Hello community, here is the log from the commit of package yast2-security for openSUSE:Factory checked in at 2015-07-05 17:51:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-security (Old) and /work/SRC/openSUSE:Factory/.yast2-security.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "yast2-security" Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-security/yast2-security.changes 2015-06-18 06:37:10.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.yast2-security.new/yast2-security.changes 2015-07-05 17:51:17.000000000 +0200 @@ -1,0 +2,7 @@ +Fri Jun 19 15:26:45 UTC 2015 - [email protected] + +- Settings of security levels moved to YAML files +- Redefined security levels (last part of fate#318425) +- 3.1.10 + +------------------------------------------------------------------- Old: ---- yast2-security-3.1.9.tar.bz2 New: ---- yast2-security-3.1.10.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-security.spec ++++++ --- /var/tmp/diff_new_pack.mxpcmz/_old 2015-07-05 17:51:17.000000000 +0200 +++ /var/tmp/diff_new_pack.mxpcmz/_new 2015-07-05 17:51:17.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-security -Version: 3.1.9 +Version: 3.1.10 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build ++++++ yast2-security-3.1.9.tar.bz2 -> yast2-security-3.1.10.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/package/yast2-security.changes new/yast2-security-3.1.10/package/yast2-security.changes --- old/yast2-security-3.1.9/package/yast2-security.changes 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/package/yast2-security.changes 2015-06-22 10:41:26.000000000 +0200 @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Fri Jun 19 15:26:45 UTC 2015 - [email protected] + +- Settings of security levels moved to YAML files +- Redefined security levels (last part of fate#318425) +- 3.1.10 + +------------------------------------------------------------------- Mon Jun 15 15:22:38 UTC 2015 - [email protected] - Updated list of mandatory and optional services (part of diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/package/yast2-security.spec new/yast2-security-3.1.10/package/yast2-security.spec --- old/yast2-security-3.1.9/package/yast2-security.spec 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/package/yast2-security.spec 2015-06-22 10:41:26.000000000 +0200 @@ -17,7 +17,7 @@ Name: yast2-security -Version: 3.1.9 +Version: 3.1.10 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/Makefile.am new/yast2-security-3.1.10/src/Makefile.am --- old/yast2-security-3.1.9/src/Makefile.am 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/src/Makefile.am 2015-06-22 10:41:26.000000000 +0200 @@ -30,7 +30,10 @@ ydatadir = @ydatadir@/security ydata_DATA = \ - data/security/services.yml + data/security/services.yml \ + data/security/level1.yml \ + data/security/level2.yml \ + data/security/level3.yml desktop_DATA = \ desktop/security.desktop diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/clients/security.rb new/yast2-security-3.1.10/src/clients/security.rb --- old/yast2-security-3.1.9/src/clients/security.rb 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/src/clients/security.rb 2015-06-22 10:41:26.000000000 +0200 @@ -55,7 +55,7 @@ # the command line description map @cmdline = { "id" => "security", - # translators: command line help text for Securoty module + # translators: command line help text for Security module "help" => _( "Security configuration module" ), @@ -89,16 +89,16 @@ } }, "options" => { - "home" => { - # command line help text for 'level home' option + "workstation" => { + # command line help text for 'level workstation' option "help" => _( - "Home Workstation security level (without network)" + "Workstation security level" ) }, - "network" => { - # command line help text for 'level network' option + "roaming" => { + # command line help text for 'level roaming' option "help" => _( - "Networked Workstation security level" + "Roaming Device (e.g. laptop or tablet) security level" ) }, "server" => { @@ -141,7 +141,7 @@ }, "mappings" => { "summary" => [], - "level" => ["home", "network", "server"], + "level" => ["workstation", "roaming", "server"], #FIXME 1,2,3 aliases "set" => [ "passwd", @@ -184,11 +184,11 @@ current = key if level == Security.Settings end lvl = "" - if Builtins.haskey(options, "home") + if options.key?("workstation") lvl = "Level1" - elsif Builtins.haskey(options, "network") + elsif options.key?("roaming") lvl = "Level2" - elsif Builtins.haskey(options, "server") + elsif options.key?("server") lvl = "Level3" end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/data/security/level1.yml new/yast2-security-3.1.10/src/data/security/level1.yml --- old/yast2-security-3.1.9/src/data/security/level1.