def logon(self, type, username, password):
log_debug("logon(%s) type=%s username=%s" % (self, type, username))
if username != get_identity(self.uid):
raise ProgramError(
ERR_USER_LOOKUP,
detail="uid=%s does not match logon username (%s)" %
(self.uid, username))
if type == 'sealert':
privilege = 'client'
else:
privilege = None
if not self.access.user_allowed(privilege, username):
raise ProgramError(ERR_USER_PROHIBITED)
self.channel_type = type
self.channel_name = username
self.username = username
self.user = self.database.get_user(username)
if self.user is None:
self.database.add_user(username)
self.connection_state.update(ConnectionState.AUTHENTICATED)
return [pkg_version, rpc_version]
def report_problem(self, siginfo):
siginfo = super(AlertPluginReportReceiver, self).report_problem(siginfo)
if email_recipients is not None:
to_addrs = []
for recipient in email_recipients.recipient_list:
username = "******" % recipient.address
action = siginfo.evaluate_filter_for_user(username, recipient.filter_type)
if action != "ignore":
log_debug("Email: siginfo.sig=%s" % siginfo.sig)
to_addrs.append(recipient.address)
if len(to_addrs):
from setroubleshoot.email_alert import email_alert
email_alert(siginfo, to_addrs)
log_debug("sending alert to all clients")
from setroubleshoot.html_util import html_to_text
syslog.syslog(syslog.LOG_ERR, siginfo.summary() + _(" For complete SELinux messages. run sealert -l %s") % siginfo.local_id )
for audit_record in siginfo.audit_event.records:
if audit_record.record_type == 'AVC':
pid = audit_record.fields["pid"]
break;
systemd.journal.send(siginfo.format_text(), OBJECT_PID=pid)
for u in siginfo.users:
action = siginfo.evaluate_filter_for_user(u.username)
if action == "ignore":
return siginfo
send_alert_notification(siginfo)
return siginfo
def sighandler(signum, frame):
log_debug("received signal=%s" % signum)
import setroubleshoot.config as config
if signum == signal.SIGHUP:
log_debug("reloading configuration file")
config.config_init()
return
def __init__(self, analysis_queue, alert_receiver, timeout):
try:
log_debug("creating system dbus: bus_name=%s object_path=%s interface=%s" % (dbus_system_bus_name, dbus_system_object_path, dbus_system_interface))
self.dbus_obj = SetroubleshootdDBusObject(dbus_system_object_path, analysis_queue, alert_receiver, timeout)
except Exception, e:
syslog.syslog(syslog.LOG_ERR, "cannot start system DBus service: %s" % e)
raise e
def evaluate_alert_filter(self, sig, username):
log_debug("evaluate_alert_filter: username=%s sig=%s" % (username, sig))
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
action = self.database.evaluate_alert_filter(sig, username)
return [action]
def get_properties(self):
log_debug("get_properties")
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
properties = self.database.get_properties()
return [properties]
def delete_signature(self, sig):
log_debug("delete_signature: sig=%s" % sig)
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
siginfo = self.database.delete_signature(sig)
return None
def query_alerts(self, criteria):
log_debug("query_alerts: criteria=%s" % criteria)
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
sigs = self.database.query_alerts(criteria)
return [sigs]
def set_user_data(self, sig, username, item, data):
log_debug("set_user_data: username=%s item=%s data=%s sig=\n%s" % (username, item, data, sig))
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
self.database.set_user_data(sig, username, item, data)
return None
def on_connection_state_change(self, connection_state, flags, flags_added, flags_removed):
log_debug("%s.on_connection_state_change: connection_state=%s flags_added=%s flags_removed=%s address=%s" % (self.__class__.__name__, connection_state, connection_state.flags_to_string(flags_added), connection_state.flags_to_string(flags_removed), self.socket_address))
if flags_removed & ConnectionState.OPEN:
connection_pool.remove_client(self)
if flags_added & ConnectionState.OPEN:
connection_pool.add_client(self)
def delete_signature(self, sig):
log_debug("delete_signature: sig=%s" % sig)
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
siginfo = self.database.delete_signature(sig)
return None
def get_properties(self):
log_debug("get_properties")
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
properties = self.database.get_properties()
return [properties]
def lookup_local_id(self, local_id):
log_debug("lookup_local_id: %s" % local_id)
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
siginfo = self.database.lookup_local_id(local_id)
return [siginfo]
def query_alerts(self, criteria):
log_debug("query_alerts: criteria=%s" % criteria)
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
sigs = self.database.query_alerts(criteria)
return [sigs]
def lookup_local_id(self, local_id):
log_debug("lookup_local_id: %s" % local_id)
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
siginfo = self.database.lookup_local_id(local_id)
return [siginfo]
def sighandler(signum, frame):
log_debug("received signal=%s" % signum)
import setroubleshoot.config as config
if signum == signal.SIGHUP:
log_debug("reloading configuration file")
config.config_init()
return
import sys
sys.exit()
def evaluate_alert_filter(self, sig, username):
log_debug("evaluate_alert_filter: username=%s sig=%s" %
(username, sig))
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
action = self.database.evaluate_alert_filter(sig, username)
return [action]
def set_user_data(self, sig, username, item, data):
log_debug("set_user_data: username=%s item=%s data=%s sig=\n%s" %
(username, item, data, sig))
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
self.database.set_user_data(sig, username, item, data)
return None
def __init__(self, object_path, analysis_queue, alert_receiver, timeout = 10):
dbus.service.Object.__init__(self, dbus.SystemBus(), object_path)
self.conn_ctr=0
self.timeout = timeout
self.alarm(self.timeout)
log_debug('dbus __init__ %s called' % object_path)
self.queue = analysis_queue
self.receiver = alert_receiver
self.record_reader = AuditRecordReader(AuditRecordReader.TEXT_FORMAT)
self.record_receiver = AuditRecordReceiver()
def on_connection_state_change(self, connection_state, flags, flags_added, flags_removed):
log_debug("%s.on_connection_state_change: connection_state=%s flags_added=%s flags_removed=%s address=%s" % (self.__class__.__name__, connection_state, connection_state.flags_to_string(flags_added), connection_state.flags_to_string(flags_removed),self.socket_address))
if flags_removed & ConnectionState.OPEN:
connection_pool.remove_client(self)
if flags_added & ConnectionState.OPEN:
self.uid, self.gid = self.access.get_credentials(self.socket_address.socket)
log_debug("%s.on_connection_state_change: open, socket credentials: uid=%s gid=%s" % (self.__class__.__name__, self.uid, self.gid))
connection_pool.add_client(self)
def set_email_recipients(self, recipients):
global email_recipients
log_debug("set_email_recipients: %s" % recipients)
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
email_recipients = recipients
email_recipients.write_recipient_file(email_recipients_filepath)
def set_email_recipients(self, recipients):
global email_recipients
log_debug("set_email_recipients: %s" % recipients)
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
email_recipients = recipients
email_recipients.write_recipient_file(email_recipients_filepath)
def set_filter(self, sig, username, filter_type, data = "" ):
log_debug("set_filter: username=%s filter_type=%s sig=\n%s" % (username, filter_type, sig))
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
if username != self.username:
raise ProgramError(ERR_USER_PERMISSION, detail=_("The user (%s) cannot modify data for (%s)") % (self.username, username))
self.database.set_filter(sig, username, filter_type, data)
return None
def __init__(self, analysis_queue, alert_receiver, timeout):
try:
log_debug(
"creating system dbus: bus_name=%s object_path=%s interface=%s"
% (dbus_system_bus_name, dbus_system_object_path,
dbus_system_interface))
self.dbus_obj = SetroubleshootdDBusObject(dbus_system_object_path,
analysis_queue,
alert_receiver, timeout)
except Exception, e:
syslog.syslog(syslog.LOG_ERR,
"cannot start system DBus service: %s" % e)
raise e
def __init__(self,
object_path,
analysis_queue,
alert_receiver,
timeout=10):
dbus.service.Object.__init__(self, dbus.SystemBus(), object_path)
self.conn_ctr = 0
self.timeout = timeout
self.alarm(self.timeout)
log_debug('dbus __init__ %s called' % object_path)
self.queue = analysis_queue
self.receiver = alert_receiver
self.record_reader = AuditRecordReader(AuditRecordReader.TEXT_FORMAT)
self.record_receiver = AuditRecordReceiver()
def on_connection_state_change(self, connection_state, flags, flags_added,
flags_removed):
log_debug(
"%s.on_connection_state_change: connection_state=%s flags_added=%s flags_removed=%s address=%s"
% (self.__class__.__name__, connection_state,
connection_state.flags_to_string(flags_added),
connection_state.flags_to_string(flags_removed),
self.socket_address))
if flags_removed & ConnectionState.OPEN:
connection_pool.remove_client(self)
if flags_added & ConnectionState.OPEN:
connection_pool.add_client(self)
def set_filter(self, sig, username, filter_type, data=""):
log_debug("set_filter: username=%s filter_type=%s sig=\n%s" %
(username, filter_type, sig))
if not (self.connection_state.flags & ConnectionState.AUTHENTICATED):
raise ProgramError(ERR_NOT_AUTHENTICATED)
if username != self.username:
raise ProgramError(
ERR_USER_PERMISSION,
detail=_("The user (%s) cannot modify data for (%s)") %
(self.username, username))
self.database.set_filter(sig, username, filter_type, data)
return None
def avc(self, data):
self.alarm(0)
self.conn_ctr += 1
log_debug('dbus avc(%s) called: %d Connections' % (data, self.conn_ctr))
for (record_type, event_id, body_text, fields, line_number) in self.record_reader.feed(str(data)):
audit_record = AuditRecord(record_type, event_id, body_text, fields, line_number)
audit_record.audispd_rectify()
for audit_event in self.record_receiver.feed(audit_record):
self.add(AVC(audit_event))
for audit_event in self.record_receiver.flush(0):
try:
self.add(AVC(audit_event))
except ValueError, e:
syslog.syslog(syslog.LOG_ERR, "Unable to add audit event: %s" % e)
def on_connection_state_change(self, connection_state, flags, flags_added,
flags_removed):
log_debug(
"%s.on_connection_state_change: connection_state=%s flags_added=%s flags_removed=%s address=%s"
% (self.__class__.__name__, connection_state,
connection_state.flags_to_string(flags_added),
connection_state.flags_to_string(flags_removed),
self.socket_address))
if flags_removed & ConnectionState.OPEN:
connection_pool.remove_client(self)
if flags_added & ConnectionState.OPEN:
self.uid, self.gid = self.access.get_credentials(
self.socket_address.socket)
log_debug(
"%s.on_connection_state_change: open, socket credentials: uid=%s gid=%s"
% (self.__class__.__name__, self.uid, self.gid))
connection_pool.add_client(self)
def avc(self, data):
self.alarm(0)
self.conn_ctr += 1
log_debug('dbus avc(%s) called: %d Connections' %
(data, self.conn_ctr))
for (record_type, event_id, body_text, fields,
line_number) in self.record_reader.feed(str(data)):
audit_record = AuditRecord(record_type, event_id, body_text,
fields, line_number)
audit_record.audispd_rectify()
for audit_event in self.record_receiver.feed(audit_record):
self.add(AVC(audit_event))
for audit_event in self.record_receiver.flush(0):
try:
self.add(AVC(audit_event))
except ValueError, e:
syslog.syslog(syslog.LOG_ERR,
"Unable to add audit event: %s" % e)
def report_problem(self, siginfo):
siginfo = super(AlertPluginReportReceiver,
self).report_problem(siginfo)
if email_recipients is not None:
to_addrs = []
for recipient in email_recipients.recipient_list:
username = "******" % recipient.address
action = siginfo.evaluate_filter_for_user(
username, recipient.filter_type)
if action != "ignore":
log_debug("Email: siginfo.sig=%s" % siginfo.sig)
to_addrs.append(recipient.address)
if len(to_addrs):
from setroubleshoot.email_alert import email_alert
email_alert(siginfo, to_addrs)
log_debug("sending alert to all clients")
from setroubleshoot.html_util import html_to_text
syslog.syslog(
syslog.LOG_ERR,
siginfo.summary() +
_(" For complete SELinux messages. run sealert -l %s") %
siginfo.local_id)
for audit_record in siginfo.audit_event.records:
if audit_record.record_type == 'AVC':
pid = audit_record.fields["pid"]
break
systemd.journal.send(siginfo.format_text(), OBJECT_PID=pid)
for u in siginfo.users:
action = siginfo.evaluate_filter_for_user(u.username)
if action == "ignore":
return siginfo
send_alert_notification(siginfo)
return siginfo
def logon(self, type, username, password):
log_debug("logon(%s) type=%s username=%s" % (self, type, username))
if username != get_identity(self.uid):
raise ProgramError(ERR_USER_LOOKUP, detail="uid=%s does not match logon username (%s)" % (self.uid, username))
if type == 'sealert':
privilege = 'client'
else:
privilege = None
if not self.access.user_allowed(privilege, username):
raise ProgramError(ERR_USER_PROHIBITED)
self.channel_type = type
self.channel_name = username
self.username = username
self.user = self.database.get_user(username)
if self.user is None:
self.database.add_user(username)
self.connection_state.update(ConnectionState.AUTHENTICATED)
return [pkg_version, rpc_version]
def start(self):
self.alarm(0)
self.conn_ctr += 1
log_debug('dbus iface start() called: %d Connections' % self.conn_ctr)
return _("Started")
def RunFaultServer(timeout=10):
signal.alarm(timeout)
sigalrm_handler = signal.signal(signal.SIGALRM, polling_failed_handler)
# polling for /sys/fs/selinux/policy file
while True:
try:
audit2why.init()
signal.alarm(0)
break
# retry if init() failed to open /sys/fs/selinux/policy
except ValueError as e:
# The value error contains the following error message,
# followed by strerror string (which can differ with localization)
if "unable to open /sys/fs/selinux/policy" in str(e):
continue
raise e
except SystemError as e:
# As a result of a bug in audit2why.c, SystemError is raised instead of ValueError.
# Python reports: "SystemError occurs as a direct cause of ValueError"
# Error message of the ValueError is stored in __context__
# TODO: remove this except clause when the bug in audti2why is fixed
if "unable to open /sys/fs/selinux/policy" in str(getattr(e, "__context__", "")):
continue
raise e
global host_database, analysis_queue, email_recipients
signal.signal(signal.SIGALRM, sigalrm_handler)
signal.signal(signal.SIGHUP, sighandler)
#interface_registry.dump_interfaces()
try:
# FIXME: should this be using our logging objects in log.py?
# currently syslog is only used for putting an alert into
# the syslog with it's id
pkg_name = get_config('general', 'pkg_name')
syslog.openlog(pkg_name)
# Create an object responsible for sending notifications to clients
client_notifier = ClientNotifier(connection_pool)
# Create a database local to this host
database_filename = get_config('database', 'filename')
database_filepath = make_database_filepath(database_filename)
assure_file_ownership_permissions(database_filepath, 0o600, 'setroubleshoot')
host_database = SETroubleshootDatabase(database_filepath, database_filename,
friendly_name=_("Audit Listener"))
host_database.set_notify(client_notifier)
atexit.register(goodbye, host_database)
deleted = False
for i in host_database.sigs.signature_list:
why, bools = audit2why.analyze(str(i.sig.scontext), str(i.sig.tcontext), str(i.sig.tclass), i.sig.access)
if why == audit2why.ALLOW or why == audit2why.DONTAUDIT:
if why == audit2why.ALLOW:
reason = "allowed"
else:
reason = "dontaudit'd"
syslog.syslog(syslog.LOG_ERR, "Deleting alert %s, it is %s in current policy" % (i.local_id, reason))
deleted = True
host_database.delete_signature(i.sig)
if deleted:
host_database.save(prune=True)
# Attach the local database to an object which will send alerts
# specific to this host
if not get_config('test', 'analyze', bool):
alert_receiver = AlertPluginReportReceiver(host_database)
else:
alert_receiver = TestPluginReportReceiver(host_database)
# Create a synchronized queue for analysis requests
import six.moves.queue
analysis_queue = six.moves.queue.Queue(0)
# Create a thread to peform analysis, it takes AVC objects off
# the analysis queue and runs the plugins against the
# AVC. Analysis requests in the queue may arrive from a
# variety of places; from the audit system, from a log file
# scan, etc. The disposition of the analysis (e.g. where the
# results of the analysis are to go) are included in the queued
# object along with the data to analyze.
analyze_thread = AnalyzeThread(analysis_queue)
analyze_thread.setDaemon(True)
analyze_thread.start()
