Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
S
secrules
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Deploy
Releases
Container registry
Model registry
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
OpenVMS
tools
secrules
Commits
3b1292db0572
Commit
3b1292db0572
authored
6 months ago
by
jfp
Browse files
Options
Downloads
Patches
Plain Diff
Fix class 05, don't get all_users at import time
parent
f189a61c23d2
Branches
Branches containing commit
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
secrules/rules05.py
+38
-5
38 additions, 5 deletions
secrules/rules05.py
with
38 additions
and
5 deletions
secrules/rules05.py
+
38
−
5
View file @
3b1292db
...
...
@@ -2,5 +2,4 @@
__version__
=
'
1.0
'
from
.common
import
level_rule
import
os
,
os
.
path
from
ovms.rtl
import
lib
...
...
@@ -6,4 +5,4 @@
from
ovms.rtl
import
lib
from
ovms
import
syidef
,
uaidef
,
prvdef
,
dvidef
,
ossdef
from
ovms
import
syidef
,
uaidef
from
ovms
import
user
from
ovms
import
starlet
...
...
@@ -8,6 +7,4 @@
from
ovms
import
user
from
ovms
import
starlet
from
ovms
import
itemList
from
ovms
import
crtl
maxsysgroup
=
lib
.
getsyi
(
syidef
.
SYI__MAXSYSGROUP
)[
1
]
...
...
@@ -12,6 +9,6 @@
maxsysgroup
=
lib
.
getsyi
(
syidef
.
SYI__MAXSYSGROUP
)[
1
]
all_users
=
user
.
all_users
()
all_users
=
None
def
cmp
(
a
,
b
):
...
...
@@ -26,8 +23,9 @@
prematurely abort the system login sequence. This may prevent certain
procedures from being executed during login which may be required for this
site.
"""
global
all_users
if
not
fmt
:
print
(
'
Rule 0501
'
,
file
=
fo
)
print
(
'
=========
'
,
file
=
fo
)
...
...
@@ -29,8 +27,11 @@
if
not
fmt
:
print
(
'
Rule 0501
'
,
file
=
fo
)
print
(
'
=========
'
,
file
=
fo
)
if
all_users
is
None
:
all_users
=
user
.
all_users
()
for
u
in
list
(
all_users
.
values
()):
if
not
(
u
.
flags
&
uaidef
.
UAI_M_DISCTLY
):
if
fmt
:
...
...
@@ -46,6 +47,10 @@
This allows these accounts to change the default Command Language Interpreter
(CLI ) or CLI tables which may have undesirable consequences.
It may also allow these accounts to avert any security monitoring during use.
"""
global
all_users
if
all_users
is
None
:
all_users
=
user
.
all_users
()
if
not
fmt
:
print
(
''
,
file
=
fo
)
...
...
@@ -68,6 +73,10 @@
it be assigned a system level UIC. In addition, it is recommended that a
user of a captive account not be allowed to change the password for that
account -- The LOCKPWD flag should be set.
"""
global
all_users
if
all_users
is
None
:
all_users
=
user
.
all_users
()
if
not
fmt
:
print
(
''
,
file
=
fo
)
...
...
@@ -93,6 +102,10 @@
it be assigned a system level UIC. In addition, its PRCLM quota should be
set to zero in order to prevent such a user to spawn out of the restricted
environment.
"""
global
all_users
if
all_users
is
None
:
all_users
=
user
.
all_users
()
if
not
fmt
:
print
(
''
,
file
=
fo
)
...
...
@@ -118,6 +131,10 @@
these accounts are inactive and, therefore, may be unnecessary. They also
present a potential security risk in that unauthorized users may attempt to
gain access to the system using these accounts.
"""
global
all_users
if
all_users
is
None
:
all_users
=
user
.
all_users
()
if
not
fmt
:
print
(
''
,
file
=
fo
)
...
...
@@ -143,6 +160,10 @@
Stale accounts can present opportunities to penetrate the system.
These may be stale accounts which are no longer needed. They may also be
utilized as a means to gain unauthorized access to the system.
"""
global
all_users
if
all_users
is
None
:
all_users
=
user
.
all_users
()
if
not
fmt
:
print
(
''
,
file
=
fo
)
...
...
@@ -169,6 +190,10 @@
Improperly defined and maintained user accounts presents opportunities
to penetrate the system, thus giving an unauthorized user access to the system
resources.
"""
global
all_users
if
all_users
is
None
:
all_users
=
user
.
all_users
()
if
not
fmt
:
print
(
''
,
file
=
fo
)
...
...
@@ -190,6 +215,10 @@
Improperly defined and maintained user accounts present opportunities
to penetrate the system, thus giving an unauthorized user access to the system
resources.
"""
global
all_users
if
all_users
is
None
:
all_users
=
user
.
all_users
()
if
not
fmt
:
print
(
''
,
file
=
fo
)
...
...
@@ -214,6 +243,10 @@
of the site. Improperly defined Login related SYSGEN parameters can result
in the compromise of the operating system environment, and compromise the
confidentiality of customer data.
"""
global
all_users
if
all_users
is
None
:
all_users
=
user
.
all_users
()
if
not
fmt
:
print
(
''
,
file
=
fo
)
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment