def read_config(): cluster_default_configuration = { 'disabled': False, 'node_type': 'master', 'name': 'wazuh', 'node_name': 'node01', 'key': '', 'port': 1516, 'bind_addr': '0.0.0.0', 'nodes': ['NODE_IP'], 'hidden': 'no' } try: config_cluster = get_ossec_conf('cluster') except WazuhException as e: if e.code == 1106: # if no cluster configuration is present in ossec.conf, return default configuration but disabling it. cluster_default_configuration['disabled'] = True return cluster_default_configuration else: raise WazuhException(3006, e.message) except Exception as e: raise WazuhException(3006, str(e)) # if any value is missing from user's cluster configuration, add the default one: for value_name in set(cluster_default_configuration.keys()) - set(config_cluster.keys()): config_cluster[value_name] = cluster_default_configuration[value_name] config_cluster['port'] = int(config_cluster['port']) if config_cluster['disabled'] == 'no': config_cluster['disabled'] = False elif config_cluster['disabled'] == 'yes': config_cluster['disabled'] = True else: raise WazuhException(3004, "Allowed values for 'disabled' field are 'yes' and 'no'. Found: '{}'".format( config_cluster['disabled'])) # if config_cluster['node_name'].upper() == '$HOSTNAME': # # The HOSTNAME environment variable is not always available in os.environ so use socket.gethostname() instead # config_cluster['node_name'] = gethostname() # if config_cluster['node_name'].upper() == '$NODE_NAME': # if 'NODE_NAME' in environ: # config_cluster['node_name'] = environ['NODE_NAME'] # else: # raise WazuhException(3006, 'Unable to get the $NODE_NAME environment variable') # if config_cluster['node_type'].upper() == '$NODE_TYPE': # if 'NODE_TYPE' in environ: # config_cluster['node_type'] = environ['NODE_TYPE'] # else: # raise WazuhException(3006, 'Unable to get the $NODE_TYPE environment variable') if config_cluster['node_type'] == 'client': logger.info("Deprecated node type 'client'. Using 'worker' instead.") config_cluster['node_type'] = 'worker' return config_cluster
def get_decoders_files(offset=0, limit=common.database_limit, sort=None, search=None): """ Gets a list of the available decoder files. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}. :param search: Looks for items with the specified string. :return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)} """ data = [] decoder_dirs = [] decoder_files = [] ossec_conf = configuration.get_ossec_conf() if 'rules' in ossec_conf: if 'decoder_dir' in ossec_conf['rules']: if type(ossec_conf['rules']['decoder_dir']) is list: decoder_dirs.extend(ossec_conf['rules']['decoder_dir']) else: decoder_dirs.append(ossec_conf['rules']['decoder_dir']) if 'decoder' in ossec_conf['rules']: if type(ossec_conf['rules']['decoder']) is list: decoder_files.extend(ossec_conf['rules']['decoder']) else: decoder_files.append(ossec_conf['rules']['decoder']) else: raise WazuhException(1500) for decoder_dir in decoder_dirs: path = "{0}/{1}/*_decoders.xml".format(common.ossec_path, decoder_dir) data.extend(glob(path)) for decoder_file in decoder_files: data.append("{0}/{1}".format(common.ossec_path, decoder_file)) if search: data = search_array(data, search['value'], search['negation']) if sort: data = sort_array(data, order=sort['order']) else: data = sort_array(data, order='asc') return { 'items': cut_array(data, offset, limit), 'totalItems': len(data) }
def get_rules_files(status=None, offset=0, limit=common.database_limit, sort=None, search=None): """ Gets a list of the rule files. :param status: Filters by status: enabled, disabled, all. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}. :param search: Looks for items with the specified string. :return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)} """ data = [] status = Rule.__check_status(status) # Enabled rules ossec_conf = configuration.get_ossec_conf() if 'rules' in ossec_conf and 'include' in ossec_conf['rules']: data_enabled = ossec_conf['rules']['include'] else: raise WazuhException(1200) if status == Rule.S_ENABLED: for f in data_enabled: data.append({'name': f, 'status': 'enabled'}) else: # All rules data_all = [] rule_paths = sorted(glob("{0}/*_rules.xml".format(common.rules_path))) for rule_path in rule_paths: data_all.append(rule_path.split('/')[-1]) # Disabled for r in data_enabled: if r in data_all: data_all.remove(r) for f in data_all: # data_all = disabled data.append({'name': f, 'status': 'disabled'}) if status == Rule.S_ALL: for f in data_enabled: data.append({'name': f, 'status': 'enabled'}) if search: data = search_array(data, search['value'], search['negation']) if sort: data = sort_array(data, sort['fields'], sort['order']) else: data = sort_array(data, ['name'], 'asc') return {'items': cut_array(data, offset, limit), 'totalItems': len(data)}
def read_config(): # Get api/configuration/config.js content try: config_cluster = get_ossec_conf('cluster') except WazuhException as e: if e.code == 1102: raise WazuhException( 3006, "Cluster configuration not present in ossec.conf") else: raise WazuhException(3006, e.message) except Exception as e: raise WazuhException(3006, str(e)) return config_cluster
def managers_get_ossec_conf(section=None, field=None, node_id=None, cluster_depth=1): if is_a_local_request() or cluster_depth <= 0: return get_ossec_conf(section, field) else: if not is_cluster_running(): raise WazuhException(3015) request_type = list_requests_managers['MANAGERS_OSSEC_CONF'] args = [str(section), str(field)] return distributed_api_request(request_type=request_type, args=args, cluster_depth=cluster_depth, affected_nodes=node_id)