# Create a thread to receive messages from the audit system.
# This is a time sensitive operation, the primary job of this
# thread is to receive the audit message as quickly as
# possible and return to listening on the audit socket. When
# it receives a complete audit event it places it in the
# analysis queue where another thread will process it
# independently.
# audit_socket_thread = AuditSocketReceiverThread(analysis_queue, alert_receiver)
# audit_socket_thread.setDaemon(True)
# audit_socket_thread.start()
# Initialize the email recipient list
from setroubleshoot.signature import SEEmailRecipientSet
email_recipients = SEEmailRecipientSet()
assure_file_ownership_permissions(email_recipients_filepath, 0o600, 'setroubleshoot')
try:
email_recipients.parse_recipient_file(email_recipients_filepath)
except ProgramError as e:
if e.errno == ERR_FILE_OPEN:
log_debug(e.strerror)
else:
raise e
# Create a server to listen for alert clients and then run.
listen_addresses = get_socket_list_from_config('listen_for_client')
for listen_address in listen_addresses:
listening_server = ListeningServer(listen_address, SetroubleshootdClientConnectionHandler)
listening_server.open()
dbus.glib.init_threads()
setroubleshootd_dbus = SetroubleshootdDBus(analysis_queue, alert_receiver, timeout)
main_loop = GLib.MainLoop()
main_loop.run()
except KeyboardInterrupt as e:
log_debug("KeyboardInterrupt in RunFaultServer")
except SystemExit as e:
log_debug("raising SystemExit in RunFaultServer")
except Exception as e:
import traceback
syslog_trace(traceback.format_exc())
syslog.syslog(syslog.LOG_ERR, "exception %s: %s" % (e.__class__.__name__, str(e)))
def RunFaultServer(timeout=10):
# FIXME
audit2why.init()
global host_database, analysis_queue, email_recipients
signal.signal(signal.SIGHUP, sighandler)
signal.signal(signal.SIGQUIT, sighandler)
signal.signal(signal.SIGTERM, sighandler)
signal.signal(signal.SIGALRM, sighandler)
#interface_registry.dump_interfaces()
try:
# FIXME: should this be using our logging objects in log.py?
# currently syslog is only used for putting an alert into
# the syslog with it's id
pkg_name = get_config('general','pkg_name')
syslog.openlog(pkg_name)
# Create an object responsible for sending notifications to clients
client_notifier = ClientNotifier(connection_pool)
# Create a database local to this host
database_filename = get_config('database','filename')
database_filepath = make_database_filepath(database_filename)
assure_file_ownership_permissions(database_filepath, 0600, 'setroubleshoot')
host_database = SETroubleshootDatabase(database_filepath, database_filename,
friendly_name=_("Audit Listener"))
host_database.set_notify(client_notifier)
atexit.register(goodbye, host_database)
deleted = False
for i in host_database.sigs.signature_list:
why, bools = audit2why.analyze(str(i.sig.scontext), str(i.sig.tcontext), str(i.sig.tclass), i.sig.access)
if why == audit2why.ALLOW or why == audit2why.DONTAUDIT:
if why == audit2why.ALLOW:
reason = "allowed"
else:
reason = "dontaudit'd"
syslog.syslog(syslog.LOG_ERR, "Deleting alert %s, it is %s in current policy" % (i.local_id, reason) )
deleted = True
host_database.delete_signature(i.sig)
if deleted:
host_database.save(prune=True)
# Attach the local database to an object which will send alerts
# specific to this host
if not get_config('test', 'analyze', bool):
alert_receiver = AlertPluginReportReceiver(host_database)
else:
alert_receiver = TestPluginReportReceiver(host_database)
# Create a synchronized queue for analysis requests
import Queue
analysis_queue = Queue.Queue(0)
# Create a thread to peform analysis, it takes AVC objects off
# the analysis queue and runs the plugins against the
# AVC. Analysis requests in the queue may arrive from a
# variety of places; from the audit system, from a log file
# scan, etc. The disposition of the analysis (e.g. where the
# results of the analysis are to go) are included in the queued
# object along with the data to analyze.
analyze_thread = AnalyzeThread(analysis_queue)
analyze_thread.setDaemon(True)
analyze_thread.start()
