Fixes bug #6967 --- src/bin/secstate | 37 +++++++++++++++++++++++++++++++++---- 1 files changed, 33 insertions(+), 4 deletions(-)
diff --git a/src/bin/secstate b/src/bin/secstate index ebaf9c8..c33ae8b 100644 --- a/src/bin/secstate +++ b/src/bin/secstate @@ -51,6 +51,13 @@ Sub-commands:
sec_instance = secstate.Secstate(CONFIG_FILE)
+def root_check(command): + if os.geteuid() != 0: + sys.stderr.write("%s must be run as root!\n" % command) + return False + else: + return True + def main():
try: @@ -86,10 +93,6 @@ def main(): elif subcommand == 'show': return show(sys.argv[arg_num:])
- elif os.geteuid() != 0: - sys.stderr.write("secstate must be run as root!\n") - return -1 - elif subcommand == 'import': return import_content(sys.argv[arg_num:])
@@ -158,6 +161,9 @@ def import_content(arguments): help="Selects the active profile") (options, args) = parser.parse_args(arguments)
+ if not root_check('import'): + return -1 + for arg in args: content = sec_instance.import_content(arg, options.puppet, save=True, active_profile=options.profile) if content == None: @@ -175,6 +181,10 @@ def export(arguments): def remove_content(arguments): parser = OptionParser(usage="secstate remove [options] <ContentID>") (options, args) = parser.parse_args(arguments) + + if not root_check('remove'): + return -1 + for arg in args: if (not (sec_instance.remove_content(arg))): return -1 @@ -188,6 +198,10 @@ def select(arguments, value): parser.add_option('-r', '--recurse', action='store_true', dest='recurse', default=False, help="Recursively %(sel)sselect rules inside of groups or benchmarks" % {'sel':sel}) (options, args) = parser.parse_args(arguments) + + if not root_check('select'): + return -1 + if len(args) == 1: if not sec_instance.select(args[0], args[0], value, recurse=options.recurse): return -1 @@ -213,6 +227,10 @@ def audit(arguments): parser.add_option('-r', '--rule', action='store', type='string', dest='rule', default=None, help="Audit only the specified rule") (options, args) = parser.parse_args(arguments) + + if not root_check('audit'): + return -1 + if (not (sec_instance.audit(args, all=options.all, verbose=options.verbose, profile=options.profile, results_dir=options.output, output_xml=options.xml, output_html=options.html, rule=options.rule))): return -1
@@ -229,6 +247,9 @@ def remediate(arguments): parser.add_option('-v', '--verbose', action='store_false', dest='verbose', help="Prints out extra information during the remediate process") parser.add_option('-y', '--yes', action='store_true', dest='yes', help="Respond 'yes' to all prompts") options, args = parser.parse_args(arguments) + + if not root_check('remediate'): + return -1
kwargs = {}
@@ -294,6 +315,10 @@ def show(arguments): def save_profile(arguments): parser = OptionParser(usage="secstate save [options] <BenchmarkID> <ProfileName>") (options, args) = parser.parse_args(arguments) + + if not root_check('save'): + return -1 + if len(args) != 2: sys.stderr.write("Wrong number of arguments passed to save\n'secstate save [options] <benchmark> <profile name>'\n") return -1 @@ -308,6 +333,10 @@ def mitigate(arguments): parser.add_option('-a', '--authority', action='store', type='string', dest='authority', default=None, help="Show extra information about the item being shown") (options, args) = parser.parse_args(arguments) + + if not root_check('mitigate'): + return -1 + if options.remark == None: options.remark = raw_input("Please enter a remark for this mitigation. Press Enter when finished\n") if len(args) != 2:
secstate-devel@lists.fedorahosted.org