File: create_selinux_booleans.py

package info (click to toggle)
scap-security-guide 0.1.39-2
  • links: PTS, VCS
  • area: main
  • in suites: buster, sid
  • size: 31,836 kB
  • sloc: xml: 129,736; python: 7,462; sh: 3,796; makefile: 27
file content (100 lines) | stat: -rw-r--r-- 3,568 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
#
# create_selinux_booleans.py
#   automatically generate checks for selinux booleans

import sys
import re

from template_common import FilesGenerator, UnknownTargetError


class SEBoolGenerator(FilesGenerator):
    def generate(self, target, sebool_info):
        sebool_name, sebool_state = sebool_info
        # convert variable name to a format suitable for 'id' tags
        sebool_id = re.sub('[-\.]', '_', sebool_name)
        (sebool_state, sebool_bool) = self._bool_state(sebool_state)
        if not sebool_state:
            pass
        else:
            if target == "oval":
                if sebool_state != "use_var":
                    self.file_from_template(
                        "./template_OVAL_sebool",
                        {
                            "%SEBOOLID%": sebool_id,
                            "%SEBOOL_BOOL%": sebool_bool
                        },
                        "./oval/sebool_{0}.xml", sebool_id)
                else:
                    self.file_from_template(
                        "./template_OVAL_sebool_var",
                        {
                            "%SEBOOLID%": sebool_id
                        },
                        "./oval/sebool_{0}.xml", sebool_id
                    )

            elif target == "bash":
                if sebool_state != "use_var":
                    self.file_from_template(
                        "./template_BASH_sebool",
                        {
                            "%SEBOOLID%": sebool_id,
                            "%SEBOOL_BOOL%": sebool_bool
                        },
                        "./bash/sebool_{0}.sh", sebool_id)
                else:
                    self.file_from_template(
                        "./template_BASH_sebool_var",
                        {
                            "%SEBOOLID%": sebool_id
                        },
                        "./bash/sebool_{0}.sh", sebool_id
                    )

            elif target == "ansible":
                if sebool_state != "use_var":
                    self.file_from_template(
                        "./template_ANSIBLE_sebool",
                        {
                            "%SEBOOLID%": sebool_id,
                            "%SEBOOL_BOOL%": sebool_bool
                        },
                        "./ansible/sebool_{0}.yml", sebool_id)
                else:
                    self.file_from_template(
                        "./template_ANSIBLE_sebool_var",
                        {
                            "%SEBOOLID%": sebool_id
                        },
                        "./ansible/sebool_{0}.yml", sebool_id
                    )

            else:
                raise UnknownTargetError(target)

    def csv_format(self):
        return("CSV should contains lines of the format: " +
               "seboolvariable,seboolstate")

    def _bool_state(self, sebool_state):
        sebool = ""
        sebool_state = re.sub(' ', '', sebool_state)

        if sebool_state == "on" or sebool_state == "enable":
            sebool_state = "enabled"
        elif sebool_state == "off" or sebool_state == "disable":
            sebool_state = "disabled"
        elif sebool_state == "use_var" or sebool_state == "":
            pass
        else:
            print("Error: Invalid SELinux state value: %s" % sebool_state)
            sys.exit()

        if sebool_state == "enabled":
            sebool = "true"
        if sebool_state == "disabled":
            sebool = "false"

        return sebool_state, sebool