def get_plugin_sids_package(system_id, md5):
"""
Check the :system_id: system if its alienvault-plugin-sids
package has md5 sum of :md5:. Download the package from remote system.
check if not reconfig / update is running. Install package
"""
# First, check remote md5
rt = False
emsg = ''
try:
result, info = get_plugin_package_info_from_system_id(system_id)
if not result:
raise Exception("Can't obtain alienvault-plugin-sid info for system %s : %s" % (system_id, str(info)))
if info['md5'] != md5:
raise Exception("md5 provided doesn't match with stored md5")
# Use ansible to download file to temp directory
result, ipremote = get_system_ip_from_system_id(system_id)
if not result:
raise Exception("Can't obtain remote system ip")
result, iplocal = get_system_ip_from_local()
if not result:
raise Exception("Can't obtain local system ip")
result, idlocal = get_system_id_from_local()
if not result:
raise Exception("Can't obtain local system id")
# Create a temp file
temp = NamedTemporaryFile(delete=True)
tempname = temp.name
plugin_package = "alienvault-plugin-sids_" + info['version'] + "_all.deb"
remote_path = "/var/cache/apt/archives"
result, emsg = fetch_if_changed(ipremote,
os.path.join(remote_path, plugin_package),
iplocal,
tempname)
if not result:
raise Exception("Can't copy remote from %s file name %s Error: %s" % (ipremote, os.path.join(remote_path, plugin_package), emsg))
shutil.copy(tempname, remote_path)
# Atomic rename
os.rename(os.path.join(remote_path, os.path.basename(tempname)),
os.path.join(remote_path, plugin_package))
# Check if we're not updaing / configuring
result, status = check_update_and_reconfig_status(idlocal)
if not result:
raise Exception("Can't check current status reconfig / update")
if status['alienvault-update']['job_status'] == 'running':
raise Exception("alienvault-update running")
if status['alienvault-reconfig']['job_status'] == 'running':
raise Exception("alienvault-reconfig running")
if status['ossim-reconfig']['job_status'] == 'running':
raise Exception("ossim-reconfig running")
# Okey, install package
result, status = install_debian_package([iplocal], os.path.join(remote_path, plugin_package))
if not result:
raise Exception("Can't install %s" % os.path.join(remote_path, plugin_package))
rt = True
emsg = ''
except Exception as excep:
emsg = str(excep)
rt = False
return (rt, emsg)
def get_server_ip_from_server_id(server_id, output='str', local_loopback=True):
"""
Return the ip of a server using the server_id
"""
try:
if server_id.lower() == 'local':
if AVOssimSetupConfigHandler.PROFILE_NAME_SERVER not in ossim_setup.get_general_profile_list():
return (False, "Local system is not a server")
(success, server_ip) = get_system_ip_from_local(output='bin', local_loopback=local_loopback)
if not success:
return (success, server_ip)
else:
server_id_bin = get_bytes_from_uuid(server_id.lower())
system = db.session.query(System).filter(System.server_id == server_id_bin).first()
if system:
if system.ha_ip:
server_ip = system.ha_ip
elif system.vpn_ip:
server_ip = system.vpn_ip
else:
server_ip = system.admin_ip
else:
return (False, "No server ip address found with server id '%s'" % str(server_id))
except Exception, msg:
return (False, "Error captured while querying for server id '%s': %s" % (str(server_id), str(msg)))
def ossec_put_server_config(sensor_id):
(success, system_ip) = get_sensor_ip_from_sensor_id(sensor_id)
if not success:
return False, "Invalid sensor id %s" % sensor_id
success, ossec_directory = get_ossec_directory(sensor_id)
if not success:
api_log.error(str(ossec_directory))
return False, ossec_directory
server_config_file = os.path.join(ossec_directory, OSSEC_CONFIG_SERVER_FILE_NAME)
success, local_system_ip = get_system_ip_from_local(local_loopback=False)
if not success:
api_log.error(str(local_system_ip))
return False, "Error getting the local system ip"
# Sanity Check of the file
success, msg = ossec_verify_server_config_file(local_system_ip, server_config_file)
if not success:
api_log.error(str(msg))
return False, "Error verifiying the ossec server configuration file\n%s" % msg
success, msg = copy_file(host_list=[system_ip],
args="src=%s dest=%s owner=root group=ossec mode=644" % (server_config_file, OSSEC_CONFIG_SERVER_PATH))
if not success:
api_log.error(str(msg))
return False, "Error setting the HIDS server configuration file"
return True, ''
def get_server_ip_from_server_id(server_id, output='str', local_loopback=True):
"""
Return the ip of a server using the server_id
"""
try:
if server_id.lower() == 'local':
if AVOssimSetupConfigHandler.PROFILE_NAME_SERVER not in ossim_setup.get_general_profile_list():
return (False, "Local system is not a server")
(success, server_ip) = get_system_ip_from_local(output='bin', local_loopback=local_loopback)
if not success:
return (success, server_ip)
else:
server_id_bin = get_bytes_from_uuid(server_id.lower())
system = db.session.query(System).filter(System.server_id == server_id_bin).first()
if system:
if system.ha_ip:
server_ip = system.ha_ip
elif system.vpn_ip:
server_ip = system.vpn_ip
else:
server_ip = system.admin_ip
else:
return (False, "No server ip address found with server id '%s'" % str(server_id))
except Exception, msg:
db.session.rollback()
return (False, "Error captured while querying for server id '%s': %s" % (str(server_id), str(msg)))
def get_sensor_ip_from_sensor_id(sensor_id, output='str', local_loopback=True):
try:
if sensor_id.lower() == 'local':
if AVOssimSetupConfigHandler.PROFILE_NAME_SENSOR not in ossim_setup.get_general_profile_list(
):
return False, "Local system is not a sensor"
(success, sensor_ip) = get_system_ip_from_local(
output='bin', local_loopback=local_loopback)
if not success:
return success, sensor_ip
else:
sensor_id_bin = get_bytes_from_uuid(sensor_id.lower())
system = db.session.query(System).filter(
System.sensor_id == sensor_id_bin).first()
if system:
if system.ha_ip:
sensor_ip = system.ha_ip
elif system.vpn_ip:
sensor_ip = system.vpn_ip
else:
sensor_ip = system.admin_ip
else:
return (False, "No system found with id '%s'" % str(sensor_id))
except Exception, msg:
return (False, "Error captured while querying for system id '%s': %s" %
(str(sensor_id), str(msg)))
def get_plugin_sids_package(system_id, md5):
"""
Check the :system_id: system if its alienvault-plugin-sids
package has md5 sum of :md5:. Download the package from remote system.
check if not reconfig / update is running. Install package
"""
# First, check remote md5
rt = False
emsg = ''
try:
result, info = get_plugin_package_info_from_system_id(system_id)
if not result:
raise Exception("Can't obtain alienvault-plugin-sid info for system %s : %s" % (system_id, str(info)))
if info['md5'] != md5:
raise Exception("md5 provided doesn't match with stored md5")
# Use ansible to download file to temp directory
result, ipremote = get_system_ip_from_system_id(system_id)
if not result:
raise Exception("Can't obtain remote system ip")
result, iplocal = get_system_ip_from_local()
if not result:
raise Exception("Can't obtain local system ip")
result, idlocal = get_system_id_from_local()
if not result:
raise Exception("Can't obtain local system id")
# Create a temp file
temp = NamedTemporaryFile(delete=True)
tempname = temp.name
plugin_package = "alienvault-plugin-sids_" + info['version'] + "_all.deb"
remote_path = "/var/cache/apt/archives"
result, emsg = fetch_if_changed(ipremote,
os.path.join(remote_path, plugin_package),
iplocal,
tempname)
if not result:
raise Exception("Can't copy remote from %s file name %s Error: %s" % (ipremote, os.path.join(remote_path, plugin_package), emsg))
shutil.copy(tempname, remote_path)
# Atomic rename
os.rename(os.path.join(remote_path, os.path.basename(tempname)),
os.path.join(remote_path, plugin_package))
# Check if we're not updaing / configuring
result, status = check_update_and_reconfig_status(idlocal)
if not result:
raise Exception("Can't check current status reconfig / update")
if status['alienvault-update']['job_status'] == 'running':
raise Exception("alienvault-update running")
if status['alienvault-reconfig']['job_status'] == 'running':
raise Exception("alienvault-reconfig running")
if status['ossim-reconfig']['job_status'] == 'running':
raise Exception("ossim-reconfig running")
# Okey, install package
result, status = install_debian_package([iplocal], os.path.join(remote_path, plugin_package))
if not result:
raise Exception("Can't install %s" % os.path.join(remote_path, plugin_package))
rt = True
emsg = ''
except Exception as excep:
emsg = str(excep)
rt = False
return (rt, emsg)
def start(self):
""" Starts the monitor activity
"""
rt = True
self.remove_monitor_data()
# Load all system from current_local
logger.info("Checking for pending updates")
result, systems = get_systems()
if not result:
logger.error("Can't retrieve the system info: %s" % str(systems))
return False
pending_updates = False
for (system_id, system_ip) in systems:
(success, info) = apimethod_get_update_info(system_id)
if success:
try:
sys_pending_updates = info['pending_updates']
pending_updates = pending_updates or sys_pending_updates
logger.info("Pending Updates for system %s (%s): %s" %
(system_id, system_ip, sys_pending_updates))
monitor_data = {"pending_updates": sys_pending_updates}
self.save_data(system_id, ComponentTypes.SYSTEM,
self.get_json_message(monitor_data))
except Exception as e:
logger.error("[MonitorPendingUpdates] Error: %s" % str(e))
rt = False
break
else:
logger.error("MonitorPendingUpdates: %s" % info)
rt = False
break
if pending_updates:
success, local_ip = get_system_ip_from_local()
if not success:
logger.error(
"[MonitorPendingUpdates] Unable to get local IP: %s" %
local_ip)
return False
success, is_pro = get_is_professional(local_ip)
if success and is_pro:
success, is_trial = system_is_trial('local')
if success and is_trial:
logger.info(
"[MonitorPendingUpdates] Trial version. Skipping download of release info file"
)
return rt
success, msg = ansible_download_release_info(local_ip)
if not success:
logger.error(
"[MonitorPendingUpdates] Unable to retrieve release info file: %s"
% msg)
return False
return rt
def launch_compliance_procedure():
"""
Task to run compliance procedure
"""
success, system_ip = get_system_ip_from_local()
if not success:
return False, "[launch_compliance_procedure] Error obtaining local IP"
rc, msg = ansible_launch_compliance_procedure(system_ip)
return (rc, msg)
def launch_compliance_procedure():
"""
Task to run compliance procedure
