예제 #1
0
파일: fabfile.py 프로젝트: normalex/pez
def configure_db_server():
    '''
    Bootstrapping Postgresql and needed packages on a remote host.

    Supports only Debian/Ubuntu
    If the Dev server is self opened for ssh it can be configured as well.

    '''
    with settings(warn_only=True):
        fabtools.deb.update_index()
    fabtools.require.postgres.server()
    fabtools.require.postgres.user(dbusername, password=dbpassword)
    fabtools.require.postgres.database(dbname, owner=dbusername)
    postgres_conf = files.first(
        '/etc/postgresql/9*/main/pg_hba.conf'
    )
    postgres_listen_conf = files.first(
        '/etc/postgresql/9*/main/postgresql.conf'
    )
    if not postgres_conf or not postgres_listen_conf:
        abort('Could not find Postgresql configuration file')
    files.append(
        postgres_conf,
        'host    all             all             0.0.0.0/0               md5',
        use_sudo=True
    )
    files.append(
        postgres_listen_conf,
        "listen_addresses = '*'",
        use_sudo=True
    )
    sudo("service postgresql restart")
예제 #2
0
파일: pci.py 프로젝트: zipi85/AWL
def fix_ssh_access():
    ''' set PasswordAuthentification and PermitRootLogin to 'no' '''
    needrestart = 0
    x = first('/usr/local/openssh/etc/sshd_config', '/etc/ssh/sshd_config')
    if (x != "None"):
        if sudo("sshd -T | grep -e '^passwordauthentication yes'", quiet=True):
            sudo(
                '''sed -ri 's/#?PasswordAuthentication.*yes/PasswordAuthentication no/g' '''
                + x,
                quiet=True)
            needrestart = 1
            print "\033[92mPasswordAuthentification has been set to 'no'\033[0m"
        if sudo("sshd -T | grep -e '^permitrootlogin yes'", quiet=True):
            sudo('''sed -ri 's/#?PermitRootLogin.*yes/PermitRootLogin no/g' '''
                 + x,
                 quiet=True)
            needrestart = 1
            print "\033[92mPermitRootLogin has been set to 'no'\033[0m"
        if needrestart == 1:
            x = sudo("service sshd restart", warn_only=True, quiet=True)
            if x.succeeded:
                print "\033[92mSSHD service restarted\033[0m"
            else:
                print "\033[91mFailed to restart SSHD\033[0m"
        else:
            print "\033[96mSSHD is correctly set\033[0m"
    else:
        print "\033[91mNo SSHD configuration file found\033[0m"
예제 #3
0
    def sync(source, target, output):

        t = string.Template(
            "mk-table-sync --print --replace --algorithm=GroupBy \
                            h=$sh,u=$su,p=$sp,D=$sd,t=$table \
                            h=$th,u=$tu,p=$tp,D=$td,t=$table | sed s/'`$td`.'/''/g \
                            >> $output"
        )

        vars = {
            "sh": env.dbhost,
            "th": env.dbhost,
            "su": env.dbuser,
            "tu": env.dbuser,
            "sp": env.dbpass,
            "tp": env.dbpass,
            "sd": source,
            "td": target,
        }

        ignoresource = first(join(output, ".dbignore"), join(os.environ["HOME"], ".dbignore"))
        if not ignoresource is None:
            with open(ignoresource, "r") as itf:
                ignoretables = [table for table in itf.readlines() if table.strip() == ""]

