a h@sddlmZddlmZddlZddlZddlTddlmZddlm Z ddl Z ddl m Z m Z e je dd e dd d d Zz ejaWneyej aYn0gd Zedkre je dd e dd dddl maddl m Z ddlTddlTddlTddlTddlmZddlTddlZddlTddl m!Z!ddl"Z"ddl#Z#ddZ$dZ%dZ&dZ'e%tde&tde'tdiZ(e%de&de'diZ)e%e&e'dZ*Gddde+Z,Gd d!d!e-Z.Gd"d#d#e-Z/Gd$d%d%e-Z0iZ1td&e1d'<td(e1d)<td*e1d+<td,e1d-<td.e1d/<td0e1d0<td1e1d1<td2e1d2<td3e1d3<td4e1d4<td5e1d5<td6e1d6<td7e1d7<d8d9Z2Gd:d;d;e-Z3Gdd?d?e-Z5Gd@dAdAe-Z6GdBdCdCe-Z7GdDdEdEe-Z8GdFdGdGe-Z9GdHdIdIe-Z:GdJdKdKe-Z;GdLdMdMe-ZdNdOZ?e9Z@e@Ae?dPe@jBdZCeCjDjEdZFeGeFjHeGdQeCjDeGe@e=Ie=>dNdkreGdRneGdSe=>dNe=JdS)T)absolute_import)print_functionN)*)range) cmp_to_key)parse_config_setting get_configZgeneralZi18n_text_domainZi18n_locale_dirT)domain localedirfallback)SignatureMatchSEFilterSEFaultSignatureSEFaultSignatureInfoSEFaultSignatureSetSEFaultSignatureUser SEEnvironmentSEDatabasePropertiesSEFaultUserInfoSEFaultUserSetSEPluginSEEmailRecipientSEEmailRecipientSet FILTER_NEVER FILTER_ALWAYSFILTER_AFTER_FIRST filter_text__main__)r r )ngettext)r)TemplatecCs||k||kSN)xyr!r!Qr%z Never Ignorez Ignore AlwayszIgnore After First Alertneveralways after_first)r)r*r+c@seZdZddZdS)r cCs||_||_dSr )siginfoscore)selfr,r-r!r!r$__init__oszSignatureMatch.__init__N)__name__ __module__ __qualname__r/r!r!r!r$r msr c seZdZddddddiddiddiddiddiddideddedddiddiddid Zfd d Zd d Zd dZddZZ S)r attributecCsdSNz1.0r!r!r!r!r$r%vr&zSEEnvironment.XMLFormdefaultr6elementr6import_typecast) versionplatformkernel policy_type policy_rpmlocal_policy_rpmenforceselinux_enabledselinux_mls_enabled policyvershostnameunamecstt||dSr )superrr/updater. __class__r!r$r/szSEEnvironment.__init__cCstdddl}ddl}t\|_|_|d|_td|j|_|j|_ t | |_ | }|dkrrd|_nd|_t||_t||_||_d||_dS)Nzupdating SEEnvironmentrz/etc/selinux/%s PermissiveZ Enforcing ) log_debugr<selinuxZget_os_environmentr=Zselinux_getpolicytyper>Zget_package_nvr_by_file_pathr?r@strZsecurity_policyversrDZsecurity_getenforcerAboolZis_selinux_enabledrBZis_selinux_mls_enabledrCnoderEjoinrF)r.r<rPrAr!r!r$rHs  zSEEnvironment.updatecCs || Sr )__eq__)r.otherr!r!r$__ne__szSEEnvironment.__ne__cCs2t|jD]}t||t||krdSqdS)NFT)list _xml_infokeysgetattr)r.rVnamer!r!r$rUszSEEnvironment.__eq__) r0r1r2booleanrYr/rHrWrU __classcell__r!r!rJr$rts"  rcsBeZdZdeddddeddddZeffdd ZZS) r r8cCstSr )rr!r!r!r$r%r&zSEFilter.r6r:r7cCsdSNrr!r!r!r!r$r%r&) filter_typecountcstt|||_dSr )rGr r/ra)r.rarJr!r$r/szSEFilter.__init__)r0r1r2intrYrr/r^r!r!rJr$r sr csdeZdZddideddddeddddedddd Zfd d Zd d ZdddZZ S)rr6r3cCsdSNFr!r!r!r!r$r%r&zSEFaultSignatureUser.r_cCsdSrdr!r!r!r!r$r%r&r8cCstSr )r r!r!r!r$r%r&)usernameZ seen_flagZ delete_flagfiltercstt|||_dSr )rGrr/rer.rerJr!r$r/szSEFaultSignatureUser.