KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64
User : nobody ( 99)
PHP Version : 5.2.17
Disable Function : NONE
Directory :  /proc/21573/root/usr/lib/python2.4/site-packages/setroubleshoot/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //proc/21573/root/usr/lib/python2.4/site-packages/setroubleshoot/analyze.pyo
m
3Uc@sdddddddgZdkZdkZdkZdkZdkZdkTdkZdk	Z	dk
Z
dkZdkZdk
Td	klZdkTdkTdkTdkTdkTdkTdkTdkTd
klZdefdYZd
efdYZdefdYZdeeifdYZdefdYZ defdYZ!defdYZ"de#e$e%ei&fdYZ'ei(e'dei&fdYZ)ei(e)dS(t
AnalyzeThreadtAnalyzetPluginReportReceivertTestPluginReportReceivertSETroubleshootDatabasetSETroubleshootDatabaseLocaltLogfileAnalyzerN(t*(s
get_config(svalidate_database_doctPluginStatisticscBs>tZdZdZdZdZdZdZRS(NcCsF|i|_d|_d|_d|_d|_d|_	d|_
dS(N(tplugintanalysis_idtselftnametNonetanalyze_start_timetanalyze_end_timetanalyze_elapsed_timetreport_start_timetreport_end_timetreport_elapsed_time(RR	((t:/usr/lib/python2.4/site-packages/setroubleshoot/analyze.pyt__init__:s					cCstt|i}|idjod|i|fSn=t|i|i}t|i}d|i|||fSdS(Ns%s: %s elapseds5%s: %s elapsed, %s analyze elapsed, %s report elapsed(	tformat_elapsed_timeRRRR
RRRttotal_elapsed_time(RRRR((Rt__str__CscCsti|_dS(N(ttimeRR(R((Rt
analyze_startOscCs&ti|_|i|i|_dS(N(RRRRR(R((Rtanalyze_endRscCsti|_dS(N(RRR(R((Rtreport_startVscCs&ti|_|i|i|_dS(N(RRRRR(R((Rt
report_endYs(t__name__t
__module__RRRRRR(((RR9s						tAnalyzeStatisticscBs>tZdZdZdZdZdZdZRS(NcCs:||_d|_g|_d|_d|_d|_dS(N(tnum_pluginsRR
t
cur_plugintcalled_pluginst
start_timetend_timetelapsed_time(RR!((RR`s					cCs|d}d}t|i}|idj	o1t|i}|ot|i|}q\nd||i|||i	fS(NsB%d/%d plugins in %s elapsed, avg plugin %s elapsed, plugins=[
%s
](
R
R&tavg_plugin_timetlenRR#tn_calledRR!tcalled_plugins_to_string(RR)R&R'((RRhscCs1dig}|iD]}|t|q~S(Ns
(tjoint_[1]RR#txtstr(RR,R-((RR*uscCsti|_dS(N(RRR$(R((RtstartxscCs&ti|_|i|i|_dS(N(RRR%R$R&(R((Rtend{scCs3t||_|ii|i|iidS(N(RR	RR"R#tappendR(RR	((Rt
new_plugins(RRRRR*R/R0R2(((RR _s		
			cBstZdZedZRS(NcCs4t|_totidt|indS(NsNumber of Plugins = %d(tload_pluginsRtpluginstdebugtlog_avcR((R((RRscCsRtotid|n|ito#tt|i}|i
nx|iD]}to|i||i
inyJ|i|}|dj	o*to|i
in|i|PnWn9tj
o-}tid|i|ii|nXto|i
iqYqYWto!|itidt|ndS(Nsanalyze_avc() avc=%ssPlugin Exception %s s*analyze_avc() audit_event=%s
statistics=%s(R5R6tavctupdatetprofileR R(RR4t
statisticsR/R	R2R"RtanalyzetreportR
Rtreport_receivertreport_problemt	Exceptiontet	exceptionR
tremoveR0t	log_statstinfotaudit_event(RR7R=tquery_environmentR@R	R<R:((Rtanalyze_avcs4




	
(RRRtTrueRG(((RRs	cBstZdZdZRS(NcCs*tii|ti|||_dS(N(t	threadingtThreadRRRtqueue(RRK((RRs
cCsdx]toUy)|ii\}}|i||Wqtj
o}t	i
d|qXqWdS(Ns!Exception during AVC analysis: %s(RHRRKtgetR7R=RGR?R@R6RA(RR@R=R7((Rtruns(RRRRM(((RRs	cBstZdZdZRS(NcCs
||_dS(N(tdatabaseR(RRN((RRscCsyN|ii|i}|i||ii|tot	idnWnwt
j
ok}|it
joOtot	idn|iii|_|i|_|ii|}qnX|id7_|S(Nssignature found in databasesnot in database yeti(RRNtlookup_signaturetsiginfotsigtdatabase_siginfotupdate_mergetmodify_siginfoR5tlog_databasetProgramErrorR@terrnotERR_NO_SIGNATURE_MATCHtsigstgenerate_local_idtlocal_idtlast_seen_datetfirst_seen_datetadd_siginfotreport_count(RRPR@RR((RR>s 
(RRRR>(((RRs	cBstZdZdZRS(NcCstt|i|dS(N(tsuperRRRRN(RRN((RRscCsd|iiGHdS(NsAnalysis Result: %s(RPRQR
(RRP((RR>s(RRRR>(((RRs	cBstZddZdZdZdZdZdZdZ	dZ
d	Zd
ZdZ
dZd
ZdZdZdZdZdZdZddZdZdZRS(NcCs||_d|_t|||i|_ti	|_
t|_d|_
d|_d|_d|_tddt|_d|_tdd}|dj	o*|i}|ot||_qnto,tid|ii|ii|iin|idS(NiiiRNt
max_alertst
max_alert_ages<created new database: name=%s, friendly_name=%s, filepath=%s(tfilepathRR
tnotifytSEDatabasePropertiesRt
friendly_namet
propertiesRItLocktlocktFalsetfile_existstmodified_counttauto_save_intervaltauto_save_thresholdtauto_save_timert
get_configtintRaRbtstriptparse_datetime_offsetR5RUtload(RRcRRfRb((RRs(								
	#cCs|ip|iptSn|iiid|iot}||i8}d}x3|iiD]%}|i|joPn|d7}qeW|djotot
id|i|it
id|iidii|ii|diit
id|ii|ii|iidiin|ii||i_qVn|io_t|ii|i}|djo5to*t
id||ii||i_qqndS(	NcCst|i|iS(N(tcmptaR\tb(RvRw((Rt<lambda>siis5prune by age: max_alert_age=%s min_time_to_survive=%ssprune by age: pruning [%s - %s]sprune by age: keeping [%s - %s]isprune first %d alerts(RRaRbRjRYtsignature_listtsortt	TimeStamptmin_time_to_survivetkeepRPR\R5RUtformatR((RRPR}R|((Rtprunes:
	


			

cCs
||_dS(N(RdR(RRd((Rt
set_notify"scCst|_|idjodSntii|ioTti|i}|t
djo-|ii|idto
t
|_qqn|idS(NiRY(tSEFaultSignatureSetRRYRcR
tostpathtexistststatt	stat_infotST_SIZEt
read_xml_filetvalidate_database_docRHRkR(RR((RRt%scCs|idjodSntotid|i|in|i|iid|it	|_
d|_|idj	oti
|id|_ndS(Ns'writing database (%s) modified_count=%sRYi(RRcR
R5RURlRRYt	write_xmlRHRkRotgobjectt
source_remove(R((Rtsave3s	
		cCs|id7_|idjodSn|i|ijp|io|in4|idjo#ti	|i
d|i|_ndS(Nii(RRlRcR
RnRkRRoRttimeout_addRmtauto_save_callback(R((Rt
mark_modifiedCscCs2totid|i|in|itS(Ns)auto_save database (%s) modified_count=%s(R5RURRcRlRRj(R((RROs
	
