olavmrk · August 29, 2015 13:58
diff --git a/check_openssl_wheezy.py b/check_openssl_wheezy.py
 #!/usr/bin/env python2

 import os
 import re
 import sys

 vulnerable = frozenset([
    '/usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0',
    '/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0',
 ])

 simple_services = {
    '/usr/lib/apache2/mpm-prefork/apache2': 'apache2',
    '/usr/lib/postfix/master': 'postfix',
    '/usr/lib/postfix/qmgr': 'postfix',
    '/usr/lib/postfix/tlsmgr': 'postfix',
    '/usr/lib/postgresql/9.1/bin/postgres': 'postgresql',
    '/usr/sbin/unbound': 'unbound',
    '/usr/lib/dovecot/imap-login': 'dovecot',
    '/usr/lib/dovecot/imap': 'dovecot',
    '/usr/bin/stunnel4': 'stunnel4',
    '/usr/sbin/freeradius': 'freeradius',
    '/usr/sbin/slapd': 'slapd',
 }

 def check_vulnerable(pid):
    try:
        with open('/proc/{pid}/maps'.format(pid=pid)) as fh:
            for line in fh:
                ol = line
                line = line.strip()
                line = re.split('\s+', line, 5)
                if len(line) < 6:
                    continue
                path = line[5]
                if not path.endswith(' (deleted)'):
                    continue
                path = path[0:-len(' (deleted)')]
                if path in vulnerable:
                    return True
        return False
    except IOError:
        # Process has probably disappeared.
        return False

 def read_cmdline(pid):
    try:
        with open('/proc/{pid}/cmdline'.format(pid=pid)) as fh:
            cmdline = fh.read()
            cmdline = cmdline.split('\0')
            cmdline = cmdline[:-1]
            return cmdline
    except IOError:
        # Process has probably disappeared.
        return None

 def read_exe(pid):
    try:
        exe = os.readlink('/proc/{pid}/exe'.format(pid=pid))
        if exe.endswith(' (deleted)'):
            exe = exe[0:-len(' (deleted)')]
        return exe
    except OSError:
        # Process has probably disappeared.
        return None

 def identify_service(pid):
    exe = read_exe(pid)
    if not exe:
        return None

    if exe in simple_services:
        return simple_services[exe]

    return None

 services_needing_restart = {}
 unknown_processes = set()
 for pid in os.listdir('/proc'):
    if not pid.isdigit():
        continue
    pid = int(pid)
    if not check_vulnerable(pid):
        continue
    svc = identify_service(pid)
    if svc:
        if not svc in services_needing_restart:
            services_needing_restart[svc] = set()
        services_needing_restart[svc].add(pid)
    else:
        unknown_processes.add(pid)

 if services_needing_restart:
    print 'The following services needs a restart'
    for svc,pids in sorted(services_needing_restart.items()):
        print ' {service} ({pids})'.format(service=svc, pids=', '.join([str(pid) for pid in sorted(pids)]))
 if unknown_processes:
    print 'Unknown processes:'
    for pid in unknown_processes:
        exe = read_exe(pid)
        cmdline = read_cmdline(pid)
        print ' {pid} exe={exe} cmdline={cmdline}'.format(pid=pid, exe=exe, cmdline=' '.join(cmdline))

 if services_needing_restart or unknown_processes:
    exit(1)
	#!/usr/bin/env python2

	import os
	import re
	import sys

	vulnerable = frozenset([
	'/usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0',
	'/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0',
	])

	simple_services = {
	'/usr/lib/apache2/mpm-prefork/apache2': 'apache2',
	'/usr/lib/postfix/master': 'postfix',
	'/usr/lib/postfix/qmgr': 'postfix',
	'/usr/lib/postfix/tlsmgr': 'postfix',
	'/usr/lib/postgresql/9.1/bin/postgres': 'postgresql',
	'/usr/sbin/unbound': 'unbound',
	'/usr/lib/dovecot/imap-login': 'dovecot',
	'/usr/lib/dovecot/imap': 'dovecot',
	'/usr/bin/stunnel4': 'stunnel4',
	'/usr/sbin/freeradius': 'freeradius',
	'/usr/sbin/slapd': 'slapd',
	}

	def check_vulnerable(pid):
	try:
	with open('/proc/{pid}/maps'.format(pid=pid)) as fh:
	for line in fh:
	ol = line
	line = line.strip()
	line = re.split('\s+', line, 5)
	if len(line) < 6:
	continue
	path = line[5]
	if not path.endswith(' (deleted)'):
	continue
	path = path[0:-len(' (deleted)')]
	if path in vulnerable:
	return True
	return False
	except IOError:
	# Process has probably disappeared.
	return False

	def read_cmdline(pid):
	try:
	with open('/proc/{pid}/cmdline'.format(pid=pid)) as fh:
	cmdline = fh.read()
	cmdline = cmdline.split('\0')
	cmdline = cmdline[:-1]
	return cmdline
	except IOError:
	# Process has probably disappeared.
	return None

	def read_exe(pid):
	try:
	exe = os.readlink('/proc/{pid}/exe'.format(pid=pid))
	if exe.endswith(' (deleted)'):
	exe = exe[0:-len(' (deleted)')]
	return exe
	except OSError:
	# Process has probably disappeared.
	return None

	def identify_service(pid):
	exe = read_exe(pid)
	if not exe:
	return None

	if exe in simple_services:
	return simple_services[exe]

	return None

	services_needing_restart = {}
	unknown_processes = set()
	for pid in os.listdir('/proc'):
	if not pid.isdigit():
	continue
	pid = int(pid)
	if not check_vulnerable(pid):
	continue
	svc = identify_service(pid)
	if svc:
	if not svc in services_needing_restart:
	services_needing_restart[svc] = set()
	services_needing_restart[svc].add(pid)
	else:
	unknown_processes.add(pid)

	if services_needing_restart:
	print 'The following services needs a restart'
	for svc,pids in sorted(services_needing_restart.items()):
	print ' {service} ({pids})'.format(service=svc, pids=', '.join([str(pid) for pid in sorted(pids)]))
	if unknown_processes:
	print 'Unknown processes:'
	for pid in unknown_processes:
	exe = read_exe(pid)
	cmdline = read_cmdline(pid)
	print ' {pid} exe={exe} cmdline={cmdline}'.format(pid=pid, exe=exe, cmdline=' '.join(cmdline))

	if services_needing_restart or unknown_processes:
	exit(1)