PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` 3 pes0@sddlmZmZddlmZmZddlmZmZmZddl m Z m Z ddl m Z ddlmZmZmZmZmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lm Z y ddl!Z!Wnddl"Z!YnXddl#Z#ddl$Z$ddl%Z%ddl&Z&ddl'Z'ddl(Z(ddl)Z)ddl*Z*ddl+Z+ddl,Z+ddl-Z-ddl.Z.ddl/Z/ddl0Z0ddl1Z1ddlZddl2Z2ddl3Z3ddl4Z4ddl5Z5ddl6Z6ddl7m8Z8y ddl9Z9Wn GdddZ:e:Z9YnXy ddl;Ze>k r0y ddl?Z=Wne>k r*dZ=YnXYnXyddl@Z@e@jAZBWnddlCZCeCjDZBYnXdeEe1kr|ddZFeFe1_Gy ddlHZHWnddlIjJZHYnXGdddeKZLdS))execute_commandwhich)datetime timedelta) Inspectorget_fqdnget_server_name)NoAgentSectionHeaderExceptionNoManifestFileException)ProcessManager)basenameexistsisdirisfilejoin)PickleDatabase) PluginManager)pprint)ProgressPrinter) ResultQueue)Schedule)exitN)PluginBlacklisterc@seZdZdZdS)SixTN)__name__ __module__ __qualname__PY2rr"/usr/lib/fm-agent/library/agent.pyr-sr check_outputcOs>d|krtdtj|dtji|}|j\}}|j}|S)Nstdoutz3stdout argument not allowed, it will be overridden.) ValueError subprocessPopenPIPE communicatepoll) popenargskwargsprocessoutputZ unused_errretcoderrrfJs  r-c@sjeZdZdZdZdZd\ddZd d Zd d Zd]ddZ ddZ ddZ ddZ ddZ ddZddZd^ddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Zd_d8d9Zd:d;Zdd?Z d@dAZ!dBdCZ"dDdEZ#dFdGZ$dHdIZ%dJdKZ&dLdMZ'dNdOZ(dPdQZ)dRdSZ*dTdUZ+dVdWZ,dXdYZ-d`dZd[Z.d7S)aAgentZcustomINFO cCsNtjd}tjj|js(|jjddSy0t|jj j j d\}}t |}t |}Wn|jj dtjdSytj|Wntk rdSXyhddl}|jtjd|jd}td |d j} ||jkpd | kpd |j| kr|jdSWn YnX|rNtj|d |krN|jj d|tj|ddStj} |j| \} } | j r|jdkr|jj d|jt!} | j"tj#d}| j$||j}|jj ddj%|x|D]}tjt |dqWdS|dkr6|j&d7_&|d 8}|jj d|||ftj'||j(||dS|jj d|dSdS)z/Check to see if it's safe to start up the agentZlock_mgrz-No existing PID file found, proceeding to runT:z#Error reading existing PID file: %srNz/proc/%dz ps -o cmd= %dpythonz%s_agentgN@z&Found stale agent process %s - killing rootz7Uninstalling. Killing all process from the username %s z/proczFound pids %s  r2z]Found existing agent process %s, sleeping for %s and checking %s more times if safe to start.)counterzAFound existing agent process %s, exiting to wait for it to finishF))logging getLoggerospathr pid_filelogdebugopenreadstripsplitintcritical traceback format_excgetpgidOSErrorpwdgetpwuidstatst_uidrloweruserbrandremove_pid_filetimekilloptparse OptionParserparse_arguments uninstallr Zfilter_non_pid_processlistdirZget_process_from_userrcurrent_agent_delaysleepsafe_to_start_agent)selftimeoutZ sleep_timer:r@pid timestamprLZusernameZpsoutparseroptionsargsZmanagerZpidsrrrr]_s^   "    zAgent.safe_to_start_agentcCs6tj}ttj}t|jd}|jd||fdS)z+Create a new PID file to track our instancewz%s:%sN)r=getpidrFrTrBr?write)r^r`nowr-rrrwrite_pid_files  zAgent.write_pid_filecCstjj|jrtj|jdS)z1Remove an old PID file to clean up on the way outN)r=r>r r?remove)r^rrrrSszAgent.remove_pid_fileFcCsd}td|j|d}|j|}|r.|jn |jdtd|j|d}tjd|j|j|jf|jd}td|j dd |jt d |j dS) Nr5zNotifying %s of uninstall)indentzERROR CONNECTINGzRemoving %r directoryzrm -rf %s %s %sz Uninstalling %s T)sectionz Uninstall of %s complete ) rrRZnotify_of_uninstallfinishlog_dirr=systemdb_dir config_dirpkg_dirprint)r^aggregator_clientremove_instancerkppsuccessrrrrYs   zAgent.uninstallc Cstj}y.|j|j}|s"td|jds4tdWntjtfk r|jj t t j t jddkrtjdt|jdj}n tjdt|jdjjd}|j|Yn(tk r|jjt t j YnX|S) z Get the manifest configuration if it exists. Also, throw a deprecation warning if the the manifest does not conform to the new-style format (It must have an [agent] section heading). zNo manifest file foundagentzUsing a manifest file without the section heading "[agent]" is deprecated; please add this heading to the file. Example: [agent] customer_key = customerkey server_group = 123 rr3z[agent] rzutf-8) configparser ConfigParserrC manifest_filer has_sectionr ZMissingSectionHeaderErrorr@warnstrrHrIsys version_infoStringIOrBdecodeZreadfpinfo)r^manifestr|Zamended_manifest_filerrr get_manifests&   zAgent.get_manifestc Cstj}d}tjj|jrb|jjdt|jd}|j }|j tj}|j |j|j ||}|j ||}|j ds|jd|jdds|jdd|j|jdd|jd|jdkr|jdd}ng}|jj|}|r|jdd|t|jd}|j||j tjd |j|dk rtj} | j|t|jd j } t| } d d | D} t| r|jjd |jjddj| n |jjdn|jjd|j|S)zo Create/update the config file with the settings from the manifest. Return the config. NzExisting config file foundrbrxaggregator_urlversionZplugin_blacklistrez chmod 640 %srycSs$g|]}|jds|jdr|qS)z+ z- ) startswith).0linerrr sz&Agent.write_config..zConfig file overwrittenzConfig diff: %szNo change to config filezCreated new config file: %s) rzr{r=r>r config_filer@rrB readlinescloserCcopy_config_settingsr} add_section has_optionsetagg_urlrrcget _blacklisterZ update_listrgrodifflibZDifferZcomparelistlenrAr) r^rZ new_configZold_config_linesZold_config_fileZ old_configZoriginal_pluginsZupdated_pluginsZnew_config_fileZdifferZ diff_linesZchangesrrr write_configsJ              zAgent.write_configcCsPxJ|jD]>}|j|s"|j|x$|j|D]\}}|j|||q.Wq W|S)z Copy settings from the original to the destination, overwriting destination's settings if they already exist. )Zsectionsr}ritemsr)r^ZoriginalZ destinationrloptionvaluerrrr%s   zAgent.copy_config_settingscCsT|jjd|jr*td|jjddS|j|j|j|jf}tj d||jjd||j }|j |}y2|j dd}td||jjd|||_ Wn YnXtd|jd d }td d |jdD}|jd rtdd |jd D}ni}y |j|j||\} } } } } Wndtdtdx*|jdD]}tdtjj|dqDW|jjdtjtjYnX| s| rtd| |jjd| tj|jjd| | | | | f| r| |jd<d|jdkrX|j ddj dkrXd|jdkrXx<|j ddjdD]&}dtj!|j"|j#f}tj |q.W| rh|j$n|jj%d| |j$d| | r| r|j&dd| |j't(|j)d| rtd |j*|jf|jjd!nBt+d)t,| d#}d$|| } td%|j*|j| f|jj-d&n,td'|j*| |j*|j|j.f|jj%d(| |j/dS)*NzBegining installationzAgent already installedzmkdir -p %s %s %s %sz Created directories: %s %s %s %srxrz8Using manifest file aggregator for initial handshake: %sz Handshaking with %s serversr5)rkcss |]\}}||jdfVqdS)z'"N)rD)rrrrrr Rsz Agent.install..Z attributescss|]\}}||fVqdS)Nr)rrrrrrrVszI There was an error in the initial handshake with the aggregator, pleasezIcheck your aggregator URL, and ensure you have connectivity to retrieve: ,z %s zv2/hellozError in initial handshake: %szHandshake failed: %sz%s, %s, %s, %s, %s log_levelenable_countermeasurestruecountermeasures_remote_pluginsz0%s %s/countermeasure.py install_plugins --url %szInstallation failed: %szERROR CONNECTING: %s server_keyrezxInstallation of %s complete. Your server will now sync automatically with the %s ControlPanel. z-Agent will automatically sync with aggregatorPr1r9z Installation of %s complete. Please copy and paste the following server key into the %s ControlPanel for your server: %sz^The server key must be manually entered into the Control Panel before agent will begin syncingz Installation of %s had an error (%s). The %s is installed but it cannot sync correctly. Please contact %s and send them the log file at %s zAggregator sync failed: %sgD@)0r@r is_installedrsrnrprqcustom_plugin_dirr=rorrrrrrRdictrr}Z handshake get_all_ipsrEr>rerrorrHrIrrrAdbrcrP executablebin_dirrDrmrGrrgrBrrrrFrr~log_filemigrate_config)r^rtdirsrconfigrrvZagent_settingsZserver_attributesrwr found_serverrrurlcmdZpaddingrrrinstall2s              z Agent.installc Csg}td}|}dtjks$dtjkr,|d}dtjkrtd}|rtd|\}}|dkrx|jd D]8}|jjd sf| sf|d krqf|j}|j|d qfWn|odtjkrt|\}}|dkr6tjdkrtj d|}dd|D}nddtj d|D}n.td} td| \}}ddtj d|D}dd|D}d|kr\d||j d<dd|D}|s|j j dt j|j|j} y| jg}Wn:tk r} z|j jdj| g}WYdd} ~ XnX|s|j jdn|j jd||S)NZifconfigsunosaixz -azhp-uxnetstatz%s -inr namerr3freebsddarwinzinet6? (.+?)\scSsg|]}|jjddqS)%r)rDrE)riprrrrsz%Agent.get_all_ips..cSsg|]}|jdqS)zaddr:)rD)rxrrrrsrz %s addr showcSsg|]}|qSrr)rrrrrrscSsg|] }|r|qSrr)rrrrrrs1z::1cSsg|]}|jjddqS)/r)rDrE)rrrrrrsz@Unable to retrieve IP address(es) locally, contacting aggregatorzIP address lookup failure: {}z"Unable to determine IP address(es)zIP addresses: %s)rr)rrplatformrrErPrappendrefindallindexr@warning aggregatorClientrrZ get_local_ip ExceptionrformatrA) r^ZipsZ ifconfig_pathZ ifconfig_cmdrcoder+lrZ ip_addr_pathrterrrrsR       zAgent.get_all_ipsc CsPtjj|siSy(t|jjjd}tdd|DStdiSdS)NrcSs"g|]}tttj|jdqS)=)rmaprrDrE)rrrrrrsz9Agent.get_old_style_config_properties..zError reading manifest file) r=r>r rBrCrDrErrs)r^manfileZmfrrrget_old_style_config_propertiess z%Agent.get_old_style_config_propertiesr+c Cszt||}d}xFtdD]:}ytj|tjtjBd}PWqtjdYqXqW|rv|jj d||j dS|S)NTr2Fg?zCould not acquire lock on %s) rBrangefcntlflockZLOCK_EXZLOCK_NBrTr\r@ exceptionr)r^fnamemodeZofilelockedirrr _open_files zAgent._open_filec Cs0t|jr(|j|j}|s iSi}y\tj|}xL|D]D\}}}tj|d}t|}||tj |j g|d||j df<q6WWn|j j di}YnXt|j}|jdddi}x<|D]4\}}}||kr||gg||<q||j||gqW|jd|jtj|tj|j|SiSdS) Nz%Y-%m-%d %H:%M:%Sz%s:%sz %Y%m%d%H%Mz"Unable to parse custom metric filecSs|dS)Nr1r)vrrrsz)Agent.get_metric_values..)keyr)r report_filercsvreaderrstrptimefloatrTmktime timetuplestrftimer@rrvaluessortrseektruncaterrLOCK_UNr)r^csvfileZ unique_valuesZ csv_readertextkeyrraZ custom_valuesrrrget_metric_valuess6    .    zAgent.get_metric_valuesc Cst|jr|j|j}|siStj|}ytdd|D}Wn$tk rb|jjdi}YnX|j d|j t j |t j |j|SiSdS)NcSsg|]}|d|dfqS)rr5r)rrowrrrr-sz0Agent.get_registered_metrics..z)Error reading custom metric register filer)r register_filerrrrrr@rrrrrrr)r^rZ csvreadermetricsrrrget_registered_metrics%s       zAgent.get_registered_metricscCsJg}x@t|jdjD]*\}}d|j|jf}||kr|j|qW|S)N schedulesz%s.%s)rrrplugin_textkeyresource_textkeyr)r^Zexisting_tkeyssr_idscheduletkeyrrrget_existing_metrics>s zAgent.get_existing_metricscCs|dkr|jdrdSdS)Nzcom.pnp-hcl.dominostatszMem.PID.TF)r)r^rrrrr ignore_metricFs zAgent.ignore_metriccCs(ddg}ddddg}ddddg}|j}|jjd i}i}g}|jg} |jd d r`|jd d pbd} | rx| j| jd |j} |jd d r|jd d pd} | rt | } g} xr| D]j}t |sqt | | krP|jjd|x>t j |D]0}t | | krPtt||r| jt||qWqWx| D]}t|}t j|t jsV|jjd|q&t|d}y0|jjd|tj|j}|jx2|D]*}|t|jkrtjd||qqW|jdg}x|D]}x8|D]0}|t|jkrtjd|t|qܐqW|j|d|dr*qyJyt |d}Wn4tk rpt j!|dd}t"j#|j$}YnXWn2tk r|jjd|d|dwYnX|d|f}d|d|df}||kr@||kr||j%dgj|nJ|jdd}|dkr|d}|d|d|d||jdd|gd||<n|j%|gj|qW|jdg}x|D]}x8|D]0}|t|jkrxtjd|t|qxqxWyJyt |d}Wn4tk rt j!|dd}t"j#|j$}YnXWn2tk r(|jjd|d|dwlYnX|d|d||d|dd}d|kr`|d|d<d |krv|d |d <|j|qlWt j&|Wntk r|j'rt||j(}|jjd!||j)d"|jj|j|jjt*j+|jjd#|jt j&|w&YnXq&W|||fS)$NrZplugin_category_namerrunitra descriptionactionz Processing incoming import filesrxZmetric_incoming_directoryrZmax_incoming_files_overridez Looking in %sz&Can not delete %s so will not process.zr+z Processing %sz1Can not process file %s! Missing required key: %srz0Can not process metric! Missing required key: %sz%Y-%m-%d %H:%M:%Sz,Could not process timestamp %s for metric %sz%s.%s first_valueslabel)rZ plugin_namerrrr incidentsz2Can not process incident! Missing required key: %sz.Could not process timestamp %s for incident %s)rrrarrZ match_keymetadatazError processing %s:rz Deleting file),rr@rcustom_import_dirrrextendrEMAX_IMPORT_FILESrFrrr=rZrrrr accessW_OKrrBjsonloadsrCrrkeysr;rrrrrcalendarZtimegmr setdefaultrjclosedrrrHrI)r^rZ req_top_keysZreq_metric_keysZreq_incident_keysZexisting_metricsZ new_metricsZ new_valuescustom_incidentsZ import_dirsZadditional_dirsZ max_filesZ max_overridefiles directoryr- full_pathrjZreqrmZunix_timestampraZ new_valuerrrZincidentobjrrrprocess_importsLs                                    zAgent.process_importsc Csdti}tjj|jr|j|j}|s,|S|j|j}|jd|jt j |t j |j ytj |jWn YnX|S|jrt}|r||d<|SdS)NZfqdnr server_name)rr=r>r update_config_filerrrrrrrrrjis_fortisase_installr)r^rrZ propertiesrrrrget_update_configs(    zAgent.get_update_configc s|_|_|_|_|_|_|_tj_ d_ t j dkpPt j dk_| _t jj| j_tjdj_t jj| j_tjdj_t jj| j_tjdj_t jj| j_t jjjd_t jjjd_t jj| dj_t jj| j}t jj|d _t jj| jd _d tjj kr~t jj|d _!t jj|d _"n^dtjj krt jjjd _!t jjjd _"n(t jj| jd _!t jj| jd _"d_#d_$d_%d_&d_'d_(d_)d_*yTt+js$t,dt jj+jsDt,dj-jt.j/}|j0jdtjkrF|j1ddr|j2ddj dk_$|j1ddr|j2dd_%|j1ddr|j2dd_&|j1ddr|j2dd_'|j1ddr|j2ddj dk_(|j1ddr|j2dd_)|j1ddrFd |j2ddj krFd_*|j2dd!}|s`t,d"Wn<t,k r}ztj3j4d#j-|d_#WYdd}~XnXyt5|j2dd$}Wnd%}YnXd&t j6krd't_d_7j8t9j:j;j<_=yt>|j2dd(_?Wnt,k r*|_?YnXj@||d)s`fd*d+_Aj=jBd,tjCd-jDjE_FjGtH_Ij=jJd.dS)/Nirz%s.dbz%s.logz %s_agent.cfgcountermeasuresZincomingz%s-agent-manifestz agent.pidz update-configrregisterZreportrTFZ demserviceZ updateservicez/tmp/com.fortinet.fortimonitorzNo bin directoryzNo config file {}ZdemZenabledrZ server_portrxzupdateservice.portZipc_path auto_updatescheduled_updateZhandshake_typeZ forticlientrzMissing server keyzInitialize exception: {} safe_counterr3ZVMkernelZvmwareZstartup_timeout)r:cs jjdS)NzPreventing pid file removal)r@rr)r^rrr^sz Agent.__init__..z=Exiting without running - other agent process already runningr5zActivity started)KrRrrrQlib_dirrrrtempfileZ gettempdirtmp_dirmetadata_rebuild_freqr=getuidgeteuidis_rootacceptable_sync_delayr>rrpdb_filernrrqrr!countermeasures_custom_plugin_dirrr|r?rrrrPrrrhas_demdem_portupdate_service_portipcPathrrrr rrrzr{rCrrstderrrgrFunamer[set_up_loggingr;r< __class__rr@rr_r]__del__rrriopen_dbrrrrr)r^rRrrrQrr!rrr_Zbase_config_dirZbase_custom_plugin_dirZ base_data_dirZ base_log_dirr(Zdata_dirrrrr r)r^r__init__s          zAgent.__init__cCs|jdr|jjddStj}|j|jrd}|jdsV|jdd}|jjd|jdrx0|j dD]"\}}|d krd }|j d||qlW|j dd}|jjd |rt |jd }|j ||jd|jd<dS) z Update agent configs to use "[agent]" instead of "[AgentConfig]" as the main heading and "aggregator_url" instead of "agg_url" (in order to match the option in the manifest file). config_migratedzConfig is in the correct formatNFrxTzAdded [agent] section to configZ AgentConfigrrzMCopied deprecated [AgentConfig] section to [agent] and removed it from configre)rr@rrzr{rCrr}rrrZremove_sectionrBrgr)r^rZconfig_has_changedrrrrrrrks.           zAgent.migrate_configcCs |jdS)N)rS)r^rrrr3sz Agent.__del__cCstj}tjj|js(tjdj|jyt|j d}Wn>t k rvt d|j t t jft dtj}Yn X|jtjj|j dd dd}|jtjd |j||jtj|j}ytt|d j}Wntt|j}YnX|j|dS) Nz mkdir -p {}azCannot open log file %s: "%s"zLogging to stderr insteadir1)ZmaxBytesZ backupCountzA%(process)d) %(asctime)s - %(name)s - %(levelname)s - %(message)sriiP)r;r<r=r>rrnrorrBrIOErrorrsrrHrIZ StreamHandlerrZhandlersZRotatingFileHandlerZ setFormatterZ FormatterZ addHandlersetLevelZNOTSETr4getattrupperDEFAULT_LOG_LEVEL)r^Z root_loggerrhandlerrrrrrr1s0  zAgent.set_up_loggingcCs|jr(|jdddd|jddddd |jd dd dd |jd dd dd |jddddd |jdddd|jddddd|jddddd|jddddd|jddddd|jddddd|jd ddd!d|jd"ddd#d|j\}}||fS)$zJ Return the options and arguments parsed from the parser. z --server-keyrZstore)destrz--rebuild-metadata store_truerebuild_metadataF)rr?defaultz--statusstatusz--statsstatsz --from-cron from_cronz --aggregatorr)rr?z --installr)rrBr?z --uninstallrYz--remove-instanceruz--customer-keyN customer_key)rBrr?z --unpauseunpausez--list-containerslist_containersz--rebuild-container-metadatarebuild_container_metadata)rZ add_option parse_args)r^rbrcrdrrrrXs  zAgent.parse_argumentsc@Cstj}|jr|j}nd}d}tj}|j|j|jr|r|gkry|jdd}Wnd}YnXy|jddpx|j |_ Wnd|_ YnXd|j ||j f}n d|j f}t j |d}|j |\}}|jrt||jt|jd|j} tj|||d | |jr$tj|d |d |d |jrRtj|j |j|} |j| |jt|j sd|jrb|jrt|j|_ |jp~d} d tjjkr@|j df|j!df|jd f|j"d f|j#d fg} x4| D],\} }t$j%dj&| |rt$j'| |qWxL|j(|j)gD]<}t*|d}WdQRXt$j+j,|s|j-j.dj&|qWtj|j |j|| } |j| dSdddddddg}d}x"|D]}t/||dr~d}Pq~W|sd|j0|j||j f}t1||j-j2|dS|j3rt1dd|d<|j4dS|j5rd|ks|dikr t1ddS|d}t1dt1dxV|j6D]J\}}|jdd }|jd!d }|jd"d }t1d#|||dd$|fqBWdS|j7rd|d<t1d%|j-j2d&dSd}yd}|j8rd}|j8}t1d'||j9dd||jr d}|j}t1d(||j9dd||r@|j:t*|jd)td*|j;rj|j< rj|j-j=d+t1d+dS|jdd}tj|j |j|} |st1d,td-|j>| t||jt|jd|j} |j?}|r| j@|d.|jAdkr|jdd.jd/krd0|jAdkrd1|jAdkrtB|jdd1d2} d3|ksTtCjC|d3| krxL|jdd0jDd4D]6}!|j-j2d5|!d6tjE|jF|!jGf}"t$j%|"qhWtCjC|d3<n.d3|kr|j-j2d7|d3| tCjCd8tj}#g}$|jH}%|jI|\}&}'}(d9|ks|d9dkr"i|d9<xtJ|d j6D]\})}*d:|*jK|*jLf}+d;},|*jK|jMkr|*jL|%kr|+|'kr|*jN|#tO|,d<kr|j-j2d=|*q6tO|*jPd<}-tO|jQd<}.|#|-|.|*_N|+|'krb| jRj|+ijd>d?}/xv|'|+D]j\}0}1|0dk r |0|/9}0|d9j|*jSi}2|*jT|0|2|2|d9|*jS<|0dkrDq|$jU|)|1|0fi}2qWnF|*jK|jMkr|*jL|%krq6| jRj|*jKijd>d?}/xr|%|*jLD]d\}0}1|0dk r|0|/9}0|d9j|*jSi}2|*jT|0|2|2|d9<|0dkrq|$jU|)|1|0fi}2qWn|*jK| jVkr0|j-j2d@|+q6nxtj}3tCjC}4|*jW| |d9j|*jSi\}0}2tCjC}5|j-jXdA|*|0|5|4f|0dkrq6|$jU|)tCjY|3jZ|0f|d9j[|*jS|2iq6W|j-j2dBtj|#|dCj[|$|d rRtCjC|dk r2|j4|dtCjCdD}6|j-j2dE|6dSd|d<|j4|j-j2dFdStCjC}7d}g}8d}9t\j]d*dGd*k}:d};dH|k rd*|dH<tCjC|dH|j^k rd};|j< rd};dI|k rtCjC|dI<t$j+j_|j}<|<|dIk rd};|<|dI<|;rp|j-j2dJtCjC|dH<dK|jAdk r2| j`|jddK| ja}=|= sZ|j< sZ|: sZ|dL r| jb}|= rt|j-j2dMn@|j< r|j-j2dNn*|: r|j-j2dOn|dL s|j-j2dPtc|jd|}9g}8d.|jAdkr|jdd.jd/krxt$j+j|jdQd|j"fD]}>t$j+je|> s qtj+jU|>xt$jf|>D]}?|?jgdR r|?jhdS rytijj|?dd}@Wn |j-jkdU|? w:YnXtl rtmjn rtlt*t$j+j|>|?jjo}An$tlt*t$j+j|>|?jjpdVjo}AndW}AxtJ|@jqj6D]\}B}Ctjrd*dTk r ts|Ctsk s@tjrd*dXk rts|Cttjuk r|BjgdY ry(|C}D|8jU|Djv|Djw|Djx|A|DjydZWn YnX qW|?jgd[ r:yt*t$j+j|>|?}EWn:|j-j=d\t$j+j|>|?|j-j=tzj{ w:YnX|Ej}Ftl rtl|FjpdVjo}AndW}A|Ej|yt}j~|F}GWn:tk r\|j-j=d]|?|j-j=tzj{ w:YnXd^d_d`dag}H|Gj}Id}Jx@|HD]8}||Ik s|Gj| r||j-j=db||?fd}JP q|W|J s q:|Gjd_}K|8jU|K|Gjd^|Gjda|A|GjdcdZ q:W qWdd|ks|dd rTtj}L|Ldekr>d|dd<|j-j2dfn|LdgkrT|j-j2dhdd|krp|ddrpd|d<i}Mi}Ndi|kr|dirt|di|Ndi<dj|kr|djrt|dj|Ndj<dk|kr|dkrt|dk|Ndk<dl|kr|dlrt|dl|Ndl<g}Odm|kr|dm}Oy|j}P|j-j2dnt|$t|P|rptdodptJ|j6D}Q|j-jXdq|Qd}Rt\j]d*dGd*k}:|d d*ks|:s|d ikrd}Rt\j]d-|jpd-}StCj|S|drrtCjC|drkr|dCjt|d }Tnd|dr<|dCj}Tn |dCj}Tg}Ug}Vd$}Wds|krj|ds}Xx,ttt|X|WD]}Y|UjU|Xjd*qPWdt|kr|dt}Zx&tt|ZD]}Y|VjU|Zjd*qW|j|}[yd*t_tJ|&j}&|rd| j|T|P||8|9|U|V|j|&|(|j|j|O|R|N|j|[du}Md|di<d|dj<d|dk<d|dl<g|dm<|Mjdvi|Mjdwi|Mjdxg|Mjdyidz}\|j|\n |j-j2d{Wnd|dCj[|Tx(|[jD]}]||]}^|^j[|[|]qW|j-jkd||j-jXd}|T|j4dS|Mjd~drd|dL<|d d-7<tjjd|d <Wn|j-jkdYn.X|;r>| j|d<|j-j2dtCjC|7|Sd.|jAdkr|jdd.jd/krx|MjdQgD]}_|_jd}A|_jdg}`|_jdi}adW}by>d|A}ct$j+j|j|c}bt*|bd}d|dj:t}j|a|dj|Wn:tk r2|j-j=d|A|`f|j-j=tzj{YnX|j-j2d|A|`f|`rdtjE|jF|Adj|`f}"|brz|"d|b7}"t$jt$jtjE|"jDqW|j|j|Mjd g|Mjdgr|j-j2dttJ|Mdjd|Mdkr|Mdd}etCjC|e|d<dr|Mdkr0|Mddr}etCjC|e|dr<di|Mdkrj|Mddi}ftjd|f|jfdd}g|g|di<d|Mdkr|Mdd}h|h|dC_d|Mdkr|Mdd}i|i|dC_dk|Mdkr.zMetadata summary: %r single_resultdiscovered_containersdeleted_containers)Z dem_enabledZdem_service_resultsicmp_server_resourcesmonitor_schedules traceroutestraceroute_checks)rdrerfrgz"No server_key found, skipping synczCould not sync with aggregatorzSaving results locally: %rrz%m/%d/%Y %H:%MzError syncing with aggregator last_metadatazsyncing took %.2f secondsr[textkeysrzcountermeasure-metadata-%s.jsonrez1Failed parsing countermeasure metadata for %s: %sz#Queueing countermeasures for %s: %sz7%s %s/countermeasure.py execute --hash %s --textkeys %sr9z --metadata-file %sZcommandszgot %d agent commandsz tail -%d %s)shellqueue_batch_sizequeue_max_resultsr_r2zss -t -u -r 2>&1z timeout %d %shostzhttp://zmtr --csv -c 1 %s 2>&1rzSet log level to "%s"zInvalid log level command: "%s"Zmetadata_resyncZrefresh_countermeasuresZ update_agent)ZrebuildzDocker has been enabled but the fm-agent user needs to be added to the docker group. You can do so with `sudo usermod -a -G docker fm-agent`cSsg|]}|dddqS)IdN r)rcrrrrszAgent.main..rnroupdatedz$Discovered %d new/updated containersz!Found %d newly deleted containerszError in main loop)rr agg_clientforcezActivity finished in {}s)rrhrrrzZRawConfigParserrCrrrrrrVrWrXrCrrr!rdisplayrDrYrrrrurrrFrrrPrprqr*rr=rorchmodrrrBr>rr@rr;rRrsrrGsaverHrrIrrrgr'rAr_initDEMSchedulesget_dem_wifi_infoZadd_dem_wifi_resultsrcrFrTrErrrDrrrrrCUSTOMZnext_check_timer frequencyr[ridZdetect_anomaliesrrLcheckrArrupdaterandomZrandintr$getmtimeZinstall_remote_pluginsZis_metadata_stalerrZ get_all_factsr rZendswithr p_importlibZ import_modulersha_funcsixrZ hexdigestencode__dict__rtypetypesZ ClassTyperrrZrrHrIrr r rr container_discoveryZ check_accessrget_reportable_anomaliesrrr(r\ pop_resultsrminpop_getDemResultstracebacklimitrsyncrrrr+_updateDEMServiceSchedulesrZhashed_metadatar#dumpsspawnvpP_NOWAIT!remove_reported_cleared_anomaliesupdate_schedulesr#r rrkrlrurlparsehostnamer<r;r:r/AttributeErrorZWARNINGbuild_diagnosticsZdiscover_docker_containersexc_inforrun_auto_topo_scanscheckForUpdate total_seconds)r^Z activityStartrrrrKrbrcrdrLrtrFZdirs_to_createdirZpermsZrfileZrfZ valid_optionsZ option_givenZ valid_optionmsgZ containersZshort_idrZ cont_imageZ cont_commandZ cont_statusZrequested_auto_updateZjust_set_option_and_quitrZaggZ wifi_infoZ refresh_cyclerrZall_plugins_start_timeZresults_to_sendZcustom_metricsZnew_import_metricsZnew_import_valuesrrrZ schedule_tkeyZ leeway_timer{r[rUrrarSZplugin_start_timeZt0Zt1Z time_leftZ start_timeZcountermeasures_metadataZfactsZ lucky_dayrArWZstalerZmod_namemodr[rrZpluginZ json_counterZ file_contentZ counter_dataZrequired_fieldsZ existing_keysrwrZcan_access_dockerresponseZcommand_resultsr_Zanomalies_to_reportZmetadata_summaryZforce_send_schedulesdelayZ result_datarbrcZMAX_CONTAINERS_SYNCZcontainer_queuerZdeleted_container_queueZ dem_resultsZ dem_updatesZdemKeyqZcountermeasureriZ cm_metadataZ metadata_filerr-rTlinesZ log_outputrkrlr_ss_cmdr^rmZ parsed_urlZmtr_cmdZ mtr_outputZ log_level_keyrlevelmessagerIZexisting_containersZexisting_container_idsZfound_containerstrZfound_container_idsZnew_containersZ containerZ container_idrrrmains|               "         $                          &              "                                                           z Agent.mainNcCs|r |jjd|j|ddSd}|js@||kr<|j|dSd}|sX|jjddS|sntj|j|j |}d}y`t dd}||krv|j dkrddl m }|t|j} tjt | d ||<nyV|j jd \} } tj} t| j| j| jt| t| d } | | kr| |} | ||<Wn<tk rZ}z|jjd j|j t|dSd}~XnX|jjd j||dS||}| stj|kr|j||dkrtj}||||<|jjd j||Wn6tk r }z|jjdj|WYdd}~XnXdS)NzAdmin update request)rrnext_update_checkzcheckForUpdate: no server keyr5)Zdaysr) randrange)rTr4)yearmonthdayZhourZminutez%Could not calculate next check {}: {}zNext update check at {}zcheckForUpdates problem: {})r@r_onCheckUpdatesrrr~rrrrrrrrrFrrrhrErrrrrrr)r^rrrrrsZdb_keyrZ update_periodrZ randomSechrZrnZctrrrrrsX              zAgent.checkForUpdatecCs|jjdyBdj|j}|j|dd}t|dkrL|jd|jtj |dWn4t k r}z|jj dj|WYdd}~XnXdS) NzPerforming updates check...zagent_update_info/darwin/{}GET)methodrupdates)portpayloadzUpdate check failure: {}) r@rrrcallr _sendReceiver-r rrr)r^rrZendpointrrrrrrs   zAgent._onCheckUpdatescCsX|jjdg}g}xt|jdjD]\}}|jdj|}|sR|jd|=q(xt|jD]\}}|jjd||j r|j|j r|j ||t j |j jdfd|_|jjd||j o|jr`|j ||t j |j jdfd|_|jjd|q`Wq(W|jjd t||jjd ||jjd t||jjd ||jj||S) NzGathering reportable anomaliesrSrz Threshold %sFTzCleared anomaly: %szLengthy anomaly: %sz$Found %d anomalies that have clearedzCleared anomalies: %rz5Found %d anomalies that exceed the threshold durationzLengthy anomalies: %r)r@rrrrrrAreported_as_clearedZ has_clearedZnumber_of_checksrrTrZtime_last_detectedrZreported_as_exceeded_durationZexceeds_durationrrw)r^Zcleared_anomaliesZlengthy_anomalies schedule_idrSr threshold_idanomalyrrrrs@   zAgent.get_reportable_anomaliescCs|jjdxvt|jdjD]`\}}xBt|jD]2\}}|jr6|j|}|jjd|jjd|q6W|s |jdj|q W|jjd|jd|jjdS)Nz'Checking for reported cleared anomaliesrSz Removed reported cleared anomalyz Anomaly: %szRemaining anomalies: %s) r@rrrrrrrArw)r^rrSrrrrrr)s   z'Agent.remove_reported_cleared_anomaliescCs|gks|dkr |jjddS|jd}i|jd<x|D]}|d}|jjd||j|d}|r||j|||j=d}n|st|}d}||jd|j<|jjd||j|jjd|q:W|jj|jjd t ||jjd t |dS) Nz,No schedule changes received