aboutsummaryrefslogtreecommitdiffstats
path: root/src/msec/msecperms.py
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2010-01-29 14:42:06 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2010-01-29 14:42:06 +0000
commit374e67a681a3e7d59789e0fed6c335fa46026c45 (patch)
treedaaa9b016527245a7076dd06b40096bdf6403c45 /src/msec/msecperms.py
parentf7f1e4f1f91ba0105350e0d085b01b810fc33738 (diff)
downloadmsec-374e67a681a3e7d59789e0fed6c335fa46026c45.tar
msec-374e67a681a3e7d59789e0fed6c335fa46026c45.tar.gz
msec-374e67a681a3e7d59789e0fed6c335fa46026c45.tar.bz2
msec-374e67a681a3e7d59789e0fed6c335fa46026c45.tar.xz
msec-374e67a681a3e7d59789e0fed6c335fa46026c45.zip
Properly getting variables from base level.
Updated msecperms to use values from main msec config.
Diffstat (limited to 'src/msec/msecperms.py')
-rwxr-xr-xsrc/msec/msecperms.py81
1 files changed, 42 insertions, 39 deletions
diff --git a/src/msec/msecperms.py b/src/msec/msecperms.py
index 988be40..ba50181 100755
--- a/src/msec/msecperms.py
+++ b/src/msec/msecperms.py
@@ -49,7 +49,7 @@ If no paths to check are specified, all permissions stored in
Otherwise, only the enties in the list of paths are expanded and checked.
For example:
- drakperms '/tmp/*' '/etc/*'
+ msecperms '/tmp/*' '/etc/*'
will cover only files which are covered by '/tmp/*' and '/etc/*' rules of
%s.
@@ -57,31 +57,27 @@ Available parameters:
-h, --help displays this helpful message.
-l, --level <level> displays configuration for specified security
level.
- -f, --force <level> force new level, overwriting user settings.
- -e, --enforce <level> enforce permissions on all files.
+ -e, --enforce enforce permissions on all files.
-d enable debugging messages.
-p, --pretend only pretend to change the level, perform no real
actions. Use this to see what operations msec
will perform.
-r, --root <path> path to use as root
-q, --quiet run quietly
- -s, --save <level> save current configuration as a new security level
""" % (version, config.PERMCONF, config.PERMCONF)
# }}}
if __name__ == "__main__":
# default options
log_level = logging.INFO
- force_level = False
commit = True
enforce = False
quiet = False
root = ''
- save = False
# parse command line
try:
- opt, args = getopt.getopt(sys.argv[1:], 'hel:f:dpr:qs:', ['help', 'enforce', 'list=', 'force=', 'debug', 'pretend', 'root=', 'quiet', 'save='])
+ opt, args = getopt.getopt(sys.argv[1:], 'hel=dpr:q', ['help', 'enforce', 'list=', 'debug', 'pretend', 'root=', 'quiet'])
except getopt.error:
usage()
sys.exit(1)
@@ -105,14 +101,6 @@ if __name__ == "__main__":
print "!! forcing permissions on %s" % file
print "%s: %s.%s perm %s" % (file, user, group, perm)
sys.exit(0)
- # force new level
- elif o[0] == '-f' or o[0] == '--force':
- level = o[1]
- force_level = True
- # save as new security level
- elif o[0] == '-s' or o[0] == '--save':
- level = o[1]
- save = True
# debugging
elif o[0] == '-d' or o[0] == '--debug':
log_level = logging.DEBUG
@@ -144,40 +132,55 @@ if __name__ == "__main__":
log_level = logging.WARN
log = Log(log_path="%s%s" % (root, config.SECURITYLOG), interactive=True, log_syslog=False, log_level=log_level, quiet=quiet)
+ # loading msec config
+ msec_config = config.MsecConfig(log, config="%s%s" % (root, config.SECURITYCONF))
+ msec_config.load()
+ # find out the base level
+ base_level = msec_config.get_base_level()
# loading permissions
permconf = config.PermConfig(log, config="%s%s" % (root, config.PERMCONF))
-
- # forcing new level
- if force_level:
- # first load the default configuration for level
- standard_permconf = config.load_default_perms(log, level, root=root)
- params = standard_permconf.list_options()
- if not params:
- log.error(_("Level '%s' not found, aborting.") % level)
- sys.exit(1)
- log.info(_("Switching to '%s' level.") % level)
- permconf.reset()
- permconf.merge(standard_permconf, overwrite=True)
- else:
- permconf.load()
-
- # saving current setting as new level
- if save:
- newlevel = config.PermConfig(log, config=config.PERMISSIONS_LEVEL % (root, level))
- newlevel.merge(permconf, overwrite=True)
- newlevel.save()
- sys.exit(0)
+ permconf.load()
+
+ # TODO: move to main msec
+ ## forcing new level
+ #if force_level:
+ # # first load the default configuration for level
+ # standard_permconf = config.load_default_perms(log, level, root=root)
+ # params = standard_permconf.list_options()
+ # if not params:
+ # log.error(_("Level '%s' not found, aborting.") % level)
+ # sys.exit(1)
+ # log.info(_("Switching to '%s' level.") % level)
+ # # updating base level
+ # base_level = msec_config.get_base_level(level)
+ # permconf.reset()
+ # permconf.merge(standard_permconf, overwrite=True)
+ #else:
+ # permconf.load()
+
+ # load variables from base level
+ config.merge_with_baselevel(log, permconf, base_level, config.load_default_perms, root='')
+
+ # reloading levelconf for base level
+ levelconf = config.load_default_perms(log, base_level, root=root)
+
+ # TODO: move to main msec
+ ## saving current setting as new level
+ #if save:
+ # newlevel = config.PermConfig(log, config=config.PERMISSIONS_LEVEL % (root, level))
+ # newlevel.merge(permconf, overwrite=True)
+ # newlevel.save(levelconf)
+ # sys.exit(0)
# load the main permission class
perm = PERMS(log, root=root)
-
# check permissions
changed_files = perm.check_perms(permconf, files_to_check=args)
# writing back changes
perm.commit(really_commit=commit, enforce=enforce)
# saving updated config
- if force_level and commit:
- if not permconf.save():
+ if commit:
+ if not permconf.save(levelconf):
log.error(_("Unable to save config!"))
sys.exit(0)