summaryrefslogtreecommitdiff
path: root/src/op_mode
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2023-10-29 08:08:02 +0100
committerChristian Breunig <christian@breunig.cc>2023-10-29 08:10:43 +0100
commitb34b1992a65e519af0aed5ad43b1d60e6d1f7af5 (patch)
tree8dc613c64f5163505326de9486b645749c581c5b /src/op_mode
parent963fd35e9f9e62b013fe61d4e57496abf5ad2f38 (diff)
downloadvyos-1x-b34b1992a65e519af0aed5ad43b1d60e6d1f7af5.tar.gz
vyos-1x-b34b1992a65e519af0aed5ad43b1d60e6d1f7af5.zip
op-mode: T5661: remove call to sudo in ssh.py and move it to XML definition
Try to have as few calls to sudo in the op-mode scripts as possible. The XML definitions can deal with it. (cherry picked from commit 428dee29d36cc3629990ec41afef887821886834)
Diffstat (limited to 'src/op_mode')
-rwxr-xr-xsrc/op_mode/ssh.py6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/op_mode/ssh.py b/src/op_mode/ssh.py
index 89db7b3d3..acb066144 100755
--- a/src/op_mode/ssh.py
+++ b/src/op_mode/ssh.py
@@ -64,18 +64,18 @@ def show_fingerprints(raw: bool, ascii: bool):
def show_dynamic_protection(raw: bool):
config = ConfigTreeQuery()
- if not config.exists("service ssh dynamic-protection"):
+ if not config.exists(['service', 'ssh', 'dynamic-protection']):
raise vyos.opmode.UnconfiguredSubsystem("SSH server dynamic-protection is not enabled.")
attackers = []
try:
# IPv4
- attackers = attackers + json.loads(cmd("sudo nft -j list set ip sshguard attackers"))["nftables"][1]["set"]["elem"]
+ attackers = attackers + json.loads(cmd("nft -j list set ip sshguard attackers"))["nftables"][1]["set"]["elem"]
except:
pass
try:
# IPv6
- attackers = attackers + json.loads(cmd("sudo nft -j list set ip6 sshguard attackers"))["nftables"][1]["set"]["elem"]
+ attackers = attackers + json.loads(cmd("nft -j list set ip6 sshguard attackers"))["nftables"][1]["set"]["elem"]
except:
pass
if attackers: