示例#1
0
def get_sensor_by_sensor_id(sensor_id):
    """Returns a Sensor object given a Sensor ID"""
    try:
        # Getting Sensor ID for local system
        if sensor_id.lower() == 'local':
            (success, system_id) = get_system_id_from_local()

            if not success:
                raise APICannotResolveLocalSystemID()

            (success, local_sensor_id) = get_sensor_id_from_system_id(system_id)

            if success and local_sensor_id:
                sensor_id = local_sensor_id

        if not is_valid_uuid(sensor_id):
            raise APICannotResolveSensorID(sensor_id)

        # Getting sensor information
        success = True
        sensor_id_bin = get_bytes_from_uuid(sensor_id.lower())
        data = db.session.query(Sensor).filter(Sensor.id == sensor_id_bin).one()
    except NoResultFound:
        success = False
        data = "No sensor found with the given ID"
    except MultipleResultsFound:
        success = False
        data = "More than one sensor found with the given ID"
    except Exception as ex:
        db.session.rollback()
        success = False
        data = "Something wrong happen while retrieving the sensor {0}".format(ex)

    return success, data
示例#2
0
    def start(self):
        """
            Start monitor
        """
        rt = True
        try:
            self.remove_monitor_data()
            logger.info("Monitor %s Working..." % self.monitor_id)
            rc, sensor_list = get_systems(system_type="Sensor")
            (success, version) = get_plugin_package_info_local()
            if not success:
                raise Exception(str(version))
            (success, local_version) = get_plugin_package_info_local()
            for (system_id, _) in sensor_list:
                (success, sensor_id) = get_sensor_id_from_system_id(system_id)
                #logger.info("INFO => " + str(sensor_id))
                if success:
                    if sensor_id == '':
                        logger.warning("Sensor (%s) ID not found" % sensor_id)
                        continue
                    (success,
                     info) = get_plugin_package_info_from_sensor_id(sensor_id)
                    if success:
                        if info['version'] != '':
                            data_sensor = {
                                'version':
                                info['version'],
                                'md5':
                                info['md5'],
                                'comparison':
                                compare_dpkg_version(info['version'],
                                                     local_version['version'])
                            }
                        else:
                            data_sensor = {
                                'version': info['version'],
                                'md5': info['md5'],
                                'comparison': ''
                            }
                        if not self.save_data(
                                sensor_id, ComponentTypes.SENSOR,
                                self.get_json_message(data_sensor)):
                            logger.error(
                                "Can't save monitor info for sensor '%s'" %
                                sensor_id)
                    else:
                        logger.warning(
                            "Can't obtain plugin version for sensor '%s'",
                            sensor_id)
                else:
                    logger.warning("Can't obtain sensor_id for system_id '%s'",
                                   system_id)

        except Exception, e:
            logger.error(
                "Something wrong happen while running the monitor..%s, %s" %
                (self.get_monitor_id(), str(e)))
            rt = False
示例#3
0
    def start(self):
        """ Starts the monitor activity
        """
        # Remove the previous monitor data.
        self.remove_monitor_data()

        # Iterate over the sensors.
        success, systems = get_systems(system_type="Sensor")

        if not success:
            logger.error("[MonitorUpdateHostPlugins] "
                         "Can't retrieve the system info: {0}".format(
                             str(systems)))
            return False

        assets = {}
        for (system_id, system_ip) in systems:
            success, sensor_id = get_sensor_id_from_system_id(system_id)
            if not success:
                logger.error(
                    "[MonitorUpdateHostPlugins] "
                    "Can't resolve senor_id of system {0}: {1}".format(
                        system_id, sensor_id))
                continue

            try:
                sensor_plugins = get_sensor_plugins_enabled_by_asset(
                    sensor_id=sensor_id, no_cache=True)
            except APIException as e:
                logger.error(
                    "[MonitorUpdateHostPlugins] "
                    "Can't obtain plugin information from system {0}: {1}".
                    format(system_id, str(e)))
                continue

