def installed_package_query(server_name, repo_dict_to_modify, package_list, ssh_obj): """ installed_package_query uses the yum to determine if packages exist on the remote system Does not return anything, instead uses DictionaryHandling.add_to_dictionary to populate dictionaries for processing later in the summation """ ose_required_packages_installed = [] ose_required_packages_not_installed = [] temp_list = HandleSSHConnections.run_remote_commands( ssh_obj, "yum list installed") installed_on_system = [] for package in temp_list: package_name = package.split(".")[0] installed_on_system.append(package_name) for package in package_list: if package in installed_on_system: ose_required_packages_installed.append(package) else: ose_required_packages_not_installed.append(package) if len(package_list) != len(ose_required_packages_installed): DictionaryHandling.add_to_dictionary( repo_dict_to_modify, server_name, "Missing", ose_required_packages_not_installed) else: DictionaryHandling.add_to_dictionary(repo_dict_to_modify, server_name, "All OSE Packages Installed", True)
def update_required_query(server_name, package_update_dict, package_list, ssh_obj): """ update_required_query uses the yum to determine if packages have updates available Does not return anything, instead uses DictionaryHandling.add_to_dictionary to populate dictionaries for processing later in the summation """ packages_to_be_updated = HandleSSHConnections.run_remote_commands( ssh_obj, "yum list updates") ose_package_needs_update = False system_up_to_date = True if len(packages_to_be_updated) > 2: system_up_to_date = False for package in packages_to_be_updated: package_name = package.split(".")[0] if package_name in package_list: ose_package_needs_update = True DictionaryHandling.add_to_dictionary(package_update_dict, server_name, "Update available for", package_name) if not ose_package_needs_update: DictionaryHandling.add_to_dictionary(package_update_dict, server_name, "System is up to date", system_up_to_date)
def which_repos_are_enabled(server_name, dict_to_modify, repo_info, these_should_be_enabled): """ which_repos_are_enabled parses the output from 'subscription-manager repos' command. After parsing, it stores enabled repos in a dictionary with the hostname as the key. This function does not return anything """ repo_id_keyword = "Repo ID:" repo_enabled_keyword = "Enabled:" if not repo_info: DictionaryHandling.add_to_dictionary( dict_to_modify, server_name, "Error retrieving repo information", False) for line in repo_info: if repo_id_keyword in line: repo_name = line.split(repo_id_keyword)[1].strip() if repo_enabled_keyword in line: if "1" in line.split(repo_enabled_keyword)[1]: enabled = True else: enabled = False if repo_name in these_should_be_enabled: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, repo_name, enabled)
def check_selinux_booleans(host, ssh_obj, boolean_list, boolean_dict): output = HandleSSHConnections.run_remote_commands(ssh_obj, "/usr/sbin/getsebool -a") for line in output: boolean_name = line.split()[0] if boolean_name in boolean_list: boolean_status = line.split("> ")[1] DictionaryHandling.add_to_dictionary(boolean_dict, host, boolean_name, boolean_status)
def is_selinux_enabled(host, ssh_obj, dict_to_modify): """ is_selinux_enabled logs into the remote host and runs/parses 'sestatus' adds results to a dictionary """ output = HandleSSHConnections.run_remote_commands(ssh_obj, "sestatus") for line in output: if "SELinux status" in line: if "enabled" in line: DictionaryHandling.add_to_dictionary(dict_to_modify, host, "SELinux Enabled", True) else: DictionaryHandling.add_to_dictionary(dict_to_modify, host, "SELinux Enabled", False)
def is_docker_enabled(server_name, output, dict_to_modify): """ is_docker_enabled checks to see if docker is enabled in systemd. Stores the results in docker_service_check_dict """ if output is not None: for line in output: if "Loaded: " in line: if "enabled" in line.split("vendor preset")[0]: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "Docker Enabled", True) else: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "Docker Enabled", "Warning")
def is_docker_enabled(server_name, output, dict_to_modify): """ is_docker_enabled checks to see if docker is enabled in systemd. Stores the results in docker_service_check_dict """ if output is not None: for line in output: if "Loaded: " in line: if "enabled" in line.split("vendor preset")[0]: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "Docker Enabled", True) else: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "Docker Enabled", False)
def is_host_subscribed(server_name, dict_to_modify, subscript_status): """ is_host_subscribed uses subprocess to run the subscription-manager command. It parses the output for the word 'Current' if found, returns true, otherwise returns false """ for line in subscript_status: if "Overall" in line: if "Current" in line: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "Subscribed", True) else: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "Subscribed", False)
def is_selinux_enabled(host, ssh_obj, dict_to_modify): """ is_selinux_enabled logs into the remote host and runs/parses 'sestatus' adds results to a dictionary """ output = HandleSSHConnections.run_remote_commands(ssh_obj, "/usr/sbin/sestatus") for line in output: if "SELinux status" in line: if "enabled" in line: DictionaryHandling.add_to_dictionary(dict_to_modify, host, "SELinux Enabled", True) else: DictionaryHandling.add_to_dictionary(dict_to_modify, host, "SELinux Enabled", False)
