zscams 2.0.7__tar.gz → 2.0.9__tar.gz

{zscams-2.0.7 → zscams-2.0.9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: zscams
-Version: 2.0.7
+Version: 2.0.9
 Summary: Async TLS tunnel client with SNI routing, auto-reconnect, and health checks
 Author: OCD - Cairo Software Team
 Maintainer: OCD - Cairo Software Team

{zscams-2.0.7 → zscams-2.0.9}/pyproject.toml

@@ -3,7 +3,7 @@ name = "zscams_agent"
 
 [tool.poetry]
 name = "zscams"
-version = "2.0.7"
+version = "2.0.9"
 description = "Async TLS tunnel client with SNI routing, auto-reconnect, and health checks"
 authors = ["OCD - Cairo Software Team"]
 maintainers = ["OCD - Cairo Software Team"]

{zscams-2.0.7 → zscams-2.0.9}/zscams/__main__.py

@@ -6,6 +6,7 @@ import asyncio
 import sys
 import os
 from zscams.agent.src.core.backend.bootstrap import bootstrap
+from zscams.agent.src.core.backend.unbootstrap import unbootstrap
 from zscams.agent.src.core.backend.update_machine_info import update_machine_info
 from zscams.agent.src.support.logger import get_logger
 from zscams.agent import init_parser, ensure_bootstrapped, run
@@ -32,6 +33,17 @@ def main():
         update_machine_info()
         sys.exit(0)
 
+    if args.unbootstrap:
+        try:
+            if os.geteuid() != 0:
+                logger.error("You are NOT running as root.")
+                sys.exit(1)
+            unbootstrap()
+            sys.exit(0)
+        except Exception as exception:
+            logger.error(exception)
+            sys.exit(1)
+
     try:
         ensure_bootstrapped()
         asyncio.run(run())

{zscams-2.0.7 → zscams-2.0.9}/zscams/agent/__init__.py

@@ -22,10 +22,15 @@ def init_parser():
         action="store_true",
         help="Run bootstrap process and exit",
     )
+    parser.add_argument(
+        "--unbootstrap",
+        action="store_true",
+        help="Run unbootstrap process and exit",
+    )
     parser.add_argument(
         "--update-machine-info",
         action="store_true",
-        help="Run bootstrap process and exit",
+        help="Reinitialize machine info",
     )
     return parser
 

{zscams-2.0.7 → zscams-2.0.9}/zscams/agent/src/core/backend/bootstrap.py

@@ -4,7 +4,7 @@ import sysconfig
 import sys
 from typing import cast
 from zscams.agent.src.core.backend.client import backend_client
-from zscams.agent.src.support.configuration import reinitialize
+from zscams.agent.src.support.configuration import reinitialize, CONFIG_PATH
 from zscams.agent.src.support.logger import get_logger
 from zscams.agent.src.support.os import create_system_user, install_service, is_freebsd
 from zscams.agent.src.support.ssh import add_to_authorized_keys
@@ -47,6 +47,8 @@ def bootstrap():
         f"{equipment_type.lower()}-{customer_name.lower()}-{connector_name.lower()}"
     )
     enforced_id = prompt("Enforced ID", "Enforced Agent ID")
+    if not os.path.exists(CONFIG_PATH):
+        os.remove(CONFIG_PATH)
     reinitialize(equipment_name=equipment_name, equipment_type=equipment_type)
     cm_info = backend_client.bootstrap(equipment_name, enforced_id or None)
 

zscams-2.0.9/zscams/agent/src/core/backend/unbootstrap.py

@@ -0,0 +1,49 @@
+import os
+from zscams.agent.src.support.filesystem import resolve_path
+from zscams.agent.src.support.configuration import get_config, CONFIG_PATH, ROOT_PATH
+from zscams.agent.src.core.backend.client import BackendClient
+from zscams.agent.src.support.logger import get_logger
+from zscams.agent.src.support.os import remove_service, is_freebsd
+
+logger = get_logger("Unbootstrap")
+
+
+def unbootstrap():
+    remote_configs = get_config().get("remote", {})
+    backend_config = get_config().get("backend", {})
+    private_key_path = resolve_path(
+        remote_configs.get("client_key"), os.path.dirname(CONFIG_PATH)
+    )
+
+    cert_path = resolve_path(
+        remote_configs.get("client_key"), os.path.dirname(CONFIG_PATH)
+    )
+
+    ca_chain_path = resolve_path(
+        remote_configs.get("client_key"), os.path.dirname(CONFIG_PATH)
+    )
+
+    cache_path = os.path.join(
+        ROOT_PATH.parent,
+        backend_config.get("cache_dir"),
+        BackendClient.MACHINE_INFO_FILE_NAME,
+    )
+
+    if os.path.exists(private_key_path):
+        os.remove(private_key_path)
+        logger.debug("Removed private key")
+
+    if os.path.exists(cert_path):
+        os.remove(cert_path)
+        logger.debug("Removed certificate")
+
+    if os.path.exists(ca_chain_path):
+        os.remove(ca_chain_path)
+        logger.debug("Removed CA Chain")
+
+    if os.path.exists(cache_path):
+        os.remove(cache_path)
+        logger.debug("Removed Machine info")
+
+    remove_service("zscams" if is_freebsd() else "zscams.service")
+    logger.debug("Removed ZSCAMs service")

