aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPapoteur <papoteur@mageia.org>2017-09-02 21:41:30 +0200
committerPapoteur <papoteur@mageia.org>2017-09-02 21:41:30 +0200
commit290d4d1cf9413ce91e44000d7ccc858eab409da2 (patch)
tree7124198b151fb70ae87bc46248a5821f3ef4fba1 /src
parentd13a636935d4b27f8207adf52eb019c13f81e5b2 (diff)
downloadmsec-290d4d1cf9413ce91e44000d7ccc858eab409da2.tar
msec-290d4d1cf9413ce91e44000d7ccc858eab409da2.tar.gz
msec-290d4d1cf9413ce91e44000d7ccc858eab409da2.tar.bz2
msec-290d4d1cf9413ce91e44000d7ccc858eab409da2.tar.xz
msec-290d4d1cf9413ce91e44000d7ccc858eab409da2.zip
Suppress managing kdm (mga#21648)
Diffstat (limited to 'src')
-rwxr-xr-xsrc/msec/plugins/msec.py38
-rwxr-xr-xsrc/msec/plugins/network.py2
2 files changed, 3 insertions, 37 deletions
diff --git a/src/msec/plugins/msec.py b/src/msec/plugins/msec.py
index 36f8b21..8610cc6 100755
--- a/src/msec/plugins/msec.py
+++ b/src/msec/plugins/msec.py
@@ -42,7 +42,6 @@ INITTAB = '/etc/inittab'
ISSUE = '/etc/issue'
ISSUENET = '/etc/issue.net'
KDE = '/etc/pam.d/kde'
-KDMRC = '/usr/share/config/kdm/kdmrc'
LILOCONF = '/etc/lilo.conf'
LOGINDEFS = '/etc/login.defs'
MENULST = '/boot/grub/menu.lst'
@@ -74,7 +73,6 @@ SECURETTY = '/etc/securetty'
STARTX_REGEXP = '(\s*serverargs=".*) -nolisten tcp(.*")'
XSERVERS_REGEXP = '(\s*[^#]+/usr/bin/X .*) -nolisten tcp(.*)'
GDMCONF_REGEXP = '(\s*command=.*/X.*?) -nolisten tcp(.*)$'
-KDMRC_REGEXP = re.compile('(.*?)-nolisten tcp(.*)$')
SDDMCONF_REGEXP = re.compile('(.*?)-listen tcp(.*)$')
# ctrl-alt-del
CTRALTDEL_REGEXP = '^ca::ctrlaltdel:/sbin/shutdown.*'
@@ -211,17 +209,11 @@ class msec:
startx = self.configfiles.get_config_file(STARTX)
xservers = self.configfiles.get_config_file(XSERVERS)
gdmconf = self.configfiles.get_config_file(GDMCONF)
- kdmrc = self.configfiles.get_config_file(KDMRC)
sddmconf = self.configfiles.get_config_file(SDDMCONF)
val_startx = startx.get_match(STARTX_REGEXP)
val_xservers = xservers.get_match(XSERVERS_REGEXP)
val_gdmconf = gdmconf.get_shell_variable('DisallowTCP')
- str = kdmrc.get_shell_variable('ServerArgsLocal', 'X-\*-Core', '^\s*$')
- if str:
- val_kdmrc = KDMRC_REGEXP.search(str)
- else:
- val_kdmrc = None
str = sddmconf.get_shell_variable('ServerArguments', 'X11', '^\s*$')
if str:
val_sddmconf = SDDMCONF_REGEXP.search(str)
@@ -232,7 +224,7 @@ class msec:
# TODO: better check for file existance
if arg == "yes":
- if val_startx or val_xservers or val_kdmrc or val_gdmconf != 'false':
+ if val_startx or val_xservers or val_gdmconf != 'false':
self.log.info(_('Allowing the X server to listen to tcp connections'))
if startx.exists():
startx.replace_line_matching(STARTX_REGEXP, '@1@2', all=1)
@@ -240,12 +232,10 @@ class msec:
xservers.replace_line_matching(XSERVERS_REGEXP, '@1@2', 0, 1)
if gdmconf.exists():
gdmconf.set_shell_variable('DisallowTCP', 'false', '\[security\]', '^\s*$')
- if kdmrc.exists():
- kdmrc.replace_line_matching('^(ServerArgsLocal=.*?)-nolisten tcp(.*)$', '@1@2', 0, 0, 'X-\*-Core', '^\s*$')
if sddmconf.exists() and not val_sddmconf:
sddmconf.replace_line_matching('^(ServerArguments=.*)$', '@1 -listen tcp', 'ServerArguments=-listen tcp', 0, 'X11', '^\s*$')
else:
- if not val_startx or not val_xservers or not val_kdmrc or val_gdmconf != 'true' or not val_sddmconf:
+ if not val_startx or not val_xservers or val_gdmconf != 'true' or not val_sddmconf:
self.log.info(_('Forbidding the X server to listen to tcp connection'))
if not val_startx:
startx.exists() and startx.replace_line_matching('serverargs="(.*?)( -nolisten tcp)?"', 'serverargs="@1 -nolisten tcp"')
@@ -253,8 +243,6 @@ class msec:
xservers.exists() and xservers.replace_line_matching('(\s*[^#]+/usr/bin/X .*?)( -nolisten tcp)?$', '@1 -nolisten tcp', 0, 1)
if val_gdmconf != 'true':
gdmconf.exists() and gdmconf.set_shell_variable('DisallowTCP', 'true', '\[security\]', '^\s*$')
- if not val_kdmrc:
- kdmrc.exists() and kdmrc.replace_line_matching('^(ServerArgsLocal=.*)$', '@1 -nolisten tcp', 'ServerArgsLocal=-nolisten tcp', 0, 'X-\*-Core', '^\s*$')
if sddmconf.exists():
sddmconf.replace_line_matching('^(ServerArguments=.*?)-listen tcp(.*)$', '@1@2', 0, 0, 'X11', '^\s*$')
@@ -318,7 +306,6 @@ class msec:
''' Allow system reboot and shutdown to local users.'''
shutdownallow = self.configfiles.get_config_file(SHUTDOWNALLOW)
sysctlconf = self.configfiles.get_config_file(SYSCTLCONF)
- kdmrc = self.configfiles.get_config_file(KDMRC)
gdmconf = self.configfiles.get_config_file(GDMCONF)
inittab = self.configfiles.get_config_file(INITTAB)
shutdown = self.configfiles.get_config_file(SHUTDOWN)
@@ -336,7 +323,6 @@ class msec:
val_sysctlconf = sysctlconf.get_shell_variable('kernel.sysrq')
val_inittab = inittab.get_match(CTRALTDEL_REGEXP)
val_gdmconf = gdmconf.get_shell_variable('SystemMenu')
- oldval_kdmrc = kdmrc.get_shell_variable('AllowShutdown', 'X-:\*-Core', '^\s*$')
if arg == "yes":
if val_shutdownallow or not val_shutdown or not val_poweroff or not val_reboot or not val_halt:
@@ -357,10 +343,6 @@ class msec:
pass
else:
gdmconf.set_shell_variable('SystemMenu', 'true', '\[greeter\]', '^\s*$')
- if kdmrc.exists():
- if oldval_kdmrc != 'All':
- self.log.info(_('Allowing Shutdown/Reboot in KDM'))
- kdmrc.set_shell_variable('AllowShutdown', 'All', 'X-:\*-Core', '^\s*$')
if not val_inittab:
self.log.info(_('Allowing Ctrl-Alt-Del from console'))
inittab.exists() and inittab.replace_line_matching(CTRALTDEL_REGEXP, 'ca::ctrlaltdel:/sbin/shutdown -t3 -r now', 1)
@@ -384,30 +366,20 @@ class msec:
pass
else:
gdmconf.set_shell_variable('SystemMenu', 'false', '\[greeter\]', '^\s*$')
- if kdmrc.exists():
- if oldval_kdmrc != 'None':
- self.log.info(_('Forbidding Shutdown/Reboot in KDM'))
- kdmrc.set_shell_variable('AllowShutdown', 'None', 'X-:\*-Core', '^\s*$')
if val_inittab:
self.log.info(_('Forbidding Ctrl-Alt-Del from console'))
inittab.exists() and inittab.remove_line_matching(CTRALTDEL_REGEXP)
def allow_user_list(self, arg):
- ''' Allow display managers (kdm and gdm) to display list of local users.'''
- kdmrc = self.configfiles.get_config_file(KDMRC)
+ ''' Allow display managers (sddm and gdm) to display list of local users.'''
gdmconf = self.configfiles.get_config_file(GDMCONF)
gdm230 = self.configfiles.get_config_file(GDM230)
sddmconf = self.configfiles.get_config_file(SDDMCONF)
oldval_gdmconf = gdmconf.get_shell_variable('Browser')
- oldval_kdmrc = kdmrc.get_shell_variable('ShowUsers', 'X-\*-Greeter', '^\s*$')
oldval_sddmconf = sddmconf.get_shell_variable('RememberLastUser','X11', '^\s*$')
if arg == "yes":
- if kdmrc.exists():
- if oldval_kdmrc != 'NotHidden':
- self.log.info(_("Allowing list of users in {}").format('KDM'))
- kdmrc.set_shell_variable('ShowUsers', 'NotHidden', 'X-\*-Greeter', '^\s*$')
if gdmconf.exists():
if gdm230.exists():
pass
@@ -420,10 +392,6 @@ class msec:
self.log.info(_("Allowing list of users in {}").format('SDDM'))
sddmconf.set_shell_variable('RememberLastUser', 'true','X11', '^\s*$')
else:
- if kdmrc.exists():
- if oldval_kdmrc != 'Selected':
- self.log.info(_("Forbidding list of users in {}").format('KDM'))
- kdmrc.set_shell_variable('ShowUsers', 'Selected', 'X-\*-Greeter', '^\s*$')
if gdmconf.exists():
if gdm230.exists():
pass
diff --git a/src/msec/plugins/network.py b/src/msec/plugins/network.py
index ecaae94..2f5753b 100755
--- a/src/msec/plugins/network.py
+++ b/src/msec/plugins/network.py
@@ -38,7 +38,6 @@ INITTAB = '/etc/inittab'
ISSUE = '/etc/issue'
ISSUENET = '/etc/issue.net'
KDE = '/etc/pam.d/kde'
-KDMRC = '/usr/share/config/kdm/kdmrc'
LILOCONF = '/etc/lilo.conf'
LOGINDEFS = '/etc/login.defs'
MENULST = '/boot/grub/menu.lst'
@@ -69,7 +68,6 @@ SECURETTY = '/etc/securetty'
STARTX_REGEXP = '(\s*serverargs=".*) -nolisten tcp(.*")'
XSERVERS_REGEXP = '(\s*[^#]+/usr/bin/X .*) -nolisten tcp(.*)'
GDMCONF_REGEXP = '(\s*command=.*/X.*?) -nolisten tcp(.*)$'
-KDMRC_REGEXP = re.compile('(.*?)-nolisten tcp(.*)$')
# ctrl-alt-del
CTRALTDEL_REGEXP = '^ca::ctrlaltdel:/sbin/shutdown.*'
# consolehelper