def scan(self, option=None):
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "module not applicable in non-global Solaris zones"
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
results = sb_utils.os.software.is_installed(pkgname=self.__pkgname)
if results == None:
msg = "Unable to determine if %s installed." % self.__pkgname
self.logger.error(self.module_name, 'Scan Error: ' + msg)
if results == False:
msg = "%s (%s) is not installed on the system" % \
(self.__svcdesc, self.__pkgname)
self.logger.warn(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ScanNotApplicable('%s %s' %
(self.module_name, msg))
results = sb_utils.os.service.is_enabled(svcname=self.__svcname)
if results == True:
msg = "svcprop reports %s is on" % self.__svcdesc
self.logger.info(self.module_name, 'Scan Failed: ' + msg)
return 'Fail', msg
return 'Pass', ''
def apply(self, option=None):
result, msg, messages = self.scan(option)
if result == True:
msg = "dtspcd port tcp/6112 is already marked as privileged"
return False, '', msg
messages = {'messages': []}
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to perform module apply or undo action to a "\
"non-global Solaris zone (%s)" % zonename
self.logger.notice(self.module_name, 'Apply Failed: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
action_record = []
try:
out_obj = open(self.__ndd_file, 'a')
out_obj.write("tcp_extra_priv_ports_add=6112\n")
out_obj.close()
action_record.append('applied')
msg = "Appended 'tcp_extra_priv_ports_add=6112' to %s" % self.__ndd_file
self.logger.notice(self.module_name, 'Apply Performed: ' + msg)
messages['messages'].append(msg)
except IOError, err:
msg = "Unable to append 'tcp_extra_priv_ports_add=6112' to %s" % self.__ndd_file
self.logger.error(self.module_name, 'Error: ' + msg)
messages['messages'].append("Error: %s" % msg)
def scan(self, option=None):
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Non-global Solaris zone (%s): Unable to set %s" % (
zonename, self.__param)
self.logger.notice(self.module_name, 'Scan: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
paramlist = sb_utils.os.config.get_list(configfile=self.__target_file,
delim='=')
if paramlist == None:
msg = 'Unable to determine parameter setting'
self.logger.error(self.module_name, 'Scan Error: ' + msg)
raise tcs_utils.ScanError('%s %s' % (self.module_name, msg))
if not paramlist.has_key(self.__param):
reason = "%s option is NOT set in %s" % (self.__param,
self.__target_file)
self.logger.info(self.module_name, 'Scan Failed: ' + reason)
return 'Fail', reason
value = paramlist[self.__param]
if int(value) != 2:
reason = "%s is set to '%s' instead of 2 in %s" % (
self.__param, value, self.__target_file)
self.logger.info(self.module_name, 'Scan Failed: ' + reason)
return 'Fail', reason
else:
return 'Pass', ''
def scan(self, option=None):
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Non-global Solaris zone (%s): SVM services unavailable" % (
zonename)
self.logger.notice(self.module_name, 'Scan: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
if sb_utils.os.software.is_installed(pkgname=self.__pkgname) != True:
msg = "%s (%s) package is not installed" % (self.__svcdesc,
self.__pkgname)
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ScanNotApplicable('%s %s' %
(self.module_name, msg))
self.do_metastat()
fail_flag = False
for chksvc in self.__svcname:
results = sb_utils.os.service.is_enabled(svcname=chksvc)
if results == True:
msg = "svcprop reports %s is on" % chksvc
self.logger.notice(self.module_name, 'Scan Failed: ' + msg)
fail_flag = True
if fail_flag == True:
return 'Fail', msg
return 'Pass', ''
def apply(self, optionDict=None):
result, msg, messages = self.scan(optionDict)
if result == True:
msg = "%s is already set correctly" % (self.__desc)
return False, '', msg
option = optionDict['arpCleanupInterval']
messages = {'messages': []}
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to perform module apply or undo action to a "\
"non-global Solaris zone (%s)" % zonename
self.logger.notice(self.module_name, 'Apply Failed: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' % (self.module_name, msg))
action_record = []
for xparam in self.__param.keys():
results = sb_utils.os.config.setparam( \
configfile=self.__ndd_file, \
param=xparam, value=str(self.__param[xparam]), delim='=')
if results == False:
msg = "Unable to set %s in %s" % (xparam, self.__ndd_file)
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
else:
action_record.append(xparam + '=' + results + '\n')
msg = "%s set to '%d' in %s" % (xparam, self.__param[xparam], self.__ndd_file)
self.logger.notice(self.module_name, "Apply Performed: %s" % msg)
messages['messages'].append(msg)
# Set in memory settings ...
if xparam.startswith('ip'):
thedrvr = 'ip'
if xparam.startswith('icmp'):
thedrvr = 'icmp'
if xparam.startswith('tcp'):
thedrvr = 'tcp'
if xparam.startswith('udp'):
thedrvr = 'udp'
if xparam.startswith('arp'):
thedrvr = 'arp'
results = sb_utils.os.solaris.ndd_set(param=xparam, paramValue=str(self.__param[xparam]), driver=thedrvr)
if results == False:
msg = "Unable to set %s to %s in current running kernel" % (xparam, str(self.__param[xparam]))
self.logger.error(self.module_name, 'Apply Error: ' + msg)
messages['messages'].append("Error: %s" % msg)
else:
msg = "Set %s to %s in current running kernel" % (xparam, str(self.__param[xparam]))
messages['messages'].append(msg)
return True, ''.join(action_record), messages
def apply(self, option=None):
result, reason, messages = self.scan()
if result == True:
return False, '', {}
action_record = []
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Non-global Solaris zone (%s): Unable to use the pmadm command" % (
zonename)
self.logger.notice(self.module_name, 'Scan: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
if not os.path.isfile('/usr/sbin/pmadm'):
msg = "Unable to find /usr/sbin/pmadm command"
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
failure_flag = False
cmd = "/usr/sbin/pmadm -L -p zsmon"
results = tcs_utils.tcs_run_cmd(cmd, True)
if results[0] != 0:
msg = "Unable to execute: %s (%s)" % (cmd, results[2])
self.logger.notice(self.module_name, 'Apply Failed: ' + msg)
return False, '', {}
for line in results[1].split('\n'):
fields = line.split(':')
if len(fields) == 1:
continue
if len(fields) < 4:
msg = "Ignoring malformed line: %s" % line
self.logger.debug(self.module_name, msg)
continue
test = fields[3].find('x')
if test < 0:
cmd = "/usr/sbin/pmadm -d -p zsmon -s %s" % str(fields[2])
results = tcs_utils.tcs_run_cmd(cmd, True)
if results[0] != 0:
msg = "Unable to disable %s: %s" % (
fields[2], str(results[2]).rstrip())
self.logger.notice(self.module_name,
"Apply Failed: " + msg)
else:
msg = "Disabled %s" % (fields[2])
self.logger.notice(self.module_name,
"Apply Performed: " + msg)
action_record.append(fields[2])
return True, ' '.join(action_record), {}
def undo(self, change_record=None):
"""Undo the previous action."""
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "module not applicable in non-global Solaris zones"
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
if not change_record:
msg = "Unable to perform undo operation without change record."
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
failure_flag = False
for xparam in change_record.split('\n'):
if not xparam:
continue
if '=' not in xparam:
msg = 'Malformed change record: %s' % (xparam)
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
param_key = xparam.split('=')[0]
param_val = xparam.split('=')[1]
if not param_val:
results = sb_utils.os.config.unsetparam(
param=param_key, configfile=self.__target_file)
msg = 'Removing %s from %s' % (param_key, self.__target_file)
self.logger.notice(self.module_name, 'Undo Performed: ' + msg)
else:
results = sb_utils.os.config.setparam(
param=param_key,
delim='=',
value=param_val,
configfile=self.__target_file)
msg = 'Resetting %s to %s from %s' % \
(param_key, param_val, self.__target_file)
self.logger.notice(self.module_name, 'Undo Performed: ' + msg)
if results == False:
msg = "Unable to restore settings in %s" % (self.__target_file)
self.logger.error(self.module_name, 'Undo Failed: ' + msg)
failure_flag = True
if failure_flag == True:
return 0
else:
return 1
def scan(self, option=None):
paramlist = sb_utils.os.config.get_list(configfile=self.__target_file,
delim='=')
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global' and not os.path.islink('/dev/ip'):
msg = "Non-global Solaris zone (%s): /dev/ip is unavailable" % (
zonename)
self.logger.notice(self.module_name, 'Scan: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
failure_flag = False
if paramlist == None:
msg = 'Unable to determine parameter setting'
self.logger.error(self.module_name, 'Scan Error: ' + msg)
raise tcs_utils.ScanError('%s %s' % (self.module_name, msg))
for param in self.__param:
curvalue = sb_utils.os.solaris.ndd_get(param=param, driver='ip')
if int(curvalue) != 1:
reason = "%s is set to '%s' instead of 1" % (param, curvalue)
self.logger.notice(self.module_name, 'Scan Failed: ' + reason)
failure_flag = True
continue
if not paramlist.has_key(param):
reason = "%s option is NOT set in %s" % (param,
self.__target_file)
self.logger.notice(self.module_name, 'Scan Failed: ' + reason)
failure_flag = True
continue
value = paramlist[param]
if int(value) != 1:
reason = "%s is set to '%s' instead of 1" % (param, value)
self.logger.notice(self.module_name, 'Scan Failed: ' + reason)
failure_flag = True
else:
msg = "%s is set to 1 in %s" % (param, self.__target_file)
self.logger.info(self.module_name, msg)
if failure_flag == True:
msg = "%s not disabled" % (self.__desc)
self.logger.notice(self.module_name, msg)
return 'Fail', msg
else:
return 'Pass', ''
def apply(self, option=None):
result, reason = self.scan()
if result == 'Pass':
return 0, ''
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to perform module apply or undo action to a "\
"non-global Solaris zone (%s)" % zonename
self.logger.notice(self.module_name, 'Apply Failed: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' % (self.module_name, msg))
action_record = []
for xparam in self.__param.keys():
results = sb_utils.os.config.setparam( \
configfile=self.__target_file, \
param=xparam, value=str(self.__param[xparam]), delim='=')
if results == False:
msg = "Unable to set %s in %s" % (xparam, self.__target_file)
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
else:
action_record.append(xparam + '=' + results + '\n')
msg = "Apply Performed: %s set to '%d' in %s" % \
(xparam, self.__param[xparam], self.__target_file)
self.logger.notice(self.module_name, msg)
# Set in memory settings ...
if xparam.startswith('ip'):
thedrvr = 'ip'
if xparam.startswith('icmp'):
thedrvr = 'icmp'
if xparam.startswith('tcp'):
thedrvr = 'tcp'
if xparam.startswith('udp'):
thedrvr = 'udp'
#curvalue = sb_utils.os.solaris.ndd_get(param=xparam, driver=thedriver)
results = sb_utils.os.solaris.ndd_set(param=xparam,
paramValue=str(self.__param[xparam]), driver=thedrvr)
if results == False:
msg = "Unable to set %s to %s in current running kernel" % (xparam, str(self.__param[xparam]))
self.logger.error(self.module_name, 'Apply Error: ' + msg)
return 1, ''.join(action_record)
def scan(self, option=None):
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Non-global Solaris zone (%s): Unable to use pmadm command" % (
zonename)
self.logger.notice(self.module_name, 'Scan: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
if not os.path.isfile('/usr/sbin/pmadm'):
msg = "Unable to find /usr/sbin/pmadm command"
self.logger.error(self.module_name, 'Scan Error: ' + msg)
raise tcs_utils.ScanError('%s %s' % (self.module_name, msg))
failure_flag = False
cmd = "/usr/sbin/pmadm -L -p zsmon"
results = tcs_utils.tcs_run_cmd(cmd, True)
if results[0] != 0:
msg = "Unable to execute: %s (%s)" % (cmd, results[2])
self.logger.notice(self.module_name, 'Scan Failed: ' + msg)
return False, '', {'messages': [msg]}
for line in results[1].split('\n'):
fields = line.split(':')
if len(fields) == 1:
continue
if len(fields) < 4:
msg = "Ignoring malformed line: %s" % line
self.logger.debug(self.module_name, msg)
continue
test = fields[3].find('x')
if test < 0:
msg = "%s is NOT disabled through port monitor %s" % (
fields[2], fields[0])
self.logger.notice(self.module_name, "Scan Failed: " + msg)
failure_flag = True
else:
msg = "%s is disabled through port monitor %s" % (fields[2],
fields[0])
self.logger.info(self.module_name, msg)
if failure_flag == True:
return False, 'Some services are not disabled through the zsmon port monitor', {
'messages': [msg]
}
else:
return True, '', {}
def undo(self, change_record=None):
messages = {'messages': []}
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to perform module undo or apply action to a "\
"non-global Solaris zone (%s)" % zonename
self.logger.notice(self.module_name, 'Apply Failed: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
if change_record != 'applied':
msg = "Unable to perform undo operation without change record."
