Skip to content

Instantly share code, notes, and snippets.

@phobos182
Last active August 29, 2015 13:58
Show Gist options
  • Save phobos182/10337489 to your computer and use it in GitHub Desktop.
Save phobos182/10337489 to your computer and use it in GitHub Desktop.
patch detection
#!/usr/bin/env python
import argparse
import re
import sys
import subprocess
LIBSSL_NAME = 'libssl1.0.0'
LIBSSL_MODULE = 'libssl.so.1.0.0'
OPENSSL_NAME = 'openssl'
VERSION_WHITELIST = ['1.0.1-4ubuntu5.12']
PROCESS_WHITELIST = ['tornado', 'api']
PATTERN = re.compile(r'\s+')
def _get_orphaned_files(file_name, whitelist, report=False):
processes = {}
output = subprocess.check_output("lsof|grep -i {}|grep -i del".format(file_name), shell=True).split("\n")
for l in output:
stripped = re.sub(PATTERN, ' ', l).split(' ')
proc_name = stripped[0]
# if empty line, continue
if not proc_name:
continue
# if report is false, then filter processes in the whitelist
if not report:
if not proc_name in whitelist:
continue
if not proc_name in processes:
processes[proc_name] = 1
else:
processes[proc_name] += 1
return processes
def _get_version(package):
version = None
output = subprocess.check_output("dpkg-query -s {}".format(package), shell=True).split("\n")
for l in output:
if 'version' in l.lower():
version = l.split(':')[1].strip()
return version
def _is_patched(version):
if version in VERSION_WHITELIST:
return True
return False
def main():
parser = argparse.ArgumentParser()
parser.add_argument('-p', '--process', action='append', default=PROCESS_WHITELIST,
help='Process name look for restart required. Defaults to (tornado|api)')
parser.add_argument('-r', '--report', action='store_true',
help='Instead of looking for individual processes, give a report of all daemons needing a restart')
args = parser.parse_args()
version_libssl = _get_version(LIBSSL_NAME)
version_openssl = _get_version(OPENSSL_NAME)
if not _is_patched(version_libssl) and _is_patched(version_openssl):
print 'please patch this system first. it is not patched, libssl: {}, openssl:{}'.format(_get_version(LIBSSL_NAME), _get_version(OPENSSL_NAME))
sys.exit(1)
to_restart = _get_orphaned_files(LIBSSL_MODULE, args.process, args.report)
if to_restart:
for proc, num in to_restart.iteritems():
print '{} {} processes need to be restarted'.format(num, proc)
sys.exit(1)
print 'patched'
if __name__ == '__main__':
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment