From 5931a0b6c4197e7c9801a7f156a63966a06cf099 Mon Sep 17 00:00:00 2001 From: Eugeni Dodonov Date: Thu, 5 Feb 2009 21:19:26 +0000 Subject: Added initial support for plugins. --- src/msec/config.py | 113 +++++++++++++++++++++++++++------------------------- src/msec/libmsec.py | 25 +++++++++++- 2 files changed, 82 insertions(+), 56 deletions(-) diff --git a/src/msec/config.py b/src/msec/config.py index 1638cd7..cdf017c 100644 --- a/src/msec/config.py +++ b/src/msec/config.py @@ -45,67 +45,70 @@ except IOError: MODIFICATIONS_FOUND = _('Modified system files') MODIFICATIONS_NOT_FOUND = _('No changes in system files') +# plugins +MAIN_LIB="libmsec" + # msec callbacks and valid values # OPTION callback valid values -SETTINGS = {'BASE_LEVEL': ("base_level", ['*']), - 'CHECK_SECURITY' : ("check_security", ['yes', 'no']), - 'CHECK_PERMS' : ("check_perms", ['yes', 'no']), - 'CHECK_USER_FILES' : ("check_user_files", ['yes', 'no']), - 'CHECK_SUID_ROOT' : ("check_suid_root", ['yes', 'no']), - 'CHECK_SUID_MD5' : ("check_suid_md5", ['yes', 'no']), - 'CHECK_SGID' : ("check_sgid", ['yes', 'no']), - 'CHECK_WRITABLE' : ("check_writable", ['yes', 'no']), - 'CHECK_UNOWNED' : ("check_unowned", ['yes', 'no']), - 'CHECK_PROMISC' : ("check_promisc", ['yes', 'no']), - 'CHECK_OPEN_PORT' : ("check_open_port", ['yes', 'no']), - 'CHECK_PASSWD' : ("check_passwd", ['yes', 'no']), - 'CHECK_SHADOW' : ("check_shadow", ['yes', 'no']), - 'CHECK_CHKROOTKIT' : ("check_chkrootkit", ['yes', 'no']), - 'CHECK_RPM' : ("check_rpm", ['yes', 'no']), - 'CHECK_SHOSTS' : ("check_shosts", ['yes', 'no']), +SETTINGS = {'BASE_LEVEL': ("libmsec.base_level", ['*']), + 'CHECK_SECURITY' : ("libmsec.check_security", ['yes', 'no']), + 'CHECK_PERMS' : ("libmsec.check_perms", ['yes', 'no']), + 'CHECK_USER_FILES' : ("libmsec.check_user_files", ['yes', 'no']), + 'CHECK_SUID_ROOT' : ("libmsec.check_suid_root", ['yes', 'no']), + 'CHECK_SUID_MD5' : ("libmsec.check_suid_md5", ['yes', 'no']), + 'CHECK_SGID' : ("libmsec.check_sgid", ['yes', 'no']), + 'CHECK_WRITABLE' : ("libmsec.check_writable", ['yes', 'no']), + 'CHECK_UNOWNED' : ("libmsec.check_unowned", ['yes', 'no']), + 'CHECK_PROMISC' : ("libmsec.check_promisc", ['yes', 'no']), + 'CHECK_OPEN_PORT' : ("libmsec.check_open_port", ['yes', 'no']), + 'CHECK_PASSWD' : ("libmsec.check_passwd", ['yes', 'no']), + 'CHECK_SHADOW' : ("libmsec.check_shadow", ['yes', 'no']), + 'CHECK_CHKROOTKIT' : ("libmsec.check_chkrootkit", ['yes', 'no']), + 'CHECK_RPM' : ("libmsec.check_rpm", ['yes', 'no']), + 'CHECK_SHOSTS' : ("libmsec.check_shosts", ['yes', 'no']), # notifications - 'TTY_WARN' : ("tty_warn", ['yes', 'no']), - 'MAIL_WARN' : ("mail_warn", ['yes', 'no']), - 'MAIL_USER' : ("mail_user", ['*']), - 'MAIL_EMPTY_CONTENT': ("mail_empty_content", ['yes', 'no']), - 'SYSLOG_WARN' : ("syslog_warn", ['yes', 'no']), - 'NOTIFY_WARN' : ("notify_warn", ['yes', 'no']), + 'TTY_WARN' : ("libmsec.tty_warn", ['yes', 'no']), + 'MAIL_WARN' : ("libmsec.mail_warn", ['yes', 'no']), + 'MAIL_USER' : ("libmsec.mail_user", ['*']), + 'MAIL_EMPTY_CONTENT': ("libmsec.mail_empty_content", ['yes', 'no']), + 'SYSLOG_WARN' : ("libmsec.syslog_warn", ['yes', 'no']), + 'NOTIFY_WARN' : ("libmsec.notify_warn", ['yes', 'no']), # security options - 'USER_UMASK': ("set_user_umask", ['*']), - 'ROOT_UMASK': ("set_root_umask", ['*']), - 'WIN_PARTS_UMASK': ("set_win_parts_umask", ['*']), - 'ACCEPT_BOGUS_ERROR_RESPONSES': ("accept_bogus_error_responses", ['yes', 'no']), - 'ACCEPT_BROADCASTED_ICMP_ECHO': ("accept_broadcasted_icmp_echo", ['yes', 'no']), - 'ACCEPT_ICMP_ECHO': ("accept_icmp_echo", ['yes', 'no']), - 'ALLOW_AUTOLOGIN': ("allow_autologin", ['yes', 'no']), - 'ALLOW_REBOOT': ("allow_reboot", ['yes', 'no']), - 'ALLOW_REMOTE_ROOT_LOGIN': ("allow_remote_root_login", ['yes', 'no', 'without-password']), - 'ALLOW_ROOT_LOGIN': ("allow_root_login", ['yes', 'no']), - 'ALLOW_USER_LIST': ("allow_user_list", ['yes', 'no']), - 'ALLOW_X_CONNECTIONS': ("allow_x_connections", ['yes', 'no', 'local']), - 'ALLOW_XAUTH_FROM_ROOT': ("allow_xauth_from_root", ['yes', 'no']), - 'ALLOW_XSERVER_TO_LISTEN': ("allow_xserver_to_listen", ['yes', 'no']), - 'AUTHORIZE_SERVICES': ("authorize_services", ['yes', 'no', 'local']), - 'CREATE_SERVER_LINK': ("create_server_link", ['no', 'default', 'secure']), - 'ENABLE_AT_CRONTAB': ("enable_at_crontab", ['yes', 'no']), - 'ENABLE_CONSOLE_LOG': ("enable_console_log", ['yes', 'no']), - 'ENABLE_DNS_SPOOFING_PROTECTION':("enable_ip_spoofing_protection", ['yes', 'no']), - 'ENABLE_IP_SPOOFING_PROTECTION': ("enable_dns_spoofing_protection", ['yes', 'no']), - 'ENABLE_LOG_STRANGE_PACKETS': ("enable_log_strange_packets", ['yes', 'no']), - 'ENABLE_MSEC_CRON': ("enable_msec_cron", ['yes', 'no']), - 'ENABLE_PAM_ROOT_FROM_WHEEL': ("enable_pam_root_from_wheel", ['yes', 'no']), - 'ENABLE_SUDO': ("enable_sudo", ['yes', 'no', 'wheel']), - 'ENABLE_PAM_WHEEL_FOR_SU': ("enable_pam_wheel_for_su", ['yes', 'no']), - 'ENABLE_SULOGIN': ("enable_sulogin", ['yes', 'no']), - 'ENABLE_APPARMOR': ("enable_apparmor", ['yes', 'no']), - 'ENABLE_POLICYKIT': ("enable_policykit", ['yes', 'no']), + 'USER_UMASK': ("libmsec.set_user_umask", ['*']), + 'ROOT_UMASK': ("libmsec.set_root_umask", ['*']), + 'WIN_PARTS_UMASK': ("libmsec.set_win_parts_umask", ['*']), + 'ACCEPT_BOGUS_ERROR_RESPONSES': ("libmsec.accept_bogus_error_responses", ['yes', 'no']), + 'ACCEPT_BROADCASTED_ICMP_ECHO': ("libmsec.accept_broadcasted_icmp_echo", ['yes', 'no']), + 'ACCEPT_ICMP_ECHO': ("libmsec.accept_icmp_echo", ['yes', 'no']), + 'ALLOW_AUTOLOGIN': ("libmsec.allow_autologin", ['yes', 'no']), + 'ALLOW_REBOOT': ("libmsec.allow_reboot", ['yes', 'no']), + 'ALLOW_REMOTE_ROOT_LOGIN': ("libmsec.allow_remote_root_login", ['yes', 'no', 'without-password']), + 'ALLOW_ROOT_LOGIN': ("libmsec.allow_root_login", ['yes', 'no']), + 'ALLOW_USER_LIST': ("libmsec.allow_user_list", ['yes', 'no']), + 'ALLOW_X_CONNECTIONS': ("libmsec.allow_x_connections", ['yes', 'no', 'local']), + 'ALLOW_XAUTH_FROM_ROOT': ("libmsec.allow_xauth_from_root", ['yes', 'no']), + 'ALLOW_XSERVER_TO_LISTEN': ("libmsec.allow_xserver_to_listen", ['yes', 'no']), + 