Bump 3.9.0 (stable branch) (#689)

.eslintrc.json

@@ -8,13 +8,13 @@
     "jquery" : true
   },
   "parserOptions": {
-    "ecmaVersion": 7,
+    "ecmaVersion": 6,
     "sourceType": "module",
     "ecmaFeatures": {
       "jsx": true
     }
   },
-  "parser": "babel-eslint",
+  "parser": "esprima",
   "rules": {
     "node/exports-style": [
       "error",

README.md

@@ -45,6 +45,8 @@
 |      7.2.3     |       3.8.2       | <https://packages.wazuh.com/3.x/splunkapp/v3.8.2_7.2.3.tar.gz> |
 |      7.2.4     |       3.8.2       | <https://packages.wazuh.com/3.x/splunkapp/v3.8.2_7.2.4.tar.gz> |
 |      7.2.5     |       3.8.2       | <https://packages.wazuh.com/3.x/splunkapp/v3.8.2_7.2.5.tar.gz> |
+|      7.2.6     |       3.8.2       | <https://packages.wazuh.com/3.x/splunkapp/v3.8.2_7.2.6.tar.gz> |
+|      7.2.6     |       3.9.0       | <https://packages.wazuh.com/3.x/splunkapp/v3.9.0_7.2.6.tar.gz> |
 
 ## Upgrade
 

SplunkAppForWazuh/README.md

@@ -0,0 +1,67 @@
+# Splunk app for Wazuh
+
+[![Slack](https://img.shields.io/badge/slack-join-blue.svg)](https://wazuh.com/community/join-us-on-slack/)
+[![Email](https://img.shields.io/badge/email-join-blue.svg)](https://groups.google.com/forum/#!forum/wazuh)
+[![Documentation](https://img.shields.io/badge/docs-view-green.svg)](https://documentation.wazuh.com)
+[![Documentation](https://img.shields.io/badge/web-view-green.svg)](https://wazuh.com)
+
+ Wazuh app for Splunk offers an option to visualize _Wazuh Alerts_ and _API data_. Wazuh helps you to gain deeper security visibility into your infrastructure by monitoring hosts at an operating system and application level.
+* * *
+![](https://i.imgur.com/HkMjiwJ.png)
+### Documentation
+
+-   [Wazuh app for Splunk installation guide](https://documentation.wazuh.com/current/installing-splunk/index.html)
+
+
+### Requisites
+1. An already installed Wazuh Manager with access to the API.
+2. __Splunk Universal Forwarder__ where Wazuh Manager is installed.
+3. At least one __Splunk Enterprise indexer__.
+
+## Installation
+
+| Splunk version | Wazuh version | Installation                                                                                               |
+| :------------: | :---------------: | :--------------------------------------------------------------------------------------------------------- |
+|      7.0.3     |       3.2.1       | <https://packages.wazuh.com/3.x/splunkapp/v3.2.1_7.0.3.tar.gz> |
+|      7.1.1     |       3.2.2       | <https://packages.wazuh.com/3.x/splunkapp/v3.2.2_7.1.1.tar.gz> |
+|      7.1.1     |       3.2.3       | <https://packages.wazuh.com/3.x/splunkapp/v3.2.3_7.1.1.tar.gz> |
+|      7.1.1     |       3.2.4       | <https://packages.wazuh.com/3.x/splunkapp/v3.2.4_7.1.1.tar.gz> |
+|      7.1.1     |       3.3.0       | <https://packages.wazuh.com/3.x/splunkapp/v3.3.0_7.1.1.tar.gz> |
+|      7.1.1     |       3.3.1       | <https://packages.wazuh.com/3.x/splunkapp/v3.3.1_7.1.1.tar.gz> |
+|      7.1.2     |       3.4.0       | <https://packages.wazuh.com/3.x/splunkapp/v3.4.0_7.1.2.tar.gz> |
+|      7.1.2     |       3.5.0       | <https://packages.wazuh.com/3.x/splunkapp/v3.5.0_7.1.2.tar.gz> |
+|      7.1.2     |       3.6.0       | <https://packages.wazuh.com/3.x/splunkapp/v3.6.0_7.1.2.tar.gz> |
+|      7.1.3     |       3.6.1       | <https://packages.wazuh.com/3.x/splunkapp/v3.6.1_7.1.3.tar.gz> |
+|      7.2.0     |       3.7.0       | <https://packages.wazuh.com/3.x/splunkapp/v3.7.0_7.2.0.tar.gz> |
+|      7.2.1     |       3.7.0       | <https://packages.wazuh.com/3.x/splunkapp/v3.7.0_7.2.1.tar.gz> |
+|      7.2.1     |       3.7.1       | <https://packages.wazuh.com/3.x/splunkapp/v3.7.1_7.2.1.tar.gz> |
+|      7.2.1     |       3.7.2       | <https://packages.wazuh.com/3.x/splunkapp/v3.7.2_7.2.1.tar.gz> |
+|      7.2.3     |       3.8.0       | <https://packages.wazuh.com/3.x/splunkapp/v3.8.0_7.2.3.tar.gz> |
+
+## Upgrade
+
+Remove the app using splunk plugin tool
+
+    $SPLUNK_HOME/bin/splunk remove app SplunkAppForWazuh
+
+Install the app
+
+     $SPLUNK_HOME/bin/splunk install app <last package file>
+
+## Contribute
+
+If you want to contribute to our project please don't hesitate to send a pull request. You can also join our users [mailing list](https://groups.google.com/d/forum/wazuh), by sending an email to <mailto:[email protected]>, to ask questions and participate in discussions.
+
+## Copyright & License
+
+Copyright (C) 2015-2019 Wazuh, Inc.
+
+This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+
+Find more information about this on the [LICENSE](LICENSE) file.
+
+## References
+
+-   [Wazuh website](https://wazuh.com)
+-   [Wazuh documentation](https://documentation.wazuh.com)
+-   [Splunk documentation](http://docs.splunk.com/Documentation)

