MAINHACK

Viewing / Editing File: ossec_rules_checker.py

File is not writable. Editing disabled.

import asyncio
import os

from defence360agent.contracts.plugins import MessageSink
from defence360agent.utils import recurring_check
from defence360agent.utils.common import LooseVersion
from im360.subsys import ossec
from im360.subsys.ossec import rules_update_lock


class OssecRulesChecker(MessageSink):
    """Plugin that reinstall ossec rules if a newer version is available
    or there are no rules installed.
    """

    def __init__(self):
        self.loop = None
        self.task = None

    async def create_sink(self, loop):
        self.loop = loop
        self.task = loop.create_task(self.check_rules_recurrent())

    async def shutdown(self):
        if self.task:
            self.task.cancel()
            await self.task

    @recurring_check(0)
    async def check_rules_recurrent(self):
        # Do not execute on agent start
        await asyncio.sleep(3600)
        await self.check_rules()

    async def check_rules(self):
        if rules_update_lock.locked():
            # Already being updated via imunify files
            return

        if not os.path.isdir(ossec.ETC_DIR):
            # ossec is not ready yet
            return

        installed_version = ossec.get_rules_installed_version()
        available_version = ossec.get_rules_version()
        if available_version is None:
            return
        available_version = LooseVersion(available_version)

        if (installed_version is None) or (
            available_version > installed_version
        ):
            await ossec.on_files_update(None, is_updated=True)

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: ossec_rules_checker.py

Server Info

System Features

User Info