phobos182/patched.py

## patched.py
#!/usr/bin/env python
import argparse
import re
import sys
import subprocess

LIBSSL_NAME = 'libssl1.0.0'
LIBSSL_MODULE = 'libssl.so.1.0.0'
OPENSSL_NAME = 'openssl'
VERSION_WHITELIST = ['1.0.1-4ubuntu5.12']
PROCESS_WHITELIST = ['tornado', 'api']
PATTERN = re.compile(r'\s+')


def _get_orphaned_files(file_name, whitelist, report=False):
    processes = {}
    output = subprocess.check_output("lsof|grep -i {}|grep -i del".format(file_name), shell=True).split("\n")
    for l in output:
        stripped = re.sub(PATTERN, ' ', l).split(' ')
        proc_name = stripped[0]
        # if empty line, continue
        if not proc_name:
            continue
        # if report is false, then filter processes in the whitelist
        if not report:
            if not proc_name in whitelist:
                continue
        if not proc_name in processes:
            processes[proc_name] = 1
        else:
            processes[proc_name] += 1
    return processes


def _get_version(package):
    version = None
    output = subprocess.check_output("dpkg-query -s {}".format(package), shell=True).split("\n")
    for l in output:
        if 'version' in l.lower():
            version = l.split(':')[1].strip()
    return version


def _is_patched(version):
    if version in VERSION_WHITELIST:
        return True
    return False


def main():
    parser = argparse.ArgumentParser()
    parser.add_argument('-p', '--process', action='append', default=PROCESS_WHITELIST,
                        help='Process name look for restart required. Defaults to (tornado|api)')
    parser.add_argument('-r', '--report', action='store_true',
                        help='Instead of looking for individual processes, give a report of all daemons needing a restart')
    args = parser.parse_args()

    version_libssl = _get_version(LIBSSL_NAME)
    version_openssl = _get_version(OPENSSL_NAME)
    if not _is_patched(version_libssl) and _is_patched(version_openssl):
        print 'please patch this system first. it is not patched, libssl: {}, openssl:{}'.format(_get_version(LIBSSL_NAME), _get_version(OPENSSL_NAME))
        sys.exit(1)

    to_restart = _get_orphaned_files(LIBSSL_MODULE, args.process, args.report)
    if to_restart:
        for proc, num in to_restart.iteritems():
            print '{} {} processes need to be restarted'.format(num, proc)
        sys.exit(1)
    print 'patched'


if __name__ == '__main__':
    main()
	#!/usr/bin/env python
	import argparse
	import re
	import sys
	import subprocess

	LIBSSL_NAME = 'libssl1.0.0'
	LIBSSL_MODULE = 'libssl.so.1.0.0'
	OPENSSL_NAME = 'openssl'
	VERSION_WHITELIST = ['1.0.1-4ubuntu5.12']
	PROCESS_WHITELIST = ['tornado', 'api']
	PATTERN = re.compile(r'\s+')


	def _get_orphaned_files(file_name, whitelist, report=False):
	processes = {}
	output = subprocess.check_output("lsof\|grep -i {}\|grep -i del".format(file_name), shell=True).split("\n")
	for l in output:
	stripped = re.sub(PATTERN, ' ', l).split(' ')
	proc_name = stripped[0]
	# if empty line, continue
	if not proc_name:
	continue
	# if report is false, then filter processes in the whitelist
	if not report:
	if not proc_name in whitelist:
	continue
	if not proc_name in processes:
	processes[proc_name] = 1
	else:
	processes[proc_name] += 1
	return processes


	def _get_version(package):
	version = None
	output = subprocess.check_output("dpkg-query -s {}".format(package), shell=True).split("\n")
	for l in output:
	if 'version' in l.lower():
	version = l.split(':')[1].strip()
	return version


	def _is_patched(version):
	if version in VERSION_WHITELIST:
	return True
	return False


	def main():
	parser = argparse.ArgumentParser()
	parser.add_argument('-p', '--process', action='append', default=PROCESS_WHITELIST,
	help='Process name look for restart required. Defaults to (tornado\|api)')
	parser.add_argument('-r', '--report', action='store_true',
	help='Instead of looking for individual processes, give a report of all daemons needing a restart')
	args = parser.parse_args()

	version_libssl = _get_version(LIBSSL_NAME)
	version_openssl = _get_version(OPENSSL_NAME)
	if not _is_patched(version_libssl) and _is_patched(version_openssl):
	print 'please patch this system first. it is not patched, libssl: {}, openssl:{}'.format(_get_version(LIBSSL_NAME), _get_version(OPENSSL_NAME))
	sys.exit(1)

	to_restart = _get_orphaned_files(LIBSSL_MODULE, args.process, args.report)
	if to_restart:
	for proc, num in to_restart.iteritems():
	print '{} {} processes need to be restarted'.format(num, proc)
	sys.exit(1)
	print 'patched'


	if __name__ == '__main__':
	main()