Hello community, here is the log from the commit of package sca-patterns-sle15 for openSUSE:Factory checked in at 2019-02-01 11:46:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sca-patterns-sle15 (Old) and /work/SRC/openSUSE:Factory/.sca-patterns-sle15.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "sca-patterns-sle15" Fri Feb 1 11:46:34 2019 rev:2 rq:670141 version:1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/sca-patterns-sle15/sca-patterns-sle15.changes 2018-01-06 18:54:18.304887922 +0100 +++ /work/SRC/openSUSE:Factory/.sca-patterns-sle15.new.28833/sca-patterns-sle15.changes 2019-02-01 11:46:39.168478085 +0100 @@ -1,0 +2,5 @@ +Mon Nov 19 19:31:33 UTC 2018 - jason.record@suse.com + +- Added openssh-7023532.py to detect bsc#1115654 + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sca-patterns-sle15.spec ++++++ --- /var/tmp/diff_new_pack.a3FJDb/_old 2019-02-01 11:46:39.640477601 +0100 +++ /var/tmp/diff_new_pack.a3FJDb/_new 2019-02-01 11:46:39.644477596 +0100 @@ -1,7 +1,7 @@ # # spec file for package sca-patterns-sle15 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,6 +12,10 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + + %define sca_common sca %define patdirbase /usr/lib/%{sca_common} %define patdir %{patdirbase}/patterns @@ -25,12 +29,12 @@ Release: 0 Summary: Supportconfig Analysis Patterns for SLE15 License: GPL-2.0 -URL: https://github.com/g23guy/sca-patterns-sle15 Group: System/Monitoring +Url: https://github.com/g23guy/sca-patterns-sle15 Source: %{name}-%{version}.tar.gz BuildRequires: fdupes Requires: sca-patterns-base -Buildarch: noarch +BuildArch: noarch %description Supportconfig Analysis (SCA) appliance patterns to identify known ++++++ sca-patterns-sle15-1.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sca-patterns-sle15-1.0/patterns/SLE/sle15sp0/openssh-7023532.py new/sca-patterns-sle15-1.0/patterns/SLE/sle15sp0/openssh-7023532.py --- old/sca-patterns-sle15-1.0/patterns/SLE/sle15sp0/openssh-7023532.py 1970-01-01 01:00:00.000000000 +0100 +++ new/sca-patterns-sle15-1.0/patterns/SLE/sle15sp0/openssh-7023532.py 2018-11-19 20:22:31.480899474 +0100 @@ -0,0 +1,88 @@ +#!/usr/bin/python + +# Title: openssh patch breaks gssapi +# Description: OpenSSH maintenance update breaks GSSAPI login +# Modified: 2018 Nov 19 +# +############################################################################## +# Copyright (C) 2018 SUSE +############################################################################## +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see <http://www.gnu.org/licenses/>. +# +# Authors/Contributors: +# Jason Record <jason.record@suse.com> +# +############################################################################## + +############################################################################## +# Module Definition +############################################################################## + +import os +import re +import Core +import SUSE + +############################################################################## +# Overriden (eventually or in part) from SDP::Core Module +############################################################################## + +META_CLASS = "SLE" +META_CATEGORY = "OpenSSH" +META_COMPONENT = "Login" +PATTERN_ID = os.path.basename(__file__) +PRIMARY_LINK = "META_LINK_TID" +OVERALL = Core.TEMP +OVERALL_INFO = "NOT SET" +OTHER_LINKS = "META_LINK_TID=https://www.suse.com/support/kb/doc/?id=7023532|META_LINK_BUG=https://bugzilla.suse.com/show_bug.cgi?id=1115654" + +Core.init(META_CLASS, META_CATEGORY, META_COMPONENT, PATTERN_ID, PRIMARY_LINK, OVERALL, OVERALL_INFO, OTHER_LINKS) + +############################################################################## +# Local Function Definitions +############################################################################## + +def gssapiEnabled(): + FILE_OPEN = "ssh.txt" + SECTION = "sshd_config" + GSSAPI = re.compile("^GSSAPIAuthentication.*yes", re.IGNORECASE) + CONTENT = [] + if Core.getRegExSection(FILE_OPEN, SECTION, CONTENT): + for LINE in CONTENT: + if GSSAPI.search(LINE): + return True + return False + +############################################################################## +# Main Program Execution +############################################################################## + +RPM_NAME = 'openssh' +RPM_VERSION = '7.6p1-9.3.1' +if( SUSE.packageInstalled(RPM_NAME) ): + INSTALLED_VERSION = SUSE.compareRPM(RPM_NAME, RPM_VERSION) + if( INSTALLED_VERSION == 0 ): + if gssapiEnabled(): + Core.updateStatus(Core.CRIT, "GSSAPI Logins may fail, update system to resolve") + else: + Core.updateStatus(Core.IGNORE, "GSSAPI authentication disabled") + else: + Core.updateStatus(Core.IGNORE, "GSSAPI Login issue mitigated") +else: + Core.updateStatus(Core.ERROR, "ERROR: RPM package not installed: " + RPM_NAME) + + +Core.printPatternResults() + +