'AUTHORIZE_SERVICES': ("libmsec.authorize_services", ['yes', 'no', 'local']), + 'CREATE_SERVER_LINK': ("libmsec.create_server_link", ['no', 'default', 'secure']), + 'ENABLE_AT_CRONTAB': ("libmsec.enable_at_crontab", ['yes', 'no']), + 'ENABLE_CONSOLE_LOG': ("libmsec.enable_console_log", ['yes', 'no']), + 'ENABLE_DNS_SPOOFING_PROTECTION':("libmsec.enable_ip_spoofing_protection", ['yes', 'no']), + 'ENABLE_IP_SPOOFING_PROTECTION': ("libmsec.enable_dns_spoofing_protection", ['yes', 'no']), + 'ENABLE_LOG_STRANGE_PACKETS': ("libmsec.enable_log_strange_packets", ['yes', 'no']), + 'ENABLE_MSEC_CRON': ("libmsec.enable_msec_cron", ['yes', 'no']), + 'ENABLE_PAM_ROOT_FROM_WHEEL': ("libmsec.enable_pam_root_from_wheel", ['yes', 'no']), + 'ENABLE_SUDO': ("libmsec.enable_sudo", ['yes', 'no', 'wheel']), + 'ENABLE_PAM_WHEEL_FOR_SU': ("libmsec.enable_pam_wheel_for_su", ['yes', 'no']), + 'ENABLE_SULOGIN': ("libmsec.enable_sulogin", ['yes', 'no']), + 'ENABLE_APPARMOR': ("libmsec.enable_apparmor", ['yes', 'no']), + 'ENABLE_POLICYKIT': ("libmsec.enable_policykit", ['yes', 'no']), # password stuff - 'ENABLE_PASSWORD': ("enable_password", ['yes', 'no']), - 'PASSWORD_HISTORY': ("password_history", ['*']), + 'ENABLE_PASSWORD': ("libmsec.enable_password", ['yes', 'no']), + 'PASSWORD_HISTORY': ("libmsec.password_history", ['*']), # format: min length, num upper, num digits - 'PASSWORD_LENGTH': ("password_length", ['*']), - 'SHELL_HISTORY_SIZE': ("set_shell_history_size", ['*']), - 'SHELL_TIMEOUT': ("set_shell_timeout", ['*']), + 'PASSWORD_LENGTH': ("libmsec.password_length", ['*']), + 'SHELL_HISTORY_SIZE': ("libmsec.set_shell_history_size", ['*']), + 'SHELL_TIMEOUT': ("libmsec.set_shell_timeout", ['*']), } # text for disabled options OPTION_DISABLED=_("System default") diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py index 98a022d..b1448a8 100755 --- a/src/msec/libmsec.py +++ b/src/msec/libmsec.py @@ -721,6 +721,9 @@ class MSEC: self.configfiles.add_config_assoc(SYSLOGCONF, '[ -f /var/lock/subsys/syslog ] && service syslog reload') self.configfiles.add_config_assoc('^/etc/issue$', '/usr/bin/killall mingetty') + # plugins + self.plugins = {} + def reset(self): """Resets the configuration""" self.log.debug("Resetting msec data.") @@ -728,10 +731,30 @@ class MSEC: def get_action(self, name): """Determines correspondent function for requested action.""" + # finding out what function to call + try: + plugin, callback = name.split(".", 1) + except: + # bad format? + self.log.error(_("Invalid callback: %s") % (name)) + return None + + # is it a main function or a plugin? + if plugin == config.MAIN_LIB: + plugin_ = self + else: + if plugin in self.plugins: + plugin_ = self.plugins[plugin] + else: + self.log.info(_("Plugin %s not found") % plugin) + return self.log.info + return None try: - func = getattr(self, name) + func = getattr(plugin_, callback) return func except: + self.log.info(_("Not supported function '%s' in '%s'") % (callback, plugin)) + traceback.print_exc() return None def commit(self, really_commit=True): -- cgit v1.2.1