# HG changeset patch
# User jfp <jf.pieronne@laposte.net>
# Date 1673620773 -3600
# Fri Jan 13 15:39:33 2023 +0100
# Node ID 741ad6f3b6210535e0063495cd46f5216b78ee3c
# Parent 9b8ce9ac0cb4ed51b38df0dc1544ccab2bd95670
Python 3 port, first version
diff --git a/secrules/DeviceScan.py b/secrules/DeviceScan.py
deleted file mode 100644
--- a/secrules/DeviceScan.py
+++ /dev/null
@@ -1,51 +0,0 @@
-from vms import starlet, ssdef
-from vms import dvsdef
-from vms import itemList
-
-
-class DeviceScan(object):
- def __init__(self, search_devnam=None, devclass=None, devtype=None):
- self.search_devnam = search_devnam
- if devclass:
- self.itmlst = [itemList.itemList(code=dvsdef.DVS__DEVCLASS,
- value=devclass),]
- if devtype:
- self.itmlst.append(itemList.itemList(code=dvsdef.DVS__DEVTYPE,
- value=devtype))
- elif devtype:
- self.itmlst = [itemList.itemList(code=dvsdef.DVS__DEVTYPE,
- value=devtype),]
- else:
- self.itmlst = None
- self.contxt = 0
-
- def __enter__(self):
- return self
-
- def __exit__(self, exc_type, exc_value, traceback):
- return
-
- def __iter__(self):
- return self
-
- def __next__(self):
- try:
- s, devnam, self.contxt = \
- starlet.device_scan(self.search_devnam, self.itmlst,
- self.contxt)
- except VMSError, e:
- raise StopIteration if e.errno == ssdef.SS__NOMOREDEV else e
- return devnam
-
- def next(self):
- return self.__next__()
-
-if __name__ == '__main__':
- import sys
- from vms.dcdef import DC__DISK
- with DeviceScan(sys.argv[1]) as idev:
- for devnam in idev:
- print devnam
- print
- for devnam in DeviceScan(sys.argv[1], devclass=DC__DISK):
- print devnam
diff --git a/secrules/DisplayProxy.py b/secrules/DisplayProxy.py
--- a/secrules/DisplayProxy.py
+++ b/secrules/DisplayProxy.py
@@ -1,8 +1,8 @@
-from vms import starlet, ssdef
+from ovms import starlet, ssdef
class DisplayProxy(object):
- def __init__(self, rem_node='*', rem_user='*', flags=0):
+ def __init__(self, rem_node=b'*', rem_user=b'*', flags=0):
self.rem_node = rem_node
self.rem_user = rem_user
self.flags = 0
@@ -31,6 +31,6 @@
if __name__ == '__main__':
with DisplayProxy() as idp:
for dp in idp:
- print dp
+ print(dp)
for dp in DisplayProxy():
- print dp
+ print(dp)
diff --git a/secrules/FindFile.py b/secrules/FindFile.py
deleted file mode 100644
--- a/secrules/FindFile.py
+++ /dev/null
@@ -1,76 +0,0 @@
-from vms import descrip, rmsdef, dvidef, devdef
-from vms.rtl import lib
-import ctypes
-
-
-VMSLIBRTL = "/SYS$COMMON/SYSLIB/LIBRTL.EXE"
-LIBRTL = ctypes.CDLL(VMSLIBRTL)
-vms_find_file = getattr(LIBRTL,"LIB$FIND_FILE")
-vms_find_file_end = getattr(LIBRTL,"LIB$FIND_FILE_END")
-vms_trim_filespec = getattr(LIBRTL,"LIB$TRIM_FILESPEC")
-
-LIB_M_FIL_LONG_NAMES = 4
-NAML_C_MAXRSS = 4095
-
-class FindFile(object):
- def __init__(self, filespec, default_filespec=None,
- flags=LIB_M_FIL_LONG_NAMES):
- self.filespec = ctypes.create_string_buffer(filespec)
- self.default_filespec = None if default_filespec is None else \
- descrip.bydesc(ctypes.create_string_buffer(default_filespec))
- self.resultant_filespec = \
- ctypes.create_string_buffer(NAML_C_MAXRSS + 1)
- self.context = ctypes.c_uint32()
- self.nullArg = ctypes.c_voidp()
- self.flags = ctypes.c_uint(flags)
- self.new_filespec = ctypes.create_string_buffer(NAML_C_MAXRSS + 1)
- self.resultant_length = ctypes.c_uint16()
-
- def __enter__(self):
- return self
-
- def __exit__(self, exc_type, exc_value, traceback):
- s = vms_find_file_end(ctypes.byref(self.context))
-
- def __iter__(self):
- return self
-
- def __next__(self):
- s = vms_find_file(descrip.bydesc(self.filespec),
- descrip.bydesc(self.resultant_filespec),
- ctypes.byref(self.context),
- self.default_filespec,
- self.nullArg, self.nullArg, ctypes.byref(self.flags))
- if not (s & 1):
- raise StopIteration \
- if s in (rmsdef.RMS__NMF, rmsdef.RMS__FNF ) \
- else VMSError(s)
-
- s = vms_trim_filespec(descrip.bydesc(self.resultant_filespec),
- descrip.bydesc(self.new_filespec),
- self.nullArg,
- ctypes.byref(self.resultant_length))
- res = self.new_filespec[:self.resultant_length.value]
- # Check if the device is file oriented, lib$find_file return a file if
- # a device like NLA0: is used
- if (lib.getdvi(dvidef.DVI__DEVCHAR, device_name=res)[1] &
- devdef.DEV_M_FOD) == 0:
- raise StopIteration
- return res
-
- def next(self):
- return self.__next__()
-
-def file_exists(fn):
- try:
- with FindFile(fn) as ifn:
- ifn.__next__()
- return True
- except (VMSError, StopIteration), e:
- return False
-
-if __name__ == '__main__':
- import sys
- with FindFile(sys.argv[1]) as ifn:
- for fn in ifn:
- print fn
diff --git a/secrules/getMailObjectInfo.py b/secrules/getMailObjectInfo.py
--- a/secrules/getMailObjectInfo.py
+++ b/secrules/getMailObjectInfo.py
@@ -1,24 +1,19 @@
+from typing import Tuple
import os
-from vms import starlet, syidef
-from vms.rtl import lib
-from vms import user
-from FindFile import FindFile
+from ovms import starlet, syidef
+from ovms.rtl import lib
+from ovms import user
+from ovms.rtl.lib.FindFile import FindFile
-def getMailObjectInfo():
+VMSError = OSError
+
+def getMailObjectInfo() -> Tuple[bool, bool, user.User | None]:
all_users = user.all_users()
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
- def file_exists(fn):
- try:
- with FindFile (fn) as ifn:
- ifn.__next__()
- return True
- except VMSError, e:
- return False
-
objectMailPresent = False
objectMailAccount = False
- objectMailUser = ''
+ objectMailUser = None
with os.popen('MCR NCL SHOW SESSION CONTROL APPLICATION MAIL') as p:
r = [x[:-1] for x in p]
@@ -27,8 +22,8 @@
objectMailPresent = True
if objectMailPresent:
- for u in all_users.values():
- if u.username == 'MAIL$SERVER':
+ for u in list(all_users.values()):
+ if u.username == b'MAIL$SERVER':
objectMailUser = u
objectMailAccount = True
diff --git a/secrules/get_mail_info.py b/secrules/get_mail_info.py
--- a/secrules/get_mail_info.py
+++ b/secrules/get_mail_info.py
@@ -1,8 +1,10 @@
import os
-from vms import starlet
-from vms.rtl import lib
-from vms import user
-from FindFile import FindFile
+from ovms import syidef
+from ovms.rtl import lib
+from ovms import user
+from ovms.rtl.lib.FindFile import FindFile
+
+VMSError = OSError
def getMailObjectInfo():
all_users = user.all_users()
@@ -13,7 +15,7 @@
with FindFile (fn) as ifn:
ifn.__next__()
return True
- except VMSError, e:
+ except VMSError as e:
return False
objectMailPresent = False
@@ -27,7 +29,7 @@
objectMailPresent = True
if objectMailPresent:
- for u in all_users.values():
+ for u in list(all_users.values()):
if u.username == 'MAIL$SERVER':
objectMailUser = u
objectMailAccount = True
diff --git a/secrules/get_security.py b/secrules/get_security.py
--- a/secrules/get_security.py
+++ b/secrules/get_security.py
@@ -1,36 +1,36 @@
-from vms import starlet
-from vms import itemList, ossdef, ssdef
-from vms.rtl import lib
+from ovms import starlet
+from ovms import itemList, ossdef, ssdef
+from ovms.rtl import lib
-def get_security(fn, clsnam='FILE'):
- itm = [itemList.itemList (code=ossdef.OSS__ACL_READ),
+def get_security(fn, clsnam=b'FILE'):
+ itm = (itemList.itemList (code=ossdef.OSS__ACL_READ),
itemList.itemList (code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedWord),
- itemList.itemList (code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong)]
+ itemList.itemList (code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong))
accnam = lib.get_accnam(clsnam)[1]
- s,res = starlet.get_security (clsnam, fn, itmlst=itm)
+ s, ctxt, res = starlet.get_security(clsnam, fn, itmlst=itm)
try:
- own = starlet.idtoasc(res[ossdef.OSS__OWNER])[1]
+ ownstr = starlet.idtoasc(res[ossdef.OSS__OWNER])[1] # type: ignore
except:
- own = res[ossdef.OSS__OWNER]
+ own: int = res[ossdef.OSS__OWNER] # type: ignore
high_word = int(own / 65536)
low_word = int(own - (high_word *65536))
- own = "[%o,%o]" % (high_word, low_word)
- prot = lib.format_sogw_prot(res[ossdef.OSS__PROTECTION], access_names=accnam)[1]
+ ownstr = b"[%o,%o]" % (high_word, low_word)
+ prot = lib.format_sogw_prot(res[ossdef.OSS__PROTECTION], access_names=accnam)[1] # type: ignore
acl = []
- v = res[ossdef.OSS__ACL_READ]
- while v != '':
- acl.append(starlet.format_acl(v[:ord(v[0]) - 1], accnam=accnam)[1])
- v = v[ord(v[0]):]
- return own, prot, acl
+ v: bytes = res[ossdef.OSS__ACL_READ] # type: ignore
+ while v != b'':
+ acl.append(starlet.format_acl(v[:v[0]], accnam=accnam)[1])
+ v = v[v[0]:]
+ return ownstr, prot, acl
if __name__ == '__main__':
import sys
filename = sys.argv[1]
clsnam = sys.argv[2]
- owner, protection, acl = get_security(filename, clsnam)
- print ' Owner:', owner
- print ' Protection:', protection
- print ' Access control list:'
+ owner, protection, acl = get_security(filename, clsnam.encode())
+ print(' Owner:', owner)
+ print(' Protection:', protection)
+ print(' Access control list:')
for e in acl:
- print 9*' ', e
+ print(9*' ', e)
diff --git a/secrules/rules01.py b/secrules/rules01.py
--- a/secrules/rules01.py
+++ b/secrules/rules01.py
@@ -2,13 +2,13 @@
__version__ = '1.0'
#__all__ = ['rule1201', 'rule1202', 'rule1203']
-from common import level_rule
-from vms.rtl import lib
-from vms import syidef, uaidef, prvdef, dvidef, ossdef
-from vms import user
-from vms import starlet
-from vms import itemList
-from vms import crtl
+from .common import level_rule
+from ovms.rtl import lib
+from ovms import syidef, uaidef, prvdef, dvidef, ossdef
+from ovms import user
+from ovms import starlet
+from ovms import itemList
+from ovms import crtl
@level_rule(1)
def rule0101(fo, ftm):
@@ -21,14 +21,14 @@
all_users = user.all_users()
if not ftm:
- print >>fo, 'Rule 0101'
- print >>fo, '========='
- for u in all_users.values():
+ print('Rule 0101', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
if (u.uic_group <= maxsysgroup) and (u.dialup_access_p != '\xff\xff\xff'):
if ftm:
- print >>fo, '0101"1" %-12s [%o,%o]' % (u.username, u.uic_group, u.uic_member)
+ print('0101"1" %-12s [%o,%o]' % (u.username.decode(), u.uic_group, u.uic_member), file=fo)
else:
- print >>fo, '%-12s [%o,%o]' % (u.username, u.uic_group, u.uic_member)
+ print('%-12s [%o,%o]' % (u.username.decode(), u.uic_group, u.uic_member), file=fo)
@level_rule(2)
def rule0102(fo, ftm):
@@ -39,11 +39,11 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0102'
- print >>fo, '========='
+ print(file=fo)
+ print('Rule 0102', file=fo)
+ print('=========', file=fo)
uics = {}
- for u in all_users.values():
+ for u in list(all_users.values()):
uic = '[%o,%o]' % (u.uic_group, u.uic_member)
if uic in uics:
uics[uic].append(u.username)
@@ -53,9 +53,9 @@
for uic in uics:
if len(uics[uic]) > 1:
if ftm:
- print >>fo, '0102"2"', uic, uics[uic]
+ print('0102"2"', uic, uics[uic], file=fo)
else:
- print >>fo, uic, uics[uic]
+ print(uic, uics[uic], file=fo)
@level_rule(3)
def rule0103(fo, ftm):
@@ -66,16 +66,16 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0103'
- print >>fo, '========='
- for u in all_users.values():
+ print(file=fo)
+ print('Rule 0103', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
if (u.uic_group <= maxsysgroup):
if (u.priv | u.def_priv) & (prvdef.PRV_M_GROUP | prvdef.PRV_M_GRPPRV):
if ftm:
- print >>fo, '0103"3"', u.username
+ print('0103"3"', u.username.decode(), file=fo)
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0104(fo, ftm):
@@ -90,15 +90,15 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0104'
- print >>fo, '========='
- for u in all_users.values():
+ print(file=fo)
+ print('Rule 0104', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
if (u.uic_group <= maxsysgroup) and (u.username != 'SYSTEM'):
if ftm:
- print >>fo, '0104"3"', u.username
+ print('0104"3"', u.username.decode(), file=fo)
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0105(fo, ftm):
@@ -111,9 +111,9 @@
all_users = user.all_users()
if ftm:
- print >>fo
- print >>fo, 'Rule 0105'
- print >>fo, '========='
+ print(file=fo)
+ print('Rule 0105', file=fo)
+ print('=========', file=fo)
privs = (prvdef.PRV_M_CMKRNL |
prvdef.PRV_M_CMEXEC |
@@ -153,13 +153,13 @@
prvdef.PRV_M_AUDIT |
prvdef.PRV_M_SECURITY)
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.uic_group > maxsysgroup):
if (u.priv | u.def_priv) & privs:
if ftm:
- print >>fo, '0105"3"', u.username
+ print('0105"3"', u.username.decode(), file=fo)
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0106(fo, ftm):
@@ -169,17 +169,17 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0106'
- print >>fo, '========='
- for u in all_users.values():
+ print(file=fo)
+ print('Rule 0106', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
try:
lib.getdvi(dvidef.DVI__DEVNAM, None, u.defdev)
except:
if ftm:
- print >>fo, '0106"3"', u.username
+ print('0106"3"', u.username.decode(), file=fo)
else:
- print >>fo, u.username, u.defdev
+ print(u.username.decode(), u.defdev.decode(), file=fo)
@level_rule(3)
def rule0107(fo, ftm):
@@ -189,17 +189,17 @@
all_users = user.all_users()
if ftm:
- print >>fo
- print >>fo, 'Rule 0107'
- print >>fo, '========='
- for u in all_users.values():
+ print(file=fo)
+ print('Rule 0107', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
try:
lib.getdvi(dvidef.DVI__AVL, None, u.defdev)
except:
if ftm:
- print >>fo, '0107"3"', u.username
+ print('0107"3"', u.username.decode(), file=fo)
else:
- print >>fo, u.username, u.defdev
+ print(u.username.decode(), u.defdev.decode(), file=fo)
@level_rule(2)
def rule0108(fo, ftm):
@@ -211,15 +211,15 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0108'
- print >>fo, '========='
- for u in all_users.values():
- if (u.defdir == '') and (u.defdev == ''):
+ print(file=fo)
+ print('Rule 0108', file=fo)
+ print('=========', file=fo)
+ for u in list(all_users.values()):
+ if (u.defdir == b'') and (u.defdev == b''):
if ftm:
- print >>fo, '0108"2"', u.username
+ print('0108"2"', u.username.decode(), file=fo)
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0109(fo, ftm):
@@ -230,17 +230,17 @@
all_users = user.all_users()
if not ftm:
- print >>fo
- print >>fo, 'Rule 0109'
- print >>fo, '========='
+ print(file=fo)
+ print('Rule 0109', file=fo)
+ print('=========', file=fo)
privs = prvdef.PRV_M_TMPMBX | prvdef.PRV_M_NETMBX
- u = all_users['DEFAULT']
+ u = all_users[b'DEFAULT']
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
- print >>fo, '0109"3"', u.username
+ print('0109"3"', u.username.decode(), file=fo)
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
privs = (prvdef.PRV_M_TMPMBX |
prvdef.PRV_M_NETMBX |
@@ -253,13 +253,13 @@
prvdef.PRV_M_PRMMBX |
prvdef.PRV_M_LOG_IO |
prvdef.PRV_M_SETPRV)
- if 'FIELD' in all_users:
- u = all_users['FIELD']
+ if b'FIELD' in all_users:
+ u = all_users[b'FIELD']
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
- print >>fo, '0109"3"', u.username
+ print('0109"3"', u.username.decode(), file=fo)
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
privs = (prvdef.PRV_M_CMEXEC |
prvdef.PRV_M_IMPERSONATE |
@@ -278,21 +278,21 @@
prvdef.PRV_M_PRMCEB |
prvdef.PRV_M_TMPMBX)
- if 'SYSTEST' in all_users:
- u = all_users['SYSTEST']
+ if b'SYSTEST' in all_users:
+ u = all_users[b'SYSTEST']
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
- print >>fo, '0109"3"', u.username
+ print('0109"3"', u.username, file=fo)
else:
- print >>fo, u.username
+ print(u.username, file=fo)
- if 'SYSTEST_CLIG' in all_users:
- u = all_users['SYSTEST_CLIG']
+ if b'SYSTEST_CLIG' in all_users:
+ u = all_users[b'SYSTEST_CLIG']
if (u.def_priv != u.priv) or (u.priv & ~privs) or (u.flags & uaidef.UAI_M_DISACNT) == 0:
if ftm:
- print >>fo, '0109"3"', u.username
+ print('0109"3"', u.username.decode(), file=fo)
else:
- print >>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0110(fo, ftm):
@@ -303,29 +303,29 @@
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
if not ftm:
- print >>fo
- print >>fo, 'Rule 0110'
- print >>fo, '========='
+ print(file=fo)
+ print('Rule 0110', file=fo)
+ print('=========', file=fo)
load_pwd_policy = lib.getsyi(syidef.SYI__LOAD_PWD_POLICY)[1]
rms_fileprot = lib.getsyi(syidef.SYI__RMS_FILEPROT)[1]
if (load_pwd_policy != 0):
if ftm:
- print >>fo, '0110"3"LOAD_PWD_POLICY', load_pwd_policy
+ print('0110"3"LOAD_PWD_POLICY', load_pwd_policy, file=fo)
else:
- print >>fo, 'LOAD_PWD_POLICY invalid', load_pwd_policy
+ print('LOAD_PWD_POLICY invalid', load_pwd_policy, file=fo)
if (maxsysgroup > 8):
if ftm:
- print >>fo, '0110"3"MAXSYSGROUP', maxsysgroup
+ print('0110"3"MAXSYSGROUP', maxsysgroup, file=fo)
else:
- print >>fo, 'MAXSYSGROUP invalid' , maxsysgroup
- if (rms_fileprot != 65280):
+ print('MAXSYSGROUP invalid' , maxsysgroup, file=fo)
+ if (rms_fileprot not in (64000, 65280)):
if ftm:
- print >>fo, '0110"3"RMS_FILEPROT', lib.format_sogw_prot (rms_fileprot)[1]
+ print('0110"3"RMS_FILEPROT', lib.format_sogw_prot(rms_fileprot)[1], file=fo)
else:
- print >>fo, 'RMS_FILEPROT invalid found', lib.format_sogw_prot (rms_fileprot)[1]
- print >>fo, ' waiting', lib.format_sogw_prot (65280)[1]
+ print('RMS_FILEPROT invalid found', lib.format_sogw_prot(rms_fileprot)[1].decode(), file=fo)
+ print(' waiting', lib.format_sogw_prot(65280)[1].decode(), file=fo)
if __name__ == '__main__':
diff --git a/secrules/rules02.py b/secrules/rules02.py
--- a/secrules/rules02.py
+++ b/secrules/rules02.py
@@ -1,16 +1,17 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os, os.path
-from vms.rtl import lib
-from vms import syidef, uaidef, prvdef, dvidef, ossdef, ssdef
-from vms import user
-from vms import starlet
-from vms import itemList
-from vms import crtl
-from FindFile import FindFile
+from ovms.rtl import lib
+from ovms import syidef, uaidef, prvdef, dvidef, ossdef, ssdef
+from ovms import user
+from ovms import starlet
+from ovms import itemList
+from ovms import crtl
+from ovms.rtl.lib.FindFile import FindFile
+VMSError = OSError
@level_rule(2)
def rule0201(fo, fmt):
@@ -22,23 +23,23 @@
to the user, the privilege of the user, or the UIC protection on the file."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0201'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0201', file=fo)
+ print('=========', file=fo)
- with FindFile('SYS$SYSROOT:[000000...]*.*') as fi:
+ with FindFile(b'SYS$SYSROOT:[000000...]*.*') as fi:
for fn in fi:
- it = [itemList.itemList(code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),]
+ it = (itemList.itemList(code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),)
try:
- sec = starlet.get_security(objnam=fn, clsnam='FILE',
- itmlst=it)[1][ossdef.OSS__PROTECTION]
+ sec: int = starlet.get_security(objnam=fn, clsnam='FILE', # type:ignore
+ itmlst=it)[2][ossdef.OSS__PROTECTION] # type:ignore
if not ((sec & 0x8000) and (sec & 0x2000)):
if fmt:
- print>>fo, '0201"2"', fn
+ print('0201"2"', fn, file=fo)
else:
- print>>fo, fn
- print>>fo, ' ' * 10, lib.format_sogw_prot (sec)[1]
- except VMSError, e:
+ print(fn.decode(), file=fo) # type:ignore
+ print(' ' * 10, lib.format_sogw_prot (sec)[1].decode(), file=fo)
+ except VMSError as e:
if e.errno != ssdef.SS__NOSUCHFILE:
raise
@@ -52,20 +53,21 @@
user, or the UIC protection on the file."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0202'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0202', file=fo)
+ print('=========', file=fo)
- with FindFile('SYS$SYSROOT:[000000...]*.*') as fi:
- for fn in fi:
- it = [itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),]
- sec = starlet.get_security (objnam=fn, clsnam='FILE',itmlst=it)[1][ossdef.OSS__PROTECTION]
+ with FindFile(b'SYS$SYSROOT:[000000...]*.*') as fi:
+ for fn in fi: # type:ignore
+ fn: bytes
+ it = (itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),)
+ sec: int = starlet.get_security(objnam=fn, clsnam='FILE',itmlst=it)[2][ossdef.OSS__PROTECTION] # type:ignore
if not ((sec & 0x800) and (sec & 0x200)):
if fmt:
- print>>fo, '0202"3"', fn
+ print('0202"3"', fn.decode(), file=fo) # type:ignore
else:
- print>>fo, fn
- print>>fo, ' ' * 10, lib.format_sogw_prot (sec)[1]
+ print(fn.decode(), file=fo) # type:ignore
+ print(' ' * 10, lib.format_sogw_prot(sec)[1].decode(), file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules03.py b/secrules/rules03.py
--- a/secrules/rules03.py
+++ b/secrules/rules03.py
@@ -1,9 +1,9 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
-from FindFile import FindFile
-from get_security import get_security
+from .common import level_rule
+from ovms.rtl.lib.FindFile import FindFile
+from .get_security import get_security
@level_rule(2)
def rule0302(fo, fmt):
@@ -12,20 +12,21 @@
of vulnerability with regards to protection of critical files."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0302'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0302', file=fo)
+ print('=========', file=fo)
- with FindFile('SYS$SYSROOT:[000000...]*.*') as fi:
- for fn in fi:
- id = get_security (fn)[0]
- if (id != 'SYSTEM') and (id != '[1,1]'):
- if (fn != 'MOM$SYSTEM') and (id != '[376,375]'):
+ with FindFile(b'SYS$SYSROOT:[000000...]*.*') as fi:
+ for fn in fi: # type: ignore
+ fn: bytes
+ id = get_security(fn)[0]
+ if (id != b'SYSTEM') and (id != b'[1,1]'):
+ if (fn != b'MOM$SYSTEM') and (id != b'[376,375]'):
if fmt:
- print>>fo, '0302"2"', fn
+ print('0302"2"', fn.decode(), file=fo)
else:
- print>>fo, fn
- print>>fo, ' ' * 10, id
+ print(fn.decode(), file=fo)
+ print(' ' * 10, id.decode(), file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules04.py b/secrules/rules04.py
--- a/secrules/rules04.py
+++ b/secrules/rules04.py
@@ -1,16 +1,18 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os, os.path
-from vms.rtl import lib
-from vms import starlet
-from vms import ossdef, ssdef, rmsdef, dvsdef, dcdef, dvidef, itemList
-from vms import user
-from vms import crtl
-from FindFile import FindFile
+from ovms.rtl import lib
+from ovms import starlet
+from ovms import ossdef, ssdef, rmsdef, dvsdef, dcdef, dvidef, itemList
+from ovms import user
+from ovms import crtl
+from ovms.rtl.lib.FindFile import FindFile
from secrules import get_security
-from DeviceScan import DeviceScan
+from ovms.starlet.DeviceScan import DeviceScan
+
+VMSError = OSError
@level_rule(2)
def rule0401(fo, fmt):
@@ -21,35 +23,37 @@
data."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0401'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0401', file=fo)
+ print('=========', file=fo)
def fileACL(root):
- it = [itemList.itemList (code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),]
+ it = (itemList.itemList (code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),)
with FindFile(root) as ifn:
- for fn in ifn:
+ for fn in ifn: # type:ignore
+ fn: bytes
try:
- retacl = starlet.get_security (objnam=fn, clsnam='FILE',itmlst=it)
- acllen = int(retacl[1][ossdef.OSS__ACL_LENGTH])
+ retacl = starlet.get_security(objnam=fn, clsnam='FILE',itmlst=it)
+ acllen = int(retacl[2][ossdef.OSS__ACL_LENGTH])
if (acllen != 0):
if fmt:
- print>>fo, '0401"2"', fn
+ print('0401"2"', fn.decode(), file=fo)
else:
- print>>fo, fn
+ print(fn.decode(), file=fo)
for e in get_security.get_security (fn)[2]:
+ e: bytes
if not fmt:
- print>>fo, ' '*9, e
- except VMSError, e:
- if e.errno != rmsdef.RMS__FNF:
+ print(' '*9, e.decode(), file=fo)
+ except VMSError as err:
+ if err.errno not in (rmsdef.RMS__FNF, ssdef.SS__NOSUCHFILE):
raise
- for device in DeviceScan('*', devclass=dcdef.DC__DISK):
+ for device in DeviceScan(b'*', devclass=dcdef.DC__DISK):
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
- fileACL(device + '[000000...]*.*')
+ fileACL(device + b'[000000...]*.*')
@level_rule(2)
def rule0403(fo, fmt):
@@ -58,33 +62,34 @@
files can be corrupted or deleted."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0403'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0403', file=fo)
+ print('=========', file=fo)
def fileSYS(root):
with FindFile(root) as fi:
- for fn in fi:
+ for fn in fi: # type: ignore
+ fn: bytes
own = get_security.get_security(fn)[0]
if own not in ('SYSTEM', '[1,1]'):
if fmt:
- print>>fo, '0403"2"', fn
+ print('0403"2"', fn.decode(), file=fo)
else:
- print>>fo, fn, own
+ print(fn.decode(), own.decode(), file=fo)
devCtx = 0
- devItm = [itemList.itemList (code=dvsdef.DVS__DEVCLASS, value=dcdef.DC__DISK),]
+ devItm = (itemList.itemList (code=dvsdef.DVS__DEVCLASS, value=dcdef.DC__DISK),)
while(True):
try:
- sts,device,devCtx = starlet.device_scan('*', devItm, devCtx)
+ sts,device,devCtx = starlet.device_scan(b'*', devItm, devCtx)
except:
break
if not lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]:
continue
if lib.getdvi(dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
- fileSYS(device + '[000000]*.SYS')
+ fileSYS(device + b'[000000]*.SYS')
@level_rule(2)
def rule0404(fo, fmt):
@@ -93,33 +98,34 @@
system inoperable."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0404'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0404', file=fo)
+ print('=========', file=fo)
def fileSYSProt(root):
with FindFile(root) as fi:
- for fn in fi:
+ for fn in fi: # type: ignore
+ fn: bytes
prot = get_security.get_security(fn)[1]
if not (prot == 'System: RWED, Owner: RWED, Group: RE, World'):
if fmt:
- print>>fo, '0404"2"', fn
+ print('0404"2"', fn.decode(), file=fo)
else:
- print>>fo, fn, prot
+ print(fn.decode(), prot.decode(), file=fo)
devCtx = 0
devItm = [itemList.itemList (code=dvsdef.DVS__DEVCLASS, value=dcdef.DC__DISK),]
while(True):
try:
- sts,device,devCtx = starlet.device_scan('*', devItm, devCtx)
+ sts,device,devCtx = starlet.device_scan(b'*', devItm, devCtx)
except:
break
if not lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]:
continue
if lib.getdvi(dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
- fileSYSProt(device + '[000000]*.SYS')
+ fileSYSProt(device + b'[000000]*.SYS')
@level_rule(2)
def rule0405(fo, fmt):
@@ -129,30 +135,31 @@
them."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0405'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0405', file=fo)
+ print('=========', file=fo)
def fileACLrf(fs):
- it = [itemList.itemList (code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),]
+ it = (itemList.itemList (code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),)
with FindFile (fs) as ifn:
- for fn in ifn:
- acllen = int (starlet.get_security (objnam=fn, clsnam='FILE',itmlst=it)[1][ossdef.OSS__ACL_LENGTH])
+ for fn in ifn: # type:ignore
+ fn: bytes
+ acllen = int (starlet.get_security (objnam=fn, clsnam='FILE',itmlst=it)[2][ossdef.OSS__ACL_LENGTH])
if (acllen != 0):
if fmt:
- print>>fo, '0405"2"', fn
+ print('0405"2"', fn.decode(), file=fo)
else:
- print>>fo, fn
+ print(fn, file=fo)
for e in get_security.get_security (fn)[2]:
if not fmt:
- print>>fo, ' '*9, e
+ print(' '*9, e.decode(), file=fo)
- for device in DeviceScan('*', devclass=dcdef.DC__DISK):
+ for device in DeviceScan(b'*', devclass=dcdef.DC__DISK):
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
- fileACLrf(device + '[000000]*.SYS')
+ fileACLrf(device + b'[000000]*.SYS')
if __name__ == '__main__':
import sys
diff --git a/secrules/rules05.py b/secrules/rules05.py
--- a/secrules/rules05.py
+++ b/secrules/rules05.py
@@ -1,18 +1,21 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os, os.path
-from vms.rtl import lib
-from vms import syidef, uaidef, prvdef, dvidef, ossdef
-from vms import user
-from vms import starlet
-from vms import itemList
-from vms import crtl
+from ovms.rtl import lib
+from ovms import syidef, uaidef, prvdef, dvidef, ossdef
+from ovms import user
+from ovms import starlet
+from ovms import itemList
+from ovms import crtl
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
all_users = user.all_users()
+def cmp(a, b):
+ return (a > b) - (a < b)
+
@level_rule(3)
def rule0501(fo, fmt):
""" Not having the DISCTLY flag not set allows these accounts to
@@ -21,31 +24,31 @@
site."""
if not fmt:
- print>>fo, 'Rule 0501'
- print>>fo, '========='
+ print('Rule 0501', file=fo)
+ print('=========', file=fo)
- for u in all_users.values():
+ for u in list(all_users.values()):
if not (u.flags & uaidef.UAI_M_DISCTLY):
if fmt:
- print>>fo, '0501"3"', u.username
+ print('0501"3"', u.username.decode(), file=fo)
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0502(fo, fmt):
"""Ensure the DISCTLY flag is set on all accounts."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0502'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0502', file=fo)
+ print('=========', file=fo)
- for u in all_users.values():
+ for u in list(all_users.values()):
if not (u.flags & uaidef.UAI_M_DEFCLI):
if fmt:
- print>>fo, '0502"3"', u.username
+ print('0502"3"', u.username.decode(), file=fo)
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(2)
def rule0503(fo, fmt):
@@ -55,17 +58,17 @@
account -- The LOCKPWD flag should be set."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0503'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0503', file=fo)
+ print('=========', file=fo)
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.flags & uaidef.UAI_M_CAPTIVE):
if (u.flags & uaidef.UAI_M_LOCKPWD) or (u.uic_group <= maxsysgroup):
if fmt:
- print>>fo, '0503"2"', u.username
+ print('0503"2"', u.username.decode(), file=fo)
else:
- print>>fo, u.username, u.uic_group
+ print(u.username.decode(), u.uic_group, file=fo)
@level_rule(2)
def rule0504(fo, fmt):
@@ -75,16 +78,16 @@
environment."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0504'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0504', file=fo)
+ print('=========', file=fo)
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.flags & uaidef.UAI_M_CAPTIVE) and ((u.uic_group <= maxsysgroup) or (u.prccnt != 0)):
if fmt:
- print>>fo, '0504"2"', u.username
+ print('0504"2"', u.username.decode(), file=fo)
else:
- print>>fo, u.username, u.uic_group, u.prccnt
+ print(u.username.decode(), u.uic_group, u.prccnt, file=fo)
@level_rule(2)
def rule0506(fo, fmt):
@@ -95,16 +98,16 @@
gain access to the system using these accounts."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0506'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0506', file=fo)
+ print('=========', file=fo)
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.lastlogin_i == 0) and (u.lastlogin_n == 0) and not (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
- print>>fo, '0506"2"', u.username
+ print('0506"2"', u.username.decode(), file=fo)
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(2)
def rule0507(fo, fmt):
@@ -113,19 +116,19 @@
utilized as a means to gain unauthorized access to the system."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0507'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0507', file=fo)
+ print('=========', file=fo)
delta_time = starlet.bintim("90 00:00:00.00")[1]
current_time = starlet.bintim(starlet.asctim()[1])[1]
limit_time = current_time + delta_time
- for u in all_users.values():
+ for u in list(all_users.values()):
if ((u.lastlogin_i < limit_time) and (u.lastlogin_n < limit_time )) and not (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
- print>>fo, '0507"2"', u.username
+ print('0507"2"', u.username.decode(), file=fo)
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0508(fo, fmt):
@@ -134,16 +137,16 @@
resources."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0508'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0508', file=fo)
+ print('=========', file=fo)
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
- print>>fo, '0508"3"', u.username
+ print('0508"3"', u.username.decode(), file=fo)
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(3)
def rule0509(fo, fmt):
@@ -152,18 +155,18 @@
resources."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0509'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0509', file=fo)
+ print('=========', file=fo)
current_time = starlet.bintim(starlet.asctim()[1])[1]
- for u in all_users.values():
+ for u in list(all_users.values()):
if (0 < u.expiration < current_time):
if fmt:
- print>>fo, '0509"3"', u.username
+ print('0509"3"', u.username.decode(), file=fo)
else:
- print>>fo, u.username
+ print(u.username.decode(), file=fo)
@level_rule(2)
def rule0510(fo, fmt):
@@ -173,9 +176,9 @@
confidentiality of customer data."""
if not fmt:
- print>>fo, ''
- print>>fo, 'Rule 0510'
- print>>fo, '========='
+ print('', file=fo)
+ print('Rule 0510', file=fo)
+ print('=========', file=fo)
lst = (("LGI_BRK_TERM", syidef.SYI__LGI_BRK_TERM, 0, 0),
("LGI_BRK_DISUSER", syidef.SYI__LGI_BRK_DISUSER, 0, -1, 1),
@@ -192,9 +195,9 @@
r = lib.getsyi(p[1])[1]
if cmp(r, p[2]) not in p[3:]:
if fmt:
- print>>fo, '0510"2"', p[0]
+ print('0510"2"', p[0], file=fo)
else:
- print>>fo, p[0]
+ print(p[0], file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules06.py b/secrules/rules06.py
--- a/secrules/rules06.py
+++ b/secrules/rules06.py
@@ -1,14 +1,14 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os
-from vms import starlet
-from vms.rtl import lib
-from vms import syidef
-from DisplayProxy import DisplayProxy
-from user_exists import user_exists
-from FindFile import FindFile, file_exists
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import syidef
+from .DisplayProxy import DisplayProxy
+from .user_exists import user_exists
+from ovms.rtl.lib.FindFile import FindFile, file_exists
maxsysgroup = lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]
@@ -20,16 +20,16 @@
allows access from nodes not currently added to the network."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0601'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0601', file=fo)
+ print('=========', file=fo)
for proxy_node, proxy_user, default_user, local_users in DisplayProxy():
if '*' in (proxy_node, proxy_user):
if fmt:
- print>>fo, '0601"2"', proxy_node, proxy_user
+ print('0601"2"', proxy_node, proxy_user, file=fo)
else:
- print>>fo, proxy_node, proxy_user, default_user, local_users
+ print(proxy_node, proxy_user, default_user, local_users, file=fo)
@level_rule(2)
def rule0602(fo, fmt):
@@ -39,26 +39,27 @@
user."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0602'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0602', file=fo)
+ print('=========', file=fo)
for proxy_node, proxy_user, default_user, local_users in DisplayProxy():
- if (default_user != '*') and (default_user != ''):
+ local_users_str = tuple([us.decode() for us in local_users])
+ if (default_user != b'*') and (default_user != b''):
if user_exists(default_user)[0] is None:
if fmt:
- print>>fo, '0602"2"', proxy_node, proxy_user
+ print('0602"2"', proxy_node, proxy_user, file=fo)
else:
- print>>fo, '1', proxy_node, proxy_user, default_user
- print>>fo, proxy_node, proxy_user, default_user, local_users
+ print('1', proxy_node.decode(), proxy_user.decode(), default_user.decode(), file=fo)
+ print(proxy_node.decode(), proxy_user.decode(), default_user.decode(), local_users_str, file=fo)
for l in local_users:
- if (l != '*') and (l != ''):
+ if (l != b'*') and (l != b''):
if user_exists(l)[0] is None:
if fmt:
- print>>fo, '0602', proxy_node, proxy_user
+ print('0602', proxy_node.decode(), proxy_user.decode(), file=fo)
else:
- print>>fo, '2', proxy_node, proxy_user, l
- print>>fo, proxy_node, proxy_user, default_user, local_users
+ print('2', proxy_node.decode(), proxy_user.decode(), l.decode(), file=fo)
+ print(proxy_node.decode(), proxy_user.decode(), default_user.decode(), local_users_str, file=fo)
@level_rule(2)
def rule0603(fo, fmt):
@@ -66,26 +67,26 @@
to occur remotely without the user even logging in."""
if not fmt:
- print
- print>>fo, 'Rule 0603'
- print>>fo, '========='
+ print()
+ print('Rule 0603', file=fo)
+ print('=========', file=fo)
for proxy_node, proxy_user, default_user, local_users in DisplayProxy():
- if (default_user != '*') and (default_user != ''):
+ if (default_user != b'*') and (default_user != b''):
g, m = user_exists(default_user)
if (g is not None) and (g <= maxsysgroup):
if fmt:
- print>>fo, '0603"2"', proxy_node, proxy_user
+ print('0603"2"', proxy_node.decode(), proxy_user.decode(), file=fo)
else:
- print>>fo, proxy_node, proxy_user, default_user
+ print(proxy_node.decode(), proxy_user.decode(), default_user.decode(), file=fo)
for l in local_users:
- if (l != '*') and (l != ''):
+ if (l != b'*') and (l != b''):
g, m = user_exists(local_users)
if (g is not None) and (g <= maxsysgroup):
if fmt:
- print>>fo, proxy_node, proxy_user
+ print(proxy_node.decode(), proxy_user.decode(), file=fo)
else:
- print>>fo, proxy_node, proxy_user, l
+ print(proxy_node.decode(), proxy_user.decode(), l.decode(), file=fo)
@level_rule(2)
def rule0604(fo, fmt):
@@ -93,9 +94,9 @@
attack, or a potential for unintended enabling of the object in the future."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0604'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0604', file=fo)
+ print('=========', file=fo)
with os.popen('@USER_TASK.COM') as p:
r = [x[:-1].split(',') for x in p]
@@ -103,9 +104,9 @@
for t, u, i in r:
if user_exists(u)[0] is None:
if fmt:
- print>>fo, '0604"2"', t, u
+ print('0604"2"', t, u, file=fo)
else:
- print>>fo, t, u
+ print(t, u, file=fo)
@level_rule(2)
def rule0605(fo, fmt):
@@ -113,9 +114,9 @@
operations to occur remotely without the user even logging in."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0605'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0605', file=fo)
+ print('=========', file=fo)
with os.popen('@USER_TASK.COM') as p:
r = [x[:-1].split(',') for x in p]
@@ -124,9 +125,9 @@
g, m = user_exists(u)
if (g is not None) and (g <= maxsysgroup):
if fmt:
- print>>fo, '0605"2"', t, u
+ print('0605"2"', t, u, file=fo)
else:
- print>>fo, t, u
+ print(t, u, file=fo)
@level_rule(3)
def rule0606(fo,fmt):
@@ -134,19 +135,19 @@
object from being used."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0606'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0606', file=fo)
+ print('=========', file=fo)
with os.popen('@USER_TASK.COM') as p:
r = [x[:-1].split(',') for x in p]
for t, u, i in r:
- if not file_exists(i):
+ if not file_exists(i.encode()):
if fmt:
- print>>fo, '0606"3"', t, u, i
+ print('0606"3"', t, u, i, file=fo)
else:
- print>>fo, t, u, i
+ print(t, u, i, file=fo)
@level_rule(3)
def rule0607(fo, fmt):
@@ -157,9 +158,9 @@
object."""
if not fmt:
- print>>fo
- print>>fo, 'Rule 0607'
- print>>fo, '========='
+ print(file=fo)
+ print('Rule 0607', file=fo)
+ print('=========', file=fo)
with os.popen('@USER_TASK.COM') as p:
r = [x[:-1].split(',') for x in p]
@@ -167,17 +168,17 @@
for t, u, i in r:
if (t == 'TASK'):
if fmt:
- print>>fo, '0607"3"', t, u, i
+ print('0607"3"', t, u, i, file=fo)
else:
- print>>fo, t, u, i
+ print(t, u, i, file=fo)
if __name__ == '__main__':
import sys
fo = open(sys.argv[1], 'w') if len(sys.argv) > 1 else sys.stdout
- rule601(fo, len(sys.argv) > 2)
- rule602(fo, len(sys.argv) > 2)
- rule603(fo, len(sys.argv) > 2)
- rule604(fo, len(sys.argv) > 2)
- rule605(fo, len(sys.argv) > 2)
- rule606(fo, len(sys.argv) > 2)
- rule607(fo, len(sys.argv) > 2)
+ rule0601(fo, len(sys.argv) > 2)
+ rule0602(fo, len(sys.argv) > 2)
+ rule0603(fo, len(sys.argv) > 2)
+ rule0604(fo, len(sys.argv) > 2)
+ rule0605(fo, len(sys.argv) > 2)
+ rule0606(fo, len(sys.argv) > 2)
+ rule0607(fo, len(sys.argv) > 2)
diff --git a/secrules/rules07.py b/secrules/rules07.py
--- a/secrules/rules07.py
+++ b/secrules/rules07.py
@@ -1,14 +1,16 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
-from vms import starlet
-from vms.rtl import lib
-from vms import ssdef, kgbdef, ossdef, dcdef, dvidef
-from vms import itemList
+from .common import level_rule
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import ssdef, kgbdef, ossdef, dcdef, dvidef
+from ovms import itemList
from secrules import get_security
from secrules import user_exists
-from DeviceScan import DeviceScan
+from ovms.starlet.DeviceScan import DeviceScan
+
+VMSError = OSError
ids = (('BATCH',0x80000001),
('DIALUP',0x80000002),
@@ -24,25 +26,25 @@
with system resources."""
if not fmt:
- print>>fo
- print>>fo, "RULE 0701"
- print>>fo, "---------"
+ print(file=fo)
+ print("RULE 0701", file=fo)
+ print("---------", file=fo)
for n, v in ids:
try:
- s, idn, idv, ida = starlet.idtoasc(v)
+ s, idn, idv, ida, ctxt = starlet.idtoasc(v)
if idn != n:
if fmt:
- print>>fo, '0701"2"', '%s %x' % (n, v)
+ print('0701"2"', '%s %x' % (n, v), file=fo)
else:
- print>>fo, '%s %x' % (n, v)
- except VMSError, e:
+ print('%s %x' % (n, v), file=fo)
+ except VMSError as e:
if e.errno != ssdef.SS__NOSUCHID:
- print>>fo, e
+ print(e, file=fo)
if fmt:
- print>>fo, '0701"2"', '%s %x' % (n, v)
+ print('0701"2"', '%s %x' % (n, v), file=fo)
else:
- print>>fo, '%s %x' % (n, v)
+ print('%s %x' % (n, v), file=fo)
@level_rule(2)
def rule0702(fo, fmt):
@@ -51,9 +53,9 @@
(e.g., critical files, directories, etc.)."""
