404

[ Avaa Bypassed ]

Upload:

Command:

elspacio@18.226.172.234: ~ $ 
3

��n`�h�@s�ddlmZdddddddgZdd	lZdd
lmZmZdd	lZdd	lZdd	l	Z	dd	l
Z
dd	lZddlTdd	l
Z
ddlmZdd
lmZddlTddlTddlTddlTddlTddlTddlTddlmZdd�ZGdd�de�ZGdd�de�ZGdd�de�ZGdd�dee
j �Z!Gdd�de�Z"Gdd�de�Z#Gdd�de�Z$Gdd�de%e&e'ej�Z(ej)e(�Gdd�dej�Z*ej)e*�d	S)�)�print_function�
AnalyzeThread�Analyze�PluginReportReceiver�TestPluginReportReceiver�SETroubleshootDatabase�SETroubleshootDatabaseLocal�LogfileAnalyzerN)�GObject�GLib)�*)�
cmp_to_key)�
get_config)�validate_database_doccCs||k||kS)N�)�x�yrr�/usr/lib/python3.6/analyze.py�<lambda>4src@s<eZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
S)�PluginStatisticscCs0|j|_d|_d|_d|_d|_d|_d|_dS)N)�analysis_id�name�analyze_start_time�analyze_end_time�analyze_elapsed_time�report_start_time�report_end_time�report_elapsed_time)�self�pluginrrr�__init__=szPluginStatistics.__init__cCsRt|j�}|jdkr"d|j|fSt|j|j�}t|j�}d|j|||fSdS)Nz%s: %s elapsedz5%s: %s elapsed, %s analyze elapsed, %s report elapsed)�format_elapsed_timerrrrr)rrZtotal_elapsed_timerrrr�__str__Fs


zPluginStatistics.__str__cCstj�|_dS)N)�timer)rrrr�
analyze_startRszPluginStatistics.analyze_startcCstj�|_|j|j|_dS)N)r#rrr)rrrr�analyze_endUs
zPluginStatistics.analyze_endcCstj�|_dS)N)r#r)rrrr�report_startYszPluginStatistics.report_startcCstj�|_|j|j|_dS)N)r#rrr)rrrr�
report_end\s
zPluginStatistics.report_endN)	�__name__�
__module__�__qualname__r r"r$r%r&r'rrrrr;s	rc@s<eZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
S)�AnalyzeStatisticscCs(||_d|_g|_d|_d|_d|_dS)N)�num_plugins�
cur_plugin�called_plugins�
start_time�end_time�elapsed_time)rr,rrrr eszAnalyzeStatistics.__init__cCsPd}d}t|j�}|jdk	r8t|j�}|r8t|j|�}d||j|||j�fS)NzB%d/%d plugins in %s elapsed, avg plugin %s elapsed, plugins=[
%s
])�lenr.r1r!r,�called_plugins_to_string)rr1Zavg_plugin_timeZn_calledrrrr"ms



zAnalyzeStatistics.__str__cCsdjdd�|jD��S)N�
cSsg|]}t|��qSr)�str)�.0rrrr�
<listcomp>{sz>AnalyzeStatistics.called_plugins_to_string.<locals>.<listcomp>)�joinr.)rrrrr3zsz*AnalyzeStatistics.called_plugins_to_stringcCstj�|_dS)N)r#r/)rrrr�start}szAnalyzeStatistics.startcCstj�|_|j|j|_dS)N)r#r0r/r1)rrrr�end�s
zAnalyzeStatistics.endcCs&t|�|_|jj|j�|jj�dS)N)rr-r.�appendr$)rrrrr�
new_plugin�s
zAnalyzeStatistics.new_pluginN)	r(r)r*r r"r3r9r:r<rrrrr+cs
r+c@s.eZdZdd�Zdd�Zdd�Zddd	�Zd
S)rcCst�|_tdt|j��dS)NzNumber of Plugins = %d)Zload_plugins�plugins�	log_debugr2)rrrrr �szAnalyze.__init__cCst�}|r|j�|S)N)Z
SEEnvironment�update)r�query_environment�environmentrrr�get_environment�szAnalyze.get_environmentcCs$t|j|j|j|j|j|jd�}|S)N)�host�access�scontext�tcontext�tclass�tpath)ZSEFaultSignaturerCrDrErFrGrH)r�avcrA�sigrrr�
get_signature�s
zAnalyze.get_signatureTcCs�td|�|j�|j|j�}ddlm}|jjdk	rD|jjj�t	|j|j
|j|j|j
|j|j|j|j|j|j|j||�||jjt|jj�|j�dd�}�x |jD�]}y�|j|�}|dk	�rD|jdkr�td�dS|jdk	o�|jdk�r|jdk�s|jd	k�r|j|_t|t��r8x(|D]}	|jj|	��q Wn|jj|�Wq�tk
�r�}
zVt |
t!j"d
�t#j#t#j$d|j%�t!j&�\}}}
tdj't(j)|
���|jj*|�WYdd}
~
Xq�Xq�W|j+|�dS)
Nzanalyze_avc() avc=%sr)�TemplateZyellow)�audit_event�source�spathrHZsrc_rpm_listZtgt_rpm_listrErFrG�portrCrJrA�line_numbers�last_seen_date�local_id�levelZwhitez!plugin level white, not reportingZredZgreen)�filezPlugin Exception %s r4),r>r?rBr@�stringrLrMrQ�sortZSEFaultSignatureInforNrOrHZsrc_rpmsZtgt_rpmsrErFrGrPrCrK�	TimeStampZ	timestamp�generate_idr=�analyzerT�
isinstance�listZplugin_listr;�	Exception�print�sys�stderr�syslog�LOG_ERRr�exc_infor8�	traceback�	format_tb�remove�report_problem)rrI�report_receiverr@rArL�siginforZreport�r�eZv1Zv2Zv3rrr�analyze_avc�sZ





"zAnalyze.analyze_avcN)T)r(r)r*r rBrKrlrrrrr�s
c@seZdZddd�Zdd�ZdS)r�
cCs&tjj|�tj|�||_||_dS)N)�	threading�Threadr r�queue�timeout)rrprqrrrr �s
zAnalyzeThread.__init__cCs�x�y6|jj�\}}tjtjd�tjd�|j||�Wnftk
rl}ztjtjd|�WYdd}~Xn4t	k
r�}ztjtjd|�WYdd}~XnXtjtjdj
|j��tj|j�qWdS)Nz)AnalyzeThread.run(): Cancel pending alarmrz!Exception during AVC analysis: %sz,AnalyzeThread.run(): Set alarm timeout to {})rp�getraZ	LOG_DEBUG�signal�alarmrlr]rb�
ValueError�formatrq)rrIrhrkrrr�run�s
"$zAnalyzeThread.runN)rm)r(r)r*r rwrrrrr�s
c@s$eZdZdd�Zdd�Zdd�ZdS)rcCs
||_dS)N)�database)rrxrrrr szPluginReportReceiver.__init__cCs�y0|jj|j�}|j|�|jj|�td�WnLtk
r|}z0|jtkrjtd�|j	|_
|jj|�}n�WYdd}~XnX|S)Nzsignature found in databaseznot in database yet)rx�lookup_signaturerJZupdate_merge�modify_siginfor>�ProgramError�errno�ERR_NO_SIGNATURE_MATCHrR�first_seen_date�add_siginfo)rriZdatabase_siginforkrrrrgs

z#PluginReportReceiver.report_problemcCs|jjj�S)N)rx�sigsZgenerate_local_id)rrrrrYsz PluginReportReceiver.generate_idN)r(r)r*r rgrYrrrrr�scs$eZdZ�fdd�Zdd�Z�ZS)rcstt|�j|�dS)N)�superrr )rrx)�	__class__rrr sz!TestPluginReportReceiver.__init__cCstd|jj�dS)NzAnalysis Result: %s)r^rJr)rrirrrrgsz'TestPluginReportReceiver.report_problem)r(r)r*r rg�
__classcell__rr)r�rrsc@s�eZdZd2dd�Zdd�Zdd�Zdd	�Zd
d�Zd3d
d�Zd4dd�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd �Zd!d"�Zd5d#d$�Zd%d&�Zd'd(�Zd)d*�Zd6d,d-�Zd.d/�Zd0d1�ZdS)7rNcCs�||_d|_t|||j�|_tj�|_d|_d|_d|_	d|_
d|_tddt
�|_d|_tdd�}|dk	r�|j�}|r�t|�|_td|jj|jj|jjf�|j�dS)	NFr���rx�
max_alerts�
max_alert_agez<created new database: name=%s, friendly_name=%s, filepath=%s)�filepath�notifyZSEDatabaseProperties�
propertiesrnZLock�lock�file_exists�modified_count�auto_save_interval�auto_save_threshold�auto_save_timerr�intr�r��stripZparse_datetime_offsetr>r�
friendly_name�load)rr�rr�r�rrrr $s$


