コード例 #1
0
ファイル: docker.py プロジェクト: EntPack/SilentDune-Client
    def _discover_iptables(self):
        """
        Look for running docker service. If found, check for containers that require firewall rules.
        :return:
        """

        rules = list()

        docker = which('docker')
        if not docker:
            _logger.debug("{0}: Failed to find 'docker' executable.".format(self._module))
            return rules

        if not is_service_running('docker'):
            _logger.debug("{0}: Docker service not running.".format(self._module))
            return rules

        p = subprocess.Popen([u'ntpq', u'-p', u'-n'], stdout=subprocess.PIPE)
        stdoutdata, stderrdata = p.communicate()
        result = p.wait()

        if stderrdata is None:
            data = stdoutdata.decode('utf-8')
            for line in data.split('\n'):
                items = line.split('|')
コード例 #2
0
    def _discover_iptables(self):

        rules = list()

        ntpq = which(u'ntpq')
        if not ntpq:
            _logger.debug('Failed to find program path for "{0}"'.format('ntpq'))
            return rules

        # Check to see if ntpd is running
        if not is_service_running('ntpd'):
            _logger.debug('ntpd is not running.')
            return rules

        p = subprocess.Popen(shlex.split('ntpq -p -n'), stdout=subprocess.PIPE)
        stdoutdata, stderrdata = p.communicate()
        result = p.wait()
        
        if stderrdata is None:
            data = stdoutdata.decode('utf-8')
            for line in data.split('\n'):
                item = line.split(' ', 1)
                if item[0][:1] == '+' or item[0][:1] == '-' or item[0][:1] == '*' or item[0][:1] == 'x' or \
                                item[0][:1] == '.' or item[0][:1] == '#' or item[0][:1] == 'o':
                    ipaddr = item[0][1:]

                    _logger.debug('{0}: adding NTP Client Rules for {1}'.format(self.get_name(), ipaddr))
                    rules.append(create_iptables_udp_egress_ingress_rule(
                        ipaddr, 123, self._slot, transport=ipt.TRANSPORT_AUTO))

        return rules
コード例 #3
0
    def _discover_iptables(self):
        """
        Look for running docker service. If found, check for containers that require firewall rules.
        :return:
        """

        rules = list()

        docker = which('docker')
        if not docker:
            _logger.debug("{0}: Failed to find 'docker' executable.".format(
                self._module))
            return rules

        if not is_service_running('docker'):
            _logger.debug("{0}: Docker service not running.".format(
                self._module))
            return rules

        p = subprocess.Popen([u'ntpq', u'-p', u'-n'], stdout=subprocess.PIPE)
        stdoutdata, stderrdata = p.communicate()
        result = p.wait()

        if stderrdata is None:
            data = stdoutdata.decode('utf-8')
            for line in data.split('\n'):
                items = line.split('|')
コード例 #4
0
ファイル: ntp.py プロジェクト: EntPack/SilentDune-Client
    def _discover_iptables(self):

        rules = list()

        ntpq = which(u'ntpq')
        if not ntpq:
            _logger.debug('Failed to find program path for "{0}"'.format('ntpq'))
            return rules

        # Check to see if ntpd is running
        if not is_service_running('ntpd'):
            _logger.debug('ntpd is not running.')
            return rules

        p = subprocess.Popen(shlex.split('ntpq -p -n'), stdout=subprocess.PIPE)
        stdoutdata, stderrdata = p.communicate()
        result = p.wait()
        
        if stderrdata is None:
            data = stdoutdata.decode('utf-8')
            for line in data.split('\n'):
                item = line.split(' ', 1)
                if item[0][:1] == '+' or item[0][:1] == '-' or item[0][:1] == '*' or item[0][:1] == 'x' or \
                                item[0][:1] == '.' or item[0][:1] == '#' or item[0][:1] == 'o':
                    ipaddr = item[0][1:]

                    _logger.debug('{0}: adding NTP Client Rules for {1}'.format(self.get_name(), ipaddr))
                    rules.append(create_iptables_udp_egress_ingress_rule(
                        ipaddr, 123, self._slot, transport=ipt.TRANSPORT_AUTO))

        return rules
コード例 #5
0
    def discover_pkg_manager(self):
        """
        Find the system package manager executable
        :return: True if found, otherwise False
        """

        self._dist = platform.dist()[0].lower()
        self._dist_version = platform.dist()[1]
        self._dist_version = self._dist_version.split('.')[0]
        self._machine = platform.machine()

        if self._dist in 'ubuntu debian':
            self._repo_manager = which('apt-get')
            # Nothing else to do.

