hcq/openGauss-OM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v5.0.2-la-uos-desktop
openGauss-OM/script/gspylib/inspection/items/os/CheckSshdConfig.py
hangjin2020 a2679f0cf7 om仓迁移
2020-12-16 17:25:24 +08:00

119 lines
5.2 KiB
Python
Raw Permalink Blame History

# -*- coding:utf-8 -*-
# Copyright (c) 2020 Huawei Technologies Co.,Ltd.
#
# openGauss is licensed under Mulan PSL v2.
# You can use this software according to the terms
# and conditions of the Mulan PSL v2.
# You may obtain a copy of Mulan PSL v2 at:
#
# http://license.coscl.org.cn/MulanPSL2
#
# THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS,
# WITHOUT WARRANTIES OF ANY KIND,
# EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
# MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
# See the Mulan PSL v2 for more details.
# ----------------------------------------------------------------------------
import subprocess
from gspylib.inspection.common import SharedFuncs
from gspylib.inspection.common.CheckItem import BaseItem
from gspylib.inspection.common.CheckResult import ResultStatus
from gspylib.common.ErrorCode import ErrorCode
setItem = []
class CheckSshdConfig(BaseItem):
def __init__(self):
super(CheckSshdConfig, self).__init__(self.__class__.__name__)
self.sshdThreshold = {}
def preCheck(self):
self.sshdThreshold = {}
# check the threshold was set correctly
if (not "PasswordAuthentication" in self.threshold.keys()
or not "MaxStartups" in self.threshold.keys()
or not "UseDNS" in self.threshold.keys()
or not "ClientAliveInterval" in self.threshold.keys()):
raise Exception(ErrorCode.GAUSS_530["GAUSS_53013"] % 'threshold')
self.sshdThreshold['PasswordAuthentication'] = self.threshold[
'PasswordAuthentication']
self.sshdThreshold['MaxStartups'] = self.threshold['MaxStartups']
self.sshdThreshold['UseDNS'] = self.threshold['UseDNS']
self.sshdThreshold['ClientAliveInterval'] = self.threshold[
'ClientAliveInterval']
def doCheck(self):
global setItem
flag = "Normal"
resultStr = ""
self.result.raw = ""
WarningItem = ['PasswordAuthentication', 'UseDNS']
for item in self.sshdThreshold.keys():
cmd = "cat /etc/ssh/sshd_config | grep -E %s | grep -v '^#' | " \
"awk '{print $1,$2}'" % item
output = SharedFuncs.runShellCmd(cmd)
self.result.raw += "\n%s" % output
if (item == "ClientAliveInterval"):
if (output == ""):
continue
else:
timeout = int(output.split()[-1])
if (timeout != 0 and timeout < int(
self.sshdThreshold[item])):
flag = "Abnormal"
resultStr += "\nAbnormal reason: %s; expected: %s" % (
output, self.sshdThreshold[item])
setItem.append(output.split()[0])
else:
if (output != ""):
if (str(output.strip()).lower() != str('%s %s' % (
item, self.sshdThreshold[item])).lower()):
if (item in WarningItem):
flag = "Warning"
resultStr += "\nWarning reason: %s; expected: %s" \
% (
output, self.sshdThreshold[item])
else:
flag = "Abnormal"
resultStr += "\nAbnormal reason: %s; expected: " \
"%s" \
% (
output, self.sshdThreshold[item])
setItem.append(output.split()[0])
else:
if (item in WarningItem):
flag = "Warning"
resultStr += "\nWarning reason: " \
"%s parameter is not set; expected: %s" \
% (
item, self.sshdThreshold[item])
else:
flag = "Abnormal"
resultStr += "\nAbnormal reason: " \
"%s parameter is not set; expected: %s" \
% (
item, self.sshdThreshold[item])
setItem.append(output.split()[0])
self.result.val = resultStr
if (flag == "Normal"):
self.result.rst = ResultStatus.OK
elif (flag == "Warning" and len(setItem) == 0):
self.result.rst = ResultStatus.WARNING
else:
self.result.rst = ResultStatus.NG
def doSet(self):
cmd = ""
for item in setItem:
if (item == "MaxStartups"):
cmd += "sed -i '/^MaxStartups/d' /etc/ssh/sshd_config;"
cmd += "echo 'MaxStartups=1000' >> /etc/ssh/sshd_config;"
else:
cmd = "sed -i '/^ClientAliveInterval/d' /etc/ssh/sshd_config;"
cmd += "echo 'ClientAliveInterval 0' >> /etc/ssh/sshd_config;"
cmd += "service sshd restart"
(status, output) = subprocess.getstatusoutput(cmd)
if (status != 0):
self.result.val = "Failed to set SshdConfig. The cmd is %s" % cmd
Reference in New Issue View Git Blame Copy Permalink