from aggregatorrr|z$Received schedule %s from aggregatorZEditedZCreatedz%s schedule %s locallyzSchedule data: %rzCreated/updated %d scheduleszDeleted %d schedules) r@rrrr~r|rrArwr)r^Z new_schedulesZexisting_schedulesZnew_schedule_dataZnew_schedule_idrrrrrr7s,       zAgent.update_schedulescCsd}|d|j7}|dtjddd7}dtjkrJ|dtjd dd7}n|dtjd dd7}|d tjd dd7}dtjkr|d tjd|jdd7}|dtjddd7}|dtj|jd|j d7}|S)zVFunction to build a string of diagnostics data to send back to the aggregator.zAGENT DIAGNOSTICS zAgent version: %s zAgent server hostname: %srT)rjrz Agent OS: %szsw_vers | grep ProductVersionz%cat /etc/*-release | grep PRETTY_NAMEzuname output: %szuname -azPackage information: %s zapt-cache show %s-agent || truez ip output: %sz ip addr showz!Local agent pickle file data: %s r1)rkrB) rr#r rrrRr rdata defaultprint)r^rrrRstringrrrrWs  zAgent.build_diagnosticscCst|tr|jSdSdS)N) isinstancer__repr__)r^rrrrrks zAgent.defaultprintcCstjj|js tjdj|jyt|j}Wn dSiddddd|jddt idt dddt dddt dddt dddd }x(t |j D]\}}||kr|||<qW|S) Nz mkdir -p {}Fri2)rlrkdr8)rSr6r]rXrhrNrrMrOrVrraZ check_resultsZserver_resource_levelsrfrg) r=r>rrprorrr)r=rrr)r^rZdefaultsrrBrrrr4qs4    z Agent.open_dbc Cs y|jdddkSdSdS)NtopoZ auto_scanrF)r)r^rrrrshould_run_auto_topo_scanssz Agent.should_run_auto_topo_scansc Cs yt|jddSdSdS)NrZscans_per_syncr)rFr)r^rrrrget_num_topo_scansszAgent.get_num_topo_scansc Cs yt|jddSdSdS)Nr scan_sleepr5)rFr)r^rrrrget_topo_scan_sleepszAgent.get_topo_scan_sleepc Cshd}d}tj}|jjdyttj|dd}Wntj}YnXtj|}|jjd||S)Nzss -t -u -r 2>&1rzStarting topo scanT)rjz.Topo scan complete. Elapsed time: %.2f seconds)rTr@rrr#r rHrI)r^rresultrelapsedrrr run_topo_scans  zAgent.run_topo_scancCsz|j|sdS|j|}|j|}d|jkr6g|jd<x>t|D]2}tj}|j}|jdj||ftj|q@WdS)Nr_) rrrrrrTrrr\)r^rnrrrscanrrrrs     zAgent.run_auto_topo_scansc Cs4|js dS|jd|jd}y tj|SdSdS)Nz wifi-info)r)r+rr,r r )r^rrrrrys  zAgent.get_dem_wifi_infocCsi}|js|S|jd|jd}|dkr*|Stj|}x|jD]x}y<||}|jrb||||<n|j|||j||<Wq>t k r}z|j j dj |w>WYdd}~Xq>Xq>W|S)NZcollect)rz_getDemResults: {}) r+rr,r r r ZisEmptyr~rrr@rr)r^rZrvrZ latestResultsrrrrrrrs$ zAgent._getDemResultscCs|js dS|jd|jd}|dks*|dkr.dSyN|jddd}|jdg|jd g|jd gd }|jd |jtj|d Wn6tk r}ztj dj t |WYdd}~XnXdS)Nzschedules-init)rnackyesrr)rrdrerg)rdrergZ initSchedules)rrz/schedules error: {})rr) r+rr,rrr rrr;rrr)r^ZclientZschedulesReceivedrrZaggExrrrrxs  &zAgent._initDEMSchedulescCs"|jr|jd|jtj|d}dS)Nzupdate-schedules)rr)r+rr,r r)r^Z newSchedulesr`rrrrsz Agent._updateDEMServiceSchedulesc Cs|s tdddl}|r$dj||}|d7}y|j|j|j|}|jd|jtjj |j ||j d}|j |t }x$|jd}dt|krP||7}q|W|jd} d| krdS| SQRXWn4tk r} z|jjd j| dSd} ~ XnXdS) NzServer port not configuredrz{}:{}rg$@zutf-8irzSend/recv failure: {})rsocketrZAF_UNIXZ SOCK_STREAMZ settimeoutZconnectr=r>rr.rZsendallbytesZrecvrrr@r) r^r\rrrZsockZtoSendZ receivedBytesryZreceivedrrrrr s2        zAgent._sendReceive)r1r2r3)F)r)NNF)NN)/rrrrzr=rr]rirSrYrrrrrrrrrrrrrr5rr3r1rXrrrrrrrrr4rrrrrryrrxrrrrrrr.Zsd D &< fH %"'r /- * r.)MZ agent_utilrrrrZ inspectorrrrZagent_exceptionsr r Zprocess_managerr Zos.pathr r rrrZpickle_databaserZplugin_managerrrZprogress_printerrrVrrrrrriorr rrrrurrr;Zlogging.handlersrVr=rrr#r"rTrHrrZ blacklisterrrrr{rzr  ImportErrorZ simplejsonZhashlibZsha1rZshanewrr-r rZ urllib.parseparseobjectr.rrrrs