__init__cCs:||jvrttd||dkr*ttdt|||dS)Nz!item (%s) is not a defined memberrez changing the username is illegal)Z_names ProgramErrorZERR_NOT_MEMBERZERR_ILLEGAL_USER_CHANGEsetattr)r.itemdatar!r!r$ update_items   z SEFaultSignatureUser.update_itemNcCsXtdt|d|f|tks0|tks0|tkrHtdt|d|_dStd|dS)Nz%update_filter: filter_type=%s data=%sunknownzupdate_filter: !!!)raTzBad filter_type (%s)) rOmap_filter_value_to_namegetrrrr rf ValueError)r.rarkr!r!r$ update_filters z"SEFaultSignatureUser.update_filter)N) r0r1r2r]r rYr/rlrqr^r!r!rJr$rs  r directorydirZ semaphoreZsemz shared memoryZshmz message queueZmsgqmessagemsgfileZsocketprocessprocess2Z filesystemrS capability capability2cCs|ttvrt|S|Sr )rX class_dictrZ)tclassr!r!r$translate_classsr}cs eZdZdZfddZZS)AttributeValueDictionaryZ unstructuredcstt|dSr )rGr~r/rIrJr!r$r/sz!AttributeValueDictionary.__init__r0r1r2rYr/r^r!r!rJr$r~sr~c sZeZdZddddddidddded ded ddided d Zfd d ZZS) rr3cCsdS)Nz4.0r!r!r!r!r$r%r&zSEFaultSignature.r5r6r8Z operationr6rXr9)r;hostaccessscontexttcontextr|portc s4tt|t|D]\}}t|||qdSr )rGrr/rXitemsri)r.kwdskvrJr!r$r/szSEFaultSignature.__init__)r0r1r2 AvcContextrcrYr/r^r!r!rJr$rs  rcs8eZdZddiddddZfddZdd ZZS) rr6r8argr) analysis_idargscstt|||_||_dSr )rGrr/rr)r.rrrJr!r$r/ szSEPlugin.__init__cCst|j|jfSr )rQrrrIr!r!r$__str__szSEPlugin.__str__)r0r1r2rYr/rr^r!r!rJr$rs  rcseZdZddeddedddiddiddidddddddeddedddideddedddiddiddidedde dde ddedd d ddidd e dddiddiddid Z gd Z fddZ ddZddZddZddZddZddZdd0d1Zd2d3Zd4d5Zd?d6d7Z d8d9Z!d@d:d;Z"Z#S)Arr8Zpluginr6rXr:r9r6ZrpmrcCsdSr`r!r!r!r!r$r%+r&zSEFaultSignatureInfo.r_user) plugin_list audit_eventsourcespathtpath src_rpm_list tgt_rpm_listrrr|rsigZif_textZ then_textZdo_text environmentfirst_seen_datelast_seen_date report_countlocal_iduserslevelZfixableZ button_text) rrrrrrr|rrrc sxtt|t|D]\}}t|||qd|_g|_d}t dkrPd}zt |j |d|j _ Wn Yn0dS)NrLTrF)use_dbus)rGrr/rXrrirrosgetuidZget_rpm_nvr_by_scontextrrr@)r.rrrrrJr!r$r/9s zSEFaultSignatureInfo.__init__cCsV|j|jkr"|j|_|jd7_|jD]}t||t||q(|jdurR|j|_dSNrL)rr merge_includerir[r)r.r,r\r!r!r$ update_mergeJs   z!SEFaultSignatureInfo.update_mergecCs|jjSr )rr?rIr!r!r$get_policy_rpmVsz#SEFaultSignatureInfo.get_policy_rpmcCs(d|j|jj|jj|jd|jjfS)Nz%s,%s,%s,%s,%s,)rrtyperr|rTrrrIr!r!r$ get_hash_strYsz!SEFaultSignatureInfo.get_hash_strcCst|d}|S)Nzutf-8)hashlibZsha256rencodeZ hexdigest)r.hashr!r!r$get_hash\szSEFaultSignatureInfo.get_hashcCsB|jD]}|j|kr|Sqtd|t|}|j||S)Nznew SEFaultSignatureUser for %s)rrerOrappendr.rerr!r!r$ get_user_data`s     z"SEFaultSignatureInfo.get_user_datacCs,td|d}||}|dur(|j}|S)Nzfind_filter_by_username %s)rOrrf)r.rerf user_datar!r!r$find_filter_by_usernameis   