intelmq.bin package

Submodules

intelmq.bin.intelmq_generate_misp_objects_templates module

Generates a MISP object template see https://github.com/MISP/misp-objects/

class intelmq.bin.intelmq_generate_misp_objects_templates.MISPObjectTemplateGenerator(object_templates_path: Path, harmonization_file_path: Path)

Bases: object

dump_templates()

generate_templates()

intelmq.bin.intelmq_psql_initdb module

Generates a SQL command file with commands to create the events table.

Reads the harmonization configuration and generates an SQL command from it. The SQL file is saved in /tmp/initdb.sql or a temporary name if the other one exists.

intelmq.bin.intelmq_psql_initdb.generate(harmonization_file='/opt/intelmq/etc/harmonization.conf', skip_events=False, separate_raws=False, partition_key=None, skip_or_replace=False)

intelmq.bin.intelmq_psql_initdb.main()

intelmq.bin.intelmqctl module

class intelmq.bin.intelmqctl.IntelMQController(interactive: bool = False, returntype: ReturnType = ReturnType.PYTHON, quiet: bool = False, no_file_logging: bool = False, drop_privileges: bool = True)

Bases: object

__init__(interactive: bool = False, returntype: ReturnType = ReturnType.PYTHON, quiet: bool = False, no_file_logging: bool = False, drop_privileges: bool = True) → None

Initializes intelmqctl.

Parameters:

• interactive – for cli-interface true, functions can exits, parameters are used

• return_type –

• ReturnType.PYTHON (*) – no special treatment, can be used for use by other python code

• ReturnType.TEXT (*) – user-friendly output for cli, default for interactive use

• ReturnType.JSON (*) – machine-readable output for managers

• quiet – False by default, can be activated for cron jobs etc.

• no_file_logging – do not log to the log file

• drop_privileges – Drop privileges and fail if it did not work.

abort(message)

bot_disable(bot_id)

If Bot is already disabled, the “Bot … is disabled” message is printed by the wrapping function already.

bot_enable(bot_id)

bot_reload(bot_id, getstatus=True, group=None)

bot_restart(bot_id, group=None)

bot_run(**kwargs)

bot_start(bot_id, getstatus=True, group=None)

bot_status(bot_id, group=None)

bot_stop(bot_id, getstatus=True, group=None)

botnet_reload(group=None)

botnet_restart(group=None)

botnet_start(group=None)

botnet_status(group=None)

botnet_stop(group=None)

check(no_connections=False, check_executables=True)

clear_queue(queue)

Clears an exiting queue.

First checks if the queue does exist in the pipeline configuration.

debug(sections=None)

Give debugging output

get_queues(with_internal_queues=False)

Returns:

4-tuple of source, destination, internal queues, and all queues combined.

The returned values are only queue names, not their paths. I.E. if there is a bot with destination queues = {“_default”: “one”, “other”: [“two”, “three”]}, only set of {“one”, “two”, “three”} gets returned. (Note that the “_default” path has single string and the “other” path has a list that gets flattened.)

list(kind=None, non_zero=False, count=False, configured=False)

list_bots(non_zero=False, configured=False)

Lists all (configured) bots from runtime configuration or generated on demand with bot id/module and description and parameters.

If description is not set, None is used instead.

list_queues(non_zero=False, count=False)

load_defaults_configuration(silent=False)

log_bot_message(status, *args)

log_botnet_message(status, group=None)

log_log_messages(messages)

read_bot_log(bot_id, log_level, number_of_lines)

run()

upgrade_conf(previous=None, dry_run=None, function=None, force=None, state_file: str = '/opt/intelmq/var/lib/state.json', no_backup=False)

Upgrade the IntelMQ configuration after a version upgrade.

Parameters:

• previous – Assume the given version as the previous version

• function – Only execute this upgrade function

• force – Also upgrade if not necessary

• state_file – location of the state file

• no_backup – Do not create backups of state and configuration files

state_file:

version_history = [..., [2, 0, 0], [2, 0, 1]]
upgrades = {
    "v112_feodo_tracker_domains": true,
    "v112_feodo_tracker_ips": false,
    "v200beta1_ripe_expert": false
    }
results = [
    {"function": "v112_feodo_tracker_domains",
     "success": true,
     "retval": null,
     "time": "..."},
    {"function": "v112_feodo_tracker_domains",
     "success": false,
     "retval": "fix it manually",
     "message": "fix it manually",
     "time": "..."},
    {"function": "v200beta1_ripe_expert",
     "success": false,
     "traceback": "...",
     "time": "..."}
    ]

write_updated_runtime_config(filename='/opt/intelmq/etc/runtime.yaml')

class intelmq.bin.intelmqctl.Parameters

Bases: object

intelmq.bin.intelmqctl.main()

intelmq.bin.intelmqdump module

class intelmq.bin.intelmqdump.Completer(possible_values, queues=False)

Bases: object

complete(text, state)

queues = None

state = None

intelmq.bin.intelmqdump.dump_info(fname, file_descriptor=None)

intelmq.bin.intelmqdump.load_meta(dump)

intelmq.bin.intelmqdump.main(argv=None)

intelmq.bin.intelmqdump.save_file(handle, content)

intelmq.bin.intelmqsetup module

© 2019-2021 nic.at GmbH <intelmq-team@cert.at>

SPDX-License-Identifier: AGPL-3.0-or-later

Sets up an intelmq environment after installation or upgrade by

• creating needed directories

• set intelmq as owner for those

• providing example configuration files if not already existing

If intelmq-api is installed, the similar steps are performed:

• creates needed directories

• sets the webserver as group for them

• sets group write permissions

Reasoning: Pip does not (and cannot) create /opt/intelmq/user-given ROOT_DIR, as described in https://github.com/certtools/intelmq/issues/819

intelmq.bin.intelmqsetup.basic_checks(skip_ownership)

intelmq.bin.intelmqsetup.change_owner(file: str, owner: str | None = None, group: str | None = None, log: bool = True)

intelmq.bin.intelmqsetup.create_directory(directory: str, octal_mode: int)

intelmq.bin.intelmqsetup.debian_activate_apache_config(config_name: str)

intelmq.bin.intelmqsetup.find_webserver_configuration_directory()

intelmq.bin.intelmqsetup.find_webserver_user()

intelmq.bin.intelmqsetup.intelmqsetup_api(ownership: bool = True, webserver_user: str | None = None)

intelmq.bin.intelmqsetup.intelmqsetup_api_webserver_configuration(webserver_configuration_directory: str | None = None)

intelmq.bin.intelmqsetup.intelmqsetup_core(ownership=True, state_file='/opt/intelmq/var/lib/state.json')

intelmq.bin.intelmqsetup.intelmqsetup_manager_generate()

intelmq.bin.intelmqsetup.intelmqsetup_manager_webserver_configuration(webserver_configuration_directory: str | None = None)

intelmq.bin.intelmqsetup.main()

intelmq.bin.rewrite_config_files module

intelmq.bin.rewrite_config_files.rewrite(fobj)

Module contents