Python split_message 예제들

예제 #1

파일: user.py 프로젝트: pythonxuexi8888/audit_pretty

def user_main_info(msg):
    m = msg.copy()
    pam = split_message(m['msg'], quotes='"')

    def rem(d, key):
        if key in d:
            del d[key]


    rem(m, 'id')
    rem(m, 'time')
    rem(m, 'msg')
    rem(pam, 'hostname')
    rem(pam, 'addr')
    rem(m, 'pid')
    rem(m, 'uid')
    rem(m, 'auid')
    rem(m, 'ses')
    rem(pam, 'cwd')
    rem(pam, 'op')
    rem(pam, 'exe')
    rem(pam, 'terminal')

    m['msg'] = ' '.join(['{}="{}"'.format(k, v) for k, v in pam.items()])
    return m

예제 #2

def service_start(msg, suffix=''):
    systemd_msg = split_message(msg['msg'], quotes='"')
    return format_helper(title='Service start',
                         suffix=suffix,
                         timestamp=datetime.fromtimestamp(msg['time'])
                         if 'time' in msg else None,
                         urgency='info',
                         info={'Unit': systemd_msg['unit']})

예제 #3

파일: user.py 프로젝트: pythonxuexi8888/audit_pretty

def add_user(msg, suffix=''):
    pam_msg = split_message(msg['msg'], quotes='"')
    return format_helper(
        title='New user created',
        timestamp=datetime.fromtimestamp(msg['time']) if 'time' in msg else None,
        urgency='info',
        suffix=suffix,
        info={
            'Created by': decode_uid(msg.get('auid')) if 'auid' in msg else None,
            'New user ID': decode_uid(pam_msg['id'], str(pam_msg['id'])),
            'Command': pam_msg.get('exe', pam_msg.get('cmd')),
            'Session': msg.get('ses'),
            'Success': 'Yes' if pam_msg.get('res') == 'success' else 'No'
        },
        extra_info={
            'Process ID': msg.get('pid'),
            'Hostname': pam_msg.get('hostname') if pam_msg.get('hostname') != '?' else None,
            'Address': pam_msg.get('addr') if pam_msg.get('addr') != '?' else None,
            'Terminal': pam_msg.get('terminal') if pam_msg.get('terminal') != '?' else None
        })

예제 #4

파일: user.py 프로젝트: pythonxuexi8888/audit_pretty

def generic_user_event(title, msg, suffix):
    pam_msg = split_message(msg['msg'], quotes='"')
    return format_helper(
        title=title,
        timestamp=datetime.fromtimestamp(msg['time']) if 'time' in msg else None,
        urgency='info',
        suffix=suffix,
        info={
            'Account': pam_msg.get('acct'),
            'Command': pam_msg.get('exe', pam_msg.get('cmd')),
            'Session': msg.get('ses'),
            'Success': 'Yes' if pam_msg.get('res') == 'success' else 'No'
        },
        extra_info={
            'Process ID': msg.get('pid'),
            'Audit UID': decode_uid(msg.get('auid')) if 'auid' in msg else None,
            'Hostname': pam_msg.get('hostname') if pam_msg.get('hostname') != '?' else None,
            'Address': pam_msg.get('addr') if pam_msg.get('addr') != '?' else None,
            'Terminal': pam_msg.get('terminal') if pam_msg.get('terminal') != '?' else None
        })

예제 #5

파일: user.py 프로젝트: pythonxuexi8888/audit_pretty

def user_cmd(msg, suffix) -> str:
    pam_msg = split_message(msg['msg'], quotes='"')
    return format_helper(
        title='Command executed with different user\'s priveleges',
        timestamp=datetime.fromtimestamp(msg['time']) if 'time' in msg else None,
        urgency='info',
        suffix=suffix,
        info={
            'Executor\'s UID': decode_uid(msg.get('auid'), str(msg['auid'])) if 'auid' in msg else None,
            'Working directory': pam_msg.get('cwd'),
            'Command': decode_unsafe_hex(str(pam_msg['cmd'])),
            'Session': msg.get('ses'),
            'Success': 'Yes' if pam_msg.get('res') == 'success' else 'No'
        },
        extra_info={
            'Process ID': msg.get('pid'),
            'Hostname': pam_msg.get('hostname') if pam_msg.get('hostname') != '?' else None,
            'Address': pam_msg.get('addr') if pam_msg.get('addr') != '?' else None,
            'Terminal': pam_msg.get('terminal') if pam_msg.get('terminal') != '?' else None
        })

예제 #6

파일: user.py 프로젝트: pythonxuexi8888/audit_pretty

def del_user(msg, suffix=''):
    pam_msg = split_message(msg['msg'], quotes='"')
    return format_helper(
        title='User deleted',
        timestamp=datetime.fromtimestamp(msg['time']) if 'time' in msg else None,
        urgency='info',
        suffix=suffix,
        info={
            'Deleted by': decode_uid(msg.get('auid')) if 'auid' in msg else None,
            # I love consistency of PAM audit logs.
            'Deleted user ID': pam_msg.get('id') if pam_msg.get('res') == 'success' else pam_msg.get('acct'),
            'Command': pam_msg.get('exe', pam_msg.get('cmd')),
            'Session': msg.get('ses'),
            'Success': 'Yes' if pam_msg.get('res') == 'success' else 'No'
        },
        extra_info={
            'Process ID': msg.get('pid'),
            'Hostname': pam_msg.get('hostname') if pam_msg.get('hostname') != '?' else None,
            'Address': pam_msg.get('addr') if pam_msg.get('addr') != '?' else None,
            'Terminal': pam_msg.get('terminal') if pam_msg.get('terminal') != '?' else None
        })

예제 #7

def main_info(msg):
    systemd_msg = split_message(msg['msg'], quotes='"')
    return {'msg': 'unit=' + systemd_msg['unit']}