Analyzing apache
This commit is contained in:
		
							parent
							
								
									5757ec94ca
								
							
						
					
					
						commit
						20d15fa8ec
					
				| @ -1,10 +1,17 @@ | ||||
| #!/usr/bin/env python3 | ||||
| 
 | ||||
| def apache() -> list: | ||||
|     ssl = list() | ||||
| def apache_protocols() -> dict: | ||||
|     ssl = dict() | ||||
| 
 | ||||
|     # Check if apaches has disabled the bad SSL/TLS version | ||||
| 
 | ||||
|     ssl["description"] = "Disable deprecated SSL/TLS versions" | ||||
|     ssl["level"] = "high" | ||||
|     ssl["protocols"] = list() | ||||
|     # https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html | ||||
|     ssl["protocols"].append("-TLSv1") | ||||
|     ssl["protocols"].append("-TLSv1.1") | ||||
|     ssl["protocols"].append("-SSLv3") | ||||
|     ssl["recommand_value"] = "SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1" | ||||
| 
 | ||||
|     return ssl | ||||
| 
 | ||||
|  | ||||
| @ -3,12 +3,12 @@ | ||||
| import re | ||||
| from os import listdir | ||||
| from os.path import isdir | ||||
| from audit.system.plugins.apache import apache | ||||
| from audit.system.plugins.apache import apache_protocols | ||||
| 
 | ||||
| 
 | ||||
| class Apache: | ||||
|     def __init__(self, arguments): | ||||
|         self._objects = apache() | ||||
|         self._ssl_versions = apache_protocols() | ||||
|         self._reports = dict() | ||||
|         self._apache_directory = arguments["apache_directory"] | ||||
| 
 | ||||
| @ -20,12 +20,12 @@ class Apache: | ||||
| 
 | ||||
|     def runAudit(self): | ||||
|         print("Running test for Apache") | ||||
|         self._runParsing() | ||||
|         self._analyzingSslVersion() | ||||
| 
 | ||||
|     def getReports(self) -> dict: | ||||
|         return self._reports | ||||
| 
 | ||||
|     def _runParsing(self): | ||||
|     def _analyzingSslVersion(self): | ||||
|         # Check if the file exist | ||||
|         path = f"{self._apache_directory}/sites-available" | ||||
|         if isdir(path): | ||||
| @ -37,6 +37,8 @@ class Apache: | ||||
|             self._reports['audit'] = False | ||||
|             self._reports["msg"] = "No directory found" | ||||
| 
 | ||||
|         print(self._reports) | ||||
| 
 | ||||
|     def _parseFile(self, fdata): | ||||
|         data = fdata.read() | ||||
|         lines = data.splitlines() | ||||
| @ -47,7 +49,40 @@ class Apache: | ||||
|             # check if SSL is enable for the VirtualHost | ||||
|             grSSLEngine = re.search("SSLEngine on", line) | ||||
|             if grSSLEngine: | ||||
|                 print(line) | ||||
|                 self._check_ssl_version(lines) | ||||
| 
 | ||||
|     def _check_ssl_version(self, lines): | ||||
|         findProtocol = False | ||||
|         protocolsFound = list() | ||||
|         for line in lines: | ||||
|             line = line.decode("utf-8") | ||||
| 
 | ||||
|             grSSLProtocol = re.search("SSLProtocol", line) | ||||
|             if grSSLProtocol: | ||||
|                 for protocol in self._ssl_versions["protocols"]: | ||||
|                     if protocol in line: | ||||
|                         print(line) | ||||
|                         protocolsFound.append(protocol) | ||||
|                         findProtocol = True | ||||
| 
 | ||||
|         print(protocolsFound) | ||||
| 
 | ||||
|         if len(self._ssl_versions) == len(protocolsFound): | ||||
|             print("Success") | ||||
|         else: | ||||
|             print("Failed") | ||||
| 
 | ||||
|         if findProtocol: | ||||
|             self._reports["ssl"]["result"] = "success" | ||||
|         else: | ||||
|             self._reports["ssl"]["result"] = "failed" | ||||
| 
 | ||||
|          | ||||
|         self._reports["ssl"]["description"] = \ | ||||
|             self._ssl_versions["description"] | ||||
|         self._reports["ssl"]["level"] = self._ssl_versions["level"] | ||||
|         self._reports["ssl"]["recommand_value"] = \ | ||||
|             self._ssl_versions["recommand_value"] | ||||
| 
 | ||||
|     def _check_value_exist(self, line, value) -> bool: | ||||
|         grValue = re.search(value, line) | ||||
| @ -66,4 +101,4 @@ class Apache: | ||||
|               - description: description of the vulnerability | ||||
|               - level: high, medium or low | ||||
|         """ | ||||
|         self._reports['apache'] = dict() | ||||
|         self._reports['ssl'] = dict() | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user