def update_hids_agents(): """ Task to update the info of hids agents of each sensor """ insert_message = False send_refresh = False not_linked_assets = 0 msg_id_binary = get_bytes_from_uuid("00000000-0000-0000-0000-000000010032") delete_current_status_messages([msg_id_binary]) try: success, systems = get_systems(system_type='Sensor', directly_connected=True) if not success: logger.error("[update_hids_agents] %s" % str(systems)) raise APICannotRetrieveSystems() success, local_system_id = get_system_id_from_local() if not success: logger.error("[update_hids_agents] %s" % str(local_system_id)) raise APICannotResolveLocalSystemID() system_ids = [x[0] for x in systems] if local_system_id not in system_ids: system_ids.append(local_system_id) for system_id in system_ids: try: not_linked_assets_by_sensor, new_host = update_system_hids_agents( system_id) # Update counter not_linked_assets = not_linked_assets + not_linked_assets_by_sensor if not_linked_assets_by_sensor > 0: insert_message = True if not send_refresh and new_host: send_refresh = True except APIException as e: logger.error("[update_hids_agents] %s" % str(e)) except Exception as e: logger.error("[update_hids_agents] %s" % str(e)) return False if insert_message: success, local_system_id = get_system_id_from_local() additional_info = json.dumps({"not_linked_assets": not_linked_assets}) insert_current_status_message("00000000-0000-0000-0000-000000010032", local_system_id, "system", additional_info) if send_refresh: refresh_hosts() return True
def update_hids_agents(): """ Task to update the info of hids agents of each sensor """ insert_message = False send_refresh = False not_linked_assets = 0 msg_id_binary = get_bytes_from_uuid("00000000-0000-0000-0000-000000010032") delete_current_status_messages([msg_id_binary]) try: success, systems = get_systems(system_type='Sensor', directly_connected=True) if not success: logger.error("[update_hids_agents] %s" % str(systems)) raise APICannotRetrieveSystems() success, local_system_id = get_system_id_from_local() if not success: logger.error("[update_hids_agents] %s" % str(local_system_id)) raise APICannotResolveLocalSystemID() system_ids = [x[0] for x in systems] if local_system_id not in system_ids: system_ids.append(local_system_id) for system_id in system_ids: try: not_linked_assets_by_sensor, new_host = update_system_hids_agents(system_id) # Update counter not_linked_assets = not_linked_assets + not_linked_assets_by_sensor if not_linked_assets_by_sensor > 0: insert_message = True if not send_refresh and new_host: send_refresh = True except APIException as e: logger.error("[update_hids_agents] %s" % str(e)) except Exception as e: logger.error("[update_hids_agents] %s" % str(e)) return False if insert_message: success, local_system_id = get_system_id_from_local() additional_info = json.dumps({"not_linked_assets": not_linked_assets}) insert_current_status_message("00000000-0000-0000-0000-000000010032", local_system_id, "system", additional_info) if send_refresh: refresh_hosts() return True
def ossec_win_deploy(sensor_id, asset_id, windows_ip, windows_username, windows_password, windows_domain, agent_id=None): """ Deploy HIDS agent on a Windows System Args: sensor_id(str): Sensor ID asset_id(str): Asset ID windows_ip(str) : Deployment IP (where we are going to deploy the HIDS Agent) windows_username(str) : Windows Username windows_password(str) : Windows Password windows_domain(str) : Windows Domain agent_id(str) : Agent ID Returns: True if HIDS agent was properly deployed Raises: APICannotResolveAssetID APICannotCreateHIDSAgent APICannotGetHIDSAgentByAsset APICannotResolveSensorID APICannotDeployHIDSAgent APIInvalidDeploymentIP APIInvalidWindowsUsername APIInvalidWindowsPassword APIInvalidAgentID """ # Setting default values agent_name = None sensor_ip = None sensor_name = None asset_name = None try: # Validate deployment parameters if not is_valid_uuid(asset_id): raise APICannotResolveAssetID(asset_id) if not is_valid_ipv4(windows_ip): raise APIInvalidDeploymentIP(windows_ip) if not is_valid_windows_user(windows_username): raise APIInvalidWindowsUsername(windows_username) if not is_valid_user_password(windows_password): raise APIInvalidWindowsPassword() if agent_id and not is_valid_ossec_agent_id(agent_id): raise APIInvalidAgentID(agent_id) # Getting Sensor Information (success, sensor) = get_sensor_by_sensor_id(sensor_id) if not success: raise APICannotResolveSensorID(sensor_id) sensor_id = get_uuid_string_from_bytes(sensor.id) sensor_id = sensor_id.replace('-', '').upper() sensor_ip = get_ip_str_from_bytes(sensor.ip) sensor_name = sensor.name # Getting agent related to assets hids_agents = get_hids_agents_by_asset(asset_id, sensor_id) # Getting asset info asset_name = get_name_by_host_id(asset_id) if len(hids_agents) == 0: # Creating agent if doesn't exists agent_name = asset_name (success, data) = apimethod_ossec_add_new_agent(sensor_id, agent_name, windows_ip, asset_id) if not success: raise APICannotCreateHIDSAgent(agent_name, sensor_id) else: agent_id = data else: # Getting agent information if agent_id: agent_key = sensor_id + '#' + agent_id else: agent_key = hids_agents.keys().pop(0) if agent_key in hids_agents: agent_name = hids_agents[agent_key].get('name') agent_id = hids_agents[agent_key].get('id') else: raise APICannotGetHIDSAgentByAsset(asset_id) # Deploy HIDS Agent ansible_result = ansible_ossec_win_deploy(sensor_ip, agent_name, windows_ip, windows_username, windows_domain, windows_password) if ansible_result[sensor_ip]['unreachable'] == 0 and ansible_result[ sensor_ip]['failures'] == 0: # No error, update agent status in database time.sleep(2) (success, data) = apimethod_ossec_get_agent_detail(sensor_id, agent_id) if success: agent_info = data[0].split(',') agent_status = agent_info[3] update_hids_agent_status(agent_id, sensor_id, agent_status) else: ans_last_error = "" if ansible_result[sensor_ip]['unreachable'] == 1: ans_last_error = "System is unreachable" elif 'msg' in ansible_result['alienvault']['lasterror'][ sensor_ip] and ansible_result['alienvault']['lasterror'][ sensor_ip]['msg'] != "": ans_last_error = ansible_result['alienvault']['lasterror'][ sensor_ip]['msg'] elif 'stderr' in ansible_result['alienvault']['lasterror'][ sensor_ip] and ansible_result['alienvault']['lasterror'][ sensor_ip]['stderr'] != "": ans_last_error = ansible_result['alienvault']['lasterror'][ sensor_ip]['stderr'] elif 'stdout' in ansible_result['alienvault']['lasterror'][ sensor_ip] and ansible_result['alienvault']['lasterror'][ sensor_ip]['stdout'] != "": ans_last_error = ansible_result['alienvault']['lasterror'][ sensor_ip]['stdout'] error_msg = 'HIDS Agent cannot be deployed. Reason: {0}'.format( ans_last_error) raise APICannotDeployHIDSAgent(error_msg) res = True message = 'HIDS agent successfully deployed' except APICannotDeployHIDSAgent as err: message = str(err) res = False except Exception as err: message = str(err) logger.error(message) res = False # Create message in Message Center mc_id = "00000000-0000-0000-0000-000000010033" if res is True else "00000000-0000-0000-0000-000000010031" additional_info = { "asset_id": asset_id, "sensor_id": sensor_id, "agent_id": agent_id, "asset_name": asset_name, "asset_ip": windows_ip, "sensor_ip": sensor_ip, "sensor_name": sensor_name, "agent_name": agent_name, "deploy_status": message } additional_info = json.dumps(additional_info) insert_current_status_message(mc_id, asset_id, "host", additional_info) return res, message
def make_system_backup(system_id, backup_type, rotate=True, retry=True, method="auto", backup_pass=""): """ Run backup_type for system_id :param system_id :param backup_type """ success, system_ip = get_system_ip_from_system_id(system_id) if not success: return False, system_ip # here system_ip contains an error msg additional_info = json.dumps({ 'system_id': system_id, 'system_ip': system_ip }) if not backup_pass or backup_pass == 'NULL': msg = 'Password for configuration backups was not set. Backups will be disabled...' notifier.warning(msg) insert_current_status_message("00000000-0000-0000-0000-000000010039", system_id, "system", additional_info=additional_info) return False, msg try: notifier.info("Running Backup [%s - %s]" % (system_ip, backup_type)) if retry: # This kind of backup is always auto. make_system_backup_by_system_ip_with_retry(system_ip, backup_type, backup_pass=backup_pass) else: make_system_backup_by_system_ip(system_ip, backup_type, method=method, backup_pass=backup_pass) except Exception as e: notifier.error("Backup fails [%s - %s]: %s" % (system_ip, backup_type, str(e))) # To do: Launch a Notification message success, result = insert_current_status_message( "00000000-0000-0000-0000-000000010018", system_id, "system", additional_info=additional_info) if not success: return False, str(result) + " " + str(e) else: return False, str(e) notifier.info("Backup successfully made [%s - %s]" % (system_ip, backup_type)) # To do: Launch a Notification message # Rotate if rotate: success, result = rotate_backups(system_id, backup_type, 10) if not success: notifier.warning("Error Rotating %s backups in %s" % (backup_type, system_id)) else: notifier.info("Backups rotated successfully") # Refresh cache try: get_backup_list(system_id=system_id, backup_type=backup_type, no_cache=True) except Exception as e: error_msg = "Error when trying to flush the cache after deleting backups: %s" % str( e) notifier.warning(error_msg) return True, None
def ossec_win_deploy(sensor_id, asset_id, windows_ip, windows_username, windows_password, windows_domain, agent_id=None): """ Deploy HIDS agent on a Windows System Args: sensor_id(str): Sensor ID asset_id(str): Asset ID windows_ip(str) : Deployment IP (where we are going to deploy the HIDS Agent) windows_username(str) : Windows Username windows_password(str) : Windows Password windows_domain(str) : Windows Domain agent_id(str) : Agent ID Returns: True if HIDS agent was properly deployed Raises: APICannotResolveAssetID APICannotCreateHIDSAgent APICannotGetHIDSAgentByAsset APICannotResolveSensorID APICannotDeployHIDSAgent APIInvalidDeploymentIP APIInvalidWindowsUsername APIInvalidWindowsPassword APIInvalidAgentID """ # Setting default values agent_name = None sensor_ip = None sensor_name = None asset_name = None try: # Validate deployment parameters if not is_valid_uuid(asset_id): raise APICannotResolveAssetID(asset_id) if not is_valid_ipv4(windows_ip): raise APIInvalidDeploymentIP(windows_ip) if not is_valid_windows_user(windows_username): raise APIInvalidWindowsUsername(windows_username) if not is_valid_user_password(windows_password): raise APIInvalidWindowsPassword() if agent_id and not is_valid_ossec_agent_id(agent_id): raise APIInvalidAgentID(agent_id) # Getting Sensor Information (success, sensor) = get_sensor_by_sensor_id(sensor_id) if not success: raise APICannotResolveSensorID(sensor_id) sensor_id = get_uuid_string_from_bytes(sensor.id) sensor_id = sensor_id.replace('-', '').upper() sensor_ip = get_ip_str_from_bytes(sensor.ip) sensor_name = sensor.name # Getting agent related to assets hids_agents = get_hids_agents_by_asset(asset_id, sensor_id) # Getting asset info asset_name = get_name_by_host_id(asset_id) if len(hids_agents) == 0: # Creating agent if doesn't exists agent_name = asset_name (success, data) = apimethod_ossec_add_new_agent(sensor_id, agent_name, windows_ip, asset_id) if not success: raise APICannotCreateHIDSAgent(agent_name, sensor_id) else: agent_id = data else: # Getting agent information if agent_id: agent_key = sensor_id + '#' + agent_id else: agent_key = hids_agents.keys().pop(0) if agent_key in hids_agents: agent_name = hids_agents[agent_key].get('name') agent_id = hids_agents[agent_key].get('id') else: raise APICannotGetHIDSAgentByAsset(asset_id) # Deploy HIDS Agent ansible_result = ansible_ossec_win_deploy(sensor_ip, agent_name, windows_ip, windows_username, windows_domain, windows_password) if ansible_result[sensor_ip]['unreachable'] == 0 and ansible_result[sensor_ip]['failures'] == 0: # No error, update agent status in database time.sleep(2) (success, data) = apimethod_ossec_get_agent_detail(sensor_id, agent_id) if success: agent_info = data[0].split(',') agent_status = agent_info[3] update_hids_agent_status(agent_id, sensor_id, agent_status) else: ans_last_error = "" if ansible_result[sensor_ip]['unreachable'] == 1: ans_last_error = "System is unreachable" elif 'msg' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['msg']!="": ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['msg'] elif 'stderr' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['stderr']!="": ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['stderr'] elif 'stdout' in ansible_result['alienvault']['lasterror'][sensor_ip] and ansible_result['alienvault']['lasterror'][sensor_ip]['stdout']!