From 315473c53155054c3ba1abe906c25f4211842897 Mon Sep 17 00:00:00 2001
From: Papoteur <papoteur@mageia.org>
Date: Tue, 5 Sep 2017 09:40:38 +0200
Subject: suppress DNS_SPOOFING_PROTECTION (mga#21621).

---
 src/msec/plugins/network.py | 20 +-------------------
 1 file changed, 1 insertion(+), 19 deletions(-)

(limited to 'src/msec')

diff --git a/src/msec/plugins/network.py b/src/msec/plugins/network.py
index 2f5753b..e33a51b 100755
--- a/src/msec/plugins/network.py
+++ b/src/msec/plugins/network.py
@@ -107,14 +107,13 @@ class network:
         config.SETTINGS['ACCEPT_BROADCASTED_ICMP_ECHO'] = ("network.accept_broadcasted_icmp_echo", ['yes', 'no'])
         config.SETTINGS['ACCEPT_ICMP_ECHO'] = ("network.accept_icmp_echo", ['yes', 'no'])
         config.SETTINGS['ALLOW_REMOTE_ROOT_LOGIN'] = ("network.allow_remote_root_login", ['yes', 'no', 'without-password'])
-        config.SETTINGS['ENABLE_DNS_SPOOFING_PROTECTION'] = ("network.enable_dns_spoofing_protection", ['yes', 'no'])
         config.SETTINGS['ENABLE_IP_SPOOFING_PROTECTION'] = ("network.enable_ip_spoofing_protection", ['yes', 'no'])
         config.SETTINGS['ENABLE_LOG_STRANGE_PACKETS'] = ("network.enable_log_strange_packets", ['yes', 'no'])
 
         # network settings
         for check in ["ACCEPT_BOGUS_ERROR_RESPONSES", "ACCEPT_BROADCASTED_ICMP_ECHO", "ACCEPT_ICMP_ECHO",
                     "ALLOW_REMOTE_ROOT_LOGIN", "ALLOW_X_CONNECTIONS", "ALLOW_XSERVER_TO_LISTEN",
-                    "AUTHORIZE_SERVICES", "ENABLE_DNS_SPOOFING_PROTECTION", "ENABLE_IP_SPOOFING_PROTECTION",
+                    "AUTHORIZE_SERVICES", "ENABLE_IP_SPOOFING_PROTECTION",
                     "ENABLE_LOG_STRANGE_PACKETS"]:
             config.SETTINGS_NETWORK.append(check)
 
@@ -162,23 +161,6 @@ class network:
         '''  Enable IP spoofing protection.'''
         self.set_zero_one_variable(SYSCTLCONF, 'net.ipv4.conf.all.rp_filter', arg, 'Enabling ip spoofing protection', 'Disabling ip spoofing protection')
 
-    def enable_dns_spoofing_protection(self, arg, alert=1):
-        '''  Enable name resolution spoofing protection.'''
-        hostconf = self.configfiles.get_config_file(HOSTCONF)
-
-        val = hostconf.get_match('nospoof\s+on')
-
-        if arg:
-            if not val:
-                self.log.info(_('Enabling name resolution spoofing protection'))
-                hostconf.replace_line_matching('nospoof', 'nospoof on', 1)
-                hostconf.replace_line_matching('spoofalert', 'spoofalert on', (alert != 0))
-        else:
-            if val:
-                self.log.info(_('Disabling name resolution spoofing protection'))
-                hostconf.remove_line_matching('nospoof')
-                hostconf.remove_line_matching('spoofalert')
-
     def accept_icmp_echo(self, arg):
         ''' Accept ICMP echo.'''
         self.set_zero_one_variable(SYSCTLCONF, 'net.ipv4.icmp_echo_ignore_all', invert(arg), 'Ignoring icmp echo', 'Accepting icmp echo')
-- 
cgit v1.2.1