zSETroubleshootDatabase.__init__cCs�|jp
|jsdS|jjjtdd��d�|j�rt�}||j8}d}x$|jjD]}|j|kr^P|d7}qNW|dk�rtd|j|j	�f�td|jjdjj	�|jj|djj	�f�td	|jj|jj	�|jjdjj	�f�d
d�|jjd|�D�}x|D]}|j
|dd
��qW|j�r�t|jj�|j}|dk�r�dd�|jjd|�D�}td|t|�|f�x|D]}|j
|dd
��qxWdS)NFcSst|j|j�S)N)�cmprR)�a�brrrr?sz.SETroubleshootDatabase.prune.<locals>.<lambda>)�keyr�z5prune by age: max_alert_age=%s min_time_to_survive=%szprune by age: pruning [%s - %s]zprune by age: keeping [%s - %s]cSsg|]
}|j�qSr)rJ)r6rirrrr7Osz0SETroubleshootDatabase.prune.<locals>.<listcomp>T)�prunecSsg|]
}|j�qSr)rJ)r6rirrrr7Vsz*prune first %d alerts, len(sigs=%d sigs=%s���)r�r�r��signature_listrWr
rXrRr>rv�delete_signaturer2)rZmin_time_to_surviveZkeeprir�rJrrrr�:s2


0,


zSETroubleshootDatabase.prunecCs
||_dS)N)r�)rr�rrr�
set_notify[sz!SETroubleshootDatabase.set_notifycCs6x0|jjD]$}|j|jkr
|j}|j|_||_q
WdS)N)r�r�rRr~)rriZtmprrr�validate^s
zSETroubleshootDatabase.validatecCsht�|_|jdkrdStjj|j�rTtj|j�}|tdkrT|jj|jdt	�rTd|_
|j�|j�dS)Nrr�T)
�SEFaultSignatureSetr�r��os�path�exists�stat�ST_SIZEZ
read_xml_filerr�r�r�)r�	stat_inforrrr�fs
zSETroubleshootDatabase.loadFcCsj|jdkrdStd|j|jf�|s.|j�|jjd|j�d|_d|_|jdk	rftj	|j�d|_dS)Nz'writing database (%s) modified_count=%sr�Tr)
r�r>r�r�r�Z	write_xmlr�r�rZ
source_remove)rr�rrr�saveus

zSETroubleshootDatabase.savecCs`|jd7_|jdkrdS|j|jks0|jr<|j|�n |jdkr\tj|jd|j	�|_dS)Nr�i�)
r�r�r�r�r�r�rZtimeout_addr��auto_save_callback)rr�rrr�
mark_modified�s

z$SETroubleshootDatabase.mark_modifiedcCs td|j|jf�|j�dS)Nz)auto_save database (%s) modified_count=%sF)r>r�r�r�)rrrrr��sz)SETroubleshootDatabase.auto_save_callbackcCs:|jdkrdStjj|j�r6td|j�tj|j�dS)Nzdeleting database (%s))r�r�r�r�r>rf)rrrrrf�s

zSETroubleshootDatabase.removecCs|jj�dS)N)r��acquire)rrrrr��szSETroubleshootDatabase.acquirecCs|jj�dS)N)r��release)rrrrr��szSETroubleshootDatabase.releasecCs�d}|jj|�}tdt|�djdd�|D��f�t|�dkrHtt��t|�dkrxtdt|�djdd�|D��f�|dj}|S)Nz1lookup_signature: found %d matches with scores %s�,cSsg|]}d|j�qS)z%.2f)�score)r6rrrrr7�sz;SETroubleshootDatabase.lookup_signature.<locals>.<listcomp>rr�cSsg|]}d|j�qS)z%.2f)r�)r6rrrrr7�s)r�Zmatch_signaturesr>r2r8r{r}ri)rrJriZmatchesrrrry�s$$
z'SETroubleshootDatabase.lookup_signaturecCs2|jj|�}|dkr.td|�ttd|��|S)Nzlookup_local_id: %s not foundzid (%s) not found)r��lookup_local_idr>r{ZERR_SIGNATURE_ID_NOT_FOUND)rrSrirrrr��s
z&SETroubleshootDatabase.lookup_local_idcCs.|jj|�}|jr"|jjd|j�|j�|S)N�add)r�rr��signatures_updatedrSr�)rrirrrr�s
z"SETroubleshootDatabase.add_siginfocCs|jS)N)r�)rrrr�get_properties�sz%SETroubleshootDatabase.get_propertiescCs8td|�|dkr|jSt�}|j|�}|j|�|S)Nzquery_alerts: criteria=%sr)r>r�r�r�r)rZcriteriar�rirrr�query_alerts�s

z#SETroubleshootDatabase.query_alertscCs�td|�y|j|�}Wn:tk
rT}z|jtkrBtd�dS�WYdd}~XnX|jj|�|jrx|jjd|j	�|j
|�dS)Nzdelete_signature: sig=%szSignature not found!�delete)r>ryr{r|r}r�Zremove_siginfor�r�rSr�)rrJr�rirkrrrr��s
z'SETroubleshootDatabase.delete_signaturecCs"|jr|jjd|j�|j�dS)NZmodify)r�r�rSr�)rrirrrrz�sz%SETroubleshootDatabase.modify_siginfocCshtd||f�y|j|�}Wn:tk
rX}z|jtkrFtd�dS�WYdd}~XnX|j|�}|S)Nz)evaluate_alert_filter: username=%s sig=%szSignature not found!�ignore)r>ryr{r|r}Zevaluate_filter_for_user)rrJ�usernamerirk�actionrrr�evaluate_alert_filter�s

z,SETroubleshootDatabase.evaluate_alert_filtercCs�td||||f�y|j|�}Wn:tk
r\}z|jtkrJtd�dS�WYdd}~XnX|j|�}|j||�|j|�dS)Nz2set_user_data: username=%s item=%s data=%s sig=
%szSignature not found!)r>ryr{r|r}Z
get_user_dataZupdate_itemrz)rrJr��item�datarirkZ	user_datarrr�
set_user_data�s

z$SETroubleshootDatabase.set_user_data�cCsxtd|||f�y|j|�}Wn:tk
rZ}z|jtkrHtd�dS�WYdd}~XnX|j|||�|j|�dS)Nz.set_filter: username=%s filter_type=%s sig=
%szSignature not found!)r>ryr{r|r}Zupdate_user_filterrz)rrJr�Zfilter_typer�rirkrrr�
set_filters
z!SETroubleshootDatabase.set_filtercCs|jjj|�|_|j�dS)N)r��users�add_user�userr�)rr�rrrr�szSETroubleshootDatabase.add_usercCs|jjj|�S)N)r�r��get_user)rr�rrrr�szSETroubleshootDatabase.get_user)N)F)F)F)r�)r(r)r*r r�r�r�r�r�r�r�rfr�r�ryr�rr�r�r�rzr�r�r�r�r�rrrrr"s.
!



c@s^eZdZejjdejejffejjdejejejffd�Z	dd�Z
dd�Zdd�Zd	d
�Z
dS)rN)r�zasync-errorcCs,tjj|�tj|�||_|jj|�dS)N)r
r �	RpcManagerxr�)rrxrrrr %s
z$SETroubleshootDatabaseLocal.__init__cCs|jj|�dS)N)rxr�)rr�rrrr�+sz&SETroubleshootDatabaseLocal.set_notifycGs�td|jj|jdjdd�|D��|f�|j|}t|j|jd�}|dkrdtt	d|j|jjf��y(||�|_
d|_|j
dk	r�|j
g|_
Wn6tk
r�}z|j|j
g|_
d|_WYdd}~XnX|j
dk	r�tj|j|�dS)Nz%s emit %s(%s) id=%sr�cSsg|]}t|��qSr)r5)r6�argrrrr7/sz8SETroubleshootDatabaseLocal.emit_rpc.<locals>.<listcomp>z'method %s not found in base class of %sZ
method_returnZerror_return)r>r�r(�methodr8Zasync_rpc_cache�getattrrxr{ZERR_METHOD_NOT_FOUNDZreturn_argsZreturn_typer|�strerrorr
�idle_addZprocess_async_return)rZrpc_id�typeZrpc_def�argsZ	async_rpc�funcrkrrr�emit_rpc.s *



z$SETroubleshootDatabaseLocal.emit_rpccCs"td||f�|jd||�dS)Nz4signatures_updated() database local: type=%s item=%sr�)r>�emit)rr�r�rrrr�Asz.SETroubleshootDatabaseLocal.signatures_updated)r(r)r*r
�SignalFlags�RUN_LAST�
TYPE_PYOBJECTZTYPE_STRINGZTYPE_INT�__gsignals__r r�r�r�rrrrrsc@sneZdZejjdejffejjdejffd�Zddd�Z	ddd�Z
dd�Zd	d
�Zdd�Z
d
d�Zdd�ZdS)r	N)�progressz
state-changedcCsftjj|�td|jj|f�||_d|_d|_d|_d|_	d|_
d|_d|_d|_
d|_d|_dS)Nz%s.__init__(%s)�)r
r r>r�r(�logfile_pathrU�fileno�	read_size�
record_reader�record_receiver�analyzerrh�idle_proc_idr|r�)rr�rrrr RszLogfileAnalyzer.__init__cCsT|dk	r||_td|jj|jf�y2tj|j�}|t|_t|j�|_	|j	j
�|_
WnRtk
r�}z6tjtj
d|jj|jf�|j|_|j|_|�WYdd}~XnXd|_d|_d|_d|_d|_|jd|j�tjj|j�}dtjj|�d|_td||jd�|_ttj�|_t�|_ t!�|_"t#d	d
t$��sDt%|j�|_&nt'|j�|_&dS)Nz%s.open(%s)z
%s.open(): %srgFr�zfile: %s)r�ZtestrZT)(r�r>r�r(r�r�r��	file_size�openrUr��EnvironmentErrorrarbr�r|�n_bytes_readZ
line_count�record_countr��	cancelledr�r��basename�splitextr�rrxZAuditRecordReaderZTEXT_FORMATr�ZAuditRecordReceiverr�rr�r�boolrrhr)rr�r�rkZlogfile_basenamerrrr�fs:
zLogfileAnalyzer.opencs6td|jj|jf�|j��tj�fdd��|_dS)Nz
%s.run(%s)cst��S)N)�nextr)�task_generatorrrr�sz%LogfileAnalyzer.run.<locals>.<lambda>T)r>r�r(rU�taskrr�r�)rr)r�rrw�szLogfileAnalyzer.runcCs�|jdk	r&tj|j|j�}d|_d|_|j|jkrdddl}d|j|j|jf}t	|�|j
|_||_|jdk	r�x|jj
�D]}|j|�qzW|js�|jdd�dS)NrzFfailed to read complete file, %d bytes read out of total %d bytes (%s)r�g�?)rUr��readr�r�r�r�r|r�r>ZEIOr�r��close�avc_event_handlerr�r�)r�new_dataZErrnor�rMrrrr��s 

zLogfileAnalyzer.closeccsx|jdd��xR|j�r`y8tj|j|j�jd�}|dkrNtd|j�|j�Wn|t	k
r�}z0|j
|_
|j|_|j�|jdd�dVWYdd}~Xn2tk
r�}zt
d|tjd	�WYdd}~XnX|jt|�7_|jd
k�rt|j�t|j�|_|jd|j�xF|jj|�D]6\}}}}}|j|||||�dV|j�rdV�qWdVqW|jdd�dVdS)
Nz
state-changedZrunningzutf-8r�z	EOF on %sZstoppedFr4)rUrr�T)r�r�r�r�r��decoder>r�r�r�r|r�rur^r_r`r�r2r��floatr�r��feed�new_audit_record_handlerr�)rr�rk�record_type�event_id�	body_text�fields�line_numberrrrr��s6"
zLogfileAnalyzer.taskcCsHtd|�|j�rD|j�rD|j�dkrDt|�}|jj||jd�dS)Nz"avc_event_handler() audit_event=%srF)r>Zis_avcZ
is_grantedZnum_recordsZAVCr�rlrh)rrMrIrrrr��sz!LogfileAnalyzer.avc_event_handlerc	Cs�td|||f�|jd7_t|||||�}xT|jj|�D]D}y|j|�Wq>tk
r�}zt|tj	d�WYdd}~Xq>Xq>WdS)z"called to enter a new audit recordzBnew_audit_record_handler() record_type=%s event_id=%s body_text=%sr�)rUN)
r>r�ZAuditRecordr�r�r�rur^r_r`)	rr�r�r�r�r�Zaudit_recordrMrkrrrr��sz(LogfileAnalyzer.new_audit_record_handler)N)N)r(r)r*r
r�r�Z
TYPE_FLOATr�r�r r�rwr�r�r�r�rrrrr	Js

