def background_code(args):
log = get_logger('shell')
pipe_id = args.pipe_id
log.info('Initiating shell with pipe ID {}', pipe_id)
try:
set_gpg('client')
with PenguinDomeServerPeer('client', pipe_id) as remote, \
PexpectPeer('/bin/bash') as shell:
broker = InteractionBroker(shell, remote)
broker.interact()
except Exception:
log.exception()
sys.exit(1)
signatures_dir,
set_gpg,
)
from penguindome.client import get_logger, encrypt_document
import penguindome.json as json
os.chdir(top_dir)
set_gpg('client')
# Some commands the plugins use are in /sbin or /usr/sbin on some
# distributions, and it isn't always in the search path used by cron scripts.
for d in ('/sbin', '/usr/sbin'):
if d not in os.environ['PATH'].split(':'):
os.environ['PATH'] += ':' + d
log = get_logger('collect')
def run_file(run_path,
run_name,
results,
parse_output=True,
delete_after_success=False,
submit_failures=False):
log.debug('Running {}', run_path)
with NamedTemporaryFile('w+') as stderr_file:
try:
run_output = subprocess.check_output(
run_path, stderr=stderr_file.fileno()).decode('utf8')
except subprocess.CalledProcessError as e:
log.exception('Failed to execute {}', run_path)
# "installed_packages" -- List of installed packages
#
# Any of the booleans can also return the string "unknown".
import json
import os
from psutil import Process
import subprocess
from signal import SIGHUP
from tempfile import TemporaryFile
import time
from penguindome.client import get_logger
from penguindome.plugin_tools import process_dict_iter
log = get_logger('plugins/os_updates')
def arch_checker():
def ancestors(p, attrs=None):
if attrs:
attrs = list(attrs)
if 'ppid' not in attrs:
attrs.append('ppid')
else:
attrs = ['ppid']
ancestors = []
try:
while p['ppid']:
p = Process(p['ppid']).as_dict(attrs=attrs)
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import json
import subprocess
from penguindome.client import get_logger
results = {}
log = get_logger('plugins/hd_encryption')
def is_encrypted(device):
try:
subprocess.check_output(['cryptsetup', 'status', device])
return True
except:
pass
try:
# I hope it's a logical volume!
vg = subprocess.check_output(
('lvs', '--noheadings', '-o', 'vg_name', device),
close_fds=True).decode('utf8').strip()
except:
log.info('Cryptsetup and lvs on {} failed, assuming not encrypted',
import datetime
from fasteners.process_lock import InterProcessLock
import glob
import os
import subprocess
import sys
import time
from penguindome import (
top_dir,
var_dir,
collected_dir,
)
from penguindome.client import get_setting, get_logger
log = get_logger('client-cron')
def bin_path(cmd):
return os.path.join(top_dir, 'bin', cmd)
def check_stamp(path, interval):
try:
modified = os.stat(path).st_mtime
except:
return True
# This is called once per minute, so we're going to round up.
return time.time() - modified > (interval - 1) * 60
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations under
# the License.
import glob
import os
from requests.exceptions import HTTPError, ReadTimeout
import sys
from penguindome import top_dir, collected_dir, set_gpg
from penguindome.client import get_logger, server_request
log = get_logger('submit')
os.chdir(top_dir)
set_gpg('client')
for collected in sorted(glob.glob(os.path.join(collected_dir, '*[0-9]'))):
# This nested try/except is that we don't have to duplicate the code twice,
# one for unrecognized HTTPError exceptiosns and again for ReadTimeout.
try:
try:
server_request('/penguindome/v1/submit', data_path=collected,
exit_on_connection_error=True, logger=log)
except HTTPError as e:
if e.response.status_code == 400:
log.error('Server returned status code 400. '
'Renaming {} to {}.bad.', collected, collected)
os.rename(collected, collected + '.bad')
import shutil
import socket
import subprocess
import sys
from tempfile import mkdtemp
from penguindome import (
top_dir,
set_gpg,
release_file,
var_dir,
signatures_dir,
)
from penguindome.client import get_logger, gpg_command, server_request
log = get_logger('update')
os.chdir(top_dir)
set_gpg('client')
def do_release(data):
log.info('Updating to {}', data['current_release'])
unpack_dir = mkdtemp(dir=var_dir)
try:
update_tar = os.path.join(unpack_dir, 'release.tar')
update_signed = update_tar + '.asc'
open(update_signed, 'w').write(data['update'])
gpg_command('--verify', update_signed)
gpg_command(update_signed)
subprocess.check_output(('tar', '--file', update_tar,
# the License.
import re
import subprocess
from tempfile import TemporaryFile
from penguindome import cached_data
from penguindome.client import get_logger
import penguindome.json as json
from penguindome.plugin_tools import find_x_users, DBusUser, process_dict_iter
valid_lockers = ('slock', 'i3lock')
valid_lockers_re = re.compile(r'^(?:' +
'|'.join(re.escape(l) for l in valid_lockers) +
r')(?:\s|$)')
log = get_logger('plugins/screenlock')
def gnome_xscreensaver_status(user, display):
try:
dbus_user = DBusUser(user, display)
except KeyError:
return None
with TemporaryFile('w+') as stderr_file:
try:
dbus_output = dbus_user.command(
'echo $DBUS_SESSION_BUS_ADDRESS; '
'dbus-send --session --dest=org.freedesktop.DBus '
'--type=method_call --print-reply /org/freedesktop/Dbus org.'
'freedesktop.DBus.ListNames',