def add_rsyslog_chain(context=None):
'''
Rsyslog IPtables rules
Rsyslog Server
Servers in network -> IN -> tcp -> 514 -> Rsyslog Server
Rsyslog Client
Rsyslog Server <- OUT <- tcp <- 514 <- Rsyslog Client
'''
del_rsyslog_chain()
import installRsyslog
import installRsyslogd
server_version_obj = version.Version("InstallRsyslogd",
installRsyslogd.SCRIPT_VERSION)
client_version_obj = version.Version("InstallRsyslogdClient",
installRsyslog.SCRIPT_VERSION)
if server_version_obj.is_executed() or client_version_obj.is_executed(
) or context in ["server", "client"]:
app.print_verbose("Add iptables chain for rsyslog")
iptables("-N rsyslog_in")
iptables("-N rsyslog_out")
iptables("-A syco_input -p all -j rsyslog_in")
iptables("-A syco_output -p all -j rsyslog_out")
# On rsyslog server
if server_version_obj.is_executed() or context is "server":
back_subnet = config.general.get_back_subnet()
front_subnet = config.general.get_front_subnet()
iptables(
" -A rsyslog_in -m state --state NEW -p tcp -s %s --dport 514 -j allowed_tcp"
% back_subnet)
iptables(
" -A rsyslog_in -m state --state NEW -p tcp -s %s --dport 514 -j allowed_tcp"
% front_subnet)
iptables(
" -A rsyslog_in -m state --state NEW -p udp -s %s --dport 514 -j allowed_udp"
% back_subnet)
iptables(
" -A rsyslog_in -m state --state NEW -p udp -s %s --dport 514 -j allowed_udp"
% front_subnet)
# On rsyslog client
elif client_version_obj.is_executed() or context is "client":
iptables(
"-A rsyslog_out -m state --state NEW -p tcp -d %s --dport 514 -j allowed_tcp"
% config.general.get_log_server_hostname1())
iptables(
"-A rsyslog_out -m state --state NEW -p tcp -d %s --dport 514 -j allowed_tcp"
% config.general.get_log_server_hostname2())
def test_version__app_upgrade():
version_obj = version.Version("unittest-version", 1, '1.12.34b')
version_obj.mark_executed()
version_obj = version.Version("unittest-version", 1, '1.12.35b')
version_obj.check_executed()
version_obj.mark_executed()
with pytest.raises(version.VersionException):
version_obj.check_executed()
version_obj.mark_uninstalled()
version_obj.check_executed()
def test_version__script_upgrade():
version_obj = version.Version("unittest-version", 1)
version_obj.mark_executed()
version_obj = version.Version("unittest-version", 2)
version_obj.check_executed()
version_obj.mark_executed()
with pytest.raises(version.VersionException):
version_obj.check_executed()
version_obj.mark_uninstalled()
version_obj.check_executed()
def install_sssd(args):
"""
Install ldap client on current host and connect to networks ldap server.
"""
app.print_verbose("Install sssd script-version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallSssd", SCRIPT_VERSION)
version_obj.check_executed()
# Get all passwords from installation user at the start of the script.
app.get_ldap_sssd_password()
install_packages()
installOpenLdap.setup_hosts()
iptables.add_ldap_chain()
iptables.save()
ip = config.general.get_ldap_server_ip()
general.wait_for_server_to_start(ip, "636")
install_certs()
# For some reason it needs to be executed twice.
authconfig()
authconfig()
installOpenLdap.configure_client_cert_for_ldaptools()
augeas = Augeas(x)
create_sss_folders()
configure_sssd(augeas)
configure_sudo(augeas)
version_obj.mark_executed()
def uninstall_redis(args):
"""
Remove Redis from the server
"""
app.print_verbose("Uninstall Redis")
os.chdir("/")
_chkconfig("redis", "off")
_service("redis", "stop")
_chkconfig("keepalived", "on")
_service("keepalived", "restart")
x("yum -y remove redis keepalived")
x("rm -rf {0}redis.conf".format(REDIS_CONF_DIR))
x("rm -rf {0}redis.conf.rpmsave".format(REDIS_CONF_DIR))
x("rm -rf {0}*".format(KEEPALIVED_CONF_DIR))
iptables.iptables(
"-D syco_input -p tcp -m multiport --dports 6379 -j allowed_tcp")
iptables.iptables(
"-D syco_output -p tcp -m multiport --dports 6379 -j allowed_tcp")
iptables.iptables("-D multicast_packets -d 224.0.0.0/8 -j ACCEPT")
iptables.iptables("-D multicast_packets -s 224.0.0.0/8 -j ACCEPT")
iptables.iptables("-D syco_input -p 112 -i eth1 -j ACCEPT")
iptables.iptables("-D syco_output -p 112 -o eth1 -j ACCEPT")
iptables.iptables("-A multicast_packets -s 224.0.0.0/4 -j DROP")
iptables.iptables("-A multicast_packets -d 224.0.0.0/4 -j DROP")
iptables.save()
version_obj = version.Version("InstallRedis", script_version)
version_obj.mark_uninstalled()
def install_mail_server(args):
app.print_verbose("Install mail-relay-server version: %d" % SCRIPT_VERSION)
version_obj = version.Version("Install-mail-relay-server", SCRIPT_VERSION)
version_obj.check_executed()
general.shell_exec("yum -y install sendmail")
# Tell iptables that this server is configured as a mail-relay server.
general.shell_exec("touch /etc/mail/syco_mail_relay_server")
iptables.add_mail_relay_chain()
iptables.save()
hardening.network.configure_resolv_conf()
hardening.network.configure_localhost()
hardening.network.restart_network()
app.print_verbose("Configure /etc/mail/*")
# Allow all servers on localdomain to relay through this server.
set_config_property2("/etc/mail/access",
"Connect:10.100 RELAY")
x("/usr/sbin/makemap hash access < access")
# Remove the loopback address restriction to accept email from the internet or intranet.
set_config_property(
"/etc/mail/sendmail.mc",
r".*DAEMON_OPTIONS\(\`Port\=smtp\,Addr\=127\.0\.0\.1\, Name\=MTA\'\)dnl",
r"dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl")
_rebuild_sendmail_config()
_test_mail()
version_obj.mark_executed()
def install_haproxy(args):
app.print_verbose("Install HA Proxy version: %d" % script_version)
version_obj = version.Version("InstallHaproxy", script_version)
version_obj.check_executed()
global CERT_SERVER, CERT_SERVER_PATH, CERT_COPY_TO_PATH, SYCO_PLUGIN_PATH
CERT_SERVER = config.general.get_cert_server_ip()
CERT_SERVER_PATH = config.general.get_option('haproxy.remote_cert_path')
CERT_COPY_TO_PATH = config.general.get_option('haproxy.local_cert_path')
SYCO_PLUGIN_PATH = app.get_syco_plugin_paths("/var/haproxy/").next()
# Validate all command line parameters.
if len(sys.argv) != 4:
print_killmessage()
haproxy_env()
haproxy_state()
x("yum install -y tcl haproxy")
iptables.add_haproxy_chain()
iptables.save()
_copy_certificate_files()
_configure_haproxy()
version_obj.mark_executed()
def install_nrpe(args):
"""Install a hardened NRPE server, plugins and commands."""
app.print_verbose("Installing nrpe")
version_obj = version.Version("installNrpe", SCRIPT_VERSION)
version_obj.check_executed()
_install_nrpe(args)
version_obj.mark_executed()
def install_docker(args):
"""Install and configure docker on the local host."""
app.print_verbose("Install docker version: %d" % SCRIPT_VERSION)
version_obj = version.Version("Installdocker", SCRIPT_VERSION)
version_obj.check_executed()
proxy_host = config.general.get_proxy_host()
proxy_port = config.general.get_proxy_port()
x('cp %s/docker/docker.repo /etc/yum.repos.d/docker.repo' % app.SYCO_VAR_PATH)
general.install_packages("docker-engine")
x('cp %s/docker/docker /etc/sysconfig/docker' % app.SYCO_VAR_PATH)
# http://stackoverflow.com/questions/23111631/cannot-download-docker-images-behind-a-proxy
docker_conf = scOpen(filename='/etc/sysconfig/docker')
if proxy_host and proxy_port:
docker_conf.replace('%HTTP_PROXY%', 'export HTTP_PROXY="http://%s:%s"' % (proxy_host, proxy_port))
docker_conf.replace('%HTTPS_PROXY%', 'export HTTPS_PROXY="https://%s:%s"' % (proxy_host, proxy_port))
else:
docker_conf.replace('%HTTP_PROXY%', '')
docker_conf.replace('%HTTPS_PROXY%', '')
x('chkconfig docker on')
x('service docker start')
version_obj.mark_executed()
#FW rule needed to access container through ports
#Sleep for docker to start completely before setting rule
x('sleep 10 && iptables -A syco_output -j DOCKER')
x('service iptables save')
version_obj.mark_executed()
def __init__(self, tx):
self.version = version.Version(tx)
self.input_count = input_count.InputCount(tx)
if self.input_count.value == 0:
self.segwit = segwit.Segwit(tx)
self.input_count = input_count.InputCount(tx)
else:
self.segwit = None
self.inputs = []
for i in range(self.input_count.value):
self.inputs.append(input.Input(tx))
self.output_count = output_count.OutputCount(tx)
self.outputs = []
for i in range(self.output_count.value):
self.outputs.append(output.Output(tx))
if self.segwit is not None:
for i in range(self.input_count.value):
self.witness_count = witness_count.WitnessCount(tx)
self.witnesss = []
if self.witness_count != 0:
for i in range(self.witness_count.value):
self.witnesss.append(witness.Witness(tx))
else:
self.witnesss.append(None)
self.locktime = locktime.Locktime(tx)
def checkUpdate_github(self):
import requests, json
latest = version.Version()
try:
page = requests.get(self.releaseApiUrl)
if page.status_code != 200:
log.i("request {} fail, check update fail!".format(
self.releaseApiUrl))
return False, None
releases = json.loads(page.content)
releasesInfo = []
for release in releases:
if release["prerelease"] or release["draft"]:
continue
tag = release["tag_name"]
name = release["name"]
body = release["body"]
ver = self.decodeTag(tag, name, body)
releasesInfo.append(
[ver, ver.major * 100 + ver.minor * 10 + ver.dev])
releasesInfo = sorted(releasesInfo,
key=lambda x: x[1],
reverse=True)
latest = releasesInfo[0][0]
if self.needUpdate(latest):
return True, latest
except Exception as e:
import traceback
traceback.print_exc()
return False, None
log.i("Already latest version!")
return False, latest
def install_freeradius(args):
'''
Install and configure the freeradius on the local host.
'''
app.print_verbose("Install FreeRadius version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallFreeRadius", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.get_ldap_admin_password()
_install_packages()
# Configure iptables
iptables.add_freeradius_chain()
iptables.save()
_configure_ldap()
_enable_ldap()
_configure_radius()
_setup_radius_clients()
x("/etc/init.d/radiusd restart")
version_obj.mark_executed()
def install_openvas(args):
'''
Install and configure openvas on the local host.
'''
app.print_verbose("Install OpenVAS version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallOpenVAS", SCRIPT_VERSION)
version_obj.check_executed()
_install_packages()
_disable_selinux()
iptables.add_openvas_chain()
iptables.save()
#
app.print_verbose("Get OpenVAS nvt.")
x("openvas-nvt-sync --wget &> /dev/null ")
#
app.print_verbose("Rebuild OpenVAS database.")
x("openvasmd --rebuild")
#
app.print_verbose("Add default OpenVAS admin user.")
x("openvasad -c 'add_user' -u admin -w admin --role=Admin")
_modify_configs()
_setup_default_database()
_start_all_services()
version_obj.mark_executed()
def install_cobbler(args):
'''
Install cobbler on current host.
'''
app.print_verbose("Install cobbler version: %d" % SCRIPT_VERSION)
version_obj = version.Version("installCobbler", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize password.
app.get_root_password_hash()
# Disable SELINUX it just messes with me.
x("echo 0 > /selinux/enforce")
general.set_config_property("/etc/selinux/config", '^SELINUX=.*',
"SELINUX=permissive")
_install_cobbler()
iptables.add_cobbler_chain()
iptables.save()
_modify_cobbler_settings()
_import_repos()
setup_all_systems(args)
# Start/Restart used services.
x("/etc/init.d/dhcpd restart")
version_obj.mark_executed()
def test_version__reset_file():
version_obj = version.Version("unittest-version", 1, '1.12.34b')
version_obj.mark_executed()
version_obj.reset_version_file()
assert os.path.exists(version_obj.config_file_name) == False
version_obj.mark_executed()
assert os.path.exists(version_obj.config_file_name) == True
def install_keepalived(args):
global SYCO_PLUGIN_PATH, ACCEPTED_KA_ENV, ka_env
SYCO_PLUGIN_PATH = app.get_syco_plugin_paths("/var/keepalived/").next()
ACCEPTED_KA_ENV = get_environments()
if len(args) != 2:
print_killmessage()
else:
ka_env = args[1]
if ka_env.lower() not in ACCEPTED_KA_ENV:
print_killmessage()
app.print_verbose("Install Keepalived version: %d" % script_version)
version_obj = version.Version("InstallKeepalived", script_version)
version_obj.check_executed()
os.chdir("/")
install_packages("keepalived")
_configure_keepalived()
# Adding iptables rules
iptables_setup()
save()
version_obj.mark_executed()
def install_openldap(args):
'''
Install openldap on current host.
'''
app.print_verbose("Install openldap script-version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallOpenLdap", SCRIPT_VERSION)
version_obj.check_executed()
initialize_passwords()
# Do the installation.
enable_selinux()
install_packages()
store_logs_on_file()
configure_ldap_client()
configure_openldap()
configure_sudo_in_ldap()
create_modules()
add_auditlog_overlay()
add_pwdpolicy_overlay()
add_user_domain()
create_certs()
enable_ssl()
require_highest_security_from_clients()
# Let clients connect to the server through the firewall. This is done after
# everything else is done, so we are sure that the server is secure before
# letting somebody in.
iptables.add_ldap_chain()
iptables.save()
version_obj.mark_executed()
def install_syco(args):
"""
Install/configure this script on the current computer.
"""
app.print_verbose("Install syco version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallSYCO", SCRIPT_VERSION)
version_obj.check_executed()
app.print_verbose("Install required packages for syco")
x("yum install pexpect python-crypto augeas -y")
app.print_verbose("Create symlink /sbin/syco")
set_syco_permissions()
if not os.path.exists('/sbin/syco'):
os.symlink('%sbin/syco.py' % SYCO_PATH, '/sbin/syco')
x("cat %syum/CentOS-Base.repo > /etc/yum.repos.d/CentOS-Base.repo" %
app.SYCO_VAR_PATH)
#Use augeas to set max kernels to 2 since more won't fit on /boot
from augeas import Augeas
augeas = Augeas(x)
augeas.set_enhanced("/files/etc/yum.conf/main/installonly_limit", "2")
version_obj.mark_executed()
def iptables_setup(args):
'''
Add all iptable rules.
'''
version_obj = version.Version("iptables-setup", SCRIPT_VERSION)
version_obj.check_executed()
# Rules that will be added on all server.
iptables_clear(args)
_drop_all()
create_chains()
_setup_general_rules()
setup_ssh_rules()
setup_dns_resolver_rules()
_setup_gpg_rules()
setup_installation_server_rules()
setup_proxy_rules()
add_service_chains()
_execute_private_repo_rules()
save()
version_obj.mark_executed()
def install_git_server(args):
app.print_verbose("Install Git-Server version: %d" % SCRIPT_VERSION)
version_obj = version.Version("InstallGit", SCRIPT_VERSION)
version_obj.check_executed()
# Get all passwords from installation user at the start of the script.
app.get_ldap_sssd_password()
x("yum -y install git")
setup_git_user()
setup_repo_folder()
create_empty_test_repo()
set_permission_on_repos()
# Deny user git to login on SSH
x("usermod --shell /usr/bin/git-shell git")
install_gitweb()
install_cgit()
# Configure apache
x("cp " + app.SYCO_PATH + "var/git/git.conf /etc/httpd/conf.d/git.conf")
_install_httpd_certificates()
_setup_ldap_auth()
x("/etc/init.d/httpd restart")
# Install startpage
shutil.copy(app.SYCO_PATH + "var/git/index.html",
"/var/www/html/index.html")
version_obj.mark_executed()
def install_rsyslogd(args):
"""
Install rsyslogd on the server.
"""
app.print_verbose("Install rsyslogd.")
version_obj = version.Version("InstallRsyslogd", SCRIPT_VERSION)
version_obj.check_executed()
# Installing packages
x("yum install rsyslog rsyslog-gnutls gnutls-utils -y")
# Autostart rsyslog at boot
x("chkconfig rsyslog on")
# Generation new certs if no certs exsists
if not os.path.exists('/etc/pki/rsyslog/ca.crt'):
rsyslog_newcerts(args)
# Add iptables chains
iptables.add_rsyslog_chain("server")
iptables.save()
# Restarting service
x("service rsyslog restart")
install_compress_logs()
# Configure logrotate
installLogrotate.install_logrotate(args)
version_obj.mark_executed()
def __init__(self):
self.version = 6.0
self.profile = profiles.Profile(self)
try:
self.profile.set_asset()
except Exception as e:
print(e)
messagebox.showerror("Error", "Internet Error, please verify your connection!")
shutil.rmtree("../.zombsAttack")
sys.exit()
self.tk = Tk()
self.tk.resizable(0, 0)
self.tk.title("ZombsAttack Lobby - OrangoMangoGames")
self.version_instance = version.Version(self)
self.version_instance.get_data()
self.check_update = self.version_instance.check()
self.canvas = Canvas(self.tk, width=500, height=300, bg="yellow")
self.canvas.pack()
self.canvas.create_text(3, 285, font="Calibri 8 bold", anchor="nw", text="Game made by OrangoMango (Paul Kocian, SCRIPT) and Dado14 (Andrea Pintus, DESIGN) v{0} (C) 2020".format(self.version))
self.playbutton = PlayButton(self)
self.helpbutton = HelpButton(self)
self.languagebutton = LanguageButton(self)
self.settingsbutton = SettingsButton(self)
self.statisticsbutton = StatisticsButton(self)
self.shopbutton = ShopButton(self)
self.canvas.tag_bind(self.playbutton.id, "<Button-1>", self.start)
self.canvas.tag_bind(self.helpbutton.id, "<Button-1>", self.helpbutton.click)
self.canvas.tag_bind(self.languagebutton.id, "<Button-1>", self.languagebutton.click)
self.profile.show_gui()
if self.check_update:
self.version_instance.show_gui()
self.go = False
def install_haproxy(args):
global CERT_SERVER, CERT_SERVER_PATH, CERT_COPY_TO_PATH, SYCO_PLUGIN_PATH, ACCEPTED_HAPROXY_ENV
CERT_SERVER = config.general.get_cert_server_ip()
CERT_SERVER_PATH = config.general.get_option('haproxy.remote_cert_path')
CERT_COPY_TO_PATH = config.general.get_option('haproxy.local_cert_path')
SYCO_PLUGIN_PATH = app.get_syco_plugin_paths("/var/haproxy/").next()
ACCEPTED_HAPROXY_ENV = get_environments()
if len(sys.argv) != 3:
print_killmessage()
else:
HAPROXY_ENV = sys.argv[2]
if HAPROXY_ENV.lower() not in ACCEPTED_HAPROXY_ENV:
print_killmessage()
app.print_verbose("Install HA Proxy version: %d" % script_version)
version_obj = version.Version("InstallHaproxy", script_version)
version_obj.check_executed()
os.chdir("/")
x("yum install -y tcl haproxy")
_configure_iptables()
_copy_certificate_files()
_configure_haproxy()
version_obj.mark_executed()
def uninstall_openvas(args):
'''
Uninstall openvas
'''
if (os.access("/etc/init.d/openvas-manager", os.F_OK)):
app.print_verbose("Stop all services.")
x("/etc/init.d/openvas-manager stop")
x("/etc/init.d/openvas-scanner stop")
x("/etc/init.d/gsad stop")
#
app.print_verbose("Remove packages and files.")
x("yum -y remove openvas-*")
x("rm -rf /var/lib/openvas")
x("rm /etc/yum.repos.d/atomic.repo")
#
app.print_verbose("Remove iptables rules.")
iptables.del_openvas_chain()
iptables.save()
#
app.print_verbose("Enabling SELINUX.")
x("echo 1 > /selinux/enforce")
selinuxconf = scOpen("/etc/selinux/config")
selinuxconf.replace("^SELINUX=.*", "SELINUX=enforcing")
#
app.print_verbose("Tell syco openvas is uninstalled.")
version_obj = version.Version("InstallOpenVAS", SCRIPT_VERSION)
version_obj.mark_uninstalled()
def install_bind_client(args):
'''
Setup current server to use syco dns server as recursive name server.
'''
app.print_verbose("Install bind client.")
version_obj = version.Version("InstallBindClient", SCRIPT_VERSION)
version_obj.check_executed()
# Iptables is already configured with iptables._setup_dns_resolver_rules
general.wait_for_server_to_start(
config.general.get_resolv_nameserver_server_ip(), "53")
# Set what resolver to use (this will be rewritten by networkmanager at
# reboot)
resolv = scOpen("/etc/resolv.conf")
resolv.remove("nameserver.*")
resolv.add("nameserver {0} ".format(
config.general.get_resolv_nameserver_server_ip()))
# Change config files for networkmanager.
x("""
grep -irl dns ifcfg*|xargs \
sed -i 's/.*\(dns.*\)[=].*/\\1={0}/ig'""".format(
config.general.get_resolv_nameserver_server_ip()),
cwd="/etc/sysconfig/network-scripts")
version_obj.mark_executed()
def iptables_setup(args):
'''
Add all iptable rules.
'''
version_obj = version.Version("iptables-setup", SCRIPT_VERSION)
version_obj.check_executed()
# Rules that will be added on all server.
iptables_clear(args)
_drop_all()
_create_chains()
_setup_general_rules()
_setup_ssh_rules()
_setup_mail_rules()
_setup_dns_resolver_rules()
_setup_gpg_rules()
_setup_installation_server_rules()
# Rules that will only be added on servers that has a specific service installed.
add_cobbler_chain()
add_glassfish_chain()
add_httpd_chain()
add_kvm_chain()
add_ldap_chain()
add_ntp_chain()
add_openvpn_chain()
add_mysql_chain()
add_mail_relay_chain()
add_monitor_chain()
_execute_private_repo_rules()
save()
version_obj.mark_executed()
def install_ossec_client(args):
'''
Install OSSEC Client on the server
'''
if os.path.exists('/var/ossec/bin/manage_agents'):
app.print_error("Not insalling OSSEC client since OSSEC server detected")
return
app.print_verbose("Install ossec client.")
version_obj = version.Version("InstallOssec", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.init_mysql_passwords()
build_ossec('preloaded-vars-client.conf')
_setup_conf()
_setup_keys()
# Enabling syslog logging
x('/var/ossec/bin/ossec-control enable client-syslog')
# Adding iptables rules
iptables.add_ossec_chain()
iptables.save()
# Restaring OSSEC server
x("service ossec restart")
x('yum remove gcc perl-Time-HiRes -y')
version_obj.mark_executed()
def install_rsyslogd_client(args):
'''
Install rsyslog client the server
'''
app.print_verbose("Install rsyslog client.")
# If rsyslogd is installed, raise exception.
version_obj = version.Version("InstallRsyslogd",
installRsyslogd.SCRIPT_VERSION)
version_obj.check_executed()
#
version_obj = version.Version("InstallRsyslogdClient", SCRIPT_VERSION)
version_obj.check_executed()
# Initialize all passwords used by the script
app.init_mysql_passwords()
#Enabling iptables before server has start
iptables.add_rsyslog_chain("client")
iptables.save()
# Wating for rsyslog Server to start
general.wait_for_server_to_start(config.general.get_log_server_hostname1(),
"514")
app.print_verbose("CIS 5.2 Configure rsyslog")
app.print_verbose("CIS 5.2.1 Install the rsyslog package")
general.install_packages("rsyslog rsyslog-gnutls")
app.print_verbose("CIS 5.2.2 Activate the rsyslog Service")
if os.path.exists('/etc/xinetd.d/syslog'):
x("chkconfig syslog off")
x("chkconfig rsyslog on")
_configure_rsyslog_conf()
_gen_and_copy_cert(args)
# Restaring rsyslog
x("/etc/init.d/rsyslog restart")
# Configure logrotate
installLogrotate.install_logrotate(args)
version_obj.mark_executed()
def updateVersionAttribDictAtCoord(self, req, x):
updates = req.worker_attr.get_updated_attr_sub()
if (len(req.worker_attr.get_updated_attr_res()) >= 1):
updates = req.worker_attr.get_updated_attr_res()
print('attr need to be updated', updates)
for (attr, val) in updates.items():
v = version.Version(time.time(), time.time(), val)
self.addVersionToAttribVersionDictionary(x, attr, v)
def uninstall_rsyslogd_client(args):
'''
Unistall rsyslog and erase all files
'''
x("yum erase rsyslog -y")
x("rm -rf /etc/pki/rsyslog")
version_obj = version.Version("InstallRsyslogdClient", SCRIPT_VERSION)
version_obj.mark_uninstalled()