import ops import ops.cmd import ops.env import ops.cmd.safetychecks OpsCommandException = ops.cmd.OpsCommandException VALID_OPTIONS = ['status', 'on', 'off', 'disable', 'force'] class AuditCommand(ops.cmd.DszCommand, ): optgroups = {'main': ['status', 'on', 'off', 'disable']} reqgroups = ['main'] reqopts = [] defopts = {} def __init__(self, plugin='audit', **optdict): ops.cmd.DszCommand.__init__(self, plugin, **optdict) def validateInput(self): for opt in self.optdict: if (opt not in VALID_OPTIONS): return False optcounts = {} for req in self.reqgroups: optcounts[req] = 0 for opt in self.optgroups[req]: if (opt in self.optdict): optcounts[req] += 1 if (optcounts['main'] != 1): return False return True def __getDisable(self): if ('disable' in self.optdict): return self.optdict['disable'] else: return None def __setDisable(self, val): if ((val is None) and ('disable' in self.optdict)): del self.optdict['disable'] elif (val in ['all', 'security']): self.optdict['disable'] = val else: raise OpsCommandException(('Invalid value for -disable: %s' % val)) disable = property(__getDisable, __setDisable) def __getForce(self): return (('force' in self.optdict) and self.optdict['force']) def __setForce(self, val): if (((val is None) or (val is False)) and ('force' in self.optdict)): del self.optdict['force'] elif val: self.optdict['force'] = True force = property(__getForce, __setForce) def __getStatus(self): return (('status' in self.optdict) and self.optdict['status']) def __setStatus(self, val): if (((val is None) or (val is False)) and ('status' in self.optdict)): del self.optdict['status'] elif val: self.optdict['status'] = True audit_status = property(__getStatus, __setStatus) def __getOn(self): return (('on' in self.optdict) and self.optdict['on']) def __setOn(self, val): if (((val is None) or (val is False)) and ('on' in self.optdict)): del self.optdict['on'] elif val: self.optdict['on'] = True self.optdict['off'] = False audit_on = property(__getOn, __setOn) def __getOff(self): return (('off' in self.optdict) and self.optdict['off']) def __setOff(self, val): if (((val is None) or (val is False)) and ('off' in self.optdict)): del self.optdict['off'] elif val: self.optdict['off'] = True self.optdict['on'] = False audit_off = property(__getOff, __setOff) def mySafetyCheck(self): good = True msgparts = [] if ((ops.env.get('OPS_NOINJECT').upper() == 'TRUE') and (self.disable is not None)): good = False msgparts.append('OPS_NOINJECT is set to TRUE, you should probably not disable auditing') if (self.force or self.audit_off or self.audit_on): good = False msgparts.append('Altering audit policy in a script is not safe, verify you really want to do that') msg = '' if (len(msgparts) > 0): msg = msgparts[0] for msgpart in msgparts[1:]: msg += ('\n\t' + msgpart) return (good, msg) ops.cmd.command_classes['audit'] = AuditCommand ops.cmd.aliasoptions['audit'] = VALID_OPTIONS ops.cmd.safetychecks.addSafetyHandler('audit', 'ops.cmd.audit.mySafetyCheck')