def check_docker_files(host, ssh_obj, files_modified_dict, dict_to_compare, remote_sha_sum_dict):
"""
check_docker_files assumes there is already a paramiko connection made to the server in question
It attempts to take a sha256sum of the files in file_list
"""
for files in dict_to_compare.keys():
try:
temp_list = HandleSSHConnections.run_remote_commands(ssh_obj, "sha256sum %s" % files)
shortened_file_name = files.split("/")[-1]
for line in temp_list:
sha_sum = line.split()[0]
if line.strip().split()[0] == dict_to_compare[files]:
modified = False
DictionaryHandling.add_to_dictionary(files_modified_dict, host, "%s has been modified" %
shortened_file_name, modified)
else:
modified = True
DictionaryHandling.add_to_dictionary(files_modified_dict, host, "%s has been modified" %
shortened_file_name, modified)
# Added the file name and sha sum in the key to be able to associate the sum to modified flag
# This will help to identify it for colourization
DictionaryHandling.add_to_dictionary(remote_docker_file_sums_dict, host, "%s sha256sum : %s" %
(shortened_file_name, sha_sum), modified)
except socket.error:
print("No SSH connection is open")
def check_docker_files(host, ssh_obj, files_modified_dict, dict_to_compare, remote_sha_sum_dict):
"""
check_docker_files assumes there is already a paramiko connection made to the server in question
It attempts to take a sha256sum of the files in file_list
"""
for files in dict_to_compare.keys():
try:
temp_list = HandleSSHConnections.run_remote_commands(ssh_obj, "sha256sum %s" % files)
shortened_file_name = files.split("/")[-1]
for line in temp_list:
sha_sum = line.split()[0]
if line.strip().split()[0] == dict_to_compare[files]:
modified = False
DictionaryHandling.add_to_dictionary(files_modified_dict, host, "%s has been modified" %
shortened_file_name, modified)
else:
modified = True
DictionaryHandling.add_to_dictionary(files_modified_dict, host, "%s has been modified" %
shortened_file_name, modified)
# Added the file name and sha sum in the key to be able to associate the sum to modified flag
# This will help to identify it for colourization
DictionaryHandling.add_to_dictionary(remote_docker_file_sums_dict, host, "%s sha256sum : %s" %
(shortened_file_name, sha_sum), modified)
except socket.error:
print("No SSH connection is open")
def update_required_query(server_name, package_update_dict, package_list,
ssh_obj):
"""
update_required_query uses the yum to determine if packages have updates available
Does not return anything, instead uses DictionaryHandling.add_to_dictionary to populate dictionaries
for processing later in the summation
"""
packages_to_be_updated = HandleSSHConnections.run_remote_commands(
ssh_obj, "yum list updates")
ose_package_needs_update = False
system_up_to_date = True
if len(packages_to_be_updated) > 2:
system_up_to_date = False
for package in packages_to_be_updated:
package_name = package.split(".")[0]
if package_name in package_list:
ose_package_needs_update = True
DictionaryHandling.add_to_dictionary(package_update_dict,
server_name,
"Update available for",
package_name)
if not ose_package_needs_update:
DictionaryHandling.add_to_dictionary(package_update_dict, server_name,
"System is up to date",
system_up_to_date)
def installed_package_query(server_name, repo_dict_to_modify, package_list,
ssh_obj):
"""
installed_package_query uses the yum to determine if packages exist on the remote system
Does not return anything, instead uses DictionaryHandling.add_to_dictionary to populate dictionaries
for processing later in the summation
"""
ose_required_packages_installed = []
ose_required_packages_not_installed = []
temp_list = HandleSSHConnections.run_remote_commands(
ssh_obj, "yum list installed")
installed_on_system = []
for package in temp_list:
package_name = package.split(".")[0]
installed_on_system.append(package_name)
for package in package_list:
if package in installed_on_system:
ose_required_packages_installed.append(package)
else:
ose_required_packages_not_installed.append(package)
if len(package_list) != len(ose_required_packages_installed):
DictionaryHandling.add_to_dictionary(
repo_dict_to_modify, server_name, "Missing",
ose_required_packages_not_installed)
else:
DictionaryHandling.add_to_dictionary(repo_dict_to_modify, server_name,
"All OSE Packages Installed",
True)
