log = Log(log_path="%s%s" % (root, config.SECURITYLOG), interactive=False, log_syslog=False, log_level=log_level, quiet=quiet) # loading initial config msec_config = config.MsecConfig(log, config="%s%s" % (root, config.SECURITYCONF)) permconf = None # loading permissions permconf = config.PermConfig(log, config="%s%s" % (root, config.PERMCONF)) permconf.load() # forcing new level if force_level: # first load the default configuration for level levelconf = config.load_defaults(log, level, root=root) params = levelconf.list_options() if not params: log.error(_("Level '%s' not found, aborting.") % level) sys.exit(1) log.info(_("Switching to '%s' level.") % level) msec_config.reset() msec_config.merge(levelconf, overwrite=True) # now saving new permissions standard_permconf = config.load_default_perms(log, level, root=root) params = standard_permconf.list_options() if not params: log.error(_("No custom file permissions for level '%s'.") % level) log.info(_("Saving file permissions to '%s' level.") % level) # updating base level permconf.reset() permconf.merge(standard_permconf, overwrite=True) else: msec_config.load()
# find out the base level base_level = msec_config.get_base_level() # loading permissions permconf = config.PermConfig(log, config="%s%s" % (root, config.PERMCONF)) permconf.load() # load variables from base level config.merge_with_baselevel(log, permconf, base_level, config.load_default_perms, root='') # merge with a legacy perm.local if exists if os.access("%s/etc/security/msec/perm.local" % root, os.R_OK): permlocal = config.PermConfig(log, config="%s/etc/security/msec/perm.local" % root) permlocal.load() permconf.merge(permlocal, overwrite=True) # reloading levelconf for base level levelconf = config.load_default_perms(log, base_level, root=root) # load the main permission class perm = PERMS(log, root=root) # check permissions changed_files = perm.check_perms(permconf, files_to_check=args) # writing back changes perm.commit(really_commit=commit, enforce=enforce) # saving updated config if commit: if not permconf.save(levelconf): log.error(_("Unable to save config!")) sys.exit(0)