"""
success, system_ip = get_system_ip_from_local()
if not success:
return False, "[launch_compliance_procedure] Error obtaining local IP"
rc, msg = ansible_launch_compliance_procedure(system_ip)
return (rc, msg)
def start(self):
""" Starts the monitor activity
"""
rt = True
self.remove_monitor_data()
# Load all system from current_local
logger.info("Checking for pending updates")
result, systems = get_systems()
if not result:
logger.error("Can't retrieve the system info: %s" % str(systems))
return False
pending_updates = False
for (system_id, system_ip) in systems:
(success, info) = apimethod_get_update_info(system_id)
if success:
try:
sys_pending_updates = info['pending_updates']
pending_updates = pending_updates or sys_pending_updates
logger.info("Pending Updates for system %s (%s): %s" % (system_id, system_ip, sys_pending_updates))
monitor_data = {"pending_updates": sys_pending_updates}
self.save_data(system_id, ComponentTypes.SYSTEM, self.get_json_message(monitor_data))
except Exception as e:
logger.error("[MonitorPendingUpdates] Error: %s" % str(e))
rt = False
break
else:
logger.error("MonitorPendingUpdates: %s" % info)
rt = False
break
if pending_updates:
success, local_ip = get_system_ip_from_local()
if not success:
logger.error("[MonitorPendingUpdates] Unable to get local IP: %s" % local_ip)
return False
success, is_pro = get_is_professional(local_ip)
if success and is_pro:
success, is_trial = system_is_trial('local')
if success and is_trial:
logger.info("[MonitorPendingUpdates] Trial version. Skipping download of release info file")
return rt
success, msg = ansible_download_release_info(local_ip)
if not success:
logger.error("[MonitorPendingUpdates] Unable to retrieve release info file: %s" % msg)
return False
return rt
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
return success, "Error: Can not retrieve the local system id. %s" %str(local_system_id)
if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id):
return False, "Error: You're trying to remove the local system, which it's not allowed"
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
return success, "Error retrieving the system ip for the system id %s -> %s" % (system_ip, str(system_ip))
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
return success, "Error while removing the system from the database: %s" % str(msg)
# 2 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return success, "Error while removing the remote certificates: %s" % str(msg)
# 3 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Error while getting the local ip: %s" % str(local_ip)
success, msg = ansible_remove_certificates(system_ip=local_ip, system_id_to_remove=system_id)
if not success:
return success, "Error while removing the local certificates: %s" % str(msg)
# 4 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
return False, "An error occurred while removing the system from the ansible inventory file: %s" % str(aim_error)
# 5 - Try to connect to the child and remove the parent using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
return success, "Error while retrieving server_id from local: %s" % str(msg)
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
return success, "Error while deleting parent server in child: %s" % str(msg)
return True, ""
def make_backup(bk_type):
"""Make the backup and return the result"""
current_tries = 0 # Current try.
all_backups_ok = True
result, systems = get_systems('Sensor')
if not result:
notifier.error("An error occurred while making the Backup [%s]. Cant' retrieve the systems " % bk_type)
return False
result, local_system_ip = get_system_ip_from_local(local_loopback=False)
if not result:
notifier.error("An error occurred while making the Backup [%s]. Cant' retrieve the systems " % bk_type)
return False
system_ips = [x[1] for x in systems]
if local_system_ip not in system_ips:
system_ips.append(local_system_ip)
for system_ip in system_ips:
backup_error = ""
backup_made = False
current_tries = 0
while current_tries < MAX_TRIES:
try:
data = run_backup(target=system_ip, backup_type=bk_type)
if data[system_ip]['failures'] > 0 or data[system_ip]['unreachable'] > 0:
backup_error = "Backup (%s) Error %s" % (bk_type, data)
else:
notifier.info("Backup successfully made [%s - %s] " % (system_ip,bk_type))
backup_made = True
current_tries=MAX_TRIES+1
except Exception as e:
backup_error = "An exception occurred while making the Backup(%s) %s" % (bk_type,str( e))
notifier.error("An exception occurred while making the Backup [%s - %s]" % (system_ip,bk_type))
finally:
current_tries+=1
if not backup_made:
all_backups_ok = False
notifier.error("Backup(%s) Fails: %s" % (bk_type,backup_error))
#TODO: It should throw an alarm
# Don't launch the clean logger if backup fails
if all_backups_ok:
if not clean_logger():
notifier.error("An error occurred while cleaning the logger logs.")
return all_backups_ok
def apimethod_get_pending_packges(system_id, no_cache=False):
"""Retrieves the available updates for the given system_id
and the release_info file
Args:
system_id(str): The system id of which we want to know
if it has available updates
Returns:
(success,data): success=True when the operation when ok,
otherwise success=False.
