HEX
Server: Apache
System: Linux dinesh8189 5.15.98-grsec-sharedvalley-2.lc.el8.x86_64 #1 SMP Thu Mar 9 09:07:30 -03 2023 x86_64
User: cgmgerenciamento1 (814285)
PHP: 8.1.26
Disabled: apache_child_terminate,dl,escapeshellarg,escapeshellcmd,exec,link,mail,openlog,passthru,pcntl_alarm,pcntl_exec,pcntl_fork,pcntl_get_last_error,pcntl_getpriority,pcntl_setpriority,pcntl_signal,pcntl_signal_dispatch,pcntl_sigprocmask,pcntl_sigtimedwait,pcntl_sigwaitinfo,pcntl_strerror,pcntl_wait,pcntl_waitpid,pcntl_wexitstatus,pcntl_wifexited,pcntl_wifsignaled,pcntl_wifstopped,pcntl_wstopsig,pcntl_wtermsig,php_check_syntax,php_strip_whitespace,popen,proc_close,proc_open,shell_exec,symlink,system
Upload Files
File: //usr/lib/python3.6/site-packages/sos/report/plugins/__pycache__/ipa.cpython-36.pyc
3

3��d]�@s6ddlmZmZmZddlmZGdd�dee�ZdS)�)�Plugin�RedHatPlugin�SoSPredicate)�globc@sXeZdZdZdZdZdZdZdZdZ	dd�Z
d
d�Zdd�Zdd�Z
dd�Zdd�ZdS)�IpazIdentity, policy, auditZipa�identity�apacheF�/etc/ipa�
ipa-server�
ipa-client�freeipa-server�freeipa-clientcCs>|jd�s|jd�s|jd�r"dS|jd�s6|jd�r:dSdS)Nz
pki-serverz/var/lib/pkiz/usr/share/doc/ipa-server-4.2.0�v4z
pki-commonz/var/lib/pki-ca/�v3)�is_installed�path_exists)�self�r�/usr/lib/python3.6/ipa.py�check_ipa_server_versions




zIpa.check_ipa_server_versioncCs(|jd|j�s |jd|j�r$dSdS)Nz%s/conf/ca/CS.cfgz%s/conf/CS.cfgT)r�pki_tomcat_dir_v4�pki_tomcat_dir_v3)rrrr�ca_installed&szIpa.ca_installedcCs|jd�s|jd�rdSdS)Nz
ipa-serverzfreeipa-serverT)r)rrrr�ipa_server_installed,s

zIpa.ipa_server_installedcCsJ|dkr(|jdddddddd	d
dg
�n|dkrF|jd
dddddg�dS)Nrz!/var/log/pki/pki-tomcat/ca/debug*z!/var/log/pki/pki-tomcat/ca/systemz'/var/log/pki/pki-tomcat/ca/transactionsz(/var/log/pki/pki-tomcat/ca/selftests.logz"/var/log/pki/pki-tomcat/catalina.*z/var/log/pki/pki-ca-spawn.*z"/var/log/pki/pki-tomcat/kra/debug*z"/var/log/pki/pki-tomcat/kra/systemz(/var/log/pki/pki-tomcat/kra/transactionsz/var/log/pki/pki-kra-spawn.*rz/var/log/pki-ca/debugz/var/log/pki-ca/systemz/var/log/pki-ca/transactionsz/var/log/pki-ca/selftests.logz/var/log/pki-ca/catalina.*)�
add_copy_spec)r�ipa_versionrrr�retrieve_pki_logs1s(
zIpa.retrieve_pki_logscCs�d|_d|_d|_d|_|j�}|j�rV|jd�|jd|�|jddd	d
ddg�|j�rr|jd
�|j	|�|jddddddddddddddddddd d!d"d#d$d%g�|d&kr�|j|_
|j|_n|j|_
|j|_|jd'|j
�|jd(|j�|j
d)d*d+d,d-d.d/d0d1d2|j
d3|jd4|jg�|jd5d6d7d8d9d:d;g�t|d<gd=�}|jd>|d?d@�x tdA�D]}|jdB|��qjW|jdCdDi�dS)ENz/var/lib/pki/pki-tomcatz/var/lib/pki-caz/etc/pki/pki-tomcat/caz/etc/pki-cazIPA server install detectedzIPA version is [%s]z/var/log/ipaserver-install.logz"/var/log/ipaserver-kra-install.logz!/var/log/ipaserver-enable-sid.logz/var/log/ipareplica-install.logz"/var/log/ipareplica-ca-install.logz/var/log/ipa-custodia.audit.logz$CA is installed: retrieving PKI logsz/var/log/ipaclient-install.logz/var/log/ipaupgrade.logz/var/log/krb5kdc.logz#/var/log/dirsrv/slapd-*/logs/accessz#/var/log/dirsrv/slapd-*/logs/errorsz/etc/dirsrv/slapd-*/dse.ldifz&/etc/dirsrv/slapd-*/schema/99user.ldifz
/etc/hostsz/etc/httpd/alias/*z/etc/named.*z/etc/ipa/ca.crtz/etc/ipa/default.confz/etc/ipa/kdcproxy/kdcproxy.confz$/etc/ipa/kdcproxy/ipa-kdc-proxy.confz/etc/ipa/kdcproxy.confz/root/.ipa/log/cli.logz#/var/lib/certmonger/requests/[0-9]*z/var/lib/certmonger/cas/[0-9]*z/var/lib/ipa/ra-agent.pemz/var/lib/ipa/certs/httpd.crtz/var/kerberos/krb5kdc/kdc.crtz(/var/lib/ipa/sysrestore/sysrestore.statez)/var/log/ipa/healthcheck/healthcheck.log*z/var/log/ipaepn.log*rzcertutil -L -d %s/aliasz	%s/CS.cfgz/etc/pki/nssdb/key*z/etc/dirsrv/slapd-*/key*z/etc/dirsrv/slapd-*/pin.txtz/etc/dirsrv/slapd-*/pwdfile.txtz/etc/httpd/alias/ipasession.keyz/etc/httpd/alias/key*z/etc/httpd/alias/pin.txtz/etc/httpd/alias/pwdfile.txtz/etc/named.keytabz
%s/alias/key*z%s/flatfile.txtz%s/password.confz"ls -la /etc/dirsrv/slapd-*/schema/z certutil -L -d /etc/httpd/alias/zpki-server cert-find --show-allz%pki-server subsystem-cert-validate caz klist -ket /etc/dirsrv/ds.keytabz%klist -ket /etc/httpd/conf/ipa.keytabz,klist -ket /var/lib/ipa/gssproxy/http.keytabZ
certmonger)Zserviceszgetcert listZgetcert_list)ZpredZtagsz/etc/dirsrv/slapd-*/zcertutil -L -d %sz(/var/log/ipa/healthcheck/healthcheck.logZfreeipa_healthcheck_log)rrZpki_tomcat_conf_dir_v4Zpki_tomcat_conf_dir_v3rrZ
_log_debugrrrZpki_tomcat_dirZpki_tomcat_conf_dirZadd_cmd_outputZadd_forbidden_pathrrZ
add_file_tags)rrZgetcert_predZcertdb_directoryrrr�setupIs�




z	Ipa.setupcCsLd}d}|jd||�|jddd�d}xt|�D]}|j|dd	�q2WdS)
Nz(\s*arg \"password )[^\"]*z
\1********z/etc/named.confzgetcert listz
(pin=)'(\d+)'z\1'***'z#/var/lib/certmonger/requests/[0-9]*z(key_pin=)(\d+)z\1***)Zdo_file_subZdo_cmd_output_subr)r�matchZsubstZrequest_logsZrequest_logrrr�postproc�szIpa.postprocN)rr)r	)r
rrr
)�__name__�
__module__�__qualname__Z
short_descZplugin_nameZprofilesZ
ipa_serverZ
ipa_client�filesZpackagesrrrrrrrrrrrs
krN)Zsos.report.pluginsrrrrrrrrr�<module>s