def _fsck_check(hutil): try: retcode = ext_utils.run(['fsck', '-As', '-y']) if retcode > 0: hutil.log(retcode) raise Exception("Disk check was not successful") else: return retcode except Exception as e: hutil.error("Failed to run disk check with error: {0}, {1}".format( str(e), traceback.format_exc())) hutil.do_exit(1, 'Check', 'error', '0', 'Check failed.')
def restart_ssh_service(self): """ Service call to re(start) the SSH service """ ssh_restart_cmd = [ self.service_cmd, self.ssh_service_name, self.ssh_service_restart_option ] ret_code = ext_utils.run(ssh_restart_cmd) if ret_code != 0: logger.error("Failed to restart SSH service with return code:" + str(ret_code)) return ret_code
def delete_account(self, user): """ Delete the 'user'. Clear utmp first, to avoid error. Removes the /etc/sudoers.d/waagent file. """ userentry = None try: userentry = pwd.getpwnam(user) except (OSError, KeyError): pass if userentry is None: logger.error("DeleteAccount: " + user + " not found.") return uidmin = None try: if os.path.isfile("/etc/login.defs"): uidmin = int( ext_utils.get_line_starting_with( "UID_MIN", "/etc/login.defs").split()[1]) except (ValueError, KeyError, AttributeError, OSError): pass if uidmin is None: uidmin = 100 if userentry[2] < uidmin: logger.error("DeleteAccount: " + user + " is a system user. Will not delete account.") return # empty contents of utmp to prevent error if we are the 'user' deleted ext_utils.run_command_and_write_stdout_to_file(['echo'], '/var/run/utmp') ext_utils.run(['rmuser', '-y', user], chk_err=False) try: os.remove(self.sudoers_dir_base + "/sudoers.d/waagent") except OSError: pass return
def delete_account(self, user): """ Delete the 'user'. Clear utmp first, to avoid error. Removes the /etc/sudoers.d/waagent file. """ user_entry = None try: user_entry = pwd.getpwnam(user) except (KeyError, OSError): pass if user_entry is None: logger.error("DeleteAccount: " + user + " not found.") return uid_min = None try: uid_min = int( ext_utils.get_line_starting_with("UID_MIN", "/etc/login.defs").split()[1]) except (ValueError, KeyError, AttributeError, OSError): pass if uid_min is None: uid_min = 100 if user_entry[2] < uid_min: logger.error("DeleteAccount: " + user + " is a system user. Will not delete account.") return ext_utils.run([ 'rm', '-f', '/var/run/utmp' ]) # Delete utmp to prevent error if we are the 'user' deleted ext_utils.run(['userdel', '-f', '-r', user]) try: os.remove("/etc/sudoers.d/waagent") except OSError: pass return
def delete_account(self, user): ext_utils.run(['/sbin/usermod', user, '-G', ''])
def create_account(self, user, password, expiration, thumbprint): ext_utils.run(['/sbin/usermod', user, '-G', 'wheel'])
def create_account(self, user, password, expiration, thumbprint): """ Create a user account, with 'user', 'password', 'expiration', ssh keys and sudo permissions. Returns None if successful, error string on failure. """ userentry = None try: userentry = pwd.getpwnam(user) except (EnvironmentError, KeyError): pass uidmin = None try: if os.path.isfile("/etc/login.defs"): uidmin = int(ext_utils.get_line_starting_with("UID_MIN", "/etc/login.defs").split()[1]) except (ValueError, KeyError, AttributeError, EnvironmentError): pass pass if uidmin is None: uidmin = 100 if userentry is not None and userentry[2] < uidmin: logger.error( "CreateAccount: " + user + " is a system user. Will not set password.") return "Failed to set password for system user: "******" (0x06)." if userentry is None: command = ['pw', 'useradd', user, '-m'] if expiration is not None: command += ['-e', expiration.split('.')[0]] if ext_utils.run(command): logger.error("Failed to create user account: " + user) return "Failed to create user account: " + user + " (0x07)." else: logger.log( "CreateAccount: " + user + " already exists. Will update password.") if password is not None: self.change_password(user, password) try: # for older distros create sudoers.d if not os.path.isdir(self.sudoers_dir_base + '/sudoers.d/'): # create the /etc/sudoers.d/ directory os.mkdir(self.sudoers_dir_base + '/sudoers.d') # add the include of sudoers.d to the /etc/sudoers ext_utils.set_file_contents( self.sudoers_dir_base + '/sudoers', ext_utils.get_file_contents( self.sudoers_dir_base + '/sudoers') + '\n#includedir ' + self.sudoers_dir_base + '/sudoers.d\n') if password is None: ext_utils.set_file_contents( self.sudoers_dir_base + "/sudoers.d/waagent", user + " ALL = (ALL) NOPASSWD: ALL\n") else: ext_utils.set_file_contents(self.sudoers_dir_base + "/sudoers.d/waagent", user + " ALL = (ALL) ALL\n") os.chmod(self.sudoers_dir_base + "/sudoers.d/waagent", 0o440) except (ValueError, KeyError, AttributeError, EnvironmentError): logger.error("CreateAccount: Failed to configure sudo access for user.") return "Failed to configure sudo privileges (0x08)." home = self.get_home() if thumbprint is not None: ssh_dir = home + "/" + user + "/.ssh" ext_utils.create_dir(ssh_dir, user, 0o700) pub = ssh_dir + "/id_rsa.pub" prv = ssh_dir + "/id_rsa" ext_utils.run_command_and_write_stdout_to_file(['sh-keygen', '-y', '-f', thumbprint + '.prv'], pub) ext_utils.set_file_contents( prv, ext_utils.get_file_contents(thumbprint + ".prv")) for f in [pub, prv]: os.chmod(f, 0o600) ext_utils.change_owner(f, user) ext_utils.set_file_contents( ssh_dir + "/authorized_keys", ext_utils.get_file_contents(pub)) ext_utils.change_owner(ssh_dir + "/authorized_keys", user) logger.log("Created user account: " + user) return None
def _del_rule_if_exists(rule_string): rule_string_for_cmp = " ".join(rule_string) cmd_result = ext_utils.run_command_get_output(['iptables-save']) while cmd_result[0] == 0 and (rule_string_for_cmp in cmd_result[1]): ext_utils.run(['iptables', '-D'] + rule_string) cmd_result = ext_utils.run_command_get_output(['iptables-save'])