diff options
| -rw-r--r-- | src/msec/config.py | 11 | ||||
| -rwxr-xr-x | src/msec/msecgui.py | 115 |
2 files changed, 83 insertions, 43 deletions
diff --git a/src/msec/config.py b/src/msec/config.py index 3498a12..8588feb 100644 --- a/src/msec/config.py +++ b/src/msec/config.py @@ -19,8 +19,9 @@ import re import os # security levels -SECURITY_LEVELS = [ "none", "default", "secure" ] +NONE_LEVEL="none" DEFAULT_LEVEL="default" +SECURE_LEVEL="secure" SECURITY_LEVEL="/etc/security/msec/level.%s" # msec configuration file @@ -258,7 +259,13 @@ class MsecConfig: print >>fd, comment # sorting keys for option in self.list_options(): - print >>fd, "%s=%s" % (option, self.options[option]) + value = self.options[option] + # prevent saving empty options + # TODO: integrate with remove() + if not value: + self.log.debug("Skipping %s" % option) + else: + print >>fd, "%s=%s" % (option, self.options[option]) return True # }}} diff --git a/src/msec/msecgui.py b/src/msec/msecgui.py index 4899fa7..649a938 100755 --- a/src/msec/msecgui.py +++ b/src/msec/msecgui.py @@ -44,7 +44,7 @@ except: HELP = {} # text strings -BASIC_SECURITY_TEXT=_("""Basic security options. +LEVEL_SECURITY_TEXT=_("""<big><b>Security level</b></big> These options control the basic aspects of system security. You may select a pre-defined profile, or customize the options. @@ -113,18 +113,36 @@ class MsecGui: (COLUMN_PATH, COLUMN_USER, COLUMN_GROUP, COLUMN_PERM, COLUMN_FORCE) = range(5) (COLUMN_APP, COLUMN_DESCR, COLUMN_AUTH) = range(3) - def __init__(self, log, msec, perms, auth, config, permconfig, authconfig, embed=None): + def __init__(self, log, msec, perms, auth, msecconfig, permconfig, authconfig, embed=None): """Initializes gui""" self.log = log self.msec = msec - self.config = config self.perms = perms + self.auth = auth + # current configuration + self.msecconfig = msecconfig self.authconfig = authconfig self.permconfig = permconfig - # msec settings + # pre-defined default configurations + self.defaults = { + config.NONE_LEVEL: ( + config.load_defaults(log, config.NONE_LEVEL), + config.load_default_perms(log, config.NONE_LEVEL) + ), + config.DEFAULT_LEVEL: ( + config.load_defaults(log, config.DEFAULT_LEVEL), + config.load_default_perms(log, config.DEFAULT_LEVEL) + ), + config.SECURE_LEVEL: ( + config.load_defaults(log, config.SECURE_LEVEL), + config.load_default_perms(log, config.SECURE_LEVEL) + ) + } + + # saving old config self.oldconfig = {} - for opt in config.list_options(): - self.oldconfig[opt] = config.get(opt) + for opt in msecconfig.list_options(): + self.oldconfig[opt] = msecconfig.get(opt) # permissions self.oldperms = {} for opt in permconfig.list_options(): @@ -134,6 +152,20 @@ class MsecGui: for opt in authconfig.list_options(): self.oldauth[opt] = authconfig.get(opt) + # what level are we? + level = msecconfig.get("BASE_LEVEL") + if not level: + self.log.info(_("No base msec level specified, using '%s'") % config.DEFAULT_LEVEL) + self.base_level = config.DEFAULT_LEVEL + elif level == config.NONE_LEVEL or level == config.DEFAULT_LEVEL or level == config.SECURE_LEVEL: + self.log.info(_("Detected base msec level '%s'") % level) + self.base_level = level + else: + # custom level? + # TODO: notify user about this + self.log.info(_("Custom base config level found. Will default to '%s'") % (level, config.DEFAULT_LEVEL)) + self.base_level = config.DEFAULT_LEVEL + if embed: # embedding in MCC self.window = gtk.Plug(embed) @@ -154,11 +186,11 @@ class MsecGui: frame = gtk.Frame() main_vbox.pack_start(frame) - # notebook + # creating tabs self.notebook = gtk.Notebook() frame.add(self.notebook) - self.notebook.append_page(self.basic_security_page(), gtk.Label(_("Basic security"))) + self.notebook.append_page(self.level_security_page(), gtk.Label(_("Basic security"))) self.notebook.append_page(self.auth_security_page(), gtk.Label(_("Authentication"))) self.notebook.append_page(self.system_security_page(), gtk.Label(_("System security"))) self.notebook.append_page(self.network_security_page(), gtk.Label(_("Network security"))) @@ -166,7 +198,7 @@ class MsecGui: self.notebook.append_page(self.notifications_page(), gtk.Label(_("Security notifications"))) self.notebook.append_page(self.permissions_security_page(), gtk.Label(_("Permissions"))) - # control hbox + # menu hbox = gtk.HBox(homogeneous=False, spacing=10) main_vbox.pack_start(hbox, False, False) @@ -199,20 +231,16 @@ class MsecGui: def ok(self, widget): """Ok button""" # TODO: split in smaller functions - # first, let's reset previous msec data - self.msec.reset() - # start buffered logging - self.log.start_buffer() - # are we enforcing a level? - # TODO: copy and merge options + print self.base_level if self.enforcing_level: self.log.debug(">> Enforcing level %s" % self.enforced_level) - curconfig = config.load_defaults(self.log, self.enforced_level) - curperms = config.load_default_perms(self.log, self.enforced_level) + if self.enforced_level in self.defaults: + curconfig, curperms = self.defaults[self.enforced_level] else: - curconfig = self.config + curconfig = self.msecconfig curperms = self.permconfig # apply config and preview changes + self.log.start_buffer() self.msec.apply(curconfig) self.msec.commit(False) messages = self.log.get_buffer() @@ -240,22 +268,31 @@ class MsecGui: vbox.pack_start(label, False, False) # check for changed options - for name, oldconf, curconf in [ (_("MSEC option changes"), self.oldconfig, curconfig), - (_("System permissions changes"), self.oldperms, curperms), - (_("System authentication changes"), self.oldauth, self.authconfig), + for name, type, oldconf, curconf in [ (_("MSEC option changes"), _("option"), self.oldconfig, curconfig), + (_("System permissions changes"), _("permission check"), self.oldperms, curperms), + (_("System authentication changes"), _("authentication check"), self.oldauth, self.authconfig), ]: # check for changes opt_changes = [] - for opt in oldconf: - if curconf.get(opt) != oldconf.get(opt): - opt_changes.append(opt) + opt_adds = [] + opt_dels = [] + # changed options + opt_changes = [opt for opt in oldconf if (curconf.get(opt) != oldconf.get(opt) and curconf.get(opt) != None and curconf.get(opt) != None)] if len(opt_changes) > 0: - changes = "\n\t" + "\n\t".join(["<b>%s</b> (%s -> %s)" % (param, oldconf.get(param), curconf.get(param)) for param in opt_changes]) + changes = "\n\t" + "\n\t".join([_("changed %s <b>%s</b> (%s -> %s)") % (type, param, oldconf.get(param), curconf.get(param)) for param in opt_changes]) else: changes = _("no changes") + # new options + opt_adds = [opt for opt in curconf.list_options() if (opt not in oldconf and curconf.get(opt))] + if len(opt_adds) > 0: + changes += "\n\t" + "\n\t".join([_("added %s <b>%s</b> (%s)") % (type, param, curconf.get(param)) for param in opt_adds]) + # removed options + opt_dels = [opt for opt in oldconf if (opt not in curconf.list_options() and oldconf.get(opt))] + if len(opt_dels) > 0: + changes += "\n\t" + "\n\t".join([_("removed %s <b>%s</b>") % (type, param) for param in opt_dels]) + # adding labels label = gtk.Label(_('<b>%s:</b> <i>%s</i>\n') % (name, changes)) label.set_use_markup(True) -# label.set_line_wrap(True) label.set_property("xalign", 0.0) vbox.pack_start(label, False, False) @@ -300,13 +337,13 @@ class MsecGui: if self.enforcing_level: # rewriting configuration for opt in curconfig.list_options(): - self.config.set(opt, curconfig.get(opt)) + self.msecconfig.set(opt, curconfig.get(opt)) for perm in curperms.list_options(): self.permconfig.set(perm, curperms.get(perm)) # saving the configuration - self.config.save() - self.msec.apply(self.config) + self.msecconfig.save() + self.msec.apply(self.msecconfig) self.msec.commit(True) # saving permissions @@ -382,7 +419,7 @@ class MsecGui: doc = callback # now for the value - value = self.config.get(option) + value = self.msecconfig.get(option) # building the option iter = lstore.append() @@ -462,15 +499,11 @@ class MsecGui: return sw - def basic_security_page(self): + def level_security_page(self): """Builds the basic security page""" vbox = gtk.VBox(homogeneous=False) - # security levels - - levels = config.SECURITY_LEVELS - - entry = gtk.Label(BASIC_SECURITY_TEXT) + entry = gtk.Label(LEVEL_SECURITY_TEXT) entry.set_use_markup(True) vbox.pack_start(entry, False, False) @@ -623,7 +656,7 @@ class MsecGui: vbox.pack_start(entry, False, False) self.periodic_checks = gtk.CheckButton(_("Enable periodic security checks")) - if self.config.get("CHECK_SECURITY") == "yes": + if self.msecconfig.get("CHECK_SECURITY") == "yes": self.periodic_checks.set_active(True) vbox.pack_start(self.periodic_checks, False, False) @@ -638,7 +671,7 @@ class MsecGui: # see if these tests are enabled self.periodic_checks.connect('clicked', self.periodic_tests, options_view) - periodic_checks = self.config.get("CHECK_SECURITY") + periodic_checks = self.msecconfig.get("CHECK_SECURITY") if periodic_checks == 'no': # disable all periodic tests options_view.set_sensitive(False) @@ -649,10 +682,10 @@ class MsecGui: '''Enables/disables periodic security tests.''' status = widget.get_active() if status: - self.config.set("CHECK_SECURITY", "yes") + self.msecconfig.set("CHECK_SECURITY", "yes") options.set_sensitive(True) else: - self.config.set("CHECK_SECURITY", "no") + self.msecconfig.set("CHECK_SECURITY", "no") options.set_sensitive(False) def permissions_security_page(self): @@ -871,7 +904,7 @@ class MsecGui: dialog.destroy() # update options - self.config.set(param, newval) + self.msecconfig.set(param, newval) self.authconfig.set(param, newval) model.set(iter, self.COLUMN_VALUE, newval) |