{zscams-2.0.7 → zscams-2.0.9}/zscams/agent/src/services/reverse_ssh.py

@@ -43,7 +43,7 @@ async def run():
 
     # Add additional SSH options
     ssh_cmd += SSH_OPTIONS
-
+    os.chmod(PRIVATE_KEY, 0o700)
     logger.info(f"Starting reverse SSH tunnel: {' '.join(ssh_cmd)}")
 
     while True:

{zscams-2.0.7 → zscams-2.0.9}/zscams/agent/src/services/ssh_forwarder.py

@@ -45,7 +45,7 @@ async def run():
 
     # Add additional SSH options
     ssh_cmd += SSH_OPTIONS
-
+    os.chmod(PRIVATE_KEY, 0o700)
     logger.info(f"Starting reverse SSH tunnel: {' '.join(ssh_cmd)}")
 
     while True:

{zscams-2.0.7 → zscams-2.0.9}/zscams/agent/src/services/system_monitor.py

@@ -10,6 +10,7 @@ import socket
 import platform
 from zscams.agent.src.support.logger import get_logger
 from http.client import BadStatusLine, HTTPConnection, HTTPException
+
 logger = get_logger("system_monitor")
 
 # Load service-specific params from environment
@@ -30,8 +31,6 @@ SERVICE_NAME = params.get("service_name", "Zscaler-AppConnector")
 HOSTNAME = platform.node()
 
 
-
-
 def network():
     """
     Collect network interfaces and their statistics.
@@ -232,7 +231,6 @@ def log():
     }
 
 
-
 # -----------------------------
 # Helper function to log JSON
 # -----------------------------
@@ -249,13 +247,14 @@ async def send_json_log(payload: dict):
 
 
 async def schedule_task(interval):
-    while (True):
+    while True:
         try:
             await send_json_log(log())
         except Exception as exception:
             print(exception)
         await asyncio.sleep(interval)
 
+
 if __name__ == "__main__":
     try:
         asyncio.run(schedule_task(30))

{zscams-2.0.7 → zscams-2.0.9}/zscams/agent/src/support/filesystem.py

@@ -48,7 +48,7 @@ def is_file_exists(path, logger, base_dir=None):
     return False
 
 
-def append_to_file(path: str | Path, content: str):
+def append_to_file(path, content: str):
     try:
         if isinstance(path, str):
             path = Path(path)
@@ -63,6 +63,6 @@ def append_to_file(path: str | Path, content: str):
         raise exception
 
 
-def write_to_file(path: str | Path, content: str):
+def write_to_file(path: str, content: str):
     with open(path, "w", encoding="utf-8") as f:
         f.write(content)

{zscams-2.0.7 → zscams-2.0.9}/zscams/agent/src/support/os.py

@@ -1,3 +1,4 @@
+import os
 import sys
 import subprocess
 import platform
@@ -136,3 +137,53 @@ def install_systemd_service(service_name: str, content: str):
             service_name,
             service_name,
         )
+
+
+def remove_service(service_name: str):
+    """
+    Stops, disables, and removes service configurations for Linux and FreeBSD.
+    """
+    # Standardize name (remove .service suffix if present for consistency)
+    clean_name = service_name.replace(".service", "")
+
+    if is_linux():
+        _remove_systemd_service(clean_name)
+    elif is_freebsd():
+        _remove_rc_service(clean_name)
+    else:
+        logger.error("Unsupported OS for service removal.")
+
+
+def _remove_systemd_service(name: str):
+    service_file = f"/etc/systemd/system/{name}.service"
+    try:
+        logger.info("Stopping and disabling systemd service: %s", name)
+        subprocess.run(["sudo", "systemctl", "stop", name], check=False)
+        subprocess.run(["sudo", "systemctl", "disable", name], check=False)
+
+        if os.path.exists(service_file):
+            subprocess.run(["sudo", "rm", service_file], check=True)
+            subprocess.run(["sudo", "systemctl", "daemon-reload"], check=True)
+            logger.info("Systemd service %s removed.", name)
+    except subprocess.CalledProcessError as e:
+        logger.error("Failed to remove systemd service: %s", e)
+
+
+def _remove_rc_service(name: str):
+    rc_file = f"/usr/local/etc/rc.d/{name}"
+    try:
+        logger.info("Stopping and disabling FreeBSD service: %s", name)
+        # 1. Stop the service
+        subprocess.run(["sudo", "service", name, "stop"], check=False)
+
+        # 2. Disable in /etc/rc.conf
+        # Using sysrc -x removes the variable entirely from rc.conf
+        subprocess.run(["sudo", "sysrc", "-x", f"{name}_enable"], check=False)
+
+        # 3. Remove the rc.d script
+        if os.path.exists(rc_file):
+            subprocess.run(["sudo", "rm", rc_file], check=True)
+            logger.info("FreeBSD rc script %s removed.", name)
+
+    except subprocess.CalledProcessError as e:
+        logger.error("Failed to remove FreeBSD service: %s", e)