* [pmg-devel] [PATCH pmg-api 0/2] change sample-entries in default Who-Objects and check in pmg7to8
@ 2025-01-30 12:33 Stoiko Ivanov
2025-01-30 12:33 ` [pmg-devel] [PATCH pmg-api 1/2] fix #5972: ruledb: default ruleset: use .example as TLD Stoiko Ivanov
2025-01-30 12:33 ` [pmg-devel] [PATCH pmg-api 2/2] pmg7to8: add check for deprecated default entries in ruledb Stoiko Ivanov
0 siblings, 2 replies; 3+ messages in thread
From: Stoiko Ivanov @ 2025-01-30 12:33 UTC (permalink / raw)
To: pmg-devel
The issue was originally reported in our community-forum:
https://forum.proxmox.com/threads/.158455/
Stoiko Ivanov (2):
fix #5972: ruledb: default ruleset: use .example as TLD
pmg7to8: add check for deprecated default entries in ruledb
src/PMG/CLI/pmg7to8.pm | 19 +++++++++++++++++++
src/PMG/DBTools.pm | 4 ++--
src/tests/testdb.txt | 4 ++--
3 files changed, 23 insertions(+), 4 deletions(-)
--
2.39.5
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pmg-devel] [PATCH pmg-api 1/2] fix #5972: ruledb: default ruleset: use .example as TLD
2025-01-30 12:33 [pmg-devel] [PATCH pmg-api 0/2] change sample-entries in default Who-Objects and check in pmg7to8 Stoiko Ivanov
@ 2025-01-30 12:33 ` Stoiko Ivanov
2025-01-30 12:33 ` [pmg-devel] [PATCH pmg-api 2/2] pmg7to8: add check for deprecated default entries in ruledb Stoiko Ivanov
1 sibling, 0 replies; 3+ messages in thread
From: Stoiko Ivanov @ 2025-01-30 12:33 UTC (permalink / raw)
To: pmg-devel
following RFC 2606
https://www.rfc-editor.org/rfc/rfc2606.html
reported in our community forum:
https://forum.proxmox.com/threads/.158455/
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/PMG/DBTools.pm | 4 ++--
src/tests/testdb.txt | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/PMG/DBTools.pm b/src/PMG/DBTools.pm
index 8770d06..1acc0cb 100644
--- a/src/PMG/DBTools.pm
+++ b/src/PMG/DBTools.pm
@@ -644,12 +644,12 @@ sub init_ruledb {
# WHO Objects
# Blacklist
- my $obj = PMG::RuleDB::EMail->new ('nomail@fromthisdomain.com');
+ my $obj = PMG::RuleDB::EMail->new ('nomail@fromthisdomain.example');
my $blacklist = $ruledb->create_group_with_obj(
$obj, 'Blacklist', 'Global blacklist');
# Whitelist
- $obj = PMG::RuleDB::EMail->new('mail@fromthisdomain.com');
+ $obj = PMG::RuleDB::EMail->new('mail@fromthisdomain.example');
my $whitelist = $ruledb->create_group_with_obj($obj, 'Whitelist', 'Global whitelist');
# WHEN Objects
diff --git a/src/tests/testdb.txt b/src/tests/testdb.txt
index 794aa15..2c4f062 100644
--- a/src/tests/testdb.txt
+++ b/src/tests/testdb.txt
@@ -1,6 +1,6 @@
Found RULE 4: Blacklist
FOUND FROM GROUP 1: Blacklist
- OBJECT 1: nomail@fromthisdomain.com
+ OBJECT 1: nomail@fromthisdomain.example
FOUND ACTION GROUP 17: Block
OBJECT 30: block message
Found RULE 2: Block Viruses
@@ -49,7 +49,7 @@ Found RULE 11: Block Multimedia Files
OBJECT 27: remove matching attachments
Found RULE 5: Whitelist
FOUND FROM GROUP 2: Whitelist
- OBJECT 2: mail@fromthisdomain.com
+ OBJECT 2: mail@fromthisdomain.example
FOUND ACTION GROUP 16: Accept
OBJECT 29: accept message
Found RULE 8: Block Spam (Level 10)
--
2.39.5
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
* [pmg-devel] [PATCH pmg-api 2/2] pmg7to8: add check for deprecated default entries in ruledb
2025-01-30 12:33 [pmg-devel] [PATCH pmg-api 0/2] change sample-entries in default Who-Objects and check in pmg7to8 Stoiko Ivanov
2025-01-30 12:33 ` [pmg-devel] [PATCH pmg-api 1/2] fix #5972: ruledb: default ruleset: use .example as TLD Stoiko Ivanov
@ 2025-01-30 12:33 ` Stoiko Ivanov
1 sibling, 0 replies; 3+ messages in thread
From: Stoiko Ivanov @ 2025-01-30 12:33 UTC (permalink / raw)
To: pmg-devel
with a new section for future checks of the rule database.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/PMG/CLI/pmg7to8.pm | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/src/PMG/CLI/pmg7to8.pm b/src/PMG/CLI/pmg7to8.pm
index d0a6cbe..4e11b6b 100644
--- a/src/PMG/CLI/pmg7to8.pm
+++ b/src/PMG/CLI/pmg7to8.pm
@@ -13,6 +13,7 @@ use PMG::API2::APT;
use PMG::API2::Certificates;
use PMG::API2::Cluster;
use PMG::RESTEnvironment;
+use PMG::RuleDB;
use PMG::Utils;
use Term::ANSIColor;
@@ -526,6 +527,23 @@ sub check_dkms_modules {
}
}
+sub check_ruledb {
+ log_info("Check the rulesystem...");
+
+ my $rdb = PMG::RuleDB->new();
+ my $ogroups = $rdb->load_objectgroups("who");
+ for my $who ($ogroups->@*) {
+ my $group_name = $who->{name};
+ next if ($group_name ne 'Blacklist' && $group_name ne 'Whitelist');
+ my $objects = $rdb->load_group_objects($who->{id});
+ for my $obj ($objects->@*) {
+ log_warn("deprecated default entry in '$group_name' present: $obj->{address}")
+ if ($obj->{address} =~ m/(?:no)?mail\@fromthisdomain.com/);
+ }
+ }
+ return;
+}
+
sub check_misc {
print_header("MISCELLANEOUS CHECKS");
my $ssh_config = eval { PVE::Tools::file_get_contents('/root/.ssh/config') };
@@ -637,6 +655,7 @@ __PACKAGE__->register_method ({
code => sub {
my ($param) = @_;
+ check_ruledb();
check_pmg_packages();
check_cluster_status();
my $upgraded_db = check_running_postgres();
--
2.39.5
_______________________________________________
pmg-devel mailing list
pmg-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2025-01-30 12:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-01-30 12:33 [pmg-devel] [PATCH pmg-api 0/2] change sample-entries in default Who-Objects and check in pmg7to8 Stoiko Ivanov
2025-01-30 12:33 ` [pmg-devel] [PATCH pmg-api 1/2] fix #5972: ruledb: default ruleset: use .example as TLD Stoiko Ivanov
2025-01-30 12:33 ` [pmg-devel] [PATCH pmg-api 2/2] pmg7to8: add check for deprecated default entries in ruledb Stoiko Ivanov
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox