diff options
Diffstat (limited to 'src/msec/plugins/audit.py')
-rw-r--r-- | src/msec/plugins/audit.py | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/msec/plugins/audit.py b/src/msec/plugins/audit.py index 2e8b839..e2409f5 100644 --- a/src/msec/plugins/audit.py +++ b/src/msec/plugins/audit.py @@ -17,6 +17,7 @@ except IOError: CRON = '/etc/cron.d/msec' CRON_REGEX = '[^#]+/usr/share/msec/promisc_check.sh' CRON_ENTRY = '*/1 * * * * root /usr/share/msec/promisc_check.sh' +SECURITYCRON = '/etc/cron.daily/msec' class audit: def __init__(self, log=None, configfiles=None, root=None): @@ -54,6 +55,8 @@ class audit: config.SETTINGS['MAIL_EMPTY_CONTENT'] = ("audit.mail_empty_content", ['yes', 'no']) config.SETTINGS['SYSLOG_WARN'] = ("audit.syslog_warn", ['yes', 'no']) config.SETTINGS['NOTIFY_WARN'] = ("audit.notify_warn", ['yes', 'no']) + # security checks from audit plugins + config.SETTINGS['CHECK_SECURITY'] = ("audit.check_security", ['yes', 'no']) # preparing msecgui menu for check in ["CHECK_PERMS", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID", @@ -63,6 +66,13 @@ class audit: "TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT"]: config.SETTINGS_PERIODIC.append(check) + # checks with exceptions + for check in ["CHECK_PERMS", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID", + "CHECK_WRITABLE", "CHECK_UNOWNED", "CHECK_OPEN_PORT", "CHECK_FIREWALL", + "CHECK_PASSWD", "CHECK_SHADOW", "CHECK_RPM_PACKAGES", "CHECK_RPM_INTEGRITY", + "CHECK_SHOSTS", "CHECK_USERS", "CHECK_GROUPS"]: + config.CHECKS_WITH_EXCEPTIONS.append(check) + # The following checks are run from crontab. We only have these functions here # to get their descriptions. @@ -177,3 +187,19 @@ class audit: self.log.info(_('Disabling periodic promiscuity check')) cron.remove_line_matching('[^#]+/usr/share/msec/promisc_check.sh') + def check_security(self, arg): + """ Enable daily security checks.""" + cron = self.configfiles.get_config_file(CRON) + cron.remove_line_matching('[^#]+/usr/share/msec/security.sh') + + securitycron = self.configfiles.get_config_file(SECURITYCRON) + + if arg == "yes": + if not securitycron.exists(): + self.log.info(_('Activating daily security check')) + securitycron.symlink(SECURITYSH) + else: + if securitycron.exists(): + self.log.info(_('Disabling daily security check')) + securitycron.unlink() + |