gbucchino/check_sys
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auditing apache indexes

Browse Source
This commit is contained in:
geoffrey 2023-09-19 20:59:27 +02:00
parent c290ec6e18
commit e56d161dc2
5 changed files with 43 additions and 45 deletions

49
core/plugins/apache.py

@ -180,7 +180,7 @@ class Apache:
self._reports["indexes"]["audit"] = True
with open(path, 'rb') as fdata:
self._reports["indexes"]["indexes"] = \
self._reports["indexes"] = \
self._parsingApacheConfig(fdata)
else:
self._reports["indexes"]["audit"] = False
@ -195,10 +195,11 @@ class Apache:
# Each entry in the variable directories contains a list
# of <Directory> with all data in it
# We create another entry when a found </Directory>
directories = list()
directories = dict()
directoryFound = False
index = 0
optsFound = list()
currentPath = None
for line in lines:
line = line.decode('utf-8')
@ -208,53 +209,53 @@ class Apache:
grDirectory = re.search("<Directory ", line, re.IGNORECASE)
if grDirectory:
directoryFound = True
directories.append(list())
directories[index].append(line)
currentPath = self._getDirectoryPath(line)
directories[currentPath] = list()
directories[currentPath].append(line)
else:
#directory.append(line)
directories[index].append(line)
directories[currentPath].append(line)
grDirectory = re.search("</Directory>", line, re.IGNORECASE)
if grDirectory:
directoryFound = False
index += 1
currentPath = None
# We will find if we find an indexes option
for d in directories:
for entry in d:
# We get the directory path
path = self._getDirectoryPath(entry)
report["directories"][path] = dict()
for directory in directories:
report["directories"][directory] = dict()
report["directories"][directory]["options"] = list()
# Try to find the Option flag
for line in directories[directory]:
grFlag = re.search(
f"{self._indexes['flag']}",
entry,
line,
re.IGNORECASE
)
if grFlag:
for opt in self._indexes['options']:
grOption = re.search(
f"-{opt}",
entry,
line,
re.IGNORECASE
)
if grOption:
optsFound.append(opt)
report["audit"] = True
report["options"] = dict()
if len(optsFound) == len(self._indexes['options']):
report["result"] = "success"
else:
report["result"] = "failed"
for opt in self._indexes["options"]:
if opt not in optsFound:
report["options"][opt] = f"{opt} is not removed. You should disable it"
# We can check if you found the options
if len(optsFound) == len(self._indexes['options']):
report["directories"][directory]["result"] = "success"
else:
report["directories"][directory]["result"] = "failed"
for opt in self._indexes["options"]:
if opt not in optsFound:
report["directories"][directory]["options"].append(
f"{opt} is not removed. You should disable it"
)
report["audit"] = True
report["description"] = self._indexes["description"]
report["level"] = self._indexes["level"]
report["recommand_value"] = self._indexes["recommand_value"]
print(report)
return report
def _getDirectoryPath(self, line) -> str:

5
core/report.py

@ -47,16 +47,13 @@ def generateHtmlReport(path, data):
"apache-virtualhost"
)
if data['system']['apache']['signature']['audit']:
print(dataJinja2['apache']['signature'])
_generateAccordion(
dataJinja2["apache"]["signature"]["signature"],
"apache-signature"
)
print("")
if data['system']['apache']['indexes']['audit']:
print(dataJinja2['apache']['indexes'])
_generateAccordion(
dataJinja2["apache"]["indexes"]["indexes"],
dataJinja2["apache"]["indexes"]["directories"],
"apache-indexes"
)

