def sync_usb_memory(cls, state, data_center): """ synchronize usb-memory """ block_base_path = '/sys/class/block/*' block_node_regex = re.compile('^[a-zA-Z]+$') block_usb_regex = re.compile('/usb[0-9]*/') #block devices for block_device in glob.glob(block_base_path): device_node = block_device.split('/')[-1] if not block_node_regex.match(device_node): continue #/sys/devices device_sys_path = block_device + '/device' if not os.path.exists(device_sys_path): continue device_real_path = os.path.realpath(device_sys_path) #usb device if block_usb_regex.search(device_real_path): #whitelist serial_path = search_file_reversely(device_real_path, 'serial', REVERSE_LOOKUP_LIMIT) if serial_path: with open(serial_path) as f: serial = f.read().strip('\n') for s in data_center.get_usb_memory_whitelist(): if s == serial: cls._logger.info( 'SYNC serial({}) is in whitelist'.format( serial)) return #authorized authorized = search_file_reversely(device_real_path, 'authorized', REVERSE_LOOKUP_LIMIT) if not authorized: cls._logger.error('{} not found authorized'.block_device) return with open(authorized, 'w') as f: f.write('0') cls._logger.info( 'SYNC state={} authorized=0'.format(state)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_USB_MEMORY, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) write_event_log( SOMANSA, datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'), JSON_RULE_USB_MEMORY, SOMANSA_STATE_DISALLOW, 'null', 'null', 'null', 'null') cls._logger.debug( '***** USB disallow {}'.format(block_device))
def sync_keyboard(cls, state, data_center): """ synchronize keyboard """ keyboard_usb_regex = re.compile('/usb[0-9]*/') keyboard_bluetooth_regex = re.compile('bluetooth') keyboard_real_path_list = search_dir_list('/sys/devices', '.*::capslock') for keyboard_real_path in keyboard_real_path_list: if not keyboard_usb_regex.search(keyboard_real_path): continue if keyboard_bluetooth_regex.search(keyboard_real_path): continue bConfigurationValue = search_file_reversely( keyboard_real_path, 'bConfigurationValue', REVERSE_LOOKUP_LIMIT) if not bConfigurationValue: cls._logger.error('not found bConfigurationValue') continue with open(bConfigurationValue, 'w') as f: f.write('0') cls._logger.info( 'SYNC state={} bConfigurationValue=0'.format(state)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_KEYBOARD, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center)
def _watch_printers(self): """ thread target """ while True: if self._watchdog_dead: break if self._watchdog_bark_on: try: printers = self._conn.getPrinters() for printer_name in printers: self._conn.deletePrinter(printer_name) self.logger.debug( '(watch) delete printer({})'.format(printer_name)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_PRINTER, JSON_RULE_DISALLOW) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, self.data_center) except: self.logger.error(grac_format_exc()) time.sleep(1)
def sync_camera(cls, state, data_center): """ synchronize camera """ camera_base_path = '/sys/class/video4linux' for camera in glob.glob(camera_base_path + '/*'): camera_real_path = os.path.realpath(camera + '/device') bConfigurationValue = search_file_reversely( camera_real_path, 'bConfigurationValue', REVERSE_LOOKUP_LIMIT) if not bConfigurationValue: cls._logger.error('not found bConfigurationValue') continue with open(bConfigurationValue, 'w') as f: f.write('0') with open('{}/{}.bcvp'.format(META_ROOT, JSON_RULE_CAMERA), 'w') as f2: f2.write(bConfigurationValue) cls._logger.info( 'SYNC state={} bConfigurationValue=0'.format(state)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_CAMERA, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center)
def remount_thread(devnode, mode, data_center): """ remount """ logger = GracLog.get_logger() for i in range(600): #1 mins partis = psutil.disk_partitions() for parti in partis: if parti.device == devnode: remount_readonly(parti.device, parti.mountpoint) logger.info('{} mode has changed'.format(devnode)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_USB_MEMORY, mode) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) write_event_log( SOMANSA, datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'), JSON_RULE_USB_MEMORY, SOMANSA_STATE_READONLY, 'null', 'null', 'null', 'null') return time.sleep(0.1) logger.error('{} fail to change mode'.format(devnode))
def do_task(param, data_center): """ do task """ logger = GracLog.get_logger() try: mode = param[0] authorized_path = search_file_reversely('/sys/' + param[1], 'authorized', REVERSE_LOOKUP_LIMIT) with open(authorized_path, 'w') as f: f.write('0') logger.info('mode has changed to {}'.format(mode)) logger.debug('***** DVD MODULE disallow {}'.format(param[1])) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_CD_DVD, mode) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) write_event_log( SOMANSA, datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'), JSON_RULE_CD_DVD, SOMANSA_STATE_DISALLOW, 'null', 'null', 'null', 'null') except: e = grac_format_exc() logger.error(e) return GRAC_OK
def do_task(param, data_center): """ do task """ logger = GracLog.get_logger() try: mode = param[0] bConfigurationValue_path = search_file_reversely( '/sys/' + param[1], 'bConfigurationValue', REVERSE_LOOKUP_LIMIT) with open(bConfigurationValue_path, 'w') as f: f.write('0') with open('{}/{}.bcvp'.format(META_ROOT, JSON_RULE_CAMERA), 'w') as f2: f2.write(bConfigurationValue_path) logger.info('mode has changed to {}'.format(mode)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_CAMERA, mode) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) except: e = grac_format_exc() logger.error(e) return GRAC_OK
def sync_mouse(cls, state, data_center): """ synchronize mouse """ mouse_base_path = '/sys/class/input' mouse_regex = re.compile('mouse[0-9]*') mouse_usb_regex = re.compile('/usb[0-9]*/') mouse_bluetooth_regex = re.compile('bluetooth') for mouse in glob.glob(mouse_base_path + '/*'): mouse_node = mouse.split('/')[-1] if mouse_regex.match(mouse_node): mouse_real_path = os.path.realpath(mouse + '/device') if not mouse_usb_regex.search(mouse_real_path): continue if mouse_bluetooth_regex.search(mouse_real_path): continue bConfigurationValue = search_file_reversely( mouse_real_path, 'bConfigurationValue', REVERSE_LOOKUP_LIMIT) if not bConfigurationValue: cls._logger.error( '{} not found bConfigurationValue'.format(mouse_node)) continue with open(bConfigurationValue, 'w') as f: f.write('0') cls._logger.info( 'SYNC state={} bConfigurationValue=0'.format(state)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_MOUSE, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center)
def do_task(param, data_center): """ do task """ logger = GracLog.get_logger() try: mode = param[0] #skeep 'event' of mouse events #for processing task once if 'event' in param[1].split('/')[-1]: return GRAC_OK bConfigurationValue_path = search_file_reversely( '/sys/' + param[1], 'bConfigurationValue', REVERSE_LOOKUP_LIMIT) with open(bConfigurationValue_path, 'w') as f: f.write('0') logger.info('mode has changed to {}'.format(mode)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_MOUSE, mode) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) except: e = grac_format_exc() logger.error(e) return GRAC_OK
def sync_wireless(cls, state, data_center): """ synchronize wireless """ wl_base_path = '/sys/class/net' wl_inner_regex = re.compile('wireless') for wl in glob.glob(wl_base_path + '/*'): wl_node = wl.split('/')[-1] for wl_inner in glob.glob(wl + '/*'): file_name = wl_inner.split('/')[-1] if wl_inner_regex.match(file_name): wl_inner_real_path = os.path.realpath(wl_inner + '/device') remove = search_file_reversely(wl_inner_real_path, 'remove', REVERSE_LOOKUP_LIMIT) if not remove: cls._logger.error( '{} not found remove'.format(wl_inner)) continue with open(remove, 'w') as f: f.write('1') if os.path.exists(remove): remove_second = '/'.join( remove.split('/')[:-2]) + '/remove' if not os.path.exists(remove_second): logger.error('wireless=>FAIL TO REMOVE 1') continue else: with open(remove_second, 'w') as sf: sf.write('1') if os.path.exists(remove): logger.error('wireless=>FAIL TO REMOVE 2') continue with open(META_FILE_PCI_RESCAN, 'a') as f: f.write('wireless=>{}'.format(remove)) cls._logger.info('SYNC state={} remove=1'.format(state)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_WIRELESS, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) write_event_log( SOMANSA, datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'), JSON_RULE_WIRELESS, SOMANSA_STATE_DISALLOW, 'null', 'null', 'null', 'null')
def sync_usb_network(cls, state, data_center): """ synchronize usb-network """ #################### WHITE LIST #################### usb_port_blacklist = data_center.get_usb_network_port_blacklist() cls._logger.debug( '(UNW SYNC) usb_port_blacklist={}'.format(usb_port_blacklist)) if not usb_port_blacklist: cls._logger.info('(UNW SYNC) blacklist is empty') return #################################################### block_base_path = '/sys/class/net/*' block_usb_regex = re.compile(usb_port_blacklist) #block devices for block_device in glob.glob(block_base_path): device_node = block_device.split('/')[-1] #/sys/devices device_sys_path = block_device + '/device' if not os.path.exists(device_sys_path): continue device_real_path = os.path.realpath(device_sys_path) #usb device if block_usb_regex.search(device_real_path): #authorized authorized = search_file_reversely(device_real_path, 'authorized', REVERSE_LOOKUP_LIMIT) if not authorized: cls._logger.error('{} not found authorized'.block_device) return with open(authorized, 'w') as f: f.write('0') cls._logger.info( 'SYNC state={} authorized=0'.format(state)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_USB_NETWORK, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) cls._logger.debug( '***** USB NETWORK disallow {}'.format(block_device))
def do_task(param, data_center): """ do task """ logger = GracLog.get_logger() try: mode = param[0] if mode == JSON_RULE_DISALLOW: devpath = param[1] #################### WHITE LIST #################### usb_port_blacklist = \ data_center.get_usb_network_port_blacklist() logger.debug( '(UNW MOD) usb_port_blacklist={}'.format(usb_port_blacklist)) if not usb_port_blacklist: logger.info('(UNW MOD) blacklist is empty') return block_usb_regex = re.compile(usb_port_blacklist) if not block_usb_regex.search(devpath): logger.info('(UNW MOD) path={} not in blacklist={}'.format( devpath, usb_port_blacklist)) return ################################################### authorized_path = search_file_reversely('/sys/' + devpath, 'authorized', REVERSE_LOOKUP_LIMIT) with open(authorized_path, 'w') as f: f.write('0') logger.info('mode has changed to {}'.format(mode)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_USB_NETWORK, mode) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) logger.debug('***** USB NETWORK MODULE disallow {}'.format( param[1])) except: e = grac_format_exc() GracLog.get_logger().error(e) logger.error(e) return GRAC_OK
def sync_bluetooth(cls, state, data_center): """ synchronize bluetooth """ mac_regex = re.compile(r'([0-9A-F]{2}[:-]){5}([0-9A-F]{2})') if not bluetooth_exists(): cls._logger.error('bluetooth controller not found') return for controller in glob.glob('/var/lib/bluetooth/*'): for mac in glob.glob(controller + '/*'): mac = mac.split('/')[-1].upper() if not mac_regex.match(mac): continue for wl in data_center.get_bluetooth_whitelist(): if wl.upper() == mac: break else: if not GracSynchronizer.bluetooth_dev_is_connected(mac): continue p1 = subprocess.Popen( ['echo', '-e', 'disconnect {}\nquit'.format(mac)], stdout=subprocess.PIPE) p2 = subprocess.Popen(['bluetoothctl'], stdin=p1.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE) p1.stdout.close() cls._logger.info( 'disconnecting controller-mac={} device-mac={}'.format( controller, mac)) cls._logger.info(p2.communicate()[0].decode('utf8')) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_BLUETOOTH, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) write_event_log( SOMANSA, datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'), JSON_RULE_BLUETOOTH, SOMANSA_STATE_DISALLOW, 'null', 'null', 'null', 'null') cls._logger.info('SYNC state={}'.format(state))
def sync_cd_dvd(cls, state, data_center): """ synchronize cd_dvd """ block_base_path = '/sys/class/block/*' block_node_regex = re.compile('^sr[0-9]+$') block_usb_regex = re.compile('/usb[0-9]*/') #block devices for block_device in glob.glob(block_base_path): device_node = block_device.split('/')[-1] if not block_node_regex.match(device_node): continue #/sys/devices device_sys_path = block_device + '/device' if not os.path.exists(device_sys_path): continue device_real_path = os.path.realpath(device_sys_path) #usb device if block_usb_regex.search(device_real_path): authorized = search_file_reversely(device_real_path, 'authorized', REVERSE_LOOKUP_LIMIT) if not authorized: cls._logger.error( '{} not found authorized'.format(device_node)) continue with open(authorized, 'w') as f: f.write('0') cls._logger.info( 'SYNC state={} authorized=0'.format(state)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_CD_DVD, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) write_event_log( SOMANSA, datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'), JSON_RULE_CD_DVD, SOMANSA_STATE_DISALLOW, 'null', 'null', 'null', 'null') cls._logger.debug( '***** DVD disallow {}'.format(block_device))
def do_task(param, data_center): """ do task """ logger = GracLog.get_logger() try: mode = param[0] remove_path = search_file_reversely('/sys/' + param[1], 'remove', REVERSE_LOOKUP_LIMIT) #v2.0 if not os.path.exists(remove_path): logger.error('(wireless) REMOVE NOT FOUND') return with open(remove_path, 'w') as f: f.write('1') if os.path.exists(remove_path): remove_second = '/'.join(remove_path.split('/')[:-2]) + '/remove' if not os.path.exists(remove_second): logger.error('(wireless) FAIL TO REMOVE 1') return else: with open(remove_second, 'w') as sf: sf.write('1') if os.path.exists(remove_path): logger.error('(wireless) FAIL TO REMOVE 2') return with open(META_FILE_PCI_RESCAN, 'a') as f2: f2.write('wireless=>{}'.format(remove_path)) logger.info('mode has changed to {}'.format(mode)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_WIRELESS, mode) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) write_event_log(SOMANSA, datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'), JSON_RULE_WIRELESS, SOMANSA_STATE_DISALLOW, 'null', 'null', 'null', 'null') except: e = grac_format_exc() logger.error(e) return GRAC_OK
def sync_microphone(cls, state, data_center): """ synchronize microphone """ if state == JSON_RULE_ALLOW: if data_center.mic_prev_state == JSON_RULE_DISALLOW: data_center.sound_mic_inotify.pactl_mic(state, notimsg=False) else: data_center.sound_mic_inotify.pactl_mic(state, notimsg=False) if data_center.mic_prev_state in (None, JSON_RULE_ALLOW): logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_MICROPHONE, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) #, flag=RED_ALERT_ALERTONLY) data_center.mic_prev_state = state
def clipboard_handler(self, *args): """ clipboard handler """ try: #CHECK EXTENSION(screencapture/clipboard) if os.path.exists(EXTENSION_FULLPATH): return data_center = args[2] clipboard_rule = data_center.get_media_state(JSON_RULE_CLIPBOARD) if clipboard_rule == JSON_RULE_ALLOW: return clip = args[0] if clip.wait_is_text_available() and clip.wait_for_text(): Gtk.Clipboard.set_text(clip, "", 0) Gtk.Clipboard.clear(clip) GracLog.get_logger().info('clipboard text blocked') logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_CLIPBOARD, clipboard_rule) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) #, flag=RED_ALERT_ALERTONLY) elif clip.wait_is_image_available() and clip.wait_for_image(): new_pb = gi.repository.GdkPixbuf.Pixbuf() Gtk.Clipboard.set_image(clip, new_pb) Gtk.Clipboard.clear(clip) GracLog.get_logger().info('clipboard image blocked') logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_CLIPBOARD, clipboard_rule) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) #, flag=RED_ALERT_ALERTONLY) elif clip.wait_is_rich_text_available(Gtk.TextBuffer()) \ and clip.wait_for_rich_text(): Gtk.Clipboard.clear(clip) GracLog.get_logger().info('clipboard rich blocked') elif clip.wait_is_uris_available() and clip.wait_for_uris(): Gtk.Clipboard.clear(clip) GracLog.get_logger().info('clipboard uris blocked') except: GracLog.get_logger().error(grac_format_exc())
def remount_thread(devnode, mode, data_center): """ remount """ logger = GracLog.get_logger() for i in range(600): #1 mins partis = psutil.disk_partitions() for parti in partis: if parti.device == devnode: remount_readonly(parti.device, parti.mountpoint) logger.info('{} mode has changed'.format(devnode)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_USB_MEMORY, mode) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) return time.sleep(0.1) logger.error('{} fail to change mode'.format(devnode))
def sync_printer(cls, state, data_center): """ synchronize printer """ dn = search_dir('/sys/devices', '^lp[0-9]+$') if not dn: return fn = search_file_reversely(dn, 'authorized', REVERSE_LOOKUP_LIMIT) if not fn: return with open(fn, 'w') as f: f.write('0') cls._logger.info('SYNC state={} authorized=0'.format(state)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_PRINTER, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) cls._logger.debug('***** PRINTER disallow {}'.format(dn))
def load_json_rules(self): """ load user|default rules file """ default_json_rules_path = self.conf.get( 'MAIN', 'GRAC_DEFAULT_JSON_RULES_PATH') user_json_rules_path = self.conf.get('MAIN', 'GRAC_USER_JSON_RULES_PATH') json_rules_path = None if os.path.exists(user_json_rules_path): json_rules_path = user_json_rules_path try: verify_rule(json_rules_path) m = 'The signature verification of the policy file was successful' self.logger.info('{}: {}'.format(json_rules_path, m)) red_alert2(m, '', JLEVEL_DEFAULT_SHOW, GRMCODE_SIGNATURE_SUCCESS, self, flag=RED_ALERT_JOURNALONLY) except: json_rules_path = default_json_rules_path self.logger.error(grac_format_exc()) m = 'The signature verification of the policy file failed' self.logger.info('{}: {}: opening default'.format( json_rules_path, m)) red_alert2(m, '서명 검증 실패', JLEVEL_DEFAULT_NOTI, GRMCODE_SIGNATURE_FAIL, self) else: json_rules_path = default_json_rules_path with open(json_rules_path) as f: json_rules = json.loads(f.read().strip('\n')) return json_rules
def delete_printers(self): """ 사용하고 있는 프린터를 삭제 """ try: printers = self._conn.getPrinters() if len(printers) <= 0: return except: self.logger.error(grac_format_exc()) return for printer_name in printers: try: self._conn.deletePrinter(printer_name) self.logger.debug('delete printer({})'.format(printer_name)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_PRINTER, JSON_RULE_DISALLOW) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, self.data_center) except: self.logger.error(grac_format_exc())
def sync_screen_capture(cls, state, data_center): """ synchronize screen_capture """ #CHECK EXTENSION(screencapture/clipboard) if os.path.exists(EXTENSION_FULLPATH): return user_id, _ = catch_user_id() if user_id == '-': cls._logger.debug('screen_capture can not be blocked '\ 'because of no user loggined') return if user_id[0] == '+': user_id = user_id[1:] for sn in ('/usr/bin/xfce4-screenshooter', '/usr/bin/gnome-screenshot'): if not os.path.exists(sn): continue if state == JSON_RULE_DISALLOW: p0 = subprocess.Popen( ['/usr/bin/setfacl', '-m', 'u:{}:r'.format(user_id), sn], stdout=subprocess.PIPE, stderr=subprocess.PIPE) pp_out, pp_err = p0.communicate() logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_SCREEN_CAPTURE, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) #, flag=RED_ALERT_ALERTONLY) else: p0 = subprocess.Popen( ['/usr/bin/setfacl', '-m', 'u:{}:rx'.format(user_id), sn], stdout=subprocess.PIPE, stderr=subprocess.PIPE) pp_out, pp_err = p0.communicate()
def do_task(param, data_center): """ do task """ logger = GracLog.get_logger() try: mode = param[0] authorized_path = search_file_reversely('/sys/' + param[1], 'authorized', REVERSE_LOOKUP_LIMIT) with open(authorized_path, 'w') as f: f.write('0') logger.info('mode has changed to {}'.format(mode)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_PRINTER, mode) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) logger.debug('***** PRINTER MODULE disallow {}'.format(param[1])) except: e = grac_format_exc() logger.error(e) return GRAC_OK
def do_task(param, data_center): """ do task """ logger = GracLog.get_logger() if not bluetooth_exists(): logger.error('bluetooth controller not found') return GRAC_OK try: mode = param[0] unique = param[1].strip() if param[1] else param[1] name = param[2].strip() if param[2] else param[2] mac = '' if unique: mac = unique elif name: name = name.upper() delim_cnt = 0 num_cnt = 0 for n in name: if n == '.' or n == ':': delim_cnt += 1 continue if ord(n) >= ord('0') and ord(n) <= ord('9'): num_cnt += 1 continue if ord(n) >= ord('A') and ord(n) <= ord('F'): num_cnt += 1 continue break else: if (delim_cnt == 0 or delim_cnt == 5) and num_cnt == 12: mac = name if not mac: raise Exception('!! bluetooth mac not found') mac = mac.replace('.', ':').strip('\n').upper() for m in data_center.get_bluetooth_whitelist(): if m.upper() == mac: logger.info('mac({}) is in whitelist'.format(mac)) return GRAC_OK p1 = subprocess.Popen( ['echo', '-e', 'disconnect {}\nquit'.format(mac)], stdout=subprocess.PIPE) p2 = subprocess.Popen(['bluetoothctl'], stdin=p1.stdout, stdout=subprocess.PIPE, stderr=subprocess.PIPE) p1.stdout.close() logger.info(p2.communicate()[0].decode('utf8')) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_BLUETOOTH, mode) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) write_event_log(SOMANSA, datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'), JSON_RULE_BLUETOOTH, SOMANSA_STATE_DISALLOW, 'null', 'null', 'null', 'null') except: e = grac_format_exc() logger.error(e) return GRAC_OK
def do_task(param, data_center): """ do task """ logger = GracLog.get_logger() try: mode = param[0] serial = param[2].strip() if param[2] else '' #whitelist if serial: #param[2]: #serial = param[2].strip('\n') for s in data_center.get_usb_memory_whitelist(): if s == serial: logger.info('serial({}) is in whitelist'.format(serial)) #usb whitelist register signal signal_msg = ['except', '103', 'already in whitelist'] data_center.GRAC.media_usb_info(','.join(signal_msg)) return GRAC_OK #usb whitelist register signal product = param[3].strip() if param[3] else '' vendor = param[4].strip() if param[4] else '' model = param[5].strip() if param[5] else '' user_id, _ = catch_user_id() if not user_id or user_id[0] == '-': signal_msg = ['except', '101', 'not login'] if user_id[0] == '+': signal_msg = ['except', '102', 'local user not supported'] else: signal_msg = [ 'normal', user_id, serial, '', product, '', vendor, model ] data_center.GRAC.media_usb_info(','.join(signal_msg)) else: signal_msg = ['except', '104', 'serial not found'] data_center.GRAC.media_usb_info(','.join(signal_msg)) if mode == JSON_RULE_DISALLOW: devpath = param[1] authorized_path = search_file_reversely('/sys/' + devpath, 'authorized', REVERSE_LOOKUP_LIMIT) with open(authorized_path, 'w') as f: f.write('0') logger.info('mode has changed to {}'.format(mode)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_USB_MEMORY, mode) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) write_event_log( SOMANSA, datetime.datetime.now().strftime('%Y%m%d %H:%M:%S'), JSON_RULE_USB_MEMORY, SOMANSA_STATE_DISALLOW, 'null', 'null', 'null', 'null') logger.debug('***** USB MODULE disallow {}'.format(param[1])) elif mode == JSON_RULE_READONLY: devnode = '/dev/' + param[1] thr = threading.Thread(target=remount_thread, args=(devnode, mode, data_center)) thr.daemon = True thr.start() logger.info('{} mode is changing to {}'.format(devnode, mode)) logger.debug('***** USB MODULE read_only {}'.format(param[1])) except: e = grac_format_exc() GracLog.get_logger().error(e) logger.error(e) return GRAC_OK
def sync_usb_memory_readonly(cls, state, data_center): """ synchronize usb-memory readonly """ block_base_path = '/sys/class/block/*' block_node_regex = re.compile('^[a-zA-Z]+$') block_usb_regex = re.compile('/usb[0-9]*/') #block devices for block_device in glob.glob(block_base_path): device_node = block_device.split('/')[-1] if not block_node_regex.match(device_node): continue #/sys/devices device_sys_path = block_device + '/device' if not os.path.exists(device_sys_path): continue device_real_path = os.path.realpath(device_sys_path) #usb device if block_usb_regex.search(device_real_path): #whitelist serial_path = search_file_reversely(device_real_path, 'serial', REVERSE_LOOKUP_LIMIT) if serial_path: with open(serial_path) as f: serial = f.read().strip('\n') for s in data_center.get_usb_memory_whitelist(): if s == serial: cls._logger.info( 'SYNC serial({}) is in whitelist'.format( serial)) return skeep_uuid = False for usb_label_path in ('/dev/disk/by-label/*', '/dev/disk/by-uuid/*'): for usb_label in glob.glob(usb_label_path): if usb_label.lower().endswith('efi'): continue usb_label_realpath = os.path.realpath(usb_label) usb_label_node = re.split( '[0-9]+', usb_label_realpath.split('/')[-1])[0] if usb_label_node == device_node: mount_point = '/media/gooroom/' + usb_label.split( '/')[-1] umount_mount_readonly(usb_label_realpath, mount_point) cls._logger.info('SYNC state={} {} remounted '\ 'as readonly'.format(state, usb_label_realpath)) cls._logger.debug( '***** USB read_only {} {}'.format( usb_label_realpath, mount_point)) logmsg, notimsg, grmcode = \ make_media_msg(JSON_RULE_USB_MEMORY, state) red_alert2(logmsg, notimsg, JLEVEL_DEFAULT_NOTI, grmcode, data_center) write_event_log( SOMANSA, datetime.datetime.now().strftime( '%Y%m%d %H:%M:%S'), JSON_RULE_USB_MEMORY, SOMANSA_STATE_READONLY, 'null', 'null', 'null', 'null') skeep_uuid = True break if skeep_uuid: break