本文整理汇总了Python中charmhelpers.contrib.hardening.audits.file.NoSUIDSGIDAudit方法的典型用法代码示例。如果您正苦于以下问题:Python file.NoSUIDSGIDAudit方法的具体用法?Python file.NoSUIDSGIDAudit怎么用?Python file.NoSUIDSGIDAudit使用的例子?那么, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类charmhelpers.contrib.hardening.audits.file
的用法示例。
在下文中一共展示了file.NoSUIDSGIDAudit方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_audits
# 需要导入模块: from charmhelpers.contrib.hardening.audits import file [as 别名]
# 或者: from charmhelpers.contrib.hardening.audits.file import NoSUIDSGIDAudit [as 别名]
def get_audits():
"""Get OS hardening suid/sgid audits.
:returns: dictionary of audits
"""
checks = []
settings = utils.get_settings('os')
if not settings['security']['suid_sgid_enforce']:
log("Skipping suid/sgid hardening", level=INFO)
return checks
# Build the blacklist and whitelist of files for suid/sgid checks.
# There are a total of 4 lists:
# 1. the system blacklist
# 2. the system whitelist
# 3. the user blacklist
# 4. the user whitelist
#
# The blacklist is the set of paths which should NOT have the suid/sgid bit
# set and the whitelist is the set of paths which MAY have the suid/sgid
# bit setl. The user whitelist/blacklist effectively override the system
# whitelist/blacklist.
u_b = settings['security']['suid_sgid_blacklist']
u_w = settings['security']['suid_sgid_whitelist']
blacklist = set(BLACKLIST) - set(u_w + u_b)
whitelist = set(WHITELIST) - set(u_b + u_w)
checks.append(NoSUIDSGIDAudit(blacklist))
dry_run = settings['security']['suid_sgid_dry_run_on_unknown']
if settings['security']['suid_sgid_remove_from_unknown'] or dry_run:
# If the policy is a dry_run (e.g. complain only) or remove unknown
# suid/sgid bits then find all of the paths which have the suid/sgid
# bit set and then remove the whitelisted paths.
root_path = settings['environment']['root_path']
unknown_paths = find_paths_with_suid_sgid(root_path) - set(whitelist)
checks.append(NoSUIDSGIDAudit(unknown_paths, unless=dry_run))
return checks
示例2: test_is_compliant
# 需要导入模块: from charmhelpers.contrib.hardening.audits import file [as 别名]
# 或者: from charmhelpers.contrib.hardening.audits.file import NoSUIDSGIDAudit [as 别名]
def test_is_compliant(self, mock_get_stat):
mock_get_stat.return_value = EasyMock({'st_mode': 0o0644,
'st_uid': 0,
'st_gid': 0})
audit = file.NoSUIDSGIDAudit('/foo/bar')
compliant = audit.is_compliant('/foo/bar')
self.assertTrue(compliant)
示例3: test_is_noncompliant
# 需要导入模块: from charmhelpers.contrib.hardening.audits import file [as 别名]
# 或者: from charmhelpers.contrib.hardening.audits.file import NoSUIDSGIDAudit [as 别名]
def test_is_noncompliant(self, mock_get_stat):
mock_get_stat.return_value = EasyMock({'st_mode': 0o6644,
'st_uid': 0,
'st_gid': 0})
audit = file.NoSUIDSGIDAudit('/foo/bar')
compliant = audit.is_compliant('/foo/bar')
self.assertFalse(compliant)
示例4: test_comply
# 需要导入模块: from charmhelpers.contrib.hardening.audits import file [as 别名]
# 或者: from charmhelpers.contrib.hardening.audits.file import NoSUIDSGIDAudit [as 别名]
def test_comply(self, mock_check_output, mock_log):
audit = file.NoSUIDSGIDAudit('/foo/bar')
audit.comply('/foo/bar')
mock_check_output.assert_has_calls([call(['chmod', '-s', '/foo/bar'])])
self.assertTrue(mock_log.called)