aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/msec/config.py113
-rwxr-xr-xsrc/msec/libmsec.py25
2 files changed, 82 insertions, 56 deletions
diff --git a/src/msec/config.py b/src/msec/config.py
index 1638cd7..cdf017c 100644
--- a/src/msec/config.py
+++ b/src/msec/config.py
@@ -45,67 +45,70 @@ except IOError:
MODIFICATIONS_FOUND = _('Modified system files')
MODIFICATIONS_NOT_FOUND = _('No changes in system files')
+# plugins
+MAIN_LIB="libmsec"
+
# msec callbacks and valid values
# OPTION callback valid values
-SETTINGS = {'BASE_LEVEL': ("base_level", ['*']),
- 'CHECK_SECURITY' : ("check_security", ['yes', 'no']),
- 'CHECK_PERMS' : ("check_perms", ['yes', 'no']),
- 'CHECK_USER_FILES' : ("check_user_files", ['yes', 'no']),
- 'CHECK_SUID_ROOT' : ("check_suid_root", ['yes', 'no']),
- 'CHECK_SUID_MD5' : ("check_suid_md5", ['yes', 'no']),
- 'CHECK_SGID' : ("check_sgid", ['yes', 'no']),
- 'CHECK_WRITABLE' : ("check_writable", ['yes', 'no']),
- 'CHECK_UNOWNED' : ("check_unowned", ['yes', 'no']),
- 'CHECK_PROMISC' : ("check_promisc", ['yes', 'no']),
- 'CHECK_OPEN_PORT' : ("check_open_port", ['yes', 'no']),
- 'CHECK_PASSWD' : ("check_passwd", ['yes', 'no']),
- 'CHECK_SHADOW' : ("check_shadow", ['yes', 'no']),
- 'CHECK_CHKROOTKIT' : ("check_chkrootkit", ['yes', 'no']),
- 'CHECK_RPM' : ("check_rpm", ['yes', 'no']),
- 'CHECK_SHOSTS' : ("check_shosts", ['yes', 'no']),
+SETTINGS = {'BASE_LEVEL': ("libmsec.base_level", ['*']),
+ 'CHECK_SECURITY' : ("libmsec.check_security", ['yes', 'no']),
+ 'CHECK_PERMS' : ("libmsec.check_perms", ['yes', 'no']),
+ 'CHECK_USER_FILES' : ("libmsec.check_user_files", ['yes', 'no']),
+ 'CHECK_SUID_ROOT' : ("libmsec.check_suid_root", ['yes', 'no']),
+ 'CHECK_SUID_MD5' : ("libmsec.check_suid_md5", ['yes', 'no']),
+ 'CHECK_SGID' : ("libmsec.check_sgid", ['yes', 'no']),
+ 'CHECK_WRITABLE' : ("libmsec.check_writable", ['yes', 'no']),
+ 'CHECK_UNOWNED' : ("libmsec.check_unowned", ['yes', 'no']),
+ 'CHECK_PROMISC' : ("libmsec.check_promisc", ['yes', 'no']),
+ 'CHECK_OPEN_PORT' : ("libmsec.check_open_port", ['yes', 'no']),
+ 'CHECK_PASSWD' : ("libmsec.check_passwd", ['yes', 'no']),
+ 'CHECK_SHADOW' : ("libmsec.check_shadow", ['yes', 'no']),
+ 'CHECK_CHKROOTKIT' : ("libmsec.check_chkrootkit", ['yes', 'no']),
+ 'CHECK_RPM' : ("libmsec.check_rpm", ['yes', 'no']),
+ 'CHECK_SHOSTS' : ("libmsec.check_shosts", ['yes', 'no']),
# notifications
- 'TTY_WARN' : ("tty_warn", ['yes', 'no']),
- 'MAIL_WARN' : ("mail_warn", ['yes', 'no']),
- 'MAIL_USER' : ("mail_user", ['*']),
- 'MAIL_EMPTY_CONTENT': ("mail_empty_content", ['yes', 'no']),
- 'SYSLOG_WARN' : ("syslog_warn", ['yes', 'no']),
- 'NOTIFY_WARN' : ("notify_warn", ['yes', 'no']),
+ 'TTY_WARN' : ("libmsec.tty_warn", ['yes', 'no']),
+ 'MAIL_WARN' : ("libmsec.mail_warn", ['yes', 'no']),
+ 'MAIL_USER' : ("libmsec.mail_user", ['*']),
+ 'MAIL_EMPTY_CONTENT': ("libmsec.mail_empty_content", ['yes', 'no']),
+ 'SYSLOG_WARN' : ("libmsec.syslog_warn", ['yes', 'no']),
