def __check_mysql_path(self): try: #获取datadir路径 mypath = '/etc/my.cnf' if not os.path.exists(mypath): return False public.set_mode(mypath, 644) mycnf = public.readFile(mypath) tmp = re.findall('datadir\s*=\s*(.+)', mycnf) if not tmp: return False datadir = tmp[0] #可以被启动的权限 accs = ['755', '777'] #处理data目录权限 mode_info = public.get_mode_and_user(datadir) if not mode_info['mode'] in accs or mode_info['user'] != 'mysql': public.ExecShell('chmod 755 ' + datadir) public.ExecShell('chown -R mysql:mysql ' + datadir) #递归处理父目录权限 datadir = os.path.dirname(datadir) while datadir != '/': if datadir == '/': break mode_info = public.get_mode_and_user(datadir) if not mode_info['mode'] in accs: public.ExecShell('chmod 755 ' + datadir) datadir = os.path.dirname(datadir) except: pass
def check_run(): ''' @name 开始检测 @author hwliang<2020-08-05> @return tuple (status<bool>,msg<string>) ''' dir_list = [ ['/usr',755,'root'], ['/usr/bin',555,'root'], ['/usr/sbin',555,'root'], ['/usr/lib',555,'root'], ['/usr/lib64',555,'root'], ['/usr/local',755,'root'], ['/etc',755,'root'], ['/etc/passwd',644,'root'], ['/etc/shadow',000,'root'], ['/etc/gshadow',000,'root'], ['/etc/cron.deny',600,'root'], ['/etc/anacrontab',600,'root'], ['/var',755,'root'], ['/var/spool',755,'root'], ['/var/spool/cron',700,'root'], ['/var/spool/cron/root',600,'root'], ['/var/spool/cron/crontabs/root',600,'root'], ['/www',755,'root'], ['/www/server',755,'root'], ['/www/wwwroot',755,'root'], ['/root',550,'root'], ['/mnt',755,'root'], ['/home',755,'root'], ['/dev',755,'root'], ['/opt',755,'root'], ['/sys',555,'root'], ['/run',755,'root'], ['/tmp',777,'root'] ] not_mode_list = [] for d in dir_list: if not os.path.exists(d[0]): continue u_mode = public.get_mode_and_user(d[0]) if u_mode['user'] != d[2]: not_mode_list.append("{} Current permissions: {} : {} Security permissions: {} : {}".format(d[0],u_mode['mode'],u_mode['user'],d[1],d[2])) if int(u_mode['mode']) != d[1]: not_mode_list.append("{} Current permissions: {} : {} Security permissions: {} : {}".format(d[0],u_mode['mode'],u_mode['user'],d[1],d[2])) if not_mode_list: return False,'The following system file or directory permissions are incorrect: <br />' + ("<br />".join(not_mode_list)) return True,'Risk-free'