z,SEFaultSignatureInfo.find_filter_by_usernameNcCs||}|||dSr )rrq)r.rerarkrr!r!r$update_user_filterrs z'SEFaultSignatureInfo.update_user_filtercCsTd}||}td||f|durP|dur4||_||}td|||f|S)Ndisplayz5evaluate_filter_for_user: found %s user's filter = %sz4evaluate_filter_for_user: found filter for %s: %s %s)rrOraevaluate_filter)r.reraactionfr!r!r$evaluate_filter_for_uservs  z-SEFaultSignatureInfo.evaluate_filter_for_usercCsb|j}d}|tkrd}n8|tkr6|jdkr0d}qPd}n|tkrDd}n td||jd7_|S)Nrrignorezunknown filter_type (%s)rL)rarrrbrrp)r.rfrarr!r!r$rs  z$SEFaultSignatureInfo.evaluate_filtercCs2t|tr&t|dkr d|SdSntdSdS)NrrN) isinstancerXlenrT default_text)r.Zrpm_listr!r!r$format_rpm_lists    z$SEFaultSignatureInfo.format_rpm_listcCsd|j|jfS)Nz %s [ %s ])rr|rIr!r!r$format_target_objectsz)SEFaultSignatureInfo.format_target_objectcCsTd}|jd}|dkr<|ddkrzSEFaultSignatureInfo.summaryFc st_g}d}|r:jD]}||j7}||dfqnVjD]N}jD]B}|j|jkrJ||j7}|t|j||t|jfq@qJq@|j t j dgd}d fdd|D}|D]$}||vr|D]\}} d|_ qqq||fS) Nr)Z allow_ypbind1r)Zmozilla_read_contentZ"mozilla_plugin_can_network_connectZmozilla_plugin_use_bluejeansZ$unconfined_mozilla_plugin_transitionrNcs g|]\}}|jj|qSr!) get_do_textrrecords).0parIr!r$ r&z4SEFaultSignatureInfo.get_plugins..F)Z load_pluginspluginsrrrrZ init_argstuplersortrrrTZ report_bug) r.allrtotal_priorityrZsolutionZnoreport_booleansZdo_textsbrr!rIr$ get_pluginss.       z SEFaultSignatureInfo.get_pluginscCst||jSr )rZsafe_substituter)r.txtr!r!r$ substituteszSEFaultSignatureInfo.substitutecsfdd|DS)Ncsg|]}|qSr!)r)rrrIr!r$r r&z9SEFaultSignatureInfo.substitute_array..r!)r.rr!rIr$substitute_array sz%SEFaultSignatureInfo.substitute_arrayc s|j}td}|ttd|j7}|ttd|j7}|ttd|7}|ttdt|j7}|ttdt|j 7}|ttdt|j 7}|r|ttdd 7}n|ttdt|j j 7}|ttd t| |j7}|ttd t| |j7}|ttd t|j7}|ttd t|j7}|ttdt|j7}|ttdt|j7}|ttdt|j7}|r|ttdd 7}n|ttdt|j7}|r|j}d |d<|ttdtd|7}n|ttdt|j7}|ttdt|j7}d}|ttd|j|7}|ttd|j|7}|ttdt|j7}|dtd7}d}|jjD]^jdkr|d d7}n6|djj!f7}|dfdd j"Dd7}q|d!|#7}z~d"}t$j%&|rrd#}t'|gt(t(d$} || )|d%7}t$j%*d&rj|d'7}t'|d(gt(t(d$} || )|d%7}||7}Wn Yn0||d7}|S))NzAdditional Information: zSource ContextzTarget ContextzTarget ObjectsZSourcez Source PathZPortZHostz (removed)zSource RPM PackageszTarget RPM PackageszSELinux Policy RPMzLocal Policy RPMzSelinux Enabledz Policy TypezEnforcing Modez Host NamerLZPlatformrNz Alert Countz%Y-%m-%d %H:%M:%S %Zz First Seenz Last SeenzLocal ID zRaw Audit MessagesrZAVCz type=%s msg=%s: csg|]}d|j|fqS)z%s=%s)fields)rrZ audit_recordr!r$r:r&z7SEFaultSignatureInfo.format_details..z Hash: z/usr/bin/audit2allowz audit2allow)stdinstdoutrz /var/lib/sepolgen/interface_infoz audit2allow -Rz-R)+rrZformat_2_column_name_valuerformatrrrrrrrrrrrr?r@rBr>rArErFsplitrTrrrrrr record_typeZto_textZevent_idZ fields_ordrrrZexistPopenPIPEZ communicateexists) r.replaceenvtextrFZ date_formatZavcbufZ audit2allowZnewbufrr!rr$format_details sl   &  z#SEFaultSignatureInfo.format_detailscOs@t}t}z(ddadda||i|W|a|aS|a|a0dS)zdefine.*untranslated\(.*\ncSs|dkr |S|Srr!)r"r#zr!r!r$r%Zr&z3SEFaultSignatureInfo.untranslated..cSs|Sr r!)r"r!r!r$r%[r&N)rr)r.funcrkwargsZsaved_translateP_Zsaved_translate_r!r!r$ untranslatedPsz!SEFaultSignatureInfo.untranslatedc Cs2||}||\}}|D]\}}td|jt|jt|ddf}||7}tt|dD]} |td7}qh|td7}| | |j j |} |td| 7}| | |j j |} |td| d| d d7}| ||j j |} |td | d| d d7}q"|td 7}|S) Nz0 ***** Plugin %s (%.4s confidence) suggests dg?Prrz Then rrLz Do z )rrrrrfloatrrrrZ get_if_textrrZ get_then_textlowerr) r.rrrrrrrtitleirr!r!r$ format_textas" ( $& z SEFaultSignatureInfo.format_text)N)N)F)F)FF)$r0r1r2rZ AuditEventrrcrrZ TimeStamprrYrr/rrrrrrrrrrrrrrrrrrrrrr^r!r!rJr$rs`         / " CrcsReZdZddddddideddddd d d Zfd d ZddZZS)rr3cCsdSr4r!r!r!r!r$r%|r&zSEFaultUserInfo.r5r6r8cCsdSrdr!r!r!r!r$r%~r&r_ email_addressr)r;reZ email_alertemail_address_listcstt|||_dSr )rGrr/rergrJr!r$r/szSEFaultUserInfo.__init__cCs||jvr|j|dSr )rr)r.rr!r!r$add_email_addresss z!SEFaultUserInfo.add_email_address)r0r1r2r]rYr/rr^r!r!rJr$rzs  rcsHeZdZddddddeddZfd d Zd d Zd dZZS)rr3cCsdSr4r!r!r!r!r$r%r&zSEFaultUserSet.r5r8rr)r; user_listcstt|dSr )rGrr/rIrJr!r$r/szSEFaultUserSet.__init__cCs"|jD]}||jkr|SqdSr )rrerr!r!r$get_users   zSEFaultUserSet.get_usercCs*||durdSt|}|j||Sr )rrrrrr!r!r$add_users  zSEFaultUserSet.add_user) r0r1r2rrYr/rrr^r!r!rJr$rs    rcseZdZdddddeddddded d Zfd d Zd dZddZddZ ddZ ddZ ddZ de jfddZZS)rr3cCs dttfS)Nz%d.%d)ZDATABASE_MAJOR_VERSIONZDATABASE_MINOR_VERSIONr!r!r!r$r%r&zSEFaultSignatureSet.r5r8cCstSr )rr!r!r!r$r%r&r_r,r)r;rsignature_listcstt|dSr )rGrr/rIrJr!r$r/szSEFaultSignatureSet.__init__ccs|jD] }|VqdSr rr.r,r!r!r$siginfoss zSEFaultSignatureSet.siginfoscCs|j||Sr )rrrr!r!r$ add_siginfos zSEFaultSignatureSet.add_siginfocCs|j|dSr )rremoverr!r!r$remove_siginfosz"SEFaultSignatureSet.remove_siginfocCs g|_dSr rrIr!r!r$clearszSEFaultSignatureSet.clearcCs ttSr )rQuuidZuuid4rIr!r!r$generate_local_idsz%SEFaultSignatureSet.generate_local_idcCs.|dur dS|jD]}|j|kr|SqdSr )rr)r.rr,r!r!r$lookup_local_ids    z#SEFaultSignatureSet.lookup_local_idexactc Cst|}d}|dkrd}n(t|tr:t|}d|}n td|g}|jD]} d} | j} |D]8} t|| t| | kr|rd} q| |7} qb|rbd} qqb|r| dkr| t | | qP| |krP| t | | qP|j t ddd |S) NFrTg?zunknown criteria = %sgcSst|j|jSr )rr-)rrr!r!r$r%r&z6SEFaultSignatureSet.match_signatures..r) rXrZrrrrprrr[rr rr) r.patZcriteriaZxml_infoZ match_targetsrZnum_match_targetsZscore_per_match_targetmatchesr,r-rr\r!r!r$match_signaturess6      z$SEFaultSignatureSet.match_signatures)r0r1r2rrrYr/rr r r rrrrr^r!r!rJr$rs    rcs6eZdZddiddiddidZdfdd ZZS)rr6r8)r\ friendly_namefilepathNcs<tt||dur||_|dur*||_|dur8||_dSr )rGrr/r\rr)r.r\rrrJr!r$r/szSEDatabaseProperties.