PNG  IHDRQgAMA a cHRMz&u0`:pQ<bKGDgmIDATxwUﹻ& ^CX(J I@ "% (** BX +*i"]j(IH{~R)[~>h{}gy)I$Ij .I$I$ʊy@}x.: $I$Ii}VZPC)I$IF ^0ʐJ$I$Q^}{"r=OzI$gRZeC.IOvH eKX $IMpxsk.쒷/&r[޳<v| .I~)@$updYRa$I |M.e JaֶpSYR6j>h%IRز if&uJ)M$I vLi=H;7UJ,],X$I1AҒJ$ XY XzI@GNҥRT)E@;]K*Mw;#5_wOn~\ DC&$(A5 RRFkvIR}l!RytRl;~^ǷJj اy뷦BZJr&ӥ8Pjw~vnv X^(I;4R=P[3]J,]ȏ~:3?[ a&e)`e*P[4]T=Cq6R[ ~ޤrXR Հg(t_HZ-Hg M$ãmL5R uk*`%C-E6/%[t X.{8P9Z.vkXŐKjgKZHg(aK9ڦmKjѺm_ \#$5,)-  61eJ,5m| r'= &ڡd%-]J on Xm|{ RҞe $eڧY XYrԮ-a7RK6h>n$5AVڴi*ֆK)mѦtmr1p| q:흺,)Oi*ֺK)ܬ֦K-5r3>0ԔHjJئEZj,%re~/z%jVMڸmrt)3]J,T K֦OvԒgii*bKiNO~%PW0=dii2tJ9Jݕ{7"I P9JKTbu,%r"6RKU}Ij2HKZXJ,妝 XYrP ެ24c%i^IK|.H,%rb:XRl1X4Pe/`x&P8Pj28Mzsx2r\zRPz4J}yP[g=L) .Q[6RjWgp FIH*-`IMRaK9TXcq*I y[jE>cw%gLRԕiFCj-ďa`#e~I j,%r,)?[gp FI˨mnWX#>mʔ XA DZf9,nKҲzIZXJ,L#kiPz4JZF,I,`61%2s $,VOϚ2/UFJfy7K> X+6 STXIeJILzMfKm LRaK9%|4p9LwJI!`NsiazĔ)%- XMq>pk$-$Q2x#N ؎-QR}ᶦHZډ)J,l#i@yn3LN`;nڔ XuX5pF)m|^0(>BHF9(cզEerJI rg7 4I@z0\JIi䵙RR0s;$s6eJ,`n 䂦0a)S)A 1eJ,堌#635RIgpNHuTH_SԕqVe ` &S)>p;S$魁eKIuX`I4춒o}`m$1":PI<[v9^\pTJjriRŭ P{#{R2,`)e-`mgj~1ϣLKam7&U\j/3mJ,`F;M'䱀 .KR#)yhTq;pcK9(q!w?uRR,n.yw*UXj#\]ɱ(qv2=RqfB#iJmmL<]Y͙#$5 uTU7ӦXR+q,`I}qL'`6Kͷ6r,]0S$- [RKR3oiRE|nӦXR.(i:LDLTJjY%o:)6rxzҒqTJjh㞦I.$YR.ʼnGZ\ֿf:%55 I˼!6dKxm4E"mG_ s? .e*?LRfK9%q#uh$)i3ULRfK9yxm܌bj84$i1U^@Wbm4uJ,ҪA>_Ij?1v32[gLRD96oTaR׿N7%L2 NT,`)7&ƝL*꽙yp_$M2#AS,`)7$rkTA29_Iye"|/0t)$n XT2`YJ;6Jx".e<`$) PI$5V4]29SRI>~=@j]lp2`K9Jaai^" Ԋ29ORI%:XV5]JmN9]H;1UC39NI%Xe78t)a;Oi Ҙ>Xt"~G>_mn:%|~ޅ_+]$o)@ǀ{hgN;IK6G&rp)T2i୦KJuv*T=TOSV>(~D>dm,I*Ɛ:R#ۙNI%D>G.n$o;+#RR!.eU˽TRI28t)1LWϚ>IJa3oFbu&:tJ*(F7y0ZR ^p'Ii L24x| XRI%ۄ>S1]Jy[zL$adB7.eh4%%누>WETf+3IR:I3Xה)3אOۦSRO'ٺ)S}"qOr[B7ϙ.edG)^ETR"RtRݜh0}LFVӦDB^k_JDj\=LS(Iv─aTeZ%eUAM-0;~˃@i|l @S4y72>sX-vA}ϛBI!ݎߨWl*)3{'Y|iSlEڻ(5KtSI$Uv02,~ԩ~x;P4ցCrO%tyn425:KMlD ^4JRxSهF_}شJTS6uj+ﷸk$eZO%G*^V2u3EMj3k%)okI]dT)URKDS 7~m@TJR~荪fT"֛L \sM -0T KfJz+nإKr L&j()[E&I ߴ>e FW_kJR|!O:5/2跌3T-'|zX ryp0JS ~^F>-2< `*%ZFP)bSn"L :)+pʷf(pO3TMW$~>@~ū:TAIsV1}S2<%ޟM?@iT ,Eūoz%i~g|`wS(]oȤ8)$ ntu`өe`6yPl IzMI{ʣzʨ )IZ2= ld:5+請M$-ї;U>_gsY$ÁN5WzWfIZ)-yuXIfp~S*IZdt;t>KūKR|$#LcԀ+2\;kJ`]YǔM1B)UbG"IRߊ<xܾӔJ0Z='Y嵤 Leveg)$znV-º^3Ւof#0Tfk^Zs[*I꯳3{)ˬW4Ւ4 OdpbZRS|*I 55#"&-IvT&/윚Ye:i$ 9{LkuRe[I~_\ؠ%>GL$iY8 9ܕ"S`kS.IlC;Ҏ4x&>u_0JLr<J2(^$5L s=MgV ~,Iju> 7r2)^=G$1:3G< `J3~&IR% 6Tx/rIj3O< ʔ&#f_yXJiގNSz; Tx(i8%#4 ~AS+IjerIUrIj362v885+IjAhK__5X%nV%Iͳ-y|7XV2v4fzo_68"S/I-qbf; LkF)KSM$ Ms>K WNV}^`-큧32ŒVؙGdu,^^m%6~Nn&͓3ŒVZMsRpfEW%IwdǀLm[7W&bIRL@Q|)* i ImsIMmKmyV`i$G+R 0tV'!V)֏28vU7͒vHꦼtxꗞT ;S}7Mf+fIRHNZUkUx5SAJㄌ9MqμAIRi|j5)o*^'<$TwI1hEU^c_j?Е$%d`z cyf,XO IJnTgA UXRD }{H}^S,P5V2\Xx`pZ|Yk:$e ~ @nWL.j+ϝYb퇪bZ BVu)u/IJ_ 1[p.p60bC >|X91P:N\!5qUB}5a5ja `ubcVxYt1N0Zzl4]7­gKj]?4ϻ *[bg$)+À*x쳀ogO$~,5 زUS9 lq3+5mgw@np1sso Ӻ=|N6 /g(Wv7U;zωM=wk,0uTg_`_P`uz?2yI!b`kĸSo+Qx%!\οe|އԁKS-s6pu_(ֿ$i++T8=eY; צP+phxWQv*|p1. ά. XRkIQYP,drZ | B%wP|S5`~́@i޾ E;Չaw{o'Q?%iL{u D?N1BD!owPHReFZ* k_-~{E9b-~P`fE{AܶBJAFO wx6Rox5 K5=WwehS8 (JClJ~ p+Fi;ŗo+:bD#g(C"wA^ r.F8L;dzdIHUX݆ϞXg )IFqem%I4dj&ppT{'{HOx( Rk6^C٫O.)3:s(۳(Z?~ٻ89zmT"PLtw䥈5&b<8GZ-Y&K?e8,`I6e(֍xb83 `rzXj)F=l($Ij 2*(F?h(/9ik:I`m#p3MgLaKjc/U#n5S# m(^)=y=đx8ŬI[U]~SцA4p$-F i(R,7Cx;X=cI>{Km\ o(Tv2vx2qiiDJN,Ҏ!1f 5quBj1!8 rDFd(!WQl,gSkL1Bxg''՞^ǘ;pQ P(c_ IRujg(Wz bs#P­rz> k c&nB=q+ؔXn#r5)co*Ũ+G?7< |PQӣ'G`uOd>%Mctz# Ԫڞ&7CaQ~N'-P.W`Oedp03C!IZcIAMPUۀ5J<\u~+{9(FbbyAeBhOSܳ1 bÈT#ŠyDžs,`5}DC-`̞%r&ڙa87QWWp6e7 Rϫ/oY ꇅ Nܶըtc!LA T7V4Jsū I-0Pxz7QNF_iZgúWkG83 0eWr9 X]㾮݁#Jˢ C}0=3ݱtBi]_ &{{[/o[~ \q鯜00٩|cD3=4B_b RYb$óBRsf&lLX#M*C_L܄:gx)WΘsGSbuL rF$9';\4Ɍq'n[%p.Q`u hNb`eCQyQ|l_C>Lb꟟3hSb #xNxSs^ 88|Mz)}:](vbۢamŖ࿥ 0)Q7@0=?^k(*J}3ibkFn HjB׻NO z x}7p 0tfDX.lwgȔhԾŲ }6g E |LkLZteu+=q\Iv0쮑)QٵpH8/2?Σo>Jvppho~f>%bMM}\//":PTc(v9v!gոQ )UfVG+! 35{=x\2+ki,y$~A1iC6#)vC5^>+gǵ@1Hy٪7u;p psϰu/S <aʸGu'tD1ԝI<pg|6j'p:tպhX{o(7v],*}6a_ wXRk,O]Lܳ~Vo45rp"N5k;m{rZbΦ${#)`(Ŵg,;j%6j.pyYT?}-kBDc3qA`NWQū20/^AZW%NQ MI.X#P#,^Ebc&?XR tAV|Y.1!؅⨉ccww>ivl(JT~ u`ٵDm q)+Ri x/x8cyFO!/*!/&,7<.N,YDŽ&ܑQF1Bz)FPʛ?5d 6`kQձ λc؎%582Y&nD_$Je4>a?! ͨ|ȎWZSsv8 j(I&yj Jb5m?HWp=g}G3#|I,5v珿] H~R3@B[☉9Ox~oMy=J;xUVoj bUsl_35t-(ՃɼRB7U!qc+x4H_Qo֮$[GO<4`&č\GOc[.[*Af%mG/ ňM/r W/Nw~B1U3J?P&Y )`ѓZ1p]^l“W#)lWZilUQu`-m|xĐ,_ƪ|9i:_{*(3Gѧ}UoD+>m_?VPۅ15&}2|/pIOʵ> GZ9cmíتmnz)yߐbD >e}:) r|@R5qVSA10C%E_'^8cR7O;6[eKePGϦX7jb}OTGO^jn*媓7nGMC t,k31Rb (vyܴʭ!iTh8~ZYZp(qsRL ?b}cŨʊGO^!rPJO15MJ[c&~Z`"ѓޔH1C&^|Ш|rʼ,AwĴ?b5)tLU)F| &g٣O]oqSUjy(x<Ϳ3 .FSkoYg2 \_#wj{u'rQ>o;%n|F*O_L"e9umDds?.fuuQbIWz |4\0 sb;OvxOSs; G%T4gFRurj(֍ڑb uԖKDu1MK{1^ q; C=6\8FR艇!%\YÔU| 88m)֓NcLve C6z;o&X x59:q61Z(T7>C?gcļxѐ Z oo-08jہ x,`' ҔOcRlf~`jj".Nv+sM_]Zk g( UOPyεx%pUh2(@il0ݽQXxppx-NS( WO+轾 nFߢ3M<;z)FBZjciu/QoF 7R¥ ZFLF~#ȣߨ^<쩡ݛкvџ))ME>ώx4m#!-m!L;vv#~Y[đKmx9.[,UFS CVkZ +ߟrY٧IZd/ioi$%͝ب_ֶX3ܫhNU ZZgk=]=bbJS[wjU()*I =ώ:}-蹞lUj:1}MWm=̛ _ ¾,8{__m{_PVK^n3esw5ӫh#$-q=A̟> ,^I}P^J$qY~Q[ Xq9{#&T.^GVj__RKpn,b=`żY@^՝;z{paVKkQXj/)y TIc&F;FBG7wg ZZDG!x r_tƢ!}i/V=M/#nB8 XxЫ ^@CR<{䤭YCN)eKOSƟa $&g[i3.C6xrOc8TI;o hH6P&L{@q6[ Gzp^71j(l`J}]e6X☉#͕ ׈$AB1Vjh㭦IRsqFBjwQ_7Xk>y"N=MB0 ,C #o6MRc0|$)ف"1!ixY<B9mx `,tA>)5ػQ?jQ?cn>YZe Tisvh# GMމȇp:ԴVuږ8ɼH]C.5C!UV;F`mbBk LTMvPʍϤj?ԯ/Qr1NB`9s"s TYsz &9S%U԰> {<ؿSMxB|H\3@!U| k']$U+> |HHMLޢ?V9iD!-@x TIî%6Z*9X@HMW#?nN ,oe6?tQwڱ.]-y':mW0#!J82qFjH -`ѓ&M0u Uγmxϵ^-_\])@0Rt.8/?ٰCY]x}=sD3ojަЫNuS%U}ԤwHH>ڗjܷ_3gN q7[q2la*ArǓԖ+p8/RGM ]jacd(JhWko6ڎbj]i5Bj3+3!\j1UZLsLTv8HHmup<>gKMJj0@H%,W΃7R) ">c, xixј^ aܖ>H[i.UIHc U1=yW\=S*GR~)AF=`&2h`DzT󑓶J+?W+}C%P:|0H܆}-<;OC[~o.$~i}~HQ TvXΈr=b}$vizL4:ȰT|4~*!oXQR6Lk+#t/g lԁߖ[Jڶ_N$k*". xsxX7jRVbAAʯKҎU3)zSNN _'s?f)6X!%ssAkʱ>qƷb hg %n ~p1REGMHH=BJiy[<5 ǁJҖgKR*倳e~HUy)Ag,K)`Vw6bRR:qL#\rclK/$sh*$ 6덤 KԖc 3Z9=Ɣ=o>X Ώ"1 )a`SJJ6k(<c e{%kϊP+SL'TcMJWRm ŏ"w)qc ef꒵i?b7b('"2r%~HUS1\<(`1Wx9=8HY9m:X18bgD1u ~|H;K-Uep,, C1 RV.MR5άh,tWO8WC$ XRVsQS]3GJ|12 [vM :k#~tH30Rf-HYݺ-`I9%lIDTm\ S{]9gOڒMNCV\G*2JRŨ;Rҏ^ڽ̱mq1Eu?To3I)y^#jJw^Ńj^vvlB_⋌P4x>0$c>K†Aļ9s_VjTt0l#m>E-,,x,-W)سo&96RE XR.6bXw+)GAEvL)͞K4$p=Ũi_ѱOjb HY/+@θH9޼]Nԥ%n{ &zjT? Ty) s^ULlb,PiTf^<À] 62R^V7)S!nllS6~͝V}-=%* ʻ>G DnK<y&>LPy7'r=Hj 9V`[c"*^8HpcO8bnU`4JȪAƋ#1_\ XϘHPRgik(~G~0DAA_2p|J묭a2\NCr]M_0 ^T%e#vD^%xy-n}-E\3aS%yN!r_{ )sAw ڼp1pEAk~v<:`'ӭ^5 ArXOI驻T (dk)_\ PuA*BY]yB"l\ey hH*tbK)3 IKZ򹞋XjN n *n>k]X_d!ryBH ]*R 0(#'7 %es9??ښFC,ՁQPjARJ\Ρw K#jahgw;2$l*) %Xq5!U᢯6Re] |0[__64ch&_}iL8KEgҎ7 M/\`|.p,~`a=BR?xܐrQ8K XR2M8f ?`sgWS%" Ԉ 7R%$ N}?QL1|-эټwIZ%pvL3Hk>,ImgW7{E xPHx73RA @RS CC !\ȟ5IXR^ZxHл$Q[ŝ40 (>+ _C >BRt<,TrT {O/H+˟Pl6 I B)/VC<6a2~(XwV4gnXR ϱ5ǀHٻ?tw똤Eyxp{#WK qG%5],(0ӈH HZ])ג=K1j&G(FbM@)%I` XRg ʔ KZG(vP,<`[ Kn^ SJRsAʠ5xՅF`0&RbV tx:EaUE/{fi2;.IAwW8/tTxAGOoN?G}l L(n`Zv?pB8K_gI+ܗ #i?ޙ.) p$utc ~DžfՈEo3l/)I-U?aԅ^jxArA ΧX}DmZ@QLےbTXGd.^|xKHR{|ΕW_h] IJ`[G9{).y) 0X YA1]qp?p_k+J*Y@HI>^?gt.06Rn ,` ?);p pSF9ZXLBJPWjgQ|&)7! HjQt<| ؅W5 x W HIzYoVMGP Hjn`+\(dNW)F+IrS[|/a`K|ͻ0Hj{R,Q=\ (F}\WR)AgSG`IsnAR=|8$}G(vC$)s FBJ?]_u XRvύ6z ŨG[36-T9HzpW̞ú Xg큽=7CufzI$)ki^qk-) 0H*N` QZkk]/tnnsI^Gu't=7$ Z;{8^jB% IItRQS7[ϭ3 $_OQJ`7!]W"W,)Iy W AJA;KWG`IY{8k$I$^%9.^(`N|LJ%@$I}ֽp=FB*xN=gI?Q{٥4B)mw $Igc~dZ@G9K X?7)aK%݅K$IZ-`IpC U6$I\0>!9k} Xa IIS0H$I H ?1R.Чj:4~Rw@p$IrA*u}WjWFPJ$I➓/6#! LӾ+ X36x8J |+L;v$Io4301R20M I$-E}@,pS^ޟR[/s¹'0H$IKyfŸfVOπFT*a$I>He~VY/3R/)>d$I>28`Cjw,n@FU*9ttf$I~<;=/4RD~@ X-ѕzἱI$: ԍR a@b X{+Qxuq$IЛzo /~3\8ڒ4BN7$IҀj V]n18H$IYFBj3̵̚ja pp $Is/3R Ӻ-Yj+L;.0ŔI$Av? #!5"aʄj}UKmɽH$IjCYs?h$IDl843.v}m7UiI=&=0Lg0$I4: embe` eQbm0u? $IT!Sƍ'-sv)s#C0:XB2a w I$zbww{."pPzO =Ɔ\[ o($Iaw]`E).Kvi:L*#gР7[$IyGPI=@R 4yR~̮´cg I$I/<tPͽ hDgo 94Z^k盇΄8I56^W$I^0̜N?4*H`237}g+hxoq)SJ@p|` $I%>-hO0eO>\ԣNߌZD6R=K ~n($I$y3D>o4b#px2$yڪtzW~a $I~?x'BwwpH$IZݑnC㧄Pc_9sO gwJ=l1:mKB>Ab<4Lp$Ib o1ZQ@85b̍ S'F,Fe,^I$IjEdù{l4 8Ys_s Z8.x m"+{~?q,Z D!I$ϻ'|XhB)=…']M>5 rgotԎ 獽PH$IjIPhh)n#cÔqA'ug5qwU&rF|1E%I$%]!'3AFD/;Ck_`9 v!ٴtPV;x`'*bQa w I$Ix5 FC3D_~A_#O݆DvV?<qw+I$I{=Z8".#RIYyjǪ=fDl9%M,a8$I$Ywi[7ݍFe$s1ՋBVA?`]#!oz4zjLJo8$I$%@3jAa4(o ;p,,dya=F9ً[LSPH$IJYЉ+3> 5"39aZ<ñh!{TpBGkj}Sp $IlvF.F$I z< '\K*qq.f<2Y!S"-\I$IYwčjF$ w9 \ߪB.1v!Ʊ?+r:^!I$BϹB H"B;L'G[ 4U#5>੐)|#o0aڱ$I>}k&1`U#V?YsV x>{t1[I~D&(I$I/{H0fw"q"y%4 IXyE~M3 8XψL}qE$I[> nD?~sf ]o΁ cT6"?'_Ἣ $I>~.f|'!N?⟩0G KkXZE]ޡ;/&?k OۘH$IRۀwXӨ<7@PnS04aӶp.:@\IWQJ6sS%I$e5ڑv`3:x';wq_vpgHyXZ 3gЂ7{{EuԹn±}$I$8t;b|591nءQ"P6O5i }iR̈́%Q̄p!I䮢]O{H$IRϻ9s֧ a=`- aB\X0"+5"C1Hb?߮3x3&gşggl_hZ^,`5?ߎvĸ%̀M!OZC2#0x LJ0 Gw$I$I}<{Eb+y;iI,`ܚF:5ܛA8-O-|8K7s|#Z8a&><a&/VtbtLʌI$I$I$I$I$I$IRjDD%tEXtdate:create2022-05-31T04:40:26+00:00!Î%tEXtdate:modify2022-05-31T04:40:26+00:00|{2IENDB`Mini Shell

HOME


Mini Shell 1.0
DIR:/opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/contracts/
Upload File :
Current File : //opt/imunify360/venv/lib/python3.11/site-packages/defence360agent/contracts/config.py
"""
All the config settings for defence360 in one place
"""
import functools
import logging
import os
from abc import abstractmethod
from bisect import bisect_left, bisect_right
from copy import deepcopy
from datetime import datetime, timedelta
from enum import Enum
from pathlib import Path
from typing import (
    Any,
    Callable,
    Dict,
    List,
    Mapping,
    Optional,
    Protocol,
    Sequence,
    Tuple,
    Union,
    _ProtocolMeta,
)

from cerberus import Validator

from defence360agent.contracts.config_provider import (
    CachedConfigReader,
    ConfigError,
    ConfigReader,
    UserConfigReader,
    WriteOnlyConfigReader,
)
from defence360agent.feature_management.checkers import (
    config_cleanup as fm_config_cleanup,
)
from defence360agent.utils import Singleton, dict_deep_update, importer

av_version = importer.get(
    module="imav._version", name="__version__", default=None
)

logger = logging.getLogger(__name__)

ANTIVIRUS_MODE = not importer.exists("im360")
# feature flag for those clients who want to test Myimunify
FREEMIUM_FEATURE_FLAG = "/var/imunify360/myimunify-freemium.flag"
MY_IMUNIFY_KEY = "MY_IMUNIFY"
_version = importer.get(
    module="im360._version", name="__version__", default=av_version
)

AGENT_CONF = "../."
CONFIG_VALIDATORS_DIR_PATH = Path(
    os.environ.get(
        "IM360_CONFIG_SCHEMA_PATH",
        "/opt/imunify360/venv/share/imunify360/config_schema/",
    )
)

# TODO: remove after av-7.16.0 release
NOTIFY, CLEANUP = "notify", "cleanup"

NONE, DAY, WEEK, MONTH = "none", "day", "week", "month"

DEFAULT_INTENSITY_CPU = 2
DEFAULT_INTENSITY_IO = 2
DEFAULT_INTENSITY_RAM = 2048

DEFAULT_RESOURCE_MANAGEMENT_CPU_LIMIT = 2
DEFAULT_RESOURCE_MANAGEMENT_IO_LIMIT = 2
DEFAULT_RESOURCE_MANAGEMENT_RAM_LIMIT = 500

MODSEC_RULESET_FULL = "FULL"
MODSEC_RULESET_MINIMAL = "MINIMAL"
_DOS_DETECTOR_DEFAULT_LIMIT = 250
_DOS_DETECTOR_MIN_LIMIT = 1
_DOS_DETECTOR_MIN_INTERVAL = 1

PORT_BLOCKING_MODE_DENY = "DENY"
PORT_BLOCKING_MODE_ALLOW = "ALLOW"

DO_NOT_MODIFY_DISCLAMER = """\
############################################################################
# DO NOT MODIFY THIS FILE!!!                                               #
# USE /etc/sysconfig/imunify360/imunify360.config.d/ TO OVERRIDE DEFAULTS  #
############################################################################
"""
DEFAULT_CONFIG_DISCLAMER = """\
############################################################################
# DO NOT MODIFY THIS FILE!!!                                               #
# USE /etc/sysconfig/imunify360/imunify360.config.d/ TO OVERRIDE DEFAULTS  #
# This is an example of default values only                                #
# Changing this file will have no effect                                   #
############################################################################
"""

CPANEL, PLESK, DIRECTADMIN = "cpanel", "plesk", "directadmin"
ACRONIS, R1SOFT, CLUSTERLOGICS = "acronis", "r1soft", "clusterlogics"
SAMPLE_BACKEND = "sample"

CLOUDLINUX, CLOUDLINUX_ON_PREMISE = "cloudlinux", "cloudlinux_on_premise"

GENERIC_SENSOR_SOCKET_PATH = "/var/run/defence360agent/generic_sensor.sock.2"


def int_from_envvar(var: str, default: int, env: Mapping = os.environ) -> int:
    try:
        return int(env[var])
    except KeyError:
        return default
    except ValueError as e:
        raise ValueError("{}: integer required".format(var)) from e


def bool_from_envvar(
    var: str, default: bool, env: Mapping = os.environ
) -> bool:
    TRUE_VALS = ("true", "t", "yes", "y", "1")
    FALSE_VALS = ("false", "f", "no", "n", "0")
    try:
        val = env[var]
    except KeyError:
        return default
    else:
        val = val.lower()
        if val in TRUE_VALS:
            return True
        if val in FALSE_VALS:
            return False
        raise ValueError(
            "{}: should be one of {}".format(var, TRUE_VALS + FALSE_VALS)
        )


def _self_rel2abs(relpath):
    return os.path.join(os.path.dirname(__file__), relpath)


def conf_rel2abs(relpath):
    return os.path.join(os.path.dirname(_self_rel2abs(AGENT_CONF)), relpath)


def _slurp_file(path):
    """Returns content for existing file, otherwise None"""
    try:
        with open(path, "r") as f:
            return f.read().strip()
    except OSError:
        return None


def choose_value_from_config(section, option, username=None):
    """
    Choose action for config option by checking EndUser's Imunify360
    config and Admin config. Admins config applies only if EndUser
    didn't set the default action
    """
    user_config = ConfigFile(username=username).config_to_dict()
    user_section = user_config.get(section)
    if user_section is not None:
        user_value = user_section.get(option)
        if user_value is not None:
            return user_value, username
    logger.debug("Cannot read %s:%s from user config", section, option)
    root_config = ConfigFile().config_to_dict()
    return root_config[section][option], UserType.ROOT


def is_mi_freemium_license():
    """
    Just checks if this is server with MyImunify Freemium license
    """
    return os.path.exists(FREEMIUM_FEATURE_FLAG)


class FromConfig:
    def __init__(self, section, option=None, config_cls=None):
        self.section = section
        self.option = option
        self._config_cls = config_cls
        self._config_instance = None

    def __get__(self, instance, owner):
        if self._config_instance is None:
            if self._config_cls is None:
                self._config_instance = ConfigFile()
            else:
                self._config_instance = self._config_cls()

        section_value = self._config_instance.config_to_dict()[self.section]
        if self.option is not None:
            return section_value[self.option]
        return section_value


class FromFlagFile:
    LOCATION = Path("/var/imunify360")

    def __init__(self, name, *, coerce=bool, default=...):
        self.name = name
        self.coerce = coerce
        self.default = default

    def __get__(self, instance, owner):
        path = self.LOCATION / self.name
        if path.exists():
            return self.coerce(path.read_text() or self.default)


def _get_combined_validation_schema(*, root=True):
    func_name = "get_root_config" if root else "get_non_root_config"
    combined_schema = {}
    for module in importer.iter_modules([CONFIG_VALIDATORS_DIR_PATH]):
        get_schema = getattr(module, func_name, lambda: {})
        schema = get_schema()
        dict_deep_update(combined_schema, schema, allow_overwrite=False)
    return combined_schema


@functools.lru_cache(maxsize=1)
def config_schema_root():
    return _get_combined_validation_schema()


@functools.lru_cache(maxsize=1)
def config_schema_non_root():
    return _get_combined_validation_schema(root=False)


CONFIG_SCHEMA_CUSTOM_BILLING = {
    "CUSTOM_BILLING": {
        "type": "dict",
        "schema": {
            "upgrade_url": {
                "type": "string",
                "default": None,
                "nullable": True,
            },
            "upgrade_url_360": {
                "type": "string",
                "default": None,
                "nullable": True,
            },
            "billing_notifications": {"type": "boolean", "default": True},
            "ip_license": {"type": "boolean", "default": True},
        },
        "default": {},
    }
}


class ConfigValidationError(Exception):
    pass


class Core:
    PRODUCT = "imunify360"
    NAME = "%s agent" % PRODUCT if not ANTIVIRUS_MODE else "imunify antivirus"
    AV_VERSION = av_version
    VERSION = _version  # AV or IM360
    API_BASE_URL = os.environ.get(
        "IMUNIFY360_API_URL", "https://api.imunify360.com"
    )
    DEFAULT_SOCKET_TIMEOUT = 10
    DIST = ".el7"
    FILE_UMASK = 0o007
    TMPDIR = "/var/imunify360/tmp"
    MERGED_CONFIG_FILE_NAME = "imunify360-merged.config"
    USER_CONFIG_FILE_NAME = "imunify360.config"
    LOCAL_CONFIG_FILE_NAME = "imunify360.config"
    CONFIG_DIR = "/etc/imunify360"
    USER_CONFDIR = os.path.join(CONFIG_DIR, "user_config")
    GLOBAL_CONFDIR = "/etc/sysconfig/imunify360"
    MERGED_CONFIG_FILE_PATH = os.path.join(
        GLOBAL_CONFDIR, MERGED_CONFIG_FILE_NAME
    )
    MERGED_CONFIG_FILE_PERMISSION = 0o644
    LOCAL_CONFIG_FILE_PATH = os.path.join(GLOBAL_CONFDIR, "imunify360.config")
    CONFIG_D_NAME = "imunify360.config.d"
    BACKUP_CONFIGFILENAME = ".imunify360.backup_config"
    HOOKS_CONFIGFILENAME = "hooks.yaml"
    CUSTOM_BILLING_CONFIGFILENAME = "custom_billing.config"
    INBOX_HOOKS_DIR = "/var/imunify360/hooks"

    SVC_NAME = (
        "imunify360-agent" if not ANTIVIRUS_MODE else "imunify-antivirus"
    )
    UNIFIED_ACCESS_LOGGER_CONFIGFILENAME = "unified-access-logger.conf"
    GO_FLAG_FILE = Path("/etc/sysconfig/imunify360/.go_agent")
    SIGNAL_HANDLER_MIGRATION_TIMEOUT_SECS = 60


class IConfig(Protocol):
    @abstractmethod
    def config_to_dict(
        self, normalize: bool = True, force_read: bool = False
    ) -> dict:
        raise NotImplementedError

    @abstractmethod
    def dict_to_config(
        self,
        data: Mapping,
        validate: bool = True,
        normalize: bool = True,
        overwrite: bool = False,
        without_defaults: bool = False,
    ) -> None:
        raise NotImplementedError

    @abstractmethod
    def validate(self) -> None:
        raise NotImplementedError

    @abstractmethod
    def normalize(
        self, config: Mapping, without_defaults: bool = False
    ) -> dict:
        raise NotImplementedError

    @abstractmethod
    def modified_since(self, timestamp: Optional[float]) -> bool:
        raise NotImplementedError

    def get(self, section: str, option: Optional[str]) -> Any:
        if option:
            return self.config_to_dict().get(section, {}).get(option)
        return None

    def set(self, section: str, option: Optional[str], value: Any) -> None:
        if option:
            self.dict_to_config({section: {option: value}})


class IConfigFile(IConfig, Protocol):
    path: str


class ProtocolSingleton(_ProtocolMeta, Singleton):
    """
    Needed to avoid metaclass conflict when implementing protocols that are
    also Singletons
    """


class Normalizer:
    def __init__(self, validation_schema):
        self._config: Optional[Mapping] = None
        self._normalized_config: dict = {}
        self._schema = ConfigsValidator.get_validation_schema(
            validation_schema
        )
        self._schema_without_defaults = self._get_schema_without_defaults(
            self._schema
        )

    @classmethod
    def _get_schema_without_defaults(cls, _dict: Mapping) -> dict:
        return {
            key: cls._get_schema_without_defaults(value)
            if isinstance(value, dict)
            else value
            for key, value in _dict.items()
            if key not in ["default", "default_setter"]
        }

    @staticmethod
    def remove_null(config: Mapping) -> dict:
        new_config: Dict[str, Union[dict, List[Tuple]]] = {}
        for section, options in config.items():
            # We only support dict for option removal
            if isinstance(options, dict):
                for option, value in options.items():
                    if value is not None:
                        new_config.setdefault(section, {})[option] = value
            elif options:
                # Let cerberus coerce this to dict
                # and leave the None's as is
                new_config[section] = options
        return new_config

    @staticmethod
    def _normalize_with_schema(config: Mapping, schema) -> dict:
        validator = ConfigValidator(schema)
        normalized: Optional[dict] = validator.normalized(config)
        if validator.errors:
            raise ConfigValidationError(validator.errors)
        if normalized is None:
            raise ConfigValidationError(f"Cerberus returned None for {config}")
        return normalized

    def normalize(self, config: Mapping, without_defaults: bool) -> dict:
        schema = (
            self._schema_without_defaults if without_defaults else self._schema
        )
        if without_defaults:
            config = self.remove_null(config)
            return self._normalize_with_schema(config, schema)
        # Utilize cache
        if config == self._config:
            return self._normalized_config
        normalized = self._normalize_with_schema(config, schema)
        self._config = config
        self._normalized_config = normalized
        return self._normalized_config


class Config(IConfig, metaclass=ProtocolSingleton):
    DISCLAIMER = ""

    def __init__(
        self,
        *,
        # FIXME: allow pathlib.Path
        path: str = None,
        config_reader: ConfigReader = None,
        validation_schema: Union[Mapping, Callable[[], Mapping]] = None,
        disclaimer: str = None,
        cached: bool = True,
        permissions: int = None,
    ):
        super().__init__()
        assert path or config_reader
        config_reader_cls = CachedConfigReader if cached else ConfigReader
        self._config_reader = config_reader or config_reader_cls(
            path,
            disclaimer=disclaimer or self.DISCLAIMER,
            permissions=permissions,
        )
        self.path = self._config_reader.path
        self.validation_schema = validation_schema or config_schema_root
        self._normalizer = Normalizer(self.validation_schema)

    def __repr__(self):
        return (
            "<{classname}(config_reader={config_reader!r},"
            " validation_schema={validation_schema!r})"
            ">"
        ).format(
            classname=self.__class__.__qualname__,
            config_reader=self._config_reader,
            validation_schema=self.validation_schema,
        )

    def normalize(self, config: Mapping, without_defaults=False) -> dict:
        return self._normalizer.normalize(config, without_defaults)

    def config_to_dict(self, normalize=True, force_read: bool = False) -> dict:
        """
        Converts config file to dict

        :return dict: dictionary (key (section) / value (options))
        """
        config = self._config_reader.read_config_file(force_read=force_read)
        if normalize:
            config = self.normalize(config)

        return deepcopy(config)

    def dict_to_config(
        self,
        data: Mapping,
        validate: bool = True,
        normalize: bool = True,
        overwrite: bool = False,
        without_defaults: bool = False,
    ) -> None:
        """
        Converts dict to config file
        New options will be mixed in with old ones
        unless overwrite is specified

        :param dict data: dictionary (key (section) / value (options))
        :param bool validate: indicates if we need validation
        :param bool normalize: normalize config
        :param overwrite: overwrite existing conf
        :param without_defaults: do not fill defaults
        :return: None
        """
        if overwrite:
            self._dict_to_config_overwrite(
                data=data,
                validate=validate,
                normalize=normalize,
                without_defaults=without_defaults,
            )
        else:
            self._dict_to_config(
                data=data,
                validate=validate,
                normalize=normalize,
                without_defaults=without_defaults,
            )

    def _dict_to_config_overwrite(
        self, data, validate, normalize, without_defaults
    ):
        if validate:
            ConfigsValidator.validate(data, self.validation_schema)
        if normalize:
            data = self.normalize(data, without_defaults=without_defaults)
        self._config_reader.write_config_file(data)

    def _dict_to_config(self, data, validate, normalize, without_defaults):
        config = deepcopy(self._config_reader.read_config_file())
        if dict_deep_update(config, data):
            if validate:
                ConfigsValidator.validate(config, self.validation_schema)
            if normalize:
                config = self.normalize(
                    config, without_defaults=without_defaults
                )
            self._config_reader.write_config_file(config)

    def validate(self):
        """
        :raises ConfigsValidatorError
        """
        try:
            config_dict = self._config_reader.read_config_file(
                ignore_errors=False
            )
        except ConfigError as e:
            message = "Error during config validation"
            logger.error("%s: %s", message, e)
            raise ConfigsValidatorError({self: message}) from e

        try:
            ConfigsValidator.validate(config_dict, self.validation_schema)
        except ConfigValidationError as e:
            message = "Imunify360 config does not match the scheme"
            logger.error("%s: %s", message, e)
            raise ConfigsValidatorError({self: message}) from e

    def modified_since(self, timestamp: Optional[float]) -> bool:
        return self._config_reader.modified_since(timestamp)


class UserConfig(Config):
    def __init__(self, *, username):
        self.username = username
        path = os.path.join(
            Core.USER_CONFDIR, username, Core.USER_CONFIG_FILE_NAME
        )
        super().__init__(
            path=path,
            config_reader=UserConfigReader(path, username),
            validation_schema=config_schema_non_root,
        )


class SystemConfig(IConfig, metaclass=ProtocolSingleton):
    def __init__(
        self, *, local_config: Config = None, merged_config: Config = None
    ):
        super().__init__()
        self._local_config = local_config or LocalConfig()
        self._merged_config = merged_config or MergedConfig()

    def config_to_dict(
        self, normalize: bool = True, force_read: bool = False
    ) -> dict:
        return self._merged_config.config_to_dict(
            normalize=normalize, force_read=force_read
        )

    def dict_to_config(
        self,
        data: Mapping,
        validate: bool = True,
        normalize: bool = True,
        overwrite: bool = False,
        without_defaults: bool = True,
    ) -> None:
        self._local_config.dict_to_config(
            data,
            validate=validate,
            normalize=normalize,
            overwrite=overwrite,
            without_defaults=without_defaults,
        )

    def validate(self) -> None:
        self._merged_config.validate()

    def normalize(
        self, config: Mapping, without_defaults: bool = False
    ) -> dict:
        return self._merged_config.normalize(
            config=config, without_defaults=without_defaults
        )

    def modified_since(self, timestamp: Optional[float]) -> bool:
        return self._merged_config.modified_since(timestamp)


def config_file_factory(
    username: Optional[Union[str, int]] = None, path: Optional[str] = None
) -> IConfig:
    if username and not isinstance(username, int):
        return UserConfig(username=username)
    elif path:
        return Config(path=path)
    else:
        return SystemConfig()


# TODO: move all layer related functions to another module
def any_layer_modified_since(timestamp) -> bool:
    merger = Merger(Merger.get_layer_names())
    for layer in merger.layers:
        if layer.modified_since(timestamp):
            return True
    return False


MergedConfig = functools.partial(
    Config,
    config_reader=WriteOnlyConfigReader(
        path=Core.MERGED_CONFIG_FILE_PATH,
        disclaimer=DO_NOT_MODIFY_DISCLAMER,
        permissions=Core.MERGED_CONFIG_FILE_PERMISSION,
    ),
)


class LocalConfig(Config):
    """
    Config (/etc/sysconfig/imunify360/imunify360.config) should contain
    options changed by a customer only
    """

    def __init__(
        self,
        *,
        path=Core.LOCAL_CONFIG_FILE_PATH,  # overrides the parent default value
        config_reader: ConfigReader = None,
        validation_schema: Union[Mapping, Callable[[], Mapping]] = None,
        disclaimer: str = None,
        cached=False,  # overrides the parent default value
    ):
        super().__init__(
            path=path,
            config_reader=config_reader,
            validation_schema=validation_schema,
            disclaimer=disclaimer,
            cached=cached,
        )

    def dict_to_config(
        self,
        data: Mapping,
        validate: bool = True,
        normalize: bool = True,
        overwrite: bool = False,
        without_defaults: bool = True,  # overrides the parent default value
    ) -> None:
        return super().dict_to_config(
            data,
            validate=validate,
            normalize=normalize,
            overwrite=overwrite,
            without_defaults=without_defaults,
        )


class BaseMerger:
    DIR = os.path.join(Core.GLOBAL_CONFDIR, Core.CONFIG_D_NAME)
    LOCAL_CONFIG_NAME = "90-local.config"

    def __init__(self, names, include_defaults=False):
        self._include_defaults = include_defaults
        self.layers = [
            Config(path=os.path.join(self.DIR, name)) for name in names
        ]

    @classmethod
    def get_layer_names(cls):
        return sorted(os.listdir(cls.DIR)) if os.path.isdir(cls.DIR) else []

    def configs_to_dict(self, force_read=False):
        layer_dict_list = []
        if self._include_defaults:
            defaults = Normalizer(config_schema_root).normalize(
                {}, without_defaults=False
            )
            layer_dict_list.append(defaults)

        layer_dict_list += [
            layer.config_to_dict(normalize=False, force_read=force_read)
            for layer in self.layers
        ]
        return self._build_effective_config(layer_dict_list)

    @classmethod
    def _build_effective_config(cls, layer_dict_list: list):
        effective: Dict[str, dict] = {}
        for layer_dict in layer_dict_list:
            for section, options in layer_dict.items():
                if options is None:
                    continue
                if section not in effective:
                    effective[section] = {}
                for option, value in options.items():
                    if value is not None:
                        effective[section][option] = value
        return effective


class MutableMerger(BaseMerger):
    def __init__(self, names: Sequence):
        idx = bisect_left(names, self.LOCAL_CONFIG_NAME)
        names = names[:idx]
        super().__init__(names, include_defaults=True)


class ImmutableMerger(BaseMerger):
    def __init__(self, names: Sequence):
        idx = bisect_right(names, self.LOCAL_CONFIG_NAME)
        names = names[idx:]
        super().__init__(names, include_defaults=False)


class NonBaseMerger(BaseMerger):
    def __init__(self, names: Sequence):
        super().__init__(names, include_defaults=False)


class Merger(BaseMerger):
    def __init__(self, names):
        super().__init__(names, include_defaults=True)

    @classmethod
    def update_merged_config(cls):
        merged_config = MergedConfig()
        merger = cls(cls.get_layer_names())
        config_dict = merger.configs_to_dict()
        try:
            ConfigsValidator.validate(config_dict)
        except (ConfigsValidatorError, ConfigValidationError):
            logger.warning("Config file is invalid!")
        else:
            merged_config.dict_to_config(config_dict, validate=False)


class ConfigValidator(Validator):
    def __init__(
        self,
        *args,
        allow_unknown=ANTIVIRUS_MODE,
        purge_readonly=True,
        **kwargs,
    ):
        """
        Initialises ConfigValidator(Validator)
        for more details on Validator params please check
        https://docs.python-cerberus.org/en/stable/validation-rules.html
        """
        super().__init__(
            *args,
            allow_unknown=allow_unknown,
            purge_readonly=purge_readonly,
            **kwargs,
        )

    def _normalize_coerce_user_override_pd_rules(self, value):
        if self.root_document.get("MY_IMUNIFY", {}).get("enable", False):
            return True
        return value


class Packaging:
    DATADIR = "/opt/imunify360/venv/share/%s" % Core.PRODUCT


class SimpleRpc:
    # how long to wait for the response from RPC server in seconds
    CLIENT_TIMEOUT = 3600
    SOCKET_PATH = "/var/run/defence360agent/simple_rpc.sock"
    # end-user stuff
    NON_ROOT_SOCKET_PATH = "/var/run/defence360agent/non_root_simple_rpc.sock"
    TOKEN_FILE_TMPL = ".imunify360_token_{suffix}"
    # -r--------
    TOKEN_MASK = 0o400
    SOCKET_ACTIVATION = bool_from_envvar(
        "I360_SOCKET_ACTIVATION",
        ANTIVIRUS_MODE,
    )
    INACTIVITY_TIMEOUT = int_from_envvar(
        "IMUNIFY360_INACTIVITY_TIMEOUT",
        int(timedelta(minutes=5).total_seconds()),
    )


class Model:
    #   type  sqlite3 - sqlite only supported
    PATH = "/var/%s/%s.db" % (Core.PRODUCT, Core.PRODUCT)
    PROACTIVE_PATH = "/var/%s/proactive.db" % (Core.PRODUCT,)
    RESIDENT_PATH = "/var/%s/%s-resident.db" % (Core.PRODUCT, Core.PRODUCT)


class FilesUpdate:
    # Check files update periodically
    PERIOD = timedelta(minutes=30).total_seconds()
    # Timeout for single Index update (group of files) DEF-11501
    # It has to be less than watchdog timeout (60 min)
    TIMEOUT = timedelta(minutes=15).total_seconds()
    # Timeout for individual socket operations (connect, recv/read, etc.)
    # For instance ssl-handshake timeout == SOCKET_TIMEOUT
    # Than less the value than better, to do not wait to long
    SOCKET_TIMEOUT = 3  # seconds


class CountryInfo:
    DB = "/var/imunify360/files/geo/v1/GeoLite2-Country.mmdb"

    LOCATIONS_DB = (
        "/var/imunify360/files/geo/v1/GeoLite2-Country-Locations-en.csv"
    )

    @staticmethod
    def country_subnets_file(country_code):
        return "/var/imunify360/files/geo/v1/CountrySubnets-{}.txt".format(
            country_code
        )


class Sentry:
    DSN = os.getenv(
        "IMUNITY360_SENTRY_DSN", _slurp_file("%s/sentry" % Packaging.DATADIR)
    )
    ENABLE = FromConfig("ERROR_REPORTING", "enable")


class Malware:
    SCAN_CHECK_PERIOD = 300
    CONSECUTIVE_ERROR_LIMIT = 10
    INOTIFY_SCAN_PERIOD = 60
    CONFIG_CHECK_PERIOD = 30
    CONFLICTS_CHECK_PERIOD = 300
    INOTIFY_ENABLED = FromConfig("MALWARE_SCANNING", "enable_scan_inotify")
    PURE_SCAN = FromConfig("MALWARE_SCANNING", "enable_scan_pure_ftpd")

    SEND_FILES = FromConfig("MALWARE_SCANNING", "sends_file_for_analysis")
    CLOUD_ASSISTED_SCAN = FromConfig("MALWARE_SCANNING", "cloud_assisted_scan")
    RAPID_SCAN = FromConfig("MALWARE_SCANNING", "rapid_scan")
    CRONTABS_SCAN_ENABLED = FromConfig("MALWARE_SCANNING", "crontabs")

    SCANS_PATH = "/var/imunify360/aibolit/scans.pickle"

    FILE_PREVIEW_BYTES_NUM = 1024 * 100  # 100 KB

    CLEANUP_STORAGE = "/var/imunify360/cleanup_storage"
    CLEANUP_TRIM = FromConfig(
        section="MALWARE_CLEANUP",
        option="trim_file_instead_of_removal",
    )
    CLEANUP_KEEP = FromConfig(
        section="MALWARE_CLEANUP",
        option="keep_original_files_days",
    )
    SCAN_MODIFIED_FILES = FromConfig(
        section="MALWARE_SCANNING",
        option="scan_modified_files",
    )

    MAX_SIGNATURE_SIZE_TO_SCAN = FromConfig(
        "MALWARE_SCANNING", "max_signature_size_to_scan"
    )
    MAX_CLOUDSCAN_SIZE_TO_SCAN = FromConfig(
        "MALWARE_SCANNING", "max_cloudscan_size_to_scan"
    )
    MAX_MRS_UPLOAD_FILE = FromConfig("MALWARE_SCANNING", "max_mrs_upload_file")

    RAPID_SCAN_RESCAN_UNCHANGING_FILES_FREQUENCY = FromConfig(
        "MALWARE_SCANNING", "rapid_scan_rescan_unchanging_files_frequency"
    )

    HYPERSCAN = FromConfig("MALWARE_SCANNING", "hyperscan")

    DATABASE_SCAN_ENABLED = FromConfig("MALWARE_DATABASE_SCAN", "enable")
    CPANEL_SCAN_ENABLED = FromConfig("MALWARE_SCANNING", "enable_scan_cpanel")
    CLEANUP_DISABLE_CLOUDAV = FromFlagFile("disable_cloudav")
    MDS_DB_TIMEOUT = FromConfig("MALWARE_DATABASE_SCAN", "db_timeout")


class MalwareScanScheduleInterval:
    NONE = NONE
    DAY = DAY
    WEEK = WEEK
    MONTH = MONTH


class MalwareScanSchedule:
    CMD = "/usr/bin/imunify360-agent malware user scan --background"
    CRON_PATH = "/etc/cron.d/imunify_scan_schedule"
    CRON_STRING = """\
# DO NOT EDIT. AUTOMATICALLY GENERATED.
0 {0} {1} * {2} root {cmd} >/dev/null 2>&1
"""
    INTERVAL = FromConfig(
        section="MALWARE_SCAN_SCHEDULE",
        option="interval",
    )
    HOUR = FromConfig(
        section="MALWARE_SCAN_SCHEDULE",
        option="hour",
    )
    DAY_OF_WEEK = FromConfig(
        section="MALWARE_SCAN_SCHEDULE",
        option="day_of_week",
    )
    DAY_OF_MONTH = FromConfig(
        section="MALWARE_SCAN_SCHEDULE",
        option="day_of_month",
    )


class MalwareScanIntensity:
    CPU = FromConfig(
        section="MALWARE_SCAN_INTENSITY",
        option="cpu",
    )
    IO = FromConfig(
        section="MALWARE_SCAN_INTENSITY",
        option="io",
    )
    RAM = FromConfig(
        section="MALWARE_SCAN_INTENSITY",
        option="ram",
    )
    USER_CPU = FromConfig(
        section="MALWARE_SCAN_INTENSITY",
        option="user_scan_cpu",
    )
    USER_IO = FromConfig(
        section="MALWARE_SCAN_INTENSITY",
        option="user_scan_io",
    )
    USER_RAM = FromConfig(
        section="MALWARE_SCAN_INTENSITY",
        option="user_scan_ram",
    )


class FileBasedResourceLimits:
    CPU = FromConfig(
        section="RESOURCE_MANAGEMENT",
        option="cpu_limit",
    )
    IO = FromConfig(
        section="RESOURCE_MANAGEMENT",
        option="io_limit",
    )
    RAM = FromConfig(
        section="RESOURCE_MANAGEMENT",
        option="ram_limit",
    )


class KernelCare:
    EDF = FromConfig(
        section="KERNELCARE",
        option="edf",
    )


def get_rapid_rescan_frequency():
    value = Malware.RAPID_SCAN_RESCAN_UNCHANGING_FILES_FREQUENCY
    if value is None:
        freq = {
            MalwareScanScheduleInterval.NONE: 1,
            MalwareScanScheduleInterval.MONTH: 2,
            MalwareScanScheduleInterval.WEEK: 5,
            MalwareScanScheduleInterval.DAY: 10,
        }
        return freq.get(MalwareScanSchedule.INTERVAL, 1)
    return value


class MalwareSignatures:
    _dir = "/var/imunify360/files/sigs/v1/"
    RFXN = os.path.join(_dir, "rfxn")
    i360 = os.path.join(_dir, "i360")

    AI_BOLIT_HOSTER = os.path.join(_dir, "aibolit", "ai-bolit-hoster-full.db")
    AI_BOLIT_HYPERSCAN = os.path.join(_dir, "aibolit", "hyperscan")
    MDS_AI_BOLIT_HOSTER = os.path.join(
        _dir, "aibolit", "mds-ai-bolit-hoster.db"
    )
    PROCU_DB = os.path.join(_dir, "aibolit", "procu2.db")
    MDS_PROCU_DB = os.path.join(_dir, "aibolit", "mds-procu2.db")


class Logger:
    MAX_LOG_FILE_SIZE = FromConfig(
        section="LOGGER",
        option="max_log_file_size",
    )
    BACKUP_COUNT = FromConfig(
        section="LOGGER",
        option="backup_count",
    )
    # directory mode for main log directory and all inner
    LOG_DIR_PERM = 0o700
    # file mode for main log directory and all inner
    LOG_FILE_PERM = 0o660


class UserType:
    ROOT = "root"
    NON_ROOT = "non_root"


class UIRole:
    CLIENT = "client"
    ADMIN = "admin"


class NoCP:
    # path to script implementing No CP API
    CLIENT_SCRIPT = "/etc/imunify360/scripts/domains"
    # latest version of the API supported by agent
    LATEST_VERSION = 1


class CustomBillingConfig(Config):
    def __init__(self):
        path = os.path.join(
            "/etc/sysconfig/imunify360", Core.CUSTOM_BILLING_CONFIGFILENAME
        )
        super().__init__(
            path=path, validation_schema=CONFIG_SCHEMA_CUSTOM_BILLING
        )


class CustomBilling:
    UPGRADE_URL = FromConfig(
        section="CUSTOM_BILLING",
        option="upgrade_url",
        config_cls=CustomBillingConfig,
    )
    UPGRADE_URL_360 = FromConfig(
        section="CUSTOM_BILLING",
        option="upgrade_url_360",
        config_cls=CustomBillingConfig,
    )
    NOTIFICATIONS = FromConfig(
        section="CUSTOM_BILLING",
        option="billing_notifications",
        config_cls=CustomBillingConfig,
    )
    IP_LICENSE = FromConfig(
        section="CUSTOM_BILLING",
        option="ip_license",
        config_cls=CustomBillingConfig,
    )


class PermissionsConfig:
    USER_IGNORE_LIST = FromConfig(
        section="PERMISSIONS",
        option="user_ignore_list",
    )
    ALLOW_MALWARE_SCAN = FromConfig(
        section="PERMISSIONS",
        option="allow_malware_scan",
    )
    USER_OVERRIDE_MALWARE_ACTIONS = FromConfig(
        section="PERMISSIONS", option="user_override_malware_actions"
    )
    USER_OVERRIDE_PROACTIVE_DEFENSE = FromConfig(
        section="PERMISSIONS",
        option="user_override_proactive_defense",
    )
    ALLOW_LOCAL_MALWARE_IGNORE_LIST_MANAGEMENT = FromConfig(
        section="PERMISSIONS",
        option="allow_local_malware_ignore_list_management",
    )


class MyImunifyConfig:
    ENABLED = FromConfig(
        section="MY_IMUNIFY",
        option="enable",
    )
    PURCHASE_PAGE_URL = FromConfig(
        section="MY_IMUNIFY",
        option="purchase_page_url",
    )


class ControlPanelConfig:
    SMART_ADVICE_ALLOWED = FromConfig(
        section="CONTROL_PANEL",
        option="smart_advice_allowed",
    )
    ADVICE_EMAIL_NOTIFICATION = FromConfig(
        section="CONTROL_PANEL",
        option="advice_email_notification",
    )


