diff options
| author | Papoteur <papoteur@mageia.org> | 2017-09-05 09:40:38 +0200 |
|---|---|---|
| committer | Papoteur <papoteur@mageia.org> | 2017-09-05 09:40:38 +0200 |
| commit | 315473c53155054c3ba1abe906c25f4211842897 (patch) | |
| tree | 9bad16e3456f4b4ed2c457383a9efb7667b709b9 | |
| parent | c67234943f29263f329776cb797413f82939a3bc (diff) | |
| download | msec-315473c53155054c3ba1abe906c25f4211842897.tar msec-315473c53155054c3ba1abe906c25f4211842897.tar.gz msec-315473c53155054c3ba1abe906c25f4211842897.tar.bz2 msec-315473c53155054c3ba1abe906c25f4211842897.tar.xz msec-315473c53155054c3ba1abe906c25f4211842897.zip | |
suppress DNS_SPOOFING_PROTECTION (mga#21621).
| -rwxr-xr-x | src/msec/plugins/network.py | 20 |
1 files changed, 1 insertions, 19 deletions
diff --git a/src/msec/plugins/network.py b/src/msec/plugins/network.py index 2f5753b..e33a51b 100755 --- a/src/msec/plugins/network.py +++ b/src/msec/plugins/network.py @@ -107,14 +107,13 @@ class network: config.SETTINGS['ACCEPT_BROADCASTED_ICMP_ECHO'] = ("network.accept_broadcasted_icmp_echo", ['yes', 'no']) config.SETTINGS['ACCEPT_ICMP_ECHO'] = ("network.accept_icmp_echo", ['yes', 'no']) config.SETTINGS['ALLOW_REMOTE_ROOT_LOGIN'] = ("network.allow_remote_root_login", ['yes', 'no', 'without-password']) - config.SETTINGS['ENABLE_DNS_SPOOFING_PROTECTION'] = ("network.enable_dns_spoofing_protection", ['yes', 'no']) config.SETTINGS['ENABLE_IP_SPOOFING_PROTECTION'] = ("network.enable_ip_spoofing_protection", ['yes', 'no']) config.SETTINGS['ENABLE_LOG_STRANGE_PACKETS'] = ("network.enable_log_strange_packets", ['yes', 'no']) # network settings for check in ["ACCEPT_BOGUS_ERROR_RESPONSES", "ACCEPT_BROADCASTED_ICMP_ECHO", "ACCEPT_ICMP_ECHO", "ALLOW_REMOTE_ROOT_LOGIN", "ALLOW_X_CONNECTIONS", "ALLOW_XSERVER_TO_LISTEN", - "AUTHORIZE_SERVICES", "ENABLE_DNS_SPOOFING_PROTECTION", "ENABLE_IP_SPOOFING_PROTECTION", + "AUTHORIZE_SERVICES", "ENABLE_IP_SPOOFING_PROTECTION", "ENABLE_LOG_STRANGE_PACKETS"]: config.SETTINGS_NETWORK.append(check) @@ -162,23 +161,6 @@ class network: ''' Enable IP spoofing protection.''' self.set_zero_one_variable(SYSCTLCONF, 'net.ipv4.conf.all.rp_filter', arg, 'Enabling ip spoofing protection', 'Disabling ip spoofing protection') - def enable_dns_spoofing_protection(self, arg, alert=1): - ''' Enable name resolution spoofing protection.''' - hostconf = self.configfiles.get_config_file(HOSTCONF) - - val = hostconf.get_match('nospoof\s+on') - - if arg: - if not val: - self.log.info(_('Enabling name resolution spoofing protection')) - hostconf.replace_line_matching('nospoof', 'nospoof on', 1) - hostconf.replace_line_matching('spoofalert', 'spoofalert on', (alert != 0)) - else: - if val: - self.log.info(_('Disabling name resolution spoofing protection')) - hostconf.remove_line_matching('nospoof') - hostconf.remove_line_matching('spoofalert') - def accept_icmp_echo(self, arg): ''' Accept ICMP echo.''' self.set_zero_one_variable(SYSCTLCONF, 'net.ipv4.icmp_echo_ignore_all', invert(arg), 'Ignoring icmp echo', 'Accepting icmp echo') |