gq*dZddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z m Z m Z mZmZmZmZddlmZmZddlmZddlmZdd lmZdd lmZmZmZdd lm Z m!Z!dd l"m#Z#dd l$m%Z%ej&e'Z(dZ)dZ*dZ+de,fdZ-dZ.dZ/dZ0dZ1dee2ee e3e fffdZ4dddZ5d%dZ6de3dee3deej7fd Z8d!Z9d"e3de:fd#Z;de3fd$Z. Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N) defaultdict)Path)AnyDictIterableListLiteralSetTuple)Casefn) hosting_panel)get_results_iterable_expression) to_thread)MalwareHitStatusMalwareScanResourceTypeQueuedScanState) MalwareHit MalwareScan) is_crontab) CloudwaysUserc dddddddddd S)Nr) userhomeinfected infected_db_infected_totalscan_id scan_date scan_statuscleanup_statusr"T/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/utils/user_list.py stub_entryr%0s,   r#c#KtjD](}t}|j|d<|j|d<|V)dS)z Get all system users and initialize a dict for them. If a user has leftover config files after being deleted then the panel API might treat him as existent. This is resolved by checking that a system user is a panel user. rrN)pwdgetpwallr%pw_namepw_dir)entryus r$ system_usersr->sQ LLM& L&  r#cKtjd{VfdtDS)Nc(g|]}|dv |Srr").0r,userss r$ zpanel_users..Ps' < < .Us%555da! 555r#)allitemsr%) user_listkwargsr,s @r$getr@SsY  5555fllnn555 6 6 HHH  <<r#cFd|D}d}tjtjtjdtjtjtj j kz tj}tjtjtjdtjtjtj j kz tj}d|D}d|D}t||}|D]U}t||j} || dd | d<t"jj | d <|j| d <V|D]\} } t|| } | | d<|D]} | d| dz| d <dS)Ncg|] }|d Srr"r1r,s r$r3z7update_infected_count_and_last_scan..\ * * *1QvY * * *r#ctjtjtjtjtjtjtjtjk tj |}|SN) rselectscanid completedpathgroup_byhavingr Maxwherein_)_homesqs r$exprz1update_infected_count_and_last_scan..expr^s  "K$9;;K  Xk& ' ' VK)RVK4I-J-JJ K K U;#''// 0 0 r#rrc(i|]}|j|jSr")rrr1r+s r$ z7update_infected_count_and_last_scan..|sNNNU^NNNr#c(i|]}|j|jSr")rrrUs r$rVz7update_infected_count_and_last_scan..}s,*/ E%r#rCrrr rr0r)rrHrr COUNTaliasrO is_infected resource_typerFILEvaluerLDBrr@rKrstoppedrIr=) r>homesrS grouped_hitsgrouped_db_hitsgrouped_hits_dictgrouped_db_hits_dict actual_scansr+r,rrs r$#update_infected_count_and_last_scanrf[s" * * * * *E    */28::+;+;J+G+GHH   " $ $'+B+G+MM O   */ " "  */28::+;+;M+J+JKK   " $ $'+B+E+KK M   */ " " ONNNN3B34??L$$   + + +)--ai;;* *28-|) 17799''k   % % %&- @@ }q/?? @@r#cd|D}||D]4\}}t||j}|j|d<||d<|j|d<5dS)Ncg|] }|d SrCr"rDs r$r3z.update_running_scan_status..rEr#rCrr scan_type)r@rKrIri)r> get_scanspathsscanstatusr,s r$update_running_scan_statusrnsr * * * * *E! %(((( f   * * *{) !-+ ((r#cd|D}dtttdffd}t||D]\}}t ||}||d<dS)a Updates cleanup status for the list of panel users If at least on cleanup is running for user then status is 'running' Else if there are any finished cleanups then status is 'stopped' If no started and finished cleanups then status is not set :param user_list: cg|] }|d Sr0r"rDs r$r3z)update_cleanup_status..rEr#r7)runningr_Nc tdtjtjtjfdffd}tdtjtjtjfdffd}tj tj tdtj |dkdftj |dkdff dtj |tj }|S)z Returns a list of (user, cleanup_status) tuples where `cleanup_status` can take one of the values: "running", "stopped", or None Nrrqr_r!)r rrmrPrCLEANUP_PENDINGCLEANUP_STARTED CLEANUP_DONECLEANUP_REMOVEDrHrr SumrYrOrLtuples)r2 case_running case_stoppedquerys r$ expressionz)update_cleanup_status..expressionsQ  %)),<,<      %)),9,<       --19= --19= %())  U:?&&u-- . . Xjo & & ||~~r#r0r!N)r strr rr@)r>r2r}rrmr,s r$update_cleanup_statusrs + * * * *E1U30J(K#KL1111f8 EJJ%% f   % % %$ %%r#cd}tt}|D]#}||d|$t|t|D]}||jD] }|j|d< dS)Nchtjtjtjtj|tjtjtj tjkSrG) rrHrKrJrOrPrLrMr rN)r`s r$r}z)update_last_scan_date..expressionsm  {/1F G G U;#''.. / / Xk& ' ' VK)RVK4I-J-JJ K K  r#rr)rlistappendrrKrJ)r>r} home_to_usersrrls r$update_last_scan_daters    %%M11d6l#**40000/D''//"$), / /D $D   ///r#ctKtd{V}t|trtjd|dnUt|t r,tjdd|dntjdfd|D}t||fS)Nz.*z^(|z)$cJg|]}|d| Sr0match)r1r,patterns r$r3z%get_matched_users..s.FFF1W]]1V9-E-EFQFFFr#)r6 isinstancer~recompilerjoinlen)rr> matched_usersrs @r$get_matched_usersrs!mm######I%#*^%^^^,, E8 $ $#*5#((5//55566*T""FFFF FFFM y>>= ((r#rcKt|d{V\}}t|t||t|t |||fSrG)rrfrnrr)rjr max_countr>s r$fetch_user_listrso!25!9!9999999Iy' 222y)444)$$$)$$$ i r#rTcfd}|||dkr|D]}|d|S)Ncdvrtnt}|tkrtdnd}|}||}|S)N)rrrrr)intr~chrr@)element field_typemin_valr]fields r$getterzsort..getterscJKK C  '#--#a&&&1 E"" =E r#)keyreverser)sortpop)r>rdescrrs ` r$rrsk     NNvtN,,, !!! ( (D HH& ' ' ' ' r#rKusers_from_panelpw_allcKtj|}|jx}x}}|jx}}t |} |dkrNt | r?|D];} | j| jkr)| j|vr| j| j| j}}}| j x}}nz&get_username_by_uid..fs199 S(8(8(8(8(8(899r#)rrr'r(next)rrs` r$get_username_by_uidrbs_ c((CS\** * * * * * *F 9999f999   r#)rT)=__doc__rloggingrr'r collectionsrpathlibrtypingrrrrr r r peeweer r defence360agent.subsys.panelsrdefence360agent.utilsrdefence360agent.utils.threadsrimav.malwarelib.configrrrimav.malwarelib.modelrrimav.malwarelib.scan.crontabrimav.malwarelib.utils.cloudwaysr getLogger__name__loggerr%r-r6dictr@rfrnrrrr~rrr struct_passwdrrboolrrr"r#r$rs*  ######AAAAAAAAAAAAAAAAAA777777AAAAAA333333 :9999999333333999999  8 $ $      === 2@2@2@j(((@%@%@%F///& )eCd38n1E,E&F ) ) ) )/3     *&( &(!$S&(378I3J&(&(&(&(R0STcr#