if not fmt:
- print>>fo
- print>>fo, "RULE 0702"
- print>>fo, "---------"
+ print(file=fo)
+ print("RULE 0702", file=fo)
+ print("---------", file=fo)
id = 0xFFFFFFFF # do a wildcard lookup
context = 0
@@ -61,24 +63,24 @@
while (cont):
try:
s, idn, idv, ida, context = starlet.idtoasc(id, context)
- if (idv < 0x80000000L):
+ if (idv < 0x80000000):
continue
- if idn in ('BATCH', 'DIALUP', 'INTERACTIVE', 'LOCAL', 'REMOTE',
- 'NETWORK', 'DECWINDOWS'):
+ if idn in (b'BATCH', b'DIALUP', b'INTERACTIVE', b'LOCAL', b'REMOTE',
+ b'NETWORK', b'DECWINDOWS'):
continue
- if idn.split('$')[0] in ('NET', 'SYS', 'SECSRV', 'VMS'):
+ if idn.split(b'$')[0] in (b'NET', b'SYS', b'SECSRV', b'VMS'):
continue
try:
s, holder, attrib = starlet.find_holder(idv)
- except VMSError, e:
+ except VMSError as e:
if e.errno != ssdef.SS__NOSUCHID:
raise e
idvs = "%%X%X" % idv
if fmt:
- print>>fo, '0702"2"', "id = %s idn = %s" % (idvs, idn)
+ print('0702"2"', "id = %s idn = %s" % (idvs, idn.decode()), file=fo)
else:
- print>>fo, "id = %s idn = %s" % (idvs, idn)
- except VMSError, e:
+ print("id = %s idn = %s" % (idvs, idn.decode()), file=fo)
+ except VMSError as e:
if e.errno != ssdef.SS__NOSUCHID:
raise e
cont = False
@@ -92,23 +94,23 @@
and delete entries in the table."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0703'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0703', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
- own = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
- itmlst=it)[1][ossdef.OSS__OWNER]
+ own: int = starlet.get_security(objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
+ itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
high_word = int(own / 65536)
low_word = int(own - (high_word *65536))
- own = "[%o,%o]" % (high_word, low_word)
- if own != '[1,4]':
+ own_str = "[%o,%o]" % (high_word, low_word)
+ if own_str != '[1,4]':
if fmt:
- print>>fo, '0703"2"', own
+ print('0703"2"', own_str, file=fo)
else:
- print>>fo, own
+ print(own_str, file=fo)
@level_rule(2)
def rule0704(fo, fmt):
@@ -117,19 +119,19 @@
circumvent certain system security measures or override safeguards."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0704'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0704', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
- prot = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
- itmlst=it)[1][ossdef.OSS__PROTECTION]
+ prot: int = starlet.get_security(objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
+ itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if not ((prot & 0x8000) and (prot & 0x4000) and (prot & 0x2000)):
if fmt:
- print>>fo, '0704"2" LNM$SYSTEM_TABLE'
+ print('0704"2" LNM$SYSTEM_TABLE', file=fo)
else:
- print>>fo, 'LNM$SYSTEM_TABLE', lib.format_sogw_prot (prot)[1]
+ print('LNM$SYSTEM_TABLE', lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(2)
def rule0705(fo, fmt):
@@ -138,19 +140,19 @@
a user to circumvent certain system security measures or override safeguards."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0705'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0705', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
- prot = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
- itmlst=it)[1][ossdef.OSS__PROTECTION]
+ prot: int = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
+ itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if not ((prot & 0x800) and (prot & 0x400) and (prot & 0x200)):
if fmt:
- print>>fo, '0705"2" LNM$SYSTEM_TABLE'
+ print('0705"2" LNM$SYSTEM_TABLE', file=fo)
else:
- print>>fo, 'LNM$SYSTEM_TABLE', lib.format_sogw_prot (prot)[1]
+ print('LNM$SYSTEM_TABLE', lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(2)
def rule0706(fo, fmt):
@@ -158,19 +160,19 @@
identifiers granted to them."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0706'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0706', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__ACL_LENGTH, dtype=itemList.il_unsignedLong),]
- acllen = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
- itmlst=it)[1][ossdef.OSS__ACL_LENGTH]
+ acllen:int = starlet.get_security (objnam='LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE',
+ itmlst=it)[2][ossdef.OSS__ACL_LENGTH] # type:ignore
if (acllen != 0):
if fmt:
- print>>fo, '0706"2" LNM$SYSTEM_TABLE'
+ print('0706"2" LNM$SYSTEM_TABLE', file=fo)
else:
- print>>fo, get_security.get_security('LNM$SYSTEM_TABLE', clsnam='LOGICAL_NAME_TABLE')
+ print(get_security.get_security(b'LNM$SYSTEM_TABLE', clsnam=b'LOGICAL_NAME_TABLE'), file=fo)
@level_rule(1)
def rule0707(fo, fmt):
@@ -178,23 +180,23 @@
and compromise system integrity."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0707'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0707', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
- ident = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
- itmlst=it)[1][ossdef.OSS__OWNER]
+ ident: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
+ itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
high_word = int(ident / 65536)
low_word = int(ident - (high_word *65536))
own = "[%o,%o]" % (high_word, low_word)
if (own != '[1,4]') and (own != '[1,1]'):
if fmt:
- print>>fo, '0707"1" SYS$SYSDEVICE:'
+ print('0707"1" SYS$SYSDEVICE:', file=fo)
else:
- print>>fo, 'SYS$SYSDEVICE:', own
+ print('SYS$SYSDEVICE:', own, file=fo)
@level_rule(2)
def rule0708(fo, fmt):
@@ -202,14 +204,14 @@
A privately mounted disk should be owned by a valid user in the SYSUAF."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0708'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0708', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
- ident = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
- itmlst=it)[1][ossdef.OSS__OWNER]
+ ident: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
+ itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
high_word = int(ident / 65536)
low_word = int(ident - (high_word *65536))
own = "[%o,%o]" % (high_word, low_word)
@@ -219,15 +221,15 @@
g, m =user_exists.user_exists(r[1])
if g is None:
if fmt:
- print>>fo, '0708"2" SYS$SYSDEVICE:', r[1]
+ print('0708"2" SYS$SYSDEVICE:', r[1], file=fo)
else:
- print>>fo, 'SYS$SYSDEVICE:', r[1], own
- except VMSError, e:
+ print('SYS$SYSDEVICE:', r[1], own, file=fo)
+ except VMSError as e:
if e == ssdef.SS__NOSUCHID:
if fmt:
- print>>fo, '0708"2" SYS$SYSDEVICE:'
+ print('0708"2" SYS$SYSDEVICE:', file=fo)
else:
- print>>fo, 'SYS$SYSDEVICE:', own
+ print('SYS$SYSDEVICE:', own, file=fo)
else:
raise e
@@ -237,20 +239,20 @@
data or files to unauthorized users."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0709'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0709', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
- prot = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
- itmlst=it)[1][ossdef.OSS__PROTECTION]
+ prot: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
+ itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if not (prot & 0xFE00):
if fmt:
- print>>fo, '0709"2" SYS$SYSDEVICE:'
+ print('0709"2" SYS$SYSDEVICE:', file=fo)
else:
- print>>fo, 'SYS$SYSDEVICE:', lib.format_sogw_prot (prot)[1]
+ print('SYS$SYSDEVICE:', lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(2)
def rule0710(fo, fmt):
@@ -259,20 +261,20 @@
scavenging."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0710'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0710', file=fo)
+ print('=========', file=fo)
- for device in DeviceScan('*', devclass=dcdef.DC__DISK):
+ for device in DeviceScan(b'*', devclass=dcdef.DC__DISK):
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
if lib.getdvi (dvidef.DVI__NOHIGHWATER, device_name=device)[1]:
if fmt:
- print>>fo, '0710"2"', device
+ print('0710"2"', device, file=fo)
else:
- print>>fo, device, 'NOHIGHWATER'
+ print(device, 'NOHIGHWATER', file=fo)
@level_rule(2)
def rule0711(fo, fmt):
@@ -282,20 +284,20 @@
users."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0711'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0711', file=fo)
+ print('=========', file=fo)
- for device in DeviceScan('*', devclass=dcdef.DC__DISK):
+ for device in DeviceScan(b'*', devclass=dcdef.DC__DISK):
if not (lib.getdvi (dvidef.DVI__MNT, device_name=device)[1]):
continue
if lib.getdvi (dvidef.DVI__SHDW_MEMBER, device_name=device)[1]:
continue
if not lib.getdvi (dvidef.DVI__ERASE_ON_DELETE, device_name=device)[1]:
if fmt:
- print>>fo, '0711"2"', device
+ print('0711"2"', device.decode(), file=fo)
else:
- print>>fo, device, 'NO ERASE_ON_DELETE'
+ print(device.decode(), 'NO ERASE_ON_DELETE', file=fo)
@level_rule(2)
def rule0712(fo, fmt):
@@ -303,23 +305,23 @@
security risk."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0712'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0712', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
- ident = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='DEVICE',
- itmlst=it)[1][ossdef.OSS__OWNER]
+ ident: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam=b'DEVICE',
+ itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
high_word = int(ident / 65536)
low_word = int(ident - (high_word *65536))
own = "[%o,%o]" % (high_word, low_word)
if (own != '[1,4]') and (own != '[1,1]'):
if fmt:
- print>>fo, '0712"2" Device SYS$SYSDEVICE:'
+ print('0712"2" Device SYS$SYSDEVICE:', file=fo)
else:
- print>>fo, 'Device SYS$SYSDEVICE:', own
+ print('Device SYS$SYSDEVICE:', own, file=fo)
@level_rule(2)
def rule0713(fo, fmt):
@@ -329,14 +331,14 @@
privileges on the volume."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0713'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0713', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__OWNER, dtype=itemList.il_unsignedLong),]
- ident = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='VOLUME',
- itmlst=it)[1][ossdef.OSS__OWNER]
+ ident: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='VOLUME',
+ itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
high_word = int(ident / 65536)
low_word = int(ident - (high_word *65536))
own = "[%o,%o]" % (high_word, low_word)
@@ -346,15 +348,15 @@
g, m =user_exists.user_exists(r[1])
if g is None:
if fmt:
- print>>fo, '0713"2" Volume SYS$SYSDEVICE:'
+ print('0713"2" Volume SYS$SYSDEVICE:', file=fo)
else:
- print>>fo, 'SYS$SYSDEVICE:', r[1], own
- except VMSError, e:
+ print('SYS$SYSDEVICE:', r[1].decode(), own, file=fo)
+ except VMSError as e:
if e == ssdef.SS__NOSUCHID:
if fmt:
- print>>fo, '0713"2" Volume SYS$SYSDEVICE:'
+ print('0713"2" Volume SYS$SYSDEVICE:', file=fo)
else:
- print>>fo, 'SYS$SYSDEVICE:', own
+ print('SYS$SYSDEVICE:', own, file=fo)
else:
raise e
@@ -364,21 +366,21 @@
disks. By default, all users should be granted RWCD access to the volume."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0714'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0714', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList(code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedLong),]
- prot = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='VOLUME',
- itmlst=it)[1][ossdef.OSS__PROTECTION]
+ prot: int = starlet.get_security (objnam='SYS$SYSDEVICE:', clsnam='VOLUME',
+ itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
accnam = lib.get_accnam('VOLUME')[1]
- pvw = lib.format_sogw_prot (prot,access_names=accnam)[1].split(',')[3]
+ pvw = lib.format_sogw_prot (prot,access_names=accnam)[1].split(b',')[3].decode()
if pvw[8:] != 'RWCD':
if fmt:
- print >>fo, '0714"2"SYS$SYSDEVICE:', pvw
+ print('0714"2"SYS$SYSDEVICE:', pvw, file=fo)
else:
- print >>fo, 'SYS$SYSDEVICE: bad World protection', pvw
+ print('SYS$SYSDEVICE: bad World protection', pvw, file=fo)
if __name__ == '__main__':
diff --git a/secrules/rules08.py b/secrules/rules08.py
--- a/secrules/rules08.py
+++ b/secrules/rules08.py
@@ -1,10 +1,10 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
-from vms import starlet
-from vms import user
-from vms import uaidef
+from .common import level_rule
+from ovms import starlet
+from ovms import user
+from ovms import uaidef
@level_rule(1)
def rule0801(fo, fmt):
@@ -14,21 +14,21 @@
unintentional tampering with critical system resources."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0801'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0801', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.pwd_length == 0):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
- print>>fo, '0801"1"', u.username, du
+ print('0801"1"', u.username.decode(), du, file=fo)
else:
- print>>fo, u.username, u.pwd_length, du
+ print(u.username.decode(), u.pwd_length, du, file=fo)
@level_rule(2)
def rule0802(fo, fmt):
@@ -42,21 +42,21 @@
and thus gaining access to the system."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0802'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0802', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.flags & uaidef.UAI_M_DISPWDDIC):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
- print>>fo, '0802"2"', u.username, du
+ print('0802"2"', u.username.decode(), du, file=fo)
else:
- print>>fo, u.username, du
+ print(u.username.decode(), du, file=fo)
@level_rule(2)
def rule0803(fo, fmt):
@@ -70,21 +70,21 @@
system."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0803'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0803', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.flags & uaidef.UAI_M_DISPWDHIS):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
- print>>fo, '0803"2"', u.username, du
+ print('0803"2"', u.username.decode(), du, file=fo)
else:
- print>>fo, u.username, du
+ print(u.username.decode(), du, file=fo)
@level_rule(2)
def rule0804(fo, fmt):
@@ -96,21 +96,21 @@
may be guessed thus allowing potential unauthorized access to the system."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0804'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0804', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.pwd_length < 8):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
- print>>fo, '0804"2"', u.username, du
+ print('0804"2"', u.username.decode(), du, file=fo)
else:
- print>>fo, u.username, u.pwd_length, du
+ print(u.username.decode(), u.pwd_length, du, file=fo)
@level_rule(2)
def rule0805(fo, fmt):
@@ -124,21 +124,21 @@
password within 90 days."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0805'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0805', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
- for u in all_users.values():
+ for u in list(all_users.values()):
if (u.pwd_lifetime > 90) or (u.pwd_lifetime == 0):
du = ''
if (u.flags & uaidef.UAI_M_DISACNT):
du = 'DisUser'
if fmt:
- print>>fo, '0805"2"', u.username, du
+ print('0805"2"', u.username.decode(), du, file=fo)
else:
- print>>fo, u.username, u.pwd_lifetime, du
+ print(u.username.decode(), u.pwd_lifetime, du, file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules09.py b/secrules/rules09.py
--- a/secrules/rules09.py
+++ b/secrules/rules09.py
@@ -1,13 +1,13 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os
-from vms import starlet
-from vms.rtl import lib
-from vms import itemList
-from vms import ossdef
-from FindFile import FindFile, file_exists
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import itemList
+from ovms import ossdef
+from ovms.rtl.lib.FindFile import FindFile, file_exists
@level_rule(2)
def rule0901(fo, fmt):
@@ -17,23 +17,24 @@
environment."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0901'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0901', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList (code=ossdef.OSS__PROTECTION, dtype=itemList.il_unsignedWord),]
- with FindFile ('Sys$Startup:*.*','') as ifn:
- for fn in ifn:
- prot = starlet.get_security (objnam=fn, clsnam='FILE', itmlst=it)[1][ossdef.OSS__PROTECTION]
+ with FindFile (b'SYS$STARTUP:*.*', b'') as ifn:
+ for fn in ifn: # type: ignore
+ fn: bytes
+ prot: int = starlet.get_security (objnam=fn, clsnam='FILE', itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if not ((prot & 0x8000) and
(prot & 0x4000) and
(prot & 0x2000) and
(prot & 0x1000)):
if fmt:
- print>>fo, '0901"2"', fn
+ print('0901"2"', fn, file=fo)
else:
- print>>fo, fn
- print>>fo, ' ' * 10, lib.format_sogw_prot (prot)[1]
+ print(fn.decode(), file=fo)
+ print(' ' * 10, lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(3)
def rule0902(fo, fmt):
@@ -45,17 +46,17 @@
privileged access allowing a user to gain unauthorized system access."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0902'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0902', file=fo)
+ print('=========', file=fo)
pok = True
with os.popen('Search Sys$System:Startup.Log -FNF/Win=(1,0) /noHead') as p:
for pi in p:
if pok:
if fmt:
- print >>fo, '0902"3"', pi,
+ print('0902"3"', pi, end=' ', file=fo)
else:
- print >>fo, pi,
+ print(pi, end=' ', file=fo)
pok = not pok
@level_rule(2)
@@ -64,20 +65,20 @@
inconsistency in the review criteria."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 0903'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 0903', file=fo)
+ print('=========', file=fo)
- lsf = ('SYS$SYSTEM:STARTUP.COM',
- 'SYS$MANAGER:SYSTARTUP_VMS.COM',
- 'SYS$SYSTEM:IA64VMSSYS.PAR')
+ lsf = (b'SYS$SYSTEM:STARTUP.COM',
+ b'SYS$MANAGER:SYSTARTUP_VMS.COM',
+ b'SYS$SYSTEM:IA64VMSSYS.PAR')
for fn in lsf:
if not file_exists(fn):
if fmt:
- print>>fo, '0903"2"', fn
+ print('0903"2"', fn, file=fo)
else:
- print>>fo, fn
+ print(fn, file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules10.py b/secrules/rules10.py
--- a/secrules/rules10.py
+++ b/secrules/rules10.py
@@ -1,7 +1,7 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os
@level_rule(2)
@@ -9,8 +9,8 @@
""" This prevents accounting history from being recorded."""
if not fmt:
- print >>fo, 'RULE 1001'
- print >>fo, '========='
+ print('RULE 1001', file=fo)
+ print('=========', file=fo)
with os.popen('SHOW ACCOUNTING') as p:
r = [x[:-1] for x in p]
@@ -19,9 +19,9 @@
break
if 'disable' in a:
if fmt:
- print >>fo, '1001"2" Accounting is disable'
+ print('1001"2" Accounting is disable', file=fo)
else:
- print >>fo, 'Accounting is disable'
+ print('Accounting is disable', file=fo)
break
@level_rule(2)
@@ -31,8 +31,8 @@
made to gain unauthorized access to the system."""
if not fmt:
- print >>fo, 'RULE 1002'
- print >>fo, '========='
+ print('RULE 1002', file=fo)
+ print('=========', file=fo)
f = False
with os.popen('SHOW ACCOUNTING') as p:
r = [x[:-1] for x in p]
@@ -42,17 +42,17 @@
f = True
if not f:
if fmt:
- print >>fo, '1002"2" LOGIN_FAILURE not accounted'
+ print('1002"2" LOGIN_FAILURE not accounted', file=fo)
else:
- print >>fo, 'LOGIN_FAILURE not accounted'
+ print('LOGIN_FAILURE not accounted', file=fo)
@level_rule(1)
def rule1003(fo, fmt):
""" All system security alarms are currently disabled."""
if not fmt:
- print >>fo, 'RULE 1003'
- print >>fo, '========='
+ print('RULE 1003', file=fo)
+ print('=========', file=fo)
with os.popen('SHOW AUDIT/ALARM') as p:
r = [x[:-1] for x in p]
@@ -61,9 +61,9 @@
break
if 'disable' in a:
if fmt:
- print >>fo, '1003"1" Alarms auditing is disable'
+ print('1003"1" Alarms auditing is disable', file=fo)
else:
- print >>fo, 'Alarms auditing is disable'
+ print('Alarms auditing is disable', file=fo)
break
@level_rule(2)
@@ -71,8 +71,8 @@
""" Some security alarms are not being reported."""
if not fmt:
- print >>fo, 'RULE 1004'
- print >>fo, '========='
+ print('RULE 1004', file=fo)
+ print('=========', file=fo)
with os.popen('SHOW AUDIT/ALARM') as p:
r = [x[:-1] for x in p]
brk = False
@@ -84,14 +84,14 @@
acl = True
if not brk:
if fmt:
- print >>fo, '1004"2" Breakin not audited (alarm)'
+ print('1004"2" Breakin not audited (alarm)', file=fo)
else:
- print >>fo, 'Breakin not audited (alarm)'
+ print('Breakin not audited (alarm)', file=fo)
if not acl:
if fmt:
- print >>fo, '1004"2" ACL not audited (alarm)'
+ print('1004"2" ACL not audited (alarm)', file=fo)
else:
- print >>fo, 'ACL not audited (alarm)'
+ print('ACL not audited (alarm)', file=fo)
@level_rule(1)
def rule1006(fo, fmt):
@@ -99,8 +99,8 @@
being recorded."""
if not fmt:
- print >>fo, 'RULE 1006'
- print >>fo, '========='
+ print('RULE 1006', file=fo)
+ print('=========', file=fo)
with os.popen('SHOW AUDIT/AUDIT') as p:
r = [x[:-1] for x in p]
@@ -109,9 +109,9 @@
break
if 'disable' in a:
if fmt:
- print >>fo, '1006"1" Report auditing is disable'
+ print('1006"1" Report auditing is disable', file=fo)
else:
- print >>fo, 'Report auditing is disable'
+ print('Report auditing is disable', file=fo)
break
@level_rule(2)
@@ -119,8 +119,8 @@
""" Some security infractions are not being recorded."""
if not fmt:
- print >>fo, 'RULE 1007'
- print >>fo, '=============='
+ print('RULE 1007', file=fo)
+ print('==============', file=fo)
with os.popen('SHOW AUDIT/AUDIT') as p:
r = [x[:-1] for x in p]
@@ -146,24 +146,24 @@
lgf = True
if not brk:
if fmt:
- print >>fo, '1007"2"', brk_lst
+ print('1007"2"', brk_lst, file=fo)
else:
- print >>fo, brk_lst
+ print(brk_lst, file=fo)
if not acl:
if fmt:
- print >>fo, '1007"2" ACL not audited'
+ print('1007"2" ACL not audited', file=fo)
else:
- print >>fo, 'ACL not audited'
+ print('ACL not audited', file=fo)
if not aut:
if fmt:
- print >>fo, '1007"2" Authorization not audited'
+ print('1007"2" Authorization not audited', file=fo)
else:
- print >>fo, 'Authorization not audited'
+ print('Authorization not audited', file=fo)
if not lgf:
if fmt:
- print >>fo, '1007"2"', lgf_list
+ print('1007"2"', lgf_list, file=fo)
else:
- print lgf_list
+ print(lgf_list)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules11.py b/secrules/rules11.py
--- a/secrules/rules11.py
+++ b/secrules/rules11.py
@@ -1,16 +1,16 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
+from .common import level_rule
import os
-from vms import starlet
-from vms.rtl import lib
-from vms import user
-from vms import ossdef, uaidef, syidef, prvdef
-from vms import itemList
-from FindFile import FindFile
-from FindFile import file_exists
-from getMailObjectInfo import getMailObjectInfo
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import user
+from ovms import ossdef, uaidef, syidef, prvdef
+from ovms import itemList
+from ovms.rtl.lib.FindFile import FindFile
+from ovms.rtl.lib.FindFile import file_exists
+from .getMailObjectInfo import getMailObjectInfo
@level_rule(2)
def rule1101(fo, fmt):
@@ -18,18 +18,18 @@
This prevents analysis of the mail files associated with these users."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1101'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1101', file=fo)
+ print('=========', file=fo)
with os.popen('@MAIL_FORWARD.COM') as p:
- r = [x[1:-1] for x in p]
+ r = [x[:-1] for x in p]
for e in r:
if not (e == ''):
if fmt:
- print>>fo, '1101"2"', e
+ print('1101"2"', e, file=fo)
else:
- print>>fo, e
+ print(e, file=fo)
@level_rule(2)
def rule1102(fo, fmt):
@@ -38,23 +38,23 @@
The listed files should have their protection changed to (RW,RW,,)."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1102'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1102', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
- it = [itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),]
- for u in all_users.values():
- df = u.defdev + u.defdir + 'MAIL.MAI'
+ it = (itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),)
+ for u in list(all_users.values()):
+ df: bytes = u.defdev + u.defdir + b'MAIL.MAI'
if file_exists(df):
- prot = starlet.get_security(objnam=df, clsnam='FILE',itmlst=it)[1][ossdef.OSS__PROTECTION]
+ prot: int = starlet.get_security(objnam=df, clsnam=b'FILE',itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if (prot != 0xFFCC):
if fmt:
- print>>fo, '1102"2"', df
+ print('1102"2"', df.decode(), file=fo)
else:
- print>>fo, df
- print>>fo, ' ' * 10, lib.format_sogw_prot (prot)[1]
+ print(df.decode(), file=fo)
+ print(' ' * 10, lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(2)
def rule1103(fo, fmt):
@@ -63,24 +63,24 @@
on that file. These files should be changed to specify the proper owner."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1103'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1103', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
it = [itemList.itemList (code = ossdef.OSS__OWNER, dtype = itemList.il_unsignedLong),]
- for u in all_users.values():
- df = u.defdev+ u.defdir+'MAIL.MAI'
+ for u in list(all_users.values()):
+ df: bytes = u.defdev+ u.defdir + b'MAIL.MAI'
if file_exists(df):
- own = starlet.get_security (objnam=df, clsnam='FILE',itmlst=it)[1][ossdef.OSS__OWNER]
+ own: int = starlet.get_security (objnam=df, clsnam='FILE',itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
g = int(own / 65536)
m = int(own - (g *65536))
if (u.uic_group != g) or (u.uic_member != m):
if fmt:
- print>>fo, '1103"2"', u.username
+ print('1103"2"', u.username, file=fo)
else:
- print>>fo, "%s [%o,%o] %s [%o,%o]" % (df, g, m, u.username, u.uic_group, u.uic_member)
+ print("%s [%o,%o] %s [%o,%o]" % (df, g, m, u.username, u.uic_group, u.uic_member), file=fo)
@level_rule(3)
def rule1104(fo, fmt):
@@ -92,34 +92,34 @@
that the last system upgrade (for openVMS) may have been incomplete."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1104'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1104', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if p:
if fmt:
- print>>fo, '1104"3" MAIL object present'
+ print('1104"3" MAIL object present', file=fo)
else:
- print>>fo, 'MAIL object present'
+ print('MAIL object present', file=fo)
@level_rule(4)
def rule1105(fo, fmt):
""" This prohibits mail transmissions across the network."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1105'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1105', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a:
if fmt:
- print>>fo, '1105"4" Account MAIL$SERVER missing'
+ print('1105"4" Account MAIL$SERVER missing', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER missing'
+ print('Account MAIL$SERVER missing', file=fo)
@level_rule(2)
def rule1106(fo, fmt):
@@ -128,16 +128,16 @@
be set on this account."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1106'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1106', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
- if a and not (u.flags & uaidef.UAI_M_RESTRICTED):
+ if a and u is not None and not (u.flags & uaidef.UAI_M_RESTRICTED):
if fmt:
- print>>fo, '1106"2" Account MAIL$SERVER not RESTRICTED'
+ print('1106"2" Account MAIL$SERVER not RESTRICTED', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER not RESTRICTED'
+ print('Account MAIL$SERVER not RESTRICTED', file=fo)
@level_rule(2)
def rule1107(fo, fmt):
@@ -147,18 +147,18 @@
is greater than that specified in the SYSGEN parameter MAXSYSGROUP."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1107'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1107', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
- if (u.uic_group <= lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]):
+ if u is not None and (u.uic_group <= lib.getsyi(syidef.SYI__MAXSYSGROUP)[1]):
if fmt:
- print>>fo, '1107"2" Account MAIL$SERVER have System Group'
+ print('1107"2" Account MAIL$SERVER have System Group', file=fo)
else:
- print>>fo, "%s [%o,%o]" % ('Account MAIL$SERVER System Group', u.uic_group, u.uic_member)
+ print("%s [%o,%o]" % ('Account MAIL$SERVER System Group', u.uic_group, u.uic_member), file=fo)
@level_rule(4)
def rule1108(fo, fmt):
@@ -166,18 +166,18 @@
inhibits mail transmission across the network."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1108'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1108', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
- if (u.flags & uaidef.UAI_M_DISACNT):
+ if u is not None and (u.flags & uaidef.UAI_M_DISACNT):
if fmt:
- print>>fo, '1108"4" Account MAIL$SERVER is DISUSER'
+ print('1108"4" Account MAIL$SERVER is DISUSER', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER is DISUSER'
+ print('Account MAIL$SERVER is DISUSER', file=fo)
@level_rule(1)
def rule1109(fo, fmt):
