diff --git a/app/services/realtime_audit_service.py b/app/services/realtime_audit_service.py index adff707..1be5ca4 100644 --- a/app/services/realtime_audit_service.py +++ b/app/services/realtime_audit_service.py @@ -825,6 +825,33 @@ def _analyze_qualys_audit(r): "size 100M # rotation auto a 100M" }) + # Core dump + package absent = installation incomplète / corrompue + if ("core-dump" in s_sys or "core dumped" in s_sys or "abrt" in s_sys.lower()) and \ + ("introuvable" in s_ver.lower() or s_ver.lower().startswith("version introuvable")): + suggestions.append({ + "severity": "critical", + "title": "Installation Qualys cassée (core dump + package absent du RPM)", + "fix": "Le service systemd existe mais le binaire est manquant ou corrompu " + "→ core dump en boucle. Désinstaller proprement puis réinstaller :\n\n" + "sudo systemctl stop qualys-cloud-agent\n" + "sudo systemctl disable qualys-cloud-agent\n" + "sudo rm -rf /usr/local/qualys /var/log/qualys /etc/qualys\n" + "sudo rm -f /usr/lib/systemd/system/qualys-cloud-agent.service\n" + "sudo systemctl daemon-reload && sudo systemctl reset-failed\n\n" + "Puis réinstaller via le script Qualys (ActivationId + CustomerId " + "depuis console qualysguard.qg2.apps.qualys.eu)." + }) + elif "core-dump" in s_sys or "core dumped" in s_sys: + suggestions.append({ + "severity": "high", + "title": "Agent Qualys core dumps en boucle", + "fix": "Vérifier dépendances binaire :\n" + "ldd /usr/local/qualys/cloud-agent/bin/qualys-cloud-agent\n" + "Voir le coredump pour la cause :\n" + "sudo coredumpctl info qualys-cloud-agent | head -50\n" + "Si lib cassée → réinstaller agent. Si bug Qualys → ouvrir ticket support." + }) + # OS EOL (RHEL 5/6) s_os = (r.get("os_release") or "").lower() if "release 5" in s_os or "release 6" in s_os: