`WVc@sddlZddlZddlZddlZddlZddlZddljZddlZddl Z ddl Z ddl Z ddl Tddl jZddljZddljZejZejedZdZdZdZdZdZd Zd Zd Zd Zd Z dZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)dZ*dZ+dZ,dZ-dZ.dZ/e0dZ1dZ2dZ3dZ4d Z5e3d!Z6d"Z7d#ej8fd$YZ9d%ej8fd&YZ:d'Z;d(Z<d)Z=d*Z>d+Z?d,Z@d-ZAd.ZBd/ZCd0ZDd1ZEd2ZFd3ZGd4ZHd5ZId6ZJd7ZKd8ZLe0d9ZMd:ZNiZOePd;ZQd<ZRd=ZSd>ZTd?ZUd@ZVdAZWdBZXeYdCkreSndS(DiN(t*t tailoringst tailoringt benchmarktprofiletGrouptRuletValuetvaluet__base_benchmark_id__t__base_benchmark_version__t__dict__t__list__t __parent__t _SELECTPICKt _SELECTPOSt _SELECTPREt __readonly__t __status__t__tailoring_benchmark_version__t_TITLEt_TYPEt _VERSIONTIMEt _VLOWERBOUNDt _VUPPERBOUNDt_VMATCHtinitialcCstjdt|fIJ|S(Ns*** %s tailor: %s(tsyststderrtprogname(tstr((s tailor.pytcmderrFsiiic Cs>y"tj|j|\}}Wn'tjk rK}td||fSX|tkr^|s||tkrt|dkrtd|dj|fS|tks|tkrt|dkrtd|St |}t j dd|}x?|D]7\} } | d|kr|| p"dd|| |S|\}}d|krq|jjd| rqtSyt|Wn'tk r}td||fnXt S(Ns$no tailoring specified to be deletedRtdeleteR1s-FsOK to delete tailoring'%s's#failed to remove tailoring '%s': %s( RR R9R&RWRdRTt clt_deleteR?Rc(R[R.RRR2RRF((s tailor.pyt do_deletefs       cCstdGHdS(NsSyntax: delete [-F] delete the tailoring from memory and the repository. This action is immediate and cannot be reverted.n The -F option can be used to bypass the confirmation.(R(R[((s tailor.pyt help_deleteysc Csit|dddt}|s"|S|\}}|j}|t}d|kr|jse|jr||jjd r|tSx|D]2}|j |}|t t krt|t tSd|kr]|jtkr]tS|jrs|jntS(NtFZtexitR1s-Fs-Z(R9R&RcRUt _CHG_INITIALR(R[R.RR2R((s tailor.pyRs    cCstdGHdS(NsSyntax: exit [-F] exit the compliance tailor session. A commit is automatically attempted if needed. The -F option can be used to bypass any commit.(R(R[((s tailor.pyt help_exitscsdgfd}|j}|r;|d|n|d|jt|jp_d}|d||j}|r|d|n |d|j}|t}|t}|jtg} x| D]} || } | t } | jt } | | jt kr| rqn| jt } | jt}|| \}}|d | | t f|d | |fqWx|D]} |j | } | jt } | ttfkrqn| tk}|r| jt  }n%| r|rt}n| jt }| jt |kr|d | t| |jf| jt rVd }nd }|d || fqqWdS(NR"cs(dcdrdpd|7d|krt |} n|j d |k} || IJWnt k r} | GHnX|r |j ndS( Nso:vxtexportR1sNo benchmark specifieds-osw+scan't export to file '%s': %ss-xs-v( R9R&RR RzR_RGRtstdoutt tailorgenRR?tclose( R[R.RR2RRPtopt_oREtreasonRRF((s tailor.pyt do_exports.       cCstdGHdS(NsSyntax: export [-x] [-o output-file] print the current tailoring to standard output. The -o option will direct the output the the specified file. The default output form is suitable for use with the tailor -f option. The -x option selects an xml format suitable for installation.(R(R[((s tailor.pyt help_exportsc Cst|dddt}|s"|S|\}}|j}|t}g}x*|D]"}||krQ|j|qQqQW|rtddj|Sx'|D]}|j|} t| t |jD]3}dG||rpd|||fGHqFd|GHqFWd|kr?d GHd G|jGH|jd G|jtd GHt|krd G|tGHndG|jt d GH|jt rdG|jt d GHn|ddkr?dG|j GHdG|j GHq?ndS(NRhRkR1s Properties:s s%s=%ss %s: not sets-vsContext:s changed:s base benchmark version:t?s tailoring benchmark version:s version time:s readonly:is picked:s pickgroups:( R9R&RPRORURzR_RRRReRXRY(R[R.RR2RRRg((s tailor.pytdo_info0s2          cCstdGHdS(NsVSyntax: info print information about the current tailoring, including all properties.(R(R[((s tailor.pyt help_infoMscCsBt|dddt}|s"|S|\}}td|kdS(NRhtlistR1s-v(R9R&tlist_tailorings(R[R.RR2R((s tailor.pytdo_listSs  cCstdGHdS(Ns5Syntax: list print the list of committed tailorings.(R(R[((s tailor.pyt help_listZscCst|dddt}|s"|S|\}}|jr\d|kpR|jjds\tSn|d}d|krd|d|f}n|j||jjdS( Nsb:FtloadR1s-Fs!OK to discard uncommitted changesis-bs%s/%s(R9R'RURWRdRTRZR(R[R.RR2Rttailor((s tailor.pytdo_load_s      cCstdGHdS(NsSyntax: load [-b benchmark] [-F] tailoring load a committed or installed tailoring. Confirmation will be asked if there any uncommitted changes. The -F option can be used to bypass confirmation.(R(R[((s tailor.pyt help_loadpsc slt|dddt}|s"|S|\}}d|krFt|_nd|ks_|j ri|jSdfd}fdd _y|jWn"tk r}t d |dSX|j }|j t sdSd |j |jf}|jr*|d |j7}nfd |_|_tj|j t |dS(NtpGtpickR1s-Gs-pcSsO|j|}|t}|ttfkr/tS|jrK|tfkrKtStS(N(RoRRt_valueRcRYRRT(tctxtRpRR((s tailor.pytpickables csfd}fd}fd}j|}|t}d} |ttfkr||\} } |tfkr| rjddjnjdd|jtddkod } p|ttk} | d d } j| ||| o| | t |d 7} | rfj| | || t | d 7} nj| t |j || onu|t fkrP||} |t }j|}|}| d d } j| d || t d d 7} j| ||| t |d 7} j| |jt ||n|tfkr ||d d }|} |t }j|}|jt g}|sj|d ||| S|t}|t}g}xt|D]\}}| d7} ||krd}nd}|\}}|sV|rI|d|7}q|d7}n@|si||7}n-||kr||7}n|d||f7}|j| |f| t |7} qWd}d}||\} }| t |}xC||kr.||jkr.||d|d}|d 7}qW|rHj|dnxet|D]W\}\} }| ||kr}qUn|o||k}j| |||qUW|d\} }| |jkrjjd dn||\} }| |} n| S(Ncs|rjpdS(Ni(tA_BOLD(thigh(tpckr(s tailor.pyt attractivescst}d}d}x|rj|}|tsAd|}nI|s]d|}n-ss|ttkrd|}n d|}|o|t}|jt}|d7}qWjd|||fS(NiR"txR!Ri(RcRoRRRR_t_PARENTtaddstr(RptenabledtpostpfxR(tactiveRRR(s tailor.pyt gruprefixs"      cs_d}d}x<|rJd|}j|}|jt}|d7}qWjd||S(NiR"R!i(RoR_RR(RpRRR(RR(s tailor.pyt valprefixs  it>R!R"t deprecatedt DEPRECATEDiiRsmissing %sis+ s_ s_%s_t___s%s (%s)t|j|dd|j|jf}n|jtkr|jt|jkr|jt|jkr|j|dn|j|d|jrd|j|jf}qd}n|j|d|j}|j|d||r|j pd|S( NiR!sbenchmark=%-17s %sRRs profile=%-19s %ss profile: not seti( RRMRRR&RNRPRRR(RRRpRRR((s tailor.pyRs    &cst||stS|dkr#tS|j|jt<|j|jtNOTE: picking properties will discard existing rule selectionsR"spreparation failed: %ss Tailoring: %scs7j|_j|_d|_djd|_dS(NR!RRs Key Command q or ESC Exit DOWN-arrow or j Move down UP-arrow or k Move up SPACE or x or + Pick, unpicks other itemss (R!RR(RRRR$R(R(R (s tailor.pyR s   (tobjectRfRXRR@RQRRRRMRNR?R RRRR"R#( R[R%RRtproplistRktbtbinfotbtitleR\tptitleRFR((RR s tailor.pyR!s6        $  cCstdGHdS(NsSyntax: pick [-p] present a picking screen. If option -p is present, or the benchmark property is not set, present the property pick screen. Otherwise present the group and rule picking screen An item (a group or a rule) is displayed on a line, including the item's identifier and title and its inclusions/exclusions. An exclusion is represented by the letter 'x' appearing on the left. A rule is checked in an assessment if it has no exclusion. A '>' chararcter in reverse indicates rules to be checked.(R(R[((s tailor.pyt help_pickscCs$t|dddt}|s"|S|\}}|s>tdSx|D]}d|kretd|S|jd\}}||jkrtd||fStjd|std ||fS|d krtjd | rtd |S|j||d |ksEt SqEW|j j dS(NRtsetR1sno properties specified for setRsinvalid property setting: %ss"invalid property to set: '%s'='%s's\Ss!invalid property value: '%s'='%s'Rs[\w.-]*$sinvalid tailoring name: '%s's-F( R9R*R R$ROR,R tmatchRmRTRWR(R[R.RR2RR\RgRh((s tailor.pytdo_sets&    cCstdtd|jGHdS(NsSyntax: set [-F] [property=value]... sets property values for the tailoring, properties are: %s. It may be necessary to confirm the change; the -F option can be used to bypass the confirmation.s, (RRRO(R[((s tailor.pythelp_setscCst|dddt}|s"|S|\}}|j}|jt}|s]tddSxG|D]?}d|krtd|S|jd\}} |j|} | o||kstd|S| t} gt| D]$\} } | | kr| | f^q}|rB|dd d s1| t dkrB|dd} nDt | | rrt | d } | | | d RR6R7R8RRRR((R2s tailor.pyt do_values,s*      cCstdGHdS(NsuSyntax: values [-v] Print a list of variables and their assigned values Use the -v option to show the value ranges.(R(R[((s tailor.pyt help_valuesMs(2R'R(R@RKR^RRRRSRmRoRRRvRyRzRZRRqRRRRRRRRRRRRRRRRRRRRRRR$R!R1R4R5R:R;R?R@(((s tailor.pyRHs^            @           7          V   %  !tCmdEditcBsSeZdZdZddZdZdZdZdZ dZ RS( cCsvtjj|d|_ytjtjj s=t nddl }|j |j dped|_|j dp}d|_|j dpd|_|j dpd|_|j dpd|_|j dpd|_|j d pd|_WnFd|_d|_d|_d|_d|_d|_d|_nX|jpl|jpl|jpl|jpld |_dS( NitblinkR"tboldtdimtsitmtsgr0tsmsotsmulR{(RIRJRKR@RR:tisattyRRtfilenotIOErrortcursest setuptermttigetstrtblnkRCRDtitaltnormtsdottundrtstandout(R[RL((s tailor.pyRKXs.           cCsp|j}|sdS|ddkr*dS|jd}x0|D](}|jj|}|dk r@|Sq@WdS(Nit#t;(tstripR$RtonecmdR@(R[R]tcmdstctstop((s tailor.pyRXqs   cCsRxKtrMytjj|dSWqtk r@tdGHdSqXqWdS(Ns INTR: quitting(RcRIRJtcmdlooptKeyboardInterruptR(R[tintro((s tailor.pyR\s   cCs#yt|d}Wntdd|nXtjtjj}tjtjjtjdtj}|tjjkrtj |tjjtj|nd}xA|D]9}|rd|j |fGn|j |}|rPqqWtj |tjjtj||S(NRiscan't access command file '%s's /dev/nulls%s%s( R>tfatalR:tdupRtstdinRJRtO_RDONLYtdup2R@RRX(R[RBRtft stdinfdduptnullfdR[R]((s tailor.pytcmdfiles(  cCsfd}|j}d}x-|rD|j||}d}|j}qW|j||j}||_dS(Ns> R"R{(RRyRVRTRQR(R[t promptstrRZtsep((s tailor.pyRs   cCs ||_||_|jdS(N(RWRR(R[RZ((s tailor.pytpushs  cCs,|jj}|r(||_|jndS(N(RRVR(R[RZ((s tailor.pytpops  cCsgx`trbyt|d}Wnd}|GHtSXtjd|rItStjd|rtSqWdS(Ns (y/N)? tNs[Yy]s[Nn](Rct raw_inputRTR,R3(R[RR((s tailor.pyRds N( R'R(RKRXR@R\RgRRjRkRd(((s tailor.pyRAWs     cCs*t}|r&td|ddGHndS(Ns s R"(tclt_listR(t_verbosettailors((s tailor.pyRs cCsptjd|s%td|n|jd}t|dksYtd| rltd|ndS(Ns [\w./-]*$sinvalid tailoring name: '%s'R{icSs |o |S(N((RR-((s tailor.pytssill-formed tailoring name: '%s'(R,R3tComplianceErrorR$R(treduce(Rttsplit((s tailor.pyR}s %cCs|o|jd}|o"|d}|o7|jd}|oO|jjd}|og|jjd}|s|td|fStjdd|}tjd d|}|||fS( Nt TailoringiRthreftversions+Ill-formed existing tailoring %s: benchmarks/[^/]*$R"s.*/(R_tfindonetattrsR R,R-(ttnamettcollectt tailorlistt tailoreleRtbenchreftbaseverst benchname((s tailor.pyt tailorbasescCs/|jd}|r|dStd|dS(NtProfileis,Ill-formed existing tailoring %s: no profile(R_R R@(RzR{tproflist((s tailor.pyt tailorprofiles c Cs|jt}|sd}nxtjd|rtjd|d\}}tjd|d\}}|tj|}|rt|kr|t}|t|\} } | p| } || |}q!|d|d|}q!W|S(Ns -Untitled-ss s-:s:-(R_RR,R R$RRRR~( RRtrawtitletprefxtremdrtvalidtsuffxtvalpropsRRR((s tailor.pyRs   cCst}y)|jr.tj|jkr.|jSWnnXi}g}tj}x|D]}tj|}ytjd|}Wn qXnX|j|it t 6}|ddj }||t in Profile %s: '%s'Rs refine-valueRs>Ill-formed in Profile %s: no '%s' foundis&unrecognized value for variable: %s=%ss set-valueRs;Ill-formed in Profile %s: no '%s' foundi(ttypeRt XCCDFElementRR_RMRrRyRRRRR RRR~RRR@thasattrRRR(Rc(RRtpreRRR\RRRRRtsedRRRRRRR9tstvtvalparR((s tailor.pyR%s (    "   "         cCs yttdt|}tjdt\}}tj|d}||IJtj|dt||st d|ntj |||j Wn|t k r}|j t jks|j t jkrt dnt t|n%tk r}t t|nXtS(NRRssw+iscan't lock tailoring '%s's no permission(tcreate_shared_dirsRRttempfiletmkstempR:tfdopentchmodtlock_tailoringRrtrenameRtEnvironmentErrorterrnotEPERMtEACCESRAR?Rc(RRttpathtttfdtttpathttfileRF((s tailor.pyt dumptailorzs$   $cCs|dkrtj|}n+|dkr9t|}ntd|yt|d}Wn)tk r}td||fnXy|j}Wn)tk r}td||fnX|S(NRRsunrecognized object type '%s'Rsno existing %s: '%s'scan't load %s '%s'(RRRRrR>R?tread(tobjtypetnametfilepathRdR4R((s tailor.pyRs  cstfdtttfDs)tSytkr[t|ttkr[tSntkrt|ttkrtSntkrtjt|stSntSWntSXdS(Nc3s|]}|kVqdS(N((t.0RZ(R(s tailor.pys s( tanyRRRRTtintR,R3Rc(RR((Rs tailor.pyRs    cCsd}t|kr'|d|t7}n|d|7}t|krV|d|t7}nt|krw|d|t7}n|r|t}g|D]$}|dr|dr|d^q}|dds|jd|ddn|ddj|7}n|S( NR"s%s <= s_%s_s <= %ss /%s/iit|(RRRR~RR)(RR8R=t constraintsRRtvarsels((s tailor.pyRs      $c Csdd}d}|jtp'd}|jdd}|jtd}|jt}tjdt}|dd d d d g|}|d ddt j |d |t d|t g||dg|dd|dd|t g|ddd|}d |g} |r-| jd|gn|d| |} |dg| dd|} |t} |t} |jtg}x|D]}| |}|t}|jt|jtkr|jt}|jt}||\}}||t| |p|}|r3|dd|g| d|q3qqWx| D]}| |}|t}|ttfkr>|jt|jtks| r|tfkr|t||| |dd|d|jtrdpd g| qq>q>W|jS(!NcSstj|||d|S(NR(txml_utilt XMLElement(RRR\RZ((s tailor.pytEscSstj||dS(N(R t XMLComment(tdR\((s tailor.pytCsR|R{iRtgenerateRutxmlnss$http://checklists.nist.gov/xccdf/1.2Rs$xccdf_org.open-scap_tailoring_OracleRRvsfile:%sRwRRZt incompleteR`s1.0sxccdf_tailored_profile__%sRRR&sA tailoring of the %s testss set-valueRRRttrueR(R@R_RLR$RMRNR tXMLDocRcRRRRRtextendRQRRR~RRRRRRRtrender(RR RRRRtdocRt profileidt profileattrRt_titleRRRRpRRRRRRtvset((s tailor.pyRs`              &   cCsd}tj|}|st|}g}|||}|tjkr[|sktSn|dkrktS|r|||dkrtS|t|tfcntltlockfRJtLOCK_EXtLOCK_NBRRRR?(RBtlockingsRRFR4((s tailor.pyt lock_file s) i(t _TAILOR_LOCKSR_RRtENOENTRcRT(RRBR!ttailor_lockingsRtlockstat((s tailor.pyR s$    cCs*|r&||kr&d||||fSdS(Ns~WARNING: version mismatch between tailoring '%s'(%s) and benchmark '%s'(%s), assessment test selections may not be as expected(R@(RttailorbenchversRt basebenchvers((s tailor.pyR.sc Cs#ttjdkr%tddntjd}|dkrRtdd|ny#tjtjdd\}}Wn$tk r}tdd|nXd}d}d}d}xh|D]`\}} |dkr| }n|d kr| }n|d kr| }n|d krt}qqWt} |rW|sDtdd nd ||f}nt |} | j | |r|rtdddj |n| j ||s| j qnd|r| jdj |rdS| jdn2ttjdkr| jjdn| j dS(Niisinsufficient argumentsRsunknown subcommand: %ssb:f:t:vscan't parse arguments: %ss-bs-fs-ts-vs.option '-t' must be specified with option '-b's%s/%ss&extra arguments with command file '%s'R!s EOF cmdlinethelp(R(RtargvR_R#R?R@RcRARHRjR)RgR\RXtcmdqueueR( tsubcmdR2R3RFtopt_btopt_ftopt_ttopt_vtopttargRWR((s tailor.pyt do_tailor:sT  #            cCsg}yt|Wn tk r6}ddd|fSXt|}ytjd|}Wn tk r{}ddd|fSXt||\}}}t||}td|} tjd| } | dd} | j } t |||| } | r|j | n||o|j ||fS(NRRRRi( R}R?R@RRRRRRRwRRR(RtmsgsRFRRt_teleRttbversRRRRtbverst version_msg((s tailor.pyt getassessoptsms(  c CsRi}g}yltjt}g|D]5}tjtd|r%tjtdd|^q%}|j|j|WnnXt j }x|D]}yt j t |d}tj|}g|D]?}tjtd|rd|tjtdd|f^q}|j|j|WqqXqWd} | |d<||d<|S(Nt$R"Rs%s/%siRRp(R:tlistdirRR,R RR-RRRRRR)R( t _argsdictRRpRRRR-tbenchtailordirtbtsR((s tailor.pyRs2 5    ?   cCs i}y|jd}|o*|jt}|o?|jt}|pK|s]tdn|rpt|ntd|}t|||d}|rt|st| rt |t RRPRtuserRRRF((s tailor.pyRs,       cCsSi}d}d}y|jt}|s9tdnt|rTtdnt}tt|stdi|d6td6nt|}tj |Wnt k r}|j t j krq;|j t j ks|j t jkrd}d }q;t|}d }n%tk r:}t|}d }nX||d <||d <|S( NiR"smissing tailoringR?s$user %(u)s lacks authorization %(a)sRARs no permissioniRR(R_RLRrRRBRCRDRR:tremoveRRR#RRRAR?(R>RRtmsgRRERRF((s tailor.pyRs:   $       t__main__(ZRIRRR#RR:tos.pathRR,RRR`tcompliance.commontcompliance.xccdf_utilRtcompliance.xml_utilR tcompliance.pickerR"RR)tCOMPLIANCE_VARRRLRMRNRRR~RRRRRRQRRRRReRRRRRRRRRRTR R&RR'R*R9RGRJRHRARR}RRRRfRnRRRRRRRRRRRRRR"R@RRR2R8RRRRR'(((s tailor.pyts               q     2     U     ; " 3 ( + ) ) "