aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2010-02-08 14:05:56 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2010-02-08 14:05:56 +0000
commit00902a9d2085c63e28224d45db7737b01085d0f8 (patch)
tree67d6ede13384a2c3059815266de6c960ded79c9c
parentaef359b11969f0ec52bb19d092fd3b9086a4cb38 (diff)
downloadmsec-00902a9d2085c63e28224d45db7737b01085d0f8.tar
msec-00902a9d2085c63e28224d45db7737b01085d0f8.tar.gz
msec-00902a9d2085c63e28224d45db7737b01085d0f8.tar.bz2
msec-00902a9d2085c63e28224d45db7737b01085d0f8.tar.xz
msec-00902a9d2085c63e28224d45db7737b01085d0f8.zip
Initial support for parameter value translation
-rw-r--r--src/msec/config.py37
-rwxr-xr-xsrc/msec/libmsec.py4
-rw-r--r--src/msec/plugins/audit.py64
3 files changed, 74 insertions, 31 deletions
diff --git a/src/msec/config.py b/src/msec/config.py
index 7669619..2e7726a 100644
--- a/src/msec/config.py
+++ b/src/msec/config.py
@@ -41,6 +41,32 @@ try:
except IOError:
_ = str
+# reverse translations
+# the strings for reverse translations are defined with N_ instead of _,
+# and are saved in config._translations{} with their reverse mapping
+# config._value_mapping{} stores the mapping between raw and translated
+# values in forward-compatible way
+_translations={}
+_value_mapping={}
+def N_(s):
+ """Translates string and stores the reverse mapping"""
+ trans = _(s)
+ _translations[trans] = s
+ _value_mapping[s] = trans
+ return trans
+
+def translate_to_raw(s):
+ """Recovers reverse mapping of a translated string (if any)"""
+ if s in _translations:
+ return _translations[s]
+ return s
+
+def translate_from_raw(s):
+ """Maps a value into its translated version"""
+ if s in _value_mappings:
+ return _value_mappings[s]
+ return s
+
# shared strings
MODIFICATIONS_FOUND = _('Modified system files')
MODIFICATIONS_NOT_FOUND = _('No changes in system files')
@@ -56,12 +82,17 @@ SETTINGS = {
'BASE_LEVEL': ("libmsec.base_level", ['*']),
}
# text for disabled options
-OPTION_DISABLED=_("System default")
+OPTION_DISABLED=N_("Disabled")
+
+# options for periodic checks
+VALUES_PERIODIC=[N_('manual'), N_('daily'), N_('weekly'), N_('monthly'), N_('no')]
+# options for yes-no checks
+VALUES_YESNO=[N_('yes'), N_('no')]
# some checks require installation of additional packages if a specific option was activated
REQUIRE_PACKAGES = {
- # the format is: 'OPTION_NAME': ('option value which requires package installation', 'list of packages')
- # for example, 'CHECK_CHKROOTKIT': ('yes', 'chkrootkit')
+ # the format is: 'OPTION_NAME': (['option values which requires package installation]', ['packages'])
+ # for example, 'CHECK_CHKROOTKIT': (['yes'], ['chkrootkit'])
}
# settings organizes by category
diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py
index bcd7e7b..77bcf7f 100755
--- a/src/msec/libmsec.py
+++ b/src/msec/libmsec.py
@@ -749,6 +749,10 @@ class MSEC:
if param == None or len(param) == 0:
self.log.debug("Skipping %s" % opt)
continue
+ # checking if parameter value was translated
+ print "Before: %s" % param
+ param = config.translate_to_raw(param)
+ print "After: %s" % param
if param not in valid_params and '*' not in valid_params:
self.log.error(_("Invalid parameter for %s: '%s'. Valid parameters: '%s'.") % (opt,
param, valid_params))
diff --git a/src/msec/plugins/audit.py b/src/msec/plugins/audit.py
index 94f79a9..71be692 100644
--- a/src/msec/plugins/audit.py
+++ b/src/msec/plugins/audit.py
@@ -30,38 +30,42 @@ class audit:
self.root = root
# defining the checks
- config.SETTINGS['CHECK_PERMS'] = ("audit.check_perms", ['yes', 'no', 'enforce'])
- config.SETTINGS['CHECK_USER_FILES'] = ("audit.check_user_files", ['yes', 'no'])
- config.SETTINGS['CHECK_SUID_ROOT'] = ("audit.check_suid_root", ['yes', 'no'])
- config.SETTINGS['CHECK_SUID_MD5'] = ("audit.check_suid_md5", ['yes', 'no'])
- config.SETTINGS['CHECK_SGID'] = ("audit.check_sgid", ['yes', 'no'])
- config.SETTINGS['CHECK_WRITABLE'] = ("audit.check_writable", ['yes', 'no'])
- config.SETTINGS['CHECK_UNOWNED'] = ("audit.check_unowned", ['yes', 'no'])
- config.SETTINGS['FIX_UNOWNED'] = ("audit.fix_unowned", ['yes', 'no'])
- config.SETTINGS['CHECK_PROMISC'] = ("audit.check_promisc", ['yes', 'no'])
- config.SETTINGS['CHECK_OPEN_PORT'] = ("audit.check_open_port", ['yes', 'no'])
- config.SETTINGS['CHECK_FIREWALL'] = ("audit.check_firewall", ['yes', 'no'])
- config.SETTINGS['CHECK_PASSWD'] = ("audit.check_passwd", ['yes', 'no'])
- config.SETTINGS['CHECK_SHADOW'] = ("audit.check_shadow", ['yes', 'no'])
- config.SETTINGS['CHECK_CHKROOTKIT'] = ("audit.check_chkrootkit", ['yes', 'no'])