def effective_user_config(admin_config, user_config):
    allowed_sections = [
        "BACKUP_RESTORE",
        "MALWARE_CLEANUP",
        "MALWARE_SCANNING",
        "ERROR_REPORTING",
        "PROACTIVE_DEFENCE",
        "PERMISSIONS",
        "MY_IMUNIFY",
        "CONTROL_PANEL",
    ]
    overridable = {
        (
            "MALWARE_SCANNING",
            "default_action",
        ): PermissionsConfig.USER_OVERRIDE_MALWARE_ACTIONS,
        (
            "PROACTIVE_DEFENCE",
            "mode",
        ): PermissionsConfig.USER_OVERRIDE_PROACTIVE_DEFENSE,
    }
    admin_dict = admin_config.config_to_dict()
    user_dict = user_config.config_to_dict()

    def normalize_section(section):
        admin_options = deepcopy(admin_dict.get(section))
        user_options = deepcopy(user_dict.get(section, {}))
        resulting_dict = {}
        for option, admin_value in admin_options.items():
            user_value = user_options.get(option)
            if (
                user_value is not None
                # All options available to user are overridable by default
                and overridable.get((section, option), True)
            ):
                resulting_dict[option] = user_value
            else:
                resulting_dict[option] = admin_value

        return resulting_dict

    effective_config = {
        section: normalize_section(section) for section in allowed_sections
    }

    return fm_config_cleanup(effective_config, user_config.username)


class HookEvents:
    IM360_EVENTS = (
        AGENT,
        LICENSE,
        MALWARE_SCANNING,
        MALWARE_CLEANUP,
        MALWARE_DETECTED,
    ) = (
        "agent",
        "license",
        "malware-scanning",
        "malware-cleanup",
        "malware-detected",
    )
    IMAV_EVENTS = (
        LICENSE,
        MALWARE_SCANNING,
        MALWARE_CLEANUP,
        MALWARE_DETECTED,
    )
    EVENTS = IMAV_EVENTS if ANTIVIRUS_MODE else IM360_EVENTS


class ConfigsValidatorError(Exception):
    def __init__(self, configs_to_errors: Dict[Config, str]):
        self.configs_to_errors = configs_to_errors

    def __repr__(self):
        errors = []
        for config, error in self.configs_to_errors.items():
            errors.append(f"{config!r}: {error}")
        return "\n".join(errors)


class ConfigsValidator:
    """A class that has methods to validate configs bypassing the cache"""

    @classmethod
    def validate_system_config(cls):
        """
        Validate merged config
        :raises ConfigsValidatorError
        """
        SystemConfig().validate()

    @classmethod
    def validate_config_layers(cls):
        """
        Validate all config layers, collect all errors
        :raises ConfigsValidatorError
        """
        configs_to_errors = {}
        for layer in Merger(Merger.get_layer_names()).layers:
            try:
                layer.validate()
            except ConfigsValidatorError as e:
                configs_to_errors.update(e.configs_to_errors)

        if configs_to_errors:
            raise ConfigsValidatorError(configs_to_errors)

    @classmethod
    def validate(
        cls,
        config_dict: dict,
        validation_schema: Union[dict, Callable] = config_schema_root,
    ) -> None:
        """
        Validate config represented by a dict
        :param config_dict: config to validate
        :param validation_schema: schema to validate config against
        :raises ConfigValidationError
        """

        schema = cls.get_validation_schema(validation_schema)
        v = ConfigValidator(schema)
        if not v.validate(config_dict):
            raise ConfigValidationError(v.errors)

    @staticmethod
    def get_validation_schema(
        validation_schema: Union[Mapping, Callable]
    ) -> Mapping:
        if callable(validation_schema):
            return validation_schema()
        return validation_schema


ConfigFile = config_file_factory


class AdminContacts:
    ENABLE_ICONTACT_NOTIFICATIONS = FromConfig(
        section="ADMIN_CONTACTS",
        option="enable_icontact_notifications",
    )


class IContactMessageType(str, Enum):
    MALWARE_FOUND = "MalwareFound"
    SCAN_NOT_SCHEDULED = "ScanNotScheduled"
    GENERIC = "Generic"

    def __str__(self):
        return self.value


CONFIG_SCHEMA_BACKUP_SYSTEM = {
    "BACKUP_SYSTEM": {
        "type": "dict",
        "schema": {
            "enabled": {
                "type": "boolean",
                "default": False,
            },
            "backup_system": {
                "type": "string",
                "default": None,
                "nullable": True,
                "allowed": [
                    CPANEL,
                    PLESK,
                    R1SOFT,
                    ACRONIS,
                    CLOUDLINUX,
                    DIRECTADMIN,
                    CLOUDLINUX_ON_PREMISE,
                    CLUSTERLOGICS,
                    SAMPLE_BACKEND,
                ],
            },
        },
        "default": {},
    }
}


class BackupConfig(Config):
    DISCLAIMER = """\
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
#
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#   DO NOT EDIT. AUTOMATICALLY GENERATED.
#   !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#
#   Direct modifications to this file WILL be lost upon subsequent
#   regeneration of this configuration file.
#
#   To have your modifications retained, you should use CLI command
#   imunify360-agent backup-systems <init|disable> <backup-system>
#   or activate/deactivate appropriate feature in UI.
#
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
    """

    def __init__(
        self,
        *,
        path=os.path.join(
            "/etc/sysconfig/imunify360", Core.BACKUP_CONFIGFILENAME
        ),
        validation_schema=CONFIG_SCHEMA_BACKUP_SYSTEM,
    ):
        super().__init__(path=path, validation_schema=validation_schema)


class BackupRestore:
    ENABLED = FromConfig(
        section="BACKUP_SYSTEM", option="enabled", config_cls=BackupConfig
    )
    _BACKUP_SYSTEM = FromConfig(
        section="BACKUP_SYSTEM",
        option="backup_system",
        config_cls=BackupConfig,
    )
    CL_BACKUP_ALLOWED = FromConfig(
        section="BACKUP_RESTORE",
        option="cl_backup_allowed",
    )
    CL_ON_PREMISE_BACKUP_ALLOWED = FromConfig(
        section="BACKUP_RESTORE",
        option="cl_on_premise_backup_allowed",
    )

    @classmethod
    def backup_system(cls):
        return _get_backend_system(cls._BACKUP_SYSTEM)


def _get_backend_system(name):
    """
    Get backup module from its name
    :param name: backup system name
    :return: backup system module
    """
    from restore_infected import backup_backends

    if name in (CLOUDLINUX, CLOUDLINUX_ON_PREMISE):
        # cloudlinux backup is actually acronis one
        name = ACRONIS
    elif name is None:
        return None

    return backup_backends.backend(name, async_=True)


class AcronisBackup:
    # https://kb.acronis.com/content/1711
    # https://kb.acronis.com/content/47189
    LOG_NAME = "acronis-installer.log"
    PORTS = (8443, 44445, 55556)
    RANGE = {(7770, 7800)}


def should_try_autorestore_malicious(username: str) -> bool:
    """
    Checks is Agent should try restore malware file firts
    and returns user that set this action in config
    """
    try_restore, _ = choose_value_from_config(
        "MALWARE_SCANNING", "try_restore_from_backup_first", username
    )
    return BackupRestore.ENABLED and try_restore


def choose_use_backups_start_from_date(username: str) -> datetime:
    max_days, _ = choose_value_from_config(
        "BACKUP_RESTORE", "max_days_in_backup", username
    )
    until = datetime.now() - timedelta(days=max_days)
    return until


def should_send_user_notifications(username: str) -> bool:
    should_send, _ = choose_value_from_config(
        "CONTROL_PANEL",
        "generic_user_notifications",
        username=username,
    )
    return should_send


class HackerTrap:
    DIR = "/var/imunify360"
    NAME = "malware_found_b64.list"
    SA_NAME = "malware_standalone_b64.list"
    DIR_PD = "/opt/imunify360/proactive/dangerlist/"