!332 新增基线扫描项'05加密算法为sm3'

Merge pull request !332 from a-alpha/alpha-dev
2023-11-16 07:24:44 +00:00 · 2023-11-16 07:24:44 +00:00 · c0bbeba806
parent d1b5653474 44d832fb06
commit c0bbeba806
2 changed files with 108 additions and 0 deletions
--- a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/5/05加密算法为sm3.py
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/5/05加密算法为sm3.py
@ -0,0 +1,86 @@
+
+import os
+import sys
+import dbus
+import subprocess
+
+arg_lang = ""
+
+################################
+# 常量
+
+# for get_env_lang()
+STR_GET_ENV_LANG_ZH     = "语言环境为中文"
+STR_GET_ENV_LANG_EN     = "语言环境为英文"
+STR_GET_ENV_LANG_UNKNOW = "语言环境未知"
+
+# for is_root()
+STR_IS_ROOT_TRUE  = "当前用户为root权限"
+STR_IS_ROOT_FALSE = "当前用户没有root权限"
+word = 'ENCRYPT_METHOD = sm3'
+
+# mode of firewall
+KSC_FIREWALL_ALL_MODE   = 0
+KSC_FIREWALL_PUBLIC     = 1
+KSC_FIREWALL_PRIVATE    = 2
+KSC_FIREWALL_OFF        = 3
+KSC_FIREWALL_TAKE_OVER  = 4
+
+
+################################
+# 环境检查函数
+
+def get_env_lang():
+#    lang = os.getenv("LANG")
+#    if lang.startswith("zh"):
+#        return STR_GET_ENV_LANG_ZH
+#    elif lang.startswith("en"):
+#        return STR_GET_ENV_LANG_EN
+#    else:
+#        return STR_GET_ENV_LANG_UNKNOW
+#
+    if arg_lang == "zh":
+        return STR_GET_ENV_LANG_ZH
+    elif arg_lang == "en":
+        return STR_GET_ENV_LANG_EN
+    else:
+        return STR_GET_ENV_LANG_UNKNOW
+
+
+
+################################
+# 辅助函数
+def l_print(zh_str, en_str) :
+    if STR_GET_ENV_LANG_ZH == get_env_lang() :
+        print(zh_str);
+    else :
+        print(en_str);
+
+
+################################
+# 功能函数
+def check_logindefs_sm3():
+    mode = 0
+
+    try:
+        cmd = 'cat /etc/login.defs | grep ENCRYPT_METHOD '
+        args = ['/usr/bin/cat' , '/etc/login.defs']
+        sudoers = subprocess.Popen(args,stdout=subprocess.PIPE)
+        if word  in sudoers.stdout.read().decode():
+            l_print("[OK] ENCRYPT_METHOD 符合标准 ",
+                    "[OK] ENCRYPT_METHOD = sm3 ")
+        else:
+            l_print("[ERROR] ENCRYPT_METHOD 不符合标准",
+                    "[ERROR] ENCRYPT_METHOD =error")
+    except:
+        l_print("[WARNING] 无配置",
+                "[WARNING] ENCRYPT_METHOD = no")
+################################
+# main
+if __name__ == "__main__" :
+    if len(sys.argv)>1:
+        arg_lang = sys.argv[1]
+    else:
+        arg_lang = 'zh'
+    check_logindefs_sm3()
+    exit(0)
--- a/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/5/05加密算法为sm3.yaml
+++ b/data/BaseLine/LocalServices/TestingDepartmentPrivateUseCases/5/05加密算法为sm3.yaml
@ -0,0 +1,22 @@
+FormatVer: 20230623
+Id: check_logindefs_sm3
+Belong: baseline
+SiteInfo:
+    Name: 05加密算法为sm3
+Power : "root"
+SiteRequests:
+    Implement:
+        ImArray:
+            - Inter : python3
+              InterArgs :
+              Exec : 05加密算法为sm3.py
+              Args :
+        Inter:
+            - "[ERROR]"
+        Condition: None
+RepairArgs:
+    - Inter : python3
+      InterArgs :
+      Exec :
+      Args :
+      RepairPower: #root # root权限或者普通用户权限