From fd9c583b84bc06429d52e0eecd458f2c588bd7d7 Mon Sep 17 00:00:00 2001 From: Rudi Klein Date: Tue, 7 May 2024 17:08:03 +0200 Subject: [PATCH] docs --- README.md | 126 -------------- Writerside/topics/Wazuh-notifier.md | 3 - wazuh-active-response.py | 5 +- wazuh-discord-notifier.py | 104 ++++-------- wazuh-notifier-config.yaml | 16 +- wazuh-ntfy-notifier.py | 94 ++++------ wazuh_notifier_lib.py | 69 -------- wazuh_notifier_module.py | 254 ++++++++++++++++++++++++++++ 8 files changed, 330 insertions(+), 341 deletions(-) delete mode 100644 README.md delete mode 100755 wazuh_notifier_lib.py create mode 100755 wazuh_notifier_module.py diff --git a/README.md b/README.md deleted file mode 100644 index 3287897..0000000 --- a/README.md +++ /dev/null @@ -1,126 +0,0 @@ -# Wazuh notifier - -Wazuh notifier enables the Wazuh manager to be notified when selected events occur. - -## Contents - -The main script is a custom active response Python script: wazuh-active-response.py.
-The actual sending of the messages is done by 2 notifier Python scripts:
-**Discord notifier**: wazuh-discord-notifier.py, and **NTFY.sh notifier**: wazuh-ntfy-notifier.py
-A YAML configuration: wazuh-notifier-config.yaml, and a Python module: wazuh_notifier_lib.py - -Wazuh notifier is a stateless implementation and only notifies, using the Discord and/or NTFY.sh messaging services. - -The Wazuh notifier is triggered by configuring the **ossec.conf** and adding an **active response configuration.** - -## Installation ## - -### Step 1 ### - -Download the files from https://github.com/RudiKlein/wazuh-notifier to your server. - -### Step 2 ### - -Copy the 4 Python files to the /var/ossec/active-response/bin/ folder - -``` -$ cp /wazuh-*.py /var/ossec/active-response/bin/ -``` - -Set the correct ownership - -``` -$ chown root:wazuh /var/ossec/active-response/bin/wazuh-*.py -``` - -Set the correct permissions - -``` -$ chmod uog+rx /var/ossec/active-response/bin/wazuh-*.py -``` - -### Step 3 ### - -Copy the YAML file to /var/ossec/etc/ - -``` -$ cp /wazuh-notifier-config.yaml /var/ossec/etc/ -``` - -Set the correct ownership - -``` -$ chown root:wazuh /var/ossec/etc/wazuh-notifier-config.yaml -``` - -Set the correct permissions - -``` -$ chmod uog+r /var/ossec/etc/wazuh-notifier-config.yaml -``` - -### Step 4 ### - -Modify the ossec.conf configuration file and add the following
- -``` - - wazuh-active-response - wazuh-active-response.py - yes - -``` - -``` - - wazuh-active-response - server - - - -``` - -Add the rules you want to be informed about between the , with the rules id's seperated by comma's. -Example: 5402, 3461, 8777
-(Please refer to the Wazuh online documentation for more information [^Wazuh docs]) - -[^Wazuh docs]: https://documentation.wazuh.com/current/user-manual/capabilities/active-response/index.html - -## The Active Response module ## - -The wazuh-active-response.py acts as the interface between Wazuh and the messaging notifiers for Discord and ntfy. -It is based on the example active response Python script in the [^Wazuh docs]. - -## The Discord notifier ## - -## The ntfy.sh notifier ## - -## The YAML configuration ## - -**Enable/disable the notifiers**
- -``` -discord_enabled: 1 (0 if not set in the yaml configuration) -ntfy_enabled: 1 (0 if not set in the yaml configuration) -``` - -**Exclude rules that are enabled in the ossec.conf active response definition.**
-This prevents the need to alter the ossec.conf for temporary rule disabling and stopping/starting wazuh-manager. -Additionally, agents can also be excluded from notifications. - -``` -excluded_rules: "5401, 5402, 5403" -excluded_agents: "999" -``` - -Default settings for the ntfy notifier. This overrules the hardcoded defaults. - -``` -ntfy_server: "https://ntfy.sh/" -ntfy_sender: "Wazuh (IDS)" -ntfy_destination: "__KleinTest" -ntfy_priority: "5" -ntfy_message: "Test message" -ntfy_tags: "information, testing, yaml" -ntfy_click: "https://google.com" -``` \ No newline at end of file diff --git a/Writerside/topics/Wazuh-notifier.md b/Writerside/topics/Wazuh-notifier.md index c8789cc..59a439b 100644 --- a/Writerside/topics/Wazuh-notifier.md +++ b/Writerside/topics/Wazuh-notifier.md @@ -140,6 +140,3 @@ discord_click: "https://google.com" discord_full_message: "0" ``` -test - -![wazuh discord basic message](wazuh-discord-basic-message.png) \ No newline at end of file diff --git a/wazuh-active-response.py b/wazuh-active-response.py index cf9db3c..0a1a615 100755 --- a/wazuh-active-response.py +++ b/wazuh-active-response.py @@ -24,8 +24,8 @@ import os import sys from pathlib import PureWindowsPath, PurePosixPath -from wazuh_notifier_lib import import_config as ic -from wazuh_notifier_lib import set_env as se +from wazuh_notifier_module import import_config as ic +from wazuh_notifier_module import set_environment as se # Some variable assignments @@ -211,7 +211,6 @@ def main(argv): discord_message = construct_basic_message(argv, accent, agent_id, agent_name, event_id, event_description, event_level, event_fired_times) - if ic("discord_full_message") == "1": discord_message = discord_message + "\n" + accent + "__Full event__" + accent + event_full_message + '"' else: diff --git a/wazuh-discord-notifier.py b/wazuh-discord-notifier.py index b96b798..57758c8 100755 --- a/wazuh-discord-notifier.py +++ b/wazuh-discord-notifier.py @@ -16,22 +16,23 @@ # with their friends and communities. It allows for receiving message using webhooks. # For more information: https://discord.com. -import getopt import os -import sys from os.path import join, dirname import requests from dotenv import load_dotenv -from wazuh_notifier_lib import import_config as ic -from wazuh_notifier_lib import set_env as se -from wazuh_notifier_lib import set_time as st -from wazuh_notifier_lib import view_config as vc +from wazuh_notifier_module import get_arguments as ga +from wazuh_notifier_module import get_yaml_config as yc +from wazuh_notifier_module import set_basic_defaults as bd +from wazuh_notifier_module import set_environment as se +from wazuh_notifier_module import set_time as st +from wazuh_notifier_module import threat_priority_mapping as tpm # Get path values wazuh_path, ar_path, config_path = se() + # Get time value now_message, now_logging = st() @@ -62,11 +63,11 @@ def discord_command(n_server, n_sender, n_destination, n_priority, n_message, n_ ) n_data = {"username": n_sender, "embeds": [{"description": x_message, "title": n_destination}]} - result = requests.post(n_server, json=n_data) + requests.post(n_server, json=n_data) # Remove 1st argument from the list of command line arguments -argument_list: list = sys.argv[1:] +# argument_list: list = sys.argv[1:] # Short options options: str = "u:s:p:m:t:c:hv" @@ -74,78 +75,39 @@ options: str = "u:s:p:m:t:c:hv" # Long options long_options: list = ["server=", "sender=", "destination=", "priority=", "message=", "tags=", "click=", "help", "view"] -# Setting some basic defaults. -d_sender: str = "Security message" -d_destination: str = "WAZUH (IDS)" -d_priority: str = "5" -d_message: str = "Test message" -d_tags: str = "informational, testing, hard-code" -d_click: str = "https://google.com" +# Defining who I am +notifier = "discord" -# Use the values from the config yaml if available. Overrides the basic defaults. -server = discord_webhook -sender = d_sender if (ic("discord_sender") is None) else ic("discord_sender") -destination = d_destination if (ic("discord_destination") is None) else ic("discord_destination") -priority = d_priority if (ic("discord_priority") is None) else ic("discord_priority") -message = d_message if (ic("discord_message") is None) else ic("discord_message") -tags = d_tags if (ic("discord_tags") is None) else ic("discord_tags") -click = d_click if (ic("discord_click") is None) else ic("discord_click") +# Retrieve the hard-coded basic defaults. -help_text: str = """ - -u, --server is the webhook URL of the Discord server. It is stored in .env. - -s, --sender is the sender of the message, either an app name or a person. - The default is "Security message". - -d, --destination is the destination (actually the originator) of the message, either an app name or a person. - Default is "Wazuh (IDS)" - -p, --priority is the priority of the message, ranging from 1 (highest), to 5 (lowest). - Default is 5. - -m, --message is the text of the message to be sent. - Default is "Test message", but may include --tags and/or --click. - -t, --tags is an arbitrary strings of tags (keywords), seperated by a "," (comma). - Default is "informational, testing, hard-coded". - -c, --click is a link (URL) that can be followed by tapping/clicking inside the message. - Default is https://google.com. - -h, --help Shows this help message. - -v, --view Show yaml configuration. -""" +(d_server, d_sender, d_destination, d_priority, d_message, d_tags, d_click, d_notifier_priority_1, + d_notifier_priority_2, d_notifier_priority_3, d_notifier_priority_4, d_notifier_priority_5) = bd(notifier) + +# Use the values from the config yaml if available. Overrides the basic defaults (get_yaml_config). + +yc_args = [notifier, d_server, d_sender, d_destination, d_priority, d_message, d_tags, d_click, d_notifier_priority_1, + d_notifier_priority_2, d_notifier_priority_3, d_notifier_priority_4, d_notifier_priority_5] + +(server, sender, destination, priority, message, tags, click, notifier_priority_1, notifier_priority_2, + notifier_priority_3, notifier_priority_4, notifier_priority_5) = yc(*yc_args) # Get params during execution. Params found here, override minimal defaults and/or config settings. -try: - # Parsing argument - arguments, values = getopt.getopt(argument_list, options, long_options) - # checking each argument - for current_argument, current_value in arguments: +if ga(notifier, options, long_options) is None: + pass + # sender, destination, priority, message, tags, click = "", "", "", "", "", "" +else: + sender, destination, priority, message, tags, click = ga(notifier, options, long_options) - if current_argument in ("-h", "--help"): - print(help_text) - exit() +# Get the threat level from the message and map it to priority - elif current_argument in ("-v", "--view"): - vc() - exit() +threat_level = message[message.find('Threat level:') + 13:message.find('Threat level:') + 15].replace(" ", "") - elif current_argument in ("-s", "--sender"): - sender = current_value +# Get the mapping between threat level (event) and priority (Discord/ntfy) - elif current_argument in ("-d", "--destination"): - destination = current_value - - elif current_argument in ("-p", "--priority"): - priority = current_value - - elif current_argument in ("-m", "--message"): - message = current_value - - elif current_argument in ("-t", "--tags"): - tags = current_value - - elif current_argument in ("-c", "--click"): - click = current_value - -except getopt.error as err: - # output error, and return with an error code - print(str(err)) +# noinspection PyRedeclaration +priority = tpm(threat_level, notifier_priority_1, notifier_priority_2, notifier_priority_3, + notifier_priority_4, notifier_priority_5) # Finally, execute the POST request discord_command(discord_webhook, sender, destination, priority, message, tags, click) diff --git a/wazuh-notifier-config.yaml b/wazuh-notifier-config.yaml index 89f2f74..e9648b9 100755 --- a/wazuh-notifier-config.yaml +++ b/wazuh-notifier-config.yaml @@ -12,9 +12,17 @@ ntfy_enabled: 1 # Exclude rules that are listed in the ossec.conf active response definition. -excluded_rules: "5401, 5402, 5403" +excluded_rules: "5401, 5403" excluded_agents: "999" +# Priority mapping from 1-12 (Wazuh events) to 1-5 (Discord and ntfy notification) + +notifier_priority_1: 12, 11, 10 +notifier_priority_2: 9, 8 +notifier_priority_3: 7, 6 +notifier_priority_4: 5, 4 +notifier_priority_5: 3 ,2, 1 + # COMMON configuration settings end here. @@ -34,7 +42,7 @@ excluded_agents: "999" ntfy_server: "https://ntfy.sh/" ntfy_sender: "Wazuh (IDS)" ntfy_destination: "__KleinTest" -ntfy_priority: "5" +ntfy_priority: "3" ntfy_message: "Test message" ntfy_tags: "information, testing, yaml" ntfy_click: "https://google.com" @@ -57,10 +65,10 @@ ntfy_full_message: "0" # -h, --help shows this help