30
reports/templates/apache-indexes.html.j2

@ -1,38 +1,38 @@
{% if data["apache"]["indexes"]["audit"] %}
{% for item in data['apache']['indexes']['indexes'] %}
{% for item in data['apache']['indexes']['directories'] %}
<div class="accordion" id="accordionApacheIndexes">
<div class="accordion-item">
<h2 class="accordion-header">
<button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#{{ data['apache']['indexes']['indexes'][item]['accordion-id'] }}" aria-expanded="true" aria-controls="{{ data['apache']['indexes']['indexes'][item]['accordion-id'] }}">
<strong>VirtualHost {{ item }}</strong>
{% if data['apache']['indexes']['indexes'][item]['result'] == 'failed' %}
<span class="text-bg-danger p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['indexes'][item]['result'] }}</span>
{% elif data['apache']['indexes']['indexes'][item]['result'] == 'success' %}
<span class="text-bg-success p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['indexes'][item]['result'] }}</span>
<button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#{{ data['apache']['indexes']['directories'][item]['accordion-id'] }}" aria-expanded="true" aria-controls="{{ data['apache']['indexes']['directories'][item]['accordion-id'] }}">
<strong>Directory {{ item }}</strong>
{% if data['apache']['indexes']['directories'][item]['result'] == 'failed' %}
<span class="text-bg-danger p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['directories'][item]['result'] }}</span>
{% elif data['apache']['indexes']['directories'][item]['result'] == 'success' %}
<span class="text-bg-success p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['directories'][item]['result'] }}</span>
{% endif %}
<span class="text-bg-primary p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['indexes'][item]['level'] }}</span>
<span class="text-bg-primary p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['level'] }}</span>
</button>
</h2>
<div id="{{ data['apache']['indexes']['indexes'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApache">
<div id="{{ data['apache']['indexes']['directories'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApacheIndexes">
<div class="accordion-body">
{{ data['apache']['indexes']['indexes'][item]['description'] }}. <br />
{% if data['apache']['indexes']['indexes'][item]['result'] == 'failed' %}
{{ data['apache']['indexes']['description'] }}. <br />
{% if data['apache']['indexes']["directories"][item]['result'] == 'failed' %}
Result of the audit:
<div class="bd-example-snippet bd-code-snippet">
<div class="highlight">
<pre tabindex="0" class="chroma"><code class="language-shell">
{% for protocol in data['apache']['indexes']['indexes'][item]['msg'] %}
{{ protocol }}
{% for indexes in data['apache']['indexes']["directories"][item]['options'] %}
{{ indexes }}
{% endfor %}
</pre></code>
</div> <!-- end .highlight -->
</div> <!-- end .bd-code-snippet -->
For resolving the issue, add this line in the VirtualHost file:
For resolving the issue, add this line in the apache config file:
<div class="bd-example-snippet bd-code-snippet">
<div class="highlight">
<pre tabindex="0" class="chroma"><code class="language-shell">
{{ data['apache']['indexes']['indexes'][item]['recommand_value'] }}
{{ data['apache']['indexes']['recommand_value'] }}
</pre></code>
</div> <!-- end .highlight -->
</div> <!-- end .bd-code-snippet -->

2
reports/templates/apache-signature.html.j2

@ -13,7 +13,7 @@
<span class="text-bg-primary p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['signature']['signature'][item]['level'] }}</span>
</button>
</h2>
<div id="{{ data['apache']['signature']['signature'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApache">
<div id="{{ data['apache']['signature']['signature'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApacheSignature">
<div class="accordion-body">
{{ data['apache']['signature']['signature'][item]['description'] }}. <br />
{% if data['apache']['signature']['signature'][item]['result'] == 'failed' %}

2
reports/templates/apache-ssl.html.j2

@ -13,7 +13,7 @@
<span class="text-bg-primary p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['ssl']['virtualhost'][item]['level'] }}</span>
</button>
</h2>
<div id="{{ data['apache']['ssl']['virtualhost'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApache">
<div id="{{ data['apache']['ssl']['virtualhost'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApacheSsl">
<div class="accordion-body">
{{ data['apache']['ssl']['virtualhost'][item]['description'] }}. <br />
{% if data['apache']['ssl']['virtualhost'][item]['result'] == 'failed' %}