+ 'NOTIFY_WARN' : ("libmsec.notify_warn", ['yes', 'no']),
# security options
- 'USER_UMASK': ("set_user_umask", ['*']),
- 'ROOT_UMASK': ("set_root_umask", ['*']),
- 'WIN_PARTS_UMASK': ("set_win_parts_umask", ['*']),
- 'ACCEPT_BOGUS_ERROR_RESPONSES': ("accept_bogus_error_responses", ['yes', 'no']),
- 'ACCEPT_BROADCASTED_ICMP_ECHO': ("accept_broadcasted_icmp_echo", ['yes', 'no']),
- 'ACCEPT_ICMP_ECHO': ("accept_icmp_echo", ['yes', 'no']),
- 'ALLOW_AUTOLOGIN': ("allow_autologin", ['yes', 'no']),
- 'ALLOW_REBOOT': ("allow_reboot", ['yes', 'no']),
- 'ALLOW_REMOTE_ROOT_LOGIN': ("allow_remote_root_login", ['yes', 'no', 'without-password']),
- 'ALLOW_ROOT_LOGIN': ("allow_root_login", ['yes', 'no']),
- 'ALLOW_USER_LIST': ("allow_user_list", ['yes', 'no']),
- 'ALLOW_X_CONNECTIONS': ("allow_x_connections", ['yes', 'no', 'local']),
- 'ALLOW_XAUTH_FROM_ROOT': ("allow_xauth_from_root", ['yes', 'no']),
- 'ALLOW_XSERVER_TO_LISTEN': ("allow_xserver_to_listen", ['yes', 'no']),
- 'AUTHORIZE_SERVICES': ("authorize_services", ['yes', 'no', 'local']),
- 'CREATE_SERVER_LINK': ("create_server_link", ['no', 'default', 'secure']),
- 'ENABLE_AT_CRONTAB': ("enable_at_crontab", ['yes', 'no']),
- 'ENABLE_CONSOLE_LOG': ("enable_console_log", ['yes', 'no']),
- 'ENABLE_DNS_SPOOFING_PROTECTION':("enable_ip_spoofing_protection", ['yes', 'no']),
- 'ENABLE_IP_SPOOFING_PROTECTION': ("enable_dns_spoofing_protection", ['yes', 'no']),
- 'ENABLE_LOG_STRANGE_PACKETS': ("enable_log_strange_packets", ['yes', 'no']),
- 'ENABLE_MSEC_CRON': ("enable_msec_cron", ['yes', 'no']),
- 'ENABLE_PAM_ROOT_FROM_WHEEL': ("enable_pam_root_from_wheel", ['yes', 'no']),
- 'ENABLE_SUDO': ("enable_sudo", ['yes', 'no', 'wheel']),
- 'ENABLE_PAM_WHEEL_FOR_SU': ("enable_pam_wheel_for_su", ['yes', 'no']),
- 'ENABLE_SULOGIN': ("enable_sulogin", ['yes', 'no']),
- 'ENABLE_APPARMOR': ("enable_apparmor", ['yes', 'no']),
- 'ENABLE_POLICYKIT': ("enable_policykit", ['yes', 'no']),
+ 'USER_UMASK': ("libmsec.set_user_umask", ['*']),
+ 'ROOT_UMASK': ("libmsec.set_root_umask", ['*']),
+ 'WIN_PARTS_UMASK': ("libmsec.set_win_parts_umask", ['*']),
+ 'ACCEPT_BOGUS_ERROR_RESPONSES': ("libmsec.accept_bogus_error_responses", ['yes', 'no']),
+ 'ACCEPT_BROADCASTED_ICMP_ECHO': ("libmsec.accept_broadcasted_icmp_echo", ['yes', 'no']),
+ 'ACCEPT_ICMP_ECHO': ("libmsec.accept_icmp_echo", ['yes', 'no']),
+ 'ALLOW_AUTOLOGIN': ("libmsec.allow_autologin", ['yes', 'no']),
+ 'ALLOW_REBOOT': ("libmsec.allow_reboot", ['yes', 'no']),
+ 'ALLOW_REMOTE_ROOT_LOGIN': ("libmsec.allow_remote_root_login", ['yes', 'no', 'without-password']),
+ 'ALLOW_ROOT_LOGIN': ("libmsec.allow_root_login", ['yes', 'no']),
+ 'ALLOW_USER_LIST': ("libmsec.allow_user_list", ['yes', 'no']),
+ 'ALLOW_X_CONNECTIONS': ("libmsec.allow_x_connections", ['yes', 'no', 'local']),
+ 'ALLOW_XAUTH_FROM_ROOT': ("libmsec.allow_xauth_from_root", ['yes', 'no']),
+ 'ALLOW_XSERVER_TO_LISTEN': ("libmsec.allow_xserver_to_listen", ['yes', 'no']),
+ 'AUTHORIZE_SERVICES': ("libmsec.authorize_services", ['yes', 'no', 'local']),
