#!/usr/bin/env python3 from os import stat from os.path import isfile from audit.system.plugins.grub import grub class Grub: def __init__(self, arguments): self._object = grub() self._reports = dict() # Create the report self._constructReports() def runAudit(self): print("Running test for Grub") self._analyzingGrub() def getReports(self) -> dict: return self._reports def _analyzingGrub(self): # Check if the file exist path = self._object['filename'] try: if isfile(path): permission = self._check_permission(path) if permission != oct(self._object['value']): self._reports['result'] = 'failed' self._reports['resolve'] = self._object['resolve'] else: self._reports['result'] = 'success' self._reports['description'] = self._object['description'] self._reports['level'] = self._object['level'] self._reports['current_value'] = permission[2:] except FileNotFoundError: self._reports['grub']['error'] = \ f'File {path} not found' def _check_permission(self, path) -> oct: """ In this function, we get the permission of the file """ permission = stat(path).st_mode octal = 0o000 # Check user permission if permission & 0o400: # Read octal += 0o400 if permission & 0o200: # Write octal += 0o200 if permission & 0o100: # Execute octal += 0o100 # Check group permission if permission & 0o040: octal += 0o040 if permission & 0o020: octal += 0o020 if permission & 0o010: octal += 0o010 # Check other permission if permission & 0o004: octal += 0o004 if permission & 0o002: octal += 0o002 if permission & 0o001: octal += 0o001 return oct(octal) def _constructReports(self): """ Construct dictionary for result of the tests Each entry contains: Key: - filename: filename of the test - line: line of the test - parse: Display the line where the vulnerabilites has been found - description: description of the vulnerability - level: high, medium or low """ self._reports = dict() self._reports['filename'] = self._object['filename']