[pmg-devel] [PATCH pmg-api 0/2] change sample-entries in default Who-Objects and check in pmg7to8

[pmg-devel] [PATCH pmg-api 0/2] change sample-entries in default Who-Objects and check in pmg7to8

[Stoiko Ivanov]

The issue was originally reported in our community-forum:
https://forum.proxmox.com/threads/.158455/

Stoiko Ivanov (2):
  fix #5972: ruledb: default ruleset: use .example as TLD
  pmg7to8: add check for deprecated default entries in ruledb

 src/PMG/CLI/pmg7to8.pm | 19 +++++++++++++++++++
 src/PMG/DBTools.pm     |  4 ++--
 src/tests/testdb.txt   |  4 ++--
 3 files changed, 23 insertions(+), 4 deletions(-)

-- 
2.39.5



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

[pmg-devel] [PATCH pmg-api 1/2] fix #5972: ruledb: default ruleset: use .example as TLD

[Stoiko Ivanov]

following RFC 2606
https://www.rfc-editor.org/rfc/rfc2606.html

reported in our community forum:
https://forum.proxmox.com/threads/.158455/

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 src/PMG/DBTools.pm   | 4 ++--
 src/tests/testdb.txt | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/PMG/DBTools.pm b/src/PMG/DBTools.pm
index 8770d06..1acc0cb 100644
--- a/src/PMG/DBTools.pm
+++ b/src/PMG/DBTools.pm
@@ -644,12 +644,12 @@ sub init_ruledb {
     # WHO Objects
 
      # Blacklist
-    my $obj =  PMG::RuleDB::EMail->new ('nomail@fromthisdomain.com');
+    my $obj =  PMG::RuleDB::EMail->new ('nomail@fromthisdomain.example');
     my $blacklist = $ruledb->create_group_with_obj(
 	$obj, 'Blacklist', 'Global blacklist');
 
     # Whitelist
-    $obj = PMG::RuleDB::EMail->new('mail@fromthisdomain.com');
+    $obj = PMG::RuleDB::EMail->new('mail@fromthisdomain.example');
     my $whitelist = $ruledb->create_group_with_obj($obj, 'Whitelist', 'Global whitelist');
 
     # WHEN Objects
diff --git a/src/tests/testdb.txt b/src/tests/testdb.txt
index 794aa15..2c4f062 100644
--- a/src/tests/testdb.txt
+++ b/src/tests/testdb.txt
@@ -1,6 +1,6 @@
 Found RULE 4: Blacklist
   FOUND FROM GROUP 1: Blacklist
-    OBJECT 1: nomail@fromthisdomain.com
+    OBJECT 1: nomail@fromthisdomain.example
   FOUND ACTION GROUP 17: Block
     OBJECT 30: block message
 Found RULE 2: Block Viruses
@@ -49,7 +49,7 @@ Found RULE 11: Block Multimedia Files
     OBJECT 27: remove matching attachments
 Found RULE 5: Whitelist
   FOUND FROM GROUP 2: Whitelist
-    OBJECT 2: mail@fromthisdomain.com
+    OBJECT 2: mail@fromthisdomain.example
   FOUND ACTION GROUP 16: Accept
     OBJECT 29: accept message
 Found RULE 8: Block Spam (Level 10)
-- 
2.39.5



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

[pmg-devel] [PATCH pmg-api 2/2] pmg7to8: add check for deprecated default entries in ruledb

[Stoiko Ivanov]

with a new section for future checks of the rule database.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 src/PMG/CLI/pmg7to8.pm | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/PMG/CLI/pmg7to8.pm b/src/PMG/CLI/pmg7to8.pm
index d0a6cbe..4e11b6b 100644
--- a/src/PMG/CLI/pmg7to8.pm
+++ b/src/PMG/CLI/pmg7to8.pm
@@ -13,6 +13,7 @@ use PMG::API2::APT;
 use PMG::API2::Certificates;
 use PMG::API2::Cluster;
 use PMG::RESTEnvironment;
+use PMG::RuleDB;
 use PMG::Utils;
 
 use Term::ANSIColor;
@@ -526,6 +527,23 @@ sub check_dkms_modules {
     }
 }
 
+sub check_ruledb {
+    log_info("Check the rulesystem...");
+
+    my $rdb = PMG::RuleDB->new();
+    my $ogroups = $rdb->load_objectgroups("who");
+    for my $who ($ogroups->@*) {
+	my $group_name = $who->{name};
+	next if ($group_name ne 'Blacklist' && $group_name ne 'Whitelist');
+	my $objects = $rdb->load_group_objects($who->{id});
+	for my $obj ($objects->@*) {
+	    log_warn("deprecated default entry in '$group_name' present: $obj->{address}")
+		if ($obj->{address} =~ m/(?:no)?mail\@fromthisdomain.com/);
+	}
+    }
+    return;
+}
+
 sub check_misc {
     print_header("MISCELLANEOUS CHECKS");
     my $ssh_config = eval { PVE::Tools::file_get_contents('/root/.ssh/config') };
@@ -637,6 +655,7 @@ __PACKAGE__->register_method ({
     code => sub {
 	my ($param) = @_;
 
+	check_ruledb();
 	check_pmg_packages();
 	check_cluster_status();
 	my $upgraded_db = check_running_postgres();
-- 
2.39.5



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel

Re: [pmg-devel] [PATCH pmg-api 2/2] pmg7to8: add check for deprecated default entries in ruledb

[Dominik Csapak]

On 1/30/25 13:33, Stoiko Ivanov wrote:
> with a new section for future checks of the rule database.
> 
> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
>   src/PMG/CLI/pmg7to8.pm | 19 +++++++++++++++++++
>   1 file changed, 19 insertions(+)
> 
> diff --git a/src/PMG/CLI/pmg7to8.pm b/src/PMG/CLI/pmg7to8.pm
> index d0a6cbe..4e11b6b 100644
> --- a/src/PMG/CLI/pmg7to8.pm
> +++ b/src/PMG/CLI/pmg7to8.pm
> @@ -13,6 +13,7 @@ use PMG::API2::APT;
>   use PMG::API2::Certificates;
>   use PMG::API2::Cluster;
>   use PMG::RESTEnvironment;
> +use PMG::RuleDB;
>   use PMG::Utils;
>   
>   use Term::ANSIColor;
> @@ -526,6 +527,23 @@ sub check_dkms_modules {
>       }
>   }
>   
> +sub check_ruledb {
> +    log_info("Check the rulesystem...");
> +
> +    my $rdb = PMG::RuleDB->new();
> +    my $ogroups = $rdb->load_objectgroups("who");
> +    for my $who ($ogroups->@*) {
> +	my $group_name = $who->{name};
> +	next if ($group_name ne 'Blacklist' && $group_name ne 'Whitelist');
> +	my $objects = $rdb->load_group_objects($who->{id});
> +	for my $obj ($objects->@*) {
> +	    log_warn("deprecated default entry in '$group_name' present: $obj->{address}")
> +		if ($obj->{address} =~ m/(?:no)?mail\@fromthisdomain.com/);

I'd like here an additional sentence to the user what can be done, e.g. 'consider removing the rule'
or something like that. When having such a migration/upgrade tool, we should always
provide instructions on what to do when something is off.

> +	}
> +    }
> +    return;
> +}
> +
>   sub check_misc {
>       print_header("MISCELLANEOUS CHECKS");
>       my $ssh_config = eval { PVE::Tools::file_get_contents('/root/.ssh/config') };
> @@ -637,6 +655,7 @@ __PACKAGE__->register_method ({
>       code => sub {
>   	my ($param) = @_;
>   
> +	check_ruledb();
>   	check_pmg_packages();
>   	check_cluster_status();
>   	my $upgraded_db = check_running_postgres();



_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel