a hzg@s~ddlmZgdZddlZddlmZmZddlZddlZddl Z ddl Z ddl Z ddl Tddl Z ddlmZddlmZddlTddlTddlTddlTddlTddlTddlTddlmZd d ZGd d d eZGd ddeZGdddeZGdddee j Z!GdddeZ"GdddeZ#GdddeZ$Gddde%e&e'ejZ(e)e(GdddejZ*e)e*dS))print_function) AnalyzeThreadAnalyzePluginReportReceiverTestPluginReportReceiverSETroubleshootDatabaseSETroubleshootDatabaseLocalLogfileAnalyzerN)GObjectGLib)*) cmp_to_key) get_config)validate_database_doccCs||k||kSN)xyrr:/usr/lib/python3.9/site-packages/setroubleshoot/analyze.py4rc@s<eZdZddZddZddZddZd d Zd d Zd S)PluginStatisticscCs0|j|_d|_d|_d|_d|_d|_d|_dSr) analysis_idnameanalyze_start_timeanalyze_end_timeanalyze_elapsed_timereport_start_timereport_end_timereport_elapsed_timeselfpluginrrr__init__=szPluginStatistics.__init__cCsRt|j}|jdur"d|j|fSt|j|j}t|j}d|j|||fSdS)Nz%s: %s elapsedz5%s: %s elapsed, %s analyze elapsed, %s report elapsed)format_elapsed_timerrrrr)r!rZtotal_elapsed_timerrrr__str__Fs    zPluginStatistics.__str__cCst|_dSr)timerr!rrr analyze_startRszPluginStatistics.analyze_startcCst|_|j|j|_dSr)r&rrrr'rrr analyze_endUs zPluginStatistics.analyze_endcCst|_dSr)r&rr'rrr report_startYszPluginStatistics.report_startcCst|_|j|j|_dSr)r&rrrr'rrr report_end\s zPluginStatistics.report_endN) __name__ __module__ __qualname__r#r%r(r)r*r+rrrrr;s   rc@s<eZdZddZddZddZddZd d Zd d Zd S)AnalyzeStatisticscCs(||_d|_g|_d|_d|_d|_dSr) num_plugins cur_plugincalled_plugins start_timeend_time elapsed_time)r!r0rrrr#es zAnalyzeStatistics.__init__cCsPd}d}t|j}|jdur8t|j}|r8t|j|}d||j|||fS)NzB%d/%d plugins in %s elapsed, avg plugin %s elapsed, plugins=[ %s ])lenr2r5r$r0called_plugins_to_string)r!r5Zavg_plugin_timeZn_calledrrrr%ms    zAnalyzeStatistics.__str__cCsddd|jDS)N cSsg|] }t|qSrstr.0rrrr {rz>AnalyzeStatistics.called_plugins_to_string..)joinr2r'rrrr7zsz*AnalyzeStatistics.called_plugins_to_stringcCst|_dSr)r&r3r'rrrstart}szAnalyzeStatistics.startcCst|_|j|j|_dSr)r&r4r3r5r'rrrends zAnalyzeStatistics.endcCs&t||_|j|j|jdSr)rr1r2appendr(r rrr new_plugins zAnalyzeStatistics.new_pluginN) r,r-r.r#r%r7r?r@rBrrrrr/cs  r/c@s$eZdZddZddZddZdS)rcCs$d|_t|_tdt|jdS)NzNumber of Plugins = %d) environmentZ load_pluginsplugins log_debugr6r'rrrr#szAnalyze.__init__cCs$t|j|j|j|j|j|jd}|S)N)hostaccessscontexttcontexttclasstpath)ZSEFaultSignaturerFrGrHrIrJrK)r!avcsigrrr get_signatureszAnalyze.get_signaturec Cstd|||jdur&t|_|jjdur>|jjt|j|j|j |j |j |j |j |j|j|j|j|||j|jjt|jj|dd}|jD]}z||}|dur<|jdkrtdWdS|jdur |jdkr |jdks|jdkr |j|_t|tr0|D]}|j|qn |j|Wqty}z\t|tj dt!!t!j"d |j#t$\}} } td %t&'| |j(|WYd}~qd}~00q|)|dS) Nzanalyze_avc() avc=%sZyellow) audit_eventsourcespathrKZ src_rpm_listZ tgt_rpm_listrHrIrJportrFrMrC line_numberslast_seen_datelocal_idlevelZwhitez!plugin level white, not reportingZredZgreenfilezPlugin Exception %s r8)*rEupdaterCZ SEEnvironmentrOrSsortZSEFaultSignatureInforPrQrKZsrc_rpmsZtgt_rpmsrHrIrJrRrFrN TimeStampZ timestamp generate_idrDanalyzerV isinstancelistZ plugin_listrA ExceptionprintsysstderrsyslogLOG_ERRrexc_infor> traceback format_tbremovereport_problem) r!rLreport_receiversiginfor"reportreZv1Zv2Zv3rrr analyze_avcs\          $zAnalyze.analyze_avcN)r,r-r.r#rNrprrrrrs rc@seZdZdddZddZdS)r cCs&tj|t|||_||_dSr) threadingThreadr#rqueuetimeout)r!rtrurrrr#s  zAnalyzeThread.__init__c Csz0|j\}}tdtd|||WnBtyr}z*ttjd|t t WYd}~n d}~00td |j t|j qdS)Nz)AnalyzeThread.run(): Cancel pending alarmrz!Exception during AVC analysis: %sz,AnalyzeThread.run(): Set alarm timeout to {})rtgetrEsignalalarmrpr`rdreZ syslog_tracerg format_excformatru)r!rLrkrorrrruns "zAnalyzeThread.runN)rq)r,r-r.r#r{rrrrrs rc@s$eZdZddZddZddZdS)rcCs ||_dSr)databaser!r|rrrr#szPluginReportReceiver.__init__c Csz0|j|j}|||j|tdWnNty~}z6|jtkrhtd|j |_ |j |}nWYd}~n d}~00|S)Nzsignature found in databaseznot in database yet) r|lookup_signaturerMZ update_mergemodify_siginforE ProgramErrorerrnoERR_NO_SIGNATURE_MATCHrTfirst_seen_date add_siginfo)r!rlZdatabase_siginfororrrrjs    z#PluginReportReceiver.report_problemcCs |jjSr)r|sigsZgenerate_local_idr'rrrr\ sz PluginReportReceiver.generate_idN)r,r-r.r#rjr\rrrrrsrcs$eZdZfddZddZZS)rcstt||dSr)superrr#r} __class__rrr#sz!TestPluginReportReceiver.__init__cCstd|jjdS)NzAnalysis Result: %s)rarMrr!rlrrrrjsz'TestPluginReportReceiver.report_problem)r,r-r.r#rj __classcell__rrrrrs rc@seZdZd2ddZddZddZdd Zd d Zd3d dZd4ddZ ddZ ddZ ddZ ddZ ddZddZddZdd Zd!d"Zd5d#d$Zd%d&Zd'd(Zd)d*Zd6d,d-Zd.d/Zd0d1ZdS)7rNcCs||_d|_t|||j|_t|_d|_d|_d|_ d|_ d|_ t ddt |_d|_t dd}|dur|}|rt||_td|jj|jj|jjf|dS) NFrr| max_alerts max_alert_agez.)keyrz5prune by age: max_alert_age=%s min_time_to_survive=%szprune by age: pruning [%s - %s]zprune by age: keeping [%s - %s]cSsg|] }|jqSrrMr<rlrrrr=Hrz0SETroubleshootDatabase.prune..T)prunecSsg|] }|jqSrrrrrrr=Orz*prune first %d alerts, len(sigs=%d sigs=%s) rrrsignature_listrZr r[rTrErzdelete_signaturer6)r!Zmin_time_to_surviveZkeeprlrrMrrrr3s2      0, zSETroubleshootDatabase.prunecCs ||_dSr)rr!rrrr set_notifyTsz!SETroubleshootDatabase.set_notifycCs2|jjD]$}|j|jkr|j}|j|_||_qdSr)rrrTr)r!rltmprrrvalidateWs   zSETroubleshootDatabase.validatecCsht|_|jdurdStj|jrTt|j}|tdkrT|j|jdt rTd|_ | | dS)NrrT) SEFaultSignatureSetrrospathexistsstatST_SIZEZ read_xml_filerrrr)r! stat_inforrrr_s   zSETroubleshootDatabase.loadFcCsj|jdurdStd|j|jf|s.||jd|jd|_d|_|jdurft |jd|_dS)Nz'writing database (%s) modified_count=%srTr) rrErrrZ write_xmlrrr Z source_remover!rrrrsavens   zSETroubleshootDatabase.savecCs^|jd7_|jdurdS|j|jks.|js:||n |jdurZt|jd|j |_dS)Nri) rrrrrrr Z timeout_addrauto_save_callbackrrrr mark_modified}s    z$SETroubleshootDatabase.mark_modifiedcCs td|j|jf|dS)Nz)auto_save database (%s) modified_count=%sF)rErrrr'rrrrsz)SETroubleshootDatabase.auto_save_callbackcCs:|jdurdStj|jr6td|jt|jdS)Nzdeleting database (%s))rrrrrErir'rrrris  zSETroubleshootDatabase.removecCs|jdSr)racquirer'rrrrszSETroubleshootDatabase.acquirecCs|jdSr)rreleaser'rrrrszSETroubleshootDatabase.releasecCsd}|j|}tdt|ddd|Dft|dkrHttt|dkrxtdt|ddd|Df|dj}|S)Nz1lookup_signature: found %d matches with scores %s,cSsg|]}d|jqSz%.2fZscorer;rrrr=rz;SETroubleshootDatabase.lookup_signature..rrcSsg|]}d|jqSrrr;rrrr=r)rZmatch_signaturesrEr6r>rrrl)r!rMrlmatchesrrrr~s $  $ z'SETroubleshootDatabase.lookup_signaturecCs2|j|}|dur.td|ttd||S)Nzlookup_local_id: %s not foundzid (%s) not found)rlookup_local_idrErZERR_SIGNATURE_ID_NOT_FOUND)r!rUrlrrrrs   z&SETroubleshootDatabase.lookup_local_idcCs.|j|}|jr"|jd|j||S)Nadd)rrrsignatures_updatedrUrrrrrrs  z"SETroubleshootDatabase.add_siginfocCs|jSr)rr'rrrget_propertiessz%SETroubleshootDatabase.get_propertiescCs8td||dkr|jSt}||}|||S)Nzquery_alerts: criteria=%sr )rErrrr)r!Zcriteriarrlrrr query_alertss   z#SETroubleshootDatabase.query_alertsc Cstd|z||}WnFty`}z.|jtkrJtdWYd}~dSWYd}~n d}~00|j||jr|jd|j | |dS)Nzdelete_signature: sig=%sSignature not found!delete) rEr~rrrrZremove_siginforrrUr)r!rMrrlrorrrrs   z'SETroubleshootDatabase.delete_signaturecCs"|jr|jd|j|dS)NZmodify)rrrUrrrrrrsz%SETroubleshootDatabase.modify_siginfoc Csttd||fz||}WnFtyd}z.|jtkrNtdWYd}~dSWYd}~n d}~00||}|S)Nz)evaluate_alert_filter: username=%s sig=%srignore)rEr~rrrZevaluate_filter_for_user)r!rMusernamerlroactionrrrevaluate_alert_filters  z,SETroubleshootDatabase.evaluate_alert_filterc Cstd||||fz||}WnFtyh}z.|jtkrRtdWYd}~dSWYd}~n d}~00||}|||||dS)Nz2set_user_data: username=%s item=%s data=%s sig= %sr)rEr~rrrZ get_user_dataZ update_itemr)r!rMritemdatarlroZ user_datarrr set_user_datas   z$SETroubleshootDatabase.set_user_datac Cstd|||fz||}WnFtyf}z.|jtkrPtdWYd}~dSWYd}~n d}~00||||||dS)Nz.set_filter: username=%s filter_type=%s sig= %sr)rEr~rrrZupdate_user_filterr)r!rMrZ filter_typerrlrorrr set_filters z!SETroubleshootDatabase.set_filtercCs|jj||_|dSr)rusersadd_useruserrr!rrrrrszSETroubleshootDatabase.add_usercCs|jj|Sr)rrget_userrrrrr szSETroubleshootDatabase.get_user)N)F)F)F)r)r,r-r.r#rrrrrrrrirrr~rrrrrrrrrrrrrrrrs. !     rc@s^eZdZejjdejejffejjdejejejffdZ ddZ ddZ ddZ d d Z dS) rN)rz async-errorcCs,tj|t|||_|j|dSr)r r# RpcManager|rr}rrrr#s  z$SETroubleshootDatabaseLocal.__init__cCs|j|dSr)r|rrrrrr$sz&SETroubleshootDatabaseLocal.set_notifyc Gstd|jj|jddd|D|f|j|}t|j|jd}|durdtt d|j|jjfz(|||_ d|_ |j dur|j g|_ Wn8ty}z |j |j g|_ d|_ WYd}~n d}~00|j durt|j|dS)Nz%s emit %s(%s) id=%srcSsg|] }t|qSrr9)r<argrrrr=(rz8SETroubleshootDatabaseLocal.emit_rpc..z'method %s not found in base class of %sZ method_returnZ error_return)rErr,methodr>Zasync_rpc_cachegetattrr|rZERR_METHOD_NOT_FOUNDZ return_argsZ return_typerstrerrorr idle_addZprocess_async_return)r!Zrpc_idtypeZrpc_defargsZ async_rpcfuncrorrremit_rpc's"*    z$SETroubleshootDatabaseLocal.emit_rpccCs"td||f|d||dS)Nz4signatures_updated() database local: type=%s item=%sr)rEemit)r!rrrrrr:sz.SETroubleshootDatabaseLocal.signatures_updated)r,r-r.r SignalFlagsRUN_LAST TYPE_PYOBJECTZ TYPE_STRINGZTYPE_INT __gsignals__r#rrrrrrrrsrc@sneZdZejjdejffejjdejffdZdddZ dddZ ddZ d d Z d d Z d dZddZdS)r N)progress state-changedcCsftj|td|jj|f||_d|_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_dS)Nz%s.__init__(%s))r r#rErr, logfile_pathrXfileno read_size record_readerrecord_receiveranalyzerrk idle_proc_idrr)r!rrrrr#Ks zLogfileAnalyzer.__init__c CsV|dur||_td|jj|jfz2t|j}|t|_t|j|_ |j |_ WnTt y}z.T)rErr,rXtaskr rrr'rrrr{szLogfileAnalyzer.runcCs|jdur&t|j|j}d|_d|_|j|jkrdddl}d|j|j|jf}t ||j |_||_ |j dur|j D]}||qx|js|dddS)NrzFfailed to read complete file, %d bytes read out of total %d bytes (%s)rg?)rXrreadrrrrrrrEZEIOrrcloseavc_event_handlerrr)r!new_dataZErrnorrOrrrrs"    zLogfileAnalyzer.closec csr|dd|jr\z8t|j|jd}|dkrJtd|j|Wnt y}z6|j |_ |j |_ ||dddVWYd}~nsL     ()Q x ,