gbucchino/check_sys
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Parsing vulnerabilities

Browse Source
This commit is contained in:
geoffrey 2023-06-05 21:26:39 +02:00
parent 6cb4cacaf9
commit 9a4c845f6d
2 changed files with 33 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
parsing/sysctl.py
View File

@ -30,9 +30,9 @@ class Parsing(ParsingBase):
# After that, for each data, I put the number of occurence I found. # After that, for each data, I put the number of occurence I found.
# If the array is empty, no entry found for a flag, otherwise, we check the value # If the array is empty, no entry found for a flag, otherwise, we check the value
for obj in self._objects['sysctl']: for obj in self._objects['sysctl']:
resultsFlag[obj['flag']] = list() resultsFlag[obj['flag']] = dict()
resultsFlag[obj['flag']]['recommand_value'] = obj['value']
print(resultsFlag) resultsFlag[obj['flag']]['occurence'] = 0
for line in lines: for line in lines:
line = line.decode("utf-8") line = line.decode("utf-8")
@ -40,39 +40,28 @@ class Parsing(ParsingBase):
for obj in self._objects['sysctl']: for obj in self._objects['sysctl']:
result = self._parsingFile(line, obj, resultsFlag) result = self._parsingFile(line, obj, resultsFlag)
if result: if result:
print(resultsFlag[obj['flag']][ resultsFlag[obj['flag']]['lineNumber'] = numLines
len(resultsFlag[obj['flag']]) - 1: resultsFlag[obj['flag']]['occurence'] += 1
len(resultsFlag[obj['flag']])
])
# If not exist, we recommand to put the flag
#if len(result) == 0:
# # print("Not find")
# pass
## If the flag is found
#else:
# # And if the current value is not setted corectly for the vulnerability
# print(result)
#
# self._reports[obj['flag']].append({
# 'lineNumber': numLines,
# 'value': obj['value'],
# 'audit': 'failed' # Or success
# })
#
# #if result['value'] != result['current_value']:
# # print(f"You must change the value to {obj['value']} for fixing the vulnerabilities")
numLines += 1 numLines += 1
print(self._reports)
# Now, we can check if the value is specified or not # Now, we can check if the value is specified or not
# And check if the flag is specified and need to put on the sysctl config # And check if the flag is specified and need to put on the sysctl config
print("")
for entry in resultsFlag: for entry in resultsFlag:
print(entry) obj = resultsFlag[entry]
print(resultsFlag[entry]) if obj['occurence'] > 0:
print(entry)
print(obj)
if obj['current_value'] != obj['recommand_value']:
self._reports[entry]['message'] = \
f"You specify this value {obj['current_value']}" \
", you should use this value {obj['recommand_value']}"
else:
# No find the flag, we recommand to enable it
self._reports[entry]['message'] = ""
# We can generate the report # We can generate the report
print(self._reports)
def _parsingFile(self, line, obj, resultsFlag) -> bool: def _parsingFile(self, line, obj, resultsFlag) -> bool:
""" """
@ -85,23 +74,13 @@ class Parsing(ParsingBase):
# Avoid the comment # Avoid the comment
if not line.startswith('#'): if not line.startswith('#'):
sLine = line.split('=') sLine = line.split('=')
flag = sLine[0] flag = sLine[0].strip()
value = int(sLine[1].strip('')) value = int(sLine[1].strip())
resultsFlag[flag]['current_value'] = value
result = True result = True
#print(sLine)
resultsFlag[flag].append({
'current_value': value,
'value': obj['value']
})
#result['found'] = flag
#result['current_value'] = value
#result['value'] = obj['value']
#if value != obj['value']:
# print("Need to change the value")
# print(sLine)
return result return result
def _constructResults(self, filename): def _constructResults(self, filename):
@ -112,15 +91,13 @@ class Parsing(ParsingBase):
- filename: filename of the test - filename: filename of the test
- line: line of the test - line: line of the test
- parse: Display the line where the vulnerabilites has been found - parse: Display the line where the vulnerabilites has been found
- description: description of the vulnerabilities - description: description of the vulnerability
- level: high, medium or low - level: high, medium or low
""" """
self._reports['filename'] = filename self._reports['filename'] = filename
for sysctl in self._objects['sysctl']: for sysctl in self._objects['sysctl']:
self._reports[sysctl['flag']] = list() self._reports[sysctl['flag']] = dict()
print(self._reports)
print("")
def getResults(self) -> dict: def getResults(self) -> dict:
result = dict() result = dict()

10
vulnerabilities/sysctl.py
View File

@ -1,15 +1,19 @@
#!/usr/bin/env python3 #!/usr/bin/env python3
# Define the entry
def sysctl() -> list: def sysctl() -> list:
sysctl = list() sysctl = list()
# https://access.redhat.com/security/sysctl/sysctl-2023-0179 # https://access.redhat.com/security/sysctl/sysctl-2023-0179
sysctl.append({ sysctl.append({
"cve": "cve-2023-0179", "from": "cve",
"id": "cve-2023-0179",
"description": "", "description": "",
"flag": "kernel.unprivileged_userns_clone", "flag": "kernel.unprivileged_userns_clone",
"value": 0, "value": 0,
"level": "medium", "level": "medium",
"recommendation": "You should disable this flag for resolving the issue",
"affectedSystem": ({ "affectedSystem": ({
'linux': "Debian", 'linux': "Debian",
'release': 'buster', 'release': 'buster',
@ -19,9 +23,11 @@ def sysctl() -> list:
# Best practice from CIS # Best practice from CIS
sysctl.append({ sysctl.append({
"cve": "", "from": "cis",
"id": "",
"description": "Disable IPv4 forwarding", "description": "Disable IPv4 forwarding",
"flag": "net.ipv4.conf.all.forwarding", "flag": "net.ipv4.conf.all.forwarding",
"recommendation": "You should disable this flag for resolving the issue",
"value": 0, "value": 0,
"level": "medium" "level": "medium"
}) })