def run_scanner(host, port, user, localkey, nodetype):
import connect
scantype = cfgparse.get(nodetype, 'scantype')
profile = cfgparse.get(nodetype, 'profile')
results = cfgparse.get(nodetype, 'results')
report = cfgparse.get(nodetype, 'report')
secpolicy = cfgparse.get(nodetype, 'secpolicy')
# Here is where we contruct the actual scan command
if scantype == 'xccdf':
cpe = cfgparse.get(nodetype, 'cpe')
com = '{0} xccdf eval --profile {1} --results {2}/{3}' \
' --report {2}/{4}' \
' --cpe {5} {6}'.format(oscapbin,
profile,
GlobalVariables.tmpdir.rstrip(),
results,
report,
cpe,
secpolicy)
connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
elif scantype == 'oval':
com = '{0} oval eval --results {1}/{2} '
'--report {1}/{3} {4}'.format(oscapbin,
GlobalVariables.tmpdir.rstrip(), results,
report, secpolicy)
connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
else:
com = '{0} oval-collect '.format(oscapbin)
connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
def main(argv):
"""Main body of the program."""
parser = argparse.ArgumentParser(prog=argv[0])
parser.add_argument('--port',
help='HTTP server port',
type=int,
default=8091)
parser.add_argument('--config',
help='Configuration file (INI file)',
default='config.ini')
parser.add_argument('--log_level',
help='Logging level (DEBUG, INFO, WARNING, ERROR)',
type=str,
default='INFO')
parser.add_argument(
'--include_inactive_devices',
help=
'Do not use; this flag has no effect and remains for compatibility only',
action='store_true')
args = parser.parse_args()
try:
level = getattr(logging, args.log_level)
except AttributeError:
print(f'Invalid --log_level: {args.log_level}')
sys.exit(-1)
args = parser.parse_args()
logging.basicConfig(
format=
'%(asctime)s [%(name)24s %(thread)d] %(levelname)10s %(message)s',
datefmt='%Y/%m/%d %H:%M:%S',
level=level)
logger.info('Starting up on port=%s', args.port)
if args.include_inactive_devices:
logger.warning(
'--include_inactive_devices is now inoperative and will be removed in a future release'
)
try:
cfg = config.Config(args.config)
except:
logger.exception('Could not load configuration: %s', args.config)
sys.exit(-1)
devices = cfg.devices
if len(devices) == 0:
logger.fatal(
'No devices configured; please re-run this program with --create_device_cache.'
)
sys.exit(-2)
prometheus_client.start_http_server(args.port)
connect.ConnectionManager(metrics.Metrics().update, devices, cfg.hosts)
_sleep_forever()
def createfiles(host, port, user, localkey):
import connect
localpath = functest_dir + 'scripts/createfiles.py'
remotepath = '/tmp/createfiles.py'
com = 'python /tmp/createfiles.py'
connect = connect.ConnectionManager(host, port, user, localkey, localpath,
remotepath, com)
GlobalVariables.tmpdir = connect.remotescript()
def createfiles(host, port, user, localkey):
import connect
global tmpdir
localpath = os.getcwd() + '/scripts/createfiles.py'
remotepath = '/tmp/createfiles.py'
com = 'python /tmp/createfiles.py'
connect = connect.ConnectionManager(host, port, user, localkey,
localpath, remotepath, com)
tmpdir = connect.remotescript()
def post_tasks(host, port, user, localkey, nodetype):
import connect
# Create the download folder for functest dashboard and download reports
reports_dir = cfgparse.get(nodetype, 'reports_dir')
dl_folder = os.path.join(
reports_dir,
host + "_" + datetime.datetime.now().strftime('%Y-%m-%d_%H-%M-%S'))
os.makedirs(dl_folder, 0755)
report = cfgparse.get(nodetype, 'report')
results = cfgparse.get(nodetype, 'results')
reportfile = '{0}/{1}'.format(GlobalVariables.tmpdir.rstrip(), report)
connect = connect.ConnectionManager(host, port, user, localkey, dl_folder,
reportfile, report, results)
connect.download_reports()
def internet_check(host, nodetype):
import connect
user = cfgparse.get(nodetype, 'user')
port = cfgparse.get(nodetype, 'port')
localpath = functest_dir + 'scripts/internet_check.py'
remotepath = '/tmp/internet_check.py'
com = 'python /tmp/internet_check.py'
testconnect = connect.ConnectionManager(host, port, user, localkey,
localpath, remotepath, com)
connectionresult = testconnect.remotescript()
if connectionresult.rstrip() == 'True':
return True
else:
return False
def cleandir(host, port, user, localkey, nodetype):
import connect
com = 'sudo rm -r {0}'.format(GlobalVariables.tmpdir.rstrip())
connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
def removepkg(host, port, user, localkey, nodetype):
import connect
com = 'sudo yum -y remove openscap-scanner scap-security-guide'
connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
def install_pkg(host, port, user, localkey):
import connect
com = 'sudo yum -y install openscap-scanner scap-security-guide'
connect = connect.ConnectionManager(host, port, user, localkey, com)
connect.remotecmd()
def main(argv):
"""Main body of the program."""
parser = argparse.ArgumentParser(prog=argv[0])
parser.add_argument(
'--config', help='Configuration file (INI file)', default='config.ini')
parser.add_argument(
'--device', help='Device name (from config) to operate on')
parser.add_argument(
'--heat_mode', help='Desired mode, on or off', default='off')
parser.add_argument(
'--log_level',
help='Logging level (DEBUG, INFO, WARNING, ERROR)',
type=str,
default='INFO',
)
args = parser.parse_args()
try:
level = getattr(logging, args.log_level)
except AttributeError:
print(f'Invalid --log_level: {args.log_level}')
sys.exit(-1)
args = parser.parse_args()
logging.basicConfig(
format='%(asctime)s [%(name)24s %(thread)d] %(levelname)10s %(message)s',
datefmt='%Y/%m/%d %H:%M:%S',
level=level,
)
try:
cfg = config.Config(args.config)
except:
logger.exception('Could not load configuration: %s', args.config)
sys.exit(-1)
devices = cfg.devices
if len(devices) == 0:
logger.fatal(
'No devices configured; please re-run this program with --create_device_cache.'
)
sys.exit(-2)
dev = [d for d in devices if d.name == args.device]
if not dev:
logger.fatal(
'Could not find device "%s" in configuration', args.device)
sys.exit(-3)
if args.heat_mode == 'on':
callback_fn = turn_on_heat
elif args.heat_mode == 'off':
callback_fn = turn_off_heat
else:
logger.fatal('Invalid --heat_mode, must be one of "on" or "off"')
sys.exit(-3)
conn_mgr = connect.ConnectionManager(
callback_fn, dev, cfg.hosts, reconnect=False)
_ok_to_shutdown.wait()
conn_mgr.shutdown()