diff options
author | Christian Breunig <christian@breunig.cc> | 2023-10-29 08:08:02 +0100 |
---|---|---|
committer | Christian Breunig <christian@breunig.cc> | 2023-10-29 08:08:02 +0100 |
commit | 428dee29d36cc3629990ec41afef887821886834 (patch) | |
tree | c9658858f9ca2ad7098559b616214633bca0bfd4 /src/op_mode/ssh.py | |
parent | e1b4e972b40941acec76c97e714767214cefe426 (diff) | |
download | vyos-1x-428dee29d36cc3629990ec41afef887821886834.tar.gz vyos-1x-428dee29d36cc3629990ec41afef887821886834.zip |
op-mode: T5661: remove call to sudo in ssh.py and move it to XML definition
Try to have as few calls to sudo in the op-mode scripts as possible. The XML
definitions can deal with it.
Diffstat (limited to 'src/op_mode/ssh.py')
-rwxr-xr-x | src/op_mode/ssh.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/op_mode/ssh.py b/src/op_mode/ssh.py index c09b2166f..102becc55 100755 --- a/src/op_mode/ssh.py +++ b/src/op_mode/ssh.py @@ -64,18 +64,18 @@ def show_fingerprints(raw: bool, ascii: bool): def show_dynamic_protection(raw: bool): config = ConfigTreeQuery() - if not config.exists("service ssh dynamic-protection"): + if not config.exists(['service', 'ssh', 'dynamic-protection']): raise vyos.opmode.UnconfiguredSubsystem("SSH server dynamic-protection is not enabled.") attackers = [] try: # IPv4 - attackers = attackers + json.loads(cmd("sudo nft -j list set ip sshguard attackers"))["nftables"][1]["set"]["elem"] + attackers = attackers + json.loads(cmd("nft -j list set ip sshguard attackers"))["nftables"][1]["set"]["elem"] except: pass try: # IPv6 - attackers = attackers + json.loads(cmd("sudo nft -j list set ip6 sshguard attackers"))["nftables"][1]["set"]["elem"] + attackers = attackers + json.loads(cmd("nft -j list set ip6 sshguard attackers"))["nftables"][1]["set"]["elem"] except: pass if attackers: |