diff options
| -rw-r--r-- | src/msec/config.py | 1 | ||||
| -rwxr-xr-x | src/msec/libmsec.py | 5 | ||||
| -rw-r--r-- | src/msec/plugins/policykit.py | 32 |
3 files changed, 32 insertions, 6 deletions
diff --git a/src/msec/config.py b/src/msec/config.py index e9a45e2..2582048 100644 --- a/src/msec/config.py +++ b/src/msec/config.py @@ -101,7 +101,6 @@ SETTINGS = {'BASE_LEVEL': ("libmsec.base_level", 'ENABLE_SUDO': ("libmsec.enable_sudo", ['yes', 'no', 'wheel']), 'ENABLE_PAM_WHEEL_FOR_SU': ("libmsec.enable_pam_wheel_for_su", ['yes', 'no']), 'ENABLE_SULOGIN': ("libmsec.enable_sulogin", ['yes', 'no']), - 'ENABLE_POLICYKIT': ("libmsec.enable_policykit", ['yes', 'no']), # password stuff 'ENABLE_PASSWORD': ("libmsec.enable_password", ['yes', 'no']), 'PASSWORD_HISTORY': ("libmsec.password_history", ['*']), diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py index 507584d..551ba12 100755 --- a/src/msec/libmsec.py +++ b/src/msec/libmsec.py @@ -1630,11 +1630,6 @@ class MSEC: """ Enable checking for dangerous options in users' .rhosts/.shosts files.""" pass - # TODO: unfinished - def enable_policykit(self, param): - """Enable PolicyKit security framework""" - pass - def enable_sudo(self, param): """Allow users to authenticate with their passwords for sudo. If this parameter is set to 'wheel', users must belong to the 'wheel' group to be able to use sudo""" pass diff --git a/src/msec/plugins/policykit.py b/src/msec/plugins/policykit.py new file mode 100644 index 0000000..e991bd8 --- /dev/null +++ b/src/msec/plugins/policykit.py @@ -0,0 +1,32 @@ +#!/usr/bin/python +"""PolicyKit plugin for msec """ + +# main plugin class name +PLUGIN = "policykit" + +import os + +# configuration +import config + +class policykit: + def __init__(self, log=None, configfiles=None, root=None): + # initializing plugin + self.log = log + self.configfiles = configfiles + self.root = root + + # configuring entry in global settings + param = 'ENABLE_POLICYKIT' + callback = "%s.enable_policykit" % PLUGIN + valid_values = ['yes', 'no'] + config.SETTINGS[param] = (callback, valid_values) + + # insert entry into system security settings + config.SETTINGS_SYSTEM.append(param) + + def enable_policykit(self, params): + """Enable PolicyKit security framework""" + if self.log: + #self.log.info("policykit plugin: not implemented yet!") + pass |