�

��g�7���dd
lZdd
l
Z
dd
lZdd
lZdd
lZdd
lZdd
lZdd
lZdd
lZdd
l	Z	ddl
mZ
ddlm
Z
mZ
ddlmZ
ddlmZ
ddlmZ
dd
lZdd
lZdd
lZdd
lZddlmZ
ddlmZ
dd	lmZ
dd
lm Z m!Z!m"Z"m#Z#m$Z$
ddl%m&Z&
ddl'm(Z(
dd
l)m*Z*m+Z+m,Z,
ddl-m.Z.
ddl/m0Z0
ddl1m2Z2
ddl3m4Z4
ddl5m6Z6
ddl7m8Z8m9Z9m:Z:
ddl;m<Z<
ddl=m>Z>m?Z?m@Z@mAZAmBZBmCZC
ddlDmEZE
ddlFmGZG
ddlHmIZImJZJ
ddlKmLZL
ddlMmNZN
ddlOmPZP
ddlQmRZR
ddlSmTZT
ddlUmVZV
ddlWmXZX
d ZYed!e#jZz�
�
Z[d"Z\d#Z]d$Z^ej_d%�
�
Z`eJeI�&�
�
e`ja�
�
ZbGd'�d(��Zcd)�Zdd*eefd+�Zfe
d,���Zgd-�Zhd.�Zid/�Zjd0�Zkd1�Zld2�Zmd3�Znd4�Zod*ee6eeeeffd5�Zpd6�Zqd7�Zrd8eed*d
fd9�Zsd:�Zteud;kr!et��
e`�vd<�
�

d
Sd
S)=�N)
�ThreadPoolExecutor)�contextmanager�suppress)
�partial)
�Path)
�Tuple)
�
AlreadyLocked)
�files)
�health)�ConfigsValidator�Core�Merger�Model�is_mi_freemium_license)
�	HookEvent)
�
LicenseCLN)�
BasePlugin�MessageSink�
MessageSource)
�subscribe_to_license_changes)
�
g)
�IndependentAgentIDAPI)
�
CoreSource)
�TheSink)�instance�simplification�	tls_check)
�systemd_notifier)�Scope�Task�create_task_and_log_exceptions�importer�is_root_user�is_systemd_boot)
�is_db_corrupted)
�EXITCODE_GENERAL_ERROR)�DAY�
rate_limit)
�flush_sentry)
�	configure)
�IPSET_LISTS_PATH)
�ip_versions)
�IM360Source)
�features)
�AVSourcei4z%s.is_corruptedz�Imunify360 database is corrupt. Application cannot run with corrupt database. Please, contact Imunify360 support team at https://cloudlinux.zendesk.com)z"defence360agent.plugins.accumulatezim360.plugins.residentzim360.plugins.protectorzim360.plugins.sensorz(/var/run/defence360agent/simple_rpc.sock�resident)
�periodc
��eZ
dZd
�Zd�ZdS)�TaskFactoryc
�,�t
��|_
dS�
N)�set�pool)
�selfs
 �G/opt/imunify360/venv/lib/python3.11/site-packages/im360/run_resident.py�__init__zTaskFactory.__init__\s���E�E��	�	�	�c��t
||
�
��}|j
�|�
�

|�|j
j�
�

|S)N�
�loop)r r7�add�add_done_callback�discard)r8r>�coro�tasks    r9�__call__zTaskFactory.__call___sF���D�t�$�$�$���	�
�
�d�������t�y�0�1�1�1��r;N)�__name__�
__module__�__qualname__r:rD�r;r9r3r3[s2������
�
�
�����r;r3c��
�t
jtj
tj��5}|�d
�
�

	|�t
�
�

n=#ttf$r)
t�	d�
�

Yddd��
dSwxYw
tjdg
id��
�
dz}
|�|
�
���
�

ddd��
dS#1swxYw

Y

dS)N�zRPC socket isn't available yet�update)�command�params�

)�socket�AF_UNIX�SOCK_STREAM�
settimeout�connect�SIMPLE_RPC_SOCKET�FileNotFoundError�ConnectionRefusedError�logger�error�json�dumps�sendall�encode)�sock�msgs  r9�request_install_filesr_fs@
��	��v�~�v�'9�	:�	:�#�d��������	��L�L�*�+�+�+�+��!�#9�:�	�	�	��L�L�9�:�:�:��
#�#�#�#�#�#�#�#�	�����j�h�Z�2�>�>�?�?�$�F�����S�Z�Z�\�\�"�"�"�#�#�#�#�#�#�#�#�#�#�#�#����#�#�#�#�#�#s6�C(�
A�
C(�+B�
C(�
B�AC(�(C,�/
C,�returnc��t
j
tjtjzt
jz�
�

t
j
t�
�

td
�tj	��D��d����S)z$Return plugins in unspecified order.c
�b�g|],}
|
jtju
�t��r|
j�*|
��-SrH)�SCOPEr�AVr�AVAILABLE_ON_FREEMIUM)�.0�plugins  r9�
<listcomp>zget_plugins.<locals>.<listcomp>zsJ��	
�	
�	
���|�5�8�+�+�+�-�-�,�17�1M�,�
�+�+�+r;c
�$�|j�d
|j
��S)N�
.)rFrE)
�items
 r9�<lambda>zget_plugins.<locals>.<lambda>�s��D�O�=�=�d�m�=�=�r;�
�key)
r"�
load_packagesr�MESSAGESr/r-�IM360_RESIDENT_PLUGINS_PACKAGES�sortedr�get_active_pluginsrHr;r9�get_pluginsrtrs�������h�/�/�+�2F�F����
��:�;�;�;��	
�	
�$�7�9�9�	
�	
�	
�
>�=����r;c
#�K
�	d
V�

d
S#t$r;}
t�d|
|��
tj|
�
�

Yd
}
~
d
Sd
}
~
w
wxYw
)z)Log *message* on any error & suppress it.Nzcaught error %r on %s)�	ExceptionrWrX�
sentry_sdk�capture_exception)�message�
es  r9�log_and_suppress_errorr{�sq����(�
��������(�(�(����,�a��9�9�9��$�Q�'�'�'�'�'�'�'�'�'�����(���s�
�
A�0A
�
Ac��K
�t
j
��r tj���
dStj���
dSr5)r�is_validr�sensor�
registered�unregisteredrHr;r9�update_health_sensorr��sK��������%��
� � �"�"�"�"�"��
�"�"�$�$�$�$�$r;c��
K
�t
j
��
ttj�
�

tt
�
�

tj�d
�	tj�
�
�
�

dS)NzATTACH '{}' AS proactive)r,�initrr.�update_reposr�r�db�execute_sql�formatr�PROACTIVE_PATHrHr;r9�init_actionsr��so��������� ��!6�7�7�7� �!5�6�6�6��K���"�)�)�%�*>�?�?�����r;c�<
�t
j
d
��
�
}|�ddddd���
|�d	d
d���
|�d
dd���
|�dd���
|�tjdd��
�
S)NzRun imunify agent)
�descriptionz-v�verbose�countrz�Level of logging. Each value corresponds to:1 - console only log level,2 - previous plus add network log,3 - all previous plus add process message log,4 - all previous plus add debug log)�dest�action�default�helpz--daemon�
store_truez
run as daemon)r�r�z	--pidfilez/var/run/imunify360.pidzuse with --daemon)r�r�z--log-configzlogging config filename)
r��
)�argparse�ArgumentParser�add_argument�
parse_args�sys�argv)
�parsers
 r9�	parse_clir��s���
�
$�1D�
E�
E�
E�F�
����
���
2�
�������
�<�o��N�N�N�
����)�
 �����
����-F��G�G�G����S�X�a�b�b�\�*�*�*r;c
��
�t
tj�
�
�
r�t���s9t
�t�
�

t���
nt
�	t�
�

tjt�
�

dStt�
�
5
t���
ddd��
dS#1swxYw

Y

dS)N)
�db_path)r%r�
RESIDENT_PATH�_DB_IS_CORRUPTED_FLAG�existsrWrX�_DB_IS_CORRUPTED_MSG�touch�warningr��exitr&rrU�unlink)
�pidfiles
 r9�_check_able_to_startr��s
���u�2�3�3�3�	+�$�+�+�-�-�	1��L�L�-�.�.�.�!�'�'�)�)�)�)��N�N�/�0�0�0���'�(�(�(�(�(�
�'�
(�
(�
	+�
	+�!�(�(�*�*�*�
	+�
	+�
	+�
	+�
	+�
	+�
	+�
	+�
	+�
	+�
	+�
	+����
	+�
	+�
	+�
	+�
	+�
	+s�;C"�"C&�)
C&c
��t�
d
|��
tj��}
tj�|�
�
|
_d|
_tj|
_	t��rd|
_nd|
_tj
j���|
_	|
���
nC#t"$r6
t�d�
�

t'jt*�
�

YnwxYw
t-j��
tj
j���
dS)NzRun as daemon [pidfile = %s]FTz*PID file already locked by another process)rW�info�daemon�
DaemonContextr��PIDLockFile�prevent_corer
�
FILE_UMASK�umaskr$�detach_process�defence360agent�	internals�get_fds�files_preserve�openr	rXr�r�r&�gc�collect�reconfigure)�pidfilepath�dcs  r9�
_daemonizer��s

��
�K�K�.��<�<�<�	�	�	�	�B���+�+�K�8�8�B�J��B�O���B�H����!�!���� ���'�1�8�@�@�B�B�B��)�
���	�	�	�	���)�)�)����A�B�B�B���'�(�(�(�(�(�)�����J�L�L�L���$�0�0�2�2�2�2�2s�1C�=D�
Dc
�j�|�tj|tj���
�

dSr5)�run_until_completer�run_in_executorr�resetr=s
 r9�_tls_check_resetr��s6������&�t�Y�_�=�=�����r;c
�j
�	t
j
��
dS#t$r�}
d
dlm}
tjt|
�
�
��
�
}|�||�
�
�
�

t�
t|
�
�
�
�

tj
t�
�

Yd}
~
dSd}
~
w
wxYw
)Nr)
�
execute_hooks)
rX)r�validate_config_layersrv�defence360agent.hooks.executer�r�AgentMisconfig�reprr�rWr��strr�r�r&)r>rzr��agent_misconfigs    r9�validate_configs_on_startr��s���)��/�1�1�1�1�1���)�)�)�?�?�?�?�?�?�#�2��a���A�A�A�����
�
�o� >� >�?�?�?����s�1�v�v������'�(�(�(�(�(�(�(�(�(�����
)���s��
B2�BB-�-B2c� �
��
f
d
�|D��S)Nc
�4�
�g|]}
t
|
����|
��SrH)
�
isinstance)rf�
p�pclasss  �r9rhz$plugin_instances.<locals>.<listcomp>�s(���5�5�5�!�z�!�V�4�4�5�A�5�5�5r;rH)�objsr�s `r9�plugin_instancesr��s���5�5�5�5�t�5�5�5�5r;c��
�d
�|
D��}t
|t��}|D]E}t�d|��
|�|�|�
�
�
�

�Ft
||��}t
|t��}|D]F}t�d|��
|�|�||���
�

�G|�	��
|||fS)Nc
�"�g|]}
|
����
SrHrH)rf�plugin_classs  r9rhz"_start_plugins.<locals>.<listcomp>�s��A�A�A�,�|�|�~�~�A�A�Ar;zCreating sink %rzCreating source %r)
r�rrWr�r��create_sinkrr�
create_source�start)r>�plugin_classes�plugins�sinks�
s�the_sink�sourcess       r9�_start_pluginsr��s���A�A�.�A�A�A�G�
�W�k�2�2�E�
�5�5�
����&�
�*�*�*����
�
�
�d� 3� 3�4�4�4�4��u�d�#�#�H��w�
�6�6�G�
�A
�A
�
����(�!�,�,�,����
����h� ?� ?�@�@�@�@��N�N�����U�G�#�#r;c��
��d
���
fd�}tj
tjtjtjfD]}|�||||��
�dS)NFc����s/d
�t�
d|
��
t|����dSt�
d|
��
dS)NTz	Caught %sz9Caught %s. Shutdown task is already running, please wait.)rWr�r!)r>�sig�called�shutdowntasks  ��r9�_sighandlerz+_setup_signal_handlers.<locals>._sighandler
s]����		��F��K�K��S�)�)�)�3�D�,�G�G�F�F�F��K�K�K��
�
�
�
�
r;)�signal�SIGINT�SIGTERM�SIGUSR1�SIGUSR2�add_signal_handler)r>r�r�r�r�s `  @r9�_setup_signal_handlersr�
sp����
�F��������
�v�~�v�~�v�~�N�
=�
=������[�$��<�<�<�<�
=�
=r;c���K
�t
d
�
�
5
tj�t	j���
�

ddd��
n#1swxYw

Y

t
�dtj����
dtd<t
d�
�
5
tj
���
tj
d�
�
4�
d{V��
tjtj
���|
������d{V��
ddd���d{V��
n#1�d{V��swxYw

Y

ddd��
n#1swxYw

Y

t#|d����D]s}t
d	�
�
5
t
�d
|jj|jj��
|����d{V��
ddd��
n#1swxYw

Y

�tt
d�
�
5
t+j���d{V��
ddd��
n#1swxYw

Y

tjd�
�
x
}�At
d
�
�
5
tj|�
�
�d{V��
ddd��
n#1swxYw

Y

t
d�
�
5
|���
ddd��
n#1swxYw

Y

t3��
t
�dtj����
dS)Nz)marking the start of the shutdown processzshutdown task starting, pid=%sT�shutdown_startedz4preventing new messages (if any) processing to start�
c

��|jSr5)
�SHUTDOWN_PRIORITY)
r�s
 r9rlz _shutdown_task.<locals>.<lambda>6
s	��A�4G�r;rmz,This happened while shutting down a plugin!!zShutting down %s.%s...zshutting down IAID API�web_server_restart_taskzwaiting for web server restartz
stopping loopzshutdown task finished, pid=%s)r{rr~�
shutting_down�timerWr��os�getpidr�
sensor_server�close�asyncio�timeout�gather�wait_closed�shutdownrr�	__class__rFrEr�get�wait_for�stopr))r>r��plugin_listrg�restart_tasks     r9�_shutdown_taskr
$
s�����	� K�	L�	L�1�1��
�#�#�D�I�K�K�0�0�0�1�1�1�1�1�1�1�1�1�1�1����1�1�1�1��K�K�0�"�)�+�+�>�>�>� �A���	�>�
�
�	�	�	
��������?�2�&�&�	�	�	�	�	�	�	�	��.���+�+�-�-��!�!�#�#���
�
�
�
�
�
�
�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	�	����	�	�	�	�	�	�	�	�	�	�	�	�	�	�	����	�	�	�	���*G�*G�H�H�H�$�$��
#�:�
�
�
	$�
	$�
�K�K�(�� �+�� �)�
�
�
��/�/�#�#�#�#�#�#�#�#�#�
	$�
	$�
	$�
	$�
	$�
	$�
	$�
	$�
	$�
	$�
	$����
	$�
	$�
	$�
	$��
 � 8�	9�	9�
/�
/�#�,�.�.�.�.�.�.�.�.�.�
/�
/�
/�
/�
/�
/�
/�
/�
/�
/�
/����
/�
/�
/�
/���7�8�8�8��E�
#�$D�
E�
E�
	1�
	1��"�<�0�0�0�0�0�0�0�0�0�
	1�
	1�
	1�
	1�
	1�
	1�
	1�
	1�
	1�
	1�
	1����
	1�
	1�
	1�
	1�
 ��	0�	0�
�
��	�	����
�
�
�
�
�
�
�
�
�
�
����
�
�
�
��N�N�N�
�K�K�0�"�)�+�+�>�>�>�>�>s��1A�A�
A�9E�A
D4�"E�4
D>	�>E�

D>	�E�E�
E�?AG�G	�
G	�1H�H�
H�I.�.I2�5
I2�J)�)J-�0
J-r�c
�B	�t
��s3t�d
�
�

tjt
�
�

t
��}tj�	d�
�
dkrdt_tj
j
�|j�
�

|jstj�	d�
�
rHtj
j
�|jptj�	d�
�
�
�

tjt&�
�

t)|j�
�

|jr7t/|j�
�

t1jt0jj�
�

t8j�t?j���
�

tAj!��st8j�"��
tGj$��}tj%��}|�&tOtQd|r|dzn
d���	�
�
�
�

|�)tU���
�

	tW|�
�

tXj-�.t^j0�
�

tXj-�1d
t^j2f
��
tXj-�1dtff
��
ti|�
�

tkj6��
|�7|
���
�

|�7tqj9���
�
sht�d�
�

tu��
|�7tGj;d�
�
�
�

tjt
�
�

ty||��\}}}t�d
�
�

t{j>t~j@d���}t�||jB|��
t�|t�t�||||z����
|�F��
t�d�
�

|�G��
dS#|�G��
wxYw
)z�Common function for agent service startup.

