1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
#! /usr/bin/env python
import os, string, select, struct, syslog
import audit, avc, traceback
import AuditMsg
from setroubleshoot.signature import *
from setroubleshoot.util import LoadPlugins
class avc_snap:
def __init__(self):
self.audit_list = []
self.cur_sig = ""
self.plugins = LoadPlugins()
syslog.syslog( "Number of Plugins = %d" % len(self.plugins))
def is_avc(self):
for i in self.audit_list:
if i[0] == audit.AUDIT_AVC:
return True
return False
def out(self):
if self.is_avc():
rules=avc.SERules()
l=[]
for ( type, data_list ) in self.audit_list:
l += data_list
if "granted" in l:
self.audit_list = []
return
rules.translate(l)
myavc = AVC(rules.AVCS[0])
for plugin in self.plugins:
try:
if plugin.analyze(myavc):
plugin.report()
break;
except TypeError, e:
syslog.syslog("Type exception %s: %s " % ( plugin.analysisID, e.args))
except:
syslog.syslog("Plugin Exception %s " % plugin.analysisID)
self.audit_list = []
def process(self, type, data):
data_list=data.split()
new_sig=data_list[0]
if len(self.audit_list) > 0 and new_sig != self.cur_sig:
self.out()
self.cur_sig = new_sig
self.audit_list.append((type, data_list[1:]))
def run(self):
while 1:
input,output, err = select.select([0],[], [], 5)
try:
if 0 in input:
msg = AuditMsg.AuditMsg()
if not msg.read_from_fd(0):
syslog.syslog("Connection closing")
return
self.process(msg.get_type(), msg.get_body())
else:
self.out()
except struct.error, e:
syslog.syslog("struct exception %s " % e.args)
return
except TypeError, e:
syslog.syslog("Type exception %s " % e.args)
try:
syslog.openlog("avc_snap")
snap=avc_snap()
snap.run()
except IOError,e:
syslog.syslog("IOError exception %s" % e.args)
except Exception, e:
syslog.syslog("Unexpected exception %s " % e.args)
syslog.syslog(traceback.format_exc())
except:
syslog.syslog("Caught Exception")
syslog.syslog(traceback.format_exc())
|