示例#1
0
    def fix_group_allow(self, element):

        if not files.contains(element['name'], '"domain admins"'):
            files.append(element['name'], '\n"domain admins"')

        if CONFIG.is_set('site','ldap_dev_team'):
            ldap_dev_team_val = '\n%s' % CONF_MAP('site','ldap_dev_team')
            if not files.contains(element['name'], ldap_dev_team_val):
                files.append(element['name'], ldap_dev_team_val)
示例#2
0
 def check_secure_php(self, element):
     is_ok = True
     is_ok &= files.contains(element['name'], '\nexpose_php = Off\n')
     if CONF_MAP('site', 'php_enhanced_security'):
         is_ok &= files.contains(element['name'], self.dis_fun)
     else:
         is_ok &= files.contains(element['name'], self.org_dis_fun)
         
     return is_ok
示例#3
0
    def fix_centrify_conf(self, element):
        if CONF_MAP('centrify', 'pam_allow_enabled'):
            if not files.contains(element['name'], '\npam.allow.users: file:/etc/centrifydc/users.allow\n'):
                files.replace_in(element['name'],
                                '\n# pam.allow.users: file:/etc/centrifydc/users.allow\n',
                                '\npam.allow.users: file:/etc/centrifydc/users.allow\n')

            if not files.contains(element['name'], '\npam.allow.groups: file:/etc/centrifydc/groups.allow\n'):
                files.replace_in(element['name'],
                                '\n# pam.allow.groups: file:/etc/centrifydc/groups.allow\n',
                                '\npam.allow.groups: file:/etc/centrifydc/groups.allow\n')
示例#4
0
    def fix_secure_php(self, element):

        if not files.contains(element['name'], '\nexpose_php = Off\n'):
            files.replace_in(element['name'],
                            '\nexpose_php = On\n',
                            '\nexpose_php = Off\n')
        if CONF_MAP('site', 'php_enhanced_security'):
            if not files.contains(element['name'], self.dis_fun ):
                files.replace_in(element['name'], self.org_dis_fun, self.dis_fun)
        else:    
            files.replace_in(element['name'], self.dis_fun, self.org_dis_fun)
示例#5
0
    def check_secure(self, element):
        is_secure = True

        is_secure &= files.contains(element['name'],
                                    '\nServerTokens Prod')

        is_secure &= files.contains(element['name'],
                                    '\nServerSignature Off')

        is_secure &= files.contains(element['name'],
                                    '\n#ServerSignature On')

        is_secure &= files.contains(element['name'],
                                    self.root_directive)
        return is_secure
示例#6
0
    def check_munin_master_ip(self, element):
        is_ok = True
        if self.master_ip:
            mip = "\nallow ^%s$\n" % self.master_ip.replace('.','\.')
            is_ok &= files.contains(element['name'],mip)

        return is_ok
示例#7
0
    def check_mysql(self, element):

        is_ok = True

        is_ok &= files.contains('/etc/apparmor.d/usr.sbin.mysqld', '/data/mysql/')
        is_ok &= files.realpath('/var/lib/mysql/') == '/data/mysql'

        return is_ok
示例#8
0
    def fix_munin_master_ip(self, element):

        if self.master_ip:
            mip = "allow ^%s$\n" % self.master_ip.replace('.','\.')
            loc_n_mip = LOCIP + mip
            if not files.contains(element['name'], loc_n_mip):
                files.replace_in(element['name'],
                                self.LOCIP, 
                                loc_n_mip)
示例#9
0
    def fix_ssh(self, element):

        if not files.contains(element['name'], self.CHROOT_RULE):
            files.append(element['name'], "\n%s\n" % self.CHROOT_RULE)
            cmd_list = [
                "service ssh restart",
            ]
            completed, pinfo = core.exec_cmd_list(cmd_list)
            if not completed:
                raise Exception(t("Error in installation!"), element['name'])
示例#10
0
    def fix_secure(self, element):

        if not files.contains(element['name'], '\nServerTokens Prod'):
            files.replace_in(element['name'],
                            'ServerTokens OS',
                            'ServerTokens Prod')

        if not files.contains(element['name'], '\nServerSignature Off'):
            files.replace_in(element['name'],
                            '#ServerSignature Off',
                            'ServerSignature Off')

        if not files.contains(element['name'], '\n#ServerSignature On'):
            files.replace_in(element['name'],
                            'ServerSignature On',
                            '#ServerSignature On')

