diff options
author | Michael DeHaan <mdehaan@redhat.com> | 2008-05-13 11:59:22 -0400 |
---|---|---|
committer | Michael DeHaan <mdehaan@redhat.com> | 2008-05-13 11:59:22 -0400 |
commit | 5daab278a734ed9679ef1e7aaa51a62e82292b85 (patch) | |
tree | f575d9c096406d8106a28160e4e74dac4dcbc2f5 | |
parent | 6cc83a05f80d7f3c703aa8743ccacab2aa2ac86d (diff) | |
download | third_party-cobbler-5daab278a734ed9679ef1e7aaa51a62e82292b85.tar.gz third_party-cobbler-5daab278a734ed9679ef1e7aaa51a62e82292b85.tar.xz third_party-cobbler-5daab278a734ed9679ef1e7aaa51a62e82292b85.zip |
Added code to cobbler check to see if any templates are still using the default
password, and if so, to warn about them.
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | cobbler/action_check.py | 14 | ||||
-rw-r--r-- | cobbler/api.py | 3 | ||||
-rw-r--r-- | cobbler/remote.py | 12 | ||||
-rw-r--r-- | cobbler/utils.py | 15 |
5 files changed, 34 insertions, 11 deletions
@@ -7,6 +7,7 @@ Cobbler CHANGELOG - improved error message that occurs when copying from nfs w/ rootsquash - mac duplication checking improvements for CLI - add warning to cobbler check if selinux is on and Apache boolean not set +- added warning to cobbler check if templates use the default password - Fri May 09 2008 - 0.9.1 - patch to allow yumopts to override gpgcheck diff --git a/cobbler/action_check.py b/cobbler/action_check.py index 29b39be..5691d60 100644 --- a/cobbler/action_check.py +++ b/cobbler/action_check.py @@ -65,6 +65,7 @@ class BootCheck: self.check_httpd(status) self.check_iptables(status) self.check_yum(status) + self.check_for_default_password(status) return status @@ -120,6 +121,19 @@ class BootCheck: status.append(_("Must enable selinux boolean to enable Apache and web services components, run: setsebool -P httpd_can_network_connect true")) + def check_for_default_password(self,status): + templates = utils.get_kickstart_templates(self.config.api) + files = [] + for t in templates: + fd = open(t) + data = fd.read() + fd.close() + if data.find("\$1\$mF86/UHC\$WvcIcX2t6crBz2onWxyac."): + files.append(t) + if len(files) > 0: + status.append(_("One or more kickstart templates references default password 'cobbler' and should be changed for security reasons: %s") % ", ".join(files)) + + def check_httpd(self,status): """ Check if Apache is installed. diff --git a/cobbler/api.py b/cobbler/api.py index 1b73acd..a2aa881 100644 --- a/cobbler/api.py +++ b/cobbler/api.py @@ -442,3 +442,6 @@ class BootAPI: replicator = action_replicate.Replicate(self._config) return replicator.run(cobbler_master = cobbler_master) + def get_kickstart_templates(self): + return utils.get_kickstar_templates(self) + diff --git a/cobbler/remote.py b/cobbler/remote.py index 87695d2..8cf9ba3 100644 --- a/cobbler/remote.py +++ b/cobbler/remote.py @@ -170,17 +170,7 @@ class CobblerXMLRPCInterface: """ self.log("get_kickstart_templates",token=token) self.check_access(token, "get_kickstart_templates") - files = {} - for x in self.api.profiles(): - if x.kickstart is not None and x.kickstart != "" and x.kickstart != "<<inherit>>": - files[x.kickstart] = 1 - for x in self.api.systems(): - if x.kickstart is not None and x.kickstart != "" and x.kickstart != "<<inherit>>": - files[x.kickstart] = 1 - for x in glob.glob("/var/lib/cobbler/kickstarts/*"): - files[x] = 1 - - return files.keys() + return utils.get_kickstart_templates(self.api) def is_kickstart_in_use(self,ks,token): self.log("is_kickstart_in_use",token=token) diff --git a/cobbler/utils.py b/cobbler/utils.py index a9b374f..112d94b 100644 --- a/cobbler/utils.py +++ b/cobbler/utils.py @@ -778,6 +778,21 @@ def set_virt_cpus(self,num): self.virt_cpus = num return True +def get_kickstart_templates(api): + files = {} + for x in api.profiles(): + if x.kickstart is not None and x.kickstart != "" and x.kickstart != "<<inherit>>": + files[x.kickstart] = 1 + for x in api.systems(): + if x.kickstart is not None and x.kickstart != "" and x.kickstart != "<<inherit>>": + files[x.kickstart] = 1 + for x in glob.glob("/var/lib/cobbler/kickstarts/*"): + files[x] = 1 + for x in glob.glob("/etc/cobbler/*.ks"): + files[x] = 1 + + return files.keys() + if __name__ == "__main__": |