_file,
fail_on_missing=True,
flat=True)
if not success:
if str(filename).find('the remote file does not exist') > 0:
if touch_file(server_config_file):
filename = server_config_file
else:
api_log.error(str(filename))
return False, "Something wrong happened getting the HIDS server configuration file"
success, result = set_ossec_file_permissions(server_config_file)
if not success:
return False, str(result)
return True, filename
def get_support_info (system_id, ticket):
args = {}
args['output_type'] = 'support'
args['output_raw'] = 'True'
args['output_file_prefix'] = ticket
(success, ip) = get_system_ip_from_system_id(system_id)
if not success:
return (False, "Bad system_id '%s'" % system_id)
if not ticket.isdigit() or len(ticket) != 8:
return (False, "Bad ticket id format: %s" % ticket)
file_uploaded = False
file_name = ''
data = get_doctor_data ([ip], args)
if ip in data['dark']:
return (False, data['dark'][ip]['msg'])
if data['contacted'][ip]['rc'] == 0:
file_uploaded = True
elif data['contacted'][ip]['rc'] == 1:
file_name = data['contacted'][ip]['data'].replace('\n', '')
else:
return (False, "Error Calling support tool")
if not file_uploaded:
(success, data) = fetch_file(ip, file_name, file_name)
return (True, {'file_uploaded': file_uploaded, 'file_name': file_name})
def ansible_get_agent_config_yml(sensor_ip):
"""Get config.yml file and parse it"""
config_file = '/etc/ossim/agent/config.yml'
local_file = '/var/tmp/{0}{1}'.format(sensor_ip, config_file)
device_list = {}
try:
success, dst = fetch_file(sensor_ip, config_file, '/var/tmp')
except Exception as exc:
api_log.error("[ansible_get_agent_config_yml] Error: %s" % str(exc))
return False, str(exc)
if not os.path.exists(local_file):
api_log.info("[ansible_get_agent_config_yml] File {0} not found in {1}".format(config_file, local_file))
else:
try:
with open(local_file, 'r') as f:
content = yaml.load(f.read())
if "plugins" in content:
for plg in content['plugins']:
for path,info in plg.iteritems():
if "DEFAULT" in info:
data = info['DEFAULT']
device_list[data['device_id']] = [] # Support more than one plugin per asset
for plg in content['plugins']:
for path,info in plg.iteritems():
if "DEFAULT" in info:
data = info['DEFAULT']
device_list[data['device_id']].append(data['pid']) # Support more than one plugin per asset
os.remove(local_file)
except Exception as exc:
api_log.error("[ansible_get_agent_config_yml] Unable to parse yml: %s" % str(exc))
return False, str(exc)
return True, device_list
def ossec_get_agent_config(sensor_id):
(success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
return False, "Invalid sensor id %s" % sensor_id
success, ossec_directory = get_ossec_directory(sensor_id)
if not success:
api_log.error(str(ossec_directory))
return False, ossec_directory
agent_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_AGENT_FILE_NAME)
success, filename = fetch_file(system_ip=system_ip,
src_file_path=OSSEC_CONFIG_AGENT_PATH,
dst_file_path=agent_config_file,
fail_on_missing=True,
flat=True)
try:
if not success:
if str(filename).find('the remote file does not exist') > 0:
if touch_file(agent_config_file):
success = True
filename = agent_config_file
except Exception as err:
import traceback
api_log.error("EX: %s, %s" % (str(err), traceback.format_exc()))
if not success:
api_log.error(str(filename))
return False, "Something wrong happened getting the HIDS agent configuration file"
success, result = set_ossec_file_permissions(agent_config_file)
if not success:
return False, str(result)
return True, filename
def get_support_info (system_id, ticket):
args = {}
args['output_type'] = 'support'
args['output_raw'] = 'True'
args['verbose'] = 2
args['output_file_prefix'] = ticket
(success, ip) = get_system_ip_from_system_id(system_id)
if not success:
return (False, "Bad system_id '%s'" % system_id)
if not ticket.isdigit() or len(ticket) != 8:
return (False, "Bad ticket id format: %s" % ticket)
file_uploaded = False
file_name = ''
data = get_doctor_data ([ip], args)
if ip in data['dark']:
return (False, data['dark'][ip]['msg'])
if data['contacted'][ip]['rc'] == 0:
file_uploaded = True
elif data['contacted'][ip]['rc'] == 1:
file_name = data['contacted'][ip]['data'].replace('\n', '')
# Clean to extract the filename
file_name = re.sub(r'.*\/var\/ossim', '/var/ossim', file_name)
file_name = re.sub(r'\.doctor.*', '.doctor', file_name)
else:
return (False, "Error Calling support tool")
if not file_uploaded:
(success, data) = fetch_file(ip, file_name, file_name)
return (True, {'file_uploaded': file_uploaded, 'file_name': file_name})
def get_support_info(system_id, ticket):
args = {}
args["output_type"] = "support"
args["output_raw"] = "True"
args["output_file_prefix"] = ticket
(success, ip) = get_system_ip_from_system_id(system_id)
if not success:
return (False, "Bad system_id '%s'" % system_id)
if not ticket.isdigit() or len(ticket) != 8:
return (False, "Bad ticket id format: %s" % ticket)
file_uploaded = False
file_name = ""
data = get_doctor_data([ip], args)
if ip in data["dark"]:
return (False, data["dark"][ip]["msg"])
if data["contacted"][ip]["rc"] == 0:
file_uploaded = True
elif data["contacted"][ip]["rc"] == 1:
file_name = data["contacted"][ip]["data"].replace("\n", "")
else:
return (False, "Error Calling support tool")
if not file_uploaded:
(success, data) = fetch_file(ip, file_name, file_name)
return (True, {"file_uploaded": file_uploaded, "file_name": file_name})
def ansible_get_partial_results(sensor_ip, task_id):
"""Get partial nmap results if exists"""
try:
scan_file = "/tmp/{0}.scan".format(task_id)
(success, dst) = fetch_file(sensor_ip, scan_file, '/var/tmp')
if not success:
return False, dst
except Exception as exc:
api_log.error("[ansible_get_partial_results] Error: %s" % str(exc))
return False, str(exc)
return True, dst
def ansible_get_partial_results(sensor_ip, task_id):
"""Get partial nmap results if exists"""
try:
scan_file = "/tmp/{0}.scan".format(task_id)
(success, dst) = fetch_file(sensor_ip, scan_file, '/var/tmp')
if not success:
return False, dst
except Exception as exc:
api_log.error("[ansible_get_partial_results] Error: %s" % str(exc))
return False, str(exc)
return True, dst
def get_license_info (system_ip='127.0.0.1'):
"""
Return a dictionary with the license information on '[appliance]' section
@system_ip: The IP address of the system
"""
license_info = 'NA'
(success, dst) = fetch_file(system_ip, '/etc/ossim/ossim.lic', '/tmp')
if not success:
return (False, dst)
parsed = ConfigParser.ConfigParser()
parsed.read(dst)
if 'appliance' in parsed.sections():
license_info = dict(parsed.items('appliance'))
return (True, license_info)
def get_license_info(system_ip='127.0.0.1'):
"""
Return a dictionary with the license information on '[appliance]' section
@system_ip: The IP address of the system
"""
license_info = 'NA'
(success, dst) = fetch_file(system_ip, '/etc/ossim/ossim.lic', '/tmp')
if not success:
return (False, dst)
parsed = ConfigParser.ConfigParser()
parsed.read(dst)
if 'appliance' in parsed.sections():
license_info = dict(parsed.items('appliance'))
return (True, license_info)
def get_backup_file(backup_name,
system_id='local',
backup_type='configuration'):
"""
Get a backup file from a remote system.
"""
success, system_ip = get_system_ip_from_system_id(system_id)
if not success:
return False
backup_path = "/var/alienvault/backup/"
backup_download_path = "/var/alienvault/backup/downloaded/"
success, src_file_path = secure_path_join(backup_path, backup_name)
if not success:
notifier.warning("Invalid backup name %s" % backup_name)
return False
success, dst_file_path = secure_path_join(backup_download_path, backup_name)
if not success:
notifier.warning("Invalid backup name %s" % backup_name)
return False
return fetch_file(system_ip, src_file_path, dst_file_path, flat=True)
def get_backup_file(backup_name,
system_id='local',
backup_type='configuration'):
"""
Get a backup file from a remote system.
"""
success, system_ip = get_system_ip_from_system_id(system_id)
if not success:
return False
backup_path = "/var/alienvault/backup/"
backup_download_path = "/var/alienvault/backup/downloaded/"
success, src_file_path = secure_path_join(backup_path, backup_name)
if not success:
notifier.warning("Invalid backup name %s" % backup_name)
return False
success, dst_file_path = secure_path_join(backup_download_path,
backup_name)
if not success:
notifier.warning("Invalid backup name %s" % backup_name)
return False
return fetch_file(system_ip, src_file_path, dst_file_path, flat=True)