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-security-3.1.10/src/data/security/level1.yml 2015-06-22 10:41:26.000000000 +0200 @@ -0,0 +1,39 @@ +# Level 1: Workstation +--- +AllowShutdown: Root +CONSOLE_SHUTDOWN: ignore +CRACKLIB_DICT_PATH: "/usr/lib/cracklib_dict" +DISABLE_RESTART_ON_UPDATE: 'no' +DISABLE_STOP_ON_REMOVAL: 'no' +DISPLAYMANAGER_REMOTE_ACCESS: 'no' +DISPLAYMANAGER_ROOT_LOGIN_REMOTE: 'no' +DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN: 'no' +FAIL_DELAY: '6' +GID_MAX: '60000' +GID_MIN: '1000' +HIBERNATE_SYSTEM: active_console +PASSWD_ENCRYPTION: sha512 +PASSWD_REMEMBER_HISTORY: '0' +PASSWD_USE_CRACKLIB: 'yes' +PASS_MAX_DAYS: '99999' +PASS_MIN_DAYS: '1' +PASS_MIN_LEN: '5' +PASS_WARN_AGE: '14' +PERMISSION_SECURITY: easy +RUN_UPDATEDB_AS: nobody +SMTPD_LISTEN_REMOTE: 'no' +SYSLOG_ON_NO_ERROR: 'yes' +SYSTOHC: 'yes' +SYS_GID_MAX: '499' +SYS_GID_MIN: '100' +SYS_UID_MAX: '499' +SYS_UID_MIN: '100' +UID_MAX: '60000' +UID_MIN: '1000' +USERADD_CMD: "/usr/sbin/useradd.local" +USERDEL_POSTCMD: "/usr/sbin/userdel-post.local" +USERDEL_PRECMD: "/usr/sbin/userdel-pre.local" +kernel.sysrq: '0' +net.ipv4.ip_forward: '0' +net.ipv4.tcp_syncookies: '1' +net.ipv6.conf.all.forwarding: '0' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/data/security/level2.yml new/yast2-security-3.1.10/src/data/security/level2.yml --- old/yast2-security-3.1.9/src/data/security/level2.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-security-3.1.10/src/data/security/level2.yml 2015-06-22 10:41:26.000000000 +0200 @@ -0,0 +1,39 @@ +# Level 2: Roaming Device +--- +AllowShutdown: Root +CONSOLE_SHUTDOWN: ignore +CRACKLIB_DICT_PATH: "/usr/lib/cracklib_dict" +DISABLE_RESTART_ON_UPDATE: 'no' +DISABLE_STOP_ON_REMOVAL: 'no' +DISPLAYMANAGER_REMOTE_ACCESS: 'no' +DISPLAYMANAGER_ROOT_LOGIN_REMOTE: 'no' +DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN: 'no' +FAIL_DELAY: '6' +GID_MAX: '60000' +GID_MIN: '1000' +HIBERNATE_SYSTEM: active_console +PASSWD_ENCRYPTION: sha512 +PASSWD_REMEMBER_HISTORY: '0' +PASSWD_USE_CRACKLIB: 'yes' +PASS_MAX_DAYS: '99999' +PASS_MIN_DAYS: '1' +PASS_MIN_LEN: '5' +PASS_WARN_AGE: '14' +PERMISSION_SECURITY: easy +RUN_UPDATEDB_AS: nobody +SMTPD_LISTEN_REMOTE: 'no' +SYSLOG_ON_NO_ERROR: 'yes' +SYSTOHC: 'yes' +SYS_GID_MAX: '499' +SYS_GID_MIN: '100' +SYS_UID_MAX: '499' +SYS_UID_MIN: '100' +UID_MAX: '60000' +UID_MIN: '1000' +USERADD_CMD: "/usr/sbin/useradd.local" +USERDEL_POSTCMD: "/usr/sbin/userdel-post.local" +USERDEL_PRECMD: "/usr/sbin/userdel-pre.local" +kernel.sysrq: '0' +net.ipv4.ip_forward: '0' +net.ipv4.tcp_syncookies: '1' +net.ipv6.conf.all.forwarding: '0' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/data/security/level3.yml new/yast2-security-3.1.10/src/data/security/level3.yml --- old/yast2-security-3.1.9/src/data/security/level3.yml 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-security-3.1.10/src/data/security/level3.yml 2015-06-22 10:41:26.000000000 +0200 @@ -0,0 +1,39 @@ +# Level 3: Network server +--- +AllowShutdown: Root +CONSOLE_SHUTDOWN: ignore +CRACKLIB_DICT_PATH: "/usr/lib/cracklib_dict" +DISABLE_RESTART_ON_UPDATE: 'no' +DISABLE_STOP_ON_REMOVAL: 'no' +DISPLAYMANAGER_REMOTE_ACCESS: 'no' +DISPLAYMANAGER_ROOT_LOGIN_REMOTE: 'no' +DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN: 'no' +FAIL_DELAY: '3' +GID_MAX: '60000' +GID_MIN: '1000' +HIBERNATE_SYSTEM: active_console +PASSWD_ENCRYPTION: sha512 +PASSWD_REMEMBER_HISTORY: '0' +PASSWD_USE_CRACKLIB: 'yes' +PASS_MAX_DAYS: '99999' +PASS_MIN_DAYS: '1' +PASS_MIN_LEN: '6' +PASS_WARN_AGE: '14' +PERMISSION_SECURITY: secure +RUN_UPDATEDB_AS: nobody +SMTPD_LISTEN_REMOTE: 'no' +SYSLOG_ON_NO_ERROR: 'yes' +SYSTOHC: 'yes' +SYS_GID_MAX: '499' +SYS_GID_MIN: '100' +SYS_UID_MAX: '499' +SYS_UID_MIN: '100' +UID_MAX: '60000' +UID_MIN: '1000' +USERADD_CMD: "/usr/sbin/useradd.local" +USERDEL_POSTCMD: "/usr/sbin/userdel-post.local" +USERDEL_PRECMD: "/usr/sbin/userdel-pre.local" +kernel.sysrq: '0' +net.ipv4.ip_forward: '0' +net.ipv4.tcp_syncookies: '1' +net.ipv6.conf.all.forwarding: '0' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/include/security/helps.rb new/yast2-security-3.1.10/src/include/security/helps.rb --- old/yast2-security-3.1.9/src/include/security/helps.rb 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/src/include/security/helps.rb 2015-06-22 10:41:26.000000000 +0200 @@ -84,11 +84,11 @@ ) + # Main dialog help 5/8 _( - "<p><b>Home Workstation</b>: For a home computer not connected to\nany type of a network.</p>" + "<p><b>Workstation</b>: For a computer connected\nto any type of network including the Internet.</p>" ) + # Main dialog help 6/8 _( - "<p><b>Networked Workstation</b>: For a computer connected\nto any type of network including the Internet.</p>" + "<p><b>Roaming Device</b>: For a laptop, tablet or similar device\nthat connects to different networks.</p>" ) + # Main dialog help 7/8 _( diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/src/include/security/levels.rb new/yast2-security-3.1.10/src/include/security/levels.rb --- old/yast2-security-3.1.9/src/include/security/levels.rb 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/src/include/security/levels.rb 2015-06-22 10:41:26.000000000 +0200 @@ -39,153 +39,40 @@ # ] # </pre> +require "yaml" + # @return [Array] all security settings module Yast module SecurityLevelsInclude def initialize_security_levels(include_target) textdomain "security" + Yast.import "Directory" # Level names definitions @LevelsNames = { # level name - "Level1" => _("Home Workstation"), + "Level1" => _("Workstation"), # level name - "Level2" => _("Networked Workstation"), + "Level2" => _("Roaming Device"), # level name "Level3" => _("Network Server") } @LevelsLabels = { # RadioButton label - "Level1" => _("&Home Workstation"), + "Level1" => _("&Workstation"), # RadioButton label - "Level2" => _("N&etworked Workstation"), + "Level2" => _("&Roaming Device"), # RadioButton label "Level3" => _("Network &Server") } # Levels definitions - @Levels = - # end of Levels - { - "Level1" => { - "CONSOLE_SHUTDOWN" => "reboot", - "CRACKLIB_DICT_PATH" => "/usr/lib/cracklib_dict", - "DISPLAYMANAGER_REMOTE_ACCESS" => "no", - "kernel.sysrq" => "1", - "FAIL_DELAY" => "1", - "GID_MAX" => "60000", - "GID_MIN" => "1000", - "AllowShutdown" => "All", - "HIBERNATE_SYSTEM" => "active_console", - "PASSWD_ENCRYPTION" => "sha512", - "PASSWD_USE_CRACKLIB" => "yes", - "PASS_MAX_DAYS" => "99999", - "PASS_MIN_DAYS" => "0", - "PASS_MIN_LEN" => "5", - "PASS_WARN_AGE" => "7", - "PERMISSION_SECURITY" => "easy", - "RUN_UPDATEDB_AS" => "nobody", - "UID_MAX" => "60000", - "UID_MIN" => "1000", - "SYS_UID_MAX" => "499", - "SYS_UID_MIN" => "100", - "SYS_GID_MAX" => "499", - "SYS_GID_MIN" => "100", - "USERADD_CMD" => "/usr/sbin/useradd.local", - "USERDEL_PRECMD" => "/usr/sbin/userdel-pre.local", - "USERDEL_POSTCMD" => "/usr/sbin/userdel-post.local", - "PASSWD_REMEMBER_HISTORY" => "0", - "SYSTOHC" => "yes", - "SYSLOG_ON_NO_ERROR" => "yes", - "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" => "no", - "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" => "no", - "SMTPD_LISTEN_REMOTE" => "no", - "DISABLE_STOP_ON_REMOVAL" => "no", - "DISABLE_RESTART_ON_UPDATE" => "no", - "net.ipv4.tcp_syncookies" => "1", - "net.ipv4.ip_forward" => "0", - "net.ipv6.conf.all.forwarding" => "0" - }, - "Level2" => { - "CONSOLE_SHUTDOWN" => "ignore", - "CRACKLIB_DICT_PATH" => "/usr/lib/cracklib_dict", - "DISPLAYMANAGER_REMOTE_ACCESS" => "no", - "kernel.sysrq" => "0", - "FAIL_DELAY" => "6", - "GID_MAX" => "60000", - "GID_MIN" => "1000", - "AllowShutdown" => "Root", - "HIBERNATE_SYSTEM" => "active_console", - "PASSWD_ENCRYPTION" => "sha512", - "PASSWD_USE_CRACKLIB" => "yes", - "PASS_MAX_DAYS" => "99999", - "PASS_MIN_DAYS" => "1", - "PASS_MIN_LEN" => "5", - "PASS_WARN_AGE" => "14", - "PERMISSION_SECURITY" => "easy", - "RUN_UPDATEDB_AS" => "nobody", - "UID_MAX" => "60000", - "UID_MIN" => "1000", - "SYS_UID_MAX" => "499", - "SYS_UID_MIN" => "100", - "SYS_GID_MAX" => "499", - "SYS_GID_MIN" => "100", - "USERADD_CMD" => "/usr/sbin/useradd.local", - "USERDEL_PRECMD" => "/usr/sbin/userdel-pre.local", - "USERDEL_POSTCMD" => "/usr/sbin/userdel-post.local", - "PASSWD_REMEMBER_HISTORY" => "0", - "SYSTOHC" => "yes", - "SYSLOG_ON_NO_ERROR" => "yes", - "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" => "no", - "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" => "no", - "SMTPD_LISTEN_REMOTE" => "no", - "DISABLE_STOP_ON_REMOVAL" => "no", - "DISABLE_RESTART_ON_UPDATE" => "no", - "net.ipv4.tcp_syncookies" => "1", - "net.ipv4.ip_forward" => "0", - "net.ipv6.conf.all.forwarding" => "0" - }, - "Level3" => { - "CONSOLE_SHUTDOWN" => "ignore", - "CRACKLIB_DICT_PATH" => "/usr/lib/cracklib_dict", - "DISPLAYMANAGER_REMOTE_ACCESS" => "no", - "kernel.sysrq" => "0", - "FAIL_DELAY" => "3", - "GID_MAX" => "60000", - "GID_MIN" => "1000", - "AllowShutdown" => "Root", - "HIBERNATE_SYSTEM" => "active_console", - "PASSWD_ENCRYPTION" => "sha512", - "PASSWD_USE_CRACKLIB" => "yes", - "PASS_MAX_DAYS" => "99999", - "PASS_MIN_DAYS" => "1", - "PASS_MIN_LEN" => "6", - "PASS_WARN_AGE" => "14", - "PERMISSION_SECURITY" => "secure", - "RUN_UPDATEDB_AS" => "nobody", - "UID_MAX" => "60000", - "UID_MIN" => "1000", - "SYS_UID_MAX" => "499", - "SYS_UID_MIN" => "100", - "SYS_GID_MAX" => "499", - "SYS_GID_MIN" => "100", - "USERADD_CMD" => "/usr/sbin/useradd.local", - "USERDEL_PRECMD" => "/usr/sbin/userdel-pre.local", - "USERDEL_POSTCMD" => "/usr/sbin/userdel-post.local", - "PASSWD_REMEMBER_HISTORY" => "0", - "SYSTOHC" => "yes", - "SYSLOG_ON_NO_ERROR" => "yes", - "DISPLAYMANAGER_ROOT_LOGIN_REMOTE" => "no", - "DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN" => "no", - "SMTPD_LISTEN_REMOTE" => "no", - "DISABLE_STOP_ON_REMOVAL" => "no", - "DISABLE_RESTART_ON_UPDATE" => "no", - "net.ipv4.tcp_syncookies" => "1", - "net.ipv4.ip_forward" => "0", - "net.ipv6.conf.all.forwarding" => "0" - } - } + @Levels = @LevelsNames.keys.each_with_object({}) do |level, levels| + lfile = Directory.find_data_file("security/#{level.downcase}.yml") + raise(Errno::ENOENT, "#{level.downcase}.yml file not found") unless lfile + levels[level] = YAML.load_file(lfile) + end # EOF end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/test/SCRStub.rb new/yast2-security-3.1.10/test/SCRStub.rb --- old/yast2-security-3.1.9/test/SCRStub.rb 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/test/SCRStub.rb 2015-06-22 10:41:26.000000000 +0200 @@ -26,42 +26,6 @@ end end - # Shortcut for generating Yast::Path objects - # - # @param route [String] textual representation of the path - # @return [Yast::Path] the corresponding Path object - def path(route) - Yast::Path.new(route) - end - - # Encapsulates subsequent SCR calls into a chroot. - # - # Raises an exception if something goes wrong. - # - # @param [#to_s] directory to use as '/' for SCR calls - def set_root_path(directory) - check_version = false - @scr_handle = Yast::WFM.SCROpen("chroot=#{directory}:scr", check_version) - raise "Error creating the chrooted scr instance" if @scr_handle < 0 - Yast::WFM.SCRSetDefault(@scr_handle) - end - - # Resets the SCR calls to default behaviour, closing the SCR instance open by - # #set_root_path. - # - # Raises an exception if #set_root_path has not been called before (or if the - # corresponding instance has already been closed) - # - # @see #set_root_path - def reset_root_path - default_handle = Yast::WFM.SCRGetDefault - if default_handle != @scr_handle - raise "Error closing the chrooted scr instance, it's not the current default one" - end - @scr_handle = nil - Yast::WFM.SCRClose(default_handle) - end - # Matcher for executing commands using SCR.Execute and .target.bash # # @return [RSpec::Mocks::Matchers::Receive] @@ -69,6 +33,13 @@ receive(:Execute).with(path(".target.bash"), command) end + # Matcher for executing commands using SCR.Execute and .target.bash_output + # + # @return [RSpec::Mocks::Matchers::Receive] + def exec_bash_output(command) + receive(:Execute).with(path(".target.bash_output"), command) + end + # Stub all calls to SCR.Write storing the value for future comparison def stub_scr_write @written_values = {} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/test/levels_test.rb new/yast2-security-3.1.10/test/levels_test.rb --- old/yast2-security-3.1.9/test/levels_test.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-security-3.1.10/test/levels_test.rb 2015-06-22 10:41:26.000000000 +0200 @@ -0,0 +1,66 @@ +#!/usr/bin/env rspec + +require_relative 'test_helper' + +module Yast + class LevelsTester < Client + attr_reader :Levels + + def initialize + Yast.import "Security" + Yast.include self, "security/levels.rb" + end + + def apply_level2 + Security.Settings = @Levels["Level2"] + Security.modified = true + Security.Write + end + end + + describe "Levels" do + let(:tester) { LevelsTester.new } + subject(:settings) { tester.Levels } + + it "reads the settings from the yaml files" do + expect(settings["Level1"]["FAIL_DELAY"]).to eq "6" + expect(settings["Level2"]["FAIL_DELAY"]).to eq "6" + expect(settings["Level3"]["FAIL_DELAY"]).to eq "3" + end + + # This 'describe' is the translation to RSpec of the former testsuite. + # It's not exactly elegant, but it ensures we don't decrease the number of + # covered scenarios by deleting the old testsuite. + describe "together with Security" do + before do + change_scr_root(File.join(DATA_PATH, "system")) + stub_scr_write + allow(Package).to receive(:Installed).with("systemd").and_return true + end + + after do + reset_scr_root + end + + # Not really needed, but looks better than returning nil + let(:empty_bash_output) { {"exit" => 0, "stdout" => "", "stderr" => ""} } + + it "defines the system behavior" do + expect(SCR).to exec_bash_output("/usr/sbin/pam-config -a --cracklib") + .and_return(empty_bash_output) + expect(SCR).to exec_bash_output("/usr/sbin/pam-config -d --cracklib-minlen") + .and_return(empty_bash_output) + expect(SCR).to exec_bash_output("/usr/sbin/pam-config -d --pwhistory-remember") + .and_return(empty_bash_output) + expect(SCR).to exec_bash("ln -s -f /dev/null /etc/systemd/system/ctrl-alt-del.target") + expect(SCR).to exec_bash("echo 0 > /proc/sys/kernel/sysrq") + expect(SCR).to exec_bash("/usr/bin/chkstat --system") + + tester.apply_level2 + + expect(written_value_for(".etc.login_defs.FAIL_DELAY")).to eq "6" + expect(written_value_for(".sysconfig.locate.RUN_UPDATEDB_AS")).to eq "nobody" + end + end + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/test/security_test.rb new/yast2-security-3.1.10/test/security_test.rb --- old/yast2-security-3.1.9/test/security_test.rb 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/test/security_test.rb 2015-06-22 10:41:26.000000000 +0200 @@ -1,11 +1,6 @@ #!/usr/bin/env rspec -ENV["Y2DIR"] = File.expand_path("../../src", __FILE__) -DATA_PATH = File.join(File.expand_path(File.dirname(__FILE__)), "data") - -require 'rspec' -require "yast" -require_relative 'SCRStub' +require_relative 'test_helper' def services_for(names, aliases = {}) names.map do |n| @@ -36,10 +31,6 @@ import "SystemdService" import "Service" - RSpec.configure do |c| - c.include SCRStub - end - describe Security do describe "#ReadServiceSettings" do let(:aliases) { {} } @@ -114,13 +105,13 @@ describe "#write_to_locations" do before do - set_root_path(File.join(DATA_PATH, "system")) + change_scr_root(File.join(DATA_PATH, "system")) Security.read_from_locations stub_scr_write end after do - reset_root_path + reset_scr_root end it "does not write nil values" do @@ -161,13 +152,13 @@ describe "#write_kernel_settings" do before do - set_root_path(File.join(DATA_PATH, "system")) + change_scr_root(File.join(DATA_PATH, "system")) Security.read_kernel_settings stub_scr_write end after do - reset_root_path + reset_scr_root end context "writing to sysctl.conf" do diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/test/test_helper.rb new/yast2-security-3.1.10/test/test_helper.rb --- old/yast2-security-3.1.9/test/test_helper.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-security-3.1.10/test/test_helper.rb 2015-06-22 10:41:26.000000000 +0200 @@ -0,0 +1,47 @@ +# Copyright (c) 2015 SUSE Linux. +# All Rights Reserved. + +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 or 3 of the GNU General +# Public License as published by the Free Software Foundation. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, contact SUSE LLC. + +# To contact SUSE about this file by physical or electronic mail, +# you may find current contact information at www.suse.com + +# Set the paths +SRC_PATH = File.expand_path("../../src", __FILE__) +DATA_PATH = File.join(File.expand_path(File.dirname(__FILE__)), "data") +ENV["Y2DIR"] = SRC_PATH + +require "yast" +require "yast/rspec" +require_relative 'SCRStub' + +::RSpec.configure do |c| + c.include SCRStub +end + +if ENV["COVERAGE"] + require "simplecov" + SimpleCov.start + + # for coverage we need to load all ruby files + Dir["#{SRC_PATH}/modules/**/*.rb"].each { |f| require_relative f } + + # use coveralls for on-line code coverage reporting at Travis CI + if ENV["TRAVIS"] + require "coveralls" + SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter[ + SimpleCov::Formatter::HTMLFormatter, + Coveralls::SimpleCov::Formatter + ] + end +end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/testsuite/tests/Level1.out new/yast2-security-3.1.10/testsuite/tests/Level1.out --- old/yast2-security-3.1.9/testsuite/tests/Level1.out 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/testsuite/tests/Level1.out 1970-01-01 01:00:00.000000000 +0100 @@ -1,78 +0,0 @@ -Read .etc.login_defs.FAIL_DELAY nil -Write .etc.login_defs.FAIL_DELAY "1" true -Read .etc.login_defs.GID_MAX nil -Write .etc.login_defs.GID_MAX "60000" true -Read .etc.login_defs.GID_MIN nil -Write .etc.login_defs.GID_MIN "1000" true -Read .etc.login_defs.PASS_MAX_DAYS nil -Write .etc.login_defs.PASS_MAX_DAYS "99999" true -Read .etc.login_defs.PASS_MIN_DAYS nil -Write .etc.login_defs.PASS_MIN_DAYS "0" true -Read .etc.login_defs.PASS_WARN_AGE nil -Write .etc.login_defs.PASS_WARN_AGE "7" true -Read .etc.login_defs.UID_MAX nil -Write .etc.login_defs.UID_MAX "60000" true -Read .etc.login_defs.UID_MIN nil -Write .etc.login_defs.UID_MIN "1000" true -Read .etc.login_defs.SYS_UID_MAX nil -Write .etc.login_defs.SYS_UID_MAX "499" true -Read .etc.login_defs.SYS_UID_MIN nil -Write .etc.login_defs.SYS_UID_MIN "100" true -Read .etc.login_defs.SYS_GID_MAX nil -Write .etc.login_defs.SYS_GID_MAX "499" true -Read .etc.login_defs.SYS_GID_MIN nil -Write .etc.login_defs.SYS_GID_MIN "100" true -Read .etc.login_defs.USERADD_CMD nil -Write .etc.login_defs.USERADD_CMD "/usr/sbin/useradd.local" true -Read .etc.login_defs.USERDEL_PRECMD nil -Write .etc.login_defs.USERDEL_PRECMD "/usr/sbin/userdel-pre.local" true -Read .etc.login_defs.USERDEL_POSTCMD