Mini Shell

Direktori : /opt/imunify360/venv/share/imunify360/scripts/
Upload File :
Current File : //opt/imunify360/venv/share/imunify360/scripts/setup_cagefs.py

#!/opt/imunify360/venv/bin/python3
# coding: utf-8
"""
WARNING
cagefs --remount-all can cause high load on customers server and even
temporary outage (See DEF-9491)
Please only add anything to cagefs.mp only if absolutely nesassary
"""
import subprocess
import sys

from im360.subsys import clcagefs

CAGEFSMP = '/etc/cagefs/cagefs.mp'
CAGEFSCTL_TOOL = '/usr/sbin/cagefsctl'

ACTUAL_DIRS = {
    b'/var/imunify360/files/sigs': {
        'added_by': "imunify360",
        'prefix': b'!'
    },
    b'/etc/imunify360/user_config': {
        'added_by': "imunify360",
        'mode': 0o755,
        # every user has his own isolated dir in this dir
        'prefix': b'%'
    },
    b'/var/run/imunify360_user': {
        'added_by': "imunify360",
        'mode': 0o1755
    },
}

OBSOLETES_DIRS = [
    b"/var/imunify360/malware/signatures",
    b"/var/imunify360/scan_report",
    b"/var/imunify360/web_quar",
    b"/var/lib/clamav",
    b"/var/run/defence360agent",
]


def _cagefs_remountall(action_info):

    def _read_mp_file():
        try:
            with open(CAGEFSMP) as f:
                return f.read()
        except FileNotFoundError:
            print("%s file was not found", CAGEFSMP)
            return ""

    def decorator(fun):
        def wrapper(*args, **kwargs):
            before = _read_mp_file()
            try:
                return fun(*args, **kwargs)
            finally:
                after = _read_mp_file()
                if before != after:
                    print("CageFS for Imunify has been %s, remounting..." %
                          action_info)
                    try:
                        subprocess.call([CAGEFSCTL_TOOL, "--remount-all"])
                    except Exception as e:
                        print("Something went wrong while executing"
                              " --remount-all command: %s", e)
                else:
                    print("CageFS for Imunify: no update is required.")

        return wrapper

    return decorator


def _add_imunify360_dirs():
    for path, options in ACTUAL_DIRS.items():
        try:
            clcagefs.setup_mount_dir_cagefs(
                path, remount_cagefs=False, **options)
        except (clcagefs.CagefsMpConflict, EnvironmentError) as e:
            sys.stderr.write("Failed to setup CageFS with "
                             "Imunify for path %s: %s\n" % (path, e))


@_cagefs_remountall(action_info="set up")
def _setup_cagefs():
    _add_imunify360_dirs()
    _remove_obsoleted()


@_cagefs_remountall(action_info="reset")
def _revert_cagefs():
    # here we assume that OBSOLETES_DIRS have been already removed
    # during the installation step
    for path in ACTUAL_DIRS.keys():
        try:
            clcagefs.remove_mount_dir_cagefs(path, remount_cagefs=False)
        except Exception as e:
            sys.stderr.write(
                'Error during removing %s from cagefs.mp: %s\n'
                % (path, e))


def _remove_obsoleted():
    for path in OBSOLETES_DIRS:
        try:
            clcagefs.remove_mount_dir_cagefs(path, remount_cagefs=False)
        except Exception as e:
            sys.stderr.write(
                'Error during removing %s from cagefs.mp: %s\n'
                % (path, e))


def _main():
    if sys.argv[-1] == '--revert':
        _revert_cagefs()
    else:
        _setup_cagefs()


def _is_removemountdircagefs_supported():
    return hasattr(clcagefs, 'remove_mount_dir_cagefs')


if __name__ == '__main__':
    if clcagefs.is_cagefs_present() and _is_removemountdircagefs_supported():
        _main()

Zerion Mini Shell 1.0