cCsd|idjodSntii|io2totid|inti|indS(Nsdeleting database (%s)(	RRcR
RRRR5RURB(R((RRBVscCs|iidS(N(RRitacquire(R((RR^scCs|iidS(N(RRitrelease(R((RRasc	Csd}|ii|}toHtidt	|di
g}|D]}|d|i
qB~nt	|djottn$t	|djottn|di}|S(Ns1lookup_signature: found %d matches with scores %st,s%.2fii(R
RPRRYtmatch_signaturesRQtmatchesR5tlog_sigR(R+R,R-tscoreRVRXtERR_MULTIPLE_SIGNATURE_MATCH(RRQRPRR,R-((RROds	?
cCs`|ii|}ton|djo2totid|ntt	d|n|S(Nslookup_local_id: %s not foundsid (%s) not found(
RRYtlookup_local_idR[RPR5R
RURVtERR_SIGNATURE_ID_NOT_FOUND(RR[RP((RRrs
cCsD|ii|}|io|iid|in|i|S(Ntadd(RRYR^RPRdtsignatures_updatedR[R(RRP((RR^}s


cCs|iS(N(RRg(R((Rtget_propertiesscCs\totid|n|djo|iSnt}|i|}|i||S(Nsquery_alerts: criteria=%sR(	R5RUtcriteriaRRYRRRPR^(RRRPRY((Rtquery_alertss
	
cCsltotid|n|i|}|ii||io|ii	d|i
n|idS(Nsdelete_signature: sig=%stdelete(R5RURQRRORPRYtremove_siginfoRdRR[R(RRQRP((Rtdelete_signatures
cCs2|io|iid|in|idS(Ntmodify(RRdRRPR[R(RRP((RRTs
cCs@totid||n|i|}|i|}|S(Ns)evaluate_alert_filter: username=%s sig=%s(	R5RUtusernameRQRRORPtevaluate_filter_for_usertaction(RRQRRPR((Rtevaluate_alert_filters
cCsctotid||||n|i|}|i	|}|i|||i|dS(Ns2set_user_data: username=%s item=%s data=%s sig=
%s(
R5RURtitemtdataRQRRORPt
get_user_datat	user_datatupdate_itemRT(RRQRRRRPR((Rt
set_user_datas	tcCsTtotid|||n|i|}|i||||i
|dS(Ns.set_filter: username=%s filter_type=%s sig=
%s(R5RURtfilter_typeRQRRORPtupdate_user_filterRRT(RRQRRRRP((Rt
set_filters	cCs&|iii||_|idS(N(RRYtuserstadd_userRtuserR(RR((RRscCs|iii|S(N(RRYRtget_userR(RR((RRs(RRR
RRRRtRRRRBRRRORR^RRRRTRRRRR(((RRs,	%													
	
			
		cBstZhdeieieieiff<deieieieieiff<ZdZ	dZ
dZdZRS(NRsasync-errorcCs:tii|ti|||_|ii|dS(N(RtGObjectRRt	RpcManageRNR(RRN((RRs
	cCs|ii|dS(N(RRNRRd(RRd((RRsc

GsOtoPtid|ii|idig}|D]}|t|q0~|n|i
|}t|i|id}|djo&ttd|i|iifny?|||_d|_|idj	o|ig|_nWn3tj
o'}	|	i|	ig|_d|_nX|idj	oti|i|ndS(Ns%s emit %s(%s) id=%sRs'method %s not found in base class of %st
method_returnterror_return(R5tlog_rpcRt	__class__Rtrpc_deftmethodR+R,targstargR.trpc_idtasync_rpc_cachet	async_rpctgetattrRNR
tfuncRVtERR_METHOD_NOT_FOUNDtreturn_argstreturn_typeR@RWtstrerrorRtidle_addtprocess_async_return(
RRttypeRRRR,RRR@((Rtemit_rpcs$>

 	cCs5totid||n|id||dS(Ns4signatures_updated() database local: type=%s item=%sR(R5RRRRtemit(RRR((RRs(
RRRtSIGNAL_RUN_LASTt	TYPE_NONEt
TYPE_PYOBJECTtTYPE_STRINGtTYPE_INTt__gsignals__RRRR(((RRs
T			cBstZhdeieieiff<deieieiff<ZddZ	ddZ
dZdZdZ
dZd	ZRS(
Ntprogresss
state-changedcCstii|totid|ii|n||_d|_
d|_d|_d|_
d|_d|_d|_d|_d|_d|_dS(Ns%s.__init__(%s)i(RRRRR5R6RRtlogfile_pathR
tfiletfilenot	read_sizet
record_readertrecord_receivertanalyzerR=tidle_proc_idRWR(RR((RRs										cCs|dj	o
||_nto tid|ii|inyGti|i}|t
|_t|i|_
|i
i|_Wn]tj
oQ}tid|ii|i|i|_|i|_|iddtSnXd|_d|_d|_d|_t|_|id|itii|i}dtii|d|_t d|d	|i|_!t"t"i#|_$t%|_&t'|_(t)d
dt*pt+|i!|_,nt-|i!|_,t.S(Ns%s.open(%s)s	%s.open()s
state-changedtstoppedif0.0Rsfile: %sRfttestR;(/RR
RR5R6RRRRRRt	file_sizetopenRRtEnvironmentErrorR@terrorRRWRRjtn_bytes_readt
line_counttrecord_countRt	cancelledRtbasenametlogfile_basenametsplitextRfRRNtAuditRecordReadertTEXT_FORMATRtAuditRecordReceiverRRRRptboolRR=RRH(RRRRR@((RRs>

 
						cCsFto tid|ii|inti|ii	|_
tS(Ns
%s.run(%s)(R5R6RRRRRRttasktnextRRH(R((RRM@s cCs|idj	o.ti|i|i}d|_d|_n|i|i	joBd|i|i	|i
f}ti
|ti|_||_n|idj	o+x(|iiD]}|i|qWn|ip|iddndS(NsFfailed to read complete file, %d bytes read out of total %d bytes (%s)Rf1.0(RRR
RtreadRRtnew_dataRRRRR6twarntErrnotEIORWRtcloseREtavc_event_handlerRR(RRRER((RRFs	



ccs|iddxX|ioMyUti|i|i}|djo,totid|i	n|i
nWnKtj
o?}|i
|_
|i|_|i
|iddtVnX|it|7_t|it|i|_|id|ixX|ii|D]D\}}}}}|i|||||tV|iotVqqWtVqW|iddtVdS(Ns
state-changedtrunningRs	EOF on %sRR(RRRRRRRR5R6RRRR@RWRRjRR(tfloatRRRtfeedtrecord_typetevent_idt	body_texttfieldstline_numbertnew_audit_record_handlerRHR(RRRR@RRRR((RR[s6


	
	cCsvtotid|n|ioJ|io<|idjo)t|}|i	i
||itndS(Ns"avc_event_handler() audit_event=%si(
R5R6REtis_avct
is_grantedtnum_recordstAVCR7RRRGR=Rj(RRER7((RRxs
.cCsvtotid|||n|id7_t|||||}x'|ii|D]}|i|q[WdS(s"called to enter a new audit recordsBnew_audit_record_handler() record_type=%s event_id=%s body_text=%siN(R5R6RRRRRtAuditRecordRRtaudit_recordRRRER(RRRRRRRER((RRs(RRRRRt
TYPE_FLOATRRR
RRRMRRRR(((RRsB&					(*t__all__RWRRRtQueuetsignalRtretsysRRItcommandsttypestsetroubleshoot.configRptsetroubleshoot.avc_audittsetroubleshoot.errcodetsetroubleshoot.logtsetroubleshoot.rpctsetroubleshoot.rpc_interfacestsetroubleshoot.signaturetsetroubleshoot.utiltsetroubleshoot.audit_datatsetroubleshoot.xml_serializeRtobjectRR RRJRRRRRtSETroubleshootDatabaseInterfacet%SETroubleshootDatabaseNotifyInterfaceRRt
type_registerR(RRRRRRRR
RRR RRRpRRRR	RIRRR((Rt?sB											

&')
"1


Anon7 - 2021