="": ans_last_error = ansible_result['alienvault']['lasterror'][sensor_ip]['stdout'] error_msg = 'HIDS Agent cannot be deployed. Reason: {0}'.format(ans_last_error) raise APICannotDeployHIDSAgent(error_msg) res = True message = 'HIDS agent successfully deployed' except APICannotDeployHIDSAgent as err: message = str(err) res = False except Exception as err: message = str(err) logger.error(message) res = False # Create message in Message Center mc_id = "00000000-0000-0000-0000-000000010033" if res is True else "00000000-0000-0000-0000-000000010031" additional_info = { "asset_id": asset_id, "sensor_id": sensor_id, "agent_id": agent_id, "asset_name": asset_name, "asset_ip": windows_ip, "sensor_ip": sensor_ip, "sensor_name": sensor_name, "agent_name": agent_name, "deploy_status": message } additional_info = json.dumps(additional_info) insert_current_status_message(mc_id, asset_id, "host", additional_info) return res, message
def make_system_backup(system_id, backup_type, rotate=True, retry=True, method="auto"): """ Run backup_type for system_id :param system_id :param backup_type """ success, system_ip = get_system_ip_from_system_id(system_id) if not success: return False try: notifier.info("Running Backup [%s - %s]" % (system_ip, backup_type)) if retry: make_system_backup_by_system_ip_with_retry( system_ip, backup_type) # This kind of backup is always auto. else: make_system_backup_by_system_ip(system_ip, backup_type, method=method) except Exception as e: notifier.warning("Backup fails " + "[%s - %s]: %s" % (system_ip, backup_type, str(e))) # To do: Launch a Notification message additional_info = {'system_id': system_id, 'system_ip': system_ip} additional_info = json.dumps(additional_info) success, result = insert_current_status_message( "00000000-0000-0000-0000-000000010018", system_id, "system", additional_info) if not success: return False, str(result) + " " + str(e) else: return False, str(e) notifier.info("Backup successfully made " + "[%s - %s]" % (system_ip, backup_type)) # To do: Launch a Notification message # Rotate if rotate: success, result = rotate_backups(system_id, backup_type, 10) if not success: notifier.warning("Error Rotating %s " % backup_type + "backups in %s" % (system_id)) else: notifier.info("Backups rotated successfully") # Refresh cache try: get_backup_list(system_id=system_id, backup_type=backup_type, no_cache=True) except Exception as e: error_msg = "Error when trying to flush the cache " \ "after deleting backups: %s" % str(e) notifier.warning(error_msg) return True, None
def make_system_backup(system_id, backup_type, rotate=True, retry=True, method="auto", backup_pass=""): """ Run backup_type for system_id :param system_id :param backup_type """ success, system_ip = get_system_ip_from_system_id(system_id) if not success: return False, system_ip # here system_ip contains an error msg additional_info = json.dumps({'system_id': system_id, 'system_ip': system_ip}) if not backup_pass or backup_pass == 'NULL': msg = 'Password for configuration backups was not set. Backups will be disabled...' notifier.warning(msg) insert_current_status_message("00000000-0000-0000-0000-000000010039", system_id, "system", additional_info=additional_info) return False, msg try: notifier.info("Running Backup [%s - %s]" % (system_ip, backup_type)) if retry: # This kind of backup is always auto. make_system_backup_by_system_ip_with_retry(system_ip, backup_type, backup_pass=backup_pass) else: make_system_backup_by_system_ip(system_ip, backup_type, method=method, backup_pass=backup_pass) except Exception as e: notifier.error("Backup fails [%s - %s]: %s" % (system_ip, backup_type, str(e))) # To do: Launch a Notification message success, result = insert_current_status_message("00000000-0000-0000-0000-000000010018", system_id, "system", additional_info=additional_info) if not success: return False, str(result) + " " + str(e) else: return False, str(e) notifier.info("Backup successfully made [%s - %s]" % (system_ip, backup_type)) # To do: Launch a Notification message # Rotate if rotate: success, result = rotate_backups(system_id, backup_type, 10) if not success: notifier.warning("Error Rotating %s backups in %s" % (backup_type, system_id)) else: notifier.info("Backups rotated successfully") # Refresh cache try: get_backup_list(system_id=system_id, backup_type=backup_type, no_cache=True) except Exception as e: error_msg = "Error when trying to flush the cache after deleting backups: %s" % str(e) notifier.warning(error_msg) return True, None