root / image_creator / os_type / unix.py @ f8119e65
History | View | Annotate | Download (2.2 kB)
| 1 |
#!/usr/bin/env python
|
|---|---|
| 2 |
|
| 3 |
import re |
| 4 |
import sys |
| 5 |
|
| 6 |
from image_creator.os_type import OSBase |
| 7 |
|
| 8 |
|
| 9 |
class Unix(OSBase): |
| 10 |
|
| 11 |
sensitive_userdata = [ |
| 12 |
'.bash_history',
|
| 13 |
'.gnupg',
|
| 14 |
'.ssh',
|
| 15 |
'.mozilla',
|
| 16 |
'.thunderbird'
|
| 17 |
] |
| 18 |
|
| 19 |
def get_metadata(self): |
| 20 |
meta = super(Unix, self).get_metadata() |
| 21 |
meta["USERS"] = " ".join(self.get_passworded_users()) |
| 22 |
return meta
|
| 23 |
|
| 24 |
def get_passworded_users(self): |
| 25 |
users = [] |
| 26 |
regexp = re.compile('(\S+):((?:!\S+)|(?:[^!*]\S+)|):(?:\S*:){6}')
|
| 27 |
|
| 28 |
for line in self.g.cat('/etc/shadow').splitlines(): |
| 29 |
match = regexp.match(line) |
| 30 |
if not match: |
| 31 |
continue
|
| 32 |
|
| 33 |
user, passwd = match.groups() |
| 34 |
if len(passwd) > 0 and passwd[0] == '!': |
| 35 |
print "Warning: Ignoring locked %s account." % user |
| 36 |
else:
|
| 37 |
users.append(user) |
| 38 |
|
| 39 |
return users
|
| 40 |
|
| 41 |
def data_cleanup(self): |
| 42 |
self.data_cleanup_userdata()
|
| 43 |
self.data_cleanup_tmp()
|
| 44 |
self.data_cleanup_log()
|
| 45 |
self.data_cleanup_mail()
|
| 46 |
self.data_cleanup_cache()
|
| 47 |
|
| 48 |
def data_cleanup_cache(self): |
| 49 |
"""Remove all regular files under /var/cache"""
|
| 50 |
self.foreach_file('/var/cache', self.g.rm, ftype='r') |
| 51 |
|
| 52 |
def data_cleanup_tmp(self): |
| 53 |
"""Remove all files under /tmp and /var/tmp"""
|
| 54 |
self.foreach_file('/tmp', self.g.rm_rf, maxdepth=1) |
| 55 |
self.foreach_file('/var/tmp', self.g.rm_rf, maxdepth=1) |
| 56 |
|
| 57 |
def data_cleanup_log(self): |
| 58 |
"""Empty all files under /var/log"""
|
| 59 |
self.foreach_file('/var/log', self.g.truncate, ftype='r') |
| 60 |
|
| 61 |
def data_cleanup_mail(self): |
| 62 |
"""Remove all files under /var/mail and /var/spool/mail"""
|
| 63 |
self.foreach_file('/var/spool/mail', self.g.rm_rf, maxdepth=1) |
| 64 |
self.foreach_file('/var/mail', self.g.rm_rf, maxdepth=1) |
| 65 |
|
| 66 |
def data_cleanup_userdata(self): |
| 67 |
"""Delete sensitive userdata"""
|
| 68 |
homedirs = ['/root'] + self.ls('/home/') |
| 69 |
|
| 70 |
for homedir in homedirs: |
| 71 |
for data in self.sensitive_userdata: |
| 72 |
fname = "%s/%s" % (homedir, data)
|
| 73 |
if self.g.is_file(fname): |
| 74 |
self.g.scrub_file(fname)
|
| 75 |
|
| 76 |
# vim: set sta sts=4 shiftwidth=4 sw=4 et ai :
|