        tables = get_tables(source)
        for table in tables:
            if not table in ignoretables:
                vars["table"] = target
                vars["output"] = output
                cmd = t.substitute(vars)
                with settings(warn_only=True):
                    run(cmd)
예제 #4
0
파일: fabfile.py 프로젝트: hernantz/gorkon
def vwrap():
    """Activates virtualenvwrapper commands"""
    # This is the location if installed via:
    # apt-get install virtualenvwrapper
    shfile = first('/etc/bash_completion.d/virtualenvwrapper',
                   '/usr/local/bin/virtualenvwrapper.sh')
    with prefix(once('source %s' % shfile)):
        yield
예제 #5
0
파일: pci.py 프로젝트: zipi85/AWL
def check_logmon_size():
    '''check the size of logmon.cfg'''
    x = first('/etc/watchdot/logmon.cfg', '/usr/local/watch/logmon.cfg')
    if (x != "None"):
        lines = sudo('''wc -l ''' + x, quiet=True)
        print env.host + '\t' + lines
    else:
        print '\033[91mNo watchdog config file found !\033[0m'
예제 #6
0
def wat_remote():
    """launch wat -remote"""
    watcmd = first('/usr/bin/wat', '/usr/local/bin/wat')
    state.output.everything = True
    if sudo(watcmd + ' -remote', quiet=False).failed:
        print red('wat -remote is not working')
    else:
        print('ok')
예제 #7
0
def vwrap():
    """Activates virtualenvwrapper commands"""
    # This are the virtualenvwrapper shell aliases file location
    # if installed via:
    # apt-get install virtualenvwrapper or pip install virtualenvwrapper
    shfile = first('/etc/bash_completion.d/virtualenvwrapper',
                   '/usr/local/bin/virtualenvwrapper.sh')
    with prefix(once('source %s' % shfile)):
        yield
예제 #8
0
def update_watchdot():
    ''' update watchdot to latest version, set @muteLoginuid in /etc/watchdot/watchdog.config, chkconfig and (re)start if needed '''
    set_available_trusted_sources()
    update_rpm(rpm='watchdot',confirm='n')
    if sudo('/sbin/chkconfig --list watchdot',warn_only=True).failed:
        sudo('/sbin/chkconfig --add watchdot')
    wconfig=first('/etc/watchdot/watchdog.config','/usr/local/watch/watchdog.config')
    if sudo('''grep -qE '^@muteLoginuid' '''+wconfig ,warn_only=True).failed:
        #x=sed(wconfig,'# Prefix','#@muteLoginuid to prevent auditd tracing watchdog\\n@muteLoginuid\\n&',backup='.fabric')
        mute=[]
        mute.append('#@muteLoginuid to prevent auditd tracing watchdog')
        mute.append('@muteLoginuid')
        append(wconfig,mute,use_sudo=True)
    watcmd=first('/usr/bin/wat','/usr/local/bin/wat')
    sudo(watcmd +' -stop',warn_only=True)
    time.sleep(1)
    with settings(show('running','debug', 'status','stdout','stderr','warnings','aborts')):
    	sudo(watcmd +' -start',warn_only=True)
        sudo(watcmd +' -who')
                                    
예제 #9
0
def apt_source():
    ''' auto setup apt source '''
    f = files.first('/etc/apt/sources.list', '/etc/apt/sources.list.d/debian.list')
    for i, l in enumerate(apt_src): print i + 1, l
    chooses = [int(i.strip()) for i in operations.prompt('choose> ').split(',')]
    s = ['deb %s %s main contrib non-free' % (l.strip(), debian_release)
         for i, l in enumerate(apt_src) if i+1 in chooses]
    operations.put(
        StringIO('# from fab init.py\n' + '\n'.join(s)),
        f, use_sudo=True)
    api.sudo('aptitude update')
예제 #10
0
파일: pci.py 프로젝트: zipi85/AWL
def check_watchdog_logmon_apply_syst_patches():
    '''display where is located apply_system_patche lines in logmon.conf'''
    x = first('/etc/watchdot/logmon.cfg', '/usr/local/watch/logmon.cfg')
    if (x != "None"):
        lines = sudo('''grep -b5 'WARNING_APPLY_PATCHES_SYSTEM' ''' + x +
                     ''' | grep -v 'ERROR' ''',
                     warn_only=True,
                     quiet=True)
        if "/var/log/messages" not in lines:
            print '\033[91mProblem with line /var/log/messages\n\n' + lines + '\033[0m'
    else:
        print '\033[91mNo watchdog config file found !\033[0m'
예제 #11
0
파일: pci.py 프로젝트: zipi85/AWL
def check_watchdog_logmon_var_log_messages():
    '''check how many times File /var/log/messages is defined in logmon.conf'''
    x = first('/etc/watchdot/logmon.cfg', '/usr/local/watch/logmon.cfg')
    if (x != "None"):
        #state.output.everything = True
        lines = sudo('''grep 'File /var/log/messages' ''' + x +
                     ''' | grep -v '#' | wc -l ''',
                     warn_only=True,
                     quiet=True)
        print env.host + '\t' + lines
    else:
        print '\033[91mNo watchdog config file found !\033[0m'
예제 #12
0
파일: fabfile.py 프로젝트: normalex/pez
def configure_db_server():
    '''
    Bootstrapping Postgresql and needed packages on a remote host.

    Supports only Debian/Ubuntu
    If the Dev server is self opened for ssh it can be configured as well.

