statusd.py: delete unused parts, make it pep8 conform
This commit is contained in:
parent
c60bb326cc
commit
1fbd95facf
1 changed files with 52 additions and 43 deletions
71
statusd.py
71
statusd.py
|
@ -12,7 +12,7 @@ import ssl
|
||||||
import os
|
import os
|
||||||
import logging
|
import logging
|
||||||
import json
|
import json
|
||||||
from time import time, ctime, sleep
|
from time import time, sleep
|
||||||
from sys import exit
|
from sys import exit
|
||||||
|
|
||||||
|
|
||||||
|
@ -35,7 +35,8 @@ def read_config(CONFIGFILE, CONFIG):
|
||||||
if key in CONFIG.keys():
|
if key in CONFIG.keys():
|
||||||
value = strip_argument(value)
|
value = strip_argument(value)
|
||||||
CONFIG[key] = value
|
CONFIG[key] = value
|
||||||
else: pass
|
else:
|
||||||
|
pass
|
||||||
else:
|
else:
|
||||||
logging.error('Failed to read {}'.format(CONFIGFILE))
|
logging.error('Failed to read {}'.format(CONFIGFILE))
|
||||||
logging.error('Using default values')
|
logging.error('Using default values')
|
||||||
|
@ -45,12 +46,14 @@ def read_config(CONFIGFILE, CONFIG):
|
||||||
|
|
||||||
def certs_readable(config):
|
def certs_readable(config):
|
||||||
'''
|
'''
|
||||||
checks at start, if the needed certificates defined (no nullstring) and readable.
|
checks at start, if the needed certificates defined (no nullstring) and
|
||||||
|
readable.
|
||||||
param 1: dictionary
|
param 1: dictionary
|
||||||
return: boolean
|
return: boolean
|
||||||
'''
|
'''
|
||||||
for i in (config['SERVER_KEY'], config['SERVER_CERT'], config['CLIENT_CERT']):
|
for i in (config['SERVER_KEY'], config['SERVER_CERT'],
|
||||||
if i == '' or os.access(i, os.R_OK) == False:
|
config['CLIENT_CERT']):
|
||||||
|
if i == '' or os.access(i, os.R_OK) is False:
|
||||||
logging.error('Cant read {}'.format(i))
|
logging.error('Cant read {}'.format(i))
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
@ -135,11 +138,10 @@ def change_status(raw_data, api):
|
||||||
param 2: string
|
param 2: string
|
||||||
return: boolean
|
return: boolean
|
||||||
'''
|
'''
|
||||||
edit = False
|
|
||||||
|
|
||||||
logging.debug('Change status API')
|
logging.debug('Change status API')
|
||||||
data = read_api(api)
|
data = read_api(api)
|
||||||
if data != False:
|
if data is not False:
|
||||||
status, timestamp = set_values(raw_data)
|
status, timestamp = set_values(raw_data)
|
||||||
if os.access(api, os.W_OK):
|
if os.access(api, os.W_OK):
|
||||||
logging.debug('API file is writable')
|
logging.debug('API file is writable')
|
||||||
|
@ -196,7 +198,8 @@ def set_values(raw_data):
|
||||||
status = "true"
|
status = "true"
|
||||||
else:
|
else:
|
||||||
status = "false"
|
status = "false"
|
||||||
logging.debug('Set values for timestamp: {} and status: {}'.format(timestamp, status))
|
logging.debug('Set values for timestamp: {} and status: {}'.format(
|
||||||
|
timestamp, status))
|
||||||
return (status, timestamp)
|
return (status, timestamp)
|
||||||
|
|
||||||
|
|
||||||
|
@ -217,18 +220,19 @@ def read_loglevel(CONFIG):
|
||||||
loglevel = logging.INFO
|
loglevel = logging.INFO
|
||||||
elif CONFIG['VERBOSITY'] == 'debug':
|
elif CONFIG['VERBOSITY'] == 'debug':
|
||||||
loglevel = logging.DEBUG
|
loglevel = logging.DEBUG
|
||||||
else: loglevel = False
|
else:
|
||||||
|
loglevel = False
|
||||||
return(loglevel)
|
return(loglevel)
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
'''
|
'''
|
||||||
The main function - opens a socket, create a ssl context, load certs and
|
The main function - opens a socket, create a ssl context, load certs and
|
||||||
listen for connections. at ssl context we set some security options like
|
listen for connections. at ssl context we set only one available cipher
|
||||||
OP_NO_SSLv2 (SSLv3): they are insecure
|
suite and disable compression.
|
||||||
PROTOCOL_TLS: only use tls
|
|
||||||
OP_NO_COMPRESSION: prevention against crime attack
|
OP_NO_COMPRESSION: prevention against crime attack
|
||||||
OP_DONT_ISERT_EMPTY_FRAGMENTS: prevention agains cbc 4 attack (cve-2011-3389)
|
OP_DONT_ISERT_EMPTY_FRAGMENTS: prevention agains cbc 4 attack
|
||||||
|
(cve-2011-3389)
|
||||||
'''
|
'''
|
||||||
|
|
||||||
loglevel = logging.WARNING
|
loglevel = logging.WARNING
|
||||||
|
@ -239,7 +243,7 @@ def main():
|
||||||
'HOST': 'localhost',
|
'HOST': 'localhost',
|
||||||
'PORT': 10001,
|
'PORT': 10001,
|
||||||
'SERVER_CERT': './server.crt',
|
'SERVER_CERT': './server.crt',
|
||||||
'SERVER_KEY' : './server.key',
|
'SERVER_KEY': './server.key',
|
||||||
'CLIENT_CERT': './client.crt',
|
'CLIENT_CERT': './client.crt',
|
||||||
'TIMEOUT': 3.0,
|
'TIMEOUT': 3.0,
|
||||||
'API': './api',
|
'API': './api',
|
||||||
|
@ -249,28 +253,28 @@ def main():
|
||||||
CONFIG_FILE = './statusd.conf'
|
CONFIG_FILE = './statusd.conf'
|
||||||
read_config(CONFIG_FILE, CONFIG)
|
read_config(CONFIG_FILE, CONFIG)
|
||||||
loglevel = read_loglevel(CONFIG)
|
loglevel = read_loglevel(CONFIG)
|
||||||
if loglevel != False:
|
if loglevel is not False:
|
||||||
logger = logging.getLogger()
|
logger = logging.getLogger()
|
||||||
logger.setLevel(loglevel)
|
logger.setLevel(loglevel)
|
||||||
else:
|
else:
|
||||||
loglevel = logging.WARNING
|
loglevel = logging.WARNING
|
||||||
logger = logging.getLogger()
|
logger = logging.getLogger()
|
||||||
logger.setLevel(loglevel)
|
logger.setLevel(loglevel)
|
||||||
loggin.warning('Invalid value for loglevel. Set default value')
|
logging.warning('Invalid value for loglevel. Set default value')
|
||||||
|
|
||||||
print_config(CONFIG)
|
print_config(CONFIG)
|
||||||
|
|
||||||
# todo: zertifikate sollten nur lesbar sein!
|
# todo: zertifikate sollten nur lesbar sein!
|
||||||
|
|
||||||
if certs_readable(CONFIG) == False:
|
if certs_readable(CONFIG) is False:
|
||||||
logging.error('Cert check failed\nExit')
|
logging.error('Cert check failed\nExit')
|
||||||
exit()
|
exit()
|
||||||
|
|
||||||
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
|
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
|
||||||
context.verify_mode = ssl.CERT_REQUIRED
|
context.verify_mode = ssl.CERT_REQUIRED
|
||||||
context.load_cert_chain(certfile = CONFIG['SERVER_CERT'],
|
context.load_cert_chain(certfile=CONFIG['SERVER_CERT'],
|
||||||
keyfile = CONFIG['SERVER_KEY'])
|
keyfile=CONFIG['SERVER_KEY'])
|
||||||
context.load_verify_locations(cafile = CONFIG['CLIENT_CERT'])
|
context.load_verify_locations(cafile=CONFIG['CLIENT_CERT'])
|
||||||
context.set_ciphers('EECDH+AESGCM') # only ciphers for tls 1.2 and 1.3
|
context.set_ciphers('EECDH+AESGCM') # only ciphers for tls 1.2 and 1.3
|
||||||
context.options = ssl.OP_CIPHER_SERVER_PREFERENCE
|
context.options = ssl.OP_CIPHER_SERVER_PREFERENCE
|
||||||
# ssl + kompression = schlecht
|
# ssl + kompression = schlecht
|
||||||
|
@ -283,7 +287,8 @@ def main():
|
||||||
try:
|
try:
|
||||||
mySocket.bind((CONFIG['HOST'], int(CONFIG['PORT'])))
|
mySocket.bind((CONFIG['HOST'], int(CONFIG['PORT'])))
|
||||||
mySocket.listen(5)
|
mySocket.listen(5)
|
||||||
logging.info('Listen on {} at Port {}'.format(CONFIG['HOST'], CONFIG['PORT']))
|
logging.info('Listen on {} at Port {}'.format(CONFIG['HOST'],
|
||||||
|
CONFIG['PORT']))
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logging.error('unable to bind and listen')
|
logging.error('unable to bind and listen')
|
||||||
logging.error('{}'.format(e))
|
logging.error('{}'.format(e))
|
||||||
|
@ -291,30 +296,33 @@ def main():
|
||||||
while True:
|
while True:
|
||||||
try:
|
try:
|
||||||
fromSocket, fromAddr = mySocket.accept()
|
fromSocket, fromAddr = mySocket.accept()
|
||||||
logging.info('Client connected: {}:{}'.format(fromAddr[0], fromAddr[1]))
|
logging.info('Client connected: {}:{}'.format(fromAddr[0],
|
||||||
|
fromAddr[1]))
|
||||||
try:
|
try:
|
||||||
fromSocket.settimeout(float(CONFIG['TIMEOUT']))
|
fromSocket.settimeout(float(CONFIG['TIMEOUT']))
|
||||||
logging.debug('Connection timeout set to {}'.format(CONFIG['TIMEOUT']))
|
logging.debug('Connection timeout set to {}'.format(
|
||||||
except Exception as e:
|
CONFIG['TIMEOUT']))
|
||||||
logging.error('Canot set timeout to {}'.format(CONFIG['TIMEOUT']))
|
except Exception:
|
||||||
|
logging.error('Canot set timeout to {}'.format(
|
||||||
|
CONFIG['TIMEOUT']))
|
||||||
logging.error('Use default value: 3.0')
|
logging.error('Use default value: 3.0')
|
||||||
fromSocket.settimeout(3.0)
|
fromSocket.settimeout(3.0)
|
||||||
try:
|
try:
|
||||||
conn = context.wrap_socket(fromSocket, server_side = True)
|
conn = context.wrap_socket(fromSocket, server_side=True)
|
||||||
conn.settimeout(3.0)
|
conn.settimeout(3.0)
|
||||||
# display_peercert(conn.getpeercert())
|
# display_peercert(conn.getpeercert())
|
||||||
logging.debug('Connection established')
|
logging.debug('Connection established')
|
||||||
logging.debug('Peer certificate commonName: {}'.format \
|
logging.debug('Peer certificate commonName: {}'.format
|
||||||
(conn.getpeercert()['subject'][5][0][1]))
|
(conn.getpeercert()['subject'][5][0][1]))
|
||||||
logging.debug('Peer certificate serialNumber: {}'.format \
|
logging.debug('Peer certificate serialNumber: {}'.format
|
||||||
(conn.getpeercert()['serialNumber']))
|
(conn.getpeercert()['serialNumber']))
|
||||||
except socket.timeout:
|
except socket.timeout:
|
||||||
logging.error('Socket timeout')
|
logging.error('Socket timeout')
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
logging.error('Connection failed: {}'.format(e))
|
logging.error('Connection failed: {}'.format(e))
|
||||||
raw_data = conn.recv(1)
|
raw_data = conn.recv(1)
|
||||||
if receive_buffer_is_valid(raw_data) == True:
|
if receive_buffer_is_valid(raw_data) is True:
|
||||||
if change_status(raw_data, CONFIG['API']) == True:
|
if change_status(raw_data, CONFIG['API']) is True:
|
||||||
logging.debug('Send {} back'.format(raw_data))
|
logging.debug('Send {} back'.format(raw_data))
|
||||||
conn.send(raw_data)
|
conn.send(raw_data)
|
||||||
# change_status returns false:
|
# change_status returns false:
|
||||||
|
@ -324,7 +332,8 @@ def main():
|
||||||
conn.send(b'\x03')
|
conn.send(b'\x03')
|
||||||
# receive_handle returns false:
|
# receive_handle returns false:
|
||||||
else:
|
else:
|
||||||
logging.info('Invalid argument recived: {}'.format(raw_data))
|
logging.info('Invalid argument recived: {}'.format(
|
||||||
|
raw_data))
|
||||||
logging.debug('Send {} back'.format(b'\x03'))
|
logging.debug('Send {} back'.format(b'\x03'))
|
||||||
if conn:
|
if conn:
|
||||||
conn.send(b'\x03')
|
conn.send(b'\x03')
|
||||||
|
|
Loading…
Reference in a new issue