On success data will contain a json object
with the updates information.
"""
success, data = apimethod_get_update_info(system_id, no_cache=no_cache)
if not success:
return success, data
available_updates = data['available_updates']
if available_updates:
# Check for release info file
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "[apimethod_get_pending_packges] " + \
"Unable to get local IP: %s" % local_ip
api_log.error(error_msg)
return False, available_updates
success, is_pro = get_is_professional(local_ip)
if success and is_pro:
success, is_trial = system_is_trial(system_id='local')
if success and is_trial:
info_msg = "[apimethod_get_pending_packges] " + \
"Trial version. Skipping download release info file"
api_log.info(info_msg)
return True, available_updates
success, msg = ansible_download_release_info(local_ip)
if not success:
error_msg = "[apimethod_get_pending_packges] " + \
"Unable to retrieve release info file: %s" % msg
api_log.error(error_msg)
return True, available_updates
def apimethod_get_pending_packges(system_id, no_cache=False):
"""Retrieves the available updates for the given system_id
and the release_info file
Args:
system_id(str): The system id of which we want to know
if it has available updates
Returns:
(success,data): success=True when the operation when ok,
otherwise success=False.
On success data will contain a json object
with the updates information.
"""
success, data = apimethod_get_update_info(system_id, no_cache=no_cache)
if not success:
return success, data
available_updates = data['available_updates']
if available_updates:
# Check for release info file
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "[apimethod_get_pending_packges] " + \
"Unable to get local IP: %s" % local_ip
api_log.error(error_msg)
return False, available_updates
success, is_pro = get_is_professional(local_ip)
if success and is_pro:
success, is_trial = system_is_trial(system_id='local')
if success and is_trial:
info_msg = "[apimethod_get_pending_packges] " + \
"Trial version. Skipping download release info file"
api_log.info(info_msg)
return True, available_updates
success, msg = ansible_download_release_info(local_ip)
if not success:
error_msg = "[apimethod_get_pending_packges] " + \
"Unable to retrieve release info file: %s" % msg
api_log.error(error_msg)
return True, available_updates
def start(self):
""" Starts the monitor activity
"""
#Remove the previous monitor data.
self.remove_monitor_data()
success, local_ip = get_system_ip_from_local(local_loopback=False)
if not success:
logger.error("Cannot retrieve local system IP: %s" % str(local_ip))
return False
# Check if this is professional or not.
success, is_pro = get_is_professional(local_ip)
if not (success and is_pro):
return True
# Iterate over the sensors.
result, systems = get_systems(system_type="Sensor")
if not result:
logger.error("Can't retrieve the system info: %s" % str(systems))
return False
for (system_id, system_ip) in systems:
(success, info) = check_plugin_integrity(system_id)
if success:
try:
#Create the JSON data to store the monitor info
monitor_data = info
#Save the data to the monitor_data table
self.save_data(system_id, ComponentTypes.SENSOR,
self.get_json_message(monitor_data))
except Exception as e:
logger.error("[MonitorPluginIntegrity] Error: %s" % str(e))
else:
logger.error(
"Can't obtain integrity plugin information from system '%s'",
system_id)
return True
def start(self):
""" Starts the monitor activity
"""
#Remove the previous monitor data.
self.remove_monitor_data()
success, local_ip = get_system_ip_from_local(local_loopback=False)
if not success:
logger.error("Cannot retrieve local system IP: %s" % str(local_ip))
return False
# Check if this is professional or not.
success, is_pro = get_is_professional(local_ip)
if not (success and is_pro):
return True
# Iterate over the sensors.
result, systems = get_systems(system_type="Sensor")
if not result:
logger.error("Can't retrieve the system info: %s" % str(systems))
return False
for (system_id, system_ip) in systems:
(success, info) = check_plugin_integrity(system_id)
if success:
try:
#Create the JSON data to store the monitor info
monitor_data = info
#Save the data to the monitor_data table
self.save_data(system_id, ComponentTypes.SENSOR, self.get_json_message(monitor_data))
except Exception as e:
logger.error("[MonitorPluginIntegrity] Error: %s" % str(e))
else:
logger.error("Can't obtain integrity plugin information from system '%s'", system_id)
return True
def get_sensor_ip_from_sensor_id(sensor_id, output="str", local_loopback=True):
try:
if sensor_id.lower() == "local":
if AVOssimSetupConfigHandler.PROFILE_NAME_SENSOR not in ossim_setup.get_general_profile_list():
return False, "Local system is not a sensor"
(success, sensor_ip) = get_system_ip_from_local(output="bin", local_loopback=local_loopback)
if not success:
return success, sensor_ip
else:
sensor_id_bin = get_bytes_from_uuid(sensor_id.lower())
system = db.session.query(System).filter(System.sensor_id == sensor_id_bin).first()
if system:
if system.ha_ip:
sensor_ip = system.ha_ip
elif system.vpn_ip:
sensor_ip = system.vpn_ip
else:
sensor_ip = system.admin_ip
else:
return (False, "No system found with id '%s'" % str(sensor_id))
except Exception, msg:
return (False, "Error captured while querying for system id '%s': %s" % (str(sensor_id), str(msg)))
def make_tunnel_with_vpn(system_ip, password):
"""Build the VPN tunnel with the given node"""
if not is_valid_ipv4(system_ip):
return False, "Invalid system ip: %s" % str(system_ip)
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Error while retrieving " + \
"server_id from local: %s" % str(own_server_id)
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Cannot retrieve the local ip <%s>" % str(local_ip)
success, data = ansible_make_tunnel_with_vpn(
system_ip=system_ip,
local_server_id=get_hex_string_from_uuid(own_server_id),
password=password)
if not success:
return success, data
print "Set VPN IP on the system table"
new_node_vpn_ip = data['client_end_point1']
if new_node_vpn_ip is None:
return False, "Cannot retrieve the new node VPN IP"
print "New Node VPN IP %s" % new_node_vpn_ip
success, data = get_system_id_from_system_ip(system_ip)
if success: # If the system is not on the system table is doesn't matter
success, data = set_system_vpn_ip(data, new_node_vpn_ip)
if not success:
return False, "Cannot set the new node vpn ip on the system table"
flush_cache(namespace="support_tunnel")
# Restart frameworkd
print "Restarting ossim-framework"
success, data = ansible_restart_frameworkd(system_ip=local_ip)
if not success:
print "Restarting %s ossim-framework failed (%s)" % (local_ip, data)
return True, "VPN node successfully connected."
def make_tunnel_with_vpn(system_ip, password):
"""Build the VPN tunnel with the given node"""
if not is_valid_ipv4(system_ip):
return False, "Invalid system ip: %s" % str(system_ip)
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Error while retrieving " + \
"server_id from local: %s" % str(own_server_id)
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
return success, "Cannot retrieve the local ip <%s>" % str(local_ip)
success, data = ansible_make_tunnel_with_vpn(system_ip=system_ip,
local_server_id=get_hex_string_from_uuid(own_server_id),
password=password)
if not success:
return success, data
print "Set VPN IP on the system table"
new_node_vpn_ip = data['client_end_point1']
if new_node_vpn_ip is None:
return False, "Cannot retrieve the new node VPN IP"
print "New Node VPN IP %s" % new_node_vpn_ip
success, data = get_system_id_from_system_ip(system_ip)
if success: # If the system is not on the system table is doesn't matter
success, data = set_system_vpn_ip(data, new_node_vpn_ip)
if not success:
return False, "Cannot set the new node vpn ip on the system table"
flush_cache(namespace="support_tunnel")
# Restart frameworkd
print "Restarting ossim-framework"
success, data = ansible_restart_frameworkd(system_ip=local_ip)
if not success:
print "Restarting %s ossim-framework failed (%s)" % (local_ip, data)
return True, "VPN node successfully connected."
def sync_database_from_child(system_id):
"""
Check SQL sync file in system_id and if it differs from the local one,
get it and add to local database
Then, check if we have to propagate changes upwards
and generate sync.sql if so
"""
# Get remote and local IPs
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "[Apimethod sync_database_from_child] " + \
"Error retrieving the system ip for the system id " + \
"%s -> %s" % (system_ip, str(system_ip))
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "[Apimethod sync_database_from_child] " + \
"Error while getting the local ip: %s" % str(local_ip)
return success, error_msg
# SQL file changed. Get it, check md5 and apply
# Get MD5SUM file for the SQL file
remote_md5file_path = "/var/lib/alienvault-center/db/sync.md5"
local_md5file_path = "%s" % get_base_path_from_system_id(system_id) + \
"/sync_%s.md5" % system_id
(retrieved, msg) = rsync_pull(system_ip,
remote_md5file_path,
local_ip,
local_md5file_path)
if not retrieved and 'already in sync' not in msg:
return False, "[Apimethod sync_database_from_child] %s" % msg
# Check SQL file MD5
local_file_path = "%s" % get_base_path_from_system_id(system_id) + \
"/sync_%s.sql" % system_id
with open(local_md5file_path) as m:
md5_read = m.readline()
p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE)
md5_calc, err = p.communicate()
if err:
return False, "[Apimethod sync_database_from_child] %s" % err
if str(md5_read.rstrip('\n')) in str(md5_calc):
return True, "[Apimethod sync_database_from_child] SQL already synced"
# Get remote sync file if changed
remote_file_path = "/var/lib/alienvault-center/db/sync.sql"
(retrieved, msg) = rsync_pull(system_ip,
remote_file_path,
local_ip,
local_file_path)
if not retrieved:
if 'already in sync' in msg:
true_msg = "[Apimethod sync_database_from_child] " + \
"Databases already in sync"
return True, true_msg
else:
false_msg = "[Apimethod sync_database_from_child] " + \
"%s" % msg
return False, false_msg
# Check SQL file MD5
p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE)
md5_calc, err = p.communicate()
if err:
return False, "[Apimethod sync_database_from_child] %s" % err
if not str(md5_read.rstrip('\n')) in str(md5_calc):
error_msg = "[Apimethod sync_database_from_child] " + \
"Corrupt or incomplete SQL file (bad md5sum)"
return False, error_msg
# SQL file OK. Apply
with open(local_file_path) as f:
if call(['/usr/bin/ossim-db'], stdin=f):
error_msg = "[Apimethod sync_database_from_child] " + \
"Error applying SQL file to ossim-db"
return False, error_msg
else:
info_msg = "[Apimethod sync_database_from_child] " + \
"SQL applied successfully"
api_log.info(info_msg)
# Check first line of sync.sql file for mySQL restart option
f.seek(0, 0)
restart_db = "RESTART OSSIM-SERVER" in f.readline()
# Restart SQL server if needed
if restart_db:
try:
restart_ossim_server(local_ip)
except Exception, err:
error_msg = "An error occurred while restarting " + \
"MySQL server: %s" % str(err)
return False, error_msg
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Cannot retrieve the " + \
"local system id. %s" % str(local_system_id)
return success, error_msg
if system_id == 'local' or get_hex_string_from_uuid(local_system_id) == get_hex_string_from_uuid(system_id):
error_msg = "You're trying to remove the local system, " + \
"which it's not allowed"
return False, error_msg
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "Cannot retrieve the system ip " + \
"for the given system-id %s" % (str(system_ip))
return success, error_msg
# Check whether the remote system is reachable or not:
try:
remote_system_is_reachable = ping_system(system_id, no_cache=True)
except APIException:
remote_system_is_reachable = False
# We need to take the sensor_id from the database before removing it from the db
(success_f, sensor_id) = get_sensor_id_from_system_id(system_id)
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
error_msg = "Cannot remove the system " + \
"from the database <%s>" % str(msg)
return success, error_msg
# 2 - Remove the firewall rules.
if success_f:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-sensor")
if not trigger_success:
api_log.error(msg)
else:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-server")
if not trigger_success:
api_log.error(msg)
# 3 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return (success,
# "Error while removing the remote certificates: %s" % str(msg))
# 4 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "Cannot retrieve the local ip " + \
"<%s>" % str(local_ip)
return success, error_msg
#Remove remote system certificates on the local system
success, msg = ansible_remove_certificates(system_ip=local_ip,
system_id_to_remove=system_id)
if not success:
return success, "Cannot remove the local certificates <%s>" % str(msg)
# 5 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
error_msg = "Cannot remove the system from the " + \
"ansible inventory file " + \
"<%s>" % str(aim_error)
return False, error_msg
# 6 - Try to connect to the child and remove the parent
# using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Cannot retrieve the server-id " + \
"from local <%s>" % str(msg)
return success, error_msg
if remote_system_is_reachable:
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
error_msg = "Cannot delete parent server in child <%s>" % str(msg)
return success, error_msg
return True, ""
msg = "The remote system is not reachable. " + \
"We had not been able to remove the parent configuration"
return True, msg
def sync_asec_plugins(plugin=None, enable=True):
"""
Send the ASEC generated plugins to the system sensors and enable them
Args:
plugin: plugin name
enable: wether we should enable the plugin or not. Default = True
Returns:
success (bool):
msg (str): Success message/Error info
"""
if not plugin:
return False, "No plugin to sync"
try:
plugin_path = "/var/lib/asec/plugins/" + plugin + ".cfg"
sql_path = plugin_path + ".sql"
sensors = []
(success, sensors) = get_systems(system_type='sensor')
if not success:
return False, "Unable to get sensors list: %s" % sensors
# Bug in ansible copy module prevents us from copying the files from
# /var/lib/asec/plugins as it has permissions 0 for "other"
# Workaround: make a local copy using ansible command module
plugin_tmp_path = "/tmp/" + plugin + ".cfg"
sql_tmp_path = plugin_tmp_path + ".sql"
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make get local IP: %s" % local_ip
return False, error_msg
(success, msg) = local_copy_file(local_ip,
plugin_path,
plugin_tmp_path)
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make temp copy of plugin file: %s" % msg
return False, error_msg
(success, msg) = local_copy_file(local_ip, sql_path, sql_tmp_path)
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make temp copy of sql file: %s" % msg
return False, error_msg
all_ok = True
for (sensor_id, sensor_ip) in sensors:
(success, msg) = ansible_install_plugin(sensor_ip,
plugin_tmp_path,
sql_tmp_path)
if success and enable:
