Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
S
secrules
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Container registry
Model registry
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
OpenVMS
tools
secrules
Commits
1cdce16e9f0a
Commit
1cdce16e9f0a
authored
5 years ago
by
Jean-Francois Pieronne
Browse files
Options
Downloads
Patches
Plain Diff
secrules/rules02.py initial version
parent
b98ab0debca9
No related branches found
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
secrules/rules02.py
+70
-0
70 additions, 0 deletions
secrules/rules02.py
with
70 additions
and
0 deletions
secrules/rules02.py
0 → 100644
+
70
−
0
View file @
1cdce16e
# -*- coding: iso-8859-1 -*-
__version__
=
'
1.0
'
from
common
import
level_rule
import
os
,
os
.
path
from
vms.rtl
import
lib
from
vms
import
syidef
,
uaidef
,
prvdef
,
dvidef
,
ossdef
,
ssdef
from
vms
import
user
from
vms
import
starlet
from
vms
import
itemList
from
vms
import
crtl
from
FindFile
import
FindFile
@level_rule
(
2
)
def
rule0201
(
fo
,
fmt
):
"""
Improper system file access could result in the compromise of
the operating system environment, and compromise the confidentiality
of customer data. The files listed are accessible by non-privileged
users as indicated. This allows non-privileged users to read, execute,
modify, or delete the files. Users can gain access using an ACL granted
to the user, the privilege of the user, or the UIC protection on the file.
"""
if
not
fmt
:
print
>>
fo
print
>>
fo
,
'
Rule 0201
'
print
>>
fo
,
'
=========
'
with
FindFile
(
'
SYS$SYSROOT:[000000...]*.*
'
)
as
fi
:
for
fn
in
fi
:
it
=
[
itemList
.
itemList
(
code
=
ossdef
.
OSS__PROTECTION
,
dtype
=
itemList
.
il_unsignedWord
),]
sec
=
starlet
.
get_security
(
objnam
=
fn
,
clsnam
=
'
FILE
'
,
itmlst
=
it
)[
1
][
ossdef
.
OSS__PROTECTION
]
if
not
((
sec
&
0x8000
)
and
(
sec
&
0x2000
)):
if
fmt
:
print
>>
fo
,
'
0201¨2¨
'
,
fn
else
:
print
>>
fo
,
fn
print
>>
fo
,
'
'
*
10
,
lib
.
format_sogw_prot
(
sec
)[
1
]
@level_rule
(
3
)
def
rule0202
(
fo
,
fmt
):
"""
Improper system file access could result in the compromise of the
operating system environment, and compromise the confidentiality of customer
data. The listed files are accessible by privileged users as indicated.
This allows privileged users to read, execute, modify, or delete the files.
Users can gain access using an ACL granted to the user, the privilege of the
user, or the UIC protection on the file.
"""
if
not
fmt
:
print
>>
fo
print
>>
fo
,
'
Rule 0202
'
print
>>
fo
,
'
=========
'
with
FindFile
(
'
SYS$SYSROOT:[000000...]*.*
'
)
as
fi
:
for
fn
in
fi
:
it
=
[
itemList
.
itemList
(
code
=
ossdef
.
OSS__PROTECTION
,
dtype
=
itemList
.
il_unsignedWord
),]
sec
=
starlet
.
get_security
(
objnam
=
fn
,
clsnam
=
'
FILE
'
,
itmlst
=
it
)[
1
][
ossdef
.
OSS__PROTECTION
]
if
not
((
sec
&
0x800
)
and
(
sec
&
0x200
)):
if
fmt
:
print
>>
fo
,
'
0202¨3¨
'
,
fn
else
:
print
>>
fo
,
fn
print
>>
fo
,
'
'
*
10
,
lib
.
format_sogw_prot
(
sec
)[
1
]
if
__name__
==
'
__main__
'
:
import
sys
fo
=
open
(
sys
.
argv
[
1
],
'
w
'
)
if
len
(
sys
.
argv
)
>
1
else
sys
.
stdout
rule0201
(
fo
,
len
(
sys
.
argv
)
>
2
)
rule0202
(
fo
,
len
(
sys
.
argv
)
>
2
)
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