    '''
    with settings(warn_only=True):
        fabtools.deb.update_index()
    fabtools.require.postgres.server()
    fabtools.require.postgres.user(dbusername, password=dbpassword)
    fabtools.require.postgres.database(dbname, owner=dbusername)
    postgres_conf = files.first('/etc/postgresql/9*/main/pg_hba.conf')
    postgres_listen_conf = files.first(
        '/etc/postgresql/9*/main/postgresql.conf')
    if not postgres_conf or not postgres_listen_conf:
        abort('Could not find Postgresql configuration file')
    files.append(
        postgres_conf,
        'host    all             all             0.0.0.0/0               md5',
        use_sudo=True)
    files.append(postgres_listen_conf, "listen_addresses = '*'", use_sudo=True)
    sudo("service postgresql restart")
예제 #13
0
def apt_source():
    ''' auto setup apt source '''
    f = files.first('/etc/apt/sources.list',
                    '/etc/apt/sources.list.d/debian.list')
    for i, l in enumerate(apt_src):
        print i + 1, l
    chooses = [
        int(i.strip()) for i in operations.prompt('choose> ').split(',')
    ]
    s = [
        'deb %s %s main contrib non-free' % (l.strip(), debian_release)
        for i, l in enumerate(apt_src) if i + 1 in chooses
    ]
    operations.put(StringIO('# from fab init.py\n' + '\n'.join(s)),
                   f,
                   use_sudo=True)
    api.sudo('aptitude update')
예제 #14
0
파일: pci.py 프로젝트: zipi85/AWL
def config_rsyslog():
    ''' configure rsyslog (if needed) and restart his service'''
    x = first('/etc/rsyslog.d/50_remote.conf', '/etc/rsyslog.conf')
    if (x != "None"):
        if sudo("grep -P 'syslog-pci-mutv|new-syslog-pci-mutv' " + x,
                quiet=True):
            print "\033[96mRsyslog is configured properly\033[0m"
        else:
            print "\033[91mRsyslog is not configured properly\033[0m"
    elif exists('/etc/rsyslog.d/50_remote.conf_NONPCI', use_sudo=True):
        if sudo("grep -P 'syslog-pci-mutv|new-syslog-pci-mutv' /etc/rsyslog.d/50_remote.conf_NONPCI",
                quiet=True):
            sudo(
                "mv /etc/rsyslog.d/50_remote.conf_NONPCI /etc/rsyslog.d/50_remote.conf",
                quiet=True)
            sudo("service rsyslog restart", quiet=True)
            print "\033[92mRsyslog has been configured and restarted\033[0m"
        else:
            print "\033[91mRsyslog is not configured properly...\033[0m"
    else:
        print "\033[91m No Rsyslog configuration file found\033[0m"
예제 #15
0
파일: pci.py 프로젝트: zipi85/AWL
def check_clamav_tripwire_logmon():
    '''Check duplicates CLAMAV and tripwire lines in logmon.cfg'''
    x = first('/etc/watchdot/logmon.cfg', '/usr/local/watch/logmon.cfg')
    if (x != "None"):
        clamavcheck = sudo('grep /var/log/clamav/clamscan.log ' + x +
                           ' | wc -l',
                           warn_only=True,
                           quiet=True)
        if clamavcheck == '0':
            print "\033[91mClamAV conf not found !\033[0m"
        elif clamavcheck != '1':
            print "\033[91mClamAV conf found " + clamavcheck + " times !\033[0m"
        if sudo('''grep -E '^[^\#].+/usr/local/tripwire/tfs/report/tripwire_check' '''
                + x,
                warn_only=True,
                quiet=True).succeeded:
            print "\033[91mTripwire conf found !\033[0m"
        if sudo('''ps -ef | grep -iE 'watchdot.*start' | grep -v grep''',
                warn_only=True,
                quiet=True).failed:
            print "\033[91mWatchdog is not started !\033[0m"
    else:
        print '\033[91mNo watchdog config file found !\033[0m'
예제 #16
0
def conf_logmon():
    """add apply_patches_system surveillance in logmon.cfg"""
    logmon = first('/etc/watchdot/logmon.cfg', '/usr/local/watch/logmon.cfg')
    if (logmon != "None"):
        if sudo('grep -sqi _APPLY_PATCHES_SYSTEM ' + logmon,
                quiet=True).succeeded:
            print cyan('logmon.cfg is already configured properly')
            #return 1
        elif env.host[1] == 'p':
            append(logmon, '\n## apply_patches_system', use_sudo=True)
            append(logmon, 'File /var/log/messages', use_sudo=True)
            append(
                logmon,
                'WARNING_APPLY_PATCHES_SYSTEM.*Dependence  [ident=SYS-PAT-0002] [criticity=MAJ] MSG=error dependence during system patch management',
                use_sudo=True)
            append(
                logmon,
                'ERROR_APPLY_PATCHES_SYSTEM.*Manual blocking  [ident=SYS-PAT-0002] [criticity=MAJ] MSG=error manual blocking during system patch management',
                use_sudo=True)
            append(
                logmon,
                'ERROR_APPLY_PATCHES_SYSTEM.*Error func_pre_control [ident=SYS-PAT-0001] [criticity=CRI] MSG=error pre_control during system patch management',
                use_sudo=True)
            append(
                logmon,
                'ERROR_APPLY_PATCHES_SYSTEM.*Error func_apply_patches [ident=SYS-PAT-0001] [criticity=CRI] MSG=error apply_patches during system patch management',
                use_sudo=True)
            append(
                logmon,
                'ERROR_APPLY_PATCHES_SYSTEM.*Error func_post_control  [ident=SYS-PAT-0001] [criticity=CRI] MSG=error post_control during system patch management',
                use_sudo=True)
            append(
                logmon,
                'ERROR_APPLY_PATCHES_SYSTEM.*Error func_monitoring  [ident=SYS-PAT-0001] [criticity=CRI] MSG=error monitoring during system patch management',
                use_sudo=True)
            print green('logmon.cfg has been configured properly (Production)')
        else:
            append(logmon, '\n## apply_patches_system', use_sudo=True)
            append(logmon, 'File /var/log/messages', use_sudo=True)
            append(
                logmon,
                'WARNING_APPLY_PATCHES_SYSTEM.*Dependence  [ident=SYS-PAT-0000] [criticity=WAR] MSG=error during system patch management',
                use_sudo=True)
            append(
                logmon,
                'ERROR_APPLY_PATCHES_SYSTEM.*Error func_pre_control [ident=SYS-PAT-0000] [criticity=WAR] MSG=error during system patch management',
                use_sudo=True)
            append(
                logmon,
                'ERROR_APPLY_PATCHES_SYSTEM.*Error func_apply_patches [ident=SYS-PAT-0000] [criticity=WAR] MSG=error during system patch management',
                use_sudo=True)
            append(
                logmon,
                'ERROR_APPLY_PATCHES_SYSTEM.*Error func_post_control  [ident=SYS-PAT-0000] [criticity=WAR] MSG=error during system patch management',
                use_sudo=True)
            print green('logmon.cfg has been configured properly')
    else:
        print red('No watchdog config file found !')
        return 1
    sudo('''sed -i 'N;/^\\n$/D;P;D;' ''' + logmon, quiet=True)
    watcmd = first('/usr/bin/wat', '/usr/local/bin/wat')
    if sudo(watcmd + ' -v | grep "fhs 2"', quiet=True).succeeded:
        print red('Watchdog 2.x')
        #return 1
    if sudo(watcmd + ' -local 20', quiet=True).failed:
        print red('wat local is not working')
    if run('''cat /etc/redhat-release | grep 'release 7' ''', quiet=True):
        if sudo('systemctl restart watchdot.service', quiet=True).succeeded:
            print green('Watchdog service has been restarted (7)')
        else:
            print red('Problem when restarting Watchdog service (7)')
    else:
        sudo(watcmd + ' -stop', quiet=True)
        sudo('sleep 10', quiet=True)
        if sudo(watcmd + ' -start', quiet=True).succeeded:
            sudo('sleep 3', quiet=True)
            if sudo('''ps -ef | grep -iE 'watchdot.*start' | grep -v grep''',
                    warn_only=True,
                    quiet=True).failed:
                print "\033[91mWatchdog is not started !\033[0m"
            else:
                print green('Watchdog service has been restarted (6)')
            sudo(watcmd + ' -remote', quiet=True)
        else:
            print red('Problem when restarting Watchdog service (6)')
예제 #17
0
파일: pci.py 프로젝트: zipi85/AWL
def config_clamav():
    '''Push the good configuration for CLAMAV with new PCI CLAMAV mirror'''
    if run('''cat /etc/redhat-release | grep 'release 7' ''', quiet=True):
        user = '******'
    else:
        user = '******'

    #Push configuration files with good rights and specific user depending os version
    lscan = os.path.join(source, freshclam)
    put(local_path=lscan,
        remote_path='/etc/freshclam.conf',
        use_sudo=True,
        mode=0700)
    sudo('''sed -i 's/DatabaseOwner/DatabaseOwner ''' + user +
         '''/g' /etc/freshclam.conf''')
    sudo('chown root: /etc/freshclam.conf')
    lscan = os.path.join(source, freshdaily)
    put(local_path=lscan,
        remote_path='/etc/cron.daily/freshclam',
        use_sudo=True,
        mode=0700)
    sudo('''sed -i 's/clam.clam/''' + user + ''':''' + user +
         '''/g' /etc/cron.daily/freshclam''')
    sudo('chown root: /etc/cron.daily/freshclam')
    lscan = os.path.join(source, freshrotate)
    put(local_path=lscan,
        remote_path='/etc/logrotate.d/freshclam',
        use_sudo=True,
        mode=0644)
    sudo('''sed -i 's/clam clam/''' + user + ''' ''' + user +
         '''/g' /etc/logrotate.d/freshclam''')
    sudo('chown root: /etc/logrotate.d/freshclam')
    clamcron = StringIO.StringIO(
        ('%02d %02d * * sun   root    /usr/local/etc/clamscan &> /dev/null\n')
        % (random.randint(0, 59), random.randint(6, 12)))
    put(clamcron, '/etc/cron.d/clamscan', use_sudo=True, mode=0600)
    sudo('chown root: /etc/cron.d/clamscan')
    if run("hostname | grep sips", quiet=True):
        lscan = os.path.join(source, clamscansips)
    else:
        lscan = os.path.join(source, clamscan)
    put(local_path=lscan,
        remote_path='/usr/local/etc/clamscan',
        use_sudo=True,
        mode=0700)
    sudo('chown root: /usr/local/etc/clamscan')
    if not exists('/var/lib/clamav', use_sudo=True):
        sudo('mkdir -p /var/lib/clamav')
    sudo('chown -R ' + user + ':' + user + ' /var/lib/clamav')
    if exists('/var/log/freshclam.log', use_sudo=True):
        sudo('chown ' + user + ':' + user + ' /var/log/freshclam.log')
    if not exists('/var/log/clamav', use_sudo=True):
        sudo('mkdir -p /var/log/clamav')
    sudo('chown -R ' + user + ':' + user + ' /var/log/clamav')
    if exists('/var/lib/clamav/mirrors.dat', use_sudo=True):
        sudo('rm /var/lib/clamav/mirrors.dat')
    if exists('/usr/share/doc/clamav-0.*/signatures.pdf', use_sudo=True):
        sudo('rm /usr/share/doc/clamav-0.*/signatures.pdf')
    x = first('/etc/watchdot/logmon.cfg', '/usr/local/watch/logmon.cfg')
    if (x != "None"):
        if sudo("grep -P '/var/log/clamav/clamscan.log' " + x, quiet=True):
            pass
        else:
            lwat = os.path.join(source, clamwat)
            put(local_path=lwat, remote_path=clamwat)
            sudo('cat /home/$SUDO_USER/clamwat >> ' + x)
    else:
        print env.host, 'no watchdog config file found'

