1
# Copyright 2016 Canonical Limited.
3
# This file is part of charm-helpers.
5
# charm-helpers is free software: you can redistribute it and/or modify
6
# it under the terms of the GNU Lesser General Public License version 3 as
7
# published by the Free Software Foundation.
9
# charm-helpers is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU Lesser General Public License for more details.
14
# You should have received a copy of the GNU Lesser General Public License
15
# along with charm-helpers. If not, see <http://www.gnu.org/licenses/>.
17
from __future__ import absolute_import # required for external apt import
18
from apt import apt_pkg
19
from six import string_types
21
from charmhelpers.fetch import (
25
from charmhelpers.core.hookenv import (
30
from charmhelpers.contrib.hardening.audits import BaseAudit
33
class AptConfig(BaseAudit):
35
def __init__(self, config, **kwargs):
38
def verify_config(self):
40
for cfg in self.config:
41
value = apt_pkg.config.get(cfg['key'], cfg.get('default', ''))
42
if value and value != cfg['expected']:
43
log("APT config '%s' has unexpected value '%s' "
45
(cfg['key'], value, cfg['expected']), level=WARNING)
47
def ensure_compliance(self):
51
class RestrictedPackages(BaseAudit):
52
"""Class used to audit restricted packages on the system."""
54
def __init__(self, pkgs, **kwargs):
55
super(RestrictedPackages, self).__init__(**kwargs)
56
if isinstance(pkgs, string_types) or not hasattr(pkgs, '__iter__'):
61
def ensure_compliance(self):
69
if not self.is_virtual_package(pkg):
70
if not pkg.current_ver:
71
log("Package '%s' is not installed." % pkg.name,
75
log("Restricted package '%s' is installed" % pkg.name,
77
self.delete_package(cache, pkg)
79
log("Checking restricted virtual package '%s' provides" %
80
pkg.name, level=DEBUG)
81
self.delete_package(cache, pkg)
83
def delete_package(self, cache, pkg):
84
"""Deletes the package from the system.
86
Deletes the package form the system, properly handling virtual
89
:param cache: the apt cache
90
:param pkg: the package to remove
92
if self.is_virtual_package(pkg):
93
log("Package '%s' appears to be virtual - purging provides" %
94
pkg.name, level=DEBUG)
95
for _p in pkg.provides_list:
96
self.delete_package(cache, _p[2].parent_pkg)
97
elif not pkg.current_ver:
98
log("Package '%s' not installed" % pkg.name, level=DEBUG)
101
log("Purging package '%s'" % pkg.name, level=DEBUG)
104
def is_virtual_package(self, pkg):
105
return pkg.has_provides and not pkg.has_versions