Skip to content
Snippets Groups Projects
Commit 3b1292db0572 authored by jfp's avatar jfp
Browse files

Fix class 05, don't get all_users at import time

parent f189a61c23d2
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 38 additions and 5 deletions
secrules/rules05.py
+ 38
5
View file @ 3b1292db
......@@ -2,5 +2,4 @@
__version__ = '1.0'
from .common import level_rule
import os, os.path
from ovms.rtl import lib
......@@ -6,4 +5,4 @@
from ovms.rtl import lib
from ovms import syidef, uaidef, prvdef, dvidef, ossdef
from ovms import syidef, uaidef
from ovms import user
from ovms import starlet
......@@ -8,6 +7,4 @@
from ovms import user
from ovms import starlet
from ovms import itemList
from ovms import crtl
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
......@@ -12,6 +9,6 @@
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
all_users = user.all_users()
all_users = None
def cmp(a, b):
......@@ -26,8 +23,9 @@
prematurely abort the system login sequence. This may prevent certain
procedures from being executed during login which may be required for this
site."""
global all_users
if not fmt:
print('Rule 0501', file=fo)
print('=========', file=fo)
......@@ -29,8 +27,11 @@
if not fmt:
print('Rule 0501', file=fo)
print('=========', file=fo)
if all_users is None:
all_users = user.all_users()
for u in list(all_users.values()):
if not (u.flags & uaidef.UAI_M_DISCTLY):
if fmt:
......@@ -46,6 +47,10 @@
This allows these accounts to change the default Command Language Interpreter
(CLI ) or CLI tables which may have undesirable consequences.
It may also allow these accounts to avert any security monitoring during use."""
global all_users
if all_users is None:
all_users = user.all_users()
if not fmt:
print('', file=fo)
......@@ -68,6 +73,10 @@
it be assigned a system level UIC. In addition, it is recommended that a
user of a captive account not be allowed to change the password for that
account -- The LOCKPWD flag should be set."""
global all_users
if all_users is None:
all_users = user.all_users()
if not fmt:
print('', file=fo)
......@@ -93,6 +102,10 @@
it be assigned a system level UIC. In addition, its PRCLM quota should be
set to zero in order to prevent such a user to spawn out of the restricted
environment."""
global all_users
if all_users is None:
all_users = user.all_users()
if not fmt:
print('', file=fo)
......@@ -118,6 +131,10 @@
these accounts are inactive and, therefore, may be unnecessary. They also
present a potential security risk in that unauthorized users may attempt to
gain access to the system using these accounts."""
global all_users
if all_users is None:
all_users = user.all_users()
if not fmt:
print('', file=fo)
......@@ -143,6 +160,10 @@
Stale accounts can present opportunities to penetrate the system.
These may be stale accounts which are no longer needed. They may also be
utilized as a means to gain unauthorized access to the system."""
global all_users
if all_users is None:
all_users = user.all_users()
if not fmt:
print('', file=fo)
......@@ -169,6 +190,10 @@
Improperly defined and maintained user accounts presents opportunities
to penetrate the system, thus giving an unauthorized user access to the system
resources."""
global all_users
if all_users is None:
all_users = user.all_users()
if not fmt:
print('', file=fo)
......@@ -190,6 +215,10 @@
Improperly defined and maintained user accounts present opportunities
to penetrate the system, thus giving an unauthorized user access to the system
resources."""
global all_users
if all_users is None:
all_users = user.all_users()
if not fmt:
print('', file=fo)
......@@ -214,6 +243,10 @@
of the site. Improperly defined Login related SYSGEN parameters can result
in the compromise of the operating system environment, and compromise the
confidentiality of customer data."""
global all_users
if all_users is None:
all_users = user.all_users()
if not fmt:
print('', file=fo)
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment