diff options
author | Suryakanth Sekar <suryakanth.sekar@linux.intel.com> | 2019-11-15 14:46:28 +0300 |
---|---|---|
committer | Wang, Kuiying <kuiying.wang@intel.com> | 2020-01-11 14:31:35 +0300 |
commit | 65d4fafd39553243d83834a87ce2806059c837b0 (patch) | |
tree | 0331155cdea5252bbd45edfb2b37e3bb3be560be /security-manager/src/file.hpp | |
parent | 6d93fe942fe3df101a644ffa39e1e4feab4382e7 (diff) | |
download | provingground-65d4fafd39553243d83834a87ce2806059c837b0.tar.xz |
Add Security Manager - ASD/User security Event
Daemon for below functionalities
1. To start the AtScaleDebug service when remote debug on
jumper & special user status and enabled.
2. To stop the AtScaleDebug service when remote debug jumper
disabled and disabled the special user status.
3. Log the corresponding AtScaleDebug Events
4. Check for user security breach and log the user security event.
Tested:
Detecting Remote Debug jumper - enabled or disabled
Enable the ASD/Disable the ASD based on jumper and spl user password
Corresponding the ASD security Event should be logged
Check for unsupported shell- user security event:
Change shell parameter for enabled user by
usermod --shell=/bin/csh <enabled username>
"SecurityUserUnsupportedShellEnabled" Event should be logged
Check for unsupported shell removed - user security event:
change shell parameter for enabled user by
usermod --shell=/bin/sh <enabled username>
"SecurityUserUnsupportedShellRemoved" Event should be logged
Check for Weak Password hashing algorithm Event:
change the password hashing algorithm by
edit file : /etc/pam.d/common-password -->sha512 to md5
set new password for any user.
"SecurityUserWeakHashAlgoEnabled" Event should be logged
similar change from md5 to sha512 in /etc/pam.d/common-password file
Set new password for any user.
"SecurityUserStrongHashAlgoRestored" Event should be logged
If root user is enabled
"SecurityUserRootEnabled" Event should be logged
If root user is disabled
"SecurityUserRootDisabled" Event should be logged
Change-Id: I88f8614df31df3f35e7d08d2e84aeef7a39edea4
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
Diffstat (limited to 'security-manager/src/file.hpp')
-rw-r--r-- | security-manager/src/file.hpp | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/security-manager/src/file.hpp b/security-manager/src/file.hpp new file mode 100644 index 0000000..7a286bf --- /dev/null +++ b/security-manager/src/file.hpp @@ -0,0 +1,86 @@ +#pragma once + +#include <stdio.h> + +#include <filesystem> + +namespace security_manager +{ + +namespace fs = std::filesystem; + +/** @class File + * @brief Responsible for handling file pointer + * Needed by putspent(3) + */ +class File +{ + private: + /** @brief handler for operating on file */ + FILE* fp = NULL; + + /** @brief File name. Needed in the case where the temp + * needs to be removed + */ + const std::string& name; + + /** @brief Should the file be removed at exit */ + bool removeOnExit = false; + + public: + File() = delete; + File(const File&) = delete; + File& operator=(const File&) = delete; + File(File&&) = delete; + File& operator=(File&&) = delete; + + /** @brief Opens file and uses it to do file operation + * + * @param[in] name - File name + * @param[in] mode - File open mode + * @param[in] removeOnExit - File to be removed at exit or no + */ + File(const std::string& filename, const std::string& mode, + bool removeExit = false) : + name(filename), + removeOnExit(removeExit) + { + fp = fopen(name.c_str(), mode.c_str()); + } + + /** @brief Opens file using provided file descriptor + * + * @param[in] fd - File descriptor + * @param[in] name - File name + * @param[in] mode - File open mode + * @param[in] removeOnExit - File to be removed at exit or no + */ + File(int fd, const std::string& filename, const std::string& mode, + bool removeExit = false) : + name(filename), + removeOnExit(removeExit) + { + fp = fdopen(fd, mode.c_str()); + } + + ~File() + { + if (fp) + { + fclose(fp); + } + + // Needed for exception safety + if (removeOnExit && fs::exists(name)) + { + fs::remove(name); + } + } + + auto operator()() + { + return fp; + } +}; + +} // namespace security_manager |