gbucchino/check_sys
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Analyzing apache

Browse Source
This commit is contained in:
geoffrey 2023-09-14 21:34:18 +02:00
parent 5757ec94ca
commit 20d15fa8ec
2 changed files with 51 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
audit/system/plugins/apache.py
View File

@ -1,10 +1,17 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
def apache() -> list: def apache_protocols() -> dict:
ssl = list() ssl = dict()
# Check if apaches has disabled the bad SSL/TLS version # Check if apaches has disabled the bad SSL/TLS version
ssl["description"] = "Disable deprecated SSL/TLS versions"
ssl["level"] = "high"
ssl["protocols"] = list()
# https://httpd.apache.org/docs/trunk/ssl/ssl_howto.html
ssl["protocols"].append("-TLSv1")
ssl["protocols"].append("-TLSv1.1")
ssl["protocols"].append("-SSLv3")
ssl["recommand_value"] = "SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1"
return ssl return ssl

45
core/plugins/apache.py
View File

@ -3,12 +3,12 @@
import re import re
from os import listdir from os import listdir
from os.path import isdir from os.path import isdir
from audit.system.plugins.apache import apache from audit.system.plugins.apache import apache_protocols
class Apache: class Apache:
def __init__(self, arguments): def __init__(self, arguments):
self._objects = apache() self._ssl_versions = apache_protocols()
self._reports = dict() self._reports = dict()
self._apache_directory = arguments["apache_directory"] self._apache_directory = arguments["apache_directory"]
@ -20,12 +20,12 @@ class Apache:
def runAudit(self): def runAudit(self):
print("Running test for Apache") print("Running test for Apache")
self._runParsing() self._analyzingSslVersion()
def getReports(self) -> dict: def getReports(self) -> dict:
return self._reports return self._reports
def _runParsing(self): def _analyzingSslVersion(self):
# Check if the file exist # Check if the file exist
path = f"{self._apache_directory}/sites-available" path = f"{self._apache_directory}/sites-available"
if isdir(path): if isdir(path):
@ -37,6 +37,8 @@ class Apache:
self._reports['audit'] = False self._reports['audit'] = False
self._reports["msg"] = "No directory found" self._reports["msg"] = "No directory found"
print(self._reports)
def _parseFile(self, fdata): def _parseFile(self, fdata):
data = fdata.read() data = fdata.read()
lines = data.splitlines() lines = data.splitlines()
@ -47,7 +49,40 @@ class Apache:
# check if SSL is enable for the VirtualHost # check if SSL is enable for the VirtualHost
grSSLEngine = re.search("SSLEngine on", line) grSSLEngine = re.search("SSLEngine on", line)
if grSSLEngine: if grSSLEngine:
self._check_ssl_version(lines)
def _check_ssl_version(self, lines):
findProtocol = False
protocolsFound = list()
for line in lines:
line = line.decode("utf-8")
grSSLProtocol = re.search("SSLProtocol", line)
if grSSLProtocol:
for protocol in self._ssl_versions["protocols"]:
if protocol in line:
print(line) print(line)
protocolsFound.append(protocol)
findProtocol = True
print(protocolsFound)
if len(self._ssl_versions) == len(protocolsFound):
print("Success")
else:
print("Failed")
if findProtocol:
self._reports["ssl"]["result"] = "success"
else:
self._reports["ssl"]["result"] = "failed"
self._reports["ssl"]["description"] = \
self._ssl_versions["description"]
self._reports["ssl"]["level"] = self._ssl_versions["level"]
self._reports["ssl"]["recommand_value"] = \
self._ssl_versions["recommand_value"]
def _check_value_exist(self, line, value) -> bool: def _check_value_exist(self, line, value) -> bool:
grValue = re.search(value, line) grValue = re.search(value, line)
@ -66,4 +101,4 @@ class Apache:
- description: description of the vulnerability - description: description of the vulnerability
- level: high, medium or low - level: high, medium or low
""" """
self._reports['apache'] = dict() self._reports['ssl'] = dict()