本文整理匯總了Python中charmhelpers.contrib.hardening.audits.file.NoSUIDSGIDAudit方法的典型用法代碼示例。如果您正苦於以下問題:Python file.NoSUIDSGIDAudit方法的具體用法?Python file.NoSUIDSGIDAudit怎麽用?Python file.NoSUIDSGIDAudit使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類charmhelpers.contrib.hardening.audits.file的用法示例。
在下文中一共展示了file.NoSUIDSGIDAudit方法的4個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: get_audits
# 需要導入模塊: from charmhelpers.contrib.hardening.audits import file [as 別名]
# 或者: from charmhelpers.contrib.hardening.audits.file import NoSUIDSGIDAudit [as 別名]
def get_audits():
"""Get OS hardening suid/sgid audits.
:returns: dictionary of audits
"""
checks = []
settings = utils.get_settings('os')
if not settings['security']['suid_sgid_enforce']:
log("Skipping suid/sgid hardening", level=INFO)
return checks
# Build the blacklist and whitelist of files for suid/sgid checks.
# There are a total of 4 lists:
# 1. the system blacklist
# 2. the system whitelist
# 3. the user blacklist
# 4. the user whitelist
#
# The blacklist is the set of paths which should NOT have the suid/sgid bit
# set and the whitelist is the set of paths which MAY have the suid/sgid
# bit setl. The user whitelist/blacklist effectively override the system
# whitelist/blacklist.
u_b = settings['security']['suid_sgid_blacklist']
u_w = settings['security']['suid_sgid_whitelist']
blacklist = set(BLACKLIST) - set(u_w + u_b)
whitelist = set(WHITELIST) - set(u_b + u_w)
checks.append(NoSUIDSGIDAudit(blacklist))
dry_run = settings['security']['suid_sgid_dry_run_on_unknown']
if settings['security']['suid_sgid_remove_from_unknown'] or dry_run:
# If the policy is a dry_run (e.g. complain only) or remove unknown
# suid/sgid bits then find all of the paths which have the suid/sgid
# bit set and then remove the whitelisted paths.
root_path = settings['environment']['root_path']
unknown_paths = find_paths_with_suid_sgid(root_path) - set(whitelist)
checks.append(NoSUIDSGIDAudit(unknown_paths, unless=dry_run))
return checks 示例2: test_is_compliant
# 需要導入模塊: from charmhelpers.contrib.hardening.audits import file [as 別名]
# 或者: from charmhelpers.contrib.hardening.audits.file import NoSUIDSGIDAudit [as 別名]
def test_is_compliant(self, mock_get_stat):
mock_get_stat.return_value = EasyMock({'st_mode': 0o0644,
'st_uid': 0,
'st_gid': 0})
audit = file.NoSUIDSGIDAudit('/foo/bar')
compliant = audit.is_compliant('/foo/bar')
self.assertTrue(compliant) 示例3: test_is_noncompliant
# 需要導入模塊: from charmhelpers.contrib.hardening.audits import file [as 別名]
# 或者: from charmhelpers.contrib.hardening.audits.file import NoSUIDSGIDAudit [as 別名]
def test_is_noncompliant(self, mock_get_stat):
mock_get_stat.return_value = EasyMock({'st_mode': 0o6644,
'st_uid': 0,
'st_gid': 0})
audit = file.NoSUIDSGIDAudit('/foo/bar')
compliant = audit.is_compliant('/foo/bar')
self.assertFalse(compliant) 示例4: test_comply
# 需要導入模塊: from charmhelpers.contrib.hardening.audits import file [as 別名]
# 或者: from charmhelpers.contrib.hardening.audits.file import NoSUIDSGIDAudit [as 別名]
def test_comply(self, mock_check_output, mock_log):
audit = file.NoSUIDSGIDAudit('/foo/bar')
audit.comply('/foo/bar')
mock_check_output.assert_has_calls([call(['chmod', '-s', '/foo/bar'])])
self.assertTrue(mock_log.called)