    #Run freshclam
    x = sudo('/etc/cron.daily/freshclam', warn_only=True)
    if x.return_code != 0:
        print "\033[91mFreshclam failed...\033[0m"
        return 1
    else:
        print "\033[92mFreshclam succeeded\033[0m"
예제 #18
0
def _venv_root():
    return first(*env.venv_roots)
예제 #19
0
def _venv_root():
    return first(*env.venv_roots)
예제 #20
0
파일: pci.py 프로젝트: zipi85/AWL
def install_clamav():
    '''Install CLAMAV with new PCI CLAMAV mirror'''
    if run('''cat /etc/redhat-release | grep 'release 7' ''', quiet=True):
        lscan = os.path.join(source, clamavpuppet)
        put(local_path=lscan,
            remote_path='/etc/puppet/modules/clamav-puppet.tar',
            use_sudo=True,
            mode=0755)
        sudo(
            'tar -xf /etc/puppet/modules/clamav-puppet.tar --directory=/etc/puppet/modules'
        )
        sudo('''echo class { 'clamav': } > /etc/puppet/modules/test.pp''')
        sudo('yum-config-manager --enable epel > /dev/null')
        x = sudo('puppet apply --test /etc/puppet/modules/test.pp',
                 warn_only=True)
        if x.return_code > 2:
            print '\033[91mInstallation de CLAMAV KO\033[0m'
            sudo('yum-config-manager --disable epel > /dev/null')
            return 1
        sudo('yum-config-manager --disable epel > /dev/null')
        sudo('rm -f /etc/puppet/modules/clamav-puppet.tar')
        user = '******'
    else:
        if not exists('/etc/yum.repos.d/pvm.repo', use_sudo=True):
            sudo('yum install -y repositories-pvm --enablerepo=awl-main')
            sudo(
                'yum-config-manager --disable pvm-main --disable pvm-external > /dev/null'
            )
        x = sudo('rpm -q clamav', warn_only=True, quiet=True)
        if x.succeeded:
            sudo(
                'yum update -y clamav --enablerepo=pvm-main --enablerepo=pvm-external'
            )
        else:
            sudo(
                'yum install -y clamav --enablerepo=pvm-main --enablerepo=pvm-external'
            )
        user = '******'