            # Add asset plugin sids to assets list
            try:
                for asset, asset_plugins in sensor_plugins.iteritems():
                    if asset not in assets:
                        assets[asset] = []
                    assets[asset] += [
                        plugin['plugin_id']
                        for plugin in asset_plugins.values()
                    ]
            except KeyError as e:
                logger.warning(
                    "[MonitorUpdateHostPlugins] "
                    "Bad format in plugins enabled by asset: {0}".format(
                        str(e)))

        success, msg = update_host_plugins(data=assets)
        if not success:
            logger.error(
                "[MonitorUpdateHostPlugins] "
                "Can't update host plugin information: {0}".format(msg))
            return False

        return True
示例#4
0
def get_sensors():
    ret, sensor_data = get_systems_full(system_type='Sensor')
    if ret is True:
        sensor_list = []
        for sensor in sensor_data:
            ret, sensor_id = get_sensor_id_from_system_id(sensor[0])
            if ret:
                sensor_list.append((sensor_id, {'admin_ip': sensor[1]['admin_ip'],
                                                'hostname': sensor[1]['hostname'],
                                                'system_id': sensor[1]['uuid']}))

        return make_ok(sensors=dict(sensor_list))

    current_app.logger.error("sensor: get_sensors error: " + str(sensor_data))
    return make_error("Cannot retrieve sensors info", 500)
示例#5
0
    def start(self):
        """ Starts the monitor activity
        """
        # Remove the previous monitor data.
        self.remove_monitor_data()

        # Iterate over the sensors.
        success, systems = get_systems(system_type="Sensor")

        if not success:
            logger.error("[MonitorUpdateHostPlugins] "
                         "Can't retrieve the system info: {0}".format(str(systems)))
            return False

        assets = {}
        for (system_id, system_ip) in systems:
            success, sensor_id = get_sensor_id_from_system_id(system_id)
            if not success:
                logger.error("[MonitorUpdateHostPlugins] "
                             "Can't resolve senor_id of system {0}: {1}".format(system_id, sensor_id))
                continue

            try:
                sensor_plugins = get_sensor_plugins_enabled_by_asset(sensor_id=sensor_id,
                                                                     no_cache=True)
            except APIException as e:
                logger.error("[MonitorUpdateHostPlugins] "
                             "Can't obtain plugin information from system {0}: {1}".format(
                                 system_id, str(e)))
                continue

            # Add asset plugin sids to assets list
            try:
                for asset, asset_plugins in sensor_plugins.iteritems():
                    if asset not in assets:
                        assets[asset] = []
                    assets[asset] += [plugin['plugin_id'] for plugin in asset_plugins.values()]
            except KeyError as e:
                logger.warning("[MonitorUpdateHostPlugins] "
                               "Bad format in plugins enabled by asset: {0}".format(str(e)))

        success, msg = update_host_plugins(data=assets)
        if not success:
            logger.error("[MonitorUpdateHostPlugins] "
                         "Can't update host plugin information: {0}".format(msg))
            return False

        return True
示例#6
0
    def start(self):
        """ Starts the monitor activity """
        # Remove the previous monitor data.
        self.remove_monitor_data()

        # Iterate over the sensors.
        success, systems = get_systems(system_type="Sensor")

        if not success:
            logger.error("[MonitorEnabledPluginsLimit] Can't retrieve the system info: {0}".format(str(systems)))
            return False

        for (system_id, system_ip) in systems:
            success, sensor_id = get_sensor_id_from_system_id(system_id)
            if not success:
                logger.error("[MonitorEnabledPluginsLimit] "
                             "Can't resolve sensor_id of system {0}: {1}".format(system_id, sensor_id))
                continue

            try:
                sensor_plugins = get_sensor_plugins(sensor_id=sensor_id, no_cache=True)
                enabled_plugins = sensor_plugins.get('enabled', {})
                enabled_global_count = len(enabled_plugins.get('detectors', []))
                enabled_per_asset_count = len(list(chain.from_iterable(enabled_plugins.get('devices', {}).values())))
                enabled_total = enabled_global_count + enabled_per_asset_count

                # Temporal, should read it from from agent config (ansible method needed)
                warning_threshold = 85
                max_limit_threshold = 100

                monitor_data = {
                    'system_id': system_id,
                    'system_ip': system_ip,
                    'plugins_enabled_total': enabled_total,
                    'plugins_allowed_to_add': max_limit_threshold - enabled_total,
                    'limit_reached': enabled_total >= max_limit_threshold,
                    'warning_reached': (warning_threshold <= enabled_total) and (enabled_total < max_limit_threshold)
                }
                if not self.save_data(sensor_id, ComponentTypes.SENSOR, self.get_json_message(monitor_data)):
                    logger.error("[MonitorEnabledPluginsLimit] Cannot save monitor info")
            except APIException as e:
                logger.error("[MonitorEnabledPluginsLimit] "
                             "Can't obtain plugin information from system {0}: {1}".format(system_id, str(e)))
                continue

        return True
示例#7
0
def get_sensors():
    ret, sensor_data = get_systems_full(system_type='Sensor')
    if ret is True:
        sensor_list = []
        for sensor in sensor_data:
            ret, sensor_id = get_sensor_id_from_system_id(sensor[0])
            if ret:
                sensor_list.append((sensor_id, {
                    'admin_ip': sensor[1]['admin_ip'],
                    'hostname': sensor[1]['hostname'],
                    'system_id': sensor[1]['uuid']
                }))

        return make_ok(sensors=dict(sensor_list))

    current_app.logger.error("sensor: get_sensors error: " + str(sensor_data))
    return make_error("Cannot retrieve sensors info", 500)
示例#8
0
    def start(self):
        """
            Start monitor
        """
        rt = True
        try:
            self.remove_monitor_data()
            logger.info("Monitor %s Working..." % self.monitor_id)
            rc, sensor_list = get_systems(system_type="Sensor")
            (success, version) = get_plugin_package_info_local()
            if not success:
                raise Exception(str(version))
            (success, local_version) = get_plugin_package_info_local()
            for (system_id, _) in sensor_list:
                (success, sensor_id) = get_sensor_id_from_system_id(system_id)
                #logger.info("INFO => " + str(sensor_id))
                if success:
                    if sensor_id == '':
                        logger.warning("Sensor (%s) ID not found" % sensor_id)
                        continue
                    (success, info) = get_plugin_package_info_from_sensor_id(sensor_id)
                    if success:
                        if info['version'] != '':
                            data_sensor = {'version': info['version'],
                                           'md5': info['md5'],
                                           'comparison': compare_dpkg_version(info['version'], local_version['version'])}
                        else:
                            data_sensor = {'version': info['version'],
                                           'md5': info['md5'],
                                           'comparison': ''}
                        if not self.save_data(sensor_id, ComponentTypes.SENSOR, self.get_json_message(data_sensor)):
                            logger.error("Can't save monitor info for sensor '%s'" % sensor_id)
                    else:
                        logger.warning("Can't obtain plugin version for sensor '%s'", sensor_id)
                else:
                        logger.warning("Can't obtain sensor_id for system_id '%s'", system_id)

        except Exception, e:
            logger.error("Something wrong happen while running the monitor..%s, %s" % (self.get_monitor_id(),
                         str(e)))
            rt = False
示例#9
0
def get_sensor_by_sensor_id(sensor_id):
    """Returns a Sensor object given a Sensor ID"""
    try:
        # Getting Sensor ID for local system
        if sensor_id.lower() == 'local':
            (success, system_id) = get_system_id_from_local()

            if not success:
                raise APICannotResolveLocalSystemID()

            (success,
             local_sensor_id) = get_sensor_id_from_system_id(system_id)

            if success and local_sensor_id:
                sensor_id = local_sensor_id

        if not is_valid_uuid(sensor_id):
            raise APICannotResolveSensorID(sensor_id)

        # Getting sensor information
        success = True
        sensor_id_bin = get_bytes_from_uuid(sensor_id.lower())
        data = db.session.query(Sensor).filter(
            Sensor.id == sensor_id_bin).one()
    except NoResultFound:
        success = False
        data = "No sensor found with the given ID"
    except MultipleResultsFound:
        success = False
        data = "More than one sensor found with the given ID"
    except Exception as ex:
        db.session.rollback()
        success = False
        data = "Something wrong happen while retrieving the sensor {0}".format(
            ex)

    return success, data
示例#10
0
def apimethod_delete_system(system_id):
    success, local_system_id = get_system_id_from_local()

    if not success:
        error_msg = "Cannot retrieve the " + \
                    "local system id. %s" % str(local_system_id)
        return success, error_msg
    if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id):
        error_msg = "You're trying to remove the local system, " + \
                    "which it's not allowed"
        return False, error_msg