@@ -186,37 +186,37 @@
processes, which could exploit this vulnerability."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1109'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1109', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
- if (u.pwd_length < 8):
+ if u is not None and (u.pwd_length < 8):
if fmt:
- print>>fo, '1109"1" Account MAIL$SERVER Password Length'
+ print('1109"1" Account MAIL$SERVER Password Length', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER Password Length', u.pwd_length
+ print('Account MAIL$SERVER Password Length', u.pwd_length, file=fo)
@level_rule(4)
def rule1110(fo, fmt):
""" This prohibits mail transmissions across the network."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1110'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1110', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
- if ((u.network_access_p != '\x00\x00\x00') and
- (u.network_access_s != '\x00\x00\x00')):
+ if (u is not None and (u.network_access_p != b'\x00\x00\x00') and
+ (u.network_access_s != b'\x00\x00\x00')):
if fmt:
- print>>fo, '1110"4" MAIL$SERVER no Netwrok Access'
+ print('1110"4" MAIL$SERVER no Network Access', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER no Netwrok Access'
+ print('Account MAIL$SERVER no Network Access', file=fo)
@level_rule(2)
def rule1111(fo, fmt):
@@ -227,33 +227,33 @@
user. This account should have these accesses disabled."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1111'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1111', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
- if ((u.batch_access_p != '\xff\xff\xff') and
- (u.batch_access_s != '\xff\xff\xff')):
+ if (u is not None and (u.batch_access_p != b'\xff\xff\xff') and
+ (u.batch_access_s != b'\xff\xff\xff')):
if fmt:
- print>>fo, '1111"2" MAIL$SERVER have REMOTE Access'
+ print('1111"2" MAIL$SERVER have REMOTE Access', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER have REMOTE Access'
+ print('Account MAIL$SERVER have REMOTE Access', file=fo)
- if ((u.remote_access_p != '\xff\xff\xff') and
- (u.remote_access_s != '\xff\xff\xff')):
+ if (u is not None and (u.remote_access_p != b'\xff\xff\xff') and
+ (u.remote_access_s != b'\xff\xff\xff')):
if fmt:
- print>>fo, '1111"2" MAIL$SERVER have REMOTE Access'
+ print('1111"2" MAIL$SERVER have REMOTE Access', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER have REMOTE Access'
+ print('Account MAIL$SERVER have REMOTE Access', file=fo)
- if ((u.dialup_access_p != '\xff\xff\xff') and
- (u.dialup_access_s != '\xff\xff\xff')):
+ if (u is not None and (u.dialup_access_p != b'\xff\xff\xff') and
+ (u.dialup_access_s != b'\xff\xff\xff')):
if fmt:
- print>>fo, '1111"2" MAIL$SERVER have DIALUP Access'
+ print('1111"2" MAIL$SERVER have DIALUP Access', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER have DIALUP Access'
+ print('Account MAIL$SERVER have DIALUP Access', file=fo)
@level_rule(4)
def rule1112(fo, fmt):
@@ -261,34 +261,34 @@
function. Lack of these privileges can impede mail transmissions."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1112'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1112', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
- if not (u.priv & prvdef.PRV_M_NETMBX):
+ if u is not None and not (u.priv & prvdef.PRV_M_NETMBX):
if fmt:
- print>>fo, '1112"4" Account MAIL$SERVER privilege NETMBX missing'
+ print('1112"4" Account MAIL$SERVER privilege NETMBX missing', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER privilege NETMBX missing'
- if not (u.def_priv & prvdef.PRV_M_NETMBX):
+ print('Account MAIL$SERVER privilege NETMBX missing', file=fo)
+ if u is not None and not (u.def_priv & prvdef.PRV_M_NETMBX):
if fmt:
- print>>fo, '1112"4" Account MAIL$SERVER default privilege NETMBX missing'
+ print('1112"4" Account MAIL$SERVER default privilege NETMBX missing', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER default privilege NETMBX missing'
+ print('Account MAIL$SERVER default privilege NETMBX missing', file=fo)
- if not (u.priv & prvdef.PRV_M_TMPMBX):
+ if u is not None and not (u.priv & prvdef.PRV_M_TMPMBX):
if fmt:
- print>>fo, '1112"4" Account MAIL$SERVER privilege TMPMBX missing'
+ print('1112"4" Account MAIL$SERVER privilege TMPMBX missing', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER privilege TMPMBX missing'
- if not (u.def_priv & prvdef.PRV_M_TMPMBX):
+ print('Account MAIL$SERVER privilege TMPMBX missing', file=fo)
+ if u is not None and not (u.def_priv & prvdef.PRV_M_TMPMBX):
if fmt:
- print>>fo, '1112"4" Account MAIL$SERVER default privilege TMPMBX missing'
+ print('1112"4" Account MAIL$SERVER default privilege TMPMBX missing', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER default privilege TMPMBX missing'
+ print('Account MAIL$SERVER default privilege TMPMBX missing', file=fo)
@level_rule(2)
def rule1113(fo, fmt):
@@ -299,24 +299,24 @@
properly."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1113'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1113', file=fo)
+ print('=========', file=fo)
p, a, u = getMailObjectInfo()
if not a: return
msk_prv = prvdef.PRV_M_NETMBX | prvdef.PRV_M_TMPMBX
- if (u.def_priv ^msk_prv) != 0:
+ if u is not None and (u.def_priv ^msk_prv) != 0:
if fmt:
- print>>fo, '1113"2" Account MAIL$SERVER excessive default privileges'
+ print('1113"2" Account MAIL$SERVER excessive default privileges', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER excessive default privileges'
- if (u.priv ^msk_prv) != 0:
+ print('Account MAIL$SERVER excessive default privileges', file=fo)
+ if u is not None and (u.priv ^ msk_prv) != 0:
if fmt:
- print>>fo, '1113"2" Account MAIL$SERVER excessive privileges'
+ print('1113"2" Account MAIL$SERVER excessive privileges', file=fo)
else:
- print>>fo, 'Account MAIL$SERVER excessive privileges'
+ print('Account MAIL$SERVER excessive privileges', file=fo)
@level_rule(2)
def rule1114(fo, fmt):
@@ -324,20 +324,20 @@
unauthorized user."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1114'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1114', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList (code = ossdef.OSS__OWNER, dtype = itemList.il_unsignedLong),]
- own = starlet.get_security (objnam='SYS$SYSTEM:VMSMAIL_PROFILE.DATA', clsnam='FILE',itmlst=it)[1][ossdef.OSS__OWNER]
+ own: int = starlet.get_security (objnam='SYS$SYSTEM:VMSMAIL_PROFILE.DATA', clsnam='FILE',itmlst=it)[2][ossdef.OSS__OWNER] # type: ignore
g = int(own / 65536)
m = int(own - (g *65536))
if (g != 1) or (m != 4):
if fmt:
- print>>fo, '1114"2" SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad owner'
+ print('1114"2" SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad owner', file=fo)
else:
- print>>fo, "%s [%o,%o]" % ('SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad owner', g, m,)
+ print("%s [%o,%o]" % ('SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad owner', g, m,), file=fo)
@level_rule(2)
def rule1115(fo, fmt):
@@ -345,18 +345,18 @@
users."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1115'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1115', file=fo)
+ print('=========', file=fo)
- it = [ itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord)]
- prot = starlet.get_security (objnam='SYS$SYSTEM:VMSMAIL_PROFILE.DATA', clsnam='FILE',itmlst=it)[1][ossdef.OSS__PROTECTION]
+ it = (itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),)
+ prot: int = starlet.get_security (objnam='SYS$SYSTEM:VMSMAIL_PROFILE.DATA', clsnam='FILE',itmlst=it)[2][ossdef.OSS__PROTECTION] # type: ignore
if (prot != 0xFF88):
if fmt:
- print>>fo, '1115"2" SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad protection'
+ print('1115"2" SYS$SYSTEM:VMSMAIL_PROFILE.DATA bad protection', file=fo)
else:
- print>>fo, 'SYS$SYSTEM:VMSMAIL_PROFILE.DATA', lib.format_sogw_prot (prot)[1]
+ print('SYS$SYSTEM:VMSMAIL_PROFILE.DATA', lib.format_sogw_prot (prot)[1].decode(), file=fo)
@level_rule(2)
def rule1116(fo, fmt):
@@ -364,15 +364,15 @@
indicate tampering with the operational environment."""
if not fmt:
- print>>fo
- print>>fo, 'RULE 1116'
- print>>fo, '========='
+ print(file=fo)
+ print('RULE 1116', file=fo)
+ print('=========', file=fo)
- if not file_exists('SYS$SYSTEM:MAIL_SERVER.EXE'):
+ if not file_exists(b'SYS$SYSTEM:MAIL_SERVER.EXE'):
if fmt:
- print >>fo, '1116"2"SYS$SYSTEM:MAIL_SERVER.EXE not exists'
+ print('1116"2"SYS$SYSTEM:MAIL_SERVER.EXE not exists', file=fo)
else:
- print >>fo, 'SYS$SYSTEM:MAIL_SERVER.EXE not exists'
+ print('SYS$SYSTEM:MAIL_SERVER.EXE not exists', file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules12.py b/secrules/rules12.py
--- a/secrules/rules12.py
+++ b/secrules/rules12.py
@@ -1,10 +1,10 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
-from vms import starlet
-from vms.rtl import lib
-from vms import queues, quidef
+from .common import level_rule
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import queues, quidef
accname = lib.get_accnam('QUEUE')[1]
@@ -14,18 +14,18 @@
By default, the printer and batch queues should be owned by the SYSTEM account."""
if not fmt:
- print >>fo, 'RULE 1201'
- print >>fo, '========='
+ print('RULE 1201', file=fo)
+ print('=========', file=fo)
for q in queues.all_queues():
nam = q.queue_name
- own = q.owner_uic
+ own: int = q.owner_uic # type: ignore
g = int(own / 65536)
m = int(own - (g *65536))
if (g != 1) or (m != 4):
if fmt:
- print >>fo, '1201"2"', nam
+ print('1201"2"', nam.decode(), file=fo)
else:
- print >>fo, "%s [%o,%o]" % (nam, g, m)
+ print("%s [%o,%o]" % (nam.decode(), g, m), file=fo)
@level_rule(2)
def rule1202(fo, fmt):
@@ -33,32 +33,32 @@
compromised. Queues should retain their default protection values as specified when initialized."""
if not fmt:
- print >>fo, 'RULE 1202'
- print >>fo, '========='
+ print('RULE 1202', file=fo)
+ print('=========', file=fo)
for q in queues.all_queues():
nam = q.queue_name
- prot = q.protection
+ prot: int = q.protection # type: ignore
if (prot != 0xDE7B):
if fmt:
- print >>fo, '1202"2"', nam
+ print('1202"2"', nam, file=fo)
else:
prt = lib.format_sogw_prot(prot, access_names=accname)[1]
- print >>fo, nam, prt
+ print(nam, prt.decode(), file=fo)
@level_rule(3)
def rule1203(fo, fmt):
""" This denies print/batch service to users via these queues."""
if not fmt:
- print >>fo, 'RULE 1203'
- print >>fo, '========='
+ print('RULE 1203', file=fo)
+ print('=========', file=fo)
for q in queues.all_queues():
- nam = q.queue_name
+ nam: bytes = q.queue_name
qsts = q.queue_status
if (qsts & quidef.QUI_M_QUEUE_STOPPED):
if fmt:
- print >>fo, '1203"3"', nam
+ print('1203"3"', nam.decode(), file=fo)
else:
- print >>fo, nam, 'Stopped'
+ print(nam.decode(), 'Stopped', file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules13.py b/secrules/rules13.py
--- a/secrules/rules13.py
+++ b/secrules/rules13.py
@@ -1,22 +1,24 @@
# -*- coding: iso-8859-1 -*-
__version__ = '1.0'
-from common import level_rule
-from vms import starlet
-from vms.rtl import lib
-from vms import user
-from vms import rmsdef, ossdef
-from vms import itemList
-from FindFile import FindFile, file_exists
+from .common import level_rule
+from ovms import starlet
+from ovms.rtl import lib
+from ovms import user
+from ovms import rmsdef, ossdef, ssdef
+from ovms import itemList
+from ovms.rtl.lib.FindFile import FindFile, file_exists
+
+VMSError = OSError
def path_exists(fn):
try:
- with FindFile (fn, '') as ifn:
+ with FindFile (fn, b'') as ifn:
ifn.__next__()
return 1
- except StopIteration, e:
+ except StopIteration as e:
return 3
- except VMSError, e:
+ except VMSError as e:
return 2
@level_rule(3)
@@ -26,20 +28,20 @@
are no longer in use."""
if not fmt:
- print >>fo, 'RULE 1301'
- print >>fo, '========='
+ print('RULE 1301', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
- for u in all_users.values():
- if u.username == 'DEFAULT':
+ for u in list(all_users.values()):
+ if u.username == b'DEFAULT':
if not fmt:
- print >>fo, 'skip default account'
+ print('skip default account', file=fo)
continue
- fn = u.defdev + u.defdir + '*.*'
+ fn: bytes = u.defdev + u.defdir + b'*.*'
if (path_exists(fn) == 2):
if fmt:
- print >>fo, '1301"3"', fn
+ print('1301"3"', fn.decode(), file=fo)
else:
- print >>fo, fn, 'not exists', u.username
+ print(fn.decode(), 'not exists', u.username.decode(), file=fo)
@level_rule(2)
def rule1303(fo, fmt):
@@ -49,20 +51,21 @@
listed accesses to the file."""
if not fmt:
- print >>fo, 'RULE 1303'
- print >>fo, '========='
+ print('RULE 1303', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
- it = [itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),]
- for u in all_users.values():
- fn = u.defdev+u.defdir+'*.*'
+ it = (itemList.itemList (code = ossdef.OSS__PROTECTION, dtype = itemList.il_unsignedWord),)
+ for u in list(all_users.values()):
+ fn = u.defdev + u.defdir + b'*.*'
if (path_exists(fn)== 1):
sep = (u.defdev+u.defdir)[-1:]
- arbo = (u.defdev+u.defdir)[:-1]+'...' + sep + '*.*'
- with FindFile(arbo, '')as ifn:
- for f in ifn:
+ arbo = (u.defdev+u.defdir)[:-1] + b'...' + sep + b'*.*'
+ with FindFile(arbo, b'')as ifn:
+ for f in ifn: # type: ignore
+ f: bytes
try:
retsec = starlet.get_security(objnam=f, clsnam='FILE',itmlst=it)
- prot = retsec[1][ossdef.OSS__PROTECTION]
+ prot: int = retsec[2][ossdef.OSS__PROTECTION] # type: ignore
if ((prot & 0x8000) or
(prot & 0x4000) or
(prot & 0x2000) or
@@ -72,12 +75,12 @@
(prot & 0x200) or
(prot & 0x100)):
if fmt:
- print >>fo, '1303"2"', f
+ print('1303"2"', f, file=fo)
else:
- print >>fo, f
- print >>fo, ' ' * 10, lib.format_sogw_prot (prot)[1]
- except VMSError, e:
- if e.errno != rmsdef.RMS__FNF:
+ print(f.decode(), file=fo)
+ print(' ' * 10, lib.format_sogw_prot (prot)[1].decode(), file=fo)
+ except VMSError as e:
+ if e.errno not in (rmsdef.RMS__FNF, ssdef.SS__NOSUCHFILE):
raise
@level_rule(2)
@@ -86,50 +89,51 @@
the files in the directory, and possibly all files in the directory tree."""
if not fmt:
- print >>fo, 'RULE 1304'
- print >>fo, '========='
+ print('RULE 1304', file=fo)
+ print('=========', file=fo)
it = [itemList.itemList (code = ossdef.OSS__OWNER, dtype = itemList.il_unsignedLong),]
all_users = user.all_users()
- for u in all_users.values():
- fn = u.defdev + u.defdir
- fn = fn[:-1].replace('<','[')
- d = fn.split('[')[1]
- fu = fn + '.-]' + d + '.DIR'
+ for u in list(all_users.values()):
+ fn: bytes = u.defdev + u.defdir
+ fn = fn[:-1].replace(b'<', b'[')
+ d = fn.split(b'[')[1]
+ fu = fn + b'.-]' + d + b'.DIR'
if not file_exists(fu):
continue
- own = starlet.get_security(objnam=fu, clsnam='FILE', itmlst=it)[1][ossdef.OSS__OWNER]
+ own: int = starlet.get_security(objnam=fu, clsnam='FILE', itmlst=it)[2][ossdef.OSS__OWNER] # type:ignore
high = int(own / 65536)
low = int(own - high * 65536)
if high != u.uic_group or low != u.uic_member:
mark = '*' if high == 1 and low in (1, 4) else ''
if fmt:
- print >>fo, '1304"2"', mark, u.username
+ print('1304"2"', mark, u.username.decode(), file=fo)
else:
- print >>fo, mark, u.username
+ print(mark, u.username.decode(), file=fo)
@level_rule(3)
def rule1310(fo, fmt):
""" This could prevent the user accounts from functioning properly. It could indicate a denial of service situation."""
if not fmt:
- print >>fo, 'RULE 1310'
- print >>fo, '========='
+ print('RULE 1310', file=fo)
+ print('=========', file=fo)
all_users = user.all_users()
- for u in all_users.values():
- df = u.defdev + u.defdir + '*.*'
- lgicmd = ''
+ for u in list(all_users.values()):
+ df = u.defdev + u.defdir + b'*.*'
+ lgicmd:bytes = b''
try:
- with FindFile (u.lgicmd if u.lgicmd != '' else 'LOGIN.COM', df) as fi:
- for f in fi:
+ with FindFile (u.lgicmd if u.lgicmd != b'' else b'LOGIN.COM', df) as fi:
+ for f in fi: # type: ignore
+ f: bytes
lgicmd = f
break
- except VMSError, e:
+ except VMSError as e:
continue
- if lgicmd == '' or not file_exists(lgicmd):
+ if lgicmd == b'' or not file_exists(lgicmd):
if fmt:
- print >>fo, '1310"3"', u.username
+ print('1310"3"', u.username.decode(), file=fo)
else:
- print >>fo, u.username,lgicmd
+ print(u.username.decode(), lgicmd.decode(), file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules14.py b/secrules/rules14.py
--- a/secrules/rules14.py
+++ b/secrules/rules14.py
@@ -1,16 +1,16 @@
# -*- coding: iso-8859-1 -*-
-from common import level_rule
+from .common import level_rule
import os
-from secrules import FindFile
+from ovms.rtl.lib import FindFile
__version__ = '1.0'
@level_rule(2)
def rule1401(fo, fmt):
if not fmt:
- print >>fo, 'RULE 1401'
- print >>fo, '========='
+ print('RULE 1401', file=fo)
+ print('=========', file=fo)
with os.popen('install list/full') as p:
r = [x[:-1].rstrip() for x in p]
@@ -45,15 +45,16 @@
priv = l
elif 'Authorized = ' in l:
auth = l
- with FindFile.FindFile(fspec, dspec) as fi:
- for f in fi:
+ with FindFile.FindFile(fspec.encode(), dspec.encode()) as fi: #type: ignore
+ for f in fi: # type: ignore
+ f: bytes
if hasPriv:
if fmt:
- print >>fo, '1401"2"', f
+ print('1401"2"', f.decode(), file=fo)
else:
- print >>fo, f
- if priv: print >>fo, priv
- if auth: print >>fo, auth
+ print(f.decode(), file=fo)
+ if priv: print(priv, file=fo)
+ if auth: print(auth, file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/rules15.py b/secrules/rules15.py
--- a/secrules/rules15.py
+++ b/secrules/rules15.py
@@ -1,16 +1,16 @@
# -*- coding: iso-8859-1 -*-
-from common import level_rule
+from .common import level_rule
import os
-from secrules import FindFile
+from ovms.rtl.lib import FindFile
__version__ = '1.0'
@level_rule(1)
def rule1501(fo, fmt):
if not fmt:
- print >>fo, 'RULE 1501'
- print >>fo, '========='
+ print('RULE 1501', file=fo)
+ print('=========', file=fo)
with os.popen('TCPIP SHOW SERVICES') as p:
r = [x[:-1].rstrip() for x in p]
@@ -27,9 +27,9 @@
else:
v = '%s %s' % (s[0], s[5])
if fmt:
- print >>fo, '1501"1"', v
+ print('1501"1"', v, file=fo)
else:
- print >>fo, v
+ print(v, file=fo)
if __name__ == '__main__':
import sys
diff --git a/secrules/user_exists.py b/secrules/user_exists.py
--- a/secrules/user_exists.py
+++ b/secrules/user_exists.py
@@ -1,12 +1,12 @@
-from vms import starlet
-from vms import itemList, uaidef
+from ovms import starlet
+from ovms import itemList, uaidef
def user_exists(u):
- itm = [itemList.itemList (code=uaidef.UAI__UIC, dtype=itemList.il_unsignedLong),]
+ itm = (itemList.itemList (code=uaidef.UAI__UIC, dtype=itemList.il_unsignedLong),)
try:
- s, uic = starlet.getuai (usrnam=u, itmlst=itm)
- uic_g = uic.values()[0] / 65536
- uic_m = uic.values()[0] - (uic_g * 65536)
+ s, ctxt, uic = starlet.getuai (usrnam=u, itmlst=itm)
+ uic_g = list(uic.values())[0] / 65536
+ uic_m = list(uic.values())[0] - (uic_g * 65536)
return uic_g, uic_m
except:
return None, None
diff --git a/securityrules.py b/securityrules.py
--- a/securityrules.py
+++ b/securityrules.py
@@ -4,6 +4,22 @@
import os
import re
import argparse
+import importlib
+
+DEBUG = False
+if DEBUG:
+ import debugpy
+
+ # 5678 is the default attach port in the VS Code debug configurations.
+ # Unless a host and port are specified, host defaults to 127.0.0.1
+ debugpy.configure(subProcess=False)
+
+ debugpy.listen(('0.0.0.0', 5678), in_process_debug_adapter=True)
+ print("Waiting for debugger attach")
+ debugpy.wait_for_client()
+ debugpy.breakpoint()
+ print('break on this line')
+
all_rules = {}
args = None
@@ -15,9 +31,9 @@
if numrule is None:
for r in rules:
if info:
- print getattr(m, r).__name__
- print getattr(m, r).__doc__
- print
+ print(getattr(m, r).__name__)
+ print(getattr(m, r).__doc__)
+ print()
else:
getattr(m, r)(fo, export)
else:
@@ -25,16 +41,16 @@
rname = 'rule%s%02d' % (seclass[-2:], n)
if rname in rules:
if info:
- print getattr(m, rname).__name__
- print getattr(m, rname).__doc__
- print
+ print(getattr(m, rname).__name__)
+ print(getattr(m, rname).__doc__)
+ print()
else:
getattr(m, rname)(fo, export)
class InflateRange(argparse.Action):
def __call__(self, parser, namespace, values, option_string=None):
lst = []
- for string in values:
+ for string in values: # type: ignore
string = string.replace('(', '')
string = string.replace(')', '')
if '-' in string or ':' in string:
@@ -59,7 +75,8 @@
if fn.startswith('rule') and fn[-1:].lower() == 'y']
all_rules = {}
for modn in mods:
- m = __import__('secrules.' + modn, globals(), locals(), ['*'], -1)
+ m = importlib.import_module('.' + modn, 'secrules')
+ # m = __import__('secrules.' + modn, globals(), locals(), ['*'], -1)
lst = [m,[]]
for r in dir(m):
if r.startswith('rule'):
@@ -91,7 +108,7 @@
if args.seclass is None:
if args.numrule is not None:
raise argparse.ArgumentTypeError("missing seclass argument")
- lst = all_rules.keys()
+ lst = list(all_rules.keys())
lst.sort()
for seclass in lst:
# seclass = 'rules%02d' % args.seclass