-
Notifications
You must be signed in to change notification settings - Fork 0
/
services_facts.py
269 lines (233 loc) · 11 KB
/
services_facts.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
#!/usr/bin/python
import os, re, platform, json
from parse import compile
import StringIO
from subprocess import Popen, PIPE
import subprocess
import glob
DOCUMENTATION = '''
---
module: services_facts; tested on Ubuntu 10,12,14,16 and CentOS 5,6,7
author:
- "Domenico Caruso" domenico.caruso@de.clara.net
short_description: Provide facts regarding services: whether they are boot enabled and/or running at the momement;
moreover it provides what ports are listening to and what connections are established
description: Unfortunately every system has a different init daemon and services are sometimes differtly managed: some are native to the init daemon some are backwards compatibility. Moreover, the same command can have a different output, e.g., service --status-all works on both Ubuntu and CentOS but the output is very different.
'''
EXAMPLES = '''
Example output:
"established": {
"nscd": {
"389": "1.2.3.4"
},
"sshd:": {
"41478": "10.0.2.2"
.
.
.
"init": {
"accounts-daemon_service": "enabled",
"acpid_service": "enabled",
"apache-htcacheclean_service": "disabled",
"apache2_service": "enabled",
"apport-forward@_service": "static",
"apport_service": "enabled",
"apt-daily_service": "static",
"atd_service": "enabled",
.
.
.
"status": {
"accounts-daemon_service": "active",
"acpid_service": "active",
"apache-htcacheclean_service": "active",
"apache2_service": "active",
"apparmor_service": "active",
"apport_service": "active",
"apt-daily_service": "inactive",
"atd_service": "active",
.
.
.
"listening": {
"apache2": {
"80": "::"
},
"bacula-fd": {
"9102": "127.0.0.1"
},
"exim4": {
"25": "::1"
},
.
.
.
'''
def _get_command_output_lines(cmd, parse_string):
lines = []
stdout = Popen(cmd, stdout=PIPE).communicate()[0]
stream = StringIO.StringIO(stdout)
parser = compile(parse_string)
for line in stream:
res = parser.parse(line)
if not res:
continue
lines.append(res.named)
return lines
# here we get info about enabled/disabled services
def parse_init():
result = {}
lines = []
# SYSTEMD gather facts, this works with Ubuntu 16 and CentOS 7 only
if platform.dist()[2] == 'xenial' or platform.dist()[1].split('.')[0] == '7':
lines = _get_command_output_lines(['systemctl', 'list-unit-files', '--type=service'], '{key} {value}')
for named in lines:
result[named['key'].replace('.', '_').lower()] = named['value'].strip()
# SYSTEM V gather facts for CentOS
if ("centos" in platform.dist()[0].lower() or "redhat" in platform.dist()[0].lower()) and platform.dist()[1].split('.')[0] >= '6':
service1 = subprocess.Popen(['chkconfig', '--list'], stdout=PIPE).communicate()[0]
stream = StringIO.StringIO(service1)
for line in stream:
arr = re.split(r'[0-9]:',line)
if arr[3].strip("\t") == arr[4].strip("\t") == arr[5].strip("\t") == arr[6].strip("\t") == "off":
result [ arr[0].strip("\t").strip().replace('.', '_').lower()+'_service' ] = "disabled"
else:
result [ arr[0].strip("\t").strip().replace('.', '_').lower()+'_service'] = "enabled"
elif platform.dist()[1].split('.')[0] == '5':
service1 = subprocess.Popen(['sudo','/sbin/chkconfig', '--list'], stdout=PIPE).communicate()[0]
stream = StringIO.StringIO(service1)
for line in stream:
arr = re.split(r'[0-9]:',line)
if arr[3].strip("\t") == arr[4].strip("\t") == arr[5].strip("\t") == arr[6].strip("\t") == "off":
result [ arr[0].strip("\t").strip().replace('.', '_').lower()+'_service' ] = "disabled"
else:
result [ arr[0].strip("\t").strip().replace('.', '_').lower()+'_service'] = "enabled"
# SYSTEM V gather facts, this works on Ubuntu
if platform.dist()[0] == 'Ubuntu':
service_files = glob.glob("/etc/rc2.d/*")
stream = []
for l in service_files:
filename_firstchar = os.path.basename(l)[0]
if filename_firstchar == 'S':
service_name = re.split(r'[S][0-9]+', l)[1].replace('.', '_').lower() + '_service'
result[ service_name ] = "enabled"
elif filename_firstchar == 'K':
service_name = re.split(r'[K][0-9]+', l)[1].replace('.', '_').lower() + '_service'
result[ service_name ] = "disabled"
else:
continue
# UPSTART gather facts, for all Ubuntu and CentOS/RedHat 6
if platform.dist()[0] == 'Ubuntu' or platform.dist()[1].split('.')[0] == '6':
service1 = subprocess.Popen(['grep', '-i','runlevel'] + glob.glob("/etc/init/*"), stdout=PIPE).communicate()[0]
stream = StringIO.StringIO(service1)
for named in stream:
if "#" not in named and "start on" in named and (re.search(r'[2-5]',named)):
service_name = str(named).replace("/"," ").split()[2].split(".")[0].replace('.', '_').lower()+'_service'
result[ service_name ] = "enabled"
elif "#" not in named and "start on" in named and not (re.search(r'[2-5]',named)):