        elif self._dist in 'centos redhat fedora':

            self._repo_config_base = '/etc/yum.repos.d/*.repo'

            self._repo_manager = which('dnf')
            self._repo_cache_base = '/var/cache/dnf'

            if not self._repo_manager:
                self._repo_manager = which('yum')
                self._repo_cache_base = '/var/cache/yum/{0}/{1}'.format(
                    self._machine, self._dist_version)

        elif self._dist in 'suse':
            self._repo_manager = which('zypper')
            self._repo_config_base = '/etc/zypp/repos.d/*.repo'
            self._repo_service_base = '/etc/zypp/services.d/*.service'
            # No metalink cache until suse implements metalinks in zypper

        else:
            _logger.error('{0}: unsupported distribution ({1})'.format(
                self.get_name(), self._dist))
            return False

        if not self._repo_manager:
            _logger.error(
                '{0}: unable to find package manager executable for {1}'.
                format(self.get_name(), self._dist))
            return False

        return True
コード例 #6
0
    def _run_service_command(self, cmd, name):
        """
        Helper function for running system service commands.
        """
        # SysV and Upstart default
        prog = which('service')
        args = [prog, name, cmd]  # Note order of 'name' and 'cmd'

        # SystemD
        if self.sysd_installed:
            prog = which('systemctl')
        args = [prog, cmd, name]  # Note order of 'name' and 'cmd'

        try:
            check_output(args)
            return True
        except CalledProcessError:
            _logger.error('Program "{0} {1}" did not run successfully.'.format(prog, args))

        return False
コード例 #7
0
ファイル: updates.py プロジェクト: EntPack/SilentDune-Client
    def discover_pkg_manager(self):
        """
        Find the system package manager executable
        :return: True if found, otherwise False
        """

        self._dist = platform.dist()[0].lower()
        self._dist_version = platform.dist()[1]
        self._dist_version = self._dist_version.split('.')[0]
        self._machine = platform.machine()

        if self._dist in 'ubuntu debian':
            self._repo_manager = which('apt-get')
            # Nothing else to do.

        elif self._dist in 'centos redhat fedora':

            self._repo_config_base = '/etc/yum.repos.d/*.repo'

            self._repo_manager = which('dnf')
            self._repo_cache_base = '/var/cache/dnf'

            if not self._repo_manager:
                self._repo_manager = which('yum')
                self._repo_cache_base = '/var/cache/yum/{0}/{1}'.format(self._machine, self._dist_version)

        elif self._dist in 'suse':
            self._repo_manager = which('zypper')
            self._repo_config_base = '/etc/zypp/repos.d/*.repo'
            self._repo_service_base = '/etc/zypp/services.d/*.service'
            # No metalink cache until suse implements metalinks in zypper

        else:
            _logger.error('{0}: unsupported distribution ({1})'.format(self.get_name(), self._dist))
            return False

        if not self._repo_manager:
            _logger.error('{0}: unable to find package manager executable for {1}'.format(self.get_name(), self._dist))
            return False

        return True
コード例 #8
0
    def _run_service_command(self, cmd, name):
        """
        Helper function for running system service commands.
        """
        # SysV and Upstart default
        prog = which('service')
        args = [prog, name, cmd]  # Note order of 'name' and 'cmd'

        # SystemD
        if self.sysd_installed:
            prog = which('systemctl')
            args = [prog, cmd, name]  # Note order of 'name' and 'cmd'

        p = subprocess.Popen(args, stdout=subprocess.PIPE)
        stdoutdata, stderrdata = p.communicate()
        p.wait()

        if stderrdata or p.returncode != 0:
            return False

        return True
コード例 #9
0
    def _run_service_command(self, cmd, name):
        """
        Helper function for running system service commands.
        """
        # SysV and Upstart default
        prog = which('service')
        args = [prog, name, cmd]  # Note order of 'name' and 'cmd'

        # SystemD
        if self.sysd_installed:
            prog = which('systemctl')
        args = [prog, cmd, name]  # Note order of 'name' and 'cmd'

        try:
            check_output(args)
            return True
        except CalledProcessError:
            _logger.error('Program "{0} {1}" did not run successfully.'.format(
                prog, args))

        return False
コード例 #10
0
    def _run_service_command(self, cmd, name):
        """
        Helper function for running system service commands.
        """
        # SysV and Upstart default
        prog = which('service')
        args = [prog, name, cmd]  # Note order of 'name' and 'cmd'

        # SystemD
        if self.sysd_installed:
            prog = which('systemctl')
            args = [prog, cmd, name, '2>/dev/null']  # Note order of 'name' and 'cmd'

        p = subprocess.Popen(args, stdout=subprocess.PIPE)
        stdoutdata, stderrdata = p.communicate()
        p.wait()

        if stderrdata or p.returncode != 0:
            return False

        return True
コード例 #11
0
    def _which_wrapper(self, name):
        """
        If program is not found, set an error.
        :param name: Program name
        :return: Program path or None
        """

        p = which(name)
        if not p:
            _logger.debug('Failed to find program path for "{0}"'.format(name))
            self.error = True

        return p
コード例 #12
0
    def _which_wrapper(self, name):
        """
        If program is not found, set an error.
        :param name: Program name
        :return: Program path or None
        """

        p = which(name)
        if not p:
            _logger.debug('Failed to find program path for "{0}"'.format(name))
            self.error = True

        return p
コード例 #13
0
    def _which_wrapper(self, name):
        """
        Look for program
        :param name: Program name
        :return: Program path or None
        """

        p = which(name)
        if not p:
            if self.console_debug:
                # print('Failed to find program path for "{0}"'.format(name))
                pass
            else:
                _logger.warning('failed to find program path for "{0}"'.format(name))

        return p
コード例 #14
0
    def _which_wrapper(self, name):
        """
        Look for program
        :param name: Program name
        :return: Program path or None
        """

        p = which(name)
        if not p:
            if self.console_debug:
                # print('Failed to find program path for "{0}"'.format(name))
                pass
            else:
                _logger.warning('failed to find program path for "{0}"'.format(name))

        return p
コード例 #15
0
    def install_service(self):
        """
        Based on everything we know, lets install the init service.
        :return: True if successful, otherwise False.
        """

        self.cwrite('Installing firewall service...')

        # Figure out our path
        base_path = os.path.split(os.path.realpath(__file__))[0]

        systemd_in_file = os.path.join(base_path,
                                       'init/sdc-firewall.service.in')
        init_in_file = os.path.join(base_path, 'init/sdc-firewall.init.in')

        # Check and make sure we can find the init scripts.
        if not os.path.exists(systemd_in_file) or \
                not os.path.exists(init_in_file):
            _logger.critical('Unable to find init service files.')
            return False

        firewall_exec = which('sdc-firewall')

        if not firewall_exec:
            self.cwriteline('[Error]',
                            'Unable to locate our firewall executable.')
            return False

        # Install systemd service file.
        if self.node_info.sysd_installed:

            path = None

            # TODO: Need to look for selinux and apply a service policy module before saving to system locations.
            #
            # # Determine systemd service unit install directory.
            # if os.path.exists('/usr/lib/systemd/system/'):  # Redhat based
            #     path = '/usr/lib/systemd/system/'
            # elif os.path.exists('/lib/systemd/system/'):  # Ubuntu based
            #     path = '/lib/systemd/system/'
            # elif os.path.exists('/etc/systemd/system/'):  # Last resort location
            #     path = '/etc/systemd/system/'

            # Just save to the systemd user defined location until we get a selinux serivce policy built.
            if os.path.exists('/etc/systemd/system/'):
                path = '/etc/systemd/system/'

            if not path:
                self.cwriteline('[Error]',
                                'Unable to locate systemd service unit path.')
                return False

            self.service_out_file = os.path.join(path, 'sdc-firewall.service')

            # shutil.copy(systemd_in_file, self.service_out_file)

            # Replace key words with local file locations.
            sed_args = 's/%%KILL%%/{0}/g;s/%%SDC-FIREWALL%%/{1}/g'.format(
                self.node_info.kill.replace('/', '\/'),
                firewall_exec.replace('/', '\/'))

            args = [self.node_info.sed, sed_args, systemd_in_file]

            try:
                _logger.debug('Saving systemd service file to {0}'.format(
                    self.service_out_file))
                with open(self.service_out_file, 'w') as handle:
                    subprocess.call(args, stdout=handle)
            except CalledProcessError:
                _logger.error(
                    'Unable to copy systemd service file to system location.')
                return False

            # Set file permissions.
            os.chmod(self.service_out_file, 0o644)

            # Enable and start service
            if not self.node_info.enable_service('sdc-firewall'):
                self.cwriteline('[Error]',
                                'Firewall service failed to enable.')
                return False

            if not self.node_info.start_service('sdc-firewall'):
                self.cwriteline('[Error]', 'Firewall service failed to start.')
                return False

        if self.node_info.sysv_installed:
            # TODO: Write the sysv service install code.
            # Just save to the systemd user defined location until we get a selinux serivce policy built.
            if os.path.exists('/etc/systemd/system/'):
                path = '/etc/systemd/system/'
            pass