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
##########################
## Current running Kernel
curvalues = sb_utils.os.solaris.ndd_get(param='tcp_extra_priv_ports',
driver='tcp').split('\n')
port_list = []
for port in curvalues:
port_list.append(int(port))
if 6112 in port_list:
results = sb_utils.os.solaris.ndd_set(
param='tcp_extra_priv_ports_del',
paramValue='6112',
driver='tcp')
if results == False:
msg = "Unable to 'tcp_extra_priv_ports_del' 6112 in running kernel"
self.logger.error(self.module_name, 'Undo Error: ' + msg)
messages['messages'].append("Error: %s" % msg)
else:
msg = "Executed 'tcp_extra_priv_ports_del' 6112 in running kernel"
self.logger.notice(self.module_name, 'Undo Performed: ' + msg)
messages['messages'].append(msg)
##########################
## Edit /etc/default/ndd
try:
in_obj = open(self.__ndd_file, 'r')
lines = in_obj.readlines()
in_obj.close()
except IOError, err:
msg = "Unable to read %s" % self.__ndd_file
self.logger.error(self.module_name, 'Error: ' + msg)
messages['messages'].append("Error: %s" % msg)
return False, '', messages
def scan(self, option=None):
if option != None:
option = None
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "module not applicable in non-global Solaris zones"
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
try:
in_obj = open('/etc/system')
except IOError, err:
msg = 'Unable to read /etc/system (%s)' % err
self.logger.error(self.module_name, 'Scan Error: ' + msg)
raise tcs_utils.ScanError('%s %s' % (self.module_name, msg))
def scan(self, optionDict=None):
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to check /etc/system parameters in a non-global zone"
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
msg = "Checking /etc/system for directives to exclude scsa2usb and pcmcia"
self.logger.info(self.module_name, msg)
try:
infile = open('/etc/system', 'r')
except IOError, err:
msg = "Unable to read /etc/system: %s" % str(err)
self.logger.error(self.module_name, 'Scan Error: ' + msg)
raise tcs_utils.ScanError('%s %s' % (self.module_name, msg))
def apply(self, option=None):
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "module not applicable in non-global Solaris zones"
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
try:
result, reason = self.scan()
if result == 'Pass':
return 0, ''
except tcs_utils.ScanNotApplicable, err:
msg = "module is not applicable for this system"
self.logger.error(self.module_name, 'Apply Error: ' + msg)
return 0, ''
def apply(self, option=None):
results, reason = self.scan(option)
if results == 'Pass':
return 0, ''
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Non-global Solaris zone (%s): SVM services unavailable" % (
zonename)
self.logger.notice(self.module_name, 'Scan: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
action_record = []
if sb_utils.os.software.is_installed(pkgname=self.__pkgname) != True:
msg = "%s (%s) package is not installed" % (self.__svcdesc,
self.__pkgname)
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
return 0, ''
if self.using_metadevice() == True:
msg = "There are mounted filesystems on SVM metadevices; this " \
"module will NOT perform an apply."