    #Push configuration files with good rights and specific user depending os version
    lscan = os.path.join(source, freshclam)
    put(local_path=lscan,
        remote_path='/etc/freshclam.conf',
        use_sudo=True,
        mode=0700)
    sudo('''sed -i 's/DatabaseOwner/DatabaseOwner ''' + user +
         '''/g' /etc/freshclam.conf''')
    sudo('chown root: /etc/freshclam.conf')
    lscan = os.path.join(source, freshdaily)
    put(local_path=lscan,
        remote_path='/etc/cron.daily/freshclam',
        use_sudo=True,
        mode=0700)
    sudo('''sed -i 's/clam.clam/''' + user + ''':''' + user +
         '''/g' /etc/cron.daily/freshclam''')
    sudo('chown root: /etc/cron.daily/freshclam')
    lscan = os.path.join(source, freshrotate)
    put(local_path=lscan,
        remote_path='/etc/logrotate.d/freshclam',
        use_sudo=True,
        mode=0644)
    sudo('''sed -i 's/clam clam/''' + user + ''' ''' + user +
         '''/g' /etc/logrotate.d/freshclam''')
    sudo('chown root: /etc/logrotate.d/freshclam')
    clamcron = StringIO.StringIO(
        ('%02d %02d * * sun   root    /usr/local/etc/clamscan &> /dev/null\n')
        % (random.randint(0, 59), random.randint(6, 12)))
    put(clamcron, '/etc/cron.d/clamscan', use_sudo=True, mode=0600)
    sudo('chown root: /etc/cron.d/clamscan')
    if run("hostname | grep sips", quiet=True):
        lscan = os.path.join(source, clamscansips)
    else:
        lscan = os.path.join(source, clamscan)
    put(local_path=lscan,
        remote_path='/usr/local/etc/clamscan',
        use_sudo=True,
        mode=0700)
    sudo('chown root: /usr/local/etc/clamscan')
    if not exists('/var/lib/clamav', use_sudo=True):
        sudo('mkdir -p /var/lib/clamav')
    sudo('chown -R ' + user + ':' + user + ' /var/lib/clamav')
    if exists('/var/log/freshclam.log', use_sudo=True):
        sudo('chown ' + user + ':' + user + ' /var/log/freshclam.log')
    if not exists('/var/log/clamav', use_sudo=True):
        sudo('mkdir -p /var/log/clamav')
    sudo('chown -R ' + user + ':' + user + ' /var/log/clamav')
    if exists('/var/lib/clamav/mirrors.dat', use_sudo=True):
        sudo('rm /var/lib/clamav/mirrors.dat')
    if exists('/usr/share/doc/clamav-0.*/signatures.pdf', use_sudo=True):
        sudo('rm /usr/share/doc/clamav-0.*/signatures.pdf')
    x = first('/etc/watchdot/logmon.cfg', '/usr/local/watch/logmon.cfg')
    if (x != "None"):
        print "logmon.cfg present"
        if sudo("grep -P '/var/log/clamav/clamscan.log' " + x, quiet=True):
            print "entree clamav trouvee dans logmon.cfg"
            pass
        else:
            print "entree clamav non trouvee dans logmon.cfg"
            lwat = os.path.join(source, clamwat)
            put(local_path=lwat, remote_path=clamwat)
            sudo('cat /home/$SUDO_USER/clamwat >> ' + x)
    else:
        print env.host, 'no watchdog config file found'

    #Run freshclam
    x = sudo('/etc/cron.daily/freshclam', warn_only=True)
    if x.return_code != 0:
        print "\033[91mFreshclam failed...\033[0m"
        return 1
    else:
        print "\033[92mFreshclam succeeded\033[0m"