def netstat_generator():
command = "sudo netstat -Znp"
out = util.run_and_readline(command)
for line in out:
if line.startswith("Proto RefCnt Flags"): break
pattern = r'^([^ ]+?) +([0-9]+?) +(\[[^\]]+?\]) +([^ ]+?) +(([^ ]+?) +)?([0-9]+?) +([0-9]+?)/([^ :]+?)(: ([^ ]+?))? +([^ ]+)( +([^ ]+))?$'
regex = re.compile(pattern)
for line in out:
line = line.strip()
match = regex.match(line)
if match:
data = {
"Proto": match.group(1),
"RefCnt": match.group(2),
"Flags": match.group(3),
"Type": match.group(4),
"State": match.group(6),
"I-Node": match.group(7),
"PID": match.group(8),
"Program name": match.group(9),
"User": match.group(11),
"Security Context": match.group(12),
"Path": match.group(14),
}
yield data
def netstat_ip_generator(type):
command = r"sudo netstat -Znp{0} | sed -e '1,2d'| sed 's/ \+/ /g'".format(
type)
pattern = r'^([^ ]+?) ([0-9]+?) ([0-9]+?) ([0-9.:]+?) ([0-9.:]+?) ([^ ]+?) ([0-9]+?/[^ ]+?(: [^ ]+?)?|-) (.+)$'
regex = re.compile(pattern)
for line in util.run_and_readline(command):
line = line.strip()
match = regex.match(line)
if match:
local_address = match.group(4)
ip, port = local_address.split(":")
local_address = {
"ip": ip,
"port": int(port),
}
foreign_address = match.group(5)
ip, port = foreign_address.split(":")
foreign_address = {
"ip": ip,
"port": int(port),
}
pid = match.group(7)
program = None
if pid == "-":
pid = None
else:
pid, program = pid.split("/")
label = match.group(9)
if label == "-":
label = None
else:
vals = label.split(":")
user, role, domain = vals[:3]
level = ":".join(vals[3:])
label = {
"user": user,
"role": role,
"domain": domain,
"level": level,
}
data = {
"Proto": match.group(1),
"Recv-Q": match.group(2),
"Send-Q": match.group(3),
"Local Address": local_address,
"Foreign Address": foreign_address,
"State": match.group(6),
"PID": pid,
"Program name": program,
"Security Context": label,
}
yield data
def sestatus():
data = {}
command = "sestatus"
for line in util.run_and_readline(command):
index = line.find(":")
if index == -1: continue
label = line[:index]
val = line[(index + 1):].strip()
data[label] = val
return data
def process_generator():
command = "ps -eZ --no-headers"
for line in util.run_and_readline(command):
label, pid, tty, time, process = line.split()
data = {
"pid": pid,
"name": process,
"label": parse_label(label),
"tty": tty,
"time": time,
}
yield data
def netstat_unix_socket_generator():
command = r"sudo netstat -Znpx | sed -e '1,2d'| sed 's/ \+/ /g'"
pattern = r'^(?P<Proto>[^ ]+?)' \
r' (?P<RefCnt>[0-9]+?)' \
r' \[(?P<Flags>[^\]]+?)\]' \
r' (?P<Type>[^ ]+?)' \
r' ((?P<State>[^ ]+?) )?(?P<INode>[0-9]+?)' \
r' (-|(?P<PID>[0-9]+?)/(?P<ProgramName>[^ ]+?(: [^ ]+?)?))' \
r' (-|(?P<SecurityContext>[^ ]+?))' \
r'($| (?P<Path>.+?)$)'
regex = re.compile(pattern)
for line in util.run_and_readline(command):
line = line.strip()
match = regex.match(line)
if match:
label = match.group("SecurityContext")
if not label is None:
vals = label.split(":")
user, role, domain = vals[:3]
level = ":".join(vals[3:])
label = {
"user": user,
"role": role,
"domain": domain,
"level": level,
}
data = {
"Proto": match.group("Proto"),
"RefCnt": match.group("RefCnt"),
"Flags": match.group("Flags"),
"Type": match.group("Type"),
"State": match.group("State"),
"I-Node": match.group("INode"),
"PID": match.group("PID"),
"Program name": match.group("ProgramName"),
"Security Context": label,
"Path": match.group("Path"),
}
yield data
def readline_selinux_label(path, prune_dir=[], ftype=None):
find_cmd = selinux_label_command(path, prune_dir, ftype)
return util.run_and_readline(find_cmd)