Current File : //opt/imunify360/venv/lib/python3.11/site-packages/im360/subsys/__pycache__/ossec.cpython-311.pyc
�

�*(i"��z�dZddlZddlZddlZddlZddlZddlZddlmZddl	m
Z
mZddlm
Z
ddlmZmZddlmZddlmZd	d
lmZmZeje��Zejd��ZedzZd
ZdZej dedej!diZ"ej ej#eej#ej!ej#iZ$gd�Z%dZ&dZ'ej(��Z)Gd�de*��Z+ed	���d���Z,d�Z-de.de/de/fd�Z0d/de1ddfd �Z2dee.fd!�Z3d"�Z4de/fd#�Z5d0d$�Z6d0d%�Z7d&eddfd'�Z8d1d)e/de
efd*�Z9d0d+�Z:d0d,�Z;d-e/ddfd.�Z<dS)2a�Module for managing OSSEC configuration.

We care about following aspects of OSSEC configuration:

* its relation to Imunify PAM module;
* rules configuration.

To cooperate with PAM module, OSSEC ships two configuration files:
ossec-no-pam.conf and ossec-pam.conf.  A symlink ossec.conf is created during
OSSEC packages installation that points to ossec-no-pam.conf.  On switching
PAM module on this symlink is changed to point to ossec-pam.conf.  Then OSSEC
services are restarted.

When PAM is disabled, similar operations are performed: symlink switched to
ossec-no-pam.conf and services are restarted.