        if not files.contains(element['name'], self.root_directive):
            files.append(element['name'], self.root_directive)
示例#11
0
 def move_mysql(self, element):
     if not files.contains('/etc/apparmor.d/usr.sbin.mysqld', '/data/mysql/'):
         files.replace_in('/etc/apparmor.d/usr.sbin.mysqld',
                             '/var/lib/mysql/',
                             '/data/mysql/')
     if not files.realpath('/var/lib/mysql/') == '/data/mysql':
         cmd_list = [
             "/etc/init.d/mysql stop",
             "mv /var/lib/mysql/ /data/",
             "ln -s /data/mysql /var/lib/mysql",
             "chown -h mysql:mysql /var/lib/mysql",
             "service apparmor reload",
             "/etc/init.d/mysql start",
         ]
         completed, pinfo = core.exec_cmd_list(cmd_list)
         if not completed:
             raise Exception(t("Error in installation!"), element['name'])
示例#12
0
 def fix_common_session(self, element):
     if not files.contains(element['name'], '\nsession\trequired\tpam_script.so\trunas=root\n'):
         files.replace_in(element['name'],
                         'session\trequired\tpam_unix.so',
                         'session\trequired\tpam_script.so\trunas=root\nsession\trequired\tpam_unix.so\n')
示例#13
0
 def check_ses_open(self, element):
     is_ok = True
     with open(files.get_rel_path("data/pam_script_ses_open.py")) as f:
         is_ok &= files.contains(element['name'], f.read())
     return is_ok
示例#14
0
文件: site.py 项目: pylanglois/uwsa
 def fix_centrify_allow(self):
     g_allow = '/etc/centrifydc/groups.allow'
     ldap_group = self.conf.get('access','ldap_group')
     if ldap_group and not files.contains(g_allow, ldap_group):
         files.append(g_allow, '\n%s' % ldap_group)
示例#15
0
 def check_common_session(self, element):
     is_ok = True
     is_ok &= files.contains(element['name'], '\nsession\trequired\tpam_script.so\trunas=root\n')
     return is_ok
示例#16
0
 def check_acl_crontab(self, element):
     is_ok = True
     is_ok &= files.contains('/etc/crontab', self.RESTORE_OWNERSHIP)
     return is_ok
示例#17
0
文件: site.py 项目: pylanglois/uwsa
 def check_centrify_allow(self, group):
     is_ok = True
     is_ok &= files.contains('/etc/centrifydc/groups.allow', group)
     return is_ok
示例#18
0
    def check_ufw(self, element):
        is_ok = True

        is_ok &= files.contains(element['name'], '\n& ~\n')

        return is_ok
示例#19
0
    def check_backup(self, element):
        is_ok = True

        is_ok &= files.contains(element['name'], 'BACKUPDIR="/data/automysqlbackup"')

        return is_ok
示例#20
0
 def check_perm_dev_team(self, element):
     is_ok = False
     is_ok = files.contains(element['name'], self.cron_acl_dev_team)
     return is_ok
示例#21
0
 def fix_perm_dev_team(self, element):
     if not files.contains(element['name'], self.cron_acl_dev_team):
         files.create(element['name'], self.cron_acl_dev_team)
     files.chmod(element['name'], u='rx',g='rx',o='rx')
示例#22
0
 def check_sudoers(self, element):
     is_ok = True
     is_ok &= files.contains(element['name'], '%domain\ admins ALL=(ALL) ALL')
     return is_ok
示例#23
0
 def check_perm_cron(self, element):
     is_ok = False
     is_ok = files.contains(element['name'], self.cron_acl_sudo)
     return is_ok
示例#24
0
 def fix_acl_crontab(self, element):
     message = t("#Reapply ACL periodically to prevent wordpress like auto update errors.")
     if not files.contains('/etc/crontab', self.RESTORE_OWNERSHIP):
         files.append('/etc/crontab', "\n" + message + "\n" + self.RESTORE_OWNERSHIP + "\n")
示例#25
0
 def fix_ses_open(self, element):
     with open(files.get_rel_path("data/pam_script_ses_open.py")) as f:
         content = f.read()
         if not files.contains(element['name'], content):
             files.create(element['name'], content)
示例#26
0
 def check_group_allow(self, element):
     is_ok = True
     if CONFIG.is_set('site','ldap_dev_team'):
         is_ok &= files.contains(element['name'], '%s' % CONF_MAP('site','ldap_dev_team'))
     is_ok &= files.contains(element['name'], '"domain admins"')
     return is_ok
示例#27
0
if __name__ == '__main__':

    site_name = "${site_name}"
    site_path = "${site_path}"
    ldap_group = "${ldap_group}"
    ldap_dev_team = CONF_MAP('site','ldap_dev_team')
    unix_group = "${unix_group}"
    pam_user = os.getenv('PAM_USER')
    site_home_path = "/home/%s/%s" % (pam_user, site_name)

    is_member = False
    if ldap_group:
        is_member |= ldap.is_member_of(pam_user,ldap_group)

    if ldap_dev_team:
        is_member |= ldap.is_member_of(pam_user,ldap_dev_team,'')
        #L.info("%s, is_member:%s of %s" % (pam_user,is_member,ldap_dev_team))

    if unix_group:
        is_member |= unix.is_member_of(pam_user,unix_group)

    if is_member:
        files.mkdir(site_home_path)
        files.chown(site_home_path)
        cmd_list = [
            'mount --bind %s %s' % (site_path, site_home_path),
        ]

        if not files.contains("/proc/mounts", site_home_path):
            core.exec_cmd_list(cmd_list)
示例#28
0
 def check_centrify_conf(self, element):
     is_ok = True
     if CONF_MAP('centrify', 'pam_allow_enabled'):
         is_ok &= files.contains(element['name'], '\npam.allow.users: file:/etc/centrifydc/users.allow\n')
         is_ok &= files.contains(element['name'], '\npam.allow.groups: file:/etc/centrifydc/groups.allow\n')
     return is_ok
示例#29
0
 def fix_perm_cron(self, element):
     if not files.contains(element['name'], self.cron_acl_sudo):
         files.create(element['name'], self.cron_acl_sudo)
     files.chmod(element['name'], u='rx',g='rx',o='rx')
示例#30
0
 def fix_sudoers(self, element):
     if not files.contains(element['name'], '%domain\ admins ALL=(ALL) ALL'):
         files.append(element['name'], '%domain\ admins ALL=(ALL) ALL')
     files.chmod(element['name'], **element['perm'])