bootstrap-vz/bootstrapvz/common/tasks/security.py

from base import Task
from common import phases
import os.path


class EnableShadowConfig(Task):
	description = 'Enabling shadowconfig'
	phase = phases.system_modification

	@classmethod
	def run(cls, info):
		from common.tools import log_check_call
		log_check_call(['chroot', info.root, 'shadowconfig', 'on'])


class DisableSSHPasswordAuthentication(Task):
	description = 'Disabling SSH password authentication'
	phase = phases.system_modification

	@classmethod
	def run(cls, info):
		from common.tools import sed_i
		sshd_config_path = os.path.join(info.root, 'etc/ssh/sshd_config')
		sed_i(sshd_config_path, '^#PasswordAuthentication yes', 'PasswordAuthentication no')


class DisableSSHDNSLookup(Task):
	description = 'Disabling sshd remote host name lookup'
	phase = phases.system_modification

	@classmethod
	def run(cls, info):
		sshd_config_path = os.path.join(info.root, 'etc/ssh/sshd_config')
		with open(sshd_config_path, 'a') as sshd_config:
			sshd_config.write('UseDNS no')
Implement security tasks + minor fixes 2013-07-01 23:41:22 +02:00			`from base import Task`
			`from common import phases`
			`import os.path`


			`class EnableShadowConfig(Task):`
			`description = 'Enabling shadowconfig'`
			`phase = phases.system_modification`

Don't instantiate tasks In practice they are just typed functions with attributes, having a reference to an object is just confusing. So: Task.run() is now a classmethod 2014-01-05 15:57:11 +01:00			`@classmethod`
			`def run(cls, info):`
Implement security tasks + minor fixes 2013-07-01 23:41:22 +02:00			`from common.tools import log_check_call`
Rely on $PATH to resolve commands. Fixes #12 2014-02-23 22:16:10 +01:00			`log_check_call(['chroot', info.root, 'shadowconfig', 'on'])`
Implement security tasks + minor fixes 2013-07-01 23:41:22 +02:00

			`class DisableSSHPasswordAuthentication(Task):`
			`description = 'Disabling SSH password authentication'`
			`phase = phases.system_modification`

Don't instantiate tasks In practice they are just typed functions with attributes, having a reference to an object is just confusing. So: Task.run() is now a classmethod 2014-01-05 15:57:11 +01:00			`@classmethod`
			`def run(cls, info):`
Implement security tasks + minor fixes 2013-07-01 23:41:22 +02:00			`from common.tools import sed_i`
			`sshd_config_path = os.path.join(info.root, 'etc/ssh/sshd_config')`
			`sed_i(sshd_config_path, '^#PasswordAuthentication yes', 'PasswordAuthentication no')`


			`class DisableSSHDNSLookup(Task):`
			`description = 'Disabling sshd remote host name lookup'`
			`phase = phases.system_modification`

Don't instantiate tasks In practice they are just typed functions with attributes, having a reference to an object is just confusing. So: Task.run() is now a classmethod 2014-01-05 15:57:11 +01:00			`@classmethod`
			`def run(cls, info):`
Implement security tasks + minor fixes 2013-07-01 23:41:22 +02:00			`sshd_config_path = os.path.join(info.root, 'etc/ssh/sshd_config')`
			`with open(sshd_config_path, 'a') as sshd_config:`
			`sshd_config.write('UseDNS no')`