adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

audit _run: fallback sans sudo si sudoers refuse bash -c (commandes read-only OK sans root)

Browse Source
This commit is contained in:
Pierre & Lumière 2026-04-15 00:26:42 +02:00
parent 2a10ec55ab
commit 7480bbf5ac
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
app/services/realtime_audit_service.py
View File

@ -233,17 +233,29 @@ def _connect(target, hostname=None):
def _run(client, cmd): def _run(client, cmd):
try: try:
# Tester si on est déjà root ou si on a besoin de sudo # Test root vs sudo
_, stdout, _ = client.exec_command("id -u", timeout=5) _, stdout, _ = client.exec_command("id -u", timeout=5)
uid = stdout.read().decode().strip() uid = stdout.read().decode().strip()
if uid == "0": if uid == "0":
full = cmd # Déjà root, pas besoin de sudo full = cmd
else: else:
escaped = cmd.replace("'", "'\"'\"'") escaped = cmd.replace("'", "'\"'\"'")
full = f"sudo bash -c '{escaped}'" full = f"sudo bash -c '{escaped}'"
_, stdout, stderr = client.exec_command(full, timeout=15) _, stdout, stderr = client.exec_command(full, timeout=15)
out = stdout.read().decode("utf-8", errors="replace").strip() out = stdout.read().decode("utf-8", errors="replace").strip()
err = stderr.read().decode("utf-8", errors="replace").strip() err = stderr.read().decode("utf-8", errors="replace").strip()
# Fallback sans sudo si sudoers refuse bash -c
if (not out) and err and ("pas autorisé" in err or "not allowed to execute" in err
or "is not allowed" in err or "command not found" in err.lower()):
_, stdout, stderr = client.exec_command(cmd, timeout=15)
out = stdout.read().decode("utf-8", errors="replace").strip()
err2 = stderr.read().decode("utf-8", errors="replace").strip()
if out:
err = ""
else:
err = err2 or err
result = out if out else err result = out if out else err
lines = [l for l in result.splitlines() if not any(b in l for b in BANNER_FILTERS) and l.strip()] lines = [l for l in result.splitlines() if not any(b in l for b in BANNER_FILTERS) and l.strip()]
return "\n".join(lines).strip() return "\n".join(lines).strip()