diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-10-29 08:08:02 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-10-29 08:10:43 +0100 |
| commit | b34b1992a65e519af0aed5ad43b1d60e6d1f7af5 (patch) | |
| tree | 8dc613c64f5163505326de9486b645749c581c5b | |
| parent | 963fd35e9f9e62b013fe61d4e57496abf5ad2f38 (diff) | |
| download | vyos-1x-b34b1992a65e519af0aed5ad43b1d60e6d1f7af5.tar.gz vyos-1x-b34b1992a65e519af0aed5ad43b1d60e6d1f7af5.zip | |
op-mode: T5661: remove call to sudo in ssh.py and move it to XML definition
Try to have as few calls to sudo in the op-mode scripts as possible. The XML
definitions can deal with it.
(cherry picked from commit 428dee29d36cc3629990ec41afef887821886834)
| -rw-r--r-- | op-mode-definitions/show-ssh.xml.in | 2 | ||||
| -rwxr-xr-x | src/op_mode/ssh.py | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/op-mode-definitions/show-ssh.xml.in b/op-mode-definitions/show-ssh.xml.in index 88faecada..ca8e669b3 100644 --- a/op-mode-definitions/show-ssh.xml.in +++ b/op-mode-definitions/show-ssh.xml.in @@ -11,7 +11,7 @@ <properties> <help>Show SSH server dynamic-protection blocked attackers</help> </properties> - <command>${vyos_op_scripts_dir}/ssh.py show_dynamic_protection</command> + <command>sudo ${vyos_op_scripts_dir}/ssh.py show_dynamic_protection</command> </node> <node name="fingerprints"> <properties> diff --git a/src/op_mode/ssh.py b/src/op_mode/ssh.py index 89db7b3d3..acb066144 100755 --- a/src/op_mode/ssh.py +++ b/src/op_mode/ssh.py @@ -64,18 +64,18 @@ def show_fingerprints(raw: bool, ascii: bool): def show_dynamic_protection(raw: bool): config = ConfigTreeQuery() - if not config.exists("service ssh dynamic-protection"): + if not config.exists(['service', 'ssh', 'dynamic-protection']): raise vyos.opmode.UnconfiguredSubsystem("SSH server dynamic-protection is not enabled.") attackers = [] try: # IPv4 - attackers = attackers + json.loads(cmd("sudo nft -j list set ip sshguard attackers"))["nftables"][1]["set"]["elem"] + attackers = attackers + json.loads(cmd("nft -j list set ip sshguard attackers"))["nftables"][1]["set"]["elem"] except: pass try: # IPv6 - attackers = attackers + json.loads(cmd("sudo nft -j list set ip6 sshguard attackers"))["nftables"][1]["set"]["elem"] + attackers = attackers + json.loads(cmd("nft -j list set ip6 sshguard attackers"))["nftables"][1]["set"]["elem"] except: pass if attackers: |