HEX

File: //usr/lib/fm-agent/library/__pycache__/agent.cpython-39.pyc
a

��i>��@sLddlmZmZddlmZmZddlmZmZmZddl	m
Z
mZddlm
Z
mZddlmZmZddlmZddlmZmZmZmZmZdd	lmZdd
lmZddlmZddlm Z dd
l!m"Z"ddl#m$Z$ddl%m&Z&zddl'Z'Wnddl(Z'Yn0ddl)Z)ddl*Z*ddl+Z+ddl,Z,ddl-Z-ddl.Z.ddl/Z/ddl0Z0ddl1Z1ddl2Z1ddl3Z3ddl4Z4ddl5Z5ddl6Z6ddl7Z7ddl%Z%ddl8Z8ddl9Z9ddl:Z:ddl;Z;ddl<m=Z=zddl>Z>Wn Gdd�d�Z?e?�Z>Yn0zddl@ZAWnddlAZAYn0zddlBZBWn:eC�yDzddlDZBWneC�y>dZBYn0Yn0zddlEZEeEjFZGWnddlHZHeHjIZGYn0deJe7�v�r�dd�ZKeKe7_LzddlMZMWn$ddlNmOZMddlPmQZRYn0ddlSZSzddlTZTWn eC�y�ddlUmVZTYn0dZWdZXGdd�deY�ZZdd�Z[dd�Z\dd �Z]d!d"�Z^d#d$�Z_Gd%d&�d&e`�ZadS)'�)�execute_command�which)�datetime�	timedelta)�	Inspector�get_fqdn�get_server_name)�	DEMClient�	IPCClient)�NoAgentSectionHeaderException�NoManifestFileException)�ForticlientHelper�calculate_customer_key)�ProcessManager)�basename�exists�isdir�isfile�join)�PickleDatabase)�
PluginManager)�pprint)�ProgressPrinter)�ResultQueue)�Schedule)�exitN)�PluginBlacklisterc@seZdZdZdS)�SixTN)�__name__�
__module__�__qualname__�PY2�r"r"�"/usr/lib/fm-agent/library/agent.pyr0sr�check_outputcOs>d|vrtd��tj|dtji|��}|��\}}|��}|S)N�stdoutz3stdout argument not allowed, it will be overridden.)�
ValueError�
subprocess�Popen�PIPE�communicate�poll)�	popenargs�kwargs�process�outputZ
unused_err�retcoder"r"r#�fTsr1zhttps://global.fortimonitor.comz9/usr/local/FortiMonitor/agent/data/fm_agent_install_blockc@seZdZdS)�ExceptionMediatorN)rrr r"r"r"r#r2rsr2cCs|r|t��krdSdS)z�
    Return wheter the installation should be delayed or not. An installation is delayed
    if there is a timestamp and our current time is less than that value.
    TF)�time)�timeoutr"r"r#�defer_installationvsr5cCs.|sd}|st��}t|dd�}|||fS)z�
    Calculate the next wait period until the installation can be attempted again, is the last timestamp
    plus the last seconds we waited times 2, until a maximum of 12 hours have been reached.
    ��i��)r3�min)�	timestampZwaitedZnext_wait_secsr"r"r#�get_next_wait_period�sr:cCsntj�t�sdSd\}}tt��6}|��}|�d�\}}t|�}t|�}Wd�n1s\0Y||fS)z�
    Load the file that contains the time to wait until trying the next install, and the
    amount of seconds we have waited so far.
    )NN)gr�;N)	�os�pathr�AGENT_INSTALL_BLOCK�open�read�split�float�int)r9�seconds�opened�datar"r"r#�load_failed_tries_file�s
&rGcCsBttd��$}|�|�d|���Wd�n1s40YdS)z�
    Save a file containing the next time the install is allowed to proceed and the seconds we are
    waiting for that timestamp.
    zw+r;N)r?r>�write)r9rDrEr"r"r#�save_failed_tries_file�srIcCs�tj�d�rNtdd��&}|����}|�d�}Wd�qR1sB0Ynt}d�|�}|�	d�rv|�
d�d}n|�	d�r�|�
d�d}n|}d}tj|d	t
��d
�}|�d|�|��}|jdkr�|���d
�}ntd|�d|j����|S)a
    Pull out the URL for the customer from the global mediator api to use instead of
    the default.
    Args:
    customer_key: identifier for the customer to pull a single regional CP url.

    Returns:
    regional_agg_url: URL for the aggregator that the customer should use.
    z/etc/fm_mediator_url�rb�
Nz/aggregator_url/{}zhttps://����http://�
)�hostr4Zcontext�GET���utf-8z*Failed to grab agg url using customer key z. )r<r=rr?r@�decode�strip�DEFAULT_MEDIATOR_URL�format�
startswithrA�httplibZHTTPSConnection�sslZ_create_unverified_context�requestZgetresponse�statusr2)�customer_keyrEZmediator_urlZuriZbase_url�aggregator_urlZ
connectionZrespr"r"r#�get_regional_agg_url�s.
*



�
�r^c@sreZdZdZdZdZd^dd�Zd	d
�Zdd�Zd_dd�Z	dd�Z
dd�Zdd�Zd`dd�Z
dd�Zdd�Zdadd�Zdd �Zd!d"�Zd#d$�Zd%d&�Zd'd(�Zd)d*�Zd+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd7d8�Zd9d:�Zdbd<d=�Zd>d?�Z d@dA�Z!dBdC�Z"dDdE�Z#dFdG�Z$dHdI�Z%dJdK�Z&dLdM�Z'dNdO�Z(dPdQ�Z)dRdS�Z*dTdU�Z+dVdW�Z,dXdY�Z-dZd[�Z.d\d]�Z/d;S)c�AgentZcustom�INFO�r7rN�cCsXtj�|j�s|j�d�dSz0t|j������	d�\}}t
|�}t
|�}Wn"|j�dt�
��YdS0zt�|�Wnty�YdS0zjddl}|�t�d|�j�d}td|�d	��}||jks�d
|vs�d|j|v�r�|��WdSWnYn0|�rJt��|d|k�rJ|j�d
|�t�|d�dSt��}	|�|	�\}
}|
j�r�|jdk�r�|j�d|j�zZt�}|� t�!d��}
|�"|
|j�}
|j�dd�#|
��|
D]}t�t
|�d��q�WnYn0dS|dk�r@|j$d7_$|d	8}|j�d|||f�t�%|�|j&||d�S|j�d|�dSdS)z/Check to see if it's safe to start up the agentz-No existing PID file found, proceeding to runT�:z#Error reading existing PID file: %srNz/proc/%dz
ps -o cmd= %d�Zpythonz%s_agent�N@z&Found stale agent process %s - killing�	�rootz7Uninstalling. Killing all process from the username %s z/proczFound pids %s � rNz]Found existing agent process %s, sleeping for %s and checking %s more times if safe to start.��counterzAFound existing agent process %s, exiting to wait for it to finishF)'r<r=r�pid_file�log�debugr?r@rTrArC�critical�	traceback�
format_exc�getpgid�OSError�pwd�getpwuid�stat�st_uidr�lower�user�brand�remove_pid_filer3�kill�optparse�OptionParser�parse_arguments�	uninstallrZfilter_non_pid_process�listdirZget_process_from_userr�current_agent_delay�sleep�safe_to_start_agent)�selfr4Z
sleep_timerj�pidr9rsZusernameZpsout�parser�options�argsZmanagerZpidsr"r"r#r��s�
����
�
��
��zAgent.safe_to_start_agentcCs6t��}tt���}t|jd�}|�d||f�dS)z+Create a new PID file to track our instance�w�%s:%sN)r<�getpidrCr3r?rkrH)r�r��nowr1r"r"r#�write_pid_file'szAgent.write_pid_filecCstj�|j�rt�|j�dS)z1Remove an old PID file to clean up on the way outN)r<r=rrk�remove�r�r"r"r#rz.szAgent.remove_pid_fileFcCs�d}td|j|d�}|�|�}|r.|��n
|�d�td|j|d�}t�d|j|j|jf�|��d}td|j	dd	�|��t
d
|j	�dS)NrdzNotifying %s of uninstall��indentzERROR CONNECTINGzRemoving %r directoryzrm -rf %s %s %sz

