diff options
| author | Eugeni Dodonov <eugeni@mandriva.org> | 2010-02-22 17:34:35 +0000 |
|---|---|---|
| committer | Eugeni Dodonov <eugeni@mandriva.org> | 2010-02-22 17:34:35 +0000 |
| commit | 881c72bdb4269bbd5c2ba4363f7a56b20599b342 (patch) | |
| tree | 6931fae0d613458822759acbe2f0e883c6faa650 | |
| parent | 2dd2583959ab5540c3dc592f317c8280f470ba3e (diff) | |
| download | msec-881c72bdb4269bbd5c2ba4363f7a56b20599b342.tar msec-881c72bdb4269bbd5c2ba4363f7a56b20599b342.tar.gz msec-881c72bdb4269bbd5c2ba4363f7a56b20599b342.tar.bz2 msec-881c72bdb4269bbd5c2ba4363f7a56b20599b342.tar.xz msec-881c72bdb4269bbd5c2ba4363f7a56b20599b342.zip | |
Add support for EXCLUDE_REGEXP
| -rwxr-xr-x | cron-sh/scripts/01_files.sh | 4 | ||||
| -rw-r--r-- | src/msec/plugins/audit.py | 7 |
2 files changed, 10 insertions, 1 deletions
diff --git a/cron-sh/scripts/01_files.sh b/cron-sh/scripts/01_files.sh index 64d82e7..247465f 100755 --- a/cron-sh/scripts/01_files.sh +++ b/cron-sh/scripts/01_files.sh @@ -55,6 +55,10 @@ fi # only running this check when really required if check_is_enabled "${CHECK_SUID_MD5}" || check_is_enabled "${CHECK_SUID_ROOT}" || check_is_enabled "${CHECK_SGID}" || check_is_enabled "${CHECK_WRITABLE}" || check_is_enabled "${CHECK_UNOWNED}" ; then # Hard disk related file check; the less priority the better... + if [[ -n ${EXCLUDE_REGEXP} ]]; then + # passing exclude_regexp value to msec_find + export EXCLUDE_REGEXP + fi nice --adjustment=+19 /usr/bin/msec_find ${DIR} fi diff --git a/src/msec/plugins/audit.py b/src/msec/plugins/audit.py index 84d9e5d..1ab5a8d 100644 --- a/src/msec/plugins/audit.py +++ b/src/msec/plugins/audit.py @@ -32,6 +32,7 @@ class audit: # defining the checks config.SETTINGS['CHECK_PERMS'] = ("audit.check_perms", config.VALUES_PERIODIC) config.SETTINGS['CHECK_PERMS_ENFORCE'] = ("audit.check_perms_enforce", config.VALUES_YESNO) + config.SETTINGS['EXCLUDE_REGEXP'] = ("msec.exclude_regexp", ['*']) config.SETTINGS['CHECK_USER_FILES'] = ("audit.check_user_files", config.VALUES_PERIODIC) config.SETTINGS['CHECK_SUID_ROOT'] = ("audit.check_suid_root", config.VALUES_PERIODIC) config.SETTINGS['CHECK_SUID_MD5'] = ("audit.check_suid_md5", config.VALUES_PERIODIC) @@ -66,7 +67,7 @@ class audit: # preparing msecgui menu for check in ["CHECK_PERMS", "CHECK_PERMS_ENFORCE", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID", - "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_FIREWALL", + "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "EXCLUDE_REGEXP", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_FIREWALL", "CHECK_PASSWD", "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM_PACKAGES", "CHECK_RPM_INTEGRITY", "CHECK_SHOSTS", "CHECK_USERS", "CHECK_GROUPS", "TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT", "CHECK_ON_BATTERY"]: @@ -186,6 +187,10 @@ class audit: """Run security checks when machine is running on battery power.""" pass + def exclude_regexp(self, param): + """Patterns to exclude from disk checks. This parameter is parsed as a regex (7), so you may use complex expressions.""" + pass + def check_promisc(self, param): ''' Activate ethernet cards promiscuity check.''' cron = self.configfiles.get_config_file(CRON) |