def get_decoders_files(offset=0, limit=common.database_limit, sort=None, search=None): """ Gets a list of the available decoder files. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}. :param search: Looks for items with the specified string. :return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)} """ data = [] decoder_dirs = [] decoder_files = [] ossec_conf = configuration.get_ossec_conf() if 'rules' in ossec_conf: if 'decoder_dir' in ossec_conf['rules']: if type(ossec_conf['rules']['decoder_dir']) is list: decoder_dirs.extend(ossec_conf['rules']['decoder_dir']) else: decoder_dirs.append(ossec_conf['rules']['decoder_dir']) if 'decoder' in ossec_conf['rules']: if type(ossec_conf['rules']['decoder']) is list: decoder_files.extend(ossec_conf['rules']['decoder']) else: decoder_files.append(ossec_conf['rules']['decoder']) else: raise WazuhException(1500) for decoder_dir in decoder_dirs: path = "{0}/{1}/*_decoders.xml".format(common.ossec_path, decoder_dir) data.extend(glob(path)) for decoder_file in decoder_files: data.append("{0}/{1}".format(common.ossec_path, decoder_file)) if search: data = search_array(data, search['value'], search['negation']) if sort: data = sort_array(data, order=sort['order']) else: data = sort_array(data, order='asc') return {'items': cut_array(data, offset, limit), 'totalItems': len(data)}
def read_config(): try: config_cluster = get_ossec_conf('cluster') except WazuhException as e: if e.code == 1102: raise WazuhException( 3006, "Cluster configuration not present in ossec.conf") else: raise WazuhException(3006, e.message) except Exception as e: raise WazuhException(3006, str(e)) if 'port' in config_cluster: config_cluster['port'] = int(config_cluster['port']) return config_cluster
def read_config(): try: config_cluster = get_ossec_conf('cluster') except WazuhException as e: if e.code == 1102: raise WazuhException( 3006, "Cluster configuration not present in ossec.conf") else: raise WazuhException(3006, e.message) except Exception as e: raise WazuhException(3006, str(e)) if 'port' in config_cluster: config_cluster['port'] = int(config_cluster['port']) if 'node_type' in config_cluster and config_cluster[ 'node_type'] == 'client': logger.warning( "Deprecated node type 'client'. Using 'worker' instead.") config_cluster['node_type'] = 'worker' return config_cluster
def read_config(): cluster_default_configuration = { 'disabled': 'no', 'node_type': 'master', 'name': 'wazuh', 'node_name': 'node01', 'key': '', 'port': 1516, 'bind_addr': '0.0.0.0', 'nodes': ['NODE_IP'], 'hidden': 'no' } try: config_cluster = get_ossec_conf('cluster') except WazuhException as e: if e.code == 1106: # if no cluster configuration is present in ossec.conf, return default configuration but disabling it. cluster_default_configuration['disabled'] = 'yes' return cluster_default_configuration else: raise WazuhException(3006, e.message) except Exception as e: raise WazuhException(3006, str(e)) # if any value is missing from user's cluster configuration, add the default one: for value_name in set(cluster_default_configuration.keys()) - set( config_cluster.keys()): config_cluster[value_name] = cluster_default_configuration[value_name] config_cluster['port'] = int(config_cluster['port']) if config_cluster['node_type'] == 'client': logger.info("Deprecated node type 'client'. Using 'worker' instead.") config_cluster['node_type'] = 'worker' return config_cluster
def get_decoders_files(status=None, path=None, file=None, offset=0, limit=common.database_limit, sort=None, search=None): """ Gets a list of the available decoder files. :param status: Filters by status: enabled, disabled, all. :param path: Filters by path. :param file: Filters by filename. :param offset: First item to return. :param limit: Maximum number of items to return. :param sort: Sorts the items. Format: {"fields":["field1","field2"],"order":"asc|desc"}. :param search: Looks for items with the specified string. :return: Dictionary: {'items': array of items, 'totalItems': Number of items (without applying the limit)} """ status = Decoder.__check_status(status) ruleset_conf = configuration.get_ossec_conf(section='ruleset') if not ruleset_conf: raise WazuhException(1500) tmp_data = [] tags = ['decoder_include', 'decoder_exclude'] exclude_filenames = [] for tag in tags: if tag in ruleset_conf: item_status = Decoder.S_DISABLED if tag == 'decoder_exclude' else Decoder.S_ENABLED if type(ruleset_conf[tag]) is list: items = ruleset_conf[tag] else: items = [ruleset_conf[tag]] for item in items: item_name = os.path.basename(item) full_dir = os.path.dirname(item) item_dir = os.path.relpath( full_dir if full_dir else common.ruleset_rules_path, start=common.ossec_path) if tag == 'decoder_exclude': exclude_filenames.append(item_name) else: tmp_data.append({ 'file': item_name, 'path': item_dir, 'status': item_status }) tag = 'decoder_dir' if tag in ruleset_conf: if type(ruleset_conf[tag]) is list: items = ruleset_conf[tag] else: items = [ruleset_conf[tag]] for item_dir in items: all_decoders = "{0}/{1}/*.xml".format(common.ossec_path, item_dir) for item in glob(all_decoders): item_name = os.path.basename(item) item_dir = os.path.relpath(os.path.dirname(item), start=common.ossec_path) if item_name in exclude_filenames: item_status = Decoder.S_DISABLED else: item_status = Decoder.S_ENABLED tmp_data.append({ 'file': item_name, 'path': item_dir, 'status': item_status }) data = list(tmp_data) for d in tmp_data: if status and status != 'all' and status != d['status']: data.remove(d) continue if path and path != d['path']: data.remove(d) continue if file and file != d['file']: data.remove(d) continue if search: data = search_array(data, search['value'], search['negation']) if sort: data = sort_array(data, sort['fields'], sort['order']) else: data = sort_array(data, ['file'], 'asc') return { 'items': cut_array(data, offset, limit), 'totalItems': len(data) }