crypto-policies - files in /etc/crypto-policies/back-ends/

This is a collection of parsers that all deal with the generated configuration files under the /etc/crypto-policies/back-ends/ folder. Parsers included in this module are:

CryptoPoliciesConfig - file /etc/crypto-policies/config

CryptoPoliciesStateCurrent - file /etc/crypto-policies/state/current

CryptoPoliciesOpensshserver - file /etc/crypto-policies/back-ends/opensshserver.config

CryptoPoliciesBind - file /etc/crypto-policies/back-ends/bind.config

class insights.parsers.crypto_policies.CryptoPoliciesBind(context)[source]

Bases: Parser

This parser reads the /etc/crypto-policies/back-ends/bind.config file. The sections disable-algorithms and disable-ds-digests are in the properties disable_algorithms and disable_ds_digests.

Sample Input:

disable-algorithms "." {
RSAMD5;
DSA;
};
disable-ds-digests "." {
GOST;
};

Examples

>>> 'GOST' in cp_bind.disable_ds_digests
True
>>> cp_bind.disable_algorithms
['RSAMD5', 'DSA']
parse_content(content)[source]

This method must be implemented by classes based on this class.

class insights.parsers.crypto_policies.CryptoPoliciesConfig(context)[source]

Bases: Parser

This parser reads the /etc/crypto-policies/config file. The contents of the file is a single-line value, available in the value property.

Sample Input:

LEGACY

Examples

>>> cp_c.value
'LEGACY'
parse_content(content)[source]

This method must be implemented by classes based on this class.

class insights.parsers.crypto_policies.CryptoPoliciesOpensshserver(context)[source]

Bases: SysconfigOptions

This parser reads the /etc/crypto-policies/back-ends/opensshserver.config file. It uses the SysconfigOptions parser class to convert the file into a dictionary of options. It also provides the options property as a helper to retrieve the CRYPTO_POLICY variable.

Sample Input:

CRYPTO_POLICY='-oCiphers=aes256-gcm@openssh.com,3des-cbc -oMACs=umac-128-etm@openssh.com'

Examples

>>> 'CRYPTO_POLICY' in cp_os
True
>>> cp_os.options
'-oCiphers=aes256-gcm@openssh.com,3des-cbc -oMACs=umac-128-etm@openssh.com'
property options

The value of the CRYPTO_POLICY variable if it exists, else None.

Type

(union[str, None])

class insights.parsers.crypto_policies.CryptoPoliciesStateCurrent(context)[source]

Bases: Parser

This parser reads the /etc/crypto-policies/state/current file. The contents of the file is a single-line value, available in the value property.

Sample Input:

LEGACY

Examples

>>> cp_sc.value
'LEGACY'
parse_content(content)[source]

This method must be implemented by classes based on this class.