- config.SETTINGS['CHECK_RPM_PACKAGES'] = ("audit.check_rpm_packages", ['yes', 'no'])
- config.SETTINGS['CHECK_RPM_INTEGRITY'] = ("audit.check_rpm_integrity", ['yes', 'no'])
- config.SETTINGS['CHECK_SHOSTS'] = ("audit.check_shosts", ['yes', 'no'])
- config.SETTINGS['CHECK_USERS'] = ("audit.check_users", ['yes', 'no'])
- config.SETTINGS['CHECK_GROUPS'] = ("audit.check_groups", ['yes', 'no'])
+ config.SETTINGS['CHECK_PERMS'] = ("audit.check_perms", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_PERMS_ENFORCE'] = ("audit.check_perms_enforce", config.VALUES_YESNO)
+ config.SETTINGS['CHECK_USER_FILES'] = ("audit.check_user_files", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_SUID_ROOT'] = ("audit.check_suid_root", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_SUID_MD5'] = ("audit.check_suid_md5", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_SGID'] = ("audit.check_sgid", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_WRITABLE'] = ("audit.check_writable", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_UNOWNED'] = ("audit.check_unowned", config.VALUES_PERIODIC)
+ config.SETTINGS['FIX_UNOWNED'] = ("audit.fix_unowned", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_PROMISC'] = ("audit.check_promisc", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_OPEN_PORT'] = ("audit.check_open_port", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_FIREWALL'] = ("audit.check_firewall", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_PASSWD'] = ("audit.check_passwd", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_SHADOW'] = ("audit.check_shadow", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_CHKROOTKIT'] = ("audit.check_chkrootkit", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_RPM_PACKAGES'] = ("audit.check_rpm_packages", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_RPM_INTEGRITY'] = ("audit.check_rpm_integrity", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_SHOSTS'] = ("audit.check_shosts", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_USERS'] = ("audit.check_users", config.VALUES_PERIODIC)
+ config.SETTINGS['CHECK_GROUPS'] = ("audit.check_groups", config.VALUES_PERIODIC)
# notifications
- config.SETTINGS['TTY_WARN'] = ("audit.tty_warn", ['yes', 'no'])
- config.SETTINGS['MAIL_WARN'] = ("audit.mail_warn", ['yes', 'no'])
+ config.SETTINGS['TTY_WARN'] = ("audit.tty_warn", config.VALUES_YESNO)
+ config.SETTINGS['MAIL_WARN'] = ("audit.mail_warn", config.VALUES_YESNO)
config.SETTINGS['MAIL_USER'] = ("audit.mail_user", ['*'])
- config.SETTINGS['MAIL_EMPTY_CONTENT'] = ("audit.mail_empty_content", ['yes', 'no'])
- config.SETTINGS['SYSLOG_WARN'] = ("audit.syslog_warn", ['yes', 'no'])
- config.SETTINGS['NOTIFY_WARN'] = ("audit.notify_warn", ['yes', 'no'])
+ config.SETTINGS['MAIL_EMPTY_CONTENT'] = ("audit.mail_empty_content", config.VALUES_YESNO)
+ config.SETTINGS['SYSLOG_WARN'] = ("audit.syslog_warn", config.VALUES_YESNO)
+ config.SETTINGS['NOTIFY_WARN'] = ("audit.notify_warn", config.VALUES_YESNO)
# security checks from audit plugins
- config.SETTINGS['CHECK_SECURITY'] = ("audit.check_security", ['yes', 'no'])
- config.SETTINGS['CHECK_ON_BATTERY'] = ("audit.check_on_battery", ['yes', 'no'])
+ config.SETTINGS['CHECK_SECURITY'] = ("audit.check_security", config.VALUES_YESNO)
+ config.SETTINGS['CHECK_ON_BATTERY'] = ("audit.check_on_battery", config.VALUES_YESNO)
+
+ # defining additional packages that should be installed
+ config.REQUIRE_PACKAGES['CHECK_CHKROOTKIT'] = (['yes'], ['chkrootkit'])
# preparing msecgui menu
- for check in ["CHECK_PERMS", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID",
+ for check in ["CHECK_PERMS", "CHECK_PERMS_ENFORCE", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID",
"CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_FIREWALL",
"CHECK_PASSWD", "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM_PACKAGES", "CHECK_RPM_INTEGRITY",
"CHECK_SHOSTS", "CHECK_USERS", "CHECK_GROUPS",
@@ -79,7 +83,11 @@ class audit:
# to get their descriptions.
def check_perms(self, param):
- """ Enable periodic permission checking for files specified in msec policy. If set to yes, the permissions are verified on every run. If set to enforce, incorrect permissions are restored to the ones specified in msec security policy."""
+ """ Enable periodic permission checking for files specified in msec policy."""
+ pass
+
+ def check_perms_enforce(self, param):
+ """ Enable msec to enforce file permissions to the values specified in the msec security policy."""
pass
def check_user_files(self, param):