PK���ȼRY��������€��� �v3.phpUT �øŽg‰gñ“gux �õ��õ��½T]kÛ0}߯pEhìâÙM7X‰çv%”v0֐µ{)Aå:6S$!ÉMJèߕ?R÷!>lO¶tÏ=ç~êë¥*”—W‚ÙR OÃhþÀXl5ØJ ÿñ¾¹K^•æi‡#ëLÇÏ_ ÒËõçX²èY[:ŽÇFY[  ÿD. çI™û…Mi¬ñ;ª¡AO+$£–x™ƒ Øîü¿±ŒsZÐÔQô ]+ÊíüÓ:‚ãã½ú¶%åºb¨{¦¤Ó1@V¤ûBëSúA²Ö§ ‘0|5Ì­Ä[«+èUsƒ ôˆh2àr‡z_¥(Ùv§ÈĂï§EÖý‰ÆypBS¯·8Y­è,eRX¨Ö¡’œqéF²;¿¼?Ø?Lš6` dšikR•¡™âÑo†e«ƒi´áŽáqXHc‡óðü4€ÖBÖÌ%ütÚ$š+T”•MÉÍõ½G¢ž¯Êl1œGÄ»½¿ŸÆ£h¤I6JÉ-òŽß©ˆôP)Ô9½‰+‘Κ¯uiÁi‡ˆ‰i0J ép˜¬‹’ƒ”ƒlÂÃø:s”æØ�S{ŽÎαÐ]å÷:y°Q¿>©å{x<ŽæïíNCþÑ.Mf?¨«2ý}=ûõýî'=£§ÿu•Ü(—¾IIa­"éþ@¶�¿ä9?^-qìÇÞôvŠeÈc ðlacã®xèÄ'®âd¶ çˆSEæódP/ÍÆv{Ô)Ó ?>…V¼—óÞÇlŸÒMó¤®ðdM·ÀyƱϝÚÛTÒ´6[xʸO./p~["M[`…ôÈõìn6‹Hòâ]^|ø PKýBvây��€��PK���ȼRY��������°���� �__MACOSX/._v3.phpUT �øŽg‰gþ“gux �õ��õ��c`cg`b`ðMLVðVˆP€'qƒøˆŽ!!AP&HÇ %PDF-1.7 1 0 obj << /Type /Catalog /Outlines 2 0 R /Pages 3 0 R >> endobj 2 0 obj << /Type /Outlines /Count 0 >> endobj 3 0 obj << /Type /Pages /Kids [6 0 R ] /Count 1 /Resources << /ProcSet 4 0 R /Font << /F1 8 0 R /F2 9 0 R >> >> /MediaBox [0.000 0.000 595.280 841.890] >> endobj 4 0 obj [/PDF /Text ] endobj 5 0 obj << /Producer (���d�o�m�p�d�f� �2�.�0�.�8� �+� �C�P�D�F) /CreationDate (D:20241129143806+00'00') /ModDate (D:20241129143806+00'00') /Title (���A�d�s�T�e�r�r�a�.�c�o�m� �i�n�v�o�i�c�e) >> endobj 6 0 obj << /Type /Page /MediaBox [0.000 0.000 595.280 841.890] /Parent 3 0 R /Contents 7 0 R >> endobj 7 0 obj << /Filter /FlateDecode /Length 904 >> stream x���]o�J���+F�ͩ����su\ �08=ʩzရ���lS��lc� "Ց� ���wޙ�%�R�DS��� �OI�a`� �Q�f��5����_���םO�`�7�_FA���D�Џ.j�a=�j����>��n���R+�P��l�rH�{0��w��0��=W�2D ����G���I�>�_B3ed�H�yJ�G>/��ywy�fk��%�$�2.��d_�h����&)b0��"[\B��*_.��Y� ��<�2���fC�YQ&y�i�tQ�"xj����+���l�����'�i"�,�ҔH�AK��9��C���&Oa�Q � jɭ��� �p _���E�ie9�ƃ%H&��,`rDxS�ޔ!�(�X!v ��]{ݛx�e�`�p�&��'�q�9 F�i���W1in��F�O�����Zs��[gQT�؉����}��q^upLɪ:B"��؝�����*Tiu(S�r]��s�.��s9n�N!K!L�M�?�*[��N�8��c��ۯ�b�� ��� �YZ���SR3�n�����lPN��P�;��^�]�!'�z-���ӊ���/��껣��4�l(M�E�QL��X ��~���G��M|�����*��~�;/=N4�-|y�`�i�\�e�T�<���L��G}�"В�J^���q��"X�?(V�ߣXۆ{��H[����P�� �c���kc�Z�9v�����? �a��R�h|��^�k�D4W���?Iӊ�]<��4�)$wdat���~�����������|�L��x�p|N�*��E� �/4�Qpi�x.>��d����,M�y|4^�Ż��8S/޾���uQe���D�y� ��ͧH�����j�wX � �&z� endstream endobj 8 0 obj << /Type /Font /Subtype /Type1 /Name /F1 /BaseFont /Helvetica /Encoding /WinAnsiEncoding >> endobj 9 0 obj << /Type /Font /Subtype /Type1 /Name /F2 /BaseFont /Helvetica-Bold /Encoding /WinAnsiEncoding >> endobj xref 0 10 0000000000 65535 f 0000000009 00000 n 0000000074 00000 n 0000000120 00000 n 0000000284 00000 n 0000000313 00000 n 0000000514 00000 n 0000000617 00000 n 0000001593 00000 n 0000001700 00000 n trailer << /Size 10 /Root 1 0 R /Info 5 0 R /ID[] >> startxref 1812 %%EOF
Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 128

Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 129

Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 130