__init__)NNNrr!r!rJr$rs rcs@eZdZddideddddZd fdd Zd d ZZS) rr6r8cCstSr )rr!r!r!r$r%r&zSEEmailRecipient.r_)addressraNcs&tt|||_|dur"||_dSr )rGrr/rra)r.rrarJr!r$r/szSEEmailRecipient.__init__cCsd|jt|jdfS)Nz%s:%srm)rrnrorarIr!r!r$rszSEEmailRecipient.__str__)N)r0r1r2rcrYr/rr^r!r!rJr$rs rcsneZdZddddddeddZdfd d Zd d ZddZefddZ ddZ ddZ ddZ Z S)rr3cCsdS)Nrr!r!r!r!r$r% r&zSEEmailRecipientSet.r5r8 recipientr)r;recipient_listNcs tt||dur||_dSr )rGrr/r)r.rrJr!r$r/szSEEmailRecipientSet.__init__cCsddd|jDS)NrcSsg|] }t|qSr!)rQ)rr"r!r!r$rr&z/SEEmailRecipientSet.__str__..)rTrrIr!r!r$rszSEEmailRecipientSet.__str__cCs*|}|jD]}||jkr|SqdSr )striprr)r.rrr!r!r$ find_addresss    z SEEmailRecipientSet.find_addresscCsP|}t|s$ttd|ddS||}|dur:dS|jt||dS)Nz address='%s'Zdetail)rZvalid_email_addressrhERR_INVALID_EMAIL_ADDRrrrr)r.rrarr!r!r$ add_address s zSEEmailRecipientSet.add_addresscCs g|_dSr )rrIr!r!r$clear_recipient_list+sz(SEEmailRecipientSet.clear_recipient_listc Csddl}|d}|d}|d}ddddddddd}z t|}Wn:ty}z"ttd||jfd WYd}~n d}~00||D]} | d | } | } | r| | } | r| d } | d } d} | rH| | D]^} | d }| d }|dkr6t|d} | durFtd|| fqtd|| fqz|| | Wqty}z(|jtkrt|jn|WYd}~qd}~00q|dS)Nrz#.*z(\S+)(\s+(.+))?z(\w+)\s*=\s*(\S+)TF)ZenabledtruerZonZdisabledZfalsenoZoff%s, %srrrLraz(unknown email filter (%s) for address %sz(unknown email option (%s) for address %s)rcompileopenIOErrorrh ERR_FILE_OPENstrerrorr readlinesrrsearchgroupfinditermap_filter_name_to_valuerorrOrerrnorclose)r.rrZ comment_reZentry_reZ key_value_reZ map_booleanrelinematchroptionsraoptionrr!r!r$parse_recipient_file.sV     ,          z(SEEmailRecipientSet.parse_recipient_filec Cszt|d}Wn:tyH}z"ttd||jfdWYd}~n d}~00|jD]"}t|j}|d|j |fqP| dS)Nwr!rz%-40s filter_type=%s ) r%r&rhr'r(rrnrawriterr/)r.rrr0rrar!r!r$write_recipient_filefs,  z(SEEmailRecipientSet.write_recipient_file)N)r0r1r2rrYr/rrrrrr5r8r^r!r!rJr$r s   8rrLzaudit_listener_database.xmlsigszsiginfo.audit_event=%sz Memory OKzMemory leak %d bytes)KZ __future__rrZsixZsyslog subprocessZ six.movesr functoolsrgettextZsetroubleshoot.configrr translationZugettextrAttributeError__all__r0installrrZsetroubleshoot.errcodeZsetroubleshoot.utilZsetroubleshoot.xml_serializeZsetroubleshoot.html_utilZsetroubleshoot.uuidr Zsetroubleshoot.audit_datartypesstringrrrrrrrrrnr-objectr Z XmlSerializerr rr{r}r~rrrrrrrrrZlibxml2Z debugMemoryZxml_filer9Z read_xml_filerr,rrrecordprintrZ cleanupParserZ dumpMemoryr!r!r!r$s              6 !             gHk