Rules are downloaded from Imunify360 files server.  After downloading is
complete a hook is called which should update rules in OSSEC configuration
directory and restart OSSEC service.  Rules are copied into
/var/ossec/etc/VERSIONS/<version> directory.  Then symlinks are created
from /var/ossec/etc/dirname.d -> VERSIONS/<version>/dirname.
�N)�	lru_cache)�List�Optional)�svcctl)�
CheckRunError�	check_run)�LooseVersion)�files�)�
PamService�PamServiceStatusValuez/var/ossec/etc�VERSIONSz
ossec.conf�dovecotzrules_pam.d/320_pam_switch.xmlz&rules_pam.d/320_pam_switch_dovecot.xmlzrules_pam.d/320_pam_ftp.xml)�decoders�rules�	rules_pam�VERSION�c��eZdZdS)�OssecRulesErrorN)�__name__�
__module__�__qualname__���G/opt/imunify360/venv/lib/python3.11/site-packages/im360/subsys/ossec.pyrr>s�������Drr)�maxsizec�*�tjd��S)Nz
ossec-hids)r�adaptorrrr�_ossec_servicer Bs���>�,�'�'�'rc��t��}t���D]�\}}t|z���r`t
j||<tjt��5t|dzz�
��ddd��n#1swxYwY��t|dzz���rt
j||<��td�
|�����|S)N�	.disabledzAbsent rule {})�dict�PAM_RULES_NAMES�items�ETC_DIR�existsr
�enabled�
contextlib�suppress�FileNotFoundError�unlink�disabledr�format)�result�service�rules   r�_get_pam_config_stater2Gs$��
�V�V�F�(�.�.�0�0�A�A�
����d�N�"�"�$�$�	A�3�;�F�7�O��$�%6�7�7�
:�
:��D�;�.�/�7�7�9�9�9�
:�
:�
:�
:�
:�
:�
:�
:�
:�
:�
:����
:�
:�
:�
:�����+�,�
4�
4�
6�
6�	A�3�<�F�7�O�O�!�"2�"9�"9�$�"?�"?�@�@�@��Ms�1 B�B!	�$B!	�targetr(�returnc���t|z}t|dzz}d}|r,|���r|�|��d}n-|s+|���r|�|��d}|S)z/Check consistency of enabled/disabled rule filer"FT)r&r'�rename)r3r(�conf�
conf_disabled�config_changeds     r�_change_state_of_rulesr:Us����V��D��v��3�4�M��N���=�'�'�)�)�����T�"�"�"����
�����������M�"�"�"����rF�
pam_statusc��K�d}t��}||krQ|���D]<\}}||tvrdn(tt||tjk��z}�=|s|r]	t
������d{V��dS#t$r'}td�
|�����d}~wwxYwdS)z5Configure OSSEC to work with PAM enabled (if needed).FNzFailed to apply ossec rules {})r2r%r$r:r
r(r �restartrrr.)r;�
force_restartr9�
current_state�pam_service�state�excs       r�configure_for_pamrCds�����N�)�+�+�M��]�"�"�",�"2�"2�"4�"4�	�	��K�����6�6���+�#�K�0��2�:�:���
�N�N��P��P�	P� �"�"�*�*�,�,�,�,�,�,�,�,�,�,�,���	P�	P�	P�!�"B�"I�"I�#�"N�"N�O�O�O�����	P����P�Ps�/&B�
C�!"C�Cc��tj�tj�tj��t��}	t|��5}|�	���
��cddd��S#1swxYwYn2#t$r%}t�
d|��Yd}~nd}~wwxYwdS)z5Return version of OSSEC rules downloaded from server.Nz,Error '%s' occurs when reading version file.)�os�path�joinr
�Index�
files_path�OSSEC�
_VERSION_FILE�open�read�strip�OSError�logger�warning)rF�frBs   r�get_rules_versionrSys���
�7�<�<���.�.�u�{�;�;�]�K�K�D�L�
�$�Z�Z�	$�1��6�6�8�8�>�>�#�#�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$�	$����	$�	$�	$�	$�	$���L�L�L����E�s�K�K�K�K�K�K�K�K�����L�����4s<�B�&B�B�B�B�B�B�
C�&C�Cc�6�t��}|r|dSdS)Nr)�_sorted_versions)�versionss r�get_rules_installed_versionrW�s)���!�!�H�����{���rc��K�	tddg���d{V��n3#t$r&}t�d|��Yd}~dSd}~wwxYwdS)Nz/var/ossec/bin/ossec-logtestz-tz$Ossec configuration is not valid: %sFT)rrrP�error)rBs r�_is_conf_validrZ�s|������7��>�?�?�?�?�?�?�?�?�?�?���������;�S�A�A�A��u�u�u�u�u����������4s��
A�A�Ac	�0�tjtj�tj����}|tz������}tj
t��5tj
tt|z����ddd��n#1swxYwYt|dzz}tj
t��5tj
t|����ddd��n#1swxYwY|���t"D]:}tjt||z��t||dzz�����;|�t|z��dS)z@Copy new files to appropriate subdirectory in OSSEC config tree.N�.tmp�.d)�pathlib�Pathr
rHrIrJrK�	read_textrNr)r*r+�shutil�rmtree�str�
_VERSIONS_DIR�mkdir�_RULES_DIRS�copytreer6)�files_prefix�version�tmp_dir�dir_names    r�_do_prepare_new_versionrl�s����<��� 6� 6�u�{� C� C�D�D�L��m�+�6�6�8�8�>�>�@�@�G�	�	�.�	/�	/�4�4��
�c�-�'�1�2�2�3�3�3�4�4�4�4�4�4�4�4�4�4�4����4�4�4�4��w��/�0�G�	�	�.�	/�	/�$�$��
�c�'�l�l�#�#�#�$�$�$�$�$�$�$�$�$�$�$����$�$�$�$��M�M�O�O�O��
�
������x�'�(�(�#�g��D��.I�*J�*J�	
�	
�	
�	
��N�N�=�7�*�+�+�+�+�+s$�*B9�9B=�B=�*"D�D�Dc��rK�tj��}|�dt���d{V��dS)N)�asyncio�get_event_loop�run_in_executorrl)�loops r�_prepare_new_versionrr�sC�����!�#�#�D�
�
�
�t�%<�
=�
=�=�=�=�=�=�=�=�=�=rric��t�d|��tD]�}t|dzz}|���rJ|���r|���n!tjt|����|�
tt|��z|jz�
t������dS)z%Activate configuration for `version`.z+Selecting %s version of OSSEC configurationr]N)rP�inforfr&r'�
is_symlinkr,rarbrc�
symlink_tord�name�relative_to)rirw�	ossec_dirs   r�_switch_version_torz�s���
�K�K�=�w�G�G�G��

�

���t�d�{�+�	������	.��#�#�%�%�
.�� � �"�"�"�"��
�c�)�n�n�-�-�-�	���
�S��\�\�
)�I�N�
:�G�G��
�
�	
�	
�	
�	
�

�

rT�skip_invalidc�n��t�fd�t�d��D��d���S)z�Return a list of prepared OSSEC configuration versions.

