intelmq.bin package

Submodules

intelmq.bin.intelmq_generate_misp_objects_templates module

Generates a MISP object template see https://github.com/MISP/misp-objects/

class intelmq.bin.intelmq_generate_misp_objects_templates.MISPObjectTemplateGenerator(object_templates_path: pathlib.Path, harmonization_file_path: pathlib.Path)

Bases: object

dump_templates()
generate_templates()

intelmq.bin.intelmq_psql_initdb module

Generates a SQL command file with commands to create the events table.

Reads the harmonization configuration and generates an SQL command from it. The SQL file is saved in /tmp/initdb.sql or a temporary name if the other one exists.

intelmq.bin.intelmq_psql_initdb.generate(harmonization_file='/opt/intelmq/etc/harmonization.conf')
intelmq.bin.intelmq_psql_initdb.main()

intelmq.bin.intelmqctl module

class intelmq.bin.intelmqctl.IntelMQController(interactive: bool = False, return_type: str = 'python', quiet: bool = False, no_file_logging: bool = False, drop_privileges: bool = True)

Bases: object

__init__(interactive: bool = False, return_type: str = 'python', quiet: bool = False, no_file_logging: bool = False, drop_privileges: bool = True) None

Initializes intelmqctl.

Parameters
  • interactive – for cli-interface true, functions can exits, parameters are used

  • return_type – ‘python’: no special treatment, can be used for use by other python code ‘text’: user-friendly output for cli, default for interactive use ‘json’: machine-readable output for managers

  • quiet – False by default, can be activated for cron jobs etc.

  • no_file_logging – do not log to the log file

  • drop_privileges – Drop privileges and fail if it did not work.

abort(message)
bot_disable(bot_id)

If Bot is already disabled, the “Bot … is disabled” message is printed by the wrapping function already.

bot_enable(bot_id)
bot_reload(bot_id, getstatus=True, group=None)
bot_restart(bot_id, group=None)
bot_run(**kwargs)
bot_start(bot_id, getstatus=True, group=None)
bot_status(bot_id, group=None)
bot_stop(bot_id, getstatus=True, group=None)
botnet_reload(group=None)
botnet_restart(group=None)
botnet_start(group=None)
botnet_status(group=None)
botnet_stop(group=None)
check(no_connections=False)
clear_queue(queue)

Clears an exiting queue.

First checks if the queue does exist in the pipeline configuration.

debug(sections=None)

Give debugging output get_paths:

print path information

get_queues(with_internal_queues=False)
Returns

4-tuple of source, destination, internal queues, and all queues combined.

The returned values are only queue names, not their paths. I.E. if there is a bot with destination queues = {“_default”: “one”, “other”: [“two”, “three”]}, only set of {“one”, “two”, “three”} gets returned. (Note that the “_default” path has single string and the “other” path has a list that gets flattened.)

list(kind=None, non_zero=False, count=False, configured=False)
list_bots(non_zero=False, configured=False)

Lists all (configured) bots from runtime.conf or generated on demand with bot id/module and description and parameters.

If description is not set, None is used instead.

list_queues(non_zero=False, count=False)
load_defaults_configuration(silent=False)
read_bot_log(bot_id, log_level, number_of_lines)
run()
upgrade_conf(previous=None, dry_run=None, function=None, force=None, state_file: str = '/opt/intelmq/var/lib/state.json', no_backup=False)

Upgrade the IntelMQ configuration after a version upgrade.

Parameters
  • previous – Assume the given version as the previous version

  • function – Only execute this upgrade function

  • force – Also upgrade if not necessary

  • state_file – location of the state file

  • no_backup – Do not create backups of state and configuration files

state file:

version_history = […, [2, 0, 0], [2, 0, 1]] upgrades = {

“v112_feodo_tracker_domains”: true, “v112_feodo_tracker_ips”: false, “v200beta1_ripe_expert”: false }

results = [
{“function”: “v112_feodo_tracker_domains”,

“success”: true, “retval”: null, “time”: “…”},

{“function”: “v112_feodo_tracker_domains”,

“success”: false, “retval”: “fix it manually”, “message”: “fix it manually”, “time”: “…”},

{“function”: “v200beta1_ripe_expert”,

“success”: false, “traceback”: “…”, “time”: “…”}

]

write_updated_runtime_config(filename='/opt/intelmq/etc/runtime.yaml')
class intelmq.bin.intelmqctl.IntelMQProcessManager(runtime_configuration, logger, controller)

Bases: object

PIDDIR = '/opt/intelmq/var/run/'
PIDFILE = '/opt/intelmq/var/run/{}.pid'
static _interpret_commandline(pid: int, cmdline: Iterable[str], module: str, bot_id: str) Union[bool, str]

Separate function to allow easy testing

pidint

Process ID, used for return values (error messages) only.

cmdlineIterable[str]

The command line of the process.

modulestr

The module of the bot.

bot_idstr

The ID of the bot.