# Get list of active plugins and add the new one.
# Then send the list back to the sensor?
(success, data) = get_sensor_detectors(sensor_ip)
if success:
data['sensor_detectors'].append(plugin)
sensor_det = ','.join(data['sensor_detectors'])
(success, msg) = set_sensor_detectors(sensor_ip,
sensor_det)
if not success:
error_msg = "[sync_asec_plugins] " + \
"Error enabling plugin %s " % plugin + \
"for sensor %s: %s" % (sensor_ip, msg)
api_log.error(error_msg)
all_ok = False
else:
# Now launch reconfig task
job = alienvault_reconfigure.delay(sensor_ip)
else:
error_msg = "[sync_asec_plugins] " + \
"Error installing plugin %s " % plugin + \
"in sensor %s: %s" % (sensor_ip, msg)
api_log.error(error_msg)
all_ok = False
# Delete temporal copies of the files
remove_file([local_ip], plugin_tmp_path)
remove_file([local_ip], sql_tmp_path)
if not all_ok:
error_msg = "Plugin %s installation failed " % plugin + \
"for some sensors"
return False, error_msg
info_msg = "Plugin %s installed. Enabled = %s" % (plugin, str(enable))
return True, info_msg
except Exception as e:
api_log.error("[sync_asec_plugins] Exception catched: %s" % str(e))
return False, "[sync_asec_plugins] Unknown error"
def sync_asec_plugins(plugin=None, enable=True):
"""
Send the ASEC generated plugins to the system sensors and enable them
Args:
plugin: plugin name
enable: wether we should enable the plugin or not. Default = True
Returns:
success (bool):
msg (str): Success message/Error info
"""
if not plugin:
return False, "No plugin to sync"
try:
plugin_path = "/var/lib/asec/plugins/" + plugin + ".cfg"
sql_path = plugin_path + ".sql"
sensors = []
(success, sensors) = get_systems(system_type='sensor')
if not success:
return False, "Unable to get sensors list: %s" % sensors
# Bug in ansible copy module prevents us from copying the files from
# /var/lib/asec/plugins as it has permissions 0 for "other"
# Workaround: make a local copy using ansible command module
plugin_tmp_path = "/tmp/" + plugin + ".cfg"
sql_tmp_path = plugin_tmp_path + ".sql"
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make get local IP: %s" % local_ip
return False, error_msg
(success, msg) = local_copy_file(local_ip, plugin_path,
plugin_tmp_path)
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make temp copy of plugin file: %s" % msg
return False, error_msg
(success, msg) = local_copy_file(local_ip, sql_path, sql_tmp_path)
if not success:
error_msg = "[ansible_install_plugin] " + \
"Failed to make temp copy of sql file: %s" % msg
return False, error_msg
all_ok = True
for (sensor_id, sensor_ip) in sensors:
(success, msg) = ansible_install_plugin(sensor_ip, plugin_tmp_path,
sql_tmp_path)
if success and enable:
# Get list of active plugins and add the new one.
# Then send the list back to the sensor?
(success, data) = get_sensor_detectors(sensor_ip)
if success:
data['sensor_detectors'].append(plugin)
sensor_det = ','.join(data['sensor_detectors'])
(success,
msg) = set_sensor_detectors(sensor_ip, sensor_det)
if not success:
error_msg = "[sync_asec_plugins] " + \
"Error enabling plugin %s " % plugin + \
"for sensor %s: %s" % (sensor_ip, msg)
api_log.error(error_msg)
all_ok = False
else:
# Now launch reconfig task
job = alienvault_reconfigure.delay(sensor_ip)
else:
error_msg = "[sync_asec_plugins] " + \
"Error installing plugin %s " % plugin + \
"in sensor %s: %s" % (sensor_ip, msg)
api_log.error(error_msg)
all_ok = False
# Delete temporal copies of the files
remove_file([local_ip], plugin_tmp_path)
remove_file([local_ip], sql_tmp_path)
if not all_ok:
error_msg = "Plugin %s installation failed " % plugin + \
"for some sensors"
return False, error_msg
info_msg = "Plugin %s installed. Enabled = %s" % (plugin, str(enable))
return True, info_msg
except Exception as e:
api_log.error("[sync_asec_plugins] Exception catched: %s" % str(e))
return False, "[sync_asec_plugins] Unknown error"
def apimethod_delete_system(system_id):
success, local_system_id = get_system_id_from_local()
if not success:
error_msg = "Cannot retrieve the " + \
"local system id. %s" % str(local_system_id)
return success, error_msg
if system_id == 'local' or get_hex_string_from_uuid(
local_system_id) == get_hex_string_from_uuid(system_id):
error_msg = "You're trying to remove the local system, " + \
"which it's not allowed"
return False, error_msg
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "Cannot retrieve the system ip " + \
"for the given system-id %s" % (str(system_ip))
return success, error_msg
# Check whether the remote system is reachable or not:
try:
remote_system_is_reachable = ping_system(system_id, no_cache=True)
except APIException:
remote_system_is_reachable = False
# We need to take the sensor_id from the database before removing it from the db
(success_f, sensor_id) = get_sensor_id_from_system_id(system_id)
# 1 - Remove it from the database
success, msg = db_remove_system(system_id)
if not success:
error_msg = "Cannot remove the system " + \
"from the database <%s>" % str(msg)