    If `skip_invalid` is True (default) then only versions (directories) not
    ending in ".tmp" are returned.

    Versions are sorted in descending order (latest first).c3�Z�K�|]%}�r|jdk�t|j��V��&dS)r\N)�suffixr	rw)�.0�dr{s  �r�	<genexpr>z#_sorted_versions.<locals>.<genexpr>�sP�����	
�	
���	
�$%�8�v�#5�#5�
��� � �#5�#5�#5�#5�	
�	
r�*T)�reverse)�sortedrd�glob�r{s`rrUrU�sU����	
�	
�	
�	
�"�'�'��,�,�	
�	
�	
�
�
���rc��DK�	t��}n#t$r
t}YnwxYwt��}t	|d��t|��dkr)t
���d{V��st	|d��t|d����d{V��dS)zDSelect latest version if it is valid, or second to latest otherwise.rrNrT)r>)r2r�_PAM_CONFIG_DISABLEDrUrz�lenrZrC)�pam_config_staterVs  r�_select_versionr��s�����0�0�2�2�����0�0�0�/����0�����!�!�H��x��{�#�#�#�
�8�}�}�����(8�(8�"8�"8�"8�"8�"8�"8���8�A�;�'�'�'�
�,�D�
A�
A�
A�A�A�A�A�A�A�A�A�As��'�'c��d}td���D]h}tjtt	|��z��}|jdks|tkr"tjt	|�����c|dz
}�idS)NrFr�r\r)	rUr^r_rdrcr~�_VERSIONS_TO_KEEPrarb)�keptrirFs   r�_cleanup_old_versionsr��s����D�#��7�7�7�����|�M�C��L�L�8�9�9���;�&� � �D�,=�$=�$=��M�#�d�)�)�$�$�$�$��A�I�D�D��r�
is_updatedc��K�|sdSt4�d{V��t�dd���	t���d{V��t	���d{V��n9#t
tf$r%}t�d|��Yd}~nd}~wwxYwt��n#t��wxYw	ddd���d{V��dS#1�d{V��swxYwYdS)Ni�T)�exist_okz(Failed to update OSSEC configuration: %s)
�rules_update_lockrdrerrr�rOrrPrYr�)�_r�rBs   r�on_files_updater��s��������� �$�$�$�$�$�$�$�$����E�D��1�1�1�	$�&�(�(�(�(�(�(�(�(�(�!�#�#�#�#�#�#�#�#�#�#����)�	J�	J�	J��L�L�C�S�I�I�I�I�I�I�I�I�����	J����
"�#�#�#�#��!�#�#�#�#����#�$�$�$�$�$�$�$�$�$�$�$�$�$�$�$�$�$�$�$�$�$�$�$�$����$�$�$�$�$�$sL�C
�(A�B#�B�,B�B#�B�B#�C
�#B3�3C
�

C�C)F)r4N)T)=�__doc__rnr)�loggingrEr^ra�	functoolsr�typingrr�defence360agent.subsysr�defence360agent.utilsrr�defence360agent.utils.commonr	�im360r
�pamrr
�	getLoggerrrPr_r&rd�	CONF_NAME�DOVECOT�SSHD�FTPr$r-r�rfrKr��Lockr��	Exceptionrr r2rc�boolr:r#rCrSrWrZrlrrrzrUr�r�r�rrr�<module>r�sN����,������������	�	�	�	�����
�
�
�
�������!�!�!�!�!�!�!�!�)�)�)�)�)�)�:�:�:�:�:�:�:�:�5�5�5�5�5�5�������2�2�2�2�2�2�2�2�	��	�8�	$�	$��
�'�,�'�
(�
(���*�$�
��	�
���O�5��
5��N�1����O�*�3��
"�
+��N�)�2���1�0�0���
��� �G�L�N�N��	�	�	�	�	�i�	�	�	���1����(�(���(�����3����$�����P�P��P�d�P�P�P�P�*�8�C�=���������d�����,�,�,�,�&>�>�>�>�

��
��
�
�
�
�&��4��4��3E�����"
B�
B�
B�
B�����$��$�$�$�$�$�$�$�$r