Last active
August 29, 2015 13:58
-
-
Save phobos182/10337489 to your computer and use it in GitHub Desktop.
Revisions
-
phobos182 revised this gist
Apr 10, 2014 . 1 changed file with 25 additions and 12 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,5 @@ #!/usr/bin/env python import argparse import re import sys import subprocess @@ -11,14 +12,19 @@ PATTERN = re.compile(r'\s+') def _get_orphaned_files(file_name, whitelist, report=False): processes = {} output = subprocess.check_output("lsof|grep -i {}|grep -i del".format(file_name), shell=True).split("\n") for l in output: stripped = re.sub(PATTERN, ' ', l).split(' ') proc_name = stripped[0] # if empty line, continue if not proc_name: continue # if report is false, then filter processes in the whitelist if not report: if not proc_name in whitelist: continue if not proc_name in processes: processes[proc_name] = 1 else: @@ -42,18 +48,25 @@ def _is_patched(version): def main(): parser = argparse.ArgumentParser() parser.add_argument('-p', '--process', action='append', default=PROCESS_WHITELIST, help='Process name look for restart required. Defaults to (tornado|api)') parser.add_argument('-r', '--report', action='store_true', help='Instead of looking for individual processes, give a report of all daemons needing a restart') args = parser.parse_args() version_libssl = _get_version(LIBSSL_NAME) version_openssl = _get_version(OPENSSL_NAME) if not _is_patched(version_libssl) and _is_patched(version_openssl): print 'please patch this system first. it is not patched, libssl: {}, openssl:{}'.format(_get_version(LIBSSL_NAME), _get_version(OPENSSL_NAME)) sys.exit(1) to_restart = _get_orphaned_files(LIBSSL_MODULE, args.process, args.report) if to_restart: for proc, num in to_restart.iteritems(): print '{} {} processes need to be restarted'.format(num, proc) sys.exit(1) print 'patched' if __name__ == '__main__': -
Apr 10, 2014 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,7 +7,7 @@ LIBSSL_MODULE = 'libssl.so.1.0.0' OPENSSL_NAME = 'openssl' VERSION_WHITELIST = ['1.0.1-4ubuntu5.12'] PROCESS_WHITELIST = ['tornado', 'api'] PATTERN = re.compile(r'\s+') -
Apr 10, 2014 . 1 changed file with 10 additions and 13 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -13,19 +13,16 @@ def _get_orphaned_files(file_name): processes = {} output = subprocess.check_output("lsof|grep -i {}|grep -i del".format(file_name), shell=True).split("\n") for l in output: stripped = re.sub(PATTERN, ' ', l).split(' ') proc_name = stripped[0] if not proc_name in PROCESS_WHITELIST: continue if not proc_name in processes: processes[proc_name] = 1 else: processes[proc_name] += 1 return processes -
Apr 10, 2014 . 1 changed file with 0 additions and 23 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -30,29 +30,6 @@ def _get_orphaned_files(file_name): def _get_version(package): version = None output = subprocess.check_output("dpkg-query -s {}".format(package), shell=True).split("\n") for l in output: -
Apr 10, 2014 . 1 changed file with 23 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -30,6 +30,29 @@ def _get_orphaned_files(file_name): def _get_version(package): """ DPKG QUERY OUTPUT ---- Package: libssl1.0.0 Status: install ok installed Multi-Arch: same Priority: important Section: libs Installed-Size: 2921 Maintainer: Ubuntu Developers <[email protected]> Architecture: amd64 Source: openssl Version: 1.0.1-4ubuntu5.12 Depends: libc6 (>= 2.14), zlib1g (>= 1:1.1.4), debconf (>= 0.5) | debconf-2.0 Pre-Depends: multiarch-support Breaks: openssh-client (<< 1:5.9p1-4), openssh-server (<< 1:5.9p1-4) Description: SSL shared libraries libssl and libcrypto shared libraries needed by programs like apache-ssl, telnet-ssl and openssh. . It is part of the OpenSSL implementation of SSL. Original-Maintainer: Debian OpenSSL Team <[email protected]> """ version = None output = subprocess.check_output("dpkg-query -s {}".format(package), shell=True).split("\n") for l in output: -
Apr 10, 2014 . 1 changed file with 35 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,10 +1,33 @@ #!/usr/bin/env python import re import sys import subprocess LIBSSL_NAME = 'libssl1.0.0' LIBSSL_MODULE = 'libssl.so.1.0.0' OPENSSL_NAME = 'openssl' VERSION_WHITELIST = ['1.0.1-4ubuntu5.12'] PROCESS_WHITELIST = ['tornado'] PATTERN = re.compile(r'\s+') def _get_orphaned_files(file_name): processes = {} try: output = subprocess.check_output("lsof|grep -i {}|grep -i del".format(file_name), shell=True).split("\n") for l in output: stripped = re.sub(PATTERN, ' ', l).split(' ') proc_name = stripped[0] if not proc_name in PROCESS_WHITELIST: continue if not proc_name in processes: processes[proc_name] = 1 else: processes[proc_name] += 1 except Exception, e: pass return processes def _get_version(package): version = None @@ -14,16 +37,22 @@ def _get_version(package): version = l.split(':')[1].strip() return version def _is_patched(version): if version in VERSION_WHITELIST: return True return False def main(): version_libssl = _get_version(LIBSSL_NAME) version_openssl = _get_version(OPENSSL_NAME) if _is_patched(version_libssl) and _is_patched(version_openssl): to_restart = _get_orphaned_files(LIBSSL_MODULE) if to_restart: for proc, num in to_restart.iteritems(): print '{}: {} processes need to be restarted'.format(proc, num) sys.exit(1) print 'patched' sys.exit(0) print 'not patched, libssl: {}, openssl:{}'.format(_get_version(LIBSSL_NAME), _get_version(OPENSSL_NAME)) -
Apr 10, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,34 @@ #!/usr/bin/env python import sys import subprocess LIBSSL_NAME = 'libssl1.0.0' OPENSSL_NAME = 'openssl' WHITELIST = ['1.0.1-4ubuntu5.12'] def _get_version(package): version = None output = subprocess.check_output("dpkg-query -s {}".format(package), shell=True).split("\n") for l in output: if 'version' in l.lower(): version = l.split(':')[1].strip() return version def _is_patched(version): if version in WHITELIST: return True return False def main(): libssl = _get_version(LIBSSL_NAME) openssl = _get_version(OPENSSL_NAME) openssl = _get_version(OPENSSL_NAME) if _is_patched(_get_version(LIBSSL_NAME)) and _is_patched(_get_version(OPENSSL_NAME)): print 'patched' sys.exit(0) print 'not patched, libssl: {}, openssl:{}'.format(_get_version(LIBSSL_NAME), _get_version(OPENSSL_NAME)) sys.exit(1) if __name__ == '__main__': main()