List of services moved to a yml file

yast · Aug 19, 2015 · 5e2b27a · 5e2b27a
1 parent f1dd851
commit 5e2b27a
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 55 deletions.
diff --git a/package/yast2-security.spec b/package/yast2-security.spec
@@ -27,13 +27,16 @@ Group:          System/YaST
 License:        GPL-2.0
 BuildRequires:	doxygen pkg-config perl-XML-Writer update-desktop-files yast2-pam yast2-testsuite
 BuildRequires:  yast2-devtools >= 3.1.10
+# Directory.find_data_file
+BuildRequires:	yast2 >= yast2-3.1.131
 
 # new Pam.ycp API
 Requires:	yast2-pam >= 2.14.0
 
 # etc_sysctl_conf.scr
 # Wizard::SetDesktopTitleAndIcon
-Requires:	yast2 >= yast2-2.21.22
+# Directory.find_data_file
+Requires:	yast2 >= yast2-3.1.131
 
 Provides:	y2c_sec yast2-config-security
 Obsoletes:	y2c_sec yast2-config-security
@@ -74,4 +77,5 @@ fi
 %{yast_moduledir}/Security.rb
 %{yast_scrconfdir}/*.scr
 %{yast_schemadir}/autoyast/rnc/security.rnc
+%{yast_ydatadir}/security
 %doc %{yast_docdir}
diff --git a/src/Makefile.am b/src/Makefile.am
@@ -28,9 +28,13 @@ scrconf_DATA = \
   scrconf/etc_polkit-default-privs_local.scr \
   scrconf/kde4_kdmrc.scr
 
+ydatadir = @ydatadir@/security
+ydata_DATA = \
+  data/security/services.yml
+
 desktop_DATA = \
   desktop/security.desktop
 
-EXTRA_DIST = $(module_DATA) $(client_DATA) $(ynclude_DATA) $(schemafiles_DATA) $(scrconf_DATA) $(desktop_DATA)
+EXTRA_DIST = $(module_DATA) $(client_DATA) $(ynclude_DATA) $(schemafiles_DATA) $(scrconf_DATA) $(ydata_DATA) $(desktop_DATA)
 
 include $(top_srcdir)/Makefile.am.common
diff --git a/src/data/security/services.yml b/src/data/security/services.yml
@@ -0,0 +1,60 @@
+# services to check by the security module
+# Right now, they do not depend on the security level (a.k.a. security settings)
+
+# Array containing services that must be running. Each entry can be:
+#  - the name of a service (it must be running)
+#  - a nested array with a list of alternative service names (at least one of
+#      them must be running)
+---
+mandatory_services:
+  - auditd
+  - cron
+  - kbd
+  - ntp
+  - - postfix
+    - sendmail
+  - random
+  - syslog
+
+# Array containing services that are considered harmless (it's ok if they are
+# running)
+optional_services:
+  - acpid
+  - boot.clock
+  - dbus
+  - ealysyslog
+  - fbset
+  - framebufferset
+  - isdn
+  - microcode.ctl
+  - random
+  - consolekit
+  - haldaemon
+  - network
+  - syslog
+  - auditd
+  - splash_early
+  - alsasound
+  - irq_balancer
+  - kbd
+  - powersaved
+  - splash
+  - sshd
+  - earlyxdm
+  - hotkey-setup
+  - atd
+  - nscd
+  - smpppd
+  - xend
+  - autofs
+  - libvirtd
+  - sendmail
+  - postfix
+  - xendomains
+  - cron
+  - ddclient
+  - smartd
+  - stopblktrace
+  - ntp
+  - SuSEfirewall
+  - earlysyslog
diff --git a/src/modules/Security.rb b/src/modules/Security.rb
@@ -26,6 +26,7 @@
 #
 # $Id$
 require "yast"
+require "yaml"
 
 module Yast
   class SecurityClass < Module
@@ -41,63 +42,24 @@ def main
       Yast.import "Pam"
       Yast.import "Progress"
       Yast.import "SystemdService"
+      Yast.import "Directory"
 
       Yast.include self, "security/levels.rb"
 
 
-      # services to check - these must be running
-      # meaning [ [ || ] && && ]
-      @mandatory_services = [
-        ["ntp"],
-        ["syslog"],
-        ["auditd"],
-        ["random"],
-        ["kbd"],
-        ["cron"],
-        ["postfix", "sendmail"]
-      ]
-      # sevices to check - these can be ignored (if they are running it's OK)
-      @optional_services = [
-        "acpid",
-        "boot.clock",
-        "dbus",
-        "ealysyslog",
-        "fbset",
-        "framebufferset",
-        "isdn",
-        "microcode.ctl",
-        "random",
-        "consolekit",
-        "haldaemon",
-        "network",
-        "syslog",
-        "auditd",
-        "splash_early",
-        "alsasound",
-        "irq_balancer",
-        "kbd",
-        "powersaved",
-        "splash",
-        "sshd",
-        "earlyxdm",
-        "hotkey-setup",
-        "atd",
-        "nscd",
-        "smpppd",
-        "xend",
-        "autofs",
-        "libvirtd",
-        "sendmail",
-        "postfix",
-        "xendomains",
-        "cron",
-        "ddclient",
-        "smartd",
-        "stopblktrace",
-        "ntp",
-        "SuSEfirewall",
-        "earlysyslog"
-      ]
+      # Services to check
+      srv_file = Directory.find_data_file("security/services.yml")
+      if srv_file
+        srv_lists = YAML.load_file(srv_file) rescue {}
+      else
+        srv_lists = {}
+      end
+      # These must be running
+      @mandatory_services = srv_lists["mandatory_services"] || []
+      # It must be an array of arrays (meaning [ [ || ] && && ])
+      @mandatory_services.map! {|s| s.is_a?(::String) ? [s] : s }
+      # These can be ignored (if they are running it's OK)
+      @optional_services = srv_lists["optional_services"] || []
       # All other services should be turned off
 
       # systemd target, defining ctrl-alt-del behavior