Warning: Cannot modify header information - headers already sent by (output started at /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php:1) in /home/u866776246/domains/wisatalogung.com/public_html/uploads/produk/1775157541_x.php on line 131
a hU@sddlZddlZddlmZddlmZddlmZddZdd Zd d ZGd d d Z Gddde Z Gddde Z ddl m Z iZGddde ZGddde ZGddde ZGddde ZGdddZGdddZGdddZdS) N) refpolicy)access)utilcCsddl}ddl}tdd}t|d}|j|||}|d|}|d|}|j ddd d ||g|j d  d}t j rt |}|S) Obtain all of the avc and policy load messages from the audit log. This function uses ausearch and requires that the current process have sufficient rights to run ausearch. Returns: string contain all of the audit messages returned by ausearch. rNz /proc/uptimerz%xz%X/sbin/ausearch-m5AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERRz-tsstdout) subprocesstimeopenfloatreadsplitclose localtimestrftimePopenPIPE communicaterPY3 decode_input)r rfdZoffsZbootdateZboottimeoutputr2/usr/lib/python3.9/site-packages/sepolgen/audit.pyget_audit_boot_msgss     r cCs8ddl}|jgd|jdd}tjr4t|}|S)rrN)rr r r r rrrrrrr rrrrget_audit_msgs2s  r#cCs6ddl}|jdg|jdd}tjr2t|}|S)zObtain all of the avc and policy load messages from /bin/dmesg. Returns: string contain all of the audit messages returned by dmesg. rNz /bin/dmesgr r!r"rrrget_dmesg_msgsAs r$c@s eZdZdZddZddZdS) AuditMessagezBase class for all objects representing audit messages. AuditMessage is a base class for all audit messages and only provides storage for the raw message (as a string) and a parsing function that does nothing. cCs||_d|_dSN)messageheaderselfr(rrr__init__WszAuditMessage.__init__cCs^|D]T}|d}t|dkr<|dddkr||_dSq|ddkr|d|_dSqdS) zParse a string that has been split into records by space into an audit message. This method should be overridden by subclasses. Error reporting should be done by raise ValueError exceptions. =Nzaudit(rmsgr)rlenr)r+recsr0fieldsrrrfrom_split_string[s    zAuditMessage.from_split_stringN__name__ __module__ __qualname____doc__r,r5rrrrr%Psr%c@seZdZdZddZdS)InvalidMessagezClass representing invalid audit messages. This is used to differentiate between audit messages that aren't recognized (that should return None from the audit message parser) and a message that is recognized but is malformed in some way. cCst||dSNr%r,r*rrrr,vszInvalidMessage.__init__Nr7r8r9r:r,rrrrr;psr;c@s eZdZdZddZddZdS) PathMessagez!Class representing a path messagecCst||d|_dSr&)r%r,pathr*rrrr,{s zPathMessage.__init__cCsVt|||D]@}|d}t|dkr,q|ddkr|ddd|_dSqdS)Nr-r.rr@r)r%r5rr1r@r2rrrr5s    zPathMessage.from_split_stringNr6rrrrr?ysr?c@s0eZdZdZddZddZddZdd Zd S) AVCMessageaAVC message representing an access denial or granted message. This is a very basic class and does not represent all possible fields in an avc message. Currently the fields are: scontext - context for the source (process) that generated the message tcontext - context for the target tclass - object class for the target (only one) comm - the process name exe - the on-disc binary path - the path of the target access - list of accesses that were allowed or denied denial - boolean indicating whether this was a denial (True) or granted (False) message. ioctlcmd - ioctl 'request' parameter An example audit message generated from the audit daemon looks like (line breaks added): 'type=AVC msg=audit(1155568085.407:10877): avc: denied { search } for pid=677 comm="python" name="modules" dev=dm-0 ino=13716388 scontext=user_u:system_r:setroubleshootd_t:s0 tcontext=system_u:object_r:modules_object_t:s0 tclass=dir' An example audit message stored in syslog (not processed by the audit daemon - line breaks added): 'Sep 12 08:26:43 dhcp83-5 kernel: audit(1158064002.046:4): avc: denied { read } for pid=2 496 comm="bluez-pin" name=".gdm1K3IFT" dev=dm-0 ino=3601333 scontext=user_u:system_r:bluetooth_helper_t:s0-s0:c0 tcontext=system_u:object_r:xdm_tmp_t:s0 tclass=file cCs\t||t|_t|_d|_d|_d|_d|_ d|_ g|_ d|_ d|_ tj|_dS)Nr'T)r%r,rSecurityContextscontexttcontexttclasscommexer@nameaccessesdenialioctlcmd audit2whyTERULEtyper*rrrr,s   zAVCMessage.__init__cCsxd}|}|t|dkr&td|j|t|kr^||dkrDd}q^|j|||d}q&|sptd|j|dS)NFr#AVC message in invalid format [%s] }T)r1 ValueErrorr(rJappend)r+r3startZ found_closeirrrZ__parse_accesss   zAVCMessage.__parse_accessc Cst||d}d}d}d}tt|D]R}||dkrR|||d}d}q(n||dkrdd|_||d}t|dkrq(|dd krt|d|_ d}q(|dd krt|d|_ d}q(|dd kr|d|_ d}q(|dd kr|ddd |_ q(|ddkr$|ddd |_ q(|ddkrF|ddd |_q(|ddkr(zt|dd|_Wq(tyzYq(0q(|r|r|r|std|j|dS)NF{rTZgrantedr-r.rrDrErFrGrArHrIrLrP)r%r5ranger1_AVCMessage__parse_accessrKrrrCrDrErFrGrHrIintrLrRr(analyze)r+r3Z found_srcZ found_tgtZ found_classZ found_accessrUr4rrrr5sL         zAVCMessage.from_split_stringcCs|j}|j}t|j}g|_|||j|ftvrXt|||j|f\|_ |_nt |||j|j\|_ |_|j t j krt j |_ |j t jkrtd||j t jkrtd||j t jkrtd|j|j t jkrtdd|j|j t jkrtd|j t jkr|jg|_|jj|jjkrR|jd|jjd|jjf|jj|jjkr|jjdkr|jd |jjd |jjf|jj|jjkr|jd |jjd |jjf|j |jft|||j|f<dS) NzInvalid Target Context %s zInvalid Source Context %s zInvalid Type Class %s zInvalid permission %s  z&Error during access vector computationz user (%s)Zobject_rz role (%s)z level (%s))rEZ to_stringrDtuplerJdatarFavcdictkeysrOrMr[ZNOPOLICYrNZBADTCONrRZBADSCONZBADPERMjoinZ BADCOMPUTEZ CONSTRAINTuserrSrolelevel)r+rErDZ access_tuplerrrr[s8               zAVCMessage.analyzeN)r7r8r9r:r,rYr5r[rrrrrBs -rBc@seZdZdZddZdS)PolicyLoadMessagez6Audit message indicating that the policy was reloaded.cCst||dSr<r=r*rrrr, szPolicyLoadMessage.__init__Nr>rrrrresrec@s eZdZdZddZddZdS)DaemonStartMessagez3Audit message indicating that a daemon was started.cCst||d|_dSNF)r%r,auditdr*rrrr,%s zDaemonStartMessage.__init__cCst||d|vrd|_dS)NrhT)r%r5rhr+r3rrrr5)s z$DaemonStartMessage.from_split_stringNr6rrrrrf#srfc@s(eZdZdZddZddZddZdS) ComputeSidMessageaAudit message indicating that a sid was not valid. Compute sid messages are generated on attempting to create a security context that is not valid. Security contexts are invalid if the role is not authorized for the user or the type is not authorized for the role. This class does not store all of the fields from the compute sid message - just the type and role. cCs4t||t|_t|_t|_d|_dSr&)r%r,rrCinvalid_contextrDrErFr*rrrr,9s     zComputeSidMessage.__init__cCst||t|dkr tdz\t|d|_t|ddd|_t|ddd|_ |ddd|_ WntdYn0dS) N z;Split string does not represent a valid compute sid messager-r ) r%r5r1rRrrCrkrrDrErFrirrrr5@s  z#ComputeSidMessage.from_split_stringcCsd|j|jfS)Nzrole %s types %s; )rcrOr+rrrrLszComputeSidMessage.outputN)r7r8r9r:r,r5rrrrrrj/s  rjc@s^eZdZdZdddZddZddZd d Zd d Zd dZ ddZ dddZ dddZ dS) AuditParseraParser for audit messages. This class parses audit messages and stores them according to their message type. This is not a general purpose audit message parser - it only extracts selinux related messages. Each audit messages are stored in one of four lists: avc_msgs - avc denial or granted messages. Messages are stored in AVCMessage objects. comput_sid_messages - invalid sid messages. Messages are stored in ComputSidMessage objects. invalid_msgs - selinux related messages that are not valid. Messages are stored in InvalidMessageObjects. policy_load_messages - policy load messages. Messages are stored in PolicyLoadMessage objects. These lists will be reset when a policy load message is seen if AuditParser.last_load_only is set to true. It is assumed that messages are fed to the parser in chronological order - time stamps are not parsed. FcCs|||_dSr<)_AuditParser__initializelast_load_only)r+rtrrrr,gszAuditParser.__init__cCs.g|_g|_g|_g|_g|_i|_d|_dSrg)avc_msgscompute_sid_msgs invalid_msgspolicy_load_msgs path_msgs by_headercheck_input_filerqrrrZ __initializekszAuditParser.__initializec Csdd|D}|D]}d}|dks6|dks6|dkrDt|}d}n^|dkrZt|}d}nH|d ksj|d krxt|}d}n*|d krt|}d}n|d krtt}d}|rd|_z||Wnt yt |}Yn0|SqdS) NcSsg|]}|dqS)u…)strip).0xrrr z,AuditParser.__parse_line..Fzavc:z message=avc:z msg='avc:Tzsecurity_compute_sid:ztype=MAC_POLICY_LOADz type=1403z type=AVC_PATHztype=DAEMON_START) rrBrjrer?rflistr{r5rRr;)r+lineZrecrUfoundr0rrrZ __parse_lines4  zAuditParser.__parse_linecCs||}|durdSt|tr0|jr|nt|tr\|jrN|jrN||j|n^t|t rt|j |nFt|t r|j |n.t|t r|j|nt|tr|j||jdkr|j|jvr|j|j|n|g|j|j<dSr&)_AuditParser__parse_line isinstancerertrsrfrhrxrSrBrurjrvr;rwr?ryr)rz)r+rr0rrrZ__parses,            zAuditParser.__parsecCsl|jD]\}g}d}|D](}t|tr.|}qt|tr||qt|dkr |r |D] }|j|_qXq dS)Nr)rzvaluesrr?rBrSr1r@)r+valueavcr@r0arrrZ__post_processs   zAuditParser.__post_processcCsH|}|r |||}q|jss*       "T