message. Must have no value argument. # -v, --view show config. -discord_server: "not used. The webhook (server) is a secret stored in .env" +discord_server: "not used! The webhook (server) is a secret stored in .env" discord_sender: "Security message" discord_destination: "WAZUH (IDS)" -discord_priority: "5" +discord_priority: "3" discord_message: "Test message" discord_tags: "informational, testing, yaml" discord_click: "https://google.com" diff --git a/wazuh-ntfy-notifier.py b/wazuh-ntfy-notifier.py index f037fe8..334a825 100755 --- a/wazuh-ntfy-notifier.py +++ b/wazuh-ntfy-notifier.py @@ -16,16 +16,17 @@ # It allows you to send notifications to your phone or desktop via scripts from any computer, and/or using a REST API. # It's infinitely flexible, and 100% free software. For more information: https://ntfy.sh. -import getopt import json import sys import requests -from wazuh_notifier_lib import import_config as ic -from wazuh_notifier_lib import set_env as se -from wazuh_notifier_lib import set_time as st -from wazuh_notifier_lib import view_config as vc +from wazuh_notifier_module import get_arguments as ga +from wazuh_notifier_module import get_yaml_config as yc +from wazuh_notifier_module import set_basic_defaults as bd +from wazuh_notifier_module import set_environment as se +from wazuh_notifier_module import set_time as st +from wazuh_notifier_module import threat_priority_mapping as tpm # Get path values wazuh_path, ar_path, config_path = se() @@ -48,6 +49,7 @@ def ntfy_command(n_server, n_sender, n_destination, n_priority, n_message, n_tag # todo POST the request **** NEEDS future TRY **** requests.post(n_server + n_destination, data=x_message, headers=n_header) + # Remove 1st argument from the list of command line arguments argument_list = sys.argv[1:] @@ -57,76 +59,38 @@ options: str = "u:s:d:p:m:t:c:hv" # Long options long_options: list = ["server=", "sender=", "destination=", "priority=", "message=", "tags=", "click", "help", "view"] -# Setting some minimal defaults in case the yaml config isn't available -d_server: str = "https://ntfy.sh/" -d_sender: str = "Security message" -d_destination: str = "phil_alerts" -d_priority: str = "5" -d_message: str = "Test message" -d_tags: str = "informational, testing, hard-coded" -d_click: str = "https://google.com" +# Defining who I am +notifier = "ntfy" -# Use the values from the config yaml if available. Overrides the minimal defaults. -server = d_server if (ic("ntfy_server") is None) else ic("ntfy_server") -sender = d_sender if (ic("ntfy_sender") is None) else ic("ntfy_sender") -destination = d_destination if (ic("ntfy_destination") is None) else ic("ntfy_destination") -priority = d_priority if (ic("ntfy_priority") is None) else ic("ntfy_priority") -message = d_message if (ic("ntfy_message") is None) else ic("ntfy_message") -tags = d_tags if (ic("ntfy_tags") is None) else ic("ntfy_tags") -click = d_click if (ic("ntfy_click") is None) else ic("ntfy_click") +# Retrieve the hard-coded basic defaults. +(d_server, d_sender, d_destination, d_priority, d_message, d_tags, d_click, d_notifier_priority_1, + d_notifier_priority_2, d_notifier_priority_3, d_notifier_priority_4, d_notifier_priority_5) = bd(notifier) -help_text: str = """ - -u, --server is the URL of the NTFY server, ending with a "/". Default is https://ntfy.sh/. - -s, --sender is the sender of the message, either an app name or a person. Default is "Wazuh (IDS)". - -d, --destination is the NTFY subscription, to send the message to. Default is none. - -p, --priority is the priority of the message, ranging from 1 (highest), to 5 (lowest). Default is 5. - -m, --message is the text of the message to be sent. Default is "Test message". - -t, --tags is an arbitrary strings of tags (keywords), seperated by a "," (comma). Default is "informational, testing, hard-coded". - -c, --click is a link (URL) that can be followed by tapping/clicking inside the message. Default is https://google.com. - -h, --help shows this help message. Must have no value argument. - -v, --view show config. -""" +# Use the values from the config yaml if available. Overrides the basic defaults. +yc_args = [notifier, d_server, d_sender, d_destination, d_priority, d_message, d_tags, d_click, d_notifier_priority_1, + d_notifier_priority_2, d_notifier_priority_3, d_notifier_priority_4, d_notifier_priority_5] + +(server, sender, destination, priority, message, tags, click, notifier_priority_1, notifier_priority_2, + notifier_priority_3, notifier_priority_4, notifier_priority_5) = yc(*yc_args) # Get params during execution. Params found here, override minimal defaults and/or config settings. -try: - # Parsing argument - arguments, values = getopt.getopt(argument_list, options, long_options) - # Checking each argument - for current_argument, current_value in arguments: +if ga(notifier, options, long_options) is None: + pass + # sender, destination, priority, message, tags, click = "", "", "", "", "", "" +else: + sender, destination, priority, message, tags, click = ga(notifier, options, long_options) - if current_argument in ("-h", "--help"): - print(help_text) - exit() +# Get the threat level from the message and map it to priority - elif current_argument in ("-v", "--view"): - vc() - exit() +threat_level = message[message.find('Threat level:') + 13:message.find('Threat level:') + 15].replace(" ", "") - elif current_argument in ("-u", "--server"): - server = current_value +# Get the mapping between threat level (event) and priority (Discord/ntfy) - elif current_argument in ("-s", "--sender"): - sender = current_value +# noinspection PyRedeclaration +priority = tpm(threat_level, notifier_priority_1, notifier_priority_2, notifier_priority_3, + notifier_priority_4, notifier_priority_5) - elif current_argument in ("-d", "--destination"): - destination = current_value - - elif current_argument in ("-p", "--priority"): - priority = current_value - - elif current_argument in ("-m", "--message"): - message = current_value - - elif current_argument in ("-t", "--tags"): - tags = current_value - - elif current_argument in ("-c", "--click"): - click = current_value - -except getopt.error as err: - # output error, and return with an error code - print(str(err)) # Finally, execute the POST request ntfy_command(server, sender, destination, priority, message, tags, click) diff --git a/wazuh_notifier_lib.py b/wazuh_notifier_lib.py deleted file mode 100755 index 127dd88..0000000 --- a/wazuh_notifier_lib.py +++ /dev/null @@ -1,69 +0,0 @@ -import os -import time - -import yaml - - -# Set structured timestamp for logging and discord/ntfy message. - - -def set_time(): - now_message = time.strftime('%a, %d %b %Y %H:%M:%S') - now_logging = time.strftime('%Y/%m/%d %H:%M:%S') - return now_message, now_logging - - -# Define paths: wazuh_path = wazuh root directory -# ar_path = active-responses.log path, -# config_path = wazuh-notifier-config.yaml - -def set_env(): - - wazuh_path = os.path.abspath(os.path.join(__file__, "../../..")) - ar_path = '{0}/logs/active-responses.log'.format(wazuh_path) - config_path = '{0}/etc/wazuh-notifier-config.yaml'.format(wazuh_path) - - return wazuh_path, ar_path, config_path - - -# Import configuration settings from wazuh-notifier-config.yaml - - -def import_config(key): - try: - _, _, config_path = set_env() - - with open(config_path, 'r') as ntfier_config: - config: dict = yaml.safe_load(ntfier_config) - value: str = config.get(key) - return value - except (FileNotFoundError, PermissionError, OSError): - return None - - -# Show configuration settings from wazuh-notifier-config.yaml - - -def view_config(): - - _, _, config_path = set_env() - - try: - with open(config_path, 'r') as ntfier_config: - print(ntfier_config.read()) - except (FileNotFoundError, PermissionError, OSError): - print(config_path + " does not exist or is not accessible") - return - - -# Logging the Wazuh active Response request - - -def ar_log(): - now = set_time() - _, ar_path, _ = set_env() - msg = '{0} {1} {2}'.format(now, os.path.realpath(__file__), 'Post JSON Alert') - f = open(ar_path, 'a') - f.write(msg + '\n') - f.close() - diff --git a/wazuh_notifier_module.py b/wazuh_notifier_module.py new file mode 100755 index 0000000..bb00b12 --- /dev/null +++ b/wazuh_notifier_module.py @@ -0,0 +1,254 @@ +import getopt +import os +import sys +import time + +import yaml + + +# Set structured timestamp for logging and discord/ntfy message. + + +def set_time(): + now_message = time.strftime('%a, %d %b %Y %H:%M:%S') + now_logging = time.strftime('%Y/%m/%d %H:%M:%S') + return now_message, now_logging + + +# Define paths: wazuh_path = wazuh root directory +# ar_path = active-responses.log path, +# config_path = wazuh-notifier-config.yaml + +def set_environment(): + # todo fix reference when running manually/in process + + wazuh_path = "/var/ossec" + # wazuh_path = os.path.abspath(os.path.join(__file__, "../../..")) + ar_path = '{0}/logs/active-responses.log'.format(wazuh_path) + config_path = '{0}/etc/wazuh-notifier-config.yaml'.format(wazuh_path) + + return wazuh_path, ar_path, config_path + + +# Import configuration settings from wazuh-notifier-config.yaml + + +def import_config(key): + try: + _, _, config_path = set_environment() + + with open(config_path, 'r') as ntfier_config: + config: dict = yaml.safe_load(ntfier_config) + value: str = config.get(key) + return value + except (FileNotFoundError, PermissionError, OSError): + return None + + +# Show configuration settings from wazuh-notifier-config.yaml + + +def view_config(): + _, _, config_path = set_environment() + + try: + with open(config_path, 'r') as ntfier_config: + print(ntfier_config.read()) + except (FileNotFoundError, PermissionError, OSError): + print(config_path + " does not exist or is not accessible") + return + + +# Logging the Wazuh active Response request + + +def ar_log(): + now = set_time() + _, ar_path, _ = set_environment() + msg = '{0} {1} {2}'.format(now, os.path.realpath(__file__), 'Post JSON Alert') + f = open(ar_path, 'a') + f.write(msg + '\n') + f.close() + + +def threat_priority_mapping(threat_level, np_1, np_2, np_3, np_4, np_5): + # Map threat level v/s priority + + if threat_level in np_1: + priority_mapping = "1" + elif threat_level in np_2: + priority_mapping = "2" + elif threat_level in np_3: + priority_mapping = "3" + elif threat_level in np_4: + priority_mapping = "4" + elif threat_level in np_5: + priority_mapping = "5" + else: + priority_mapping = "3" + + return priority_mapping + + +def set_basic_defaults(notifier): + # Setting some minimal defaults in case the yaml config isn't available + notifier: str = notifier.lower() + + sender: str = "Security message" + destination: str = "Test" + priority: str = "1" + message: str = "Test message" + tags: str = "informational, testing, hard-coded" + click: str = "https://google.com" + + if notifier == "ntfy": + # NTFY defaults. + server: str = "https://ntfy.sh/" + + elif notifier == "discord": + + # Discord defaults. + server: str = "" + + else: + server: str = "Unknown notifier specified. Must be ntfy or discord." + + # Mapping event threat level to 5 value priority level. + + np_5 = "12, 11, 10" + np_4 = "9, 8" + np_3 = "7, 6" + np_2 = "5, 4" + np_1 = "3, 2, 1" + + return (server, sender, destination, priority, message, tags, click, + np_1, np_2, np_3, np_4, np_5) + + +def get_yaml_config(notifier: str, y_server: str, y_sender: str, y_destination: str, y_priority: str, y_message: str, + y_tags: str, y_click: str, y_np_1: str, y_np_2: str, y_np_3: str, y_np_4: str, y_np_5: str): + notifier: str = notifier.lower() + server = y_server if (import_config(notifier + "_server") is None) else import_config(notifier + "_server") + sender = y_sender if (import_config(notifier + "_sender") is None) else import_config(notifier + "_sender") + destination = y_destination if (import_config(notifier + "_destination") is None) else \ + import_config(notifier + "_destination") + priority = y_priority if (import_config(notifier + "_priority") is None) else import_config(notifier + "_priority") + message = y_message if (import_config(notifier + "_message") is None) else import_config(notifier + "_message") + tags = y_tags if (import_config(notifier + "_tags") is None) else import_config(notifier + "_tags") + click = y_click if (import_config(notifier + "_click") is None) else import_config(notifier + "_click") + + np_1 = y_np_1 if (import_config("np1") is None) else import_config("np1") + np_2 = y_np_2 if (import_config("np2") is None) else import_config("np2") + np_3 = y_np_3 if (import_config("np3") is None) else import_config("np3") + np_4 = y_np_4 if (import_config("np4") is None) else import_config("np4") + np_5 = y_np_5 if (import_config("np5") is None) else import_config("np5") + + return (server, sender, destination, priority, message, tags, click, + np_1, np_2, np_3, np_4, np_5) + + +def call_for_help(notifier): + notifier: str = notifier.lower() + + if notifier == "ntfy": + # NTFY help. + + help_text: str = """ + -u, --server is the URL of the NTFY server, ending with a "/". + Default is https://ntfy.sh/. + -s, --sender is the sender of the message, either an app name or a person. + Default is "Wazuh (IDS)". + -d, --destination is the NTFY subscription, to send the message to. + Default is none. + -p, --priority is the priority of the message, ranging from 1 (lowest), to 5 (highest). + Default is 5. + -m, --message is the text of the message to be sent. + Default is "Test message". + -t, --tags is an arbitrary strings of tags (keywords), seperated by a "," (comma). + Default is "informational, testing, hard-coded". + -c, --click is a link (URL) that can be followed by tapping/clicking inside the message. + Default is https://google.com. + -h, --help shows this help message. Must have no value argument. + -v, --view show config. + """ + + elif notifier == "discord": + + # Discord help. + + help_text: str = """ + -u, --server is the webhook URL of the Discord server. It is stored in .env. + -s, --sender is the sender of the message, either an app name or a person. + The default is "Security message". + -d, --destination is the destination (actually the originator) of the message, either an app name or a person. + Default is "Wazuh (IDS)" + -p, --priority is the priority of the message, ranging from 1 (highest), to 5 (lowest). + Default is 5. + -m, --message is the text of the message to be sent. + Default is "Test message", but may include --tags and/or --click. + -t, --tags is an arbitrary strings of tags (keywords), seperated by a "," (comma). + Default is "informational, testing, hard-coded". + -c, --click is a link (URL) that can be followed by tapping/clicking inside the message. + Default is https://google.com. + -h, --help Shows this help message. + -v, --view Show yaml configuration. + """ + else: + help_text: str = """ + No help available. Assuming the wrong notifier asked for help. + """ + + return help_text + + +def get_arguments(notifier, options, long_options): + # Get params during execution. Params found here, override minimal defaults and/or config settings. + + help_text = call_for_help(notifier) + + sender, destination, message, priority, tags, click = "", "", "", "", "", "" + notifier: str = notifier.lower() + + if notifier == "discord": + + pass + else: + argument_list: list = sys.argv[1:] + try: + # Parsing argument + arguments, values = getopt.getopt(argument_list, options, long_options) + + # checking each argument + for current_argument, current_value in arguments: + + if current_argument in ("-h", "--help"): + print(help_text) + exit() + + elif current_argument in ("-v", "--view"): + view_config() + exit() + + elif current_argument in ("-s", "--sender"): + sender = current_value + + elif current_argument in ("-d", "--destination"): + destination = current_value + + elif current_argument in ("-p", "--priority"): + priority = current_value + + elif current_argument in ("-m", "--message"): + message = current_value + + elif current_argument in ("-t", "--tags"): + tags = current_value + + elif current_argument in ("-c", "--click"): + click = current_value + + except getopt.error as err: + # output error, and return with an error code + print(str(err)) + + return sender, destination, priority, tags, click