T240: system integrity check

2 files changed, 83 insertions, 0 deletions

diff --git a/op-mode-definitions/show-systemintegrity.xml b/op-mode-definitions/show-systemintegrity.xml
new file mode 100644
index 000000000..44b5faf68
--- /dev/null
+++ b/op-mode-definitions/show-systemintegrity.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+
+<interfaceDefinition>
+  <node name="show">
+    <children>
+      <leafNode name= "system-integrity">
+        <properties>
+          <help>checks the integrity of the system</help>
+        </properties>
+        <command>sudo ${vyos_op_scripts_dir}/system_integrity.py</command>
+      </leafNode>
+    </children>
+  </node>      
+</interfaceDefinition>
diff --git a/src/op_mode/system_integrity.py b/src/op_mode/system_integrity.py
new file mode 100755
index 000000000..886d94f16
--- /dev/null
+++ b/src/op_mode/system_integrity.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+import subprocess
+import re
+import itertools
+from datetime import datetime, timedelta
+
+verf = r'/usr/libexec/vyos/op_mode/version.py'
+
+def get_sys_build_version():
+  if not os.path.exists(verf):
+    return None
+
+  a = subprocess.check_output(['/usr/libexec/vyos/op_mode/version.py']).decode()
+  if re.search('^Built on:.+',a, re.M) == None:
+    return None
+
+  dt = ( re.sub('Built on: +','', re.search('^Built on:.+',a, re.M).group(0)) )
+  return datetime.strptime(dt,'%a %d %b %Y %H:%M %Z')
+
+def check_pkgs(dt):
+  pkg_diffs = {
+    'buildtime' : str(dt),
+    'pkg'  : {}
+  }
+
+  pkg_info = os.listdir('/var/lib/dpkg/info/')
+  for file in pkg_info:
+    if re.search('\.list$', file):
+      fts = os.stat('/var/lib/dpkg/info/' + file).st_mtime
+      dt_str = (datetime.utcfromtimestamp(fts).strftime('%Y-%m-%d %H:%M:%S'))
+      fdt =  datetime.strptime(dt_str, '%Y-%m-%d %H:%M:%S')
+      if fdt > dt:
+        pkg_diffs['pkg'].update( { str(re.sub('\.list','',file)) : str(fdt)})
+
+  if len(pkg_diffs['pkg']) != 0:
+    return pkg_diffs
+  else:
+    return None
+
+def main():
+  dt = get_sys_build_version()
+  pkgs = check_pkgs(dt)
+  if pkgs != None:
+    print ("The following packages don\'t fit the image creation time\nbuild time:\t" + pkgs['buildtime'])
+    for k, v in pkgs['pkg'].items():
+      print ("installed: " + v + '\t' + k)
+
+if __name__ == '__main__':
+  sys.exit( main() )
+