def background_code(args): log = get_logger('shell') pipe_id = args.pipe_id log.info('Initiating shell with pipe ID {}', pipe_id) try: set_gpg('client') with PenguinDomeServerPeer('client', pipe_id) as remote, \ PexpectPeer('/bin/bash') as shell: broker = InteractionBroker(shell, remote) broker.interact() except Exception: log.exception() sys.exit(1)
signatures_dir, set_gpg, ) from penguindome.client import get_logger, encrypt_document import penguindome.json as json os.chdir(top_dir) set_gpg('client') # Some commands the plugins use are in /sbin or /usr/sbin on some # distributions, and it isn't always in the search path used by cron scripts. for d in ('/sbin', '/usr/sbin'): if d not in os.environ['PATH'].split(':'): os.environ['PATH'] += ':' + d log = get_logger('collect') def run_file(run_path, run_name, results, parse_output=True, delete_after_success=False, submit_failures=False): log.debug('Running {}', run_path) with NamedTemporaryFile('w+') as stderr_file: try: run_output = subprocess.check_output( run_path, stderr=stderr_file.fileno()).decode('utf8') except subprocess.CalledProcessError as e: log.exception('Failed to execute {}', run_path)
# "installed_packages" -- List of installed packages # # Any of the booleans can also return the string "unknown". import json import os from psutil import Process import subprocess from signal import SIGHUP from tempfile import TemporaryFile import time from penguindome.client import get_logger from penguindome.plugin_tools import process_dict_iter log = get_logger('plugins/os_updates') def arch_checker(): def ancestors(p, attrs=None): if attrs: attrs = list(attrs) if 'ppid' not in attrs: attrs.append('ppid') else: attrs = ['ppid'] ancestors = [] try: while p['ppid']: p = Process(p['ppid']).as_dict(attrs=attrs)
# # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations under # the License. import json import subprocess from penguindome.client import get_logger results = {} log = get_logger('plugins/hd_encryption') def is_encrypted(device): try: subprocess.check_output(['cryptsetup', 'status', device]) return True except: pass try: # I hope it's a logical volume! vg = subprocess.check_output( ('lvs', '--noheadings', '-o', 'vg_name', device), close_fds=True).decode('utf8').strip() except: log.info('Cryptsetup and lvs on {} failed, assuming not encrypted',
import datetime from fasteners.process_lock import InterProcessLock import glob import os import subprocess import sys import time from penguindome import ( top_dir, var_dir, collected_dir, ) from penguindome.client import get_setting, get_logger log = get_logger('client-cron') def bin_path(cmd): return os.path.join(top_dir, 'bin', cmd) def check_stamp(path, interval): try: modified = os.stat(path).st_mtime except: return True # This is called once per minute, so we're going to round up. return time.time() - modified > (interval - 1) * 60
# # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations under # the License. import glob import os from requests.exceptions import HTTPError, ReadTimeout import sys from penguindome import top_dir, collected_dir, set_gpg from penguindome.client import get_logger, server_request log = get_logger('submit') os.chdir(top_dir) set_gpg('client') for collected in sorted(glob.glob(os.path.join(collected_dir, '*[0-9]'))): # This nested try/except is that we don't have to duplicate the code twice, # one for unrecognized HTTPError exceptiosns and again for ReadTimeout. try: try: server_request('/penguindome/v1/submit', data_path=collected, exit_on_connection_error=True, logger=log) except HTTPError as e: if e.response.status_code == 400: log.error('Server returned status code 400. ' 'Renaming {} to {}.bad.', collected, collected) os.rename(collected, collected + '.bad')
import shutil import socket import subprocess import sys from tempfile import mkdtemp from penguindome import ( top_dir, set_gpg, release_file, var_dir, signatures_dir, ) from penguindome.client import get_logger, gpg_command, server_request log = get_logger('update') os.chdir(top_dir) set_gpg('client') def do_release(data): log.info('Updating to {}', data['current_release']) unpack_dir = mkdtemp(dir=var_dir) try: update_tar = os.path.join(unpack_dir, 'release.tar') update_signed = update_tar + '.asc' open(update_signed, 'w').write(data['update']) gpg_command('--verify', update_signed) gpg_command(update_signed) subprocess.check_output(('tar', '--file', update_tar,
# the License. import re import subprocess from tempfile import TemporaryFile from penguindome import cached_data from penguindome.client import get_logger import penguindome.json as json from penguindome.plugin_tools import find_x_users, DBusUser, process_dict_iter valid_lockers = ('slock', 'i3lock') valid_lockers_re = re.compile(r'^(?:' + '|'.join(re.escape(l) for l in valid_lockers) + r')(?:\s|$)') log = get_logger('plugins/screenlock') def gnome_xscreensaver_status(user, display): try: dbus_user = DBusUser(user, display) except KeyError: return None with TemporaryFile('w+') as stderr_file: try: dbus_output = dbus_user.command( 'echo $DBUS_SESSION_BUS_ADDRESS; ' 'dbus-send --session --dest=org.freedesktop.DBus ' '--type=method_call --print-reply /org/freedesktop/Dbus org.' 'freedesktop.DBus.ListNames',