Uninstalling %s
T)�sectionz
Uninstall of %s complete
)rryZnotify_of_uninstall�finish�log_dirr<�system�db_dir�
config_dir�pkg_dir�print)r��aggregator_client�remove_instancer��pp�successr"r"r#r5s


zAgent.uninstallc	Cs�t��}z.|�|j�}|s"td��|�d�s4td��Wn�tjtfy�|j�	t
t����t
jddkr�t�dt|jd����}n t�dt|jd����d��}|�|�Yn&ty�|j�t
t����Yn0|S)	z�
        Get the manifest configuration if it exists. Also, throw a deprecation
        warning if the the manifest does not conform to the new-style format
        (It must have an [agent] section heading).
        zNo manifest file found�agentz�Using a manifest file without the section heading "[agent]" is deprecated; please add this heading to the file. Example:
                    [agent]
                    customer_key = customerkey
                    server_group = 123
                    rrbz[agent]
�rrR)�configparser�ConfigParserr@�
manifest_filer�has_sectionrZMissingSectionHeaderErrorrl�warn�strrorp�sys�version_info�StringIOr?rSZreadfp�info)r��manifestr�Zamended_manifest_filer"r"r#�get_manifestIs,
�
��zAgent.get_manifestcCsrt��}d}tj�|j�rb|j�d�t|jd�}|�	�}|�
�t��}|�|j�|�||�}|�||�}|�
d�s�|�d�|�dd�s�|�dd|j�|�dd|j�d|�d�vr�|�dd�}ng}|j�|�}|r�|�dd|�t��}|�
d��s�|�r�|�dd�}	zpt�|	�}
|
j�r.|
j}n|
j}t�|��s�|�d�d	D]0}|�|d�}
|
du�rN|�d||
�d
���qNWn2t��d}t |�}|j�!d�"|��Yn0t|jd
�}|�#|�|�
�t�$d|j�|du�r^t%�&�}|�'|t|jd��	��}t(|�}dd�|D�}t)|��rP|j�d�|j�*dd�+|��n|j�d�n|j�d|j�|S)zo
        Create/update the config file with the settings from the manifest.
        Return the config.
        NzExisting config file foundrJr�r]�versionZplugin_blacklist�agent_proxy)ZhttpsZhttp�/rdzInstall proxy error: {}r�zchmod 640 %sr�cSs$g|]}|�d�s|�d�r|�qS)z+ z- �rW��.0�liner"r"r#�
<listcomp>�s�z&Agent.write_config.<locals>.<listcomp>zConfig file overwrittenzConfig diff:
%s�zNo change to config filezCreated new config file: %s),r�r�r<r=r�config_filerlr�r?�	readlines�closer@�copy_config_settingsr��add_section�
has_option�set�agg_urlr�r��get�_blacklisterZupdate_list�
urlrequestZ
getproxies�urlparseZscheme�hostnameZproxy_bypassrTr��exc_infor��errorrVrHr��difflibZDifferZcompare�list�lenrmr)r�r�Z
new_configZold_config_linesZold_config_fileZ
old_configZoriginal_pluginsZupdated_pluginsZproxiesr�Zagg_url_optionZagg_hostname�keyZp_url�errr�Znew_config_fileZdifferZ
diff_linesZchangesr"r"r#�write_configosv






��
zAgent.write_configcCsH|��D]:}|�|�s |�|�|�|�D]\}}|�|||�q*q|S)z�
        Copy settings from the original to the destination, overwriting
        destination's settings if they already exist.
        )Zsectionsr�r��itemsr�)r��originalZdestinationr��option�valuer"r"r#r��s

zAgent.copy_config_settingsc 
Cs|j�d�t�\}}t|�rTt�|p,t���}|j�dt�d|�d��t	�
d�|jrz|durztd�|j�d�dS|j
|j|j|jf}	t�d|	�|j�d	|	�|��}
|�|
�}i}|�d
�r�|d
}tj|||||d�}
tdd
�|�d�D��}|�d
��r|d
|
_td|jdd�}|�dd���}|dk�r�z2|�dd�}td|�|j�d|�||
_WnYn0�n|dk�r�z�|� �}||d<|d}|d}t!||�}||d<t"|�}t#�d|�d|���||
_||d<|�$dd|�|�%t&|j'd��tj(�)t��r(t�*t�Wnbt+�y�}zHt,||�\}}t-||�|j�.d|�d|�d��t	�
d�WYd}~n
d}~00nt/d |�d!���|�d"��r�td#d
�|�d"�D��}ni}z |
�0|�1�||�\}}}}}Wn`td$�td%�|�2d&�D]}td'tj(�3|d(���q|j�d)t4�5��t	�
�Yn0|�rX|�s|td*|�|j�d*|�t	�
�|j�6d+|||||f�|�r�||j7d,<d-|�8d�v�r|�dd-���d.k�rd/|�8d�v�r|�dd/��2d&�D]&}d0t	j9|j:|�;�f}t�|��q�|�r&|�<�n|j�=d1|�|�<d2|�|�r�|�r�|�$dd3|�|�%t&|j'd��|�r�td4|j>|jf�|j�d5�nBt?d6t@|�d7�}d8||}td9|j>|j|f�|j�Ad:�n,td;|j>||j>|j|jBf�|j�=d<|�|�C�dS)=NzBegining installationz"Agent installation block found at z. Preventing install until �.���FzAgent already installedzmkdir -p %s %s %s %sz Created directories: %s %s %s %sr���proxy_configcss |]\}}||�d�fVqdS)z'"N�rT�r�r�r�r"r"r#�	<genexpr>�sz Agent.install.<locals>.<genexpr>r�z
Handshaking with %s serversrdr��handshake_typeZstandard�forticlientr]z8Using manifest file aggregator for initial handshake: %sZforticlient_metadata�
ems_serial�forticlient_environmentr\zOverwriting agg url with z for customer key r�z Mediator error grabbing agg url z". Blocking agent installation for zUnexpected handshake type z. Aborting handshakeZ
attributescss|]\}}||fVqdS�Nr"r�r"r"r#r�-szI

There was an error in the initial handshake with the aggregator, pleasezIcheck your aggregator URL, and ensure you have connectivity to retrieve:
�,z     %s
zv2/hellozError in initial handshake: %szHandshake failed: %sz%s, %s, %s, %s, %s�	log_level�enable_countermeasures�true�countermeasures_remote_pluginsz0%s %s/countermeasure.py install_plugins --url %szInstallation failed:
%szERROR CONNECTING: %s�
server_keyzxInstallation of %s complete.  Your server will now sync automatically with the %s ControlPanel.
                        z-Agent will automatically sync with aggregatorgD@r7rhz� Installation of %s complete.  Please copy and paste the following
                    server key into the %s ControlPanel for your server: %sz^The server key must be manually entered into the Control Panel before agent will begin syncingz� Installation of %s had an error (%s).  The %s is installed but it cannot sync correctly.
                   Please contact %s and send them the log file at %s zAggregator sync failed:
%s)Drlr�rGr5rZ
fromtimestampr3r�r>r�r�is_installedr�r�r�r��custom_plugin_dirr<r�r�r�r��
aggregator�Client�dictr�r�rryr�rwr��get_fortisase_attributesrr^�loggingr�rHr?r�r=rr��	Exceptionr:rI�	exceptionr&Z	handshake�get_all_ipsrArrorprm�dbr��
executable�bin_dirrTr�rnr�rCr�r��log_file�migrate_config) r�r�r�r�r\�forceZblock_foundZ
waited_forZuntil�dirsr��configr�r�Zagent_settingsr�r��handshake_datar��environmentZexpected_customer_keyr�Zblock_untilrDZserver_attributesr��found_serverr�r��url�cmdZpaddingr"r"r#�install�s$
�



��

���



�
�"
��

�����
����

�������z
Agent.installc
Cs�g}td�}|}dtjvs$dtjvr,|d}dtjvr�td�}|r�td|�\}}|dkr�|�d	�D]6}|���d
�sd|rd|dkr�qd|��}|�|d�qdn�|r�dtjvr�t|�\}}|dkr�tjd
vr�t�	d|�}dd�|D�}ndd�t�	d|�D�}n.td�}	td|	�\}}dd�t�	d|�D�}dd�|D�}dd�|D�}d|v�r`d||�
d�<|�s�|j�d�t
j|j|j|jd�}
z|
��g}Wn<t�y�}z"|j�d�|��g}WYd}~n
d}~00|�s�|j�d�n|j�d|�|S)NZifconfigZsunosZaixz -azhp-ux�netstatz%s -inrrK�namer�rb)�freebsd�darwinzinet6? (.+?)\scSsg|]}|���d�d�qS)�%r�rTrA�r��ipr"r"r#r���z%Agent.get_all_ips.<locals>.<listcomp>cSsg|]}|�d��qS)zaddr:r��r��xr"r"r#r��sr�z%s addr showcSsg|]}|�qSr"r"rr"r"r#r��rcSsg|]}|r|�qSr"r"rr"r"r#r��rcSs(g|] }|���d�d�d�d�qS)r�rr�r�r�r"r"r#r��r�1z::1z@Unable to retrieve IP address(es) locally, contacting aggregatorr�zIP address lookup failure: {}z"Unable to determine IP address(es)zIP addresses: %s)rr��platformrrArwrW�append�re�findall�indexrl�warningr�r�r�r�r�Zget_local_ipr�r�rVrm)r�ZipsZ
ifconfig_pathZifconfig_cmdr��coder/�lr�Zip_addr_pathr��er"r"r#r��s^


�
��zAgent.get_all_ipscCsXtj�|�siSz*t|������d�}tdd�|D��WStd�iYS0dS)NrKcSs"g|]}tttj|�d����qS)�=)r��mapr�rTrAr�r"r"r#r��rz9Agent.get_old_style_config_properties.<locals>.<listcomp>zError reading manifest file)	r<r=rr?r@rTrAr�r�)r��manfileZmfr"r"r#�get_old_style_config_properties�sz%Agent.get_old_style_config_properties�r+cCszt||�}d}td�D]>}z"t�|tjtjB�d}WqVWqt�d�Yq0q|rv|j�	d|�|�
�dS|S)NTrNF��?zCould not acquire lock on %s)r?�range�fcntl�flockZLOCK_EXZLOCK_NBr3r�rlr�r�)r��fname�modeZofile�locked�ir"r"r#�
_open_file�s

zAgent._open_filecCs(t|j��r |�|j�}|s iSi}zXt�|�}|D]D\}}}t�|d�}t|�}||t�	|�
��g|d||�d�f<q4Wn|j�
d�i}Yn0t|���}|jdd�d�i}|D]4\}}}||vr�||gg||<q�||�||g�q�|�d�|��t�|tj�|��|SiSdS)	N�%Y-%m-%d %H:%M:%Sr�z
%Y%m%d%H%Mz"Unable to parse custom metric filecSs|dS)Nr7r")�vr"r"r#�<lambda>rz)Agent.get_metric_values.<locals>.<lambda>)r�r)r�report_filer�csv�readerr�strptimerBr3�mktime�	timetuple�strftimerlr�r��values�sortr�seek�truncaterr�LOCK_UNr�)r��csvfileZ
unique_valuesZ
csv_reader�textkeyr�r9Z
custom_valuesr"r"r#�get_metric_values�s<
��

zAgent.get_metric_valuescCs�t|j�r�|�|j�}|siSt�|�}ztdd�|D��}Wn"ty`|j�d�i}Yn0|�	d�|�
�t�|tj
�|��|SiSdS)NcSsg|]}|d|df�qS)rrdr")r�Zrowr"r"r#r�!rz0Agent.get_registered_metrics.<locals>.<listcomp>z)Error reading custom metric register filer)r�
register_filerrr r�r�rlr�r'r(rrr)r�)r�r*Z	csvreader�metricsr"r"r#�get_registered_metricss 



zAgent.get_registered_metricscCsFg}t|jd���D]*\}}d|j|jf}||vr|�|�q|S)N�	schedules�%s.%s)r�r�r��plugin_textkey�resource_textkeyr)r�Zexisting_tkeys�sr_id�schedule�tkeyr"r"r#�get_existing_metrics2szAgent.get_existing_metricscCs|dkr|�d�rdSdS)Nzcom.pnp-hcl.dominostatszMem.PID.TFr�)r�r2r3r"r"r#�
ignore_metric:s
zAgent.ignore_metriccCs�ddg}gd�}gd�}|��}|j�d�i}i}g}|jg}	|�dd�rX|�dd�pZd}
|
rp|	�|
�d��|j}|�dd	�r�|�dd	�p�d}|r�t	|�}g}
|	D]l}t
|�s�q�t|
�|kr��q|j�d
|�t�
|�D]2}t|
�|kr�q�tt||��r�|
�t||��q�q�|
D�]�}t|�}t�|tj��sH|j�d|��qt|d�}�z|j�d
|�t�|���}|��|D]*}|t|���v�r~t�d||��q~�q~|�dg�}|D�]|}|D]0}|t|���v�r�t�d|�t|��qĐq�|�|d|d��r�q�zHzt	|d�}Wn2t�yTt �!|dd�}t"�#|�$��}Yn0Wn2t�y�|j�d|d|d�Y�q�Yn0|d|f}d|d|df}||v�r$||v�r�||�%dg��|�nJ|�dd�}|du�r�|d}|d|d|d||�dd�|gd�||<n|�%|g��|��q�|�dg�}|D�]}|D]0}|t|���v�rTt�d|�t|��qT�qTzHzt	|d�}Wn2t�y�t �!|dd�}t"�#|�$��}Yn0Wn2t�y|j�d|d|d�Y�qJYn0|d|d||d|dd �}d!|v�r8|d!|d!<d"|v�rN|d"|d"<|�|��qJt�&|�Wn�t�y�|j'�r�t||j(�}|j�d#|�|�)d$�|j�|���|j�t*�+��|j�d%�|��t�&|�Y�qYn0�q|||fS)&Nr2Zplugin_category_name)r+r��unitr9)r+�description�actionr9z Processing incoming import filesr�Zmetric_incoming_directoryr�Zmax_incoming_files_overridez
Looking in %sz&Can not delete %s so will not process.rz
Processing %sz1Can not process file %s! Missing required key: %sr.z0Can not process metric! Missing required key: %sr+r9rz,Could not process timestamp %s for metric %sr�r1�first_values�labelr9)r2Zplugin_namer3r=r9r<�	incidentsz2Can not process incident! Missing required key: %sz.Could not process timestamp %s for incident %sr:r;)r2r3r9r:r;Z	match_key�metadatazError processing %s:rz
Deleting file),r7rlr��custom_import_dirr�r��extendrA�MAX_IMPORT_FILESrCrr�r<r�rrrr�access�W_OKr�r?�json�loadsr@r�r��keysr�rr8r�rr!�calendarZtimegmr#�
setdefaultr��closedrr'rorp)r�r�Zreq_top_keysZreq_metric_keysZreq_incident_keysZexisting_metricsZnew_metricsZ
new_values�custom_incidentsZimport_dirsZadditional_dirsZ	max_filesZmax_override�files�	directoryr1�	full_pathr�jZreqr.�mZunix_timestampr9Z	new_valuer6r=r>Zincident�objr"r"r#�process_imports@s&
��
��

�
���

�

�	
����



zAgent.process_importscCs�dt�i}tj�|j�r�|�|j�}|s,|S|�|j�}|�d�|��t	�
|t	j�|��zt�
|j�WnYn0|S|jr�t�}|r�||d<|SdS)NZfqdnr�server_name)rr<r=r�update_config_filerrr'r(rrr)r�r��is_fortisase_installr)r�r�rZ
propertiesrSr"r"r#�get_update_config�s(

zAgent.get_update_configc
Cs~||_||_||_||_||_||_||_t��|_	d|_
t��dkpPt�
�dk|_|
|_tj�||j�|_t|jd|j�|_tj�||j�|_t|jd|j�|_ttj�dkr�tjddkr�tj�|jd�|_tj�|	|j�|_t|jd|j�|_tj�|
|j�|_tj�|jd	�|_tj�|jd
�|_tj�|	d|j�|_tj�||j�}tj�|d�|_tj�||jd
�|_ dtj!�"�v�r�tj�|d�|_#tj�|d�|_$n^dtj!�"�k�r�tj�|jd�|_#tj�|jd�|_$n(tj�||jd�|_#tj�||jd�|_$d|_%d|_&d|_'d|_(d|_)d|_*d|_+d|_,d|_-�zvt.|j��sXt/d��tj�.|j��sxt/d�0|j���t1�2�}|�3|j�|�4d��r�|d|_-tj!dv�r�|�5dd��r�|�6dd��"�dk|_&|�5dd��r�|�6dd�|_'|�5dd ��r
|�6dd �|_(|�5dd!��r&|�6dd!�|_)dtj!k�r�|�5dd"��rV|�6dd"��"�dk|_*|�5dd#��rr|�6dd#�|_+|�5dd$��r�d%|�6dd$��"�k�r�d|_,|�6dd&�}|�s�t/d'��WnNt/�y}z4t7�8d(|���tj9�:d)�0|��d|_%WYd}~n
d}~00d*t�;�v�rd+t_!d|_<|�=�t7�>|j?j@�|_AztB|�6dd,��|_CWnt/�yj||_CYn0d|_DtE�|_FdS)-N�rz%s.dbz%s.logrd�--power-statuszpower_status.logz%s_agent.cfg�countermeasuresZincomingz%s-agent-manifestz	agent.pidz
update-configr��registerZreportr�TFZ
demserviceZ
updateservicez/tmp/com.fortinet.fortimonitorzNo bin directoryzNo config file {}r�)r��linuxZdemZenabledr�Zserver_portr�zupdateservice.portZipc_path�auto_update�scheduled_updater�r�r�zMissing server keyzInitialization failure: zInitialize exception: {}ZVMkernelZvmwareZstartup_timeout)Gryr�r�rx�lib_dirr�r��tempfileZ
gettempdir�tmp_dir�metadata_rebuild_freqr<�getuid�geteuid�is_root�acceptable_sync_delayr=rr��db_filer�r�r�r��argvr�r�r��!countermeasures_custom_plugin_dirr@r�rkrTrrwr-rr��has_dem�dem_port�update_service_port�ipcPathr\r]rUr�rr�rVr�r�r@r�r�r�r�r��stderrrH�unamer��set_up_logging�	getLogger�	__class__rrlrBr4r�rr�)r�ryr�r�rxr�r^r�r4Zbase_config_dirZbase_custom_plugin_dirZ
base_data_dirZbase_log_dirreZdata_dirr�r�rr"r"r#�__init__�s�
��
��
�����zAgent.__init__cCs�|jdr|j�d�dSt��}|�|j�r�d}|�d�sV|�d�d}|j�d�|�d�r�|�	d�D]"\}}|d	kr~d
}|�
d||�qj|�d�d}|j�d�|r�t|jd�}|�
|�|��d|jd<dS)
z�
        Update agent configs to use "[agent]" instead of "[AgentConfig]" as
        the main heading and "aggregator_url" instead of "agg_url" (in order to
        match the option in the manifest file).
        �config_migratedzConfig is in the correct formatNFr�TzAdded [agent] section to configZAgentConfigr�r]zMCopied deprecated [AgentConfig] section to [agent] and removed it from configr�)r�rlr�r�r�r@r�r�r�r�r�Zremove_sectionr?rHr�)r�r�Zconfig_has_changedr�r�r�r"r"r#r��s2




�
zAgent.migrate_configcCs|��dSr�)rzr�r"r"r#�__del__�sz
Agent.__del__c	Cst��}tj�|j�s(t�d�|j��zt|j	d�}Wn<t
yttd|j	tt
���f�td�t��}Yn 0|��tjj|j	dddd�}|�t�d��|�|�|�tj�|��}ztt|d	���}Wntt|j�}Yn0|�|�dS)
N�mkdir -p {}�azCannot open log file %s: "%s"zLogging to stderr insteadiP�)ZmaxBytesZbackupCountzA%(process)d) %(asctime)s - %(name)s - %(levelname)s - %(message)sr�)r�rpr<r=rr�r�rVr?r��IOErrorr�r�rorpZ
StreamHandlerr��handlersZRotatingFileHandlerZsetFormatterZ	FormatterZ
addHandler�setLevelZNOTSET�open_db�getattr�upper�DEFAULT_LOG_LEVEL)r�Zroot_loggerr��handlerr�r�r"r"r#ro�s<��
���
zAgent.set_up_loggingcCs|jr(|jdddd�|jddddd	�|jd
dddd	�|jddd
dd	�|jddddd	�|jdddd�|jddddd�|jddddd�|jddddd�|jddddd�|jddddd�|jd ddd!d�|jd"ddd#d�|jd$d%ddd&�|��\}}||fS)'zJ
        Return the options and arguments parsed from the parser.
        z--server-keyr�Zstore)�destr;z--rebuild-metadataZ
store_true�rebuild_metadataF)r;r��defaultz--statusr[z--stats�statsz--from-cron�	from_cronz--aggregatorr�)r;r�z	--installr�)r;r�r�z--uninstallrz--remove-instancer�z--customer-keyNr\)r�r;r�z	--unpause�unpausez--list-containers�list_containersz--rebuild-container-metadata�rebuild_container_metadatarX�system_power_status)r�r;r�)r�Z
add_optionZ
parse_args)r�r�r�r�r"r"r#r~�sb����������zAgent.parse_argumentsc�s�t��}d}t��}|��j�zt|�dd��}Wnd}Yn0�jr�|gkr�z|�dd�}Wnd}Yn0z|�dd�p��j	�_	Wnd�_	Yn0d�j
|�j	f}nd�j
f}tj|d�}��
|�\}}|j�rLzR�j�d	�|jt��t����tj�j	�j|�jd
�}	d|ji}
|	�d|
�WnYn0td
��j�j|d��s��fdd��_�j�d�t�d��� �d}��!��_"�j�r��j"}��#��j�d�|j$�r�t%|�jt&�j'd��j(�}t)�$�||d|�|j*�rt)�*|d|d|d�|j+�rFtj�j	�j|�jd
�}	��+|	|j,�t��j�rV|j-�rX|j�rf|j�_	|j.�ppd}
dtj/�0�k�r@�j1df�j2df�j(df�j3df�j4dfg}|D],\}}t�5d�|��|�r�t�6||��q��j7�j8fD]R}t9|d��}Wd�n1�s0Ytj:�;|��s�j�d�|���q��-�j	�j||
�dSgd�}d}|D]}t<||d��rhd}�q��qh|�s�d �j=�j|�j	f}t>|��j�|�dS|j?�r�t>d!�d|d"<|�@�dS|jA�r|d#|v�s|d#ik�rt>d$�dS|d#}t>d%�t>d&�|�B�D]J\}}|�d'd(�}|�d)d(�}|�d*d(�}t>d+|||dd,�|f��q,dS|jC�r�d|d-<t>d.��j�d/�dSd}�z�d}|jD�r�d}|jD}t>d0|�|�Edd|�|j�rd}|j} t>d1| �|�Edd| �|�r(|�Ft9�jd2��td
��jG�rR|jH�sR�j�Id3�t>d3�WdS|�dd�}tj�j	�j|�jd
�}	|�s�t>d4�td��jJ�r�zTd}!tK�jL�jM�}"|"�Nd5�}#|#du�s�d6|#k�r�d}!|!�s܈�O|��r��P|	�WnYn0t%|�jt&�j'd��j(�}tK�jL�}"|"�Q�}$|$�r2|�R|$�d7|�Sd�v�r2|�dd7��0�d8k�r2d9|�Sd�v�r2d:|�Sd�v�r2t|�dd:��d;}%d<|v�s�tT�T�|d<|%k�r|�dd9��Ud=�D]6}&�j�d>|&�d?tjV�jW|&�X�f}'t�5|'��q�tT�T�|d<<n.d<|v�r2�j�d@|d<|%tT�T�dA�t��}(g})��Y�}*��Z|�\}+},}-dB|v�sn|dBdk�rvi|dB<t[|d�B��D�]\}.}/dC|/j\|/j]f}0dD}1|/j\�j^k�r�|/j]|*v�r�|0|,v�r�|/j_|(t`|1dE�k�r�j�dF|/��q�t`|/jadE�}2t`�jbdE�}3|(|2|3|/__|0|,v�r�|jc�|0i��dGdH�}4|,|0D]>\}5}6|5du�rX|5|49}5|5du�rf�q>|)�d|.|6|5f�i}7�q>�q�|/j\�j^k�	r|/j]|*v�r��q�|jc�|/j\i��dGdH�}4|*|/j]D]>\}5}6|5du�r�|5|49}5|5du�r�q�|)�d|.|6|5f�i}7�q�n�|/j\|jev�	r&�j�dI|0��q�nxt��}8tT�T�}9|/�f||dB�|/jgi��\}5}7tT�T�}:�j�hdJ|/|5|:|9f�|5du�	r��q�|)�d|.tT�i|8�j��|5f��q��j�dKt��|(�|dL�k|)�|d"�
r6tT�T�|d"k�
r|�@�|d"tT�T�dM};�j�dN|;�WdSd|d"<|�@��j�dO�WdStT�T�}<d}i}=g}>d}?tl�md
dP�d
k}@d}AdQ|v�
rtd
|dQ<tT�T�|dQ�jnk�
r�d}A|jH�
r�d}AdR|v�
r�tT�T�|dR<tj:�o�j�}B|B|dRk�
r�d}A|B|dR<|A�rH�j�dS�tT�T�|dQ<dT|�Sd�v�r|�p|�ddT��|�q�}C|C�s@|jH�s@|@�s@|dU�s�|jr}|C�rZ�j�dV�n@|jH�rp�j�dW�n*|@�r��j�dX�n|dU�s��j�dY�ts���t|$�}?��u�}=g}>d7|�Sd�v�r�|�dd7��0�d8k�r�tj:�&�j'dZd��j3fD�]�}Dtj:�v|D��s
�q�tj:�d|D�t�w|D�D�]�}E|E�xd[��
rj|E�yd\��
sjztz�{|Edd]��}FWn"�j�|d^|E�Y�q Yn0t}�r�t~j�r�t}t9tj:�&|D|E��������}Gn$t}t9tj:�&|D|E������d_�����}Gnd`}Gt[|Fj��B��D]�\}H}Itj�d
dk�
rt�|I�t�k�
s$tj�d
dak�r�t�|I�t�j�k�r�|H�xdb��r�z(|I�}J|>�d|Jj�|Jj�|Jj�|G|Jj�dc��WnYn0�q�|E�xdd��r zt9tj:�&|D|E��}KWn<�j�Idetj:�&|D|E���j�It�����Y�q Yn0|K��}Lt}�
r�t}|L��d_�����}Gnd`}G|K���zt���|L�}MWn:t��y@�j�Idf|E��j�It�����Y�q Yn0gdg�}N|M���}Od}P|ND]:}||Ov�st|M�|��sZ�j�Idh||Ef�d}P�q��qZ|P�s��q |M�di�}Q|>�d|Q|M�dj�|M�dk�|G|M�dl�dc���q �q�dm|v�s�|dm�s,t����}R|Rdnk�rd|dm<�j�do�n|Rdpk�r,�j�dq�dm|v�rH|dm�rHd|d-<i}Si}Tdr|v�rt|dr�rtt�|dr�|Tdr<ds|v�r�|ds�r�t�|ds�|Tds<dt|v�r�|dt�r�t�|dt�|Tdt<du|v�r�|du�r�t�|du�|Tdu<g}Udv|v�r�|dv}U�z�g}V�j�dwt�|)�t�|V��|�rDt�dxdy�t[|�B��D��}W�j�hdz|W�d}X|dd
k�sd|dik�rhd}X|A�sx|d{�r|d}Xtl�md�j��p�d�}YtT��|Y�|d|�r�tT�T�|d|k�r�|dL��t�|d��}Znd|d|<|dL���}Zn|dL���}Zg}[g}\d,}]d}|v�r8|d}}^t�t�t�|^�|]��D]}_|[�d|^��d
���q d~|v�rn|d~}`t�t�|`��D]}_|\�d|`��d
���qV���|�}az�d
t_�t[|+����}+|�r8|	j�|Z|V||>|?|[|\����|+|-��������|U|X|T�jJ|a|=d�}Sd|dr<d|ds<d|dt<d|du<g|dv<d|d{<|S�d�i�|S�d�i�|S�d�g�|S�d�i�d��}b���|b�n�j�d��W�nRtj��y�}czv�j�d�|c�����u�}d|d�r�|dd�}e|dd�}ft�|e|f�}
�j-�j	�j||
dd��nt��d�|d���WYd}c~cWWdSd}c~c0tj��y4}cz@�j�d�|c�d���tT�T�tt�|c���j"d"<WYd}c~cWWdSd}c~c0|dL�k|Z�|a���D]}g||g}h|h�k|a|g��qP�j�|d���j�hd�|Z�|�@�YWWdS0|S�d�d��r�d|dU<|dd7<t����d��|d<Wn�j�|d��Yn.0|A�r|���|d�<�j�d�tT�T�|<|Y�d7|�Sd�v�rR|�dd7��0�d8k�rR|S�dZg�D�]}i|i�d��}G|i�d�g�}j|i�d�i�}kd`}lz>d�|G}mtj:�&�j�|m�}lt9|ld��}n|n�Ft���|k��|n���Wn8t��y��j�Id�|G|jf��j�It�����Yn0�j�d�|G|jf�|j�rNd�tjV�jW|Gd��&|j�f}'|l�r8|'d�|l7}'t��tj�tjV|'�U���qN���|S�dg��|S�d�g��r��j�d�t�t[|Sd�������d"|Sd�v�r�|Sd�d"}otT�T�|o|d"<d||Sd�v�r�|Sd�d|}otT�T�|o|d|<dr|Sd�v�r|Sd�dr}pt�j�d�|p�j�fdd��}q|q|dr<d�|Sd�v�rB|Sd�d�}r|r|dL_�d�|Sd�v�rf|Sd�d�}s|s|dL_�dt|Sd�v�r�zb|Sd��dt�}|�d��}t|tdu�r�d�}tt|t�}td�}ut�d���r�d�|t|uf}ut�j�|udd��}v|v|dt<Wnt����|dt<Yn0du|Sd�v�r�z�|Sd��du�}|�d��}w|�d��}t|tdu�r0d�}tt|t�}t|wdu�rpt����j	�}x|xj�du�rjt���d��j	�}x|xj�}wd�}y|y|w;}yt�d���r�d�|t|yf}yt�j�|ydd��}z|z|du<Wnt����|du<Yn0|Sd��d��}{|{du�rB|{���}{z,t<t�|{�}||{|d�<�j��||�t�j�}}d�}~Wnt��y.t�j�}}d�}~Yn0�j�|}|~|{�ds|Sd�v�rf���|�j�j=�|ds<d�|Sd�v�r�d
|dQ<d|d�<d�|Sd�v�r.d7|�Sd�v�r.|�dd7��0�d8k�r.d9|�Sd�v�r.d:|�Sd�v�r.|�dd9��Ud=�D]6}&�j�d>|&�d?tjV�jW|&�X�f}'t�5|'��q�tT�T�|d<<d-|Sd�v�rDd|d-<d�|Sd�v�rVd}d{|Sd�v�rld|d{<d�|Sd�v�r�z���|�WnYn0�jG�r��j�d��t>d���n�dm|v�r�|dm�r�d#|v�r�i|d#<d}d-|v�r�|d-�r�d}d|d-<|d#}�t[|�����}�zt�j�|||�|d��}�WnDt��ynt���dda�\}�}��j�I|���j�Id��d}�Yn0|��r�d�d��|�D�}�g}�|�D]\}�|�d�dd��}�|�|�|�<|�s�|�|�v�r�|��d|��d�|�v�r�|�d��r�|�d�=|��d|���q�g}\|��B�D]\}�}�|�|�v�r�|\�d|���q�|\D]}�|�|�=�qd}|v�r:g|d}<d~|v�rLg|d~<|d}��|��|d~��|\��j�d�t�|����j�d�t�|\�����|�Wn�j�|d��Yn0�j�|||	|d��|�@��j�d��t��|�ġ��dS)�Nr��safe_counterrbr�r]z]%%prog [options]
                %s, server key: %s, aggregator endpoint: %s
                zRsudo python %%prog --install [--customer-key=YOUR_CUSTOMER_KEY]
                %s)�usagez!Power status -> {} UID {} EUID {}r��reasonZagent_power_changerrics�j�d�S)NzPreventing pid file removal)rlr	r"r�r"r#rNrzAgent.main.<locals>.<lambda>z=Exiting without running - other agent process already runningrdFzActivity started�pluginsr0�	num_syncs�	last_syncr�i�ruza+zInstaller did not create {})r�r�r�r�r�r�r�Tz5%s Agent v%s, server key: %s, aggregator endpoint: %sz.Unpausing agent, will run as usual on next run�pauseZdocker_containerszNo monitored containerszMonitored Containers:
z$CONTAINER ID	IMAGE		COMMAND			STATUSZImage�?ZCommandZStatusz
%s	%s	"%s"	%srar�zMetadata queued for rebuildz!Container metadata rebuild queuedzSetting server key to %sz!Setting aggregator endpoint to %s�wbz.Linux agent should not run if executed as rootz1No server key found, please re-install the agent.zschedules-initZnor�r�r�Zcountermeasures_refresh_pluginsrWZcountermeasures_last_refreshr�z*Refreshing CounterMeasures plugins from %sz2%s %s/countermeasure.py install_plugins --url %s &z+Waiting to refresh CM plugins in %d minutes�<�	anomaliesr1rw�rDz%r too early to check�scalerz No custom value or plugin for %sz%r returned %s in %.2f secondszRunning all plugins took %s�result_queuerezPPause command received. Processing stopped. Process will resume in %.2f minutes.z=Pause duration exceeded, unpausing the agent for the next runi�Zlast_metadata_time�last_config_file_timezRebuilding plugin metadataZcustom_plugin_url�has_connected_with_aggregatorzmetadata changedzrebuilding metadataz!randomly forcing metadata rebuildz%we've never pushed up metadata beforerYz.py�__r�zUnable to import module %srRr�r7ZCountermeasure)r+r��author�hashr:z.jsonzUnable to open %sz+%s file is not a valid json file to be read)r�r+Zcommandr�z7%s is missing from the countermeasure declaration in %sr+r�r�r:Zdocker_supportedr�zDocker supportedz
no-permissionz*Missing permission to access Docker socketZlog_request�diagnostics�socket_statsZmtr�auto_topo_scansz1Syncing with aggregator: %d results, %d anomaliescss*|]"\}\}}|tt|����fVqdSr�)r�r�rG)r�Z
plugin_key�_Zplugin_metadatar"r"r#r�zs
�zAgent.main.<locals>.<genexpr>zMetadata summary: %r�sync_schedules�
single_result�discovered_containers�deleted_containers)Zdem_enabledZdem_service_results�fortisase_attributes�icmp_server_resources�monitor_schedules�traceroutes�traceroute_checks)r�r�r�r�z"No server_key found, skipping synczFReceived a request tor reinstall the agent due to a existing conflict r�r�)r�zKReinstall request received, forticlient data not available. Please verify. zNReceived an unauthorized response from the agg. Pausing execution of agent by z secondszCould not sync with aggregatorzSaving results locally: %rr�z%m/%d/%Y %H:%MzError syncing with aggregator�
last_metadatazsyncing took %.2f secondsr��textkeysr?zcountermeasure-metadata-%s.jsonr�z1Failed parsing countermeasure metadata for %s: %sz#Queueing countermeasures for %s: %sz7%s %s/countermeasure.py execute --hash %s --textkeys %srhz --metadata-file %sZcommandszgot %d agent commandsztail -%d %s��shell�queue_batch_size�queue_max_resultsr4rN�ss -t -u -r 2>&1z
timeout %d %srOrMzmtr --csv -c 1 %s 2>&1r�zSet log level to "%s"zInvalid log level command: "%s"Zmetadata_resyncZrefresh_countermeasuresZupdate_agentZget_logsz9Linux agent running as root, skipping container discovery)Zrebuildz�Docker has been enabled but the fm-agent user needs to be added to the docker group.
You can do so with `sudo usermod -a -G docker fm-agent`cSsg|]}|ddd��qS)�IdN�r")r��cr"r"r#r��rzAgent.main.<locals>.<listcomp>r�r��updatedz$Discovered %d new/updated containersz!Found %d newly deleted containerszError in main loop)r�r��
agg_clientr�zActivity finished in {}s)�rr�r�ZRawConfigParserr@r�rCr�r�r�r�r|r}r~r�rlr�rVr<rbrcr�r�r�r��callrr�r4rtr	r�r�r{r�r�r[rrr^r��displayr�rr�r�r\rrwr�r�rhr@r��chmodr-rr?r=rr|ryr�r��saver�r�r�r�r�rHrdr�r�rir	rjrl�send_receive�_agent_version_updated�_init_dem_schedulesZget_dem_wifi_infoZadd_dem_wifi_resultsr�r3rAr�r�rTr,rRr�r2r3�CUSTOMZnext_check_timer�	frequencyr�r�rr��check�idrmr"r#�update�randomZrandintra�getmtimeZinstall_remote_pluginsZis_metadata_staler?rZ
get_all_factsr�rr��endswithrW�p_importlibZ
import_moduler��sha_func�sixr!Z	hexdigest�encode�__dict__r��type�typesZ	ClassTyper+r�r�r:rorpr�rErFr�rG�container_discoveryZcheck_accessr�r�r�rer��pop_resultsrr8�pop�_getDemResultsZtracebacklimitr%�syncr/rVr��_updateDEMServiceSchedulesZReinstallResponserr�ZUnauthorizedResponser$Zhashed_metadatar`�dumps�spawnvp�P_NOWAIT�update_schedulesr'r$r�r�r�rr�r�r}rzr`�AttributeErrorZWARNING�build_diagnostics�upload_logsZdiscover_docker_containersr�rA�run_auto_topo_scans�checkForUpdate�
total_seconds)�r�Z
activityStartr�r�r�r�r�r�r�r�rFr�r�r\Zdirs_to_create�dirZpermsZrfileZrfZ
valid_optionsZoption_givenZvalid_option�msgZ
containersZshort_idr?Z
cont_imageZcont_commandZcont_statusZrequested_auto_updateZjust_set_option_and_quitr�ZaggZneeds_schedules�
dem_clientZschedules_receivedZ	wifi_infoZ
refresh_cycler�r�Zall_plugins_start_timeZresults_to_sendZcustom_metricsZnew_import_metricsZnew_import_valuesrKr4r5Z
schedule_tkeyZleeway_timer�r�r�r�r9r�Zplugin_start_timeZt0�t1Z	time_leftZ
start_timer�Zcountermeasures_metadataZfactsZ	lucky_dayr�r�ZstalerMZmod_name�modr�r�rQZpluginZjson_counterZfile_contentZcounter_dataZrequired_fieldsZ
existing_keysr�r+Zcan_access_docker�responseZcommand_resultsr�Zanomalies_to_reportZmetadata_summaryZforce_send_schedules�delayZresult_datar�r�ZMAX_CONTAINERS_SYNCZcontainer_queuerZdeleted_container_queueZdem_resultsZdem_updatesr�r�r�r�ZdemKey�qZcountermeasurer�Zcm_metadataZ
metadata_filerr1rD�linesZ
log_outputr�r�r4�ss_cmdr�rOZ
parsed_urlZmtr_cmdZ
mtr_outputZ
log_level_keyr��level�messager�Zexisting_containersZexisting_container_idsZfound_containers�trZfound_container_idsZnew_containersZ	containerZcontainer_idr"r�r#�mains�

�����
�


��� 

����

�

�����������
�������
�����
�


�


��
���
���


�����
���
����
��
�
������	
����
�����

��


�
�


�


��


��
��
����

��
������













�
����������
�����
��




�����z
Agent.mainc
CsHzt�}|��WStyB}zt�|�iWYd}~Sd}~00dSr�)r
Zget_handshake_datar�r�r	)r��helperr�r"r"r#r�	s

zAgent.get_fortisase_attributescCs<ddl}ddl}|����}|j|j|dd�t��}d�|�d��}t	j
�|d�}t	�|�|�
t	j
�d|�d|�}z�z:d�|j�}	d	�|||	�}
t	�|
�|j�d
�|��Wn0ty�}z|j�|�WYd}~n
d}~00Wt	j
�|�r�t	�|�nt	j
�|��rt	�|�0Wd�n1�s.0YdS)NrT)Z
dirs_exist_okz
agent-logs-{}z%Y%m%d%H%M%S�zipz/tmpz{}/v2/agent_logszHcurl -F file=@{} -H "Accept: application/json" -H "Authorization: {}" {}zUploaded log file {})�shutilr_ZTemporaryDirectoryZcopytreer�rr�rVr$r<r=r�mkdirZmake_archiver�r�rlr�r�r�rr�)r�r�r�r_Z
tmpdirnamer�Zzip_file_prefixZ
zip_outputZzip_name�endpointZccrr"r"r#r�%	s0
��
$�zAgent.upload_logsNc
Cs |r |j�d�|j|d�dSd}|js@||vr<|�|�dSd}|sX|j�d�dS|sttj|j|j	||j
d�}d}�zhtdd�}||v�r�|jdur�dd	l
m}|t|����}	t��t|	d
�||<n�zV|j�d�\}
}t��}t|j|j|jt|
�t|�d�}
|
|k�r|
|}
|
||<WnDt�yh}z*|j�d
�|jt|���WYd}~WdSd}~00|j�d�||��WdS||}|�r�t��|k�r�|�|�|du�r�t��}||||<|j�d�||��Wn8t�y}z|j�d�|��WYd}~n
d}~00dS)NzAdmin update request)r��next_update_checkzcheckForUpdate: no server keyr�rd)Zdaysr)�	randranger�rc)�year�month�dayZhourZminutez%Could not calculate next check {}: {}zNext update check at {}zcheckForUpdates problem: {})rlr��_onCheckUpdatesr\r�r�r�r�r�r�r�rr]r�r�rCr�rr�rAr�r�r�r�r�rVr�)r�r�r�r�r�Zdb_keyr�Z
update_periodr�Z	randomSec�hrPZrnZctrr"r"r#r�?	sp
�


�

��

zAgent.checkForUpdatec
Cs�|j�d�zLd�|j�}|j|dd�}t|�dkrVt|j|j�}|j	dt
�|�d�Wn6ty�}z|j�
d�|��WYd}~n
d}~00dS)	NzPerforming updates check...zagent_update_info/darwin/{}rP��methodr�updates�ZpayloadzUpdate check failure: {})rlr�rVr�r�r�r
rkrlr�rEr�r�r�)r�r�r�r��clientrr"r"r#r�{	szAgent._onCheckUpdatesc
CsL|j�d�g}g}t|jd���D]�\}}|jd�|�}|sP|jd|=q&t|���D]�\}}|j�d|�|js�|�|j	�r�|�
||t�|j
���df�d|_|j�d|�|js\|��r\|�
||t�|j
���df�d|_|j�d|�q\q&|j�d	t|��|j�d
|�|j�dt|��|j�d|�|j��||S)
NzGathering reportable anomaliesr�r0zThreshold %sFTzCleared anomaly: %szLengthy anomaly: %sz$Found %d anomalies that have clearedzCleared anomalies: %rz5Found %d anomalies that exceed the threshold durationzLengthy anomalies: %r)rlr�r�r�r�r�rm�reported_as_clearedZhas_clearedZnumber_of_checksrr3r"Ztime_last_detectedr#Zreported_as_exceeded_durationZexceeds_durationr�r�)r�Zcleared_anomaliesZlengthy_anomalies�schedule_idr�r5�threshold_id�anomalyr"r"r#�get_reportable_anomalies�	sX
��������
zAgent.get_reportable_anomaliescCs�|j�d�t|jd���D]\\}}t|���D]2\}}|jr2|�|�}|j�d�|j�d|�q2|s|jd�|�q|j�d|jd�|j��dS)Nz'Checking for reported cleared anomaliesr�z Removed reported cleared anomalyzAnomaly: %szRemaining anomalies: %s)	rlr�r�r�r�r�r�rmr�)r�r�r�r�r�r"r"r#�!remove_reported_cleared_anomalies�	s
z'Agent.remove_reported_cleared_anomaliesc	
Cs.|gks|dkr |j�d�dS|jd}i|jd<|D]�}|d}|j�d|�|�|d�}z`|r||�|�||j=d}n|s�t|�}d}||jd|j<|j�d||j�|j�d|�Wq8ty�t	�
�d	}t|�}|j�d
�
||��Yq80q8|j��|j�dt|��|j�dt|��dS)
Nz,No schedule changes received from aggregatorr0r�z$Received schedule %s from aggregatorZEditedZCreatedz%s schedule %s locallyzSchedule data: %rrdzInvalid schedule {} data: {}zCreated/updated %d scheduleszDeleted %d schedules)rlr�r�r�r�r�rrmr�r�r�r�r�rVr�r�)	r�Z
new_schedulesZexisting_schedulesZnew_schedule_dataZnew_schedule_idr5r;r�r�r"r"r#r��	s:



�
zAgent.update_schedulescCs�d}|d|j7}|dtjddd�7}dtjkrJ|dtjd	dd�7}n|dtjd
dd�7}|dtjddd�7}dtjkr�|d
tjd|jdd�7}|dtjddd�7}|dtj|jd|j	d�7}|S)zVFunction to build a string of diagnostics data to send
        back to the aggregator.zAGENT DIAGNOSTICS
zAgent version: %s
zAgent server hostname: %sr�Tr�r�zAgent OS: %szsw_vers | grep ProductVersionz%cat /etc/*-release | grep PRETTY_NAMEzuname output: %szuname -azPackage information: %s
zapt-cache show %s-agent || truez
ip output:
%szip addr showz!Local agent pickle file data:
%s
r7)r�r�)
r�r'r$r�rryrEr�rF�defaultprint)r�r�r�ry�stringr"r"r#r��	s,�

��


�

�
zAgent.build_diagnosticscCst|t�r|��SdSdSr�)�
isinstancer�__repr__)r�rQr"r"r#r
s
zAgent.defaultprintcCs�tj�|j�s t�d�|j��zt|j�}WnYdS0iddddd|jddt	�iddt	ddd�t	ddd�t	ddd�t	ddd�d	�}t
|���D]\}}||vr�|||<q�|S)
NruFri��2)r�r��drw)r�rsr�r�r�r�r�r�r�r�r0r�r�Z
check_resultsZserver_resource_levelsr�r�)r<r=rr�r�rVrrfr~rr�r�)r�r��defaultsr�r�r"r"r#r{
s<
�

�
z
Agent.open_dbcCs&z|�dd�dkWSYdS0dS)N�topoZ	auto_scanrF)r��r�r�r"r"r#�should_run_auto_topo_scansH
sz Agent.should_run_auto_topo_scanscCs&zt|�dd��WSYdS0dS)NrZscans_per_syncr�rCr�rr"r"r#�get_num_topo_scansN
szAgent.get_num_topo_scanscCs&zt|�dd��WSYdS0dS)Nr�
scan_sleeprdr
rr"r"r#�get_topo_scan_sleepT
szAgent.get_topo_scan_sleepcCshd}d}t��}|j�d�zttj|dd��}Wnt��}Yn0t��|}|j�d|�|S)Nr�r�zStarting topo scanTr�z.Topo scan complete. Elapsed time: %.2f seconds)r3rlr�r�r'r$rorp)r�r��resultr��elapsedr"r"r#�
run_topo_scanZ
szAgent.run_topo_scancCsv|�|�sdS|�|�}|�|�}d|jvr6g|jd<t|�D]2}t��}|��}|jd�||f�t�|�q>dS)Nr�)	r	rr
r�rr3rrr�)r�r��nrrr��scanr"r"r#r�i
s




zAgent.run_auto_topo_scansc	Cs�i}|js|St|j|j�}|�d�}|dur2|St�|�}|��D]�}z<||}|��rh||||<n|�	||�|�
�||<WqDty�}z*|j�
d�|��WYd}~qDWYd}~qDd}~00qD|S)NZcollectz_getDemResults: {})rir	rjrlr�rErFrGZisEmptyr�r�r�rlr�rV)	r�r�Zrvr�r�Z
latestResultsr�r�rr"r"r#r�y
s&

$zAgent._getDemResultscCsDd}d|vr2|dr2|d|jkr@|j|d<d}n|j|d<d}|S)NFZlast_ran_versionT)r�)r�r�Z
has_updater"r"r#r��
s

zAgent._agent_version_updatedc
Cs�zX|jddd�}|�dg�|�dg�|�dg�d�}t|j|j�}|jdt�|�d	�Wn8ty�}z t	�
d
�t|���WYd}~n
d}~00dS)Nr0rPr�r�r�r�)r�r�r�Z
initSchedulesr�z/schedules error: {})
r�r�r	rjrlr�rEr�r�r�r�rVr�)r�r�r�r0r�ZaggExr"r"r#r��
s


�*zAgent._init_dem_schedulescCs0|js
dSt|j|j�}|jdt�|�d�}dS)Nzupdate-schedulesr�)rir	rjrlr�rEr�)r�ZnewSchedulesr�r�r"r"r#r��
sz Agent._updateDEMServiceSchedules)r7rNrb)F)F)r)NNF)0rrr r�r~rBr�r�rzrr�r�r�r�r�rrr,r/r7r8rRrVrrr�rtror~r�r�r�r�r�r�r�r�r�rr{r	rr
rr�r�r�r�r�r"r"r"r#r_�sp
U
&U
@A
)!$)7
<9%-r_)bZ
agent_utilrrrrZ	inspectorrrrZ
ipc_clientr	r
Zagent_exceptionsrrZforticlient_helperr
rZprocess_managerrZos.pathrrrrrZpickle_databaserZplugin_managerrrZprogress_printerrr�rr5rr�rr��ior�rHr�rr�r�rr�r�Zlogging.handlersr|r<r�rr'r_r3ror�Zblacklisterrr�rr�r�rE�ImportErrorZ
simplejsonZhashlibZsha1r�Zsha�newr�r1r$r�Zurllib.parse�parseZurllib.requestrZr�rYrXZhttp.clientr�rUr>r�r2r5r:rGrIr^�objectr_r"r"r"r#�<module>s�


	'