log.error(_("No custom file permissions for level '%s'.") % level)
log.info(_("Saving file permissions to '%s' level.") % level)
# updating base level
permconf.reset()
permconf.merge(standard_permconf, overwrite=True)
else:
msec_config.load()
# load base levels
baselevel_name = msec_config.get_base_level()
if baselevel_name:
levelconf = config.load_defaults(log, baselevel_name, root=root)
standard_permconf = config.load_default_perms(log, baselevel_name, root=root)
# load variables from base levels
config.merge_with_baselevel(log, msec_config, msec_config.get_base_level(), config.load_defaults, root='')
config.merge_with_baselevel(log, permconf, msec_config.get_base_level(), config.load_default_perms, root='')
# saving current setting as new level
if save:
newlevel = config.MsecConfig(log, config=config.SECURITY_LEVEL % (root, level))
newlevel.merge(msec_config, overwrite=True)
# update new level name
newlevel.set("BASE_LEVEL", level)
newlevel.save()
# saving new file permissions, if any
newpermlevel = config.PermConfig(log, config=config.PERMISSIONS_LEVEL % (root, level))
newpermlevel.merge(permconf, overwrite=True)
newpermlevel.save()
sys.exit(0)
log = Log(log_path="%s%s" % (root, config.SECURITYLOG), interactive=True, log_syslog=False, log_level=log_level, quiet=quiet)
else:
log_level = logging.WARN
log = Log(log_path="%s%s" % (root, config.SECURITYLOG), interactive=True, log_syslog=False, log_level=log_level, quiet=quiet)
# loading msec config
msec_config = config.MsecConfig(log, config="%s%s" % (root, config.SECURITYCONF))
msec_config.load()
# find out the base level
base_level = msec_config.get_base_level()
# loading permissions
permconf = config.PermConfig(log, config="%s%s" % (root, config.PERMCONF))
permconf.load()
# load variables from base level
config.merge_with_baselevel(log, permconf, base_level, config.load_default_perms, root='')
# merge with a legacy perm.local if exists
if os.access("%s/etc/security/msec/perm.local" % root, os.R_OK):
permlocal = config.PermConfig(log, config="%s/etc/security/msec/perm.local" % root)
permlocal.load()
permconf.merge(permlocal, overwrite=True)
# reloading levelconf for base level
levelconf = config.load_default_perms(log, base_level, root=root)
# load the main permission class
perm = PERMS(log, root=root)
# check permissions
changed_files = perm.check_perms(permconf, files_to_check=args)