    (success, system_ip) = get_system_ip_from_system_id(system_id)
    if not success:
        error_msg = "Cannot retrieve the system ip " + \
                    "for the given system-id %s" % (str(system_ip))
        return success, error_msg

    # Check whether the remote system is reachable or not:
    try:
        remote_system_is_reachable = ping_system(system_id, no_cache=True)
    except APIException:
        remote_system_is_reachable = False

    # We need to take the sensor_id from the database before removing it from the db
    (success_f, sensor_id) = get_sensor_id_from_system_id(system_id)

    # 1 - Remove it from the database
    success, msg = db_remove_system(system_id)
    if not success:
        error_msg = "Cannot remove the system " + \
                    "from the database <%s>" % str(msg)
        return success, error_msg

    # 2 - Remove the firewall rules.
    if success_f:
        trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
                                            trigger="alienvault-del-sensor")
        if not trigger_success:
            api_log.error(msg)
    else:
        trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
                                            trigger="alienvault-del-server")
        if not trigger_success:
            api_log.error(msg)

    # 3 - Remove the remote certificates
    # success, msg = ansible_remove_certificates(system_ip)
    # if not success:
    #     return (success,
    #            "Error while removing the remote certificates: %s" % str(msg))
    # 4 - Remove the local certificates and keys
    success, local_ip = get_system_ip_from_local()
    if not success:
        error_msg = "Cannot retrieve the local ip " + \
                    "<%s>" % str(local_ip)
        return success, error_msg

    #Remove remote system certificates on the local system
    success, msg = ansible_remove_certificates(system_ip=local_ip,
                                               system_id_to_remove=system_id)
    if not success:
        return success, "Cannot remove the local certificates <%s>" % str(msg)

    # 5 - Remove it from the ansible inventory.
    try:
        aim = AnsibleInventoryManager()
        aim.delete_host(system_ip)
        aim.save_inventory()
        del aim
    except Exception as aim_error:
        error_msg = "Cannot remove the system from the " + \
                    "ansible inventory file " + \
                    "<%s>" % str(aim_error)
        return False, error_msg

    # 6 - Try to connect to the child and remove the parent
    # using it's server_id
    success, own_server_id = get_server_id_from_local()
    if not success:
        error_msg = "Cannot retrieve the server-id " + \
                    "from local <%s>" % str(msg)
        return success, error_msg

    if remote_system_is_reachable:
        success, msg = ansible_delete_parent_server(system_ip, own_server_id)
        if not success:
            error_msg = "Cannot delete parent server in child <%s>" % str(msg)
            return success, error_msg
        return True, ""

    msg = "The remote system is not reachable. " + \
          "We had not been able to remove the parent configuration"
    return True, msg
示例#11
0
def apimethod_delete_system(system_id):
    success, local_system_id = get_system_id_from_local()

    if not success:
        error_msg = "Cannot retrieve the " + \
                    "local system id. %s" % str(local_system_id)
        return success, error_msg
    if system_id == 'local' or get_hex_string_from_uuid(
            local_system_id) == get_hex_string_from_uuid(system_id):
        error_msg = "You're trying to remove the local system, " + \
                    "which it's not allowed"
        return False, error_msg

    (success, system_ip) = get_system_ip_from_system_id(system_id)
    if not success:
        error_msg = "Cannot retrieve the system ip " + \
                    "for the given system-id %s" % (str(system_ip))
        return success, error_msg

    # Check whether the remote system is reachable or not:
    try:
        remote_system_is_reachable = ping_system(system_id, no_cache=True)
    except APIException:
        remote_system_is_reachable = False

    # We need to take the sensor_id from the database before removing it from the db
    (success_f, sensor_id) = get_sensor_id_from_system_id(system_id)

    # 1 - Remove it from the database
    success, msg = db_remove_system(system_id)
    if not success:
        error_msg = "Cannot remove the system " + \
                    "from the database <%s>" % str(msg)
        return success, error_msg

