permconf = config.PermConfig(log, config="%s%s" % (root, config.PERMCONF)) permconf.load() # forcing new level if force_level: # first load the default configuration for level levelconf = config.load_defaults(log, level, root=root) params = levelconf.list_options() if not params: log.error(_("Level '%s' not found, aborting.") % level) sys.exit(1) log.info(_("Switching to '%s' level.") % level) msec_config.reset() msec_config.merge(levelconf, overwrite=True) # now saving new permissions standard_permconf = config.load_default_perms(log, level, root=root) params = standard_permconf.list_options() if not params: log.error(_("No custom file permissions for level '%s'.") % level) log.info(_("Saving file permissions to '%s' level.") % level) # updating base level permconf.reset() permconf.merge(standard_permconf, overwrite=True) else: msec_config.load() # load base levels baselevel_name = msec_config.get_base_level() if baselevel_name: levelconf = config.load_defaults(log, baselevel_name, root=root) standard_permconf = config.load_default_perms(log, baselevel_name, root=root)
# parse command line try: opt, args = getopt.getopt(sys.argv[1:], 'hel=dpr:q', ['help', 'enforce', 'list=', 'debug', 'pretend', 'root=', 'quiet']) except getopt.error: usage() sys.exit(1) for o in opt: # help if o[0] == '-h' or o[0] == '--help': usage() sys.exit(0) # list elif o[0] == '-l' or o[0] == '--list': level = o[1] log = Log(interactive=True, log_syslog=False, log_file=False) permconf = config.load_default_perms(log, level) params = permconf.list_options() if not params: print >>sys.stderr, _("Invalid security level '%s'.") % level sys.exit(1) for file in params: user, group, perm, force = permconf.get(file) if force: print "!! forcing permissions on %s" % file print "%s: %s.%s perm %s" % (file, user, group, perm) sys.exit(0) # debugging elif o[0] == '-d' or o[0] == '--debug': log_level = logging.DEBUG # permission enforcing elif o[0] == '-e' or o[0] == '--enforce':