def check_selinux_booleans(host, ssh_obj, boolean_list, boolean_dict):
output = HandleSSHConnections.run_remote_commands(ssh_obj, "/usr/sbin/getsebool -a")
for line in output:
boolean_name = line.split()[0]
if boolean_name in boolean_list:
boolean_status = line.split("> ")[1]
DictionaryHandling.add_to_dictionary(boolean_dict, host, boolean_name, boolean_status)
def is_selinux_enabled(host, ssh_obj, dict_to_modify):
"""
is_selinux_enabled logs into the remote host and runs/parses 'sestatus'
adds results to a dictionary
"""
output = HandleSSHConnections.run_remote_commands(ssh_obj, "sestatus")
for line in output:
if "SELinux status" in line:
if "enabled" in line:
DictionaryHandling.add_to_dictionary(dict_to_modify, host, "SELinux Enabled", True)
else:
DictionaryHandling.add_to_dictionary(dict_to_modify, host, "SELinux Enabled", False)
def is_selinux_enabled(host, ssh_obj, dict_to_modify):
"""
is_selinux_enabled logs into the remote host and runs/parses 'sestatus'
adds results to a dictionary
"""
output = HandleSSHConnections.run_remote_commands(ssh_obj, "/usr/sbin/sestatus")
for line in output:
if "SELinux status" in line:
if "enabled" in line:
DictionaryHandling.add_to_dictionary(dict_to_modify, host, "SELinux Enabled", True)
else:
DictionaryHandling.add_to_dictionary(dict_to_modify, host, "SELinux Enabled", False)
def update_required_query(server_name, package_update_dict, package_list, ssh_obj):
"""
update_required_query uses the yum to determine if packages have updates available
Does not return anything, instead uses DictionaryHandling.add_to_dictionary to populate dictionaries
for processing later in the summation
"""
packages_to_be_updated = HandleSSHConnections.run_remote_commands(ssh_obj, "yum list updates")
ose_package_needs_update = False
system_up_to_date = True
if len(packages_to_be_updated) > 2:
system_up_to_date = False
for package in packages_to_be_updated:
package_name = package.split(".")[0]
if package_name in package_list:
ose_package_needs_update = True
DictionaryHandling.add_to_dictionary(package_update_dict, server_name, "Update available for",
package_name)
if not ose_package_needs_update:
DictionaryHandling.add_to_dictionary(package_update_dict, server_name, "System is up to date",
system_up_to_date)
def installed_package_query(server_name, repo_dict_to_modify, package_list, ssh_obj):
"""
installed_package_query uses the yum to determine if packages exist on the remote system
Does not return anything, instead uses DictionaryHandling.add_to_dictionary to populate dictionaries
for processing later in the summation
"""
ose_required_packages_installed = []
ose_required_packages_not_installed = []
temp_list = HandleSSHConnections.run_remote_commands(ssh_obj, "yum list installed")
installed_on_system = []
for package in temp_list:
package_name = package.split(".")[0]
installed_on_system.append(package_name)
for package in package_list:
if package in installed_on_system:
ose_required_packages_installed.append(package)
else:
ose_required_packages_not_installed.append(package)
if len(package_list) != len(ose_required_packages_installed):
DictionaryHandling.add_to_dictionary(repo_dict_to_modify, server_name, "Missing",
ose_required_packages_not_installed)
else:
DictionaryHandling.add_to_dictionary(repo_dict_to_modify, server_name, "All OSE Packages Installed", True)
print("Plesse enter yes/no or y/n to display/hide sha sums")
parser.print_help()
sys.exit()
ansible_host_list = process_host_file(options.ansible_host_file)
for server in ansible_host_list:
can_connect_to_server = test_ssh_keys(server, ansible_ssh_user)
# if we can connect to remote host, go ahead and run the verification checks
if can_connect_to_server:
ssh_connection.open_ssh(server, ansible_ssh_user)
check_docker_files(server, ssh_connection, docker_files_have_been_modified_dict,
original_docker_file_hashes, remote_docker_file_sums_dict)
installed_package_query(server, repo_dict, ose_required_packages_list, ssh_connection)
update_required_query(server, package_updates_available_dict, ose_required_packages_list, ssh_connection)
is_selinux_enabled(server, ssh_connection, selinux_dict)
systemctl_output = HandleSSHConnections.run_remote_commands(ssh_connection, "systemctl status docker")
is_docker_enabled(server, systemctl_output, docker_service_check_dict)
is_docker_running(server, systemctl_output, docker_service_check_dict)
