import ops.data
import dsz.cmd, dsz.ui, dsz.version.checks.windows
import sqlite3
import os
import re
import datetime
from xml.dom.minidom import parseString
from ops.pprint import pprint
from util.DSZPyLogger import getLogger
from ops.psp import comattribs
kasperskylog = getLogger('Kaspersky')
EMPTY_SIZE = 7168
MAX_SIZE = 1000000
def runCmd(cmd):
dsz.control.echo.Off()
(suc, cmdid) = dsz.cmd.RunEx(cmd.encode('utf-8'), dsz.RUN_FLAG_RECORD)
dsz.control.echo.On()
return (suc, cmdid)
def checksettings(psp):
try:
psp[comattribs.installdate] = ('%s' % datetime.datetime.fromtimestamp(
float(psp[comattribs.installdate])))
except TypeError:
mcafeelog.error('Could not get install date: conversion error',
exc_info=True)
mcafeelog.debug('tstamp data: {0}'.format(psp[comattribs.installdate]))
import dsz.ui, os.path, dsz.file, dsz.lp.gui.terminal
from ops.psp import comattribs, RegistryError
import binascii
from util.DSZPyLogger import getLogger
from ops.pprint import pprint
import ops
mcafeelog = getLogger('mcafee')
def runCmd(cmd, show=False):
if show:
dsz.control.echo.On()
else:
dsz.control.echo.Off()
(suc, cmdid) = dsz.cmd.RunEx(ops.utf8(cmd), dsz.RUN_FLAG_RECORD)
if show:
dsz.control.echo.Off()
else:
dsz.control.echo.On()
return (suc, cmdid)
def checksettings(psp):
(suc, cmdid) = runCmd('environment -var DEFLOGDIR -get')
deflogdir = '%DEFLOGDIR%'
if suc:
deflogdir = dsz.cmd.data.Get('environment::value::value', dsz.TYPE_STRING, cmdid)[0]
if psp[comattribs.logfile]:
psp[comattribs.logfile] = psp[comattribs.logfile].replace('%DEFLOGDIR%', deflogdir)
if psp['BOLogFile']:
psp['BOLogFile'] = psp['BOLogFile'].replace('%DEFLOGDIR%', deflogdir)
customRules = False
import sys
import ops.cmd
import ops.env
import ops.db
import ops
from util.DSZPyLogger import getLogger
logger = getLogger('SAFETY')
unhookables = ['dir', 'registryquery', 'registryadd', 'get', 'put', 'run', 'dll_u', 'injectdll', 'cd', 'copy', 'move', 'delete']
warnhookables = ['eventlogedit']
def ensureTable(dbHandle=None):
if (dbHandle is None):
dbHandle = ops.db.Database(db=ops.db.TARGET_DB, isolation_level=None)
curs = dbHandle.connection.cursor()
else:
curs = dbHandle.connection.cursor()
try:
curs.execute('CREATE TABLE safetyhandlers (plugin, handlerfunc)')
except:
pass
return curs
def cmdenv(plugin):
return ops.env.get(('OPS_SAFE_%s' % plugin))
def getSafetyHandlerNames(plugin):
retval = []
if (cmdenv(plugin) is not None):
handlerstr = cmdenv(plugin)
handlernames = handlerstr.split(',')
import ops.data
import dsz.cmd, dsz.ui, dsz.version.checks.windows
import sqlite3
import os
import re
import datetime
from xml.dom.minidom import parseString
from ops.pprint import pprint
from util.DSZPyLogger import getLogger
from ops.psp import comattribs
mcafeelog = getLogger('mcafee')
EMPTY_SIZE = 7168
MAX_SIZE = 1000000
def runCmd(cmd):
dsz.control.echo.Off()
(suc, cmdid) = dsz.cmd.RunEx(cmd.encode('utf-8'), dsz.RUN_FLAG_RECORD)
dsz.control.echo.On()
return (suc, cmdid)
def checksettings(psp):
try:
psp[comattribs.installdate] = ('%s' % datetime.datetime.fromtimestamp(float(psp[comattribs.installdate])))
except TypeError:
mcafeelog.error('Could not get install date: conversion error', exc_info=True)
mcafeelog.debug('tstamp data: {0}'.format(psp[comattribs.installdate]))
header = ['Setting', 'State', 'Notes']
data = []
echocodes = []
import dsz.cmd
import re
import time
import getutils
import datastore
from util.DSZPyLogger import getLogger
import os.path
tedilog = getLogger('TERRITORIALDISPUTE')
def path_normalize(path):
try:
path = re.sub('%(.+)%', (lambda m:
('%{0}%'.format(m.group(1)) if
(m.group(1) not in datastore.ENV_VARS) else
datastore.ENV_VARS[m.group(1)])), path)
except:
tedilog.error(
'There was an error trying to parse the path for environment variables.',
exc_info=True)
return path
def file_exists(path, name):
path = path_normalize(path)
cmd = (u'fileattributes -file "%s\\%s"' % (path, name))
(cmdStatus, cmdId) = dsz.cmd.RunEx(cmd.encode('utf8'), dsz.RUN_FLAG_RECORD)
if cmdStatus:
[attrib_value] = dsz.cmd.data.Get('file::attributes::value',
dsz.TYPE_INT, cmdId)
if (attrib_value > 0):
import dsz.ui
import dsz.version.checks
import dsz.cmd
import ops, ops.db, ops.data
import ops.processes.processlist
import ops.system.registry
import datetime
import os, re
from util.DSZPyLogger import getLogger, WARNING, DEBUG
psplog = getLogger('PSPHelpers')
psplog.setFileLogLevel(WARNING)
pyScriptsDir = os.path.realpath(os.path.join(ops.OPSDIR, 'PyScripts'))
TABLE_MAX_LENGTH = 80
WOW64REGQUERIES = []
regquerycmdids = {}
def GetRegistryQuery(hive, subkey, forcerequery=False):
wow32 = False
try:
sksplit = subkey.lower().split('\\', 2)
if ((sksplit[0] == 'software') and (sksplit[1] in WOW64REGQUERIES)):
wow32 = True
except:
psplog.debug('Unexpected error trying to convert regquery to Wow64 reg query.', exc_info=True)
dictkey = 'PSP_REG_{2}_{0}\\{1}'.format(hive, subkey, wow32)
if forcerequery:
maxage = datetime.timedelta(seconds=0)
else:
maxage = datetime.timedelta(minutes=5)
result = None
import xml.etree
import os.path
import ops
from util.DSZPyLogger import getLogger, WARNING
from ops.psp.actions import PSPManager, RegQueryAction, DirListAction, DoNotAction, ScriptAction, SafetyCheckAction
from ops.ActionFramework import XMLConditionalActionDataSource, ActionManager, XMLAttributeActionDataSource
import dsz.ui
psplog = getLogger('genericPSP')
psplog.setFileLogLevel(WARNING)
xmltoattributemap = {'regkey': RegQueryAction, 'directory': DirListAction}
xmltoactionmap = {
'donot': DoNotAction,
'script': ScriptAction,
'safetycheck': SafetyCheckAction
}
def findConfig(vendor):
return os.path.join(ops.DATA, 'pspFPs', '{0}-fp.xml'.format(vendor))
def findActions(vendor):
return os.path.join(ops.DATA, 'pspFPs', '{0}-actions.xml'.format(vendor))
def main(vendor):
psps = []
fpfile = findConfig(vendor)
if (not os.path.exists(fpfile)):
return None
with open(fpfile, 'r') as fd:
import sys
import ops.cmd
import ops.env
import ops.db
import ops
from util.DSZPyLogger import getLogger
logger = getLogger('SAFETY')
unhookables = [
'dir', 'registryquery', 'registryadd', 'get', 'put', 'run', 'dll_u',
'injectdll', 'cd', 'copy', 'move', 'delete'
]
warnhookables = ['eventlogedit']
def ensureTable(dbHandle=None):
if (dbHandle is None):
dbHandle = ops.db.Database(db=ops.db.TARGET_DB, isolation_level=None)
curs = dbHandle.connection.cursor()
else:
curs = dbHandle.connection.cursor()
try:
curs.execute('CREATE TABLE safetyhandlers (plugin, handlerfunc)')
except:
pass
return curs
def cmdenv(plugin):
return ops.env.get(('OPS_SAFE_%s' % plugin))
import ops.data
import dsz.cmd, dsz.ui, dsz.version.checks.windows
import sqlite3
import os
import re
import datetime
from xml.dom.minidom import parseString
from ops.pprint import pprint
from util.DSZPyLogger import getLogger
from ops.psp import comattribs
kasperskylog = getLogger('Kaspersky')
EMPTY_SIZE = 7168
MAX_SIZE = 1000000
def runCmd(cmd):
dsz.control.echo.Off()
(suc, cmdid) = dsz.cmd.RunEx(cmd.encode('utf-8'), dsz.RUN_FLAG_RECORD)
dsz.control.echo.On()
return (suc, cmdid)
def checksettings(psp):
try:
psp[comattribs.installdate] = ('%s' % datetime.datetime.fromtimestamp(float(psp[comattribs.installdate])))
except TypeError:
mcafeelog.error('Could not get install date: conversion error', exc_info=True)
mcafeelog.debug('tstamp data: {0}'.format(psp[comattribs.installdate]))
header = ['Setting', 'State', 'Notes']
data = []
echocodes = []