nil -Write .etc.login_defs.USERDEL_POSTCMD "/usr/sbin/userdel-post.local" true -Read .kde4.kdmrc.AllowShutdown nil -Write .kde4.kdmrc.AllowShutdown "All" true -Read .sysconfig.clock.SYSTOHC nil -Write .sysconfig.clock.SYSTOHC "yes" true -Read .sysconfig.cron.SYSLOG_ON_NO_ERROR nil -Write .sysconfig.cron.SYSLOG_ON_NO_ERROR "yes" true -Read .sysconfig.displaymanager.DISPLAYMANAGER_REMOTE_ACCESS nil -Write .sysconfig.displaymanager.DISPLAYMANAGER_REMOTE_ACCESS "no" true -Read .sysconfig.displaymanager.DISPLAYMANAGER_ROOT_LOGIN_REMOTE nil -Write .sysconfig.displaymanager.DISPLAYMANAGER_ROOT_LOGIN_REMOTE "no" true -Read .sysconfig.displaymanager.DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN nil -Write .sysconfig.displaymanager.DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN "no" true -Read .sysconfig.locate.RUN_UPDATEDB_AS nil -Write .sysconfig.locate.RUN_UPDATEDB_AS "nobody" true -Read .sysconfig.mail.SMTPD_LISTEN_REMOTE nil -Write .sysconfig.mail.SMTPD_LISTEN_REMOTE "no" true -Read .sysconfig.security.PERMISSION_SECURITY nil -Write .sysconfig.security.PERMISSION_SECURITY "easy local" true -Read .sysconfig.services.DISABLE_RESTART_ON_UPDATE nil -Write .sysconfig.services.DISABLE_RESTART_ON_UPDATE "no" true -Read .sysconfig.services.DISABLE_STOP_ON_REMOVAL nil -Write .sysconfig.services.DISABLE_STOP_ON_REMOVAL "no" true -Write .etc.login_defs nil true -Write .kde4.kdmrc nil true -Write .sysconfig.clock nil true -Write .sysconfig.cron nil true -Write .sysconfig.displaymanager nil true -Write .sysconfig.locate nil true -Write .sysconfig.mail nil true -Write .sysconfig.security nil true -Write .sysconfig.services nil true -Execute .target.remove "/etc/systemd/system/ctrl-alt-del.target" 0 -Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] -Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] -Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] -Read .etc.sysctl_conf."kernel.sysrq" nil -Write .etc.sysctl_conf."kernel.sysrq" "1" true -Read .etc.sysctl_conf."net.ipv4.ip_forward" nil -Write .etc.sysctl_conf."net.ipv4.ip_forward" "0" true -Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil -Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "1" true -Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil -Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "0" true -Write .etc.sysctl_conf nil true -Execute .target.bash "echo 1 > /proc/sys/kernel/sysrq" 0 -Execute .target.bash "/usr/bin/chkstat --system" 0 -Execute .target.bash "/sbin/set_polkit_default_privs" 0 -Return true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/testsuite/tests/Level1.rb new/yast2-security-3.1.10/testsuite/tests/Level1.rb --- old/yast2-security-3.1.9/testsuite/tests/Level1.rb 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/testsuite/tests/Level1.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,40 +0,0 @@ -# encoding: utf-8 - -# YaST2: Modules testsuite -# -# Description: -# Testsuite for the security module -# -# Authors: -# Michal Svec <[email protected]> -# -# $Id$ -# -# testedfiles: Security.ycp PamSettings.ycp Pam.ycp -module Yast - class Level1Client < Client - def main - Yast.include self, "testsuite.rb" - - Yast.import "Security" - Yast.include self, "security/levels.rb" - - @E = { "target" => { "bash_output" => {} } } - @R = { - "sysconfig" => { "displaymanager" => { "DISPLAYMANAGER" => "" } }, - "target" => { - # FileUtils::Exists returns true: - "stat" => { 1 => 2 } - } - } - - Security.Settings = Ops.get(@Levels, "Level1", {}) - Security.modified = true - TEST(lambda { Security.Write }, [@R, {}, @E], nil) - - nil - end - end -end - -Yast::Level1Client.new.main diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/testsuite/tests/Level2.out new/yast2-security-3.1.10/testsuite/tests/Level2.out --- old/yast2-security-3.1.9/testsuite/tests/Level2.out 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/testsuite/tests/Level2.out 1970-01-01 01:00:00.000000000 +0100 @@ -1,77 +0,0 @@ -Read .etc.login_defs.FAIL_DELAY nil -Write .etc.login_defs.FAIL_DELAY "6" true -Read .etc.login_defs.GID_MAX nil -Write .etc.login_defs.GID_MAX "60000" true -Read .etc.login_defs.GID_MIN nil -Write .etc.login_defs.GID_MIN "1000" true -Read .etc.login_defs.PASS_MAX_DAYS nil -Write .etc.login_defs.PASS_MAX_DAYS "99999" true -Read .etc.login_defs.PASS_MIN_DAYS nil -Write .etc.login_defs.PASS_MIN_DAYS "1" true -Read .etc.login_defs.PASS_WARN_AGE nil -Write .etc.login_defs.PASS_WARN_AGE "14" true -Read .etc.login_defs.UID_MAX nil -Write .etc.login_defs.UID_MAX "60000" true -Read .etc.login_defs.UID_MIN nil -Write .etc.login_defs.UID_MIN "1000" true -Read .etc.login_defs.SYS_UID_MAX nil -Write .etc.login_defs.SYS_UID_MAX "499" true -Read .etc.login_defs.SYS_UID_MIN nil -Write .etc.login_defs.SYS_UID_MIN "100" true -Read .etc.login_defs.SYS_GID_MAX nil -Write .etc.login_defs.SYS_GID_MAX "499" true -Read .etc.login_defs.SYS_GID_MIN nil -Write .etc.login_defs.SYS_GID_MIN "100" true -Read .etc.login_defs.USERADD_CMD nil -Write .etc.login_defs.USERADD_CMD "/usr/sbin/useradd.local" true -Read .etc.login_defs.USERDEL_PRECMD nil -Write .etc.login_defs.USERDEL_PRECMD "/usr/sbin/userdel-pre.local" true -Read .etc.login_defs.USERDEL_POSTCMD nil -Write .etc.login_defs.USERDEL_POSTCMD "/usr/sbin/userdel-post.local" true -Read .kde4.kdmrc.AllowShutdown nil -Write .kde4.kdmrc.AllowShutdown "Root" true -Read .sysconfig.clock.SYSTOHC nil -Write .sysconfig.clock.SYSTOHC "yes" true -Read .sysconfig.cron.SYSLOG_ON_NO_ERROR nil -Write .sysconfig.cron.SYSLOG_ON_NO_ERROR "yes" true -Read .sysconfig.displaymanager.DISPLAYMANAGER_REMOTE_ACCESS nil -Write .sysconfig.displaymanager.DISPLAYMANAGER_REMOTE_ACCESS "no" true -Read .sysconfig.displaymanager.DISPLAYMANAGER_ROOT_LOGIN_REMOTE nil -Write .sysconfig.displaymanager.DISPLAYMANAGER_ROOT_LOGIN_REMOTE "no" true -Read .sysconfig.displaymanager.DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN nil -Write .sysconfig.displaymanager.DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN "no" true -Read .sysconfig.locate.RUN_UPDATEDB_AS nil -Write .sysconfig.locate.RUN_UPDATEDB_AS "nobody" true -Read .sysconfig.mail.SMTPD_LISTEN_REMOTE nil -Write .sysconfig.mail.SMTPD_LISTEN_REMOTE "no" true -Read .sysconfig.security.PERMISSION_SECURITY nil -Write .sysconfig.security.PERMISSION_SECURITY "easy local" true -Read .sysconfig.services.DISABLE_RESTART_ON_UPDATE nil -Write .sysconfig.services.DISABLE_RESTART_ON_UPDATE "no" true -Read .sysconfig.services.DISABLE_STOP_ON_REMOVAL nil -Write .sysconfig.services.DISABLE_STOP_ON_REMOVAL "no" true -Write .etc.login_defs nil true -Write .kde4.kdmrc nil true -Write .sysconfig.clock nil true -Write .sysconfig.cron nil true -Write .sysconfig.displaymanager nil true -Write .sysconfig.locate nil true -Write .sysconfig.mail nil true -Write .sysconfig.security nil true -Write .sysconfig.services nil true -Execute .target.bash "ln -s -f /dev/null /etc/systemd/system/ctrl-alt-del.target" 0 -Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] -Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] -Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] -Read .etc.sysctl_conf."kernel.sysrq" nil -Write .etc.sysctl_conf."kernel.sysrq" "0" true -Read .etc.sysctl_conf."net.ipv4.ip_forward" nil -Write .etc.sysctl_conf."net.ipv4.ip_forward" "0" true -Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil -Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "1" true -Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil -Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "0" true -Write .etc.sysctl_conf nil true -Execute .target.bash "echo 0 > /proc/sys/kernel/sysrq" 0 -Execute .target.bash "/usr/bin/chkstat --system" 0 -Return true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/testsuite/tests/Level2.rb new/yast2-security-3.1.10/testsuite/tests/Level2.rb --- old/yast2-security-3.1.9/testsuite/tests/Level2.rb 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/testsuite/tests/Level2.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,40 +0,0 @@ -# encoding: utf-8 - -# YaST2: Modules testsuite -# -# Description: -# Testsuite for the security module -# -# Authors: -# Michal Svec <[email protected]> -# -# $Id$ -# -# testedfiles: Security.ycp PamSettings.ycp Pam.ycp -module Yast - class Level2Client < Client - def main - Yast.include self, "testsuite.rb" - - Yast.import "Security" - Yast.include self, "security/levels.rb" - - @E = { "target" => { "bash_output" => {} } } - @R = { - "sysconfig" => { "displaymanager" => { "DISPLAYMANAGER" => "" } }, - "target" => { - # FileUtils::Exists returns false: - "stat" => {} - } - } - - Security.Settings = Ops.get(@Levels, "Level2", {}) - Security.modified = true - TEST(lambda { Security.Write }, [@R, {}, @E], nil) - - nil - end - end -end - -Yast::Level2Client.new.main diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/testsuite/tests/Level3.out new/yast2-security-3.1.10/testsuite/tests/Level3.out --- old/yast2-security-3.1.9/testsuite/tests/Level3.out 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/testsuite/tests/Level3.out 1970-01-01 01:00:00.000000000 +0100 @@ -1,79 +0,0 @@ -Read .etc.login_defs.FAIL_DELAY nil -Write .etc.login_defs.FAIL_DELAY "3" true -Read .etc.login_defs.GID_MAX nil -Write .etc.login_defs.GID_MAX "60000" true -Read .etc.login_defs.GID_MIN nil -Write .etc.login_defs.GID_MIN "1000" true -Read .etc.login_defs.PASS_MAX_DAYS