apparmor/Tools/aa-unconfined.py

#!/usr/bin/python

import argparse
import os
import re

import apparmor.aa as apparmor

parser = argparse.ArgumentParser(description='')
parser.add_argument('--paranoid', action='store_true')
args = parser.parse_args()

paranoid = args.paranoid

aa_mountpoint = apparmor.check_for_apparmor()
if not aa_mountpoint:
    raise apparmor.AppArmorException(_('It seems AppArmor was not started. Please enable AppArmor and try again.'))

pids = []
if paranoid:
    pids = list(filter(lambda x: re.search('^\d+$', x), apparmor.get_subdirectories('/proc')))
else:
    regex_tcp_udp = re.compile('^(tcp|udp)\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*|\d+)\s+(LISTEN|\s+)\s+(\d+)\/(\S+)')
    output = apparmor.cmd(['netstat','-nlp'])[1].split('\n')
    for line in output:
        match = regex_tcp_udp.search(line)
        if match:
            pids.append(match.groups()[4])
# We can safely remove duplicate pid's?
pids = list(map(lambda x: int(x), set(pids)))

for pid in sorted(pids):
    try:
        prog = os.readlink('/proc/%s/exe'%pid)
    except:
        continue
    attr = None
    if os.path.exists('/proc/%s/attr/current'%pid):
        with apparmor.open_file_read('/proc/%s/attr/current'%pid) as current:
            for line in current:
                if line.startswith('/') or line.startswith('null'):
                    attr = line.strip()
    
    cmdline = apparmor.cmd(['cat', '/proc/%s/cmdline'%pid])[1]
    pname = cmdline.split('\0')[0]
    if '/' in pname and pname != prog:
        pname = '(%s)'%pname
    else:
        pname = ''
    if not attr:
        if re.search('^(/usr)?/bin/(python|perl|bash|sh)', prog):
            cmdline = re.sub('\x00', ' ', cmdline)
            cmdline = re.sub('\s+$', '', cmdline).strip()
            if 'perl' in cmdline:
                print(cmdline)
            apparmor.UI_Info(_('%s %s (%s) not confined\n')%(pid, prog, cmdline))
        else:
            if pname and pname[-1] == ')':
                pname += ' '
            apparmor.UI_Info(_('%s %s %snot confined\n')%(pid, prog, pname))
    else:
        if re.search('^(/usr)?/bin/(python|perl|bash|sh)', prog):
            cmdline = re.sub('\0', ' ', cmdline)
            cmdline = re.sub('\s+$', '', cmdline).strip()
            apparmor.UI_Info(_("%s %s (%s) confined by '%s'\n")%(pid, prog, cmdline, attr))
        else:
            if pname and pname[-1] == ')':
                pname += ' '
            apparmor.UI_Info(_("%s %s %sconfined by '%s'\n")%(pid, prog, pname, attr))
First set of tools in their alpha release, logprof and genprof are pre-bleeding edge so dont hurt yourself or worse your distro. 2013-08-21 11:26:09 +05:30			`#!/usr/bin/python`
Merged aa-audit, aa-autodep, aa-complain, aa-disable, aa-enforce to share the common code into a tools.py module. Added -r/--remove feature to aa-complain, aa-enforce, aa-audit and -r/--revert feature to aa-disable. Some other fixes from review 48..51 2013-08-26 00:23:59 +05:30
			`import argparse`
First set of tools in their alpha release, logprof and genprof are pre-bleeding edge so dont hurt yourself or worse your distro. 2013-08-21 11:26:09 +05:30			`import os`
			`import re`

			`import apparmor.aa as apparmor`

			`parser = argparse.ArgumentParser(description='')`
Merged aa-audit, aa-autodep, aa-complain, aa-disable, aa-enforce to share the common code into a tools.py module. Added -r/--remove feature to aa-complain, aa-enforce, aa-audit and -r/--revert feature to aa-disable. Some other fixes from review 48..51 2013-08-26 00:23:59 +05:30			`parser.add_argument('--paranoid', action='store_true')`
First set of tools in their alpha release, logprof and genprof are pre-bleeding edge so dont hurt yourself or worse your distro. 2013-08-21 11:26:09 +05:30			`args = parser.parse_args()`

			`paranoid = args.paranoid`

			`aa_mountpoint = apparmor.check_for_apparmor()`
			`if not aa_mountpoint:`
Merged aa-audit, aa-autodep, aa-complain, aa-disable, aa-enforce to share the common code into a tools.py module. Added -r/--remove feature to aa-complain, aa-enforce, aa-audit and -r/--revert feature to aa-disable. Some other fixes from review 48..51 2013-08-26 00:23:59 +05:30			`raise apparmor.AppArmorException(_('It seems AppArmor was not started. Please enable AppArmor and try again.'))`
First set of tools in their alpha release, logprof and genprof are pre-bleeding edge so dont hurt yourself or worse your distro. 2013-08-21 11:26:09 +05:30
			`pids = []`
			`if paranoid:`
			`pids = list(filter(lambda x: re.search('^\d+$', x), apparmor.get_subdirectories('/proc')))`
			`else:`
			`regex_tcp_udp = re.compile('^(tcp\|udp)\s+\d+\s+\d+\s+\S+\:(\d+)\s+\S+\:(\*\|\d+)\s+(LISTEN\|\s+)\s+(\d+)\/(\S+)')`
			`output = apparmor.cmd(['netstat','-nlp'])[1].split('\n')`
			`for line in output:`
			`match = regex_tcp_udp.search(line)`
			`if match:`
			`pids.append(match.groups()[4])`
			`# We can safely remove duplicate pid's?`
			`pids = list(map(lambda x: int(x), set(pids)))`