    plugin_classes is a list of classes implementing message processing
    plugins. init_actions is a coroutine that will be called prior to starting
    RPC and message processing.z5Imunify agent could be started by the root user only!�DEBUG�trueT�IMUNIFY360_LOGGING_CONFIG_FILE� ��)
�max_workerszATTACH ? AS residentzATTACH ? AS ipsetlistsz<Essential files are missing. Try to update them and restart.zMessage Bus started)�versionr0zloop stoppedN)Hr#rWr�r�r�r&r�r��environr�rr
r�r��setLogLevelr��
log_config�update_logging_config_from_file�setrecursionlimit�_MAX_RECURSION_DEPTHr�r�r�r�r�notify�
AgentState�
DAEMONIZEDrr~�startingr�r�
is_registeredr�r��get_event_loop�	cpu_count�set_default_executorr�min�set_task_factoryr3r�rr�r�r�PATHr�r�r+r�r�update_merged_configr�r
�essential_files_existr_�sleepr�r�AgentStartedr
�VERSIONr!�process_messager�rr
�run_foreverr�)	r�r��argsr>�_cpur�r�r��
agent_starteds	         r9r�r�S
s����>�>�)����K�L�L�L���'�(�(�(��;�;�D�	�z�~�~�g���&�(�(��
����$�0�0���>�>�>���
�"�*�.�.�)I�J�J�
��!�(�H�H��O�O�r�z�~�~�.N�O�O�	
�	
�	
���.�/�/�/����&�&�&��{�H
��4�<� � � ��� 0� ;� F�G�G�G�
�M���4�9�;�;�'�'�'��#�%�%�
%��
�"�"�$�$�$��!�#�#�D�
�<�>�>�D�	����s�2�4�/F�t�a�x�x�Q�'G�'G�H�H�H����	���+�-�-�(�(�(�*������������$�$�$����� 6��9L�8N�O�O�O����� 8�;K�:M�N�N�N�!�$�'�'�'��#�%�%�%��������/�/�/��&�&�u�'B�'D�'D�E�E�	-��K�K�N�
�
�
�
"�#�#�#��#�#�G�M�!�$4�$4�5�5�5��H�+�,�,�,�#1�$��#G�#G� ��%�����)�*�*�*�!�.��L�4�
�
�
�
�	'��(�*�M�	
�	
�	
�	��'�.�$��%�'�/�J�J�	
�	
�	
�	
���������N�#�#�#�	
�
�
��������
�
�������s
�"HR�Rc�l�t
d
��
�

t��}t|t��
dS)NT)
r0)r*rtr�r�)
r�s
 r9�runr(
�
s2��
�t������m�m�G�	�'�<� � � � � r;�__main__z
agent stopped)wr�r�r�rY�loggingr�r�rOr�r��concurrent.futuresr�
contextlibrr�	functoolsr�pathlibr�typingrr��daemon.pidfile� defence360agent.internals.loggerr�rw�lockfiler	r
�defence360agent.apir� defence360agent.contracts.configrr
rrr�%defence360agent.contracts.hook_eventsr�!defence360agent.contracts.licenser�!defence360agent.contracts.pluginsrrr�defence360agent.internals.clnr�&defence360agent.internals.global_scoper�defence360agent.internals.iaidr�#defence360agent.internals.lazy_loadr�"defence360agent.internals.the_sinkr�defence360agent.modelrrr�defence360agent.subsysr�defence360agent.utilsrr r!r"r#r$�defence360agent.utils.check_dbr%�defence360agent.utils.clir&�defence360agent.utils.commonr'r(�defence360agent.sentryr)�im360.application.settingsr*�im360.contracts.configr+�im360.internals.corer,�im360.internals.lazy_loadr-�im360.subsysr.�imav.internals.lazy_loadr/r
r�r�r�rqrT�	getLoggerrWrX�throttled_log_errorr3r_�listrtr{r�r�r�r�r�r�r�r�r�r�r
r�r(
rEr�rHr;r9�<module>rM

s`�


���������	�	�	�	���������	�	�	�	�
�
�
�
�
�
�
�
�
�
�
�
�����1�1�1�1�1�1�/�/�/�/�/�/�/�/�������������������
�
�
�
�����'�'�'�'�����"�"�"�"�"�"�!�!�!�!�!�!�&�&�&�&�&�&�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
<�;�;�;�;�;�8�8�8�8�8�8�
�
�
�
�
�
�
�
�
�
�

G
�F�F�F�F�F�4�4�4�4�4�4�@�@�@�@�@�@�:�:�:�:�:�:�6�6�6�6�6�6�E�E�E�E�E�E�E�E�E�E�3�3�3�3�3�3�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
�
;�:�:�:�:�:�<�<�<�<�<�<�8�8�8�8�8�8�8�8�/�/�/�/�/�/�0�0�0�0�0�0�3�3�3�3�3�3�,�,�,�,�,�,�1�1�1�1�1�1�!�!�!�!�!�!�-�-�-�-�-�-�����.��1D�D�E�E��%�
�#��?��	��	�:�	&�	&��,�j�j��,�,�,�V�\�:�:��
�
�
�
�
�
�
�
�	
#�	
#�	
#�
�T�
�
�
�
�$�
(�
(���
(�
%�
%�
%�

�

�

� 
+�
+�
+�2

+�

+�

+�
3�
3�
3�2
�
�
�	
)�	
)�	
)�

6�

6�

6�
$�E�'�4��2E�,F�
$�
$�
$�
$�*
=�
=�
=�(,
?�,
?�,
?�^
R

�$�R

��R

�R

�R

�R

�j
!�
!�
!��z����C�E�E�E�
�K�K�� � � � � ��r;