Hi,
i started with func yesterday and find it very useful and since it's
written in python i also wanted to contribute/test if func could
be an replacement for other system management solutions like cfengine.
(so far i think that's possible)
I was trying to implement an EAL module to enforce security settings on
the systems under control. I already have working code
for that and i followed the instructions, how to write and distribute
new modules from the wiki.
I implemented a few of the required check/security settings which is
already working fine, but stumbled over my idea to reuse
already existing modules (in particular the iptables modules from func
right now) in my own.
What i tried is to use the Iptables class from the module to get a dump
of the current iptables state, and enforce some basic
settings if defined values are not met.
when trying to use the module function manually (not through func),
everything is working as expected
>>> from EAL import EAL
>>> e =EAL()
>>> e.check('firewall')
'# Generated by iptables-save v1.3.5 on Fri Feb 27 18:32:52
2009\n*filter\n:INPUT ACCEPT [0:0]\n:FORWARD ACCEPT [0:0]\n:OUTPUT
ACCEPT [1142:104373]\n:RH-Firewall-1-INPUT - [0:0]\n-A INPUT -j
RH-Firewall-1-INPUT \n-A FORWARD -j RH-Firewall-1-INPUT \n-A
RH-Firewall-1-INPUT -i lo -j ACCEPT \n-A RH-Firewall-1-INPUT -p icmp -m
icmp --icmp-type any -j ACCEPT \n-A RH-Firewall-1-INPUT -p esp -j ACCEPT
\n-A RH-Firewall-1-INPUT -p ah -j ACCEPT \n-A RH-Firewall-1-INPUT -d
224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT \n-A
RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT \n-A
RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT \n-A
RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT \n-A
RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j
ACCEPT \n-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp
--dport 51235 -j ACCEPT \n-A RH-Firewall-1-INPUT -p tcp -m state --state
NEW -m tcp --dport 51234 -j ACCEPT \n-A RH-Firewall-1-INPUT -j REJECT
--reject-with icmp-host-prohibited \nCOMMIT\n# Completed on Fri Feb 27
18:32:52 2009\n'
but when called remotely through func i receive the following error:
{'mls2.jackal-net.at': ['REMOTE_ERROR',
'func.minion.codes.InvalidMethodException',
'',
' File
"/usr/lib/python2.4/site-packages/func/minion/server.py", line 257, in
_dispatch\n return self.get_dispatch_method(method)(*params)\n File
"/usr/lib/python2.4/site-packages/func/minion/server.py", line 126, in
get_dispatch_method\n raise codes.InvalidMethodException\n']}
i didn't find anything regarding "including already existing module code
in your own module" on the wiki and would appreciate if someone
can point my the right way ...
thanks
regards
Michael Lang
_______________________________________________
Func-list mailing list
Func-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/func-list
