Class: Installation::SecuritySettings
- Inherits:
-
Object
- Object
- Installation::SecuritySettings
- Includes:
- Yast::I18n, Yast::Logger
- Defined in:
- src/lib/installation/security_settings.rb
Overview
Class that stores the security proposal settings during installation.
Instance Attribute Summary collapse
-
#default_zone ⇒ Object
[String] Name of the default zone where perform the changes.
-
#enable_firewall ⇒ Object
[Boolean] Whether the firewalld service will be enable.
-
#enable_sshd ⇒ Object
[Boolean] Whether the sshd service will be enable.
-
#open_ssh ⇒ Object
[Boolean] Whether the ssh port will be opened.
-
#open_vnc ⇒ Object
[Boolean] Whether the vnc port will be opened.
-
#polkit_default_privileges ⇒ Object
[String, nil] Setting for policy kit default privileges For more info see /etc/sysconfig/security#POLKIT_DEFAULT_PRIVS.
Class Method Summary collapse
-
.create_instance ⇒ Object
Enforce a new clean instance.
-
.instance ⇒ Object
Singleton instance.
- .run ⇒ Object
Instance Method Summary collapse
-
#access_problem? ⇒ Boolean
Return whether the current settings could be a problem for the user to login.
-
#close_ssh! ⇒ Object
Set the ssh port to be closed.
-
#close_vnc! ⇒ Object
Set the vnc port to be closed.
-
#disable_firewall! ⇒ Object
Remove the firewalld package from being installed and sets the firewalld service to be disabled.
-
#disable_sshd! ⇒ Object
Remove the openssh package from being installed and sets the sshd service to be disabled.
-
#enable_firewall! ⇒ Object
Add the firewall package to be installed and sets the firewalld service to be enabled.
-
#enable_sshd! ⇒ Object
Add the openssh package to be installed and sets the sshd service to be enabled.
- #human_polkit_privileges ⇒ Object
-
#initialize ⇒ SecuritySettings
constructor
Constructor.
-
#load_features ⇒ Object
Load the default values defined in the control file.
-
#lsm_config ⇒ Y2Security::LSM::Config
The LSM config handler.
-
#open_ssh! ⇒ Object
Set the ssh port to be opened.
-
#open_vnc! ⇒ Object
Set the vnc port to be opened.
-
#propose_lsm_config ⇒ Object
When Linux Security Module is declared as configurable and there is no Module selected yet it will select the desired LSM and the needed patterns for it accordingly.
Constructor Details
#initialize ⇒ SecuritySettings
Constructor
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'src/lib/installation/security_settings.rb', line 45 def initialize textdomain "installation" Yast.import "PackagesProposal" Yast.import "ProductFeatures" Yast.import "Linuxrc" load_features enable_firewall! if @enable_firewall enable_sshd! if wanted_enable_sshd? open_ssh! if wanted_open_ssh? open_vnc! if wanted_open_vnc? propose_lsm_config # FIXME: obtain from Y2Firewall::Firewalld, control file or allow to # chose a different one in the proposal @default_zone = "public" end |
Instance Attribute Details
#default_zone ⇒ Object
[String] Name of the default zone where perform the changes
39 40 41 |
# File 'src/lib/installation/security_settings.rb', line 39 def default_zone @default_zone end |
#enable_firewall ⇒ Object
[Boolean] Whether the firewalld service will be enable
31 32 33 |
# File 'src/lib/installation/security_settings.rb', line 31 def enable_firewall @enable_firewall end |
#enable_sshd ⇒ Object
[Boolean] Whether the sshd service will be enable
33 34 35 |
# File 'src/lib/installation/security_settings.rb', line 33 def enable_sshd @enable_sshd end |
#open_ssh ⇒ Object
[Boolean] Whether the ssh port will be opened
35 36 37 |
# File 'src/lib/installation/security_settings.rb', line 35 def open_ssh @open_ssh end |
#open_vnc ⇒ Object
[Boolean] Whether the vnc port will be opened
37 38 39 |
# File 'src/lib/installation/security_settings.rb', line 37 def open_vnc @open_vnc end |
#polkit_default_privileges ⇒ Object
[String, nil] Setting for policy kit default privileges For more info see /etc/sysconfig/security#POLKIT_DEFAULT_PRIVS
42 43 44 |
# File 'src/lib/installation/security_settings.rb', line 42 def polkit_default_privileges @polkit_default_privileges end |
Class Method Details
.create_instance ⇒ Object
Enforce a new clean instance
231 232 233 |
# File 'src/lib/installation/security_settings.rb', line 231 def create_instance @instance = new end |
.instance ⇒ Object
Singleton instance
225 226 227 228 |
# File 'src/lib/installation/security_settings.rb', line 225 def instance create_instance unless @instance @instance end |
.run ⇒ Object
220 221 222 |
# File 'src/lib/installation/security_settings.rb', line 220 def run instance.run end |
Instance Method Details
#access_problem? ⇒ Boolean
Return whether the current settings could be a problem for the user to login
145 146 147 148 149 150 151 152 153 154 |
# File 'src/lib/installation/security_settings.rb', line 145 def access_problem? # public key is not the only way return false unless only_public_key_auth # without running sshd it is useless return true unless @enable_sshd # firewall is up and port for ssh is not open @enable_firewall && !@open_ssh end |
#close_ssh! ⇒ Object
Set the ssh port to be closed
123 124 125 126 |
# File 'src/lib/installation/security_settings.rb', line 123 def close_ssh! log.info "Opening SSH port" self.open_ssh = false end |
#close_vnc! ⇒ Object
Set the vnc port to be closed
135 136 137 138 |
# File 'src/lib/installation/security_settings.rb', line 135 def close_vnc! log.info "Close VNC port" self.open_vnc = false end |
#disable_firewall! ⇒ Object
Remove the firewalld package from being installed and sets the firewalld service to be disabled
94 95 96 97 98 |
# File 'src/lib/installation/security_settings.rb', line 94 def disable_firewall! Yast::PackagesProposal.RemoveResolvables("firewall", :package, ["firewalld"]) log.info "Disabling Firewall" self.enable_firewall = false end |
#disable_sshd! ⇒ Object
Remove the openssh package from being installed and sets the sshd service to be disabled
110 111 112 113 114 |
# File 'src/lib/installation/security_settings.rb', line 110 def disable_sshd! Yast::PackagesProposal.RemoveResolvables("firewall", :package, ["openssh"]) log.info "Disabling SSHD" self.enable_sshd = false end |
#enable_firewall! ⇒ Object
Add the firewall package to be installed and sets the firewalld service to be enabled
85 86 87 88 89 90 |
# File 'src/lib/installation/security_settings.rb', line 85 def enable_firewall! Yast::PackagesProposal.AddResolvables("firewall", :package, ["firewalld"]) log.info "Enabling Firewall" self.enable_firewall = true end |
#enable_sshd! ⇒ Object
Add the openssh package to be installed and sets the sshd service to be enabled
102 103 104 105 106 |
# File 'src/lib/installation/security_settings.rb', line 102 def enable_sshd! Yast::PackagesProposal.AddResolvables("firewall", :package, ["openssh"]) log.info "Enabling SSHD" self.enable_sshd = true end |
#human_polkit_privileges ⇒ Object
156 157 158 159 160 161 162 163 164 165 |
# File 'src/lib/installation/security_settings.rb', line 156 def human_polkit_privileges { "" => _("Default"), # TRANSLATORS: restrictive in sense the most restrictive policy "restrictive" => _("Restrictive"), "standard" => _("Standard"), # TRANSLATORS: easy in sense the least restrictive policy "easy" => _("Easy") } end |
#load_features ⇒ Object
Load the default values defined in the control file
63 64 65 66 67 68 |
# File 'src/lib/installation/security_settings.rb', line 63 def load_features load_feature(:enable_firewall, :enable_firewall) load_feature(:firewall_enable_ssh, :open_ssh) load_feature(:enable_sshd, :enable_sshd) load_feature(:polkit_default_privs, :polkit_default_privileges) end |
#lsm_config ⇒ Y2Security::LSM::Config
Returns the LSM config handler.
168 169 170 |
# File 'src/lib/installation/security_settings.rb', line 168 def lsm_config Y2Security::LSM::Config.instance end |
#open_ssh! ⇒ Object
Set the ssh port to be opened
117 118 119 120 |
# File 'src/lib/installation/security_settings.rb', line 117 def open_ssh! log.info "Opening SSH port" self.open_ssh = true end |
#open_vnc! ⇒ Object
Set the vnc port to be opened
129 130 131 132 |
# File 'src/lib/installation/security_settings.rb', line 129 def open_vnc! log.info "Close VNC port" self.open_vnc = true end |
#propose_lsm_config ⇒ Object
When Linux Security Module is declared as configurable and there is no Module selected yet it will select the desired LSM and the needed patterns for it accordingly
72 73 74 75 76 77 78 79 |
# File 'src/lib/installation/security_settings.rb', line 72 def propose_lsm_config return unless lsm_config.configurable? return if lsm_config.selected lsm_config.propose_default # It will be set even if the proposal is not shown (e.g. configurable but not selectable) Yast::PackagesProposal.SetResolvables("LSM", :pattern, lsm_config.needed_patterns) end |