# Create a thread to receive messages from the audit system.
# This is a time sensitive operation, the primary job of this
# thread is to receive the audit message as quickly as
# possible and return to listening on the audit socket. When
# it receives a complete audit event it places it in the
# analysis queue where another thread will process it
# independently.
# audit_socket_thread = AuditSocketReceiverThread(analysis_queue, alert_receiver)
# audit_socket_thread.setDaemon(True)
# audit_socket_thread.start()
# Initialize the email recipient list
from setroubleshoot.signature import SEEmailRecipientSet
email_recipients = SEEmailRecipientSet()
assure_file_ownership_permissions(email_recipients_filepath, 0600, 'setroubleshoot')
try:
email_recipients.parse_recipient_file(email_recipients_filepath)
except ProgramError, e:
if e.errno == ERR_FILE_OPEN:
log_debug(e.strerror)
else:
raise e
# Create a server to listen for alert clients and then run.
listen_addresses = get_socket_list_from_config('listen_for_client')
for listen_address in listen_addresses:
listening_server = ListeningServer(listen_address, SetroubleshootdClientConnectionHandler)
listening_server.open()
dbus.glib.init_threads()
setroubleshootd_dbus = SetroubleshootdDBus(analysis_queue, alert_receiver, timeout)
main_loop = gobject.MainLoop()
main_loop.run()
def remove_client(self, handler):
if handler not in self.client_pool:
log_debug("remove_client: client (%s) not in client pool" % handler)
return
del(self.client_pool[handler])
def remove_client(self, handler):
if not self.client_pool.has_key(handler):
log_debug("remove_client: client (%s) not in client pool" %
handler)
return
del (self.client_pool[handler])
def start(self):
self.alarm(0)
self.conn_ctr += 1
log_debug('dbus iface start() called: %d Connections' % self.conn_ctr)
return _("Started")
def finish(self):
self.conn_ctr -= 1
log_debug('dbus iface finish() called: %d Connections' % self.conn_ctr)
self.alarm(self.timeout)
return ""
def RunFaultServer(timeout=10):
# FIXME
audit2why.init()
global host_database, analysis_queue, email_recipients
signal.signal(signal.SIGHUP, sighandler)
signal.signal(signal.SIGQUIT, sighandler)
signal.signal(signal.SIGTERM, sighandler)
signal.signal(signal.SIGALRM, sighandler)
#interface_registry.dump_interfaces()
try:
# FIXME: should this be using our logging objects in log.py?
# currently syslog is only used for putting an alert into
# the syslog with it's id
pkg_name = get_config('general', 'pkg_name')
syslog.openlog(pkg_name)
# Create an object responsible for sending notifications to clients
client_notifier = ClientNotifier(connection_pool)
# Create a database local to this host
database_filename = get_config('database', 'filename')
database_filepath = make_database_filepath(database_filename)
assure_file_ownership_permissions(database_filepath, 0600,
'setroubleshoot')
host_database = SETroubleshootDatabase(
database_filepath,
database_filename,
friendly_name=_("Audit Listener"))
host_database.set_notify(client_notifier)
atexit.register(goodbye, host_database)
deleted = False
for i in host_database.sigs.signature_list:
why, bools = audit2why.analyze(str(i.sig.scontext),
str(i.sig.tcontext),
str(i.sig.tclass), i.sig.access)
if why == audit2why.ALLOW or why == audit2why.DONTAUDIT:
if why == audit2why.ALLOW:
reason = "allowed"
else:
reason = "dontaudit'd"
syslog.syslog(
syslog.LOG_ERR,
"Deleting alert %s, it is %s in current policy" %
(i.local_id, reason))
deleted = True
host_database.delete_signature(i.sig)
if deleted:
host_database.save(prune=True)
# Attach the local database to an object which will send alerts
# specific to this host
if not get_config('test', 'analyze', bool):
alert_receiver = AlertPluginReportReceiver(host_database)
else:
alert_receiver = TestPluginReportReceiver(host_database)
# Create a synchronized queue for analysis requests
import Queue
analysis_queue = Queue.Queue(0)
# Create a thread to peform analysis, it takes AVC objects off
# the analysis queue and runs the plugins against the
# AVC. Analysis requests in the queue may arrive from a
# variety of places; from the audit system, from a log file
# scan, etc. The disposition of the analysis (e.g. where the
# results of the analysis are to go) are included in the queued
# object along with the data to analyze.
analyze_thread = AnalyzeThread(analysis_queue)
analyze_thread.setDaemon(True)
analyze_thread.start()