sub_status = HandleSSHConnections.run_remote_commands(ssh_connection, "subscription-manager status")
is_host_subscribed(server, subscription_dict, sub_status)
repo_information = HandleSSHConnections.run_remote_commands(ssh_connection, "subscription-manager repos")
which_repos_are_enabled(server, repo_dict, repo_information, ose_repos)
ssh_connection.close_ssh()
check_forward_dns_lookup(server, forward_lookup_dict)
check_reverse_dns_lookup(forward_lookup_dict, reverse_lookup_dict)
##### Format output and display summary
print(textColors.HEADER + textColors.BOLD + "\n\nSELinux Checks" + textColors.ENDC)
DictionaryHandling.format_dictionary_output(selinux_dict)
print(textColors.HEADER + textColors.BOLD + "\n\nDocker Section (sha256sum below)" + textColors.ENDC)
else:
print("Plesse enter yes/no or y/n to display/hide sha sums")
parser.print_help()
sys.exit()
ansible_host_list = process_host_file(options.ansible_host_file)
for server in ansible_host_list:
print("\n")
can_connect_to_server = test_ssh_keys(server, ansible_ssh_user)
# if we can connect to remote host, go ahead and run the verification checks
if can_connect_to_server:
ssh_connection.open_ssh(server, ansible_ssh_user)
check_docker_files(server, ssh_connection, docker_files_have_been_modified_dict,
default_docker_hashes, remote_docker_file_sums_dict)
print(textColors.HEADER + "Checking to see if /var/lib/etcd is a partition..." + textColors.ENDC)
etcd_partition_output = HandleSSHConnections.run_remote_commands(ssh_connection,
'/usr/bin/python -c \"import os; print os.path.ismount(\'/var/lib/etcd\')\"')
parse_etcd(server, etcd_partition_output, etcd_partition_dict)
print(textColors.HEADER + "Running 'yum list installed' on %s..." % server + textColors.ENDC)
installed_package_query(server, repo_dict, ose_required_packages_list, ssh_connection)
print(textColors.HEADER + "Running 'yum list updates' on %s..." % server + textColors.ENDC)
update_required_query(server, package_updates_available_dict, ose_required_packages_list, ssh_connection)
print(textColors.HEADER + "Running 'sestatus' on %s" % server + textColors.ENDC)
is_selinux_enabled(server, ssh_connection, selinux_dict)
print(textColors.HEADER + "Running 'systemctl status docker' on %s..." % server + textColors.ENDC)
systemctl_output = HandleSSHConnections.run_remote_commands(ssh_connection, "systemctl status docker")
is_docker_enabled(server, systemctl_output, docker_service_check_dict)
is_docker_running(server, systemctl_output, docker_service_check_dict)
print(textColors.HEADER + "Running 'subscription-manager status' on %s..." % server + textColors.ENDC)
sub_status = HandleSSHConnections.run_remote_commands(ssh_connection, "subscription-manager status")
is_host_subscribed(server, subscription_dict, sub_status)
print(textColors.HEADER + "Running 'subscription-manager repos' on %s..." % server + textColors.ENDC)
ansible_host_list = process_host_file(options.ansible_host_file)
for server in ansible_host_list:
can_connect_to_server = test_ssh_keys(server, ansible_ssh_user)
# if we can connect to remote host, go ahead and run the verification checks
if can_connect_to_server:
ssh_connection.open_ssh(server, ansible_ssh_user)
check_docker_files(server, ssh_connection,
docker_files_have_been_modified_dict,
original_docker_file_hashes,
remote_docker_file_sums_dict)
installed_package_query(server, repo_dict,
ose_required_packages_list, ssh_connection)
update_required_query(server, package_updates_available_dict,
ose_required_packages_list, ssh_connection)
is_selinux_enabled(server, ssh_connection, selinux_dict)
systemctl_output = HandleSSHConnections.run_remote_commands(
ssh_connection, "systemctl status docker")
is_docker_enabled(server, systemctl_output,
docker_service_check_dict)
is_docker_running(server, systemctl_output,
docker_service_check_dict)
sub_status = HandleSSHConnections.run_remote_commands(
ssh_connection, "subscription-manager status")
is_host_subscribed(server, subscription_dict, sub_status)
repo_information = HandleSSHConnections.run_remote_commands(
ssh_connection, "subscription-manager repos")
which_repos_are_enabled(server, repo_dict, repo_information,
ose_repos)
ssh_connection.close_ssh()
check_forward_dns_lookup(server, forward_lookup_dict)
check_reverse_dns_lookup(forward_lookup_dict, reverse_lookup_dict)