From 5684c234dd2617dcbf5b1b5165ebaa05f3f935b8 Mon Sep 17 00:00:00 2001 From: Jesus Linares Date: Thu, 29 Dec 2016 10:35:22 +0000 Subject: [PATCH] Check dictionary keys --- .gitignore | 3 +++ framework/wazuh/agent.py | 6 ++++-- framework/wazuh/rootcheck.py | 8 ++++++-- framework/wazuh/syscheck.py | 22 +++++++++++++++------- 4 files changed, 28 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index 08882bc..2fac47b 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,6 @@ doc/build/ framework/docs/build/ framework/dist/ framework/build/ + +# Installation files +configuration/auth/htpasswd diff --git a/framework/wazuh/agent.py b/framework/wazuh/agent.py index 0cee7d0..6f37272 100755 --- a/framework/wazuh/agent.py +++ b/framework/wazuh/agent.py @@ -212,7 +212,8 @@ class Agent: """ # Check if authd is running - if manager.status()['ossec-authd'] == 'running': + manager_status = manager.status() + if 'ossec-authd' not in manager_status or manager_status['ossec-authd'] == 'running': raise WazuhException(1704) f_keys_temp = '{0}.tmp'.format(common.client_keys) @@ -253,7 +254,8 @@ class Agent: """ # Check if authd is running - if manager.status()['ossec-authd'] == 'running': + manager_status = manager.status() + if 'ossec-authd' not in manager_status or manager_status['ossec-authd'] == 'running': raise WazuhException(1704) # Check if ip or name exist in client.keys diff --git a/framework/wazuh/rootcheck.py b/framework/wazuh/rootcheck.py index fc7bc97..76d2ae1 100755 --- a/framework/wazuh/rootcheck.py +++ b/framework/wazuh/rootcheck.py @@ -40,9 +40,13 @@ def run(agent_id=None, all_agents=False): else: # Check if agent exists and it is active agent_info = Agent(agent_id).get_basic_information() + if 'status' in agent_info: + agent_status = agent_info['status'] + else: + agent_status = "N/A" - if agent_info['status'].lower() != 'active': - raise WazuhException(1602, '{0} - {1}'.format(agent_id, agent_info['status'])) + if agent_status.lower() != 'active': + raise WazuhException(1602, '{0} - {1}'.format(agent_id, agent_status)) oq = OssecQueue(OssecQueue.ARQUEUE) ret_msg = oq.send_msg_to_agent(OssecQueue.HC_SK_RESTART, agent_id) diff --git a/framework/wazuh/syscheck.py b/framework/wazuh/syscheck.py index 8772fa2..296bfd1 100755 --- a/framework/wazuh/syscheck.py +++ b/framework/wazuh/syscheck.py @@ -40,9 +40,13 @@ def run(agent_id=None, all_agents=False): else: # Check if agent exists agent_info = Agent(agent_id).get_basic_information() + if 'status' in agent_info: + agent_status = agent_info['status'] + else: + agent_status = "N/A" - if agent_info['status'].lower() != 'active': - raise WazuhException(1602, '{0} - {1}'.format(agent_id, agent_info['status'])) + if agent_status.lower() != 'active': + raise WazuhException(1602, '{0} - {1}'.format(agent_id, agent_status)) oq = OssecQueue(OssecQueue.ARQUEUE) ret_msg = oq.send_msg_to_agent(OssecQueue.HC_SK_RESTART, agent_id) @@ -159,12 +163,16 @@ def files(agent_id=None, event=None, filename=None, filetype='file', md5=None, s conn = Connection(db_agent) - agent_os = Agent(agent_id).get_basic_information()['os'] - - if "windows" in agent_os.lower(): - windows_agent = True + agent_info = Agent(agent_id).get_basic_information() + if 'os' in agent_info: + if 'windows' in agent_info['os'].lower(): + windows_agent = True + else: + windows_agent = False else: - windows_agent = False + # We do not know if it is a windows or linux agent. + # It is set to windows agent in order to avoid wrong data (uid, gid, ...) + windows_agent = True fields = {'scanDate': 'date', 'modificationDate': 'mtime', 'file': 'path', 'size': 'size', 'user': 'uname', 'group': 'gname'}