# Create a thread to receive messages from the audit system.
# This is a time sensitive operation, the primary job of this
# thread is to receive the audit message as quickly as
# possible and return to listening on the audit socket. When
# it receives a complete audit event it places it in the
# analysis queue where another thread will process it
# independently.
# audit_socket_thread = AuditSocketReceiverThread(analysis_queue, alert_receiver)
# audit_socket_thread.setDaemon(True)
# audit_socket_thread.start()
# Initialize the email recipient list
from setroubleshoot.signature import SEEmailRecipientSet
email_recipients = SEEmailRecipientSet()
assure_file_ownership_permissions(email_recipients_filepath, 0600,
'setroubleshoot')
try:
email_recipients.parse_recipient_file(email_recipients_filepath)
except ProgramError, e:
if e.errno == ERR_FILE_OPEN:
log_debug(e.strerror)
else:
raise e
# Create a server to listen for alert clients and then run.
listen_addresses = get_socket_list_from_config('listen_for_client')
for listen_address in listen_addresses:
listening_server = ListeningServer(
listen_address, SetroubleshootdClientConnectionHandler)
listening_server.open()
dbus.glib.init_threads()
setroubleshootd_dbus = SetroubleshootdDBus(analysis_queue,
alert_receiver, timeout)
main_loop = gobject.MainLoop()
main_loop.run()
log_debug(e.strerror)
else:
raise e
# Create a server to listen for alert clients and then run.
listen_addresses = get_socket_list_from_config('listen_for_client')
for listen_address in listen_addresses:
listening_server = ListeningServer(
listen_address, SetroubleshootdClientConnectionHandler)
listening_server.open()
dbus.glib.init_threads()
setroubleshootd_dbus = SetroubleshootdDBus(analysis_queue,
alert_receiver, timeout)
main_loop = gobject.MainLoop()
main_loop.run()
except KeyboardInterrupt, e:
log_debug("KeyboardInterrupt in RunFaultServer")
except SystemExit, e:
log_debug("raising SystemExit in RunFaultServer")
except Exception, e:
syslog.syslog(syslog.LOG_ERR,
"exception %s: %s" % (e.__class__.__name__, str(e)))
if __name__ == '__main__':
RunFaultServer()
def add_client(self, handler):
if self.client_pool.has_key(handler):
log_debug("add_client: client (%s) already in client pool" %
handler)
return
self.client_pool[handler] = None
def finish(self):
self.conn_ctr -= 1
log_debug('dbus iface finish() called: %d Connections' % self.conn_ctr)
self.alarm(self.timeout)
return ""
def remove_client(self, handler):
if not self.client_pool.has_key(handler):
log_debug("remove_client: client (%s) not in client pool" % handler)
return
del(self.client_pool[handler])
try:
email_recipients.parse_recipient_file(email_recipients_filepath)
except ProgramError, e:
if e.errno == ERR_FILE_OPEN:
log_debug(e.strerror)
else:
raise e
# Create a server to listen for alert clients and then run.
listen_addresses = get_socket_list_from_config('listen_for_client')
for listen_address in listen_addresses:
listening_server = ListeningServer(listen_address, SetroubleshootdClientConnectionHandler)
listening_server.open()
dbus.glib.init_threads()
setroubleshootd_dbus = SetroubleshootdDBus(analysis_queue, alert_receiver, timeout)
main_loop = gobject.MainLoop()
main_loop.run()
except KeyboardInterrupt, e:
log_debug("KeyboardInterrupt in RunFaultServer")
except SystemExit, e:
log_debug("raising SystemExit in RunFaultServer")
except Exception, e:
syslog.syslog(syslog.LOG_ERR, "exception %s: %s" % (e.__class__.__name__, str(e)))
if __name__=='__main__':
RunFaultServer()
def polling_failed_handler(signum, frame):
log_debug("received signal=%s" % signum)
syslog.syslog(syslog.LOG_ERR, "/sys/fs/selinux/policy is in use by another process. Exiting!")
os._exit(1)
def add_client(self, handler):
if self.client_pool.has_key(handler):
log_debug("add_client: client (%s) already in client pool" % handler)
return
self.client_pool[handler] = None