+ 'CREATE_SERVER_LINK': ("libmsec.create_server_link", ['no', 'default', 'secure']),
+ 'ENABLE_AT_CRONTAB': ("libmsec.enable_at_crontab", ['yes', 'no']),
+ 'ENABLE_CONSOLE_LOG': ("libmsec.enable_console_log", ['yes', 'no']),
+ 'ENABLE_DNS_SPOOFING_PROTECTION':("libmsec.enable_ip_spoofing_protection", ['yes', 'no']),
+ 'ENABLE_IP_SPOOFING_PROTECTION': ("libmsec.enable_dns_spoofing_protection", ['yes', 'no']),
+ 'ENABLE_LOG_STRANGE_PACKETS': ("libmsec.enable_log_strange_packets", ['yes', 'no']),
+ 'ENABLE_MSEC_CRON': ("libmsec.enable_msec_cron", ['yes', 'no']),
+ 'ENABLE_PAM_ROOT_FROM_WHEEL': ("libmsec.enable_pam_root_from_wheel", ['yes', 'no']),
+ 'ENABLE_SUDO': ("libmsec.enable_sudo", ['yes', 'no', 'wheel']),
+ 'ENABLE_PAM_WHEEL_FOR_SU': ("libmsec.enable_pam_wheel_for_su", ['yes', 'no']),
+ 'ENABLE_SULOGIN': ("libmsec.enable_sulogin", ['yes', 'no']),
+ 'ENABLE_APPARMOR': ("libmsec.enable_apparmor", ['yes', 'no']),
+ 'ENABLE_POLICYKIT': ("libmsec.enable_policykit", ['yes', 'no']),
# password stuff
- 'ENABLE_PASSWORD': ("enable_password", ['yes', 'no']),
- 'PASSWORD_HISTORY': ("password_history", ['*']),
+ 'ENABLE_PASSWORD': ("libmsec.enable_password", ['yes', 'no']),
+ 'PASSWORD_HISTORY': ("libmsec.password_history", ['*']),
# format: min length, num upper, num digits
- 'PASSWORD_LENGTH': ("password_length", ['*']),
- 'SHELL_HISTORY_SIZE': ("set_shell_history_size", ['*']),
- 'SHELL_TIMEOUT': ("set_shell_timeout", ['*']),
+ 'PASSWORD_LENGTH': ("libmsec.password_length", ['*']),
+ 'SHELL_HISTORY_SIZE': ("libmsec.set_shell_history_size", ['*']),
+ 'SHELL_TIMEOUT': ("libmsec.set_shell_timeout", ['*']),
}
# text for disabled options
OPTION_DISABLED=_("System default")
diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py
index 98a022d..b1448a8 100755
--- a/src/msec/libmsec.py
+++ b/src/msec/libmsec.py
@@ -721,6 +721,9 @@ class MSEC:
self.configfiles.add_config_assoc(SYSLOGCONF, '[ -f /var/lock/subsys/syslog ] && service syslog reload')
self.configfiles.add_config_assoc('^/etc/issue$', '/usr/bin/killall mingetty')
+ # plugins
+ self.plugins = {}
+
def reset(self):
"""Resets the configuration"""
self.log.debug("Resetting msec data.")
@@ -728,10 +731,30 @@ class MSEC:
def get_action(self, name):
"""Determines correspondent function for requested action."""
+ # finding out what function to call
+ try:
+ plugin, callback = name.split(".", 1)
+ except:
+ # bad format?
+ self.log.error(_("Invalid callback: %s") % (name))
+ return None
+
+ # is it a main function or a plugin?
+ if plugin == config.MAIN_LIB:
+ plugin_ = self
+ else:
+ if plugin in self.plugins:
+ plugin_ = self.plugins[plugin]
+ else:
+ self.log.info(_("Plugin %s not found") % plugin)
+ return self.log.info
+ return None
try:
- func = getattr(self, name)
+ func = getattr(plugin_, callback)
return func
except:
+ self.log.info(_("Not supported function '%s' in '%s'") % (callback, plugin))
+ traceback.print_exc()
return None
def commit(self, really_commit=True):