~junaidali/charms/trusty/plumgrid-director/pg-restart

« back to all changes in this revision

Viewing changes to hooks/charmhelpers/contrib/hardening/host/checks/limits.py

Committer: Junaid Ali
Date: 2016-05-01 02:16:59 UTC
Revision ID: junaidali@plumgrid.com-20160501021659-niy7zqw0iy1celyy

update sleep time in restart_pg, changes for make sync

files removed:
hooks/charmhelpers/contrib/ansible

hooks/charmhelpers/contrib/ansible/__init__.py

hooks/charmhelpers/contrib/benchmark

hooks/charmhelpers/contrib/benchmark/__init__.py

hooks/charmhelpers/contrib/charmhelpers

hooks/charmhelpers/contrib/charmhelpers/__init__.py

hooks/charmhelpers/contrib/charmsupport

hooks/charmhelpers/contrib/charmsupport/__init__.py

hooks/charmhelpers/contrib/charmsupport/nrpe.py

hooks/charmhelpers/contrib/charmsupport/volumes.py

hooks/charmhelpers/contrib/database

hooks/charmhelpers/contrib/database/__init__.py

hooks/charmhelpers/contrib/database/mysql.py

hooks/charmhelpers/contrib/hardening

hooks/charmhelpers/contrib/hardening/__init__.py

hooks/charmhelpers/contrib/hardening/apache

hooks/charmhelpers/contrib/hardening/apache/__init__.py

hooks/charmhelpers/contrib/hardening/apache/checks

hooks/charmhelpers/contrib/hardening/apache/checks/__init__.py

hooks/charmhelpers/contrib/hardening/apache/checks/config.py

hooks/charmhelpers/contrib/hardening/audits

hooks/charmhelpers/contrib/hardening/audits/__init__.py

hooks/charmhelpers/contrib/hardening/audits/apache.py

hooks/charmhelpers/contrib/hardening/audits/apt.py

hooks/charmhelpers/contrib/hardening/audits/file.py

hooks/charmhelpers/contrib/hardening/harden.py

hooks/charmhelpers/contrib/hardening/host

hooks/charmhelpers/contrib/hardening/host/__init__.py

hooks/charmhelpers/contrib/hardening/host/checks

hooks/charmhelpers/contrib/hardening/host/checks/__init__.py

hooks/charmhelpers/contrib/hardening/host/checks/apt.py

hooks/charmhelpers/contrib/hardening/host/checks/limits.py

hooks/charmhelpers/contrib/hardening/host/checks/login.py

hooks/charmhelpers/contrib/hardening/host/checks/minimize_access.py

hooks/charmhelpers/contrib/hardening/host/checks/pam.py

hooks/charmhelpers/contrib/hardening/host/checks/profile.py

hooks/charmhelpers/contrib/hardening/host/checks/securetty.py

hooks/charmhelpers/contrib/hardening/host/checks/suid_sgid.py

hooks/charmhelpers/contrib/hardening/host/checks/sysctl.py

hooks/charmhelpers/contrib/hardening/mysql

hooks/charmhelpers/contrib/hardening/mysql/__init__.py

hooks/charmhelpers/contrib/hardening/mysql/checks

hooks/charmhelpers/contrib/hardening/mysql/checks/__init__.py

hooks/charmhelpers/contrib/hardening/mysql/checks/config.py

hooks/charmhelpers/contrib/hardening/ssh

hooks/charmhelpers/contrib/hardening/ssh/__init__.py

hooks/charmhelpers/contrib/hardening/ssh/checks

hooks/charmhelpers/contrib/hardening/ssh/checks/__init__.py

hooks/charmhelpers/contrib/hardening/ssh/checks/config.py

hooks/charmhelpers/contrib/hardening/templating.py

hooks/charmhelpers/contrib/hardening/utils.py

hooks/charmhelpers/contrib/mellanox

hooks/charmhelpers/contrib/mellanox/__init__.py

hooks/charmhelpers/contrib/mellanox/infiniband.py

hooks/charmhelpers/contrib/peerstorage

hooks/charmhelpers/contrib/peerstorage/__init__.py

hooks/charmhelpers/contrib/saltstack

hooks/charmhelpers/contrib/saltstack/__init__.py

hooks/charmhelpers/contrib/ssl

hooks/charmhelpers/contrib/ssl/__init__.py

hooks/charmhelpers/contrib/ssl/service.py

hooks/charmhelpers/contrib/templating

hooks/charmhelpers/contrib/templating/__init__.py

hooks/charmhelpers/contrib/templating/contexts.py

hooks/charmhelpers/contrib/templating/jinja.py

hooks/charmhelpers/contrib/templating/pyformat.py

hooks/charmhelpers/contrib/unison

hooks/charmhelpers/contrib/unison/__init__.py

files modified:
charm-helpers-sync.yaml

hooks/pg_dir_utils.py

unit_tests/test_pg_dir_hooks.py

Show diffs side-by-side

added added

removed removed

hooks/charmhelpers/contrib/hardening/host/checks/limits.py

# This file is part of charm-helpers.

# charm-helpers is free software: you can redistribute it and/or modify

# it under the terms of the GNU Lesser General Public License version 3 as

# published by the Free Software Foundation.

# charm-helpers is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

# GNU Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public License

# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.

from charmhelpers.contrib.hardening.audits.file import (

DirectoryPermissionAudit,

TemplatedFile,

)

from charmhelpers.contrib.hardening.host import TEMPLATES_DIR

from charmhelpers.contrib.hardening import utils

def get_audits():

"""Get OS hardening security limits audits.

:returns: dictionary of audits

"""

audits = []

settings = utils.get_settings('os')

# Ensure that the /etc/security/limits.d directory is only writable

# by the root user, but others can execute and read.

audits.append(DirectoryPermissionAudit('/etc/security/limits.d',

user='root', group='root',

mode=0o755))

# If core dumps are not enabled, then don't allow core dumps to be

# created as they may contain sensitive information.

if not settings['security']['kernel_enable_core_dump']:

audits.append(TemplatedFile('/etc/security/limits.d/10.hardcore.conf',

SecurityLimitsContext(),

template_dir=TEMPLATES_DIR,

user='root', group='root', mode=0o0440))

return audits

class SecurityLimitsContext(object):

def __call__(self):

settings = utils.get_settings('os')

ctxt = {'disable_core_dump':

not settings['security']['kernel_enable_core_dump']}

return ctxt

Older »