			`for pid in sorted(pids):`
			`try:`
			`prog = os.readlink('/proc/%s/exe'%pid)`
			`except:`
			`continue`
			`attr = None`
			`if os.path.exists('/proc/%s/attr/current'%pid):`
			`with apparmor.open_file_read('/proc/%s/attr/current'%pid) as current:`
			`for line in current:`
			`if line.startswith('/') or line.startswith('null'):`
			`attr = line.strip()`

			`cmdline = apparmor.cmd(['cat', '/proc/%s/cmdline'%pid])[1]`
			`pname = cmdline.split('\0')[0]`
			`if '/' in pname and pname != prog:`
			`pname = '(%s)'%pname`
			`else:`
			`pname = ''`
			`if not attr:`
Merged aa-audit, aa-autodep, aa-complain, aa-disable, aa-enforce to share the common code into a tools.py module. Added -r/--remove feature to aa-complain, aa-enforce, aa-audit and -r/--revert feature to aa-disable. Some other fixes from review 48..51 2013-08-26 00:23:59 +05:30			`if re.search('^(/usr)?/bin/(python\|perl\|bash\|sh)', prog):`
			`cmdline = re.sub('\x00', ' ', cmdline)`
First set of tools in their alpha release, logprof and genprof are pre-bleeding edge so dont hurt yourself or worse your distro. 2013-08-21 11:26:09 +05:30			`cmdline = re.sub('\s+$', '', cmdline).strip()`
Merged aa-audit, aa-autodep, aa-complain, aa-disable, aa-enforce to share the common code into a tools.py module. Added -r/--remove feature to aa-complain, aa-enforce, aa-audit and -r/--revert feature to aa-disable. Some other fixes from review 48..51 2013-08-26 00:23:59 +05:30			`if 'perl' in cmdline:`
			`print(cmdline)`
			`apparmor.UI_Info(_('%s %s (%s) not confined\n')%(pid, prog, cmdline))`
First set of tools in their alpha release, logprof and genprof are pre-bleeding edge so dont hurt yourself or worse your distro. 2013-08-21 11:26:09 +05:30			`else:`
			`if pname and pname[-1] == ')':`
			`pname += ' '`
Merged aa-audit, aa-autodep, aa-complain, aa-disable, aa-enforce to share the common code into a tools.py module. Added -r/--remove feature to aa-complain, aa-enforce, aa-audit and -r/--revert feature to aa-disable. Some other fixes from review 48..51 2013-08-26 00:23:59 +05:30			`apparmor.UI_Info(_('%s %s %snot confined\n')%(pid, prog, pname))`
First set of tools in their alpha release, logprof and genprof are pre-bleeding edge so dont hurt yourself or worse your distro. 2013-08-21 11:26:09 +05:30			`else:`
Merged aa-audit, aa-autodep, aa-complain, aa-disable, aa-enforce to share the common code into a tools.py module. Added -r/--remove feature to aa-complain, aa-enforce, aa-audit and -r/--revert feature to aa-disable. Some other fixes from review 48..51 2013-08-26 00:23:59 +05:30			`if re.search('^(/usr)?/bin/(python\|perl\|bash\|sh)', prog):`
First set of tools in their alpha release, logprof and genprof are pre-bleeding edge so dont hurt yourself or worse your distro. 2013-08-21 11:26:09 +05:30			`cmdline = re.sub('\0', ' ', cmdline)`
			`cmdline = re.sub('\s+$', '', cmdline).strip()`
Merged aa-audit, aa-autodep, aa-complain, aa-disable, aa-enforce to share the common code into a tools.py module. Added -r/--remove feature to aa-complain, aa-enforce, aa-audit and -r/--revert feature to aa-disable. Some other fixes from review 48..51 2013-08-26 00:23:59 +05:30			`apparmor.UI_Info(_("%s %s (%s) confined by '%s'\n")%(pid, prog, cmdline, attr))`
First set of tools in their alpha release, logprof and genprof are pre-bleeding edge so dont hurt yourself or worse your distro. 2013-08-21 11:26:09 +05:30			`else:`
			`if pname and pname[-1] == ')':`
			`pname += ' '`
Merged aa-audit, aa-autodep, aa-complain, aa-disable, aa-enforce to share the common code into a tools.py module. Added -r/--remove feature to aa-complain, aa-enforce, aa-audit and -r/--revert feature to aa-disable. Some other fixes from review 48..51 2013-08-26 00:23:59 +05:30			`apparmor.UI_Info(_("%s %s %sconfined by '%s'\n")%(pid, prog, pname, attr))`