service_name = str(named).replace("/"," ").split()[2].split(".")[0].replace('.', '_').lower()+'_service'
result[ service_name ] = "disabled"
return result
# here we get the info about running/stopped services
def parse_status():
result = {}
lines = []
# SYSTEMD gather facts, this works with Ubuntu 16 and CentOS 7 only
if platform.dist()[2] == 'xenial' or platform.dist()[1].split('.')[0] == '7':
service1 = subprocess.Popen(['systemctl', 'list-units', '--all', '--type=service', '--plain', '--no-legend'], stdout=PIPE)
stream = StringIO.StringIO(service1.communicate()[0])
for named in stream:
service_name = named.split()[0]
service_status = named.split()[2]
result[ service_name.replace('.', '_').lower() ] = service_status.strip()
# SYSTEM V gather facts, this works on all Ubuntu versions
if platform.dist()[0] == 'Ubuntu':
service1 = subprocess.Popen(['service', '--status-all'], stdout=PIPE, stderr=subprocess.STDOUT).communicate()[0]
stream = StringIO.StringIO(service1)
for named in stream:
service_name = named.split()[3].replace('.', '_')+'_service'
service_status = named.split()[1].strip().replace('+','active').replace('-','inactive').replace('?','unknown')
result[service_name] = service_status
# SYSTEM V gather facts, for CentOS
if ("centos" in platform.dist()[0].lower() or "redhat" in platform.dist()[0].lower()) and platform.dist()[1].split('.')[0] >= '6':
service1 = subprocess.Popen(['service', '--status-all'], stdout=PIPE)
service2 = subprocess.Popen(['grep', 'running\|stopped'], stdin=service1.stdout,stdout=PIPE).communicate()[0]
stream = StringIO.StringIO(service2)
for named in stream:
service_name = named.split()[0].replace('.', '_')+'_service'
if "is" in named:
service_status = named.split(" is ")[1].replace(".","").replace(" ","_").strip().replace('not_running','inactive').replace('stopped','inactive').replace('running','active')
result [ service_name ] = service_status
else:
continue
elif platform.dist()[1].split('.')[0] == '5':
service1 = subprocess.Popen(['sudo', '/sbin/service', '--status-all'], stdout=PIPE)
service2 = subprocess.Popen(['grep', 'running\|stopped'], stdin=service1.stdout,stdout=PIPE).communicate()[0]
stream = StringIO.StringIO(service2)
for named in stream:
service_name = named.split()[0].replace('.', '_')+'_service'
if "is" in named:
service_status = named.split(" is ")[1].replace(".","").replace(" ","_").strip().replace('not_running','inactive').replace('stopped','inactive').replace('running','active')
result [ service_name ] = service_status
else:
continue
# UPSTART gather facts, it is not supported on Ubuntu 16 and Centos 5,7
if (platform.dist()[2] != 'xenial' and platform.dist()[0] == 'Ubuntu') or platform.dist()[1].split('.')[0] == '6':
service1 = subprocess.Popen(['initctl', 'list'], stdout=PIPE).communicate()[0]
stream = StringIO.StringIO(service1)
for named in stream:
service_name = str(named.split(",")[0]).replace(" (","_(").split()[0].replace('.', '_')+'_service'
service_status = str(named.split(",")[0]).replace(" (","_(").split()[1].strip().replace('start/running','active').replace('stop/waiting','inactive')
result [ service_name ] = service_status
return result
def parse_listening():
result = {}
service1 = subprocess.Popen(['netstat', '-tulnep'], stdout=PIPE).communicate()[0]
stream = StringIO.StringIO(service1)
for line in stream:
var = ['tcp','udp']
for a in var:
if re.search(a,line.split()[0]):
if re.search('tcp',line.split()[0]):
service_name = line.split()[8].split("/")[1]
if re.search('udp',line.split()[0]):
service_name = line.split()[7].split("/")[1]
local_ip = line.split()[3].rsplit(':',1)[0]
local_port = line.split()[3].rsplit(':',1)[1]
if service_name not in result:
result[service_name] = {}
result[service_name][local_port] = local_ip
return result
def parse_established():
result = {}
service1 = subprocess.Popen(['netstat', '-tnep'], stdout=PIPE).communicate()[0]
stream = StringIO.StringIO(service1)
for line in stream:
if not (re.search('tcp',line.split()[0]) and re.search('ESTA',line.split()[5])) : continue
else:
try:
service_name = line.split()[8].split("/")[1]
foreign_ip = line.split()[4].rsplit(':',1)[0]
foreign_port = line.split()[4].rsplit(':',1)[1]
if service_name not in result:
result[service_name] = {}
result[service_name][foreign_port] = foreign_ip
except:
continue
return result
established = {}
established['established'] = parse_established()
listening = {}
listening['listening'] = parse_listening()
status = {}
status['status'] = parse_status()
init = {}
init['init'] = parse_init()
with open('risultato.txt','w') as outfile:
json.dump(init,outfile,indent=1)
with open('risultato.txt','aw') as outfile:
json.dump(status,outfile,indent=1)
with open('risultato.txt','aw') as outfile:
json.dump(established,outfile,indent=1)
with open('risultato.txt','aw') as outfile:
json.dump(listening,outfile,indent=1)