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
for chksvc in self.__svcname:
results = sb_utils.os.service.is_enabled(svcname=chksvc)
if results == True:
action_record.append("on|%s\n" % chksvc)
results = sb_utils.os.service.disable(svcname=chksvc)
if results != True:
msg = 'Failed to disable %s' % chksvc
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' %
(self.module_name, msg))
else:
msg = '%s (%s) disabled' % (self.__svcdesc, chksvc)
self.logger.notice(self.module_name,
'Apply Performed: ' + msg)
return 1, ''.join(action_record)
def undo(self, change_record=None):
"""Undo the previous action."""
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "module not applicable in non-global Solaris zones"
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
results = sb_utils.os.software.is_installed(pkgname=self.__pkgname)
if results != True:
msg = "%s is not installed on the system" % self.__svcname
self.logger.notice(self.module_name, 'Skipping undo: ' + msg)
return 0
if not change_record:
msg = "Skipping Undo: No change record in state file."
self.logger.notice(self.module_name, 'Skipping undo: ' + msg)
return 0
if change_record not in ['off', 'on']:
msg = "Skipping Undo: Uknown change record in state file: '%s'" % change_record
self.logger.notice(self.module_name, 'Skipping undo: ' + msg)
return 0
if change_record == 'on':
results = sb_utils.os.service.enable(svcname=self.__svcname)
if change_record == 'off':
results = sb_utils.os.service.disable(svcname=self.__svcname)
if results != True:
msg = "Unable to set %s (%s) service to '%s' " % (
self.__svcdesc, self.__svcname, change_record)
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
msg = "%s (%s) service set to '%s' " % (self.__svcdesc, self.__svcname,
change_record)
self.logger.notice(self.module_name, 'Undo Performed: ' + msg)
return 1
def undo(self, change_record=None):
"""Undo the previous action."""
if sb_utils.os.software.is_installed(pkgname=self.__pkgname) != True:
msg = "%s (%s) package is not installed" % (self.__svcdesc,
self.__pkgname)
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
return 0
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Non-global Solaris zone (%s): SVM services unavailable" % (
zonename)
self.logger.notice(self.module_name, 'Scan: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
if change_record == None:
msg = 'No change record provided; unable to perform undo.'
self.logger.error(self.module_name, 'Undo Error: ' + msg)
return 0
for chksvc in change_record.split('\n'):
if chksvc == "":
continue
fields = chksvc.split('|')
if len(fields) != 2:
msg = "Malformed change record: \"%s\"" % chksvc
self.logger.error(self.module_name, 'Undo Error: ' + msg)
continue
if fields[0] == 'on':
results = sb_utils.os.service.enable(svcname=fields[1])
if results != True:
msg = 'Failed to enable %s' % fields[1]
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' %
(self.module_name, msg))
else:
msg = '%s (%s) enabled' % (self.__svcdesc, fields[1])
self.logger.notice(self.module_name,
'Undo Performed: ' + msg)
return 1
def apply(self, optionDict=None):
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to change /etc/system parameters in a non-global zone"
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
action_record = []
tcs_utils.protect_file('/etc/system')
failure_flag = False
try:
infile = open('/etc/system', 'r')
outfile = open('/etc/system.new', 'w')
except IOError, err:
msg = str(err)
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
def undo(self, change_record=None):
"""Undo the previous action."""
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "module not applicable in non-global Solaris zones"
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
if not change_record or change_record != 'enabled':
msg = "unable to undo without valid change record"
self.logger.error(self.module_name, 'Undo Error: ' + msg)
return 0
try:
result, reason = self.scan()
if result == 'Fail':
return 0
except tcs_utils.ScanNotApplicable, err:
msg = 'module is not applicable for this system.'
self.logger.error(self.module_name, 'Undo Error: ' + msg)
return 0
def undo(self, change_record=None):
"""Undo the previous action."""
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to change /etc/system parameters in a non-global zone"
self.logger.notice(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
if not change_record:
msg = "Unable to perform undo operation without change record."