SplunkAppForWazuh/appserver/controllers/manager.py

@@ -24,7 +24,7 @@
 from log import log
 
 
-def getSelfConfStanza(file,stanza):
+def getSelfConfStanza(file, stanza):
     """Get the configuration from a stanza.
 
     Parameters
@@ -53,7 +53,8 @@ def diff_keys_dic_update_api(kwargs_dic):
     try:
         diff = []
         kwargs_dic_keys = kwargs_dic.keys()
-        dic_keys = ['id', 'url', 'portapi', 'userapi', 'passapi']
+        dic_keys = ['_key', 'url', 'portapi', 'userapi',
+                    'passapi', 'filterName', 'filterType', 'managerName']
         for key in dic_keys:
             if key not in kwargs_dic_keys:
                 diff.append(key)
@@ -76,34 +77,6 @@ def __init__(self):
         except Exception as e:
             self.logger.error("Error in manager module constructor: %s" % (e))
 
-    # /custom/SplunkAppForWazuh/manager/node
-    @expose_page(must_login=False, methods=['GET'])
-    def check_connection(self, **kwargs):
-        """Check API connection.
-
-        Parameters
-        ----------
-        kwargs : dict
-            The request's parameters
-
-        """
-        try:
-            opt_username = kwargs["user"]
-            opt_password = kwargs["pass"]
-            opt_base_url = kwargs["ip"]
-            opt_base_port = kwargs["port"]
-            url = opt_base_url + ":" + opt_base_port
-            auth = requestsbak.auth.HTTPBasicAuth(opt_username, opt_password)
-            verify = False
-            request_cluster = self.session.get(
-                url + '/version', auth=auth, timeout=8, verify=verify).json()
-            del kwargs['pass']
-            result = jsonbak.dumps(request_cluster)
-        except Exception as e:
-            self.logger.error("Cannot connect to API : %s" % (e))
-            return jsonbak.dumps({"status": "400", "error": str(e)})
-        return result
-
     @expose_page(must_login=False, methods=['GET'])
     def polling_state(self, **kwargs):
         """Check agent monitoring status.
@@ -138,7 +111,24 @@ def extensions(self, **kwargs):
 
         """
         try:
-            stanza = getSelfConfStanza("config","extensions")
+            stanza = getSelfConfStanza("config", "extensions")
+            data_temp = stanza
+        except Exception as e:
+            return jsonbak.dumps({'error': str(e)})
+        return data_temp
+
+    @expose_page(must_login=False, methods=['GET'])
+    def admin_extensions(self, **kwargs):
+        """Obtain extension from file.
+
+        Parameters
+        ----------
+        kwargs : dict
+            The request's parameters
+
+        """
+        try:
+            stanza = getSelfConfStanza("config", "admin_extensions")
             data_temp = stanza
         except Exception as e:
             return jsonbak.dumps({'error': str(e)})
@@ -200,8 +190,8 @@ def get_apis(self, **kwargs):
 
         """
         try:
-            data_temp = self.db.all()
-            result = jsonbak.dumps(data_temp)
+            apis = self.db.all()
+            result = apis
         except Exception as e:
             self.logger.error(jsonbak.dumps({"error": str(e)}))
             return jsonbak.dumps({"error": str(e)})
@@ -218,18 +208,19 @@ def add_api(self, **kwargs):
 
         """
         try:
+
             record = kwargs
-            keys_list = ['url', 'portapi', 'userapi', 'passapi']
+            keys_list = ['url', 'portapi', 'userapi', 'passapi',
+                         'managerName', 'filterType', 'filterName']
             if set(record.keys()) == set(keys_list):
-                record['id'] = str(uuid.uuid4())
-                self.db.insert(record)
-                parsed_data = jsonbak.dumps({'result': record['id']})
+                key = self.db.insert(jsonbak.dumps(record))
+                parsed_data = jsonbak.dumps({'result': key})
+                return parsed_data
             else:
-                return jsonbak.dumps({'error': 'Invalid number of arguments'})
+                raise Exception('Invalid number of arguments')
         except Exception as e:
-            self.logger.error({'error': str(e)})
+            self.logger.error({'manager - add_api': str(e)})
             return jsonbak.dumps({'error': str(e)})
-        return parsed_data
 
     @expose_page(must_login=False, methods=['POST'])
     def remove_api(self, **kwargs):
@@ -243,9 +234,9 @@ def remove_api(self, **kwargs):
         """
         try:
             api_id = kwargs
-            if 'id' not in api_id:
+            if '_key' not in api_id:
                 return jsonbak.dumps({'error': 'Missing ID'})
-            self.db.remove(api_id['id'])
+            self.db.remove(api_id['_key'])
             parsed_data = jsonbak.dumps({'data': 'success'})
         except Exception as e:
             self.logger.error("Error in remove_api endpoint: %s" % (e))
@@ -264,7 +255,9 @@ def update_api(self, **kwargs):
         """
         try:
             entry = kwargs
-            keys_list = ['id', 'url', 'portapi', 'userapi',
+            if '_user' in kwargs:
+                del kwargs['_user']
+            keys_list = ['_key', 'url', 'portapi', 'userapi',
                          'passapi', 'filterName', 'filterType', 'managerName']
             if set(entry.keys()) == set(keys_list):
                 self.db.update(entry)
@@ -296,3 +289,82 @@ def get_log_lines(self, **kwargs):
             self.logger.error("Get_log_lines endpoint: %s" % (e))
             return jsonbak.dumps({"error": str(e)})
         return parsed_data
+
+    @expose_page(must_login=False, methods=['GET'])
+    def check_connection(self, **kwargs):
+        """Check API connection.
+
+        Parameters
+        ----------
+        kwargs : dict
+            The request's parameters
+
+        """
+        try:
+            opt_username = kwargs["user"]
+            opt_password = kwargs["pass"]
+            opt_base_url = kwargs["ip"]
+            opt_base_port = kwargs["port"]
+            opt_cluster = kwargs["cluster"] == "true"
+            url = opt_base_url + ":" + opt_base_port
+            auth = requestsbak.auth.HTTPBasicAuth(opt_username, opt_password)
+            verify = False
+            request_manager = self.session.get(
+                url + '/agents/000?select=name', auth=auth, timeout=20, verify=verify).json()           
+            request_cluster = self.session.get(
+                url + '/cluster/status', auth=auth, timeout=20, verify=verify).json()
+            request_cluster_name = self.session.get(
+                url + '/cluster/node', auth=auth, timeout=20, verify=verify).json()           
+            output = {}
+            daemons_ready = self.check_daemons(url, auth, verify, opt_cluster)
+            # Pass the cluster status instead of always False
+            if not daemons_ready:
+                raise Exception("Daemons are not ready yet.")
+            output['managerName'] = request_manager['data']
+            output['clusterMode'] = request_cluster['data']
+            output['clusterName'] = request_cluster_name['data']
+            del kwargs['pass']
+            result = jsonbak.dumps(output) 
+        except Exception as e:
+            if not daemons_ready:
+                self.logger.error("Cannot connect to API; Wazuh not ready yet.")
+                return jsonbak.dumps({"status": "200", "error": 3099, "message": "Wazuh not ready yet."})
+            else:
+                self.logger.error("Cannot connect to API : %s" % (e))
+                return jsonbak.dumps({"status": "400", "error": "Cannot connect to the API"})
+        return result
+
+    def check_daemons(self, url, auth, verify, check_cluster):
+        """ Request to check the status of this daemons: execd, modulesd, wazuhdb and clusterd
+
+        Parameters
+        ----------
+        url: str
+        auth: str
+        verify: str
+        cluster_enabled: bool
+        """
+        try:
+            request_cluster = self.session.get(
+                url + '/cluster/status', auth=auth, timeout=20, verify=verify).json()
+            # Try to get cluster is enabled if the request fail set to false
+            try:
+                cluster_enabled = request_cluster['data']['enabled'] == 'yes'
+            except Exception as e:
+                cluster_enabled = False
+            cc = check_cluster and cluster_enabled # Var to check the cluster demon or not
+            opt_endpoint = "/manager/status"
+            daemons_status = self.session.get(
+                    url + opt_endpoint, auth=auth,
+                    verify=verify).json()
+            if not daemons_status['error']:
+                d = daemons_status['data']
+                daemons = {"execd": d['ossec-execd'], "modulesd": d['wazuh-modulesd'], "db": d['wazuh-db']}
+                if cc:
+                    daemons['clusterd'] = d['wazuh-clusterd']
+                values = list(daemons.values())
+                wazuh_ready = len(set(values)) == 1 and values[0] == "running" # Checks all the status are equals, and running
+                return wazuh_ready
+        except Exception as e:
+            self.logger.error("Error checking daemons: %s" % (e))
+            raise e

SplunkAppForWazuh/appserver/controllers/queue.py

@@ -0,0 +1,60 @@
+# -*- coding: utf-8 -*-
+"""
+Wazuh app - API backend module.
+
+Copyright (C) 2015-2019 Wazuh, Inc.
+
+This program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published by
+the Free Software Foundation; either version 2 of the License, or
+(at your option) any later version.
+
+Find more information about this on the LICENSE file.
+"""
+
+import jsonbak
+import splunk.appserver.mrsparkle.controllers as controllers
+from splunk.appserver.mrsparkle.lib.decorators import expose_page
+from db import database
+from log import log
+from jobs_queue import JobsQueue
+
+import time
+
+
+class Queue(controllers.BaseController):
+
+    """Queue class.
+
+    Handle Jobs queue methods
+    """
+
+    def __init__(self):
+        """Constructor."""
+        try:
+            self.queue = JobsQueue()
+            self.logger = log()
+            controllers.BaseController.__init__(self)
+        except Exception as e:
+            self.logger.error(
+                "Error in Jobs queue module constructor: %s" % (e))
+
+    @expose_page(must_login=False, methods=['POST'])
+    def add_job(self, **kwargs):
+        """Add job to the queue.
+
+        Parameters
+        ----------
+        kwargs : dict
+            Request parameters
+        """
+        try:
+            now = time.time()
+            exec_time = now + float(kwargs['delay'])
+            del kwargs['delay']
+            job = {"job": kwargs, "added": now, "exec_time": exec_time, "done": 0}
+            self.queue.insert_job(job)
+            return jsonbak.dumps({"data": "Job added to the queue.", "error": 0})
+        except Exception as e:
+            self.logger.error("Error adding job: %s" % (e))
+            return jsonbak.dumps({'error': str(e)})