From 44355e6525daec62120601073065f63c9f9a7993 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 25 Sep 2018 20:09:22 +0200 Subject: add dependency on debian tshark package --- debian/control | 1 + 1 file changed, 1 insertion(+) diff --git a/debian/control b/debian/control index 0912acbcb..4cd852687 100644 --- a/debian/control +++ b/debian/control @@ -25,6 +25,7 @@ Depends: python3, python3-isc-dhcp-leases, ipaddrcheck, tcpdump, + tshark, bmon, hvinfo, file, -- cgit v1.2.3 From 6b138fe680c9dc97bddbf981fe0c747ede55f660 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 25 Sep 2018 20:09:22 +0200 Subject: T855: fix SNMP python verify() to allow non group assignment VyOS 1.1.8 support SNMPv3 without a group beeing assigned to a user. This was yet not supported in VyOS 1.2.0. Use for testing: ================ set service snmp v3 user testsnmpv3 auth plain 'authkey12345' set service snmp v3 user testsnmpv3 auth type sha set service snmp v3 user testsnmpv3 mode ro set service snmp v3 user testsnmpv3 privacy plain 'privkey12345' set service snmp v3 user testsnmpv3 privacy type aes --- src/conf_mode/snmp.py | 47 ++++++++++++++++++++++------------------------- 1 file changed, 22 insertions(+), 25 deletions(-) diff --git a/src/conf_mode/snmp.py b/src/conf_mode/snmp.py index 69952e5e2..cbca72a85 100755 --- a/src/conf_mode/snmp.py +++ b/src/conf_mode/snmp.py @@ -669,48 +669,45 @@ def verify(snmp): # Group must exist prior to mapping it into a group # seclevel will be extracted from group # - error = True if user['group']: + error = True if 'v3_groups' in snmp.keys(): for group in snmp['v3_groups']: if group['name'] == user['group']: seclevel = group['seclevel'] error = False - if error: - raise ConfigError('You must create group "{0}" first'.format(user['group'])) + if error: + raise ConfigError('You must create group "{0}" first'.format(user['group'])) # Depending on the configured security level # the user has to provide additional info - if seclevel in ('auth', 'priv'): - if user['authPassword'] and user['authMasterKey']: - raise ConfigError('Can not mix "encrypted-key" and "plaintext-key" for user auth') + if user['authPassword'] and user['authMasterKey']: + raise ConfigError('Can not mix "encrypted-key" and "plaintext-key" for user auth') - if (not user['authPassword'] and not user['authMasterKey']): - raise ConfigError('Must specify encrypted-key or plaintext-key for user auth') + if (not user['authPassword'] and not user['authMasterKey']): + raise ConfigError('Must specify encrypted-key or plaintext-key for user auth') - # seclevel 'priv' is more restrictive - if seclevel in ('priv'): - if user['privPassword'] and user['privMasterKey']: - raise ConfigError('Can not mix "encrypted-key" and "plaintext-key" for user privacy') + if user['privPassword'] and user['privMasterKey']: + raise ConfigError('Can not mix "encrypted-key" and "plaintext-key" for user privacy') - if user['privPassword'] == '' and user['privMasterKey'] == '': - raise ConfigError('Must specify encrypted-key or plaintext-key for user privacy') + if user['privPassword'] == '' and user['privMasterKey'] == '': + raise ConfigError('Must specify encrypted-key or plaintext-key for user privacy') - if user['privMasterKey'] and user['engineID'] == '': - raise ConfigError('Can not have "encrypted-key" without engineid') + if user['privMasterKey'] and user['engineID'] == '': + raise ConfigError('Can not have "encrypted-key" without engineid') - if user['authPassword'] == '' and user['authMasterKey'] == '' and user['privTsmKey'] == '': - raise ConfigError('Must specify auth or tsm-key for user auth') + if user['authPassword'] == '' and user['authMasterKey'] == '' and user['privTsmKey'] == '': + raise ConfigError('Must specify auth or tsm-key for user auth') - if user['mode'] == '': - raise ConfigError('Must specify user mode ro/rw') + if user['mode'] == '': + raise ConfigError('Must specify user mode ro/rw') - if user['privTsmKey']: - if not tsmKeyPattern.match(snmp['v3_tsm_key']): - if not os.path.isfile('/etc/snmp/tls/certs/' + snmp['v3_tsm_key']): - if not os.path.isfile('/config/snmp/tls/certs/' + snmp['v3_tsm_key']): - raise ConfigError('User TSM key must be fingerprint or filename in "/config/snmp/tls/certs/" folder') + if user['privTsmKey']: + if not tsmKeyPattern.match(snmp['v3_tsm_key']): + if not os.path.isfile('/etc/snmp/tls/certs/' + snmp['v3_tsm_key']): + if not os.path.isfile('/config/snmp/tls/certs/' + snmp['v3_tsm_key']): + raise ConfigError('User TSM key must be fingerprint or filename in "/config/snmp/tls/certs/" folder') if 'v3_views' in snmp.keys(): for view in snmp['v3_views']: -- cgit v1.2.3 From f321f2be4911f480c145140bb35ea1776dd7067e Mon Sep 17 00:00:00 2001 From: hagbard Date: Sun, 30 Sep 2018 16:57:48 -0700 Subject: Added descriptive information for show wireguard --- op-mode-definitions/wireguard.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/op-mode-definitions/wireguard.xml b/op-mode-definitions/wireguard.xml index dd62f0f2f..80888e930 100644 --- a/op-mode-definitions/wireguard.xml +++ b/op-mode-definitions/wireguard.xml @@ -27,6 +27,9 @@ + + Wireguard properties + -- cgit v1.2.3 From 67056bb0819a19f28b2f127d77f803b3afcd6609 Mon Sep 17 00:00:00 2001 From: hagbard Date: Sun, 30 Sep 2018 17:04:14 -0700 Subject: Added show like all the other nodes have --- op-mode-definitions/wireguard.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/op-mode-definitions/wireguard.xml b/op-mode-definitions/wireguard.xml index 80888e930..681bb5f47 100644 --- a/op-mode-definitions/wireguard.xml +++ b/op-mode-definitions/wireguard.xml @@ -28,7 +28,7 @@ - Wireguard properties + Show wireguard properties -- cgit v1.2.3 From fe1569154d2019c54487662fa789f958cdb93de7 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 2 Oct 2018 09:48:22 +0200 Subject: T869: rsyslog configuration typo (cherry picked from commit 8a1e66ef20e872bd4f6c9adc68befbf09e9ef122) --- data/templates/rsyslog/rsyslog.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/rsyslog/rsyslog.conf b/data/templates/rsyslog/rsyslog.conf index 0910bd662..ab60fc0f0 100644 --- a/data/templates/rsyslog/rsyslog.conf +++ b/data/templates/rsyslog/rsyslog.conf @@ -9,7 +9,7 @@ $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support (previously done by rklogd) #$ModLoad immark # provides --MARK-- message capability -$OmitLocalLogging no +$OmitLocalLogging off $SystemLogSocketName /run/systemd/journal/syslog $KLogPath /proc/kmsg -- cgit v1.2.3