def check_forward_dns_lookup(host_name, dict_to_modify): """ uses socket to do a forward lookup on host Does not return anything, inserts values into forward_lookup_dict """ try: host_ip = socket.gethostbyname(host_name) DictionaryHandling.add_to_dictionary(forward_lookup_dict, host_name, "IP Address", host_ip) except socket.gaierror: try: socket.inet_aton(host_name) print("You should be using FQDN instead of IPs in your ansible host file!") pass except socket.error: pass DictionaryHandling.add_to_dictionary(dict_to_modify, host_name, "IP Address", None)
def which_repos_are_enabled(server_name, dict_to_modify, repo_info, these_should_be_enabled): """ which_repos_are_enabled parses the output from 'subscription-manager repos' command. After parsing, it stores enabled repos in a dictionary with the hostname as the key. This function does not return anything """ repo_id_keyword = "Repo ID:" repo_enabled_keyword = "Enabled:" for line in repo_info: if repo_id_keyword in line: repo_name = line.split(repo_id_keyword)[1].strip() if repo_enabled_keyword in line: if "1" in line.split(repo_enabled_keyword)[1]: enabled = True else: enabled = False if repo_name in these_should_be_enabled: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, repo_name, enabled)
def is_docker_running(server_name, output, dict_to_modify): """ is_docker_running checks whether docker is active. Stores the results in docker_service_check_dict """ docker_running = False if output is not None: for line in output: if "Active:" in line: if "inactive" in line: docker_running = False elif "active" in line: docker_running = True active_since = line if docker_running: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "Docker Running", True) else: for line in output: print(textColors.FAIL + line + textColors.ENDC), DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "Docker Running", False)
def update_required_query(server_name, package_update_dict, package_list, ssh_obj): """ update_required_query uses the yum to determine if packages have updates available Does not return anything, instead uses DictionaryHandling.add_to_dictionary to populate dictionaries for processing later in the summation """ packages_to_be_updated = HandleSSHConnections.run_remote_commands(ssh_obj, "yum list updates") ose_package_needs_update = False system_up_to_date = True if len(packages_to_be_updated) > 2: system_up_to_date = False for package in packages_to_be_updated: package_name = package.split(".")[0] if package_name in package_list: ose_package_needs_update = True DictionaryHandling.add_to_dictionary(package_update_dict, server_name, "Update available for", package_name) if not ose_package_needs_update: DictionaryHandling.add_to_dictionary(package_update_dict, server_name, "System is up to date", system_up_to_date)
def is_docker_running(server_name, output, dict_to_modify): """ is_docker_running checks whether docker is active. Stores the results in docker_service_check_dict """ docker_running = False if output is not None: for line in output: if "Active:" in line: if "inactive" in line: docker_running = False elif "active" in line: docker_running = True active_since = line if docker_running: print("Docker is active") DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "Docker Running", True) else: print("Docker is not running: \n") for line in output: print(textColors.FAIL + line + textColors.ENDC), DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "Docker Running", False)
def check_docker_files(host, ssh_obj, files_modified_dict, dict_to_compare, remote_sha_sum_dict): """ check_docker_files assumes there is already a paramiko connection made to the server in question It attempts to take a sha256sum of the files in file_list """ for files in dict_to_compare.keys(): try: temp_list = HandleSSHConnections.run_remote_commands(ssh_obj, "sha256sum %s" % files) shortened_file_name = files.split("/")[-1] for line in temp_list: sha_sum = line.split()[0] if line.strip().split()[0] == dict_to_compare[files]: modified = False DictionaryHandling.add_to_dictionary(files_modified_dict, host, "%s has been modified" % shortened_file_name, modified) else: modified = True DictionaryHandling.add_to_dictionary(files_modified_dict, host, "%s has been modified" % shortened_file_name, modified) # Added the file name and sha sum in the key to be able to associate the sum to modified flag # This will help to identify it for colourization DictionaryHandling.add_to_dictionary(remote_docker_file_sums_dict, host, "%s sha256sum : %s" % (shortened_file_name, sha_sum), modified) except socket.error: print("No SSH connection is open")
def installed_package_query(server_name, repo_dict_to_modify, package_list, ssh_obj): """ installed_package_query uses the yum to determine if packages exist on the remote system Does not return anything, instead uses DictionaryHandling.add_to_dictionary to populate dictionaries for processing later in the summation """ ose_required_packages_installed = [] ose_required_packages_not_installed = [] temp_list = HandleSSHConnections.run_remote_commands(ssh_obj, "yum list installed") installed_on_system = [] for package in temp_list: package_name = package.split(".")[0] installed_on_system.append(package_name) for package in package_list: if package in installed_on_system: ose_required_packages_installed.append(package) else: ose_required_packages_not_installed.append(package) if len(package_list) != len(ose_required_packages_installed): DictionaryHandling.add_to_dictionary(repo_dict_to_modify, server_name, "Missing", ose_required_packages_not_installed) else: DictionaryHandling.add_to_dictionary(repo_dict_to_modify, server_name, "All OSE Packages Installed", True)
def check_reverse_dns_lookup(lookup_dict, dict_to_modify): """ uses socket to do a reverse lookup on hosts in forward_lookup_dict Does not return anything, inserts values into reverse_lookup_dict """ for server_name in lookup_dict.keys(): host_ip = lookup_dict[server_name]["IP Address"] if host_ip is not None: try: hostname = socket.gethostbyaddr(host_ip) DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "PTR Record", hostname[0]) except socket.herror: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "PTR Record", None) else: DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "PTR Record", None)
is_docker_running(server, systemctl_output, docker_service_check_dict) print(textColors.HEADER + "Running 'subscription-manager status' on %s..." % server + textColors.ENDC) sub_status = HandleSSHConnections.run_remote_commands(ssh_connection, "subscription-manager status") is_host_subscribed(server, subscription_dict, sub_status) print(textColors.HEADER + "Running 'subscription-manager repos' on %s..." % server + textColors.ENDC) repo_information = HandleSSHConnections.run_remote_commands(ssh_connection, "subscription-manager repos") which_repos_are_enabled(server, repo_dict, repo_information, ose_repos) ssh_connection.close_ssh() print(textColors.HEADER + "Attempting to forward lookup of %s..." % server + textColors.ENDC) check_forward_dns_lookup(server, forward_lookup_dict) print(textColors.HEADER + "Attempting to reverse lookup of %s..." % server + textColors.ENDC) check_reverse_dns_lookup(forward_lookup_dict, reverse_lookup_dict) ##### Format output and display summary print(textColors.HEADER + textColors.BOLD + "\n\nSELinux Checks" + textColors.ENDC) DictionaryHandling.format_dictionary_output(selinux_dict) print(textColors.HEADER + textColors.BOLD + "\n\nDocker Section (sha256sum below)" + textColors.ENDC) if show_sha_sums: DictionaryHandling.format_dictionary_output(docker_files_have_been_modified_dict, remote_docker_file_sums_dict, docker_service_check_dict) else: DictionaryHandling.format_dictionary_output(docker_files_have_been_modified_dict, docker_service_check_dict) print(textColors.HEADER + textColors.BOLD + "\n\nDNS Lookups" + textColors.ENDC) DictionaryHandling.format_dictionary_output(forward_lookup_dict, reverse_lookup_dict) print(textColors.HEADER + textColors.BOLD + "\n\nPackages and repo information" + textColors.ENDC) DictionaryHandling.format_dictionary_output(repo_dict, subscription_dict, ose_package_not_installed_dict, ose_package_installed_dict, package_updates_available_dict) print(textColors.HEADER + textColors.BOLD + "\n\nETCD has its own partition" + textColors.ENDC)
update_required_query(server, package_updates_available_dict, ose_required_packages_list, ssh_connection) is_selinux_enabled(server, ssh_connection, selinux_dict) systemctl_output = HandleSSHConnections.run_remote_commands(ssh_connection, "systemctl status docker") is_docker_enabled(server, systemctl_output, docker_service_check_dict) is_docker_running(server, systemctl_output, docker_service_check_dict) sub_status = HandleSSHConnections.run_remote_commands(ssh_connection, "subscription-manager status") is_host_subscribed(server, subscription_dict, sub_status) repo_information = HandleSSHConnections.run_remote_commands(ssh_connection, "subscription-manager repos") which_repos_are_enabled(server, repo_dict, repo_information, ose_repos) ssh_connection.close_ssh() check_forward_dns_lookup(server, forward_lookup_dict) check_reverse_dns_lookup(forward_lookup_dict, reverse_lookup_dict) ##### Format output and display summary print(textColors.HEADER + textColors.BOLD + "\n\nSELinux Checks" + textColors.ENDC) DictionaryHandling.format_dictionary_output(selinux_dict) print(textColors.HEADER + textColors.BOLD + "\n\nDocker Section (sha256sum below)" + textColors.ENDC) if show_sha_sums: DictionaryHandling.format_dictionary_output(docker_files_have_been_modified_dict, remote_docker_file_sums_dict, docker_service_check_dict) else: DictionaryHandling.format_dictionary_output(docker_files_have_been_modified_dict, docker_service_check_dict) print(textColors.HEADER + textColors.BOLD + "\n\nDNS Lookups" + textColors.ENDC) DictionaryHandling.format_dictionary_output(forward_lookup_dict, reverse_lookup_dict) print(textColors.HEADER + textColors.BOLD + "\n\nPackages and repo information" + textColors.ENDC) DictionaryHandling.format_dictionary_output(repo_dict, subscription_dict, ose_package_not_installed_dict, ose_package_installed_dict, package_updates_available_dict)
def parse_etcd(server_name, output, dict_to_modify): if output is not None: output = output[0].split("\n")[0] DictionaryHandling.add_to_dictionary(dict_to_modify, server_name, "ETCD partition", output)