Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Programme pour automatiser l'envoi de log au serveur SIEM
- # Fait dans le cadre du projet annuel ESGI
- # Auteurs : Florian Boulic & Julien Combe
- # Python 3.4
- import subprocess
- import ipaddress
- import pxssh
- import getpass
- # Fonction to validate that the argument is an IPv4
- def validIP(address):
- parts = address.split(".")
- if len(parts) != 4:
- return False
- for item in parts:
- if not 0 <= int(item) <= 255:
- return False
- return True
- def hiddenPassword(password):
- i = 0
- passwordHidden = ""
- while i < len(password):
- if i != 0 and i != (len(password)-1):
- passwordHidden = passwordHidden + '*'
- else:
- passwordHidden = passwordHidden + password[i]
- i = i+1
- return passwordHidden
- # Introduction for the user
- print('Welcome to ESGI_ProjetAnnuel Script that will help you with the installation of your OSSIM SIEM.')
- print('We will help you to configure your network and devices in order to monitore them properly.')
- print('Make sure those devices are reachable from the current SIEM.')
- # Get serveur SIEM IP
- bashCommand = "ifconfig | grep -A 1 'eth0' | tail -1 | cut -d ':' -f 2 | cut -d ' ' -f 1"
- siem_ip = subprocess.check_output(['bash', '-c', bashCommand])
- siem_ip = siem_ip.decode('utf-8')
- siem_ip = siem_ip.rstrip()
- # Prompt the user to input a network address
- net_addr = input("Enter a network address in CIDR format that contain your devices (ex.192.168.1.0/24): ")
- # Create the network
- ip_net = ipaddress.ip_network(net_addr)
- # Get all hosts on that network
- all_hosts = list(ip_net.hosts())
- # For each IP address in the subnet,
- # run the ping command with subprocess.popen interface
- list_online = list()
- for i in range(len(all_hosts)):
- output = subprocess.Popen(['ping', '-n', '-w', '1', str(all_hosts[i])],stdout=subprocess.PIPE, startupinfo=None).communicate()[0]
- if str(all_hosts[i]) == siem_ip:
- print(str(all_hosts[i]), "is the SIEM.")
- elif "Destination host unreachable" in output.decode('utf-8'):
- print(str(all_hosts[i]), "is Offline")
- elif "Request timed out" in output.decode('utf-8'):
- print(str(all_hosts[i]), "is Offline")
- elif "100% packet loss" in output.decode('utf-8'):
- print(str(all_hosts[i]), "is Offline")
- else:
- print(str(all_hosts[i]), "is Online")
- list_online.append(str(all_hosts[i]))
- if len(list_online) == 0:
- print('No device answered ping request. Check your network parameters.')
- exit()
- else:
- print('Devices answer ping requests at the following IPs :')
- for ip in (list_online):
- print(ip)
- answer_listcomplete = input('Do you want to remove some devices on the previous list ? Y/N')
- while(answer_listcomplete != 'N' and answer_listcomplete != 'Y'):
- answer_listcomplete = input('Answer is not correct. Do you want to remove some devices on the previous list ? Y/N')
- list_online2 = list()
- if(answer_listcomplete == 'Y'):
- for ip in list_online:
- current_delete = input('Do you want to delete the device at address ' + ip + ' from the list ? Y/N')
- while(current_delete != 'N' and current_delete != 'Y'):
- current_delete = input('Answer is not correct. Do you want to delete the device at address ' + ip + ' from the list ? Y/N')
- if current_delete == 'N':
- list_online2.append(ip)
- list_online = list_online2
- print('Here is the updated device list :')
- for ip in (list_online):
- print(ip)
- answer_listcomplete = input('Do you want to add some devices on the previous list ? Y/N')
- while(answer_listcomplete != 'N' and answer_listcomplete != 'Y'):
- answer_listcomplete = input('Answer is not correct. Do you want to add some devices on the previous list ? Y/N')
- if(answer_listcomplete == 'Y'):
- add_more = 'Y'
- while(add_more == 'Y'):
- current_add = input('Please enter the IP address of the device to add.')
- while validIP(current_add) == False:
- current_add = input('Not a valid IP address. Please enter the IP address of the device to add.')
- list_online.append(current_add)
- add_more = input('Address ' + current_add + ' added to the list. Do you want to add more ? Y/N')
- while(add_more != 'N' and add_more != 'Y'):
- add_more = input('Answer not correct. Address ' + current_add + ' added to the list. Do you want to add more ? Y/N')
- #list_online.sort()
- print('Here is the updated device list :')
- for ip in (list_online):
- print(ip)
- # Ask for a defaut account/password. Ask then if you need to use it for all of devices, or if you want to pick for each IP.
- sure_account = 'P'
- while (sure_account != 'Y'):
- print('Please enter a defaut profile to connect to those devices :')
- def_account = input('Account ?')
- def_password = getpass.getpass('Password ?')
- sure_account = input('You entered the couple ' + def_account + ' / ' + hiddenPassword(def_password) + ' to be the defaut profile. Is that correct ? Y/N')
- while(sure_account != 'N' and sure_account != 'Y'):
- sure_account = input('Answer is not correct. You entered the couple ' + def_account + ' / ' + hiddenPassword(def_password) + ' to be the defaut profile. Is that correct ? Y/N')
- list_account = list()
- list_password = list()
- sure_account = input('Do you want to use the couple ' + def_account + ' / ' + hiddenPassword(def_password) + ' for all devices ? Y/N')
- while(sure_account != 'N' and sure_account != 'Y'):
- answer_listcomplete = input('Answer is not correct. Do you want to use the couple ' + def_account + ' / ' + hiddenPassword(def_password) + ' for all devices ? Y/N')
- if sure_account == 'Y':
- i = 0
- while i < len(list_online):
- list_account.append(def_account)
- list_password.append(def_password)
- i = i+1
- else:
- i = 0
- while i < len(list_online):
- current_account = input('Do you want to use the couple ' + def_account + ' / ' + hiddenPassword(def_password) + ' for the device at address ' + list_online[i] + '? Y/N')
- while(current_account != 'N' and current_account != 'Y'):
- current_account = input('Answer is not correct. Do you want to use the couple ' + def_account + ' / ' + hiddenPassword(def_password) + ' for the device at address ' + list_online[i] + '? Y/N')
- if current_account == 'Y':
- list_account.append(def_account)
- list_password.append(def_password)
- i = i+1
- else:
- confirm_account = 'P'
- while confirm_account != 'Y':
- print('Please enter a profile to connect to the device at address ' + list_online[i] + ' :')
- cur_account = input('Account ?')
- cur_password = getpass.getpass('Password ?')
- confirm_account = input('You entered the couple ' + cur_account + ' / ' + hiddenPassword(cur_password) + ' to be the profile for the device at address ' + list_online[i] + '. Is that correct ? Y/N')
- while(confirm_account != 'N' and confirm_account != 'Y'):
- confirm_account = input('Answer is not correct. You entered the couple ' + cur_account + ' / ' + hiddenPassword(cur_password) + ' to be the profile for the device at address ' + list_online[i] + '. Is that correct ? Y/N')
- if confirm_account == 'Y':
- list_account.append(cur_account)
- list_password.append(cur_password)
- i = i+1
- print('Here is the list for devices and connexion profiles:')
- print('IP address - Account - Password')
- i = 0
- while i < len (list_online):
- print(list_online[i] + ' - ' + list_account[i] + ' - ' + hiddenPassword(list_password[i]))
- i = i+1
- print('END OF LIST GENERATING')
- print ('DEBUT TEST CONNEXION SSH')
- i = 0
- while i < len(list_online):
- s = pxssh.pxssh()
- hostname = list_online[i]
- username = list_account[i]
- password = list_password[i]
- if not s.login(hostname, username, password):
- print ('SSH session failed on login to '+ hostname +'. Please check network and server configuration.')
- print ('Error message : ' + str(s))
- else:
- s.sendline('cat /etc/*-release')
- s.prompt()
- answer = (s.before).decode('utf-8')
- distrib = ""
- if "Debian" in answer:
- distrib = "Debian"
- elif "Ubuntu" in answer:
- distrib = "Ubuntu"
- elif "Red Hat Entreprise Linux" in answer:
- distrib = "RHEL"
- else:
- distrib = "Unknown"
- if distrib == "Debian":
- print('We detected that the server use a '+ distrib +'distribution. We will use rsyslog to transmit logs to SIEM.')
- s.sendline('sudo apt-get install rsyslog')
- s.prompt()
- answer = (s.before).decode('utf-8')
- print(answer)
- if("password for" in answer):
- root_pass = input('Please enter root password for this server :')
- s.sendline(root_pass)
- s.prompt()
- answer = (s.before).decode('utf-8')
- print(answer)
- if("newly installed," in answer):
- print('Rsyslog installed !')
- elif("is not in the sudoers file:" in answer):
- print('It seems that your account is not in the sudoers file and thus can\'t use sudo command. Please add account to sudoers and relaunch the script.')
- exit(3)
- elif("command not found" in answer):
- print('It seems that the apt-get command was not present on the server. Please check your configuration.')
- exit(3)
- else:
- print('Error : sudo answer no in list - Ask your admin for help')
- exit(3)
- elif("command not found" in answer):
- print('It seems that sudo command is not installed on your server. Server won\'t be configured. Please install sudo and relaunch the script.')
- exit(2)
- else:
- print('Error : sudo answer no in list - Ask your admin for help')
- exit(2)
- #s.sendline('sudo echo "*.* @' + siem_ip + ':514" >> /etc/rsyslog.conf')
- #s.prompt()
- #answer = (s.before).decode('utf-8')
- #print(answer)
- #s.sendline('sudo systemctl status apache2')
- #s.prompt()
- #answer = (s.before).decode('utf-8')
- #if("Active: active" in answer):
- else:
- print('Sorry, that distribution is not supported yet.')
- s.logout()
- i = i+1
- print('DEBUG DEBUG - Fin du script - DEBUG DEBUG')
- exit()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement