=<BzdZddlZddlZddlZddlZddlZddlZddlmZddl m Z m Z ddl m Z ddlmZmZddlmZddlmZd d lmZmZejeZejd Zed z Zd ZdZej dedej!diZ"ej ej#eej#ej!ej#iZ$gdZ%dZ&dZ'ej(Z)Gdde*Z+ed dZ,dZ-de.de/de/fdZ0d/de1ddfd Z2de e.fd!Z3d"Z4de/fd#Z5d0d$Z6d0d%Z7d&eddfd'Z8d1d)e/de efd*Z9d0d+Z:d0d,Z;d-e/ddfd.Z directory. Then symlinks are created from /var/ossec/etc/dirname.d -> VERSIONS//dirname. N) lru_cache)ListOptional)svcctl) CheckRunError check_run) LooseVersion)files) PamServicePamServiceStatusValuez/var/ossec/etcVERSIONSz ossec.confdovecotzrules_pam.d/320_pam_switch.xmlz&rules_pam.d/320_pam_switch_dovecot.xmlzrules_pam.d/320_pam_ftp.xml)decodersrules rules_pamVERSIONceZdZdS)OssecRulesErrorN)__name__ __module__ __qualname__G/opt/imunify360/venv/lib/python3.11/site-packages/im360/subsys/ossec.pyrr>sDrr)maxsizec*tjdS)Nz ossec-hids)radaptorrrr_ossec_servicer Bs >, ' ''rct}tD]\}}t|z r`t j||<tjt5t|dzz dddn #1swxYwYt|dzz rt j ||<td ||S)N .disabledzAbsent rule {})dictPAM_RULES_NAMESitemsETC_DIRexistsr enabled contextlibsuppressFileNotFoundErrorunlinkdisabledrformat)resultservicerules r_get_pam_config_stater2Gs$ VVF(..00AA  dN " " $ $ A3;F7O$%677 : :D;./77999 : : : : : : : : : : : : : : : +, 4 4 6 6 A3>## $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ LLLEsKKKKKKKKL 4s<B&B BBBBB C &CC c6t}|r|dSdS)Nr)_sorted_versions)versionss rget_rules_installed_versionrWs)!!H{rcK tddgd{Vn3#t$r&}td|Yd}~dSd}~wwxYwdS)Nz/var/ossec/bin/ossec-logtestz-tz$Ossec configuration is not valid: %sFT)rrrPerror)rBs r_is_conf_validrZs|7>??????????  ;SAAAuuuuu 4s A AA c 0tjtjtj}|t z }tj t5tj tt|z dddn #1swxYwYt|dzz }tj t5tj t|dddn #1swxYwY|t"D]:}tjt||z t||dzz ;|t|z dS)z@Copy new files to appropriate subdirectory in OSSEC config tree.N.tmp.d)pathlibPathr rHrIrJrK read_textrNr)r*r+shutilrmtreestr _VERSIONS_DIRmkdir _RULES_DIRScopytreer6) files_prefixversiontmp_dirdir_names r_do_prepare_new_versionrls< 6 6u{ C CDDLm+6688>>@@G  . / /44 c-'122333444444444444444w/0G  . / /$$ c'll###$$$$$$$$$$$$$$$ MMOOO    x' ( (#gD.I*J*J     NN=7*+++++s$*B99B=B=*"DDDcrKtj}|dtd{VdS)N)asyncioget_event_looprun_in_executorrl)loops r_prepare_new_versionrrsC  ! # #D   t%< = ==========rrictd|tD]}t|dzz }|rJ|r|n!tjt|| tt|z |j z tdS)z%Activate configuration for `version`.z+Selecting %s version of OSSEC configurationr]N)rPinforfr&r' is_symlinkr,rarbrc symlink_tordname relative_to)rirw ossec_dirs r_switch_version_torzs KK=wGGG   td{+      .##%% .  """" c)nn---  S\\ )IN : G G         rT skip_invalidcntfdtdDdS)zReturn a list of prepared OSSEC configuration versions. If `skip_invalid` is True (default) then only versions (directories) not ending in ".tmp" are returned. Versions are sorted in descending order (latest first).c3ZK|]%}r |jdkt|jV&dS)r\N)suffixr rw).0dr{s r z#_sorted_versions..sP   $%8v#5#5  #5#5#5#5  r*T)reverse)sortedrdglobr{s`rrUrUsU     "'',,       rcDK t}n#t$r t}YnwxYwt}t |dt |dkr)t d{Vst |dt|dd{VdS)zDSelect latest version if it is valid, or second to latest otherwise.rrNr T)r>)r2r_PAM_CONFIG_DISABLEDrUrzlenrZrC)pam_config_staterVs r_select_versionrs0022 000/0!!Hx{### 8}}(8(8"8"8"8"8"8"88A;''' ,D A A AAAAAAAAAAs ''cd}tdD]h}tjtt |z }|jdks |t kr"tjt |c|dz }idS)NrFrr\r ) rUr^r_rdrcr~_VERSIONS_TO_KEEPrarb)keptrirFs r_cleanup_old_versionsrs D#777|MCLL899 ;& D,=$=$= M#d)) $ $ $ $ AIDD r is_updatedcK|sdSt4d{Vtdd td{Vt d{Vn9#t t f$r%}td|Yd}~nd}~wwxYwtn#twxYw dddd{VdS#1d{VswxYwYdS)NiT)exist_okz(Failed to update OSSEC configuration: %s) rules_update_lockrdrerrrrOrrPrYr)_rrBs ron_files_updaters  $$$$$$$$ED111 $&(( ( ( ( ( ( ( (!## # # # # # # # #) J J J LLCS I I I I I I I I J " # # # # ! # # # # #$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$sLC (AB#B,B B# BB#C #B33C  CC)F)r4N)T)=__doc__rnr)loggingrEr^ra functoolsrtypingrrdefence360agent.subsysrdefence360agent.utilsrrdefence360agent.utils.commonr im360r pamr r getLoggerrrPr_r&rd CONF_NAMEDOVECOTSSHDFTPr$r-rrfrKrLockr Exceptionrr r2rcboolr:r#rCrSrWrZrlrrrzrUrrrrrrrsN,  !!!!!!!!))))))::::::::55555522222222  8 $ $ ',' ( (*$  O5 5N1 O*3 " +N)2 100   GLNN     i    1(((    3  $    PPPdPPPP*8C= d,,,,&>>>>       &44 3E" B B B B $ $$ $ $ $ $ $ $r