check_sys/core/config.py

#!/usr/bin/env python3

import yaml
from utils import ConfigError

# Constantes
HIGH = "high"
MEDIUM = "medium"
LOW = "low"

AUDIT_SYSTEM = [
    "sysctl",
    "postfix",
    "apache",
]

AUDIT_APPLICATION = [
    'keywords',
    'calls',
]

def generateConfig() -> dict:
    config = dict()
    # System
    config["system"] = dict()
    config["system"]["postfix"] = dict()
    config["system"]["postfix"]["postfix_file"] = "/etc/postfix/main.cf"
    config["system"]["apache"] = dict()
    config["system"]["apache"]["apache_directory"] = "/etc/apache2/"
    config["system"]["sysctl"] = dict()
    config["system"]["sysctl"]["sysctl_file"] = "/etc/sysctl.conf"
    config["system"]["exclude_plugins"] = list()
    # Application
    config["application"] = dict()
    config["application"]["pattern_file"] = list()

    return config

def _get_exclude_plugins():
    pass

def parsingConfigFile(filename, configs):
    # This function overwrite the config
    try:
        if not filename.endswith(".yaml"):
            raise ConfigError(
                "You must specified a YAML config file",
                filename
            )
        with open(filename, 'rb') as f:
            yamlConfig = yaml.safe_load(f)
           
            # Mapping config file to the config dict
            # TODO: recursive function
            for category in yamlConfig:
                if "system" in category:
                    for plugin in yamlConfig["system"]:
                        if plugin not in configs["system"]:
                            raise ConfigError(
                                f"{plugin} unknown",
                                filename
                            )
                        for flag in yamlConfig["system"][plugin]:
                            try:
                                if flag is not None:
                                    if isinstance(configs["system"][plugin], list):
                                        configs["system"][plugin].append(flag)
                                    else:
                                        if flag not in configs["system"][plugin]:
                                            raise ConfigError(
                                                f"{flag} unknown",
                                                filename
                                            )
                                        configs["system"][plugin][flag] = yamlConfig["system"][plugin][flag]
                            except TypeError as e:
                                raise e
                                
                #if "application" in category:
                #    for plugin in yamlConfig["application"]:
                #        for flag in yamlConfig["application"][plugin]:
                #            try:
                #                configs["application"][plugin][flag] = yamlConfig["application"][plugin][flag]
                #            except TypeError:
                #                pass

    except FileNotFoundError:
        print(f"Config file {filename} not found. Bypass it")