mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 17:22:49 +01:00
80 lines
2.8 KiB
Python
80 lines
2.8 KiB
Python
#!/usr/bin/env python3
|
|
|
|
# this script comes from the user nf-brentsaner located here https://github.com/saltstack/salt/issues/64962
|
|
|
|
import datetime
|
|
import grp
|
|
import os
|
|
import pathlib
|
|
import pwd
|
|
import shutil
|
|
##
|
|
import dbus # dnf -y install python3-dbus
|
|
##
|
|
import lief # https://pypi.org/project/lief/
|
|
|
|
salt_root = pathlib.Path('/opt/saltstack')
|
|
src_lib = pathlib.Path('/lib64/libldap.so.2')
|
|
dst_lib = salt_root.joinpath('salt', 'lib', 'libldap.so.2')
|
|
|
|
uname = 'salt'
|
|
gname = 'salt'
|
|
|
|
lib = lief.parse(str(src_lib))
|
|
|
|
sym = next((i for i in lib.imported_symbols if i.name == 'EVP_md2'), None)
|
|
|
|
if sym:
|
|
# Get the Salt services from DBus.
|
|
sysbus = dbus.SystemBus()
|
|
sysd = sysbus.get_object('org.freedesktop.systemd1', '/org/freedesktop/systemd1')
|
|
mgr = dbus.Interface(sysd, 'org.freedesktop.systemd1.Manager')
|
|
svcs = []
|
|
for i in mgr.ListUnits():
|
|
# first element is unit name.
|
|
if not str(i[0]).startswith('salt-'):
|
|
continue
|
|
svc = sysbus.get_object('org.freedesktop.systemd1', object_path = mgr.GetUnit(str(i[0])))
|
|
props = dbus.Interface(svc, dbus_interface = 'org.freedesktop.DBus.Properties')
|
|
state = props.Get('org.freedesktop.systemd1.Unit', 'ActiveState')
|
|
if str(state) == 'active':
|
|
svcs.append(i[0])
|
|
# Get the user/group
|
|
u = pwd.getpwnam(uname)
|
|
g = grp.getgrnam(gname)
|
|
# Modify
|
|
print('Modifications necessary.')
|
|
if svcs:
|
|
# Stop the services first.
|
|
for sn in svcs:
|
|
mgr.StopUnit(sn, 'replace')
|
|
if dst_lib.exists():
|
|
# 3.10 deprecated .utcnow().
|
|
#dst_lib_bak = pathlib.Path(str(dst_lib) + '.bak_{0}'.format(datetime.datetime.now(datetime.UTC).timestamp()))
|
|
dst_lib_bak = pathlib.Path(str(dst_lib) + '.bak_{0}'.format(datetime.datetime.utcnow().timestamp()))
|
|
os.rename(dst_lib, dst_lib_bak)
|
|
print('Destination file {0} exists; backed up to {1}.'.format(dst_lib, dst_lib_bak))
|
|
lib.remove_dynamic_symbol(sym)
|
|
lib.write(str(dst_lib))
|
|
os.chown(dst_lib, u.pw_uid, g.gr_gid)
|
|
os.chmod(dst_lib, src_lib.stat().st_mode)
|
|
# Before we restart services, we also want to remove any python caches.
|
|
for root, dirs, files in os.walk(salt_root):
|
|
for f in files:
|
|
if f.lower().endswith('.pyc'):
|
|
fpath = os.path.join(root, f)
|
|
os.remove(fpath)
|
|
print('Removed file {0}'.format(fpath))
|
|
if '__pycache__' in dirs:
|
|
dpath = os.path.join(root, '__pycache__')
|
|
shutil.rmtree(dpath)
|
|
print('Removed directory {0}'.format(dpath))
|
|
# And then start the units that were started before.
|
|
if svcs:
|
|
for sn in svcs:
|
|
mgr.RestartUnit(sn, 'replace')
|
|
else:
|
|
print('No EVP_md2 symbol found in the library. No modifications needed.')
|
|
|
|
print('Done.')
|