Esempio n. 1
0
    def qc_sec_2(self):
        """SHA-2 Certificates Support."""
        qc_step = QCStep("QC_SEC_2", "SHA-2 Certificates Support", "qc_sec_2")

        if self.need_cert:
            config.CFG["cert"] = self.ca.issue_cert(
                hash="2048", key_prv="/etc/grid-security/hostkey.pem", key_pub="/etc/grid-security/hostcert.pem"
            )

            r = self.cfgtool.run()
            if r and r.failed:
                qc_step.print_result("FAIL", "YAIM configuration failed with SHA-2 " "certs.", do_abort=True)
            else:
                qc_step.print_result("OK", "Product services can manage SHA-2 " "certs.")
        else:
            qc_step.print_result("NA", "Product does not need certificates.")
Esempio n. 2
0
    def qc_sec_5(self):
        """World Writable Files check."""
        qc_step = QCStep("QC_SEC_5", "World Writable Files", "qc_sec_5")

        r = qc_step.runcmd(
            (
                'find / -not \\( -path "/proc" -prune \\) '
                '-not \\( -path "/sys" -prune \\) '
                "-type f -perm -002 -exec ls -l {} \;"
            ),
            fail_check=False,
        )
        if r:
            ww_filelist = sec_utils.get_filelist_from_find(r)
            try:
                known_ww_filelist = self.exceptions["known_worldwritable_filelist"]
            except KeyError:
                known_ww_filelist = []
            if set(ww_filelist).difference(set(known_ww_filelist)):
                qc_step.print_result("FAIL", "Found %s world-writable file/s." % len(ww_filelist), do_abort=True)
            else:
                qc_step.print_result("WARNING", ("Found world-writable file/s " "required for operation."))
        else:
            qc_step.print_result("OK", "Found no world-writable file.")