From fb603a009a6651bc4879d186c4492f1cdd27a5cb Mon Sep 17 00:00:00 2001 From: Eugeni Dodonov Date: Mon, 8 Feb 2010 14:05:30 +0000 Subject: Simplify sectool configuration. --- src/msec/plugins/sectool.py | 63 ++++++++++----------------------------------- 1 file changed, 14 insertions(+), 49 deletions(-) diff --git a/src/msec/plugins/sectool.py b/src/msec/plugins/sectool.py index b447b8e..ad2dba3 100644 --- a/src/msec/plugins/sectool.py +++ b/src/msec/plugins/sectool.py @@ -8,8 +8,6 @@ import os import re import gettext import sys -import glob -import traceback # configuration import config @@ -21,60 +19,27 @@ except IOError: _ = str class sectool: - def __init__(self, log=None, configfiles=None, root=None, sectool_path="/usr/share/sectool", sectool_config_path="/etc/sectool/"): + SECTOOL_LEVELS = ["1", "2", "3", "4", "5"] + def __init__(self, log=None, configfiles=None, root=None): + """This plugin provides support for RedHat's sectool""" # initializing plugin self.log = log self.configfiles = configfiles self.root = root - self.sectool_path = sectool_path - self.sectool_config_path = sectool_config_path + config.SETTINGS['CHECK_SECTOOL'] = ("sectool.check_sectool", config.VALUES_PERIODIC) + config.SETTINGS['CHECK_SECTOOL_LEVEL'] = ("sectool.check_sectool_level", self.SECTOOL_LEVELS) - # try importing sectool - if not os.access(sectool_path, os.F_OK): - # no sectool installed - self.log.warning(_("sectool: Sectool is not installed, disabling sectool checks")) - return - try: - sys.path.append(sectool_path) - from scheduler import scheduler - except: - self.log.error(_("sectool: Error importing sectool library: %s" % (sys.exc_value))) - return + config.SETTINGS_PERIODIC.extend(['CHECK_SECTOOL', 'CHECK_SECTOOL_LEVEL']) - # find the list of sectool checks - sectool_checks = glob.glob("%s/tests/*" % sectool_config_path) - if not sectool_checks: - self.log.info(_("sectool: No sectool checks found")) - return - for z in sectool_checks: - try: - check = scheduler.Description(z) - name = check["HEADER"]["NAME"] - func_name = ("sectool_%s" % name).upper() - # create virtual functions for each test - setattr(self, func_name, lambda x: True) - func = getattr(self, func_name) - func.__doc__ = check["HEADER"]["DESCRIPTION"] - config.SETTINGS_PERIODIC.append(func_name) - config.SETTINGS[func_name] = ("sectool.%s" % func_name, ['yes', 'no']) - except: - traceback.print_exc() - print sectool_checks + # defining additional packages that should be installed + config.REQUIRE_PACKAGES['CHECK_SECTOOL_LEVEL'] = (['yes'], ['sectool']) - # configuring entry in global settings - config.SETTINGS['ENABLE_PAM_WHEEL_FOR_SU'] = ("pam.enable_pam_wheel_for_su", ['yes', 'no']) - config.SETTINGS['ENABLE_PAM_ROOT_FROM_WHEEL'] = ("pam.enable_pam_root_from_wheel", ['yes', 'no']) - # password stuff - config.SETTINGS['ENABLE_PASSWORD'] = ("pam.enable_password", ['yes', 'no']) - config.SETTINGS['PASSWORD_HISTORY'] = ("pam.password_history", ['*']) - # format: min length, num upper, num digits - config.SETTINGS['PASSWORD_LENGTH'] = ("pam.password_length", ['*']) - # insert entry into system security settings - config.SETTINGS_SYSTEM.append('ENABLE_PAM_WHEEL_FOR_SU') - config.SETTINGS_SYSTEM.append('ENABLE_PAM_ROOT_FROM_WHEEL') - config.SETTINGS_SYSTEM.append('ENABLE_PASSWORD') - config.SETTINGS_SYSTEM.append('PASSWORD_HISTORY') - config.SETTINGS_SYSTEM.append('PASSWORD_LENGTH') + def check_sectool(self, param): + """Enable sectools checks. This check will run all sectool checks for a security level configuration. The security level to be used during this test is determined by the CHECK_SECTOOL_LEVELS variable.""" + pass + def check_sectool_level(self, param): + """Defines the sectool level to use during the periodic security check. You may use the sectool-gui application to select individual tests for each level.""" + pass -- cgit v1.2.1