            # http://askubuntu.com/questions/2263/chkconfig-alternative-for-ubuntu-server

        self.cwriteline('[OK]', 'Firewall service installed and started.')

        return True
コード例 #16
0
    def install_service(self):
        """
        Based on everything we know, lets install the init service.
        :return: True if successful, otherwise False.
        """

        self.cwrite('Configuring Silent Dune firewall service...')

        # Figure out our path
        base_path = os.path.split(os.path.realpath(__file__))[0]

        systemd_in_file = os.path.join(base_path, 'init/sdc-firewall.systemd.in')
        init_in_file = os.path.join(base_path, 'init/sdc-firewall.sysv.in')

        # Check and make sure we can find the init scripts.
        if not os.path.exists(systemd_in_file) or \
                not os.path.exists(init_in_file):
            _logger.critical('Unable to find init service files.')
            return False

        firewall_exec = which('sdc-firewall')

        if not firewall_exec:
            self.cwriteline('[Error]', 'Unable to locate our firewall executable.')
            return False

        # Install systemd service file.
        if self.node_info.sysd_installed:

            path = None

            # Determine systemd service unit install directory.
            if os.path.exists('/usr/lib/systemd/system/'):  # Redhat based
                path = '/usr/lib/systemd/system/'
            elif os.path.exists('/lib/systemd/system/'):  # Ubuntu based
                path = '/lib/systemd/system/'
            elif os.path.exists('/etc/systemd/system/'):  # Last resort location
                path = '/etc/systemd/system/'

            if not path:
                self.cwriteline('[Error]', 'Unable to locate systemd service unit path.')
                return False

            self.service_out_file = os.path.join(path, 'sdc-firewall.service')

            # See if we need to copy the service unit file to the destination
            if not os.path.isfile(self.service_out_file):
                shutil.copy(systemd_in_file, self.service_out_file)
                os.chmod(self.service_out_file, 0o644)

        if self.node_info.sysv_installed:

            # http://askubuntu.com/questions/2263/chkconfig-alternative-for-ubuntu-server
            path = '/etc/init.d/'
            self.service_out_file = os.path.join(path, 'sdc-firewall')

            # See if we need to copy the service unit file to the destination
            if not os.path.isfile(self.service_out_file):
                shutil.copy(init_in_file, self.service_out_file)
                os.chmod(self.service_out_file, 0o755)

        # Enable service
        # if not self.node_info.enable_service('sdc-firewall'):
        #    self.cwriteline('[Error]', 'Firewall service failed to enable.')
        #    return False

        # Start service
        # if not self.node_info.start_service('sdc-firewall'):
        #     self.cwriteline('[Error]', 'Firewall service failed to start.')
        #     return False

        self.cwriteline('      [OK]', 'Firewall service installed. Please start "sdc-firewall" service now.')

        return True
コード例 #17
0
    def install_service(self):
        """
        Based on everything we know, lets install the init service.
        :return: True if successful, otherwise False.
        """

        self.cwrite('Installing firewall service...')

        # Figure out our path
        base_path = os.path.split(os.path.realpath(__file__))[0]

        systemd_in_file = os.path.join(base_path, 'init/sdc-firewall.service.in')
        init_in_file = os.path.join(base_path, 'init/sdc-firewall.init.in')

        # Check and make sure we can find the init scripts.
        if not os.path.exists(systemd_in_file) or \
                not os.path.exists(init_in_file):
            _logger.critical('Unable to find init service files.')
            return False

        firewall_exec = which('sdc-firewall')

        if not firewall_exec:
            self.cwriteline('[Error]', 'Unable to locate our firewall executable.')
            return False

        # Install systemd service file.
        if self.node_info.sysd_installed:

            path = None

            # TODO: Need to look for selinux and apply a service policy module before saving to system locations.
            #
            # # Determine systemd service unit install directory.
            # if os.path.exists('/usr/lib/systemd/system/'):  # Redhat based
            #     path = '/usr/lib/systemd/system/'
            # elif os.path.exists('/lib/systemd/system/'):  # Ubuntu based
            #     path = '/lib/systemd/system/'
            # elif os.path.exists('/etc/systemd/system/'):  # Last resort location
            #     path = '/etc/systemd/system/'

            # Just save to the systemd user defined location until we get a selinux serivce policy built.
            if os.path.exists('/etc/systemd/system/'):
                path = '/etc/systemd/system/'

            if not path:
                self.cwriteline('[Error]', 'Unable to locate systemd service unit path.')
                return False

            self.service_out_file = os.path.join(path, 'sdc-firewall.service')

            # shutil.copy(systemd_in_file, self.service_out_file)

            # Replace key words with local file locations.
            sed_args = 's/%%KILL%%/{0}/g;s/%%SDC-FIREWALL%%/{1}/g'.format(
                self.node_info.kill.replace('/', '\/'),
                firewall_exec.replace('/', '\/')
            )

            args = [self.node_info.sed, sed_args, systemd_in_file]

            try:
                _logger.debug('Saving systemd service file to {0}'.format(self.service_out_file))
                with open(self.service_out_file, 'w') as handle:
                    subprocess.call(args, stdout=handle)
            except CalledProcessError:
                _logger.error('Unable to copy systemd service file to system location.')
                return False

            # Set file permissions.
            os.chmod(self.service_out_file, 0o644)

            # Enable and start service
            if not self.node_info.enable_service('sdc-firewall'):
                self.cwriteline('[Error]', 'Firewall service failed to enable.')
                return False

            if not self.node_info.start_service('sdc-firewall'):
                self.cwriteline('[Error]', 'Firewall service failed to start.')
                return False

        if self.node_info.sysv_installed:
            # TODO: Write the sysv service install code.
            # Just save to the systemd user defined location until we get a selinux serivce policy built.
            if os.path.exists('/etc/systemd/system/'):
                path = '/etc/systemd/system/'
            pass

            # http://askubuntu.com/questions/2263/chkconfig-alternative-for-ubuntu-server

        self.cwriteline('[OK]', 'Firewall service installed and started.')

        return True
コード例 #18
0
    def install_service(self):
        """
        Based on everything we know, lets install the init service.
        :return: True if successful, otherwise False.
        """

        self.cwrite('Configuring Silent Dune firewall service...')

        # Figure out our path
        base_path = os.path.split(os.path.realpath(__file__))[0]

        systemd_in_file = os.path.join(base_path, 'init/sdc-firewall.systemd.in')
        init_in_file = os.path.join(base_path, 'init/sdc-firewall.sysv.in')

        # Check and make sure we can find the init scripts.
        if not os.path.exists(systemd_in_file) or \
                not os.path.exists(init_in_file):
            _logger.critical('Unable to find init service files.')
            return False

        firewall_exec = which('sdc-firewall')

        if not firewall_exec:
            self.cwriteline('[Error]', 'Unable to locate our firewall executable.')
            return False

        # Install systemd service file.
        if self.node_info.sysd_installed:

            path = None

            # Determine systemd service unit install directory.
            if os.path.exists('/usr/lib/systemd/system/'):  # Redhat based
                path = '/usr/lib/systemd/system/'
            elif os.path.exists('/lib/systemd/system/'):  # Ubuntu based
                path = '/lib/systemd/system/'
            elif os.path.exists('/etc/systemd/system/'):  # Last resort location
                path = '/etc/systemd/system/'

            if not path:
                self.cwriteline('[Error]', 'Unable to locate systemd service unit path.')
                return False

            self.service_out_file = os.path.join(path, 'sdc-firewall.service')

            # See if we need to copy the service unit file to the destination
            if not os.path.isfile(self.service_out_file):
                shutil.copy(systemd_in_file, self.service_out_file)
                os.chmod(self.service_out_file, 0o644)

        if self.node_info.sysv_installed:

            # http://askubuntu.com/questions/2263/chkconfig-alternative-for-ubuntu-server
            path = '/etc/init.d/'
            self.service_out_file = os.path.join(path, 'sdc-firewall')

            # See if we need to copy the service unit file to the destination
            if not os.path.isfile(self.service_out_file):
                shutil.copy(init_in_file, self.service_out_file)
                os.chmod(self.service_out_file, 0o755)

        # Enable service
        # if not self.node_info.enable_service('sdc-firewall'):
        #    self.cwriteline('[Error]', 'Firewall service failed to enable.')
        #    return False

        # Start service
        # if not self.node_info.start_service('sdc-firewall'):
        #     self.cwriteline('[Error]', 'Firewall service failed to start.')
        #     return False

        self.cwriteline('      [OK]', 'Firewall service installed. Please start "sdc-firewall" service now.')

        return True