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
try:
infile = open('/etc/system', 'r')
lines = infile.readlines()
infile.close()
except IOError, err:
msg = str(err)
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
def undo(self, change_record=None):
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to perform module undo or apply action to a "\
"non-global Solaris zone (%s)" % zonename
self.logger.notice(self.module_name, 'Apply Failed: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
if not change_record:
msg = "Unable to perform undo operation without change record."
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
failure_flag = False
for xparam in change_record.split('\n'):
if not xparam:
continue
if '=' not in xparam:
msg = 'Malformed change record: %s' % (xparam)
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
param_key = xparam.split('=')[0]
param_val = xparam.split('=')[1]
if not param_val:
results = sb_utils.os.config.unsetparam(
param=param_key, configfile=self.__target_file)
msg = 'Removing %s from %s' % (param_key, self.__target_file)
self.logger.notice(self.module_name, 'Undo Performed: ' + msg)
else:
results = sb_utils.os.config.setparam(
param=param_key,
delim='=',
value=param_val,
configfile=self.__target_file)
msg = 'Resetting %s to %s from %s' % \
(param_key, param_val, self.__target_file)
self.logger.notice(self.module_name, 'Undo Performed: ' + msg)
if results == False:
msg = "Unable to restore %s in %s" % (param_key,
self.__target_file)
self.logger.error(self.module_name, 'Undo Failed: ' + msg)
failure_flag = True
# Set in memory settings ...
if param_key.startswith('ip'):
thedrvr = 'ip'
if param_key.startswith('icmp'):
thedrvr = 'icmp'
if param_key.startswith('tcp'):
thedrvr = 'tcp'
if param_key.startswith('udp'):
thedrvr = 'udp'
results = sb_utils.os.solaris.ndd_set(param=param_key,
paramValue=param_val,
driver=thedrvr)
if results == False:
msg = "Unable to set %s to %s in current running kernel" % (
param_key, param_key)
self.logger.error(self.module_name, 'Undo Error: ' + msg)
failure_flag = True
if failure_flag == True:
return 0
else:
return 1
def apply(self, optionDict=None):
result, reason = self.scan(optionDict)
if result == 'Pass':
return 0, ''
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to perform module apply or undo action to a "\
"non-global Solaris zone (%s)" % zonename
self.logger.notice(self.module_name, msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
action_record = []
if optionDict != None and 'tcpMaxSynBacklog' in optionDict:
option = optionDict['tcpMaxSynBacklog']
option = int(option)
if option < 1024:
msg = "Specified option value %d < 1024 is not recommended "\
"for tcp_conn_req_max_q0 therefore, using 4096 instead." \
% (option)
self.logger.warn(self.module_name, msg)
option = 4096
self._param['tcp_conn_req_max_q0'] = 4096
if option > 4096:
msg = "Specified option %d > 4096; not recommended for "\
"tcp_conn_req_max_q0 however, still using value" % (option)
self.logger.warn(self.module_name, msg)
else:
msg = "No specified option value for tcp_conn_req_max_q0 "\
"therefore, defaulting to 4096"
self.logger.warn(self.module_name, msg)
option = 1024
self._param['tcp_conn_req_max_q0'] = 4096
for xparam in self._param.keys():
results = sb_utils.os.config.setparam( \
configfile=self.__target_file, \
param=xparam, value=str(self._param[xparam]), delim='=')
if results == False:
msg = "Unable to set %s in %s" % (xparam, self.__target_file)
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
else:
action_record.append(xparam + '=' + results + '\n')
msg = "Apply Performed: %s set to '%d' in %s" % \
(xparam, self._param[xparam], self.__target_file)
self.logger.notice(self.module_name, msg)
# Set in memory settings ...
if xparam.startswith('ip'):
thedrvr = 'ip'
if xparam.startswith('icmp'):
thedrvr = 'icmp'
if xparam.startswith('tcp'):
thedrvr = 'tcp'
if xparam.startswith('udp'):
thedrvr = 'udp'
results = sb_utils.os.solaris.ndd_set(param=xparam,
paramValue=str(
self._param[xparam]),
driver=thedrvr)
if results == False:
msg = "Unable to set %s to %s in current running kernel" % (
xparam, str(self._param[xparam]))
self.logger.error(self.module_name, 'Apply Error: ' + msg)
return 1, ''.join(action_record)
def scan(self, option=None):
paramlist = sb_utils.os.config.get_list(configfile=self.__target_file,
delim='=')
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global' and not os.path.islink('/dev/ip'):
msg = "Non-global Solaris zone (%s): /dev/ip is unavailable" % (zonename)
self.logger.notice(self.module_name, 'Scan: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' % (self.module_name, msg))
failure_flag = False
if paramlist == None:
msg = 'Scan Error: Unable to determine parameter setting'
self.logger.error(self.module_name, msg)
raise tcs_utils.ScanError('%s %s' % (self.module_name, msg))
for param in self.__param.keys():
if param.startswith('ip'):
thedriver = 'ip'
if param.startswith('icmp'):
thedriver = 'icmp'
if param.startswith('tcp'):
thedriver = 'tcp'
if param.startswith('udp'):
thedriver = 'udp'
curvalue = sb_utils.os.solaris.ndd_get(param=param, driver=thedriver)
if int(curvalue) != int(self.__param[param]):
reason = "Scan Failed: %s is set to '%s' instead of %d" % \
(param, curvalue, self.__param[param])
self.logger.notice(self.module_name, reason)
failure_flag = True
continue
# Module ONLY applies to global Solaris zones
if zonename != 'global':
msg = "Non-global Solaris zone (%s): Skipping check of "\
"/etc/default/ndd" % (zonename)
self.logger.debug(self.module_name, 'Scan: ' + msg)
continue
# Is parameter implicility set in /etc/default/ndd?
if not paramlist.has_key(param):
msg = "Scan Failed: %s option is NOT set in %s" % \
(param, self.__target_file)
self.logger.notice(self.module_name, msg)
failure_flag = True
continue
# If parameter is set, does it match desired value?
value = paramlist[param]
if int(value) != int(self.__param[param]):
msg = "Scan Failed: %s is set to '%s' instead of %d" % \
(param, value, self.__param[param])
self.logger.notice(self.module_name, msg)
failure_flag = True
else:
msg = "%s is set to '%d' in %s" % \
(param, self.__param[param], self.__target_file)
self.logger.info(self.module_name, msg)
if failure_flag == True:
msg = "%s not disabled" % (self.__desc)
self.logger.notice(self.module_name, msg)
return 'Fail', msg
else:
return 'Pass', ''
def scan(self, optionDict=None):
messages = {'messages': [] }
paramlist = sb_utils.os.config.get_list(configfile=self.__ndd_file, delim='=')
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global' and not os.path.islink('/dev/arp'):
msg = "Non-global Solaris zone (%s): /dev/arp is unavailable" % (zonename)
self.logger.notice(self.module_name, 'Scan: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' % (self.module_name, msg))
if optionDict != None and 'arpCleanupInterval' in optionDict:
option = optionDict['arpCleanupInterval']
option = int(option)
if option < 100:
msg = "Specified option value %d < 100ms is not recommended "\
"for arp_clean_interval therefore, using default 60000ms instead." % (option)
self.logger.warn(self.module_name, msg)
messages['messages'].append(msg)
else:
self.__param['arp_cleanup_interval'] = option
else:
msg = "No specified option value for arp_cleanup_interval "\
"therefore, defaulting to 60000ms"
self.logger.warn(self.module_name, msg)
messages['messages'].append(msg)
failure_flag = False
if paramlist == None:
msg = 'Scan Error: Unable to determine parameter setting'
self.logger.error(self.module_name, msg)
raise tcs_utils.ScanError('%s %s' % (self.module_name, msg))
for param in self.__param.keys():
if param.startswith('ip'):
thedriver = 'ip'
if param.startswith('icmp'):
thedriver = 'icmp'
if param.startswith('tcp'):
thedriver = 'tcp'
if param.startswith('udp'):
thedriver = 'udp'
if param.startswith('arp'):
thedriver = 'arp'
curvalue = sb_utils.os.solaris.ndd_get(param=param, driver=thedriver)
if int(curvalue) != int(self.__param[param]):
msg = "%s is set to '%s' instead of %d" % (param, curvalue, self.__param[param])
self.logger.notice(self.module_name, "Scan Failed: %s" % msg)
messages['messages'].append("Fail: %s" % msg)
failure_flag = True
continue
else:
msg = "%s is set to '%s' in kernel" % (param, curvalue)
messages['messages'].append("Okay: %s" % msg)
# Module ONLY applies to global Solaris zones
if zonename != 'global':
msg = "Non-global Solaris zone (%s): Skipping check of "\
"/etc/default/ndd" % (zonename)
self.logger.debug(self.module_name, 'Scan: ' + msg)
messages['messages'].append("Fail: %s" % msg)
