~peter-sabaini/charm-helpers/bcache-helpers

Viewing changes to charmhelpers/contrib/hardening/ssh/checks/config.py

Committer: David Ames
Date: 2017-03-27 16:46:43 UTC
mfrom: (719.1.5 charm-helpers)
Revision ID: david.ames@canonical.com-20170327164643-ngmy4f1qqiyrxip8

[ajkavanagh, r=thedac] Re-organize alphanumeric comparisons

Allow the use of alphanumeric comparisons *in* charmhelpers
Move BasicStringComparator to charmhelpers.core.strutils
Rename CompareUbuntuReleases to CompareHostReleases

files modified:
charmhelpers/contrib/hardening/ssh/checks/config.py

charmhelpers/contrib/network/ip.py

charmhelpers/contrib/openstack/amulet/utils.py

charmhelpers/contrib/openstack/context.py

charmhelpers/contrib/openstack/neutron.py

charmhelpers/contrib/openstack/utils.py

charmhelpers/core/host.py

charmhelpers/core/host_factory/centos.py

charmhelpers/core/host_factory/ubuntu.py

charmhelpers/core/strutils.py

tests/contrib/openstack/test_os_utils.py

tests/core/test_host.py

tests/core/test_strutils.py

Show diffs side-by-side

added added

removed removed

charmhelpers/contrib/hardening/ssh/checks/config.py

apt_install,

apt_update,

)

from charmhelpers.core.host import lsb_release

from charmhelpers.core.host import (

lsb_release,

CompareHostReleases,

)

from charmhelpers.contrib.hardening.audits.file import (

TemplatedFile,

FileContentAudit,

'weak': default + ',hmac-sha1'}

# Use newer ciphers on Ubuntu Trusty and above

if lsb_release()['DISTRIB_CODENAME'].lower() >= 'trusty':

_release = lsb_release()['DISTRIB_CODENAME'].lower()

if CompareHostReleases(_release) >= 'trusty':

log("Detected Ubuntu 14.04 or newer, using new macs", level=DEBUG)

macs = macs_66

100

'weak': weak}

101

102

# Use newer kex on Ubuntu Trusty and above

if lsb_release()['DISTRIB_CODENAME'].lower() >= 'trusty':

103

_release = lsb_release()['DISTRIB_CODENAME'].lower()

104

if CompareHostReleases(_release) >= 'trusty':

100

105

log('Detected Ubuntu 14.04 or newer, using new key exchange '

101

106

'algorithms', level=DEBUG)

102

107

kex = kex_66

119

124

'weak': default + ',aes256-cbc,aes192-cbc,aes128-cbc'}

120

125

121

126

# Use newer ciphers on ubuntu Trusty and above

122

if lsb_release()['DISTRIB_CODENAME'].lower() >= 'trusty':

127

_release = lsb_release()['DISTRIB_CODENAME'].lower()

128

if CompareHostReleases(_release) >= 'trusty':

123

129

log('Detected Ubuntu 14.04 or newer, using new ciphers',

124

130

level=DEBUG)

125

131

cipher = ciphers_66

291

297

self.fail_cases = []

292

298

settings = utils.get_settings('ssh')

293

299

294

if lsb_release()['DISTRIB_CODENAME'].lower() >= 'trusty':

300

_release = lsb_release()['DISTRIB_CODENAME'].lower()

301

if CompareHostReleases(_release) >= 'trusty':

295

302

if not settings['server']['weak_hmac']:

296

303

self.pass_cases.append(r'^MACs.+,hmac-ripemd160$')

297

304

else:

364

371

self.fail_cases = []

365

372

settings = utils.get_settings('ssh')

366

373

367

if lsb_release()['DISTRIB_CODENAME'].lower() >= 'trusty':

374

_release = lsb_release()['DISTRIB_CODENAME'].lower()

375

if CompareHostReleases(_release) >= 'trusty':

368

376

if not settings['server']['weak_hmac']:

369

377

self.pass_cases.append(r'^MACs.+,hmac-ripemd160$')

370

378

else:

Older »