KGRKJGETMRETU895U-589TY5MIGM5JGB5SDFESFREWTGR54TY
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17
System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64
User : nobody ( 99)
PHP Version : 5.2.17
Disable Function : NONE
Directory :  /proc/21573/root/usr/lib/python2.4/site-packages/setroubleshoot/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //proc/21573/root/usr/lib/python2.4/site-packages/setroubleshoot/signature.pyc
m
3Uc@sdddddddddd	d
ddd
dddgZdkZdklZlZeidedddedddededddklZedhde	<dd<d kTd!klZd k
Td kTd kTd kTd k
TdkiZd kTdkZdkZd kTd"Zd#Zd$Zheed%<eed&<eed'<Zhed(<ed)<ed*<Zhd(e<d)e<d*e<Zdefd+YZdefd,YZdefd-YZdefd.YZ defd/YZ!d0efd1YZ"defd2YZ#defd3YZ$d	efd4YZ%d
efd5YZ&defd6YZ'defd7YZ(defd8YZ)defd9YZ*e+d:jodk,Z,e,i-d;d<Z.e'Z/e/i0e.d=e/i1d"Z2e2i3i4d"Z5e5i6GHd>e2i3GHe/GHe,i7e,i-d;d"jo	d?GHnd@e,i-d;GHe,i8ndS(AtSignatureMatchtSEFiltertSEFaultSignaturetSEFaultSignatureInfotSEFaultSignatureSettSEFaultSolutiontSEFaultSignatureUsert
SEEnvironmenttSEDatabasePropertiestSEFaultUserInfotSEFaultUserSettSEEmailRecipienttSEEmailRecipientSettFILTER_NEVERt
FILTER_ALWAYStFILTER_AFTER_FIRSTtfilter_textN(sparse_config_settings
get_configtdomaintgeneralti18n_text_domaint	localedirti18n_locale_dirtunicodetcodesett
i18n_encoding(slog_initttesttconsoletleveltdebug(t*(s
get_configiiisNever Ignores
Ignore AlwayssIgnore After First Alerttnevertalwaystafter_firstcBstZdZRS(NcCs||_||_dS(N(tsiginfotselftscore(R"R!R#((t</usr/lib/python2.4/site-packages/setroubleshoot/signature.pyt__init__^s	(t__name__t
__module__R%(((R$R]scBstZhdhdd<dd<<dhdd<<dhdd<<d	hdd<<d
hdd<<dhdd<<dhdd<d
e<<dhdd<d
e<<dhdd<<dhdd<<dhdd<<ZdZdZdZdZRS(NtversiontXMLFormt	attributetdefaultcCsdS(Ns1.0((((R$t<lambda>estplatformtelementtkerneltpolicy_typet
policy_rpmtenforcetselinux_enabledtimport_typecasttselinux_mls_enabledt
policyversthostnametunamecCstt|idS(N(tsuperRR"R%(R"((R$R%rscCsdk}t\|_|_tid|_td|_t	ti
|_ti}|djo
d|_
n
d|_
tti|_tti|_|i|_di|i|_dS(Nisselinux-policyit
Permissivet	Enforcingt (R-tget_os_environmentR"R/tselinuxtselinux_getpolicytypeR0tget_rpm_nvr_by_name_temporaryR1tstrtsecurity_policyversR6tsecurity_getenforceR2tbooltis_selinux_enabledR3tis_selinux_mls_enabledR5tnodeR7tjoinR8(R"R2R-((R$tupdateus	

	cCs|i|S(N(R"t__eq__tother(R"RK((R$t__ne__scCsEx>|iiD]-}t||t||jotSqqWtS(N(R"t	_xml_infotkeystnametgetattrRKtFalsetTrue(R"RKRO((R$RJs
(R&R'tbooleanRMR%RIRLRJ(((R$Rcs
			cBstZhdhdd<dd<<dhdd<de<<d	hdd<de<<d
hdd<de<<dhdd<<dhdd<d
d<<dhdd<<dhdd<<ZdZRS(NR(R)R*R+cCsdS(Ns1.0((((R$R,stsummaryR.texport_typecasttproblem_descriptiontfix_descriptiontfix_cmdtrpm_listtlisttrpmtrpm_versiontpolicy_versioncCs;tt|i||_||_||_||_dS(N(R9RR"R%RTRVRWRX(R"RTRVRWRX((R$R%s
			(R&R'tstring_to_cdata_xmlnodeRMR%(((R$Rs
cBshtZhdhdd<de<dd<<dhdd<de<dd<<Zed	ZRS(
Ntfilter_typeR)R.R4R+cCstS(N(R
(((R$R,stcountcCsdS(Ni((((R$R,scCs tt|i||_dS(N(R9RR"R%R_(R"R_((R$R%s(R&R'tintRMR
R%(((R$RsTcBstZhdhdd<<dhdd<de<dd<<dhdd<de<dd	<<d
hdd<de<dd<<Zd
ZdZddZRS(NtusernameR)R*t	seen_flagR4R+cCstS(N(RQ(((R$R,stdelete_flagcCstS(N(RQ(((R$R,stfilterR.cCstS(N(R(((R$R,scCs tt|i||_dS(N(R9RR"R%Rb(R"Rb((R$R%scCs[||ijottd|n|djottdnt|||dS(Ns!item (%s) is not a defined memberRbs changing the username is illegal(titemR"t_namestProgramErrortERR_NOT_MEMBERtERR_ILLEGAL_USER_CHANGEtsetattrtdata(R"RfRl((R$tupdate_items

cCsto#tidti|d|n|tjp|tjp
|tjo2totidnt	d||_tSnt
d|dS(Ns%update_filter: filter_type=%s data=%stunknownsupdate_filter: !!!R_sBad filter_type (%s)(Rtlog_sigtmap_filter_value_to_nametgetR_RlR
RRRR"ReRRt
ValueError(R"R_Rl((R$t
update_filters#'(	R&R'RSRRMR%RmtNoneRs(((R$Rs			tAttributeValueDictionarycBstZdZdZRS(NtunstructuredcCstt|idS(N(R9RuR"R%(R"((R$R%s(R&R'RMR%(((R$RuscBstZhdhdd<dd<<dhdd<<dhdd<<d	hdd<d
d<<dhdd<d
e<<dhdd<d
e<<dhdd<<dhdd<<dhdd<d
e<<ZdZRS(NR(R)R*R+cCsdS(Ns3.0((((R$R,stanalysis_idR.thosttaccessRZt	operationtscontextR4ttcontextttclassttpathtportcKsDtt|ix*|iD]\}}t|||q WdS(N(	R9RR"R%tkwdstitemstktvRk(R"RRR((R$R%s
(R&R't
AvcContextRaRMR%(((R$RscBstZhdhdd<<dhdd<de<<dhdd<<dhdd<<dhdd<<d	hdd<d
d<<dhdd<d
d<<d
hdd<de<<dhdd<de<<dhdd<<dhdd<de<<dhdd<<dhdd<de<<dhdd<de<<dhdd<<dhdd<de<<dhdd<d
d<de<<dhdd<de<<dhdd<de<<dhdd<de<dd<<dhdd<<dhdd<d
d<de	<<Z
ddd	dd
dddddddgZd Zd!Z
d"Zd#Zed$Zed%Zd&Zd'Zd(Zd)Zd*d+d,Zd-ZRS(.NRwR)R.taudit_eventR4tsourcetspathR~tsrc_rpm_listRZR[ttgt_rpm_listR{R|R}RRxtsigtsolutiontcategorytenvironmenttline_numberstlinetfirst_seen_datetlast_seen_datetreport_countR+cCsdS(Ni((((R$R,stlocal_idtuserstusercKsDtt|ix*|iD]\}}t|||q WdS(N(	R9RR"R%RRRRRk(R"RRR((R$R%s
cCsIx*|iD]}t||t||q
Wt|i|i|_dS(N(R"t
merge_includeRORkRPR!tmerge_listsR(R"R!RO((R$tupdate_merges
cCsgx)|iD]}|i|jo|Sq
q
Wtotid|nt|}|ii||S(Nsnew SEFaultSignatureUser for %s(R"RRRbRRoRtappend(R"RbR((R$t
get_user_datas
cCsNtotid|nd}|i|}|dj	o
|i}n|S(Nsfind_filter_by_username %s(RRoRbRtReR"Rt	user_data(R"RbRRe((R$tfind_filter_by_username#s

cCs#|i|}|i||dS(N(R"RRbRRsR_Rl(R"RbR_RlR((R$tupdate_user_filter-scCsd}|i|}totid||n|dj	oN|dj	o
||_n|i	|}tot
id|||qn|S(Ntdisplays5evaluate_filter_for_user: found %s user's filter = %ss4evaluate_filter_for_user: found filter for %s: %s
%s(tactionR"RRbtfRtlog_rpcRtR_tevaluate_filtert	log_alert(R"RbR_RR((R$tevaluate_filter_for_user1s


	cCs|i}d}|tjo
d}nY|tjo$|idjo
d}q~d}n(|tjo
d}ntd||id7_|S(NRitignoresunknown filter_type (%s)i(ReR_RR
RR`RRr(R"ReR_R((R$R?s	






cCsJt|to,t|djodi|SqFdSntdSdS(NiR<t(t
isinstanceRYRZtlenRHtdefault_textRt(R"RY((R$tformat_rpm_listRs
cCsd|i|ifS(Ns	%s [ %s ](R"R~R}(R"((R$tformat_target_object[scCsEtd}|iidjod||iifSn|iiSdS(NsmSELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.R:s%<font color="FF0000">[%s]</font><p>%s(t_tpermissive_msgR"RR2RRV(R"R((R$t#description_adjusted_for_permissive^st000000s#FFFFFFcCs|i}|ii}|i}|ii}|ii	}|idjo
d}
nA|ii
dig}
|iD]}|
t|qt~
}
d||f}d|}	d}|o|dtd|f7}nd}|d|7}|d	7}||td
7}||	|7}||td7}||	|7}||td7}||	|7}||td
7}||	d7}|d7}d|}|d7}||tdt|iif7}||tdt|iif7}||tdt|if7}||tdtt|if7}||tdtt|i f7}||tdtt|i!f7}||tdtt|i"f7}||tdtt|i#|i$f7}||tdtt|i#|i%f7}||tdtt|i&f7}||tdtt|i'f7}||tdtt|i(f7}||tdtt|i)f7}||tdtt|i*f7}||tdtt|i+i,f7}||td tt|i-f7}||td!tt|i.f7}||td"tt|i/f7}||td#tt0|i1f7}||td$tt0|i2f7}||td%tt|i3f7}||td&tt|
f7}|d'7}||td(d)7}|d*7}x4|i4i5D]&}|tt|7}|d*7}qjW|d+7}|S(,Ns, s;<tr bgcolor="%s"><td><font color="%s">%%s</font></td></tr>
s.<tr><td><font color="%s">%%s</font></td></tr>
s<p>%s
s<br><br>%s<pre>%s</pre>s-The following command will allow this access:Rs<table bgcolor=%s><tr><td>
s5<table width="100%" cellspacing="1" cellpadding="1">
tSummarysDetailed DescriptionsAllowing AccesssAdditional Informations	</table>
sG<tr><td><font color="%s">%%s:&nbsp;&nbsp;</td><td>%%s</font></td></tr>
s3<table border="0" cellspacing="1" cellpadding="1">
sSource ContextsTarget ContextsTarget ObjectstSourcesSource PathtPorttHostsSource RPM PackagessTarget RPM Packagess
Policy RPMsSelinux EnabledsPolicy TypesMLS EnabledsEnforcing ModesPlugin Names	Host NametPlatformsAlert Counts
First Seens	Last SeensLocal IDsLine Numberss</table>sRaw Audit Messagess:<br>s<br>s</td></tr></table>
(7R"RtenvRRTRtdescriptionRWtfixRXtfixcmdRRttsortRHt_[1]txRAtforeground_colortbackground_colorttr1_fmtttr2_fmttp_fmtRthtmltescape_htmlR{tformatR|RRRRRRxRRRR1R3R0R5R2RRwR7R8Rtdefault_date_textRRRRtrecordstaudit_record(R"RRRRRRRRRRRRTRRR((R$tformat_htmlesv	