$)+Z
__future__r�__all__raZ
gi.repositoryr
rr�rsr#rnrdr�r_�	functoolsr
Zsetroubleshoot.configrZsetroubleshoot.avc_auditZsetroubleshoot.errcodeZsetroubleshoot.rpcZsetroubleshoot.rpc_interfacesZsetroubleshoot.signatureZsetroubleshoot.utilZsetroubleshoot.audit_dataZsetroubleshoot.xml_serializerr��objectrr+rrorrrrr�ZSETroubleshootDatabaseInterfaceZ%SETroubleshootDatabaseNotifyInterfacerZ
type_registerr	rrrr�<module>sV()Wx)


Filemanager

DIR : / lib/ python3.6/ site-packages/ setroubleshoot/ __pycache__/
Name Type Size Permission Actions
Plugin.cpython-36.opt-1.pyc File 5.11 KB 0644
Plugin.cpython-36.pyc File 5.11 KB 0644
__init__.cpython-36.opt-1.pyc File 113 B 0644
__init__.cpython-36.pyc File 113 B 0644
access_control.cpython-36.opt-1.pyc File 3.89 KB 0644
access_control.cpython-36.pyc File 3.89 KB 0644
analyze.cpython-36.opt-1.pyc File 22.17 KB 0644
analyze.cpython-36.pyc File 22.17 KB 0644
audit_data.cpython-36.opt-1.pyc File 27.42 KB 0644
audit_data.cpython-36.pyc File 27.42 KB 0644
avc_audit.cpython-36.opt-1.pyc File 12.36 KB 0644
avc_audit.cpython-36.pyc File 12.36 KB 0644
config.cpython-36.opt-1.pyc File 11.49 KB 0644
config.cpython-36.pyc File 11.49 KB 0644
email_alert.cpython-36.opt-1.pyc File 1.77 KB 0644
email_alert.cpython-36.pyc File 1.77 KB 0644
errcode.cpython-36.opt-1.pyc File 2.63 KB 0644
errcode.cpython-36.pyc File 2.63 KB 0644
html_util.cpython-36.opt-1.pyc File 5.25 KB 0644
html_util.cpython-36.pyc File 5.25 KB 0644
rpc.cpython-36.opt-1.pyc File 28.32 KB 0644
rpc.cpython-36.pyc File 28.32 KB 0644
rpc_interfaces.cpython-36.opt-1.pyc File 4.75 KB 0644
rpc_interfaces.cpython-36.pyc File 4.75 KB 0644
server.cpython-36.opt-1.pyc File 25.04 KB 0644
server.cpython-36.pyc File 25.04 KB 0644
serverconnection.cpython-36.opt-1.pyc File 5.24 KB 0644
serverconnection.cpython-36.pyc File 5.24 KB 0644
signature.cpython-36.opt-1.pyc File 28.08 KB 0644
signature.cpython-36.pyc File 28.08 KB 0644
util.cpython-36.opt-1.pyc File 25.73 KB 0644
util.cpython-36.pyc File 25.73 KB 0644
uuid.cpython-36.opt-1.pyc File 16.13 KB 0644
uuid.cpython-36.pyc File 16.13 KB 0644
xml_serialize.cpython-36.opt-1.pyc File 9.89 KB 0644
xml_serialize.cpython-36.pyc File 9.89 KB 0644