!347 新增基线扫描项'66sudo配置中不存在高危命令'

Merge pull request !347 from a-alpha/alpha-dev
2023-11-16 07:31:58 +00:00 · 2023-11-16 07:31:58 +00:00 · a49c73dc54
parent 7d1b8f5185 0554550aaf
commit a49c73dc54
2 changed files with 94 additions and 0 deletions
--- a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/66/66sudo配置中不存在高危命令.py
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/66/66sudo配置中不存在高危命令.py
@ -0,0 +1,72 @@
+
+import os
+import sys
+
+################################
+# 常量
+
+# for get_env_lang()
+STR_GET_ENV_LANG_ZH     = "语言环境为中文"
+STR_GET_ENV_LANG_EN     = "语言环境为英文"
+STR_GET_ENV_LANG_UNKNOW = "语言环境未知"
+
+################################
+# 环境检查函数
+
+def get_env_lang():
+#    lang = os.getenv("LANG")
+#    if lang.startswith("zh"):
+#        return STR_GET_ENV_LANG_ZH
+#    elif lang.startswith("en"):
+#        return STR_GET_ENV_LANG_EN
+#    else:
+#        return STR_GET_ENV_LANG_UNKNOW
+#
+    if arg_lang == "zh":
+        return STR_GET_ENV_LANG_ZH
+    elif arg_lang == "en":
+        return STR_GET_ENV_LANG_EN
+    else:
+        return STR_GET_ENV_LANG_UNKNOW
+
+def is_root():
+    if os.geteuid() == 0:
+        print(STR_IS_ROOT_TRUE)
+        return True
+    else:
+        print(STR_IS_ROOT_FALSE)
+        return False
+
+################################
+# 辅助函数
+def l_print(zh_str, en_str) :
+    if STR_GET_ENV_LANG_ZH == get_env_lang() :
+        print(zh_str);
+    else :
+        print(en_str);
+
+
+################################
+# 功能函数
+def sudo_l():
+
+    output = os.popen('sudo -l 2>&1').read().strip() 
+
+    if "vi"  in output or "chmod"  in output  or "chown"  in output or "cp"  in output or "passwd"  in output or "rm"  in output or "mv"  in output or "useradd"  in output or "groupadd"  in output or "scp"  in output or "modprobe"  in output or "insmod"  in output:
+       l_print("[ERROR] 测试未通过",
+                "[ERROR] fail")
+    else:
+
+       l_print("[OK] 测试通过",
+                 "[OK] pass")
+
+################################
+# main
+if __name__ == "__main__":
+    if len(sys.argv)>1:
+        arg_lang = sys.argv[1]
+    else:
+        arg_lang = 'zh'
+
+    sudo_l()
+    exit(0)
--- a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/66/66sudo配置中不存在高危命令.yaml
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/66/66sudo配置中不存在高危命令.yaml
@ -0,0 +1,22 @@
+FormatVer: 20230623
+Id: sudo_l
+Belong: baseline
+SiteInfo:
+    Name: 66sudo配置中不存在高危命令
+Power : "root"
+SiteRequests:
+    Implement:
+        ImArray:
+            - Inter : python3
+              InterArgs :
+              Exec : 66sudo配置中不存在高危命令.py
+              Args :
+        Inter:
+            - "[ERROR]"
+        Condition: None
+RepairArgs:
+    - Inter : python3
+      InterArgs :
+      Exec :
+      Args :
+      RepairPower: #root # root权限或者普通用户权限