return success, error_msg
# 2 - Remove the firewall rules.
if success_f:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-sensor")
if not trigger_success:
api_log.error(msg)
else:
trigger_success, msg = fire_trigger(system_ip="127.0.0.1",
trigger="alienvault-del-server")
if not trigger_success:
api_log.error(msg)
# 3 - Remove the remote certificates
# success, msg = ansible_remove_certificates(system_ip)
# if not success:
# return (success,
# "Error while removing the remote certificates: %s" % str(msg))
# 4 - Remove the local certificates and keys
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "Cannot retrieve the local ip " + \
"<%s>" % str(local_ip)
return success, error_msg
#Remove remote system certificates on the local system
success, msg = ansible_remove_certificates(system_ip=local_ip,
system_id_to_remove=system_id)
if not success:
return success, "Cannot remove the local certificates <%s>" % str(msg)
# 5 - Remove it from the ansible inventory.
try:
aim = AnsibleInventoryManager()
aim.delete_host(system_ip)
aim.save_inventory()
del aim
except Exception as aim_error:
error_msg = "Cannot remove the system from the " + \
"ansible inventory file " + \
"<%s>" % str(aim_error)
return False, error_msg
# 6 - Try to connect to the child and remove the parent
# using it's server_id
success, own_server_id = get_server_id_from_local()
if not success:
error_msg = "Cannot retrieve the server-id " + \
"from local <%s>" % str(msg)
return success, error_msg
if remote_system_is_reachable:
success, msg = ansible_delete_parent_server(system_ip, own_server_id)
if not success:
error_msg = "Cannot delete parent server in child <%s>" % str(msg)
return success, error_msg
return True, ""
msg = "The remote system is not reachable. " + \
"We had not been able to remove the parent configuration"
return True, msg
def get_fqdn_api(system_id, host_ip):
success, system_ip = get_system_ip_from_system_id(system_id)
if not success:
success, system_ip = get_system_ip_from_local()
return ansiblemethods.system.network.get_fqdn(system_ip, host_ip)
def sync_database_from_child(system_id):
"""
Check SQL sync file in system_id and if it differs from the local one,
get it and add to local database
Then, check if we have to propagate changes upwards
and generate sync.sql if so
"""
# Get remote and local IPs
(success, system_ip) = get_system_ip_from_system_id(system_id)
if not success:
error_msg = "[Apimethod sync_database_from_child] " + \
"Error retrieving the system ip for the system id " + \
"%s -> %s" % (system_ip, str(system_ip))
return success, error_msg
success, local_ip = get_system_ip_from_local()
if not success:
error_msg = "[Apimethod sync_database_from_child] " + \
"Error while getting the local ip: %s" % str(local_ip)
return success, error_msg
# SQL file changed. Get it, check md5 and apply
# Get MD5SUM file for the SQL file
remote_md5file_path = "/var/lib/alienvault-center/db/sync.md5"
local_md5file_path = "%s" % get_base_path_from_system_id(system_id) + \
"/sync_%s.md5" % system_id
(retrieved, msg) = rsync_pull(system_ip, remote_md5file_path, local_ip,
local_md5file_path)
if not retrieved and 'already in sync' not in msg:
return False, "[Apimethod sync_database_from_child] %s" % msg
# Check SQL file MD5
local_file_path = "%s" % get_base_path_from_system_id(system_id) + \
"/sync_%s.sql" % system_id
with open(local_md5file_path) as m:
md5_read = m.readline()
p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE)
md5_calc, err = p.communicate()
if err:
return False, "[Apimethod sync_database_from_child] %s" % err
if str(md5_read.rstrip('\n')) in str(md5_calc):
return True, "[Apimethod sync_database_from_child] SQL already synced"
# Get remote sync file if changed
remote_file_path = "/var/lib/alienvault-center/db/sync.sql"
(retrieved, msg) = rsync_pull(system_ip, remote_file_path, local_ip,
local_file_path)
if not retrieved:
if 'already in sync' in msg:
true_msg = "[Apimethod sync_database_from_child] " + \
"Databases already in sync"
return True, true_msg
else:
false_msg = "[Apimethod sync_database_from_child] " + \
"%s" % msg
return False, false_msg
# Check SQL file MD5
p = Popen(['/usr/bin/md5sum', local_file_path], stdout=PIPE)
md5_calc, err = p.communicate()
if err:
return False, "[Apimethod sync_database_from_child] %s" % err
if not str(md5_read.rstrip('\n')) in str(md5_calc):
error_msg = "[Apimethod sync_database_from_child] " + \
"Corrupt or incomplete SQL file (bad md5sum)"
return False, error_msg
# SQL file OK. Apply
with open(local_file_path) as f:
if call(['/usr/bin/ossim-db'], stdin=f):
error_msg = "[Apimethod sync_database_from_child] " + \
"Error applying SQL file to ossim-db"
return False, error_msg
else:
info_msg = "[Apimethod sync_database_from_child] " + \
"SQL applied successfully"
api_log.info(info_msg)
# Check first line of sync.sql file for mySQL restart option
f.seek(0, 0)
restart_db = "RESTART OSSIM-SERVER" in f.readline()
# Restart SQL server if needed
if restart_db:
try:
restart_ossim_server(local_ip)
except Exception, err:
error_msg = "An error occurred while restarting " + \
"MySQL server: %s" % str(err)
return False, error_msg