summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhagbard <vyosdev@derith.de>2018-10-29 11:08:54 -0700
committerhagbard <vyosdev@derith.de>2018-10-29 11:08:54 -0700
commit817ce73d37c7c6a073b6276c66b411160e4944cb (patch)
treec6f933ea477d474f107dd902aec1682148a2215b
parent2b8d48bcd77134dff741158c81f7fadf3183e280 (diff)
downloadvyos-1x-817ce73d37c7c6a073b6276c66b411160e4944cb.tar.gz
vyos-1x-817ce73d37c7c6a073b6276c66b411160e4944cb.zip
T240: system integrity check
-rw-r--r--op-mode-definitions/show-systemintegrity.xml14
-rwxr-xr-xsrc/op_mode/system_integrity.py69
2 files changed, 83 insertions, 0 deletions
diff --git a/op-mode-definitions/show-systemintegrity.xml b/op-mode-definitions/show-systemintegrity.xml
new file mode 100644
index 000000000..44b5faf68
--- /dev/null
+++ b/op-mode-definitions/show-systemintegrity.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+
+<interfaceDefinition>
+ <node name="show">
+ <children>
+ <leafNode name= "system-integrity">
+ <properties>
+ <help>checks the integrity of the system</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/system_integrity.py</command>
+ </leafNode>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/src/op_mode/system_integrity.py b/src/op_mode/system_integrity.py
new file mode 100755
index 000000000..886d94f16
--- /dev/null
+++ b/src/op_mode/system_integrity.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+import subprocess
+import re
+import itertools
+from datetime import datetime, timedelta
+
+verf = r'/usr/libexec/vyos/op_mode/version.py'
+
+def get_sys_build_version():
+ if not os.path.exists(verf):
+ return None
+
+ a = subprocess.check_output(['/usr/libexec/vyos/op_mode/version.py']).decode()
+ if re.search('^Built on:.+',a, re.M) == None:
+ return None
+
+ dt = ( re.sub('Built on: +','', re.search('^Built on:.+',a, re.M).group(0)) )
+ return datetime.strptime(dt,'%a %d %b %Y %H:%M %Z')
+
+def check_pkgs(dt):
+ pkg_diffs = {
+ 'buildtime' : str(dt),
+ 'pkg' : {}
+ }
+
+ pkg_info = os.listdir('/var/lib/dpkg/info/')
+ for file in pkg_info:
+ if re.search('\.list$', file):
+ fts = os.stat('/var/lib/dpkg/info/' + file).st_mtime
+ dt_str = (datetime.utcfromtimestamp(fts).strftime('%Y-%m-%d %H:%M:%S'))
+ fdt = datetime.strptime(dt_str, '%Y-%m-%d %H:%M:%S')
+ if fdt > dt:
+ pkg_diffs['pkg'].update( { str(re.sub('\.list','',file)) : str(fdt)})
+
+ if len(pkg_diffs['pkg']) != 0:
+ return pkg_diffs
+ else:
+ return None
+
+def main():
+ dt = get_sys_build_version()
+ pkgs = check_pkgs(dt)
+ if pkgs != None:
+ print ("The following packages don\'t fit the image creation time\nbuild time:\t" + pkgs['buildtime'])
+ for k, v in pkgs['pkg'].items():
+ print ("installed: " + v + '\t' + k)
+
+if __name__ == '__main__':
+ sys.exit( main() )
+