adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

perf(qualys/agents): combine toutes les cmds en 1 seul channel SSH avec markers - evite Timeout opening channel sur PSMP

Browse Source
This commit is contained in:
Pierre & Lumière 2026-04-28 01:18:59 +02:00
parent d4205fb8f8
commit 5abc474805
1 changed files with 31 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
app/services/realtime_audit_service.py
View File

@ -931,19 +931,38 @@ def audit_qualys_agent_only(hostname):
result["connection_method"] = f"{method} -> {target}" result["connection_method"] = f"{method} -> {target}"
try: try:
# Toutes les commandes dans 1 seul script bash avec markers — 1 channel SSH unique.
# Evite le "Timeout opening channel" sur PSMP qui limite le nombre de channels.
combined_parts = []
for key, cmd in QUALYS_AGENT_CMDS.items(): for key, cmd in QUALYS_AGENT_CMDS.items():
out = _run(client, cmd) combined_parts.append(f"echo '__SECTION_{key}_START__'")
# Retry avec reconnect si Timeout opening channel (limite PSMP) combined_parts.append(cmd)
if out and ("timeout opening channel" in out.lower() or combined_parts.append(f"echo '__SECTION_{key}_END__'")
"channel closed" in out.lower()): combined = "; ".join(combined_parts)
try:
client.close() # exec_command direct avec timeout plus long (60s) car script combiné = curl 5s + plusieurs commandes
except Exception: try:
pass _, stdout_chk, _ = client.exec_command("id -u", timeout=5)
client = _connect(target, hostname) uid = stdout_chk.read().decode().strip()
if client: full_cmd = combined if uid == "0" else "sudo bash -c '" + combined.replace("'", "'\"'\"'") + "'"
out = _run(client, cmd) _, stdout, stderr = client.exec_command(full_cmd, timeout=60)
result[key] = out or "(empty)" big_out = stdout.read().decode("utf-8", errors="replace")
err = stderr.read().decode("utf-8", errors="replace")
if not big_out.strip() and err.strip():
# Fallback retry sans sudo si sudoers refuse
_, stdout2, _ = client.exec_command(combined, timeout=60)
big_out = stdout2.read().decode("utf-8", errors="replace")
except Exception as ex_inner:
big_out = f"ERROR: {ex_inner}"
# Parser la sortie en cherchant les markers
for key in QUALYS_AGENT_CMDS:
start_marker = f"__SECTION_{key}_START__"
end_marker = f"__SECTION_{key}_END__"
try:
section = big_out.split(start_marker, 1)[1].split(end_marker, 1)[0].strip()
except Exception:
section = "(parsing failed)"
result[key] = section or "(empty)"
result["status"] = "OK" result["status"] = "OK"
except Exception as e: except Exception as e:
result["status"] = "ERROR" result["status"] = "ERROR"