    # 2 - Remove the firewall rules.
    if success_f:
        trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
                                            trigger="alienvault-del-sensor")
        if not trigger_success:
            api_log.error(msg)
    else:
        trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
                                            trigger="alienvault-del-server")
        if not trigger_success:
            api_log.error(msg)

    # 3 - Remove the remote certificates
    # success, msg = ansible_remove_certificates(system_ip)
    # if not success:
    #     return (success,
    #            "Error while removing the remote certificates: %s" % str(msg))
    # 4 - Remove the local certificates and keys
    success, local_ip = get_system_ip_from_local()
    if not success:
        error_msg = "Cannot retrieve the local ip " + \
                    "<%s>" % str(local_ip)
        return success, error_msg

    #Remove remote system certificates on the local system
    success, msg = ansible_remove_certificates(system_ip=local_ip,
                                               system_id_to_remove=system_id)
    if not success:
        return success, "Cannot remove the local certificates <%s>" % str(msg)

    # 5 - Remove it from the ansible inventory.
    try:
        aim = AnsibleInventoryManager()
        aim.delete_host(system_ip)
        aim.save_inventory()
        del aim
    except Exception as aim_error:
        error_msg = "Cannot remove the system from the " + \
                    "ansible inventory file " + \
                    "<%s>" % str(aim_error)
        return False, error_msg

    # 6 - Try to connect to the child and remove the parent
    # using it's server_id
    success, own_server_id = get_server_id_from_local()
    if not success:
        error_msg = "Cannot retrieve the server-id " + \
                    "from local <%s>" % str(msg)
        return success, error_msg

    if remote_system_is_reachable:
        success, msg = ansible_delete_parent_server(system_ip, own_server_id)
        if not success:
            error_msg = "Cannot delete parent server in child <%s>" % str(msg)
            return success, error_msg
        return True, ""

    msg = "The remote system is not reachable. " + \
          "We had not been able to remove the parent configuration"
    return True, msg
示例#12
0
    def start(self):
        """ Starts the monitor activity """
        # Remove the previous monitor data.
        self.remove_monitor_data()

        # Iterate over the sensors.
        success, systems = get_systems(system_type="Sensor")

        if not success:
            logger.error(
                "[MonitorEnabledPluginsLimit] Can't retrieve the system info: {0}"
                .format(str(systems)))
            return False

        for (system_id, system_ip) in systems:
            success, sensor_id = get_sensor_id_from_system_id(system_id)
            if not success:
                logger.error(
                    "[MonitorEnabledPluginsLimit] "
                    "Can't resolve sensor_id of system {0}: {1}".format(
                        system_id, sensor_id))
                continue

            try:
                sensor_plugins = get_sensor_plugins(sensor_id=sensor_id,
                                                    no_cache=True)
                enabled_plugins = sensor_plugins.get('enabled', {})
                enabled_global_count = len(enabled_plugins.get(
                    'detectors', []))
                enabled_per_asset_count = len(
                    list(
                        chain.from_iterable(
                            enabled_plugins.get('devices', {}).values())))
                enabled_total = enabled_global_count + enabled_per_asset_count

                # Temporal, should read it from from agent config (ansible method needed)
                warning_threshold = 85
                max_limit_threshold = 100

                monitor_data = {
                    'system_id':
                    system_id,
                    'system_ip':
                    system_ip,
                    'plugins_enabled_total':
                    enabled_total,
                    'plugins_allowed_to_add':
                    max_limit_threshold - enabled_total,
                    'limit_reached':
                    enabled_total >= max_limit_threshold,
                    'warning_reached': (warning_threshold <= enabled_total)
                    and (enabled_total < max_limit_threshold)
                }
                if not self.save_data(sensor_id, ComponentTypes.SENSOR,
                                      self.get_json_message(monitor_data)):
                    logger.error(
                        "[MonitorEnabledPluginsLimit] Cannot save monitor info"
                    )
            except APIException as e:
                logger.error(
                    "[MonitorEnabledPluginsLimit] "
                    "Can't obtain plugin information from system {0}: {1}".
                    format(system_id, str(e)))
                continue

        return True