permconf = config.PermConfig(log, config="%s%s" % (root, config.PERMCONF))
permconf.load()
# forcing new level
if force_level:
# first load the default configuration for level
levelconf = config.load_defaults(log, level, root=root)
params = levelconf.list_options()
if not params:
log.error(_("Level '%s' not found, aborting.") % level)
sys.exit(1)
log.info(_("Switching to '%s' level.") % level)
msec_config.reset()
msec_config.merge(levelconf, overwrite=True)
# now saving new permissions
standard_permconf = config.load_default_perms(log, level, root=root)
params = standard_permconf.list_options()
if not params:
log.error(_("No custom file permissions for level '%s'.") % level)
log.info(_("Saving file permissions to '%s' level.") % level)
# updating base level
permconf.reset()
permconf.merge(standard_permconf, overwrite=True)
else:
msec_config.load()
# load base levels
baselevel_name = msec_config.get_base_level()
if baselevel_name:
levelconf = config.load_defaults(log, baselevel_name, root=root)
standard_permconf = config.load_default_perms(log, baselevel_name, root=root)
# parse command line
try:
opt, args = getopt.getopt(sys.argv[1:], 'hel=dpr:q', ['help', 'enforce', 'list=', 'debug', 'pretend', 'root=', 'quiet'])
except getopt.error:
usage()
sys.exit(1)
for o in opt:
# help
if o[0] == '-h' or o[0] == '--help':
usage()
sys.exit(0)
# list
elif o[0] == '-l' or o[0] == '--list':
level = o[1]
log = Log(interactive=True, log_syslog=False, log_file=False)
permconf = config.load_default_perms(log, level)
params = permconf.list_options()
if not params:
print >>sys.stderr, _("Invalid security level '%s'.") % level
sys.exit(1)
for file in params:
user, group, perm, force = permconf.get(file)
if force:
print "!! forcing permissions on %s" % file
print "%s: %s.%s perm %s" % (file, user, group, perm)
sys.exit(0)
# debugging
elif o[0] == '-d' or o[0] == '--debug':
log_level = logging.DEBUG
# permission enforcing
elif o[0] == '-e' or o[0] == '--enforce':
