OpenSCAP /
oscap-anaconda-addon
| @@ 269-312 (lines=44) @@ | ||
| 266 | return |
|
| 267 | ||
| 268 | ||
| 269 | class ScheduleFirstbootRemediationTask(Task): |
|
| 270 | """The installation task for running the remediation.""" |
|
| 271 | ||
| 272 | def __init__(self, sysroot, policy_data, target_content_path, |
|
| 273 | target_tailoring_path): |
|
| 274 | """Create a task.""" |
|
| 275 | super().__init__() |
|
| 276 | self._sysroot = sysroot |
|
| 277 | self._policy_data = policy_data |
|
| 278 | self._target_content_path = target_content_path |
|
| 279 | self._target_tailoring_path = target_tailoring_path |
|
| 280 | ||
| 281 | @property |
|
| 282 | def name(self): |
|
| 283 | return "Schedule first-boot remediation" |
|
| 284 | ||
| 285 | def run(self): |
|
| 286 | """Run the task.""" |
|
| 287 | try: |
|
| 288 | common.assert_scanner_works( |
|
| 289 | chroot=self._sysroot, executable="oscap") |
|
| 290 | except Exception as exc: |
|
| 291 | msg_lines = [_( |
|
| 292 | "The 'oscap' scanner doesn't work in the installed system: {error}" |
|
| 293 | .format(error=str(exc)))] |
|
| 294 | msg_lines.append(_("As a result, the installed system can't be hardened.")) |
|
| 295 | terminate("\n".join(msg_lines)) |
|
| 296 | return |
|
| 297 | ||
| 298 | try: |
|
| 299 | common.schedule_firstboot_remediation( |
|
| 300 | self._sysroot, |
|
| 301 | self._policy_data.profile_id, |
|
| 302 | self._target_content_path, |
|
| 303 | self._policy_data.datastream_id, |
|
| 304 | self._policy_data.xccdf_id, |
|
| 305 | self._target_tailoring_path, |
|
| 306 | ) |
|
| 307 | except Exception as exc: |
|
| 308 | msg = _( |
|
| 309 | "Something went wrong when scheduling the first-boot remediation: {exc}." |
|
| 310 | .format(exc=str(exc))) |
|
| 311 | terminate(msg) |
|
| 312 | return |
|
| 313 | ||
| @@ 225-266 (lines=42) @@ | ||
| 222 | shutil.copy2(self._tailoring_path, target_content_dir) |
|
| 223 | ||
| 224 | ||
| 225 | class RemediateSystemTask(Task): |
|
| 226 | """The installation task for running the remediation.""" |
|
| 227 | ||
| 228 | def __init__(self, sysroot, policy_data, target_content_path, |
|
| 229 | target_tailoring_path): |
|
| 230 | """Create a task.""" |
|
| 231 | super().__init__() |
|
| 232 | self._sysroot = sysroot |
|
| 233 | self._policy_data = policy_data |
|
| 234 | self._target_content_path = target_content_path |
|
| 235 | self._target_tailoring_path = target_tailoring_path |
|
| 236 | ||
| 237 | @property |
|
| 238 | def name(self): |
|
| 239 | return "Remediate the system" |
|
| 240 | ||
| 241 | def run(self): |
|
| 242 | """Run the task.""" |
|
| 243 | try: |
|
| 244 | common.assert_scanner_works( |
|
| 245 | chroot=self._sysroot, executable="oscap") |
|
| 246 | except Exception as exc: |
|
| 247 | msg_lines = [_( |
|
| 248 | "The 'oscap' scanner doesn't work in the installed system: {error}" |
|
| 249 | .format(error=str(exc)))] |
|
| 250 | msg_lines.append(_("As a result, the installed system can't be hardened.")) |
|
| 251 | terminate("\n".join(msg_lines)) |
|
| 252 | return |
|
| 253 | ||
| 254 | try: |
|
| 255 | common.run_oscap_remediate( |
|
| 256 | self._policy_data.profile_id, |
|
| 257 | self._target_content_path, |
|
| 258 | self._policy_data.datastream_id, |
|
| 259 | self._policy_data.xccdf_id, |
|
| 260 | self._target_tailoring_path, |
|
| 261 | chroot=self._sysroot |
|
| 262 | ) |
|
| 263 | except Exception as exc: |
|
| 264 | msg = _(f"Something went wrong during the final hardening: {str(exc)}.") |
|
| 265 | terminate(msg) |
|
| 266 | return |
|
| 267 | ||
| 268 | ||
| 269 | class ScheduleFirstbootRemediationTask(Task): |
|
