aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPapoteur <papoteur@mageia.org>2017-09-05 09:40:38 +0200
committerPapoteur <papoteur@mageia.org>2017-09-05 09:40:38 +0200
commit315473c53155054c3ba1abe906c25f4211842897 (patch)
tree9bad16e3456f4b4ed2c457383a9efb7667b709b9 /src
parentc67234943f29263f329776cb797413f82939a3bc (diff)
downloadmsec-315473c53155054c3ba1abe906c25f4211842897.tar
msec-315473c53155054c3ba1abe906c25f4211842897.tar.gz
msec-315473c53155054c3ba1abe906c25f4211842897.tar.bz2
msec-315473c53155054c3ba1abe906c25f4211842897.tar.xz
msec-315473c53155054c3ba1abe906c25f4211842897.zip
suppress DNS_SPOOFING_PROTECTION (mga#21621).
Diffstat (limited to 'src')
-rwxr-xr-xsrc/msec/plugins/network.py20
1 files changed, 1 insertions, 19 deletions
diff --git a/src/msec/plugins/network.py b/src/msec/plugins/network.py
index 2f5753b..e33a51b 100755
--- a/src/msec/plugins/network.py
+++ b/src/msec/plugins/network.py
@@ -107,14 +107,13 @@ class network:
config.SETTINGS['ACCEPT_BROADCASTED_ICMP_ECHO'] = ("network.accept_broadcasted_icmp_echo", ['yes', 'no'])
config.SETTINGS['ACCEPT_ICMP_ECHO'] = ("network.accept_icmp_echo", ['yes', 'no'])
config.SETTINGS['ALLOW_REMOTE_ROOT_LOGIN'] = ("network.allow_remote_root_login", ['yes', 'no', 'without-password'])
- config.SETTINGS['ENABLE_DNS_SPOOFING_PROTECTION'] = ("network.enable_dns_spoofing_protection", ['yes', 'no'])
config.SETTINGS['ENABLE_IP_SPOOFING_PROTECTION'] = ("network.enable_ip_spoofing_protection", ['yes', 'no'])
config.SETTINGS['ENABLE_LOG_STRANGE_PACKETS'] = ("network.enable_log_strange_packets", ['yes', 'no'])
# network settings
for check in ["ACCEPT_BOGUS_ERROR_RESPONSES", "ACCEPT_BROADCASTED_ICMP_ECHO", "ACCEPT_ICMP_ECHO",
"ALLOW_REMOTE_ROOT_LOGIN", "ALLOW_X_CONNECTIONS", "ALLOW_XSERVER_TO_LISTEN",
- "AUTHORIZE_SERVICES", "ENABLE_DNS_SPOOFING_PROTECTION", "ENABLE_IP_SPOOFING_PROTECTION",
+ "AUTHORIZE_SERVICES", "ENABLE_IP_SPOOFING_PROTECTION",
"ENABLE_LOG_STRANGE_PACKETS"]:
config.SETTINGS_NETWORK.append(check)
@@ -162,23 +161,6 @@ class network:
''' Enable IP spoofing protection.'''
self.set_zero_one_variable(SYSCTLCONF, 'net.ipv4.conf.all.rp_filter', arg, 'Enabling ip spoofing protection', 'Disabling ip spoofing protection')
- def enable_dns_spoofing_protection(self, arg, alert=1):
- ''' Enable name resolution spoofing protection.'''
- hostconf = self.configfiles.get_config_file(HOSTCONF)
-
- val = hostconf.get_match('nospoof\s+on')
-
- if arg:
- if not val:
- self.log.info(_('Enabling name resolution spoofing protection'))
- hostconf.replace_line_matching('nospoof', 'nospoof on', 1)
- hostconf.replace_line_matching('spoofalert', 'spoofalert on', (alert != 0))
- else:
- if val:
- self.log.info(_('Disabling name resolution spoofing protection'))
- hostconf.remove_line_matching('nospoof')
- hostconf.remove_line_matching('spoofalert')
-
def accept_icmp_echo(self, arg):
''' Accept ICMP echo.'''
self.set_zero_one_variable(SYSCTLCONF, 'net.ipv4.icmp_echo_ignore_all', invert(arg), 'Ignoring icmp echo', 'Accepting icmp echo')