continue
# Is parameter implicility set in /etc/default/ndd?
if not paramlist.has_key(param):
msg = "%s option is NOT set in %s" % (param, self.__ndd_file)
self.logger.notice(self.module_name, "Scan Failed: %s" % msg)
failure_flag = True
messages['messages'].append("Fail: %s" % msg)
continue
# If parameter is set, does it match desired value?
value = paramlist[param]
if int(value) != int(self.__param[param]):
msg = "%s is set to '%s' instead of %d in %s" % (param, value, self.__param[param], self.__ndd_file)
self.logger.notice(self.module_name, "Scan Failed: %s" % msg)
messages['messages'].append("Fail: %s" % msg)
failure_flag = True
else:
msg = "%s is set to '%d' in %s" % (param, self.__param[param], self.__ndd_file)
self.logger.info(self.module_name, msg)
messages['messages'].append("Okay: %s" % msg)
if failure_flag == True:
msg = "%s is not set correctly" % (self.__desc)
self.logger.notice(self.module_name, msg)
return False, msg, messages
else:
msg = "%s is set correctly" % (self.__desc)
return True, msg, messages
def scan(self, option=None):
messages = {'messages': []}
failure_flag = False
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global' and not os.path.islink('/dev/tcp'):
msg = "Non-global Solaris zone (%s): /dev/tcp is unavailable" % (
zonename)
self.logger.notice(self.module_name, 'Scan: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
##############
## Check value in running kernel
curvalues = sb_utils.os.solaris.ndd_get(param='tcp_extra_priv_ports',
driver='tcp').split('\n')
port_list = []
for port in curvalues:
port_list.append(int(port))
if 6112 not in port_list:
msg = "Port tcp/6112 is not a privileged port in the running kernel"
self.logger.notice(self.module_name, "Scan Failed: %s" % msg)
messages['messages'].append("Fail: %s" % msg)
failure_flag = True
else:
msg = "Port tcp/6112 is a privileged port in the running kernel"
messages['messages'].append("Okay: %s" % msg)
##################
## Check the ndd configuration file
if zonename != 'global':
msg = "Non-global Solaris zone (%s): Skipping check of %s" % (
zonename, self.__ndd_file)
self.logger.debug(self.module_name, 'Scan: ' + msg)
messages['messages'].append("Fail: %s" % msg)
else:
foundit = False
try:
in_obj = open(self.__ndd_file, 'r')
for line in in_obj.readlines():
if not line.startswith('tcp_extra_priv_ports_add'):
continue
else:
(keyname, keyvalue) = line.rstrip().split('=')
if int(keyvalue) == 6112:
foundit = True
break
in_obj.close()
if foundit == False:
msg = "Could not find 'tcp_extra_priv_ports_add=6112' in %s" % self.__ndd_file
messages['messages'].append("Fail: %s" % msg)
failure_flag = True
else:
msg = "Found 'tcp_extra_priv_ports_add=6112' in %s" % self.__ndd_file
messages['messages'].append("Okay: %s" % msg)
except (IndexError, IOError), err:
msg = 'Unable to read %s: %s' % (self.__ndd_file, err)
self.logger.error(self.module_name, msg)
messages['messages'].append("Error: %s" % msg)
