rhubarb

Rhubarb/config.json

@@ -0,0 +1,15 @@
+{
+    "askpass": true,
+    "hosts": {
+        "192.168.6.174": {},
+        "192.168.6.169": {},
+        "192.168.6.171": {
+            "disalgs": {
+                "pubkeys": [
+                    "rsa-sha2-512",
+                    "rsa-sha2-256"
+                ]
+            }
+        }
+    }
+}

Rhubarb/preloaded-vars.conf

@@ -0,0 +1,160 @@
+# preloaded-vars.conf, Daniel B. Cid (dcid @ ossec.net).
+#
+# Copyright (C) 2015, Wazuh Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Use this file to customize your installations.
+# It will make the install.sh script pre-load some
+# specific options to make it run automatically
+# or with less questions.
+
+# PLEASE NOTE:
+# When we use "n" or "y" in here, it should be changed
+# to "n" or "y" in the language your are doing the
+# installation. For example, in portuguese it would
+# be "s" or "n".
+
+
+# USER_LANGUAGE defines to language to be used.
+# It can be "en", "br", "tr", "it", "de" or "pl".
+# In case of an invalid language, it will default
+# to English "en"
+USER_LANGUAGE="en"     # For english
+# USER_LANGUAGE="br"     # For portuguese
+
+
+# If USER_NO_STOP is set to anything, the confirmation
+# messages are not going to be asked.
+USER_NO_STOP="y"
+
+
+# USER_INSTALL_TYPE defines the installation type to
+# be used during install. It can only be "local",
+# "agent" or "server".
+#USER_INSTALL_TYPE="local"
+USER_INSTALL_TYPE="agent"
+#USER_INSTALL_TYPE="server"
+
+
+# USER_DIR defines the location to install ossec
+USER_DIR="/var/ossec"
+
+
+# If USER_DELETE_DIR is set to "y", the directory
+# to install OSSEC will be removed if present.
+USER_DELETE_DIR="n"
+
+
+# If USER_ENABLE_ACTIVE_RESPONSE is set to "n",
+# active response will be disabled.
+USER_ENABLE_ACTIVE_RESPONSE="y"
+
+
+# If USER_ENABLE_SYSCHECK is set to "y",
+# syscheck will be enabled. Set to "n" to
+# disable it.
+USER_ENABLE_SYSCHECK="y"
+
+
+# If USER_ENABLE_ROOTCHECK is set to "y",
+# rootcheck will be enabled. Set to "n" to
+# disable it.
+USER_ENABLE_ROOTCHECK="y"
+
+# If USER_ENABLE_OPENSCAP is set to "y",
+# the OpenSCAP module will be enabled.
+# Set to "n" to disable it.
+USER_ENABLE_OPENSCAP="y"
+
+# If USER_ENABLE_SYSCOLLECTOR is set to "y",
+# syscollector will be enabled. Set to "n" to
+# disable it.
+USER_ENABLE_SYSCOLLECTOR="y"
+
+# If USER_ENABLE_SECURITY_CONFIGURATION_ASSESSMENT is set to "y",
+# the configuration assessment module will be enabled.
+# Set to "n" to disable it.
+USER_ENABLE_SECURITY_CONFIGURATION_ASSESSMENT="y"
+
+# If USER_ENABLE_AUTHD is set to "y",
+# the Auth service will be enabled.
+# Set to "n" to disable it.
+USER_ENABLE_AUTHD="y"
+
+# If USER_GENERATE_AUTHD_CERT is set to "y",
+# the Authd certificate will be auto generated.
+# Set to "n" to disable it.
+USER_GENERATE_AUTHD_CERT="y"
+
+# If USER_UPDATE is set to anything, the update
+# installation will be done.
+USER_UPDATE="y"
+
+# If USER_BINARYINSTALL is set, the installation
+# is not going to compile the code, but use the
+# binaries from ./bin/
+USER_BINARYINSTALL="y"
+
+
+### Agent Installation variables. ###
+
+# Specifies the IP address or hostname of the
+# ossec server. Only used on agent installations.
+# Choose only one, not both.
+USER_AGENT_SERVER_IP="192.168.5.150"
+# USER_AGENT_SERVER_NAME
+
+
+# USER_CREATE_SSL_CERT creates the manager certificate
+# and key when set to yes
+USER_CREATE_SSL_CERT="y"
+
+# USER_AGENT_CONFIG_PROFILE specifies the agent's config profile
+# name. This is used to create agent.conf configuration profiles
+# for this particular profile name. Only used on agent installations.
+# Can be any string. E.g. LinuxDBServer or WindowsDomainController
+#USER_AGENT_CONFIG_PROFILE="generic"
+
+
+
+### Server/Local Installation variables. ###
+
+# USER_ENABLE_EMAIL enables or disables email alerting.
+#USER_ENABLE_EMAIL="y"
+
+# USER_AUTO_START enables or disables the auto-start of Wazuh
+#USER_AUTO_START="y"
+
+# USER_EMAIL_ADDRESS defines the destination e-mail of the alerts.
+#USER_EMAIL_ADDRESS="dcid@test.ossec.net"
+
+# USER_EMAIL_SMTP defines the SMTP server to send the e-mails.
+#USER_EMAIL_SMTP="test.ossec.net"
+
+
+# USER_ENABLE_SYSLOG enables or disables remote syslog.
+#USER_ENABLE_SYSLOG="y"
+
+
+# USER_WHITE_LIST is a list of IPs or networks
+# that are going to be set to never be blocked.
+#USER_WHITE_LIST="192.168.2.1 192.168.1.0/24"
+
+# USER_CA_STORE is a path to a X509 certificate or to a folder
+# containing certificates to verify incoming WPK packages for remote upgrades.
+USER_CA_STORE="n"
+
+# OPTIMIZE_CPYTHON activate all the Python optimizations when
+# building the CPython interpeter. This can take a while.
+# More info at: https://github.com/python/cpython#profile-guided-optimization
+#OPTIMIZE_CPYTHON="y"
+
+# INSTALL_API_DAEMON install wazuh-api service
+# This option must be set to 'no' when generating packages. By default the wazuh-api service is installed.
+# INSTALL_API_DAEMON="y"
+
+#### exit ? ###

Rhubarb/script.py

@@ -0,0 +1,176 @@
+#!/usr/bin/env python3
+
+import paramiko
+import logging
+import selectors
+import threading
+import os
+import os.path
+import io
+import json
+from json.decoder import JSONDecodeError
+import time
+from urllib.parse import quote as urlquote
+from sys import argv
+from getpass import getpass
+
+debug = logging.debug
+info = logging.info
+error = logging.error
+
+logging.basicConfig(level=logging.DEBUG)
+
+if len(argv) != 2:
+    error(f'USAGE: {argv[0]} <config filename without extension>')
+    exit(1)
+
+cfname = argv[1]
+
+with open(f'{cfname}.json', 'r') as f:
+    config = json.load(f)
+
+if 'askpass' in config and config['askpass']:
+    passphrase = getpass()
+
+sel = selectors.DefaultSelector()
+r, w = os.pipe()
+sel.register(r, selectors.EVENT_READ, (io.FileIO(r, mode='r'), 'dummy-pipe', None))
+
+def run_sel():
+    global sel
+
+    while len(sel.get_map()):
+        events = sel.select()
+        for key, mask in events:
+            fo = key.fileobj
+            f, lbl, ev = key.data
+            dat = f.readline()
+            if dat:
+                dat = repr(dat.rstrip('\n'))
+                info(f'{lbl}: {dat}')
+            else:
+                info(f'{lbl} closed')
+                sel.unregister(fo)
+                if ev is not None: ev.set()
+
+handle = threading.Thread(target=run_sel)
+
+handle.start()
+
+clients = {}
+transports = {}
+
+for host, opts in config['hosts'].items():
+    client = paramiko.SSHClient()
+    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+    client.connect(
+        host,
+        opts['port'] if 'port' in opts else 22,
+        username=opts['user'] if 'user' in opts else 'root',
+        disabled_algorithms=opts['disalgs'] if 'disalgs' in opts else None,
+        passphrase=passphrase,
+    )
+    transport = client.get_transport()
+    clients[host] = client
+    transports[host] = transport
+
+def run_command(host, com, lbl, event=None, pty=False):
+    global sel, transports
+
+    transport = transports[host]
+
+    channel = transport.open_session()
+    if pty: channel.get_pty()
+    channel.set_combine_stderr(True)
+    channel.exec_command(com)
+
+    sel.register(channel, selectors.EVENT_READ, (channel.makefile(), lbl, event))
+
+    return channel
+
+sftps = {host: client.open_sftp() for host, client in clients.items()}
+
+lrz_evs = []
+
+for host, sftp in sftps.items():
+    # sftp.mkdir('/tmp/wazuh')
+    sftp.put('./lrzip', '/usr/local/bin/lrzip')
+    sftp.put('./wazuh.tar.lrz', '/tmp/wazuh.tar.lrz')
+    sftp.chmod('/usr/local/bin/lrzip', 0o755)
+    ev = threading.Event()
+    run_command(host, 'cd /tmp && lrzip -d wazuh.tar.lrz', f'{host}-lrz', ev)
+    lrz_evs.append(ev)
+
+for ev in lrz_evs: ev.wait()
+
+tar_evs = []
+
+for host in clients:
+    ev = threading.Event()
+    run_command(host, 'cd /tmp && tar xf wazuh.tar', f'{host}-tar', ev)
+    tar_evs.append(ev)
+
+for ev in tar_evs: ev.wait()
+
+inst_evs = []
+
+for host, sftp in sftps.items():
+    sftp.put('./preloaded-vars.conf', '/tmp/wazuh-4.7.0/etc/preloaded-vars.conf')
+    ev = threading.Event()
+    run_command(host, 'cd /tmp/wazuh-4.7.0 && ./install.sh', f'{host}-install', ev)
+    inst_evs.append(ev)
+
+for ev in inst_evs: ev.wait()
+
+start_evs = []
+
+for host in clients:
+    ev = threading.Event()
+    run_command(host, 'systemctl start wazuh-agent', f'{host}-start', ev)
+    start_evs.append(ev)
+
+for ev in start_evs: ev.wait()
+
+stat_evs = []
+
+for host in clients:
+    ev = threading.Event()
+    run_command(host, 'systemctl status wazuh-agent', f'{host}-stat', ev)
+    stat_evs.append(ev)
+
+for ev in stat_evs: ev.wait()
+
+'''
+procs = []
+
+while True:
+    com = input().split()
+    if len(com) < 1:
+        opt = 'help'
+    else:
+        opt = com[0].lower()
+
+    if opt == 'ls':
+        for host in clients:
+            lbl = f'{host}-uname'
+            ev = threading.Event()
+            chan = run_command(host, 'uname -a', lbl, ev, pty=True)
+            procs.append((lbl, chan, ev))
+    elif opt == 'quit' or opt == 'exit':
+        for _, chan, _ in procs:
+            try:
+                chan.send('\3')
+            except OSError: ...
+        break
+    elif opt != 'help':
+        error('Unrecognized command')
+        opt = 'help'
+
+    if opt == 'help':
+        info('COMMANDS: help - display this help')
+        info('COMMANDS: ls - list currently running sync jobs')
+        info('COMMANDS: quit|exit - stop everything and quit the program')
+'''
+
+os.close(w)
+handle.join()