3




))&))))22))))),))))))&



cCs|i}|ii}|i}|ii}
|ii	}|idjo
d}nM|ii
dig}|iD]}	|t|	qt~}t|}d}|tdtdd|7}|td7}|tdtdd|7}|td7}|tdtdd|
7}|o<|td7}|tdtd	d
7}||7}n|td7}|tdtdd7}|ttd|ii7}|ttd
|ii7}|ttd|i7}|ttdt|i7}|ttdt|i7}|ttdt|i7}|ttdt|i7}|ttdt|i|i 7}|ttdt|i|i!7}|ttdt|i"7}|ttdt|i#7}|ttdt|i$7}|ttdt|i%7}|ttdt|i&7}|ttdt|i'i(7}|ttdt|i)7}|ttdt|i*7}|ttdt|i+7}|ttdt,|i-7}|ttdt,|i.7}|ttd t|i/7}|ttd!t|7}|d"7}|ttd#d"7}x.|i0i1D] }|t|7}|d"7}qW|d"7}|S($Ns, Rs<h1>Rs:</h1>s<p>sDetailed DescriptionsAllowing Accesss-The following command will allow this access:s</h1><p>sAdditional InformationsSource ContextsTarget ContextsTarget ObjectsRsSource PathRRsSource RPM PackagessTarget RPM Packagess
Policy RPMsSelinux EnabledsPolicy TypesMLS EnabledsEnforcing ModesPlugin Names	Host NameRsAlert Counts
First Seens	Last SeensLocal IDsLine Numberss
sRaw Audit Messages(3R"RRRRTRRRWRRXRRRtRRHRRRAthtml_to_textttextRtformat_2_column_name_valueR{RR|RRRRRRxRRRR1R3R0R5R2RRwR7R8RRRRRRRR(R"RRRRRRTRRRR((R$tformat_textsh	

3"""""""""++"""""%""""""


(R&R't
AuditEventRRaRRRt	TimeStampRRMRR%RRRRtRRRRRRRR(((R$Rs 0*			
	
					\cBstZhdhdd<dd<<dhdd<<dhdd<d	e<dd
<<dhdd<dd
<<ZdZdZRS(NR(R)R*R+cCsdS(Ns1.0((((R$R,sRbtemail_alertR.R4cCstS(N(RQ(((R$R,stemail_address_listRZt
email_addresscCs tt|i||_dS(N(R9R	R"R%Rb(R"Rb((R$R%scCs(||ijo|ii|ndS(N(RR"RR(R"R((R$tadd_email_address
s(R&R'RSRMR%R(((R$R	sx	cBsktZhdhdd<dd<<dhdd<dd	<d
e<<ZdZdZd
ZRS(NR(R)R*R+cCsdS(Ns1.0((((R$R,st	user_listR.RZRR4cCstt|idS(N(R9R
R"R%(R"((R$R%scCs0x)|iD]}||ijo|Sq
q
WdS(N(R"RRRbRt(R"RbR((R$tget_users

cCs>|i|dj	odSnt|}|ii||S(N(R"RRbRtR	RRR(R"RbR((R$tadd_users
(R&R'R	RMR%RR(((R$R
sH		cBstZhdhdd<dd<<dhdd<de<dd	<<d
hdd<dd<de<<Zd
ZdZdZdZdZ	dZ
dZdeidZ
RS(NR(R)R*R+cCsdttfS(Ns%d.%d(tDATABASE_MAJOR_VERSIONtDATABASE_MINOR_VERSION(((R$R,)sRR.R4cCstS(N(R
(((R$R,*stsignature_listRZR!cCstt|idS(N(R9RR"R%(R"((R$R%-sccsx|iD]
}|Vq
WdS(N(R"RR!(R"R!((R$tsiginfos0s
cCs|ii||S(N(R"RRR!(R"R!((R$tadd_siginfo4scCs|ii|dS(N(R"RtremoveR!(R"R!((R$tremove_siginfo8scCs
g|_dS(N(R"R(R"((R$tclear;scCsttiS(N(RAtuuidtuuid4(R"((R$tgenerate_local_id?scCsE|djodSnx)|iD]}|i|jo|SqqWdS(N(RRtR"RR!(R"RR!((R$tlookup_local_idBs

texactc
Cs]|i}t}|djo
t}n>t|tjot	|}
d|
}ntd|g}x|iD]}d}	|i}x^|D]V}t||t||jo|o
d}	q|	|7}	q|od}	PqqW|o+|	djo|it||	qEqv|	|jo|it||	qvqvW|id|S(NRf1.0sunknown criteria = %sf0.0cCst|i|iS(N(tcmptbR#ta(RR((R$R,ks(txml_infoRNt
match_targetsRQRtcriteriaRRttypet	FloatTypeRtnum_match_targetstscore_per_match_targetRrtmatchesR"RR!R#RRORPtpatRRR(
R"RRRR!RORRRR#RRR((R$tmatch_signaturesLs:


	
	

(R&R'R
RRMR%RRRRRRRR(((R$R'so							
cBsVtZhdhdd<<dhdd<<dhdd<<ZddddZRS(NROR)R.t
friendly_nametfilepathcCsett|i|dj	o
||_n|dj	o
||_n|dj	o
||_ndS(N(R9RR"R%RORtRR(R"RORR((R$R%ws




(R&R'RMRtR%(((R$Rqs<cBs\tZhdhdd<<dhdd<de<dd<<ZddZd	ZRS(
NtaddressR)R.R_R4R+cCstS(N(R(((R$R,scCs:tt|i||_|dj	o
||_ndS(N(R9RR"R%RR_Rt(R"RR_((R$R%s	
cCs d|iti|idfS(Ns%s:%sRn(R"RRpRqR_(R"((R$t__str__s(R&R'RaRMRtR%R(((R$Rs?cBstZhdhdd<dd<<dhdd<dd	<d
e<<ZddZdZd
ZedZ	dZ
dZdZRS(NR(R)R*R+cCsdS(Nt1((((R$R,strecipient_listR.RZt	recipientR4cCs1tt|i|dj	o
||_ndS(N(R9RR"R%RRt(R"R((R$R%s
cCs1dig}|iD]}|t|q~S(Nt,(RHRR"RRRA(R"RR((R$RscCs<|i}x)|iD]}||ijo|SqqWdS(N(RtstripR"RRRt(R"RR((R$tfind_addresss
cCsx|i}t|pttdd|dSn|i|}|dj	odSn|i	i
t||dS(Ntdetailsaddress='%s'(
RRtvalid_email_addressRhtERR_INVALID_EMAIL_ADDRR"RRRtRRRR_(R"RR_R((R$tadd_addresss

cCs
g|_dS(N(R"R(R"((R$tclear_recipient_listscCsQtid}tid}tid}
hdt<dt<dt<dt<dt<d	t<d
t<dt<}yt|}
Wn4tj
o(}t
tdd
||ifnX|ixt|
iD]f}	|id|	}	|	i}	|	o;|i|	}|o!|id}|id}d}|ox|
i|D]}|id}|id}|djo@t i!|i"d}|djot#i$d||qqUt#i$d||qUWny|i%||Wq;t
j
o3}|i&t'jot#i$|iq7|q;Xq?qqW|
i(dS(Ns#.*s(\S+)(\s+(.+))?s(\w+)\s*=\s*(\S+)tenabledttruetyestontdisabledtfalsetnotoffRs%s, %sRiiiR_s(unknown email filter (%s) for address %ss(unknown email option (%s) for address %s()tretcompilet
comment_retentry_retkey_value_reRRRQtmap_booleantopenRRtIOErrorteRht
ERR_FILE_OPENtstrerrorR"Rt	readlinesRtsubRtsearchtmatchtgroupRtoptionsRtR_tfinditertoptiontvaluetmap_filter_name_to_valueRqtlowert	log_emailtwarnRterrnoRtclose(R"RRR	RRR_RRRRRRR
R((R$tparse_recipient_filesHN$



cCsyt|d}Wn4tj
o(}ttdd||ifnXx8|i	D]-}t|i}|i
d|i|fqTW|idS(NtwRs%s, %ss%-40s filter_type=%s
(RRRR
RRhRRR"RRRpR_twriteRR(R"RRRRR_((R$twrite_recipient_files$

(
R&R'RRMRtR%RRRRRR R#(((R$RsH				:t__main__isaudit_listener_database.xmltsigsssiginfo.audit_event=%ss	Memory OKsMemory leak %d bytes(9t__all__tgettexttsetroubleshoot.configtparse_config_settingt
get_configtinstallRQtsetroubleshoot.logtlog_initRRtsetroubleshoot.errcodetsetroubleshoot.utiltsetroubleshoot.xml_serializetsetroubleshoot.html_utiltsetroubleshoot.uuidRtsetroubleshoot.audit_dataR>RttypesR
RRRRRpRtobjectRtXmlSerializeRRRRRuRRR	R
RRRRR&tlibxml2tdebugMemorytxml_fileR%t
read_xml_fileRR!RRtrecordtrecord_typet
cleanupParsert
dumpMemory(!RR>RRR	RR9RR&RRRRpR'RR
R7RR!RuR)RR*RRR%R
R;RR-RRR((R$t?sr9	

		3!!2
$Jl
	
	

	

Anon7 - 2021