X-Git-Url: https://gerrit.akraino.org/r/gitweb?a=blobdiff_plain;f=roles%2Fssh_conf_hardening%2Flibrary%2Fssh_conf.py;fp=roles%2Fssh_conf_hardening%2Flibrary%2Fssh_conf.py;h=aebe74bb461c8074e3a7eea813bc61d87bbd71b0;hb=74a49ba6ef2ea715fa492db0bcd85c30398688e8;hp=0000000000000000000000000000000000000000;hpb=a936af362724cca0c5dc2c424902d398f9833410;p=ta%2Finfra-ansible.git diff --git a/roles/ssh_conf_hardening/library/ssh_conf.py b/roles/ssh_conf_hardening/library/ssh_conf.py new file mode 100644 index 0000000..aebe74b --- /dev/null +++ b/roles/ssh_conf_hardening/library/ssh_conf.py @@ -0,0 +1,109 @@ +#!/bin/python + +# Copyright 2019 Nokia + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import os +import re +from ansible.module_utils.basic import AnsibleModule + +class SshdConf(object): + + def __init__(self): + self.module = AnsibleModule(argument_spec=dict(regexp=dict(required=True), + values=dict(required=True))) + self.used_regexp = self.module.params["regexp"] + self.set_values = self.module.params["values"] + self.sshd_contents = None + self.changed = False + self.target = "/etc/ssh/sshd_config" + + def _read_sshd_conf(self): + os.system("sync") + with open(self.target, "r") as sshd_file: + self.sshd_contents = sshd_file.readlines() + + def _write_sshd_conf(self): + os.system("sync") + os.remove(self.target) + os.system("sync") + for line in self.sshd_contents: + with open(self.target, "a") as out: + out.write(line) + os.system("sync") + os.system("sync") + os.system("chmod 600 "+ self.target) + os.system("sync") + os.system("chown root:root "+ self.target) + os.system("sync") + + def _start_finder(self): + end = start = None + index = 0 + + for line in self.sshd_contents: + if start is None and re.compile("^[A-Za-z].*").search(line): + start = index + 1 + if re.compile("^[#\s]*Match ").search(line): + end = index + break + index += 1 + + if end is None: + end = index - 1 + + if start is None: + start = 0 + + return start, end + + def ssh_checker_and_setter(self, line): + if self.changed: + self.sshd_contents[line] = '' + else: + self.sshd_contents[line] = self.module.params["values"] + self.changed = True + + def _configuration(self, start, end): + for line in range(0, end): + if re.compile("^"+self.module.params["regexp"]).search(self.sshd_contents[line]): + self.ssh_checker_and_setter(line) + if not self.changed: + for line in range(0, end): + if re.compile("^#"+self.module.params["regexp"]).search(self.sshd_contents[line]) and not self.changed: + self.sshd_contents[line] = self.sshd_contents[line]+self.module.params["values"] + self.changed = True + if not self.changed: + self.sshd_contents.insert(start, self.module.params["values"]) + self.changed = True + + def run(self): + self._read_sshd_conf() + + indexes = self._start_finder() + start_index = indexes[0] + end_index = indexes[1] + + self._configuration(start_index, end_index) + + self._write_sshd_conf() + + self.module.exit_json(changed=self.changed, msg=self.module.params["values"]+" configured") + + @staticmethod + def main(): + SshdConf().run() + +if __name__ == '__main__': + SshdConf.main()