Union[bool, str]

DESCRIPTION.

bot_reload(bot_id, getstatus=True)
bot_run(bot_id, run_subcommand=None, console_type=None, message_action_kind=None, dryrun=None, msg=None, show_sent=None, loglevel=None)
bot_start(bot_id, getstatus=True)
bot_status(bot_id, *, proc=None)
bot_stop(bot_id, getstatus=True)
class intelmq.bin.intelmqctl.Parameters

Bases: object

class intelmq.bin.intelmqctl.SupervisorProcessManager(runtime_configuration: dict, logger: logging.Logger, controller)

Bases: object

DEFAULT_SOCKET_PATH = '/var/run/supervisor.sock'
class ProcessState

Bases: object

BACKOFF = 30
EXITED = 100
FATAL = 200
RUNNING = 20
STARTING = 10
STOPPED = 0
STOPPING = 40
UNKNOWN = 1000
static is_running(state: int) bool
class RpcFaults

Bases: object

ABNORMAL_TERMINATION = 40
ALREADY_ADDED = 90
ALREADY_STARTED = 60
BAD_ARGUMENTS = 3
BAD_NAME = 10
BAD_SIGNAL = 11
CANT_REREAD = 92
FAILED = 30
INCORRECT_PARAMETERS = 2
NOT_EXECUTABLE = 21
NOT_RUNNING = 70
NO_FILE = 20
SHUTDOWN_STATE = 6
SIGNATURE_UNSUPPORTED = 4
SPAWN_ERROR = 50
STILL_RUNNING = 91
SUCCESS = 80
UNKNOWN_METHOD = 1
SUPERVISOR_GROUP = 'intelmq'
bot_reload(bot_id: str, getstatus: bool = True)
bot_run(bot_id, run_subcommand=None, console_type=None, message_action_kind=None, dryrun=None, msg=None, show_sent=None, loglevel=None)
bot_start(bot_id: str, getstatus: bool = True)
bot_status(bot_id: str) str
bot_stop(bot_id: str, getstatus: bool = True)
intelmq.bin.intelmqctl.log_bot_error(status, *args)
intelmq.bin.intelmqctl.log_bot_message(status, *args)
intelmq.bin.intelmqctl.log_botnet_error(status, group=None)
intelmq.bin.intelmqctl.log_botnet_message(status, group=None)
intelmq.bin.intelmqctl.log_log_messages(messages)
intelmq.bin.intelmqctl.main()

intelmq.bin.intelmqdump module

class intelmq.bin.intelmqdump.Completer(possible_values, queues=False)

Bases: object

complete(text, state)
queues = None
state = None
intelmq.bin.intelmqdump.dump_info(fname, file_descriptor=None)
intelmq.bin.intelmqdump.load_meta(dump)
intelmq.bin.intelmqdump.main()
intelmq.bin.intelmqdump.save_file(handle, content)

intelmq.bin.intelmqsetup module

© 2019-2021 nic.at GmbH <intelmq-team@cert.at>

SPDX-License-Identifier: AGPL-3.0-or-later

Sets up an intelmq environment after installation or upgrade by
  • creating needed directories

  • set intelmq as owner for those

  • providing example configuration files if not already existing

If intelmq-api is installed, the similar steps are performed:
  • creates needed directories

  • sets the webserver as group for them

  • sets group write permissions

Reasoning: Pip does not (and cannot) create /opt/intelmq/user-given ROOT_DIR, as described in https://github.com/certtools/intelmq/issues/819

intelmq.bin.intelmqsetup.basic_checks(skip_ownership)
intelmq.bin.intelmqsetup.change_owner(file: str, owner: Optional[str] = None, group: Optional[str] = None, log: bool = True)
intelmq.bin.intelmqsetup.create_directory(directory: str, octal_mode: int)
intelmq.bin.intelmqsetup.debian_activate_apache_config(config_name: str)
intelmq.bin.intelmqsetup.find_webserver_configuration_directory()
intelmq.bin.intelmqsetup.find_webserver_user()
intelmq.bin.intelmqsetup.intelmqsetup_api(ownership: bool = True, webserver_user: Optional[str] = None)
intelmq.bin.intelmqsetup.intelmqsetup_api_webserver_configuration(webserver_configuration_directory: Optional[str] = None)
intelmq.bin.intelmqsetup.intelmqsetup_core(ownership=True, state_file='/opt/intelmq/var/lib/state.json')
intelmq.bin.intelmqsetup.intelmqsetup_manager_webserver_configuration(webserver_configuration_directory: Optional[str] = None)
intelmq.bin.intelmqsetup.main()

intelmq.bin.rewrite_config_files module

intelmq.bin.rewrite_config_files.rewrite(fobj)

Module contents