nil -Write .etc.login_defs.PASS_MAX_DAYS "99999" true -Read .etc.login_defs.PASS_MIN_DAYS nil -Write .etc.login_defs.PASS_MIN_DAYS "1" true -Read .etc.login_defs.PASS_WARN_AGE nil -Write .etc.login_defs.PASS_WARN_AGE "14" true -Read .etc.login_defs.UID_MAX nil -Write .etc.login_defs.UID_MAX "60000" true -Read .etc.login_defs.UID_MIN nil -Write .etc.login_defs.UID_MIN "1000" true -Read .etc.login_defs.SYS_UID_MAX nil -Write .etc.login_defs.SYS_UID_MAX "499" true -Read .etc.login_defs.SYS_UID_MIN nil -Write .etc.login_defs.SYS_UID_MIN "100" true -Read .etc.login_defs.SYS_GID_MAX nil -Write .etc.login_defs.SYS_GID_MAX "499" true -Read .etc.login_defs.SYS_GID_MIN nil -Write .etc.login_defs.SYS_GID_MIN "100" true -Read .etc.login_defs.USERADD_CMD nil -Write .etc.login_defs.USERADD_CMD "/usr/sbin/useradd.local" true -Read .etc.login_defs.USERDEL_PRECMD nil -Write .etc.login_defs.USERDEL_PRECMD "/usr/sbin/userdel-pre.local" true -Read .etc.login_defs.USERDEL_POSTCMD nil -Write .etc.login_defs.USERDEL_POSTCMD "/usr/sbin/userdel-post.local" true -Read .kde4.kdmrc.AllowShutdown nil -Write .kde4.kdmrc.AllowShutdown "Root" true -Read .sysconfig.clock.SYSTOHC nil -Write .sysconfig.clock.SYSTOHC "yes" true -Read .sysconfig.cron.SYSLOG_ON_NO_ERROR nil -Write .sysconfig.cron.SYSLOG_ON_NO_ERROR "yes" true -Read .sysconfig.displaymanager.DISPLAYMANAGER_REMOTE_ACCESS nil -Write .sysconfig.displaymanager.DISPLAYMANAGER_REMOTE_ACCESS "no" true -Read .sysconfig.displaymanager.DISPLAYMANAGER_ROOT_LOGIN_REMOTE nil -Write .sysconfig.displaymanager.DISPLAYMANAGER_ROOT_LOGIN_REMOTE "no" true -Read .sysconfig.displaymanager.DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN nil -Write .sysconfig.displaymanager.DISPLAYMANAGER_XSERVER_TCP_PORT_6000_OPEN "no" true -Read .sysconfig.locate.RUN_UPDATEDB_AS nil -Write .sysconfig.locate.RUN_UPDATEDB_AS "nobody" true -Read .sysconfig.mail.SMTPD_LISTEN_REMOTE nil -Write .sysconfig.mail.SMTPD_LISTEN_REMOTE "no" true -Read .sysconfig.security.PERMISSION_SECURITY nil -Write .sysconfig.security.PERMISSION_SECURITY "secure local" true -Read .sysconfig.services.DISABLE_RESTART_ON_UPDATE nil -Write .sysconfig.services.DISABLE_RESTART_ON_UPDATE "no" true -Read .sysconfig.services.DISABLE_STOP_ON_REMOVAL nil -Write .sysconfig.services.DISABLE_STOP_ON_REMOVAL "no" true -Write .etc.login_defs nil true -Write .kde4.kdmrc nil true -Write .sysconfig.clock nil true -Write .sysconfig.cron nil true -Write .sysconfig.displaymanager nil true -Write .sysconfig.locate nil true -Write .sysconfig.mail nil true -Write .sysconfig.security nil true -Write .sysconfig.services nil true -Execute .target.bash "ln -s -f /dev/null /etc/systemd/system/ctrl-alt-del.target" 0 -Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] -Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] -Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib-minlen=6" $[] -Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] -Read .etc.sysctl_conf."kernel.sysrq" nil -Write .etc.sysctl_conf."kernel.sysrq" "0" true -Read .etc.sysctl_conf."net.ipv4.ip_forward" nil -Write .etc.sysctl_conf."net.ipv4.ip_forward" "0" true -Read .etc.sysctl_conf."net.ipv4.tcp_syncookies" nil -Write .etc.sysctl_conf."net.ipv4.tcp_syncookies" "1" true -Read .etc.sysctl_conf."net.ipv6.conf.all.forwarding" nil -Write .etc.sysctl_conf."net.ipv6.conf.all.forwarding" "0" true -Write .etc.sysctl_conf nil true -Execute .target.bash "echo 0 > /proc/sys/kernel/sysrq" 0 -Execute .target.bash "/usr/bin/chkstat --system" 0 -Execute .target.bash "/sbin/set_polkit_default_privs" 0 -Return true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-security-3.1.9/testsuite/tests/Level3.rb new/yast2-security-3.1.10/testsuite/tests/Level3.rb --- old/yast2-security-3.1.9/testsuite/tests/Level3.rb 2015-06-15 17:36:09.000000000 +0200 +++ new/yast2-security-3.1.10/testsuite/tests/Level3.rb 1970-01-01 01:00:00.000000000 +0100 @@ -1,40 +0,0 @@ -# encoding: utf-8 - -# YaST2: Modules testsuite -# -# Description: -# Testsuite for the security module -# -# Authors: -# Michal Svec <[email protected]> -# -# $Id$ -# -# testedfiles: Security.ycp PamSettings.ycp Pam.ycp -module Yast - class Level3Client < Client - def main - Yast.include self, "testsuite.rb" - - Yast.import "Security" - Yast.include self, "security/levels.rb" - - @E = { "target" => { "bash_output" => {} } } - @R = { - "sysconfig" => { "displaymanager" => { "DISPLAYMANAGER" => "" } }, - "target" => { - # FileUtils::Exists returns true: - "stat" => { 1 => 2 } - } - } - - Security.Settings = Ops.get(@Levels, "Level3", {}) - Security.modified = true - TEST(lambda { Security.Write }, [@R, {}, @E], nil) - - nil - end - end -end - -Yast::Level3Client.new.main
