gbucchino/check_sys
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auditing apache indexes

Browse Source
This commit is contained in:
geoffrey 2023-09-19 20:59:27 +02:00
parent c290ec6e18
commit e56d161dc2
5 changed files with 43 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
core/plugins/apache.py
View File

@ -180,7 +180,7 @@ class Apache:
self._reports["indexes"]["audit"] = True self._reports["indexes"]["audit"] = True
with open(path, 'rb') as fdata: with open(path, 'rb') as fdata:
self._reports["indexes"]["indexes"] = \ self._reports["indexes"] = \
self._parsingApacheConfig(fdata) self._parsingApacheConfig(fdata)
else: else:
self._reports["indexes"]["audit"] = False self._reports["indexes"]["audit"] = False
@ -195,10 +195,11 @@ class Apache:
# Each entry in the variable directories contains a list # Each entry in the variable directories contains a list
# of <Directory> with all data in it # of <Directory> with all data in it
# We create another entry when a found </Directory> # We create another entry when a found </Directory>
directories = list() directories = dict()
directoryFound = False directoryFound = False
index = 0 index = 0
optsFound = list() optsFound = list()
currentPath = None
for line in lines: for line in lines:
line = line.decode('utf-8') line = line.decode('utf-8')
@ -208,53 +209,53 @@ class Apache:
grDirectory = re.search("<Directory ", line, re.IGNORECASE) grDirectory = re.search("<Directory ", line, re.IGNORECASE)
if grDirectory: if grDirectory:
directoryFound = True directoryFound = True
directories.append(list()) currentPath = self._getDirectoryPath(line)
directories[index].append(line) directories[currentPath] = list()
directories[currentPath].append(line)
else: else:
#directory.append(line) directories[currentPath].append(line)
directories[index].append(line)
grDirectory = re.search("</Directory>", line, re.IGNORECASE) grDirectory = re.search("</Directory>", line, re.IGNORECASE)
if grDirectory: if grDirectory:
directoryFound = False directoryFound = False
index += 1 index += 1
currentPath = None
# We will find if we find an indexes option # We will find if we find an indexes option
for d in directories: for directory in directories:
for entry in d: report["directories"][directory] = dict()
# We get the directory path report["directories"][directory]["options"] = list()
path = self._getDirectoryPath(entry)
report["directories"][path] = dict()
# Try to find the Option flag for line in directories[directory]:
grFlag = re.search( grFlag = re.search(
f"{self._indexes['flag']}", f"{self._indexes['flag']}",
entry, line,
re.IGNORECASE re.IGNORECASE
) )
if grFlag: if grFlag:
for opt in self._indexes['options']: for opt in self._indexes['options']:
grOption = re.search( grOption = re.search(
f"-{opt}", f"-{opt}",
entry, line,
re.IGNORECASE re.IGNORECASE
) )
if grOption: if grOption:
optsFound.append(opt) optsFound.append(opt)
report["audit"] = True # We can check if you found the options
report["options"] = dict()
if len(optsFound) == len(self._indexes['options']): if len(optsFound) == len(self._indexes['options']):
report["result"] = "success" report["directories"][directory]["result"] = "success"
else: else:
report["result"] = "failed" report["directories"][directory]["result"] = "failed"
for opt in self._indexes["options"]: for opt in self._indexes["options"]:
if opt not in optsFound: if opt not in optsFound:
report["options"][opt] = f"{opt} is not removed. You should disable it" report["directories"][directory]["options"].append(
f"{opt} is not removed. You should disable it"
)
report["audit"] = True
report["description"] = self._indexes["description"] report["description"] = self._indexes["description"]
report["level"] = self._indexes["level"] report["level"] = self._indexes["level"]
report["recommand_value"] = self._indexes["recommand_value"] report["recommand_value"] = self._indexes["recommand_value"]
print(report)
return report return report
def _getDirectoryPath(self, line) -> str: def _getDirectoryPath(self, line) -> str:

5
core/report.py
View File

@ -47,16 +47,13 @@ def generateHtmlReport(path, data):
"apache-virtualhost" "apache-virtualhost"
) )
if data['system']['apache']['signature']['audit']: if data['system']['apache']['signature']['audit']:
print(dataJinja2['apache']['signature'])
_generateAccordion( _generateAccordion(
dataJinja2["apache"]["signature"]["signature"], dataJinja2["apache"]["signature"]["signature"],
"apache-signature" "apache-signature"
) )
print("")
if data['system']['apache']['indexes']['audit']: if data['system']['apache']['indexes']['audit']:
print(dataJinja2['apache']['indexes'])
_generateAccordion( _generateAccordion(
dataJinja2["apache"]["indexes"]["indexes"], dataJinja2["apache"]["indexes"]["directories"],
"apache-indexes" "apache-indexes"
) )

30
reports/templates/apache-indexes.html.j2
View File

@ -1,38 +1,38 @@
{% if data["apache"]["indexes"]["audit"] %} {% if data["apache"]["indexes"]["audit"] %}
{% for item in data['apache']['indexes']['indexes'] %} {% for item in data['apache']['indexes']['directories'] %}
<div class="accordion" id="accordionApacheIndexes"> <div class="accordion" id="accordionApacheIndexes">
<div class="accordion-item"> <div class="accordion-item">
<h2 class="accordion-header"> <h2 class="accordion-header">
<button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#{{ data['apache']['indexes']['indexes'][item]['accordion-id'] }}" aria-expanded="true" aria-controls="{{ data['apache']['indexes']['indexes'][item]['accordion-id'] }}"> <button class="accordion-button collapsed" type="button" data-bs-toggle="collapse" data-bs-target="#{{ data['apache']['indexes']['directories'][item]['accordion-id'] }}" aria-expanded="true" aria-controls="{{ data['apache']['indexes']['directories'][item]['accordion-id'] }}">
<strong>VirtualHost {{ item }}</strong> <strong>Directory {{ item }}</strong>
{% if data['apache']['indexes']['indexes'][item]['result'] == 'failed' %} {% if data['apache']['indexes']['directories'][item]['result'] == 'failed' %}
<span class="text-bg-danger p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['indexes'][item]['result'] }}</span> <span class="text-bg-danger p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['directories'][item]['result'] }}</span>
{% elif data['apache']['indexes']['indexes'][item]['result'] == 'success' %} {% elif data['apache']['indexes']['directories'][item]['result'] == 'success' %}
<span class="text-bg-success p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['indexes'][item]['result'] }}</span> <span class="text-bg-success p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['directories'][item]['result'] }}</span>
{% endif %} {% endif %}
<span class="text-bg-primary p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['indexes'][item]['level'] }}</span> <span class="text-bg-primary p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['indexes']['level'] }}</span>
</button> </button>
</h2> </h2>
<div id="{{ data['apache']['indexes']['indexes'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApache"> <div id="{{ data['apache']['indexes']['directories'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApacheIndexes">
<div class="accordion-body"> <div class="accordion-body">
{{ data['apache']['indexes']['indexes'][item]['description'] }}. <br /> {{ data['apache']['indexes']['description'] }}. <br />
{% if data['apache']['indexes']['indexes'][item]['result'] == 'failed' %} {% if data['apache']['indexes']["directories"][item]['result'] == 'failed' %}
Result of the audit: Result of the audit:
<div class="bd-example-snippet bd-code-snippet"> <div class="bd-example-snippet bd-code-snippet">
<div class="highlight"> <div class="highlight">
<pre tabindex="0" class="chroma"><code class="language-shell"> <pre tabindex="0" class="chroma"><code class="language-shell">
{% for protocol in data['apache']['indexes']['indexes'][item]['msg'] %} {% for indexes in data['apache']['indexes']["directories"][item]['options'] %}
{{ protocol }} {{ indexes }}
{% endfor %} {% endfor %}
</pre></code> </pre></code>
</div> <!-- end .highlight --> </div> <!-- end .highlight -->
</div> <!-- end .bd-code-snippet --> </div> <!-- end .bd-code-snippet -->
For resolving the issue, add this line in the VirtualHost file: For resolving the issue, add this line in the apache config file:
<div class="bd-example-snippet bd-code-snippet"> <div class="bd-example-snippet bd-code-snippet">
<div class="highlight"> <div class="highlight">
<pre tabindex="0" class="chroma"><code class="language-shell"> <pre tabindex="0" class="chroma"><code class="language-shell">
{{ data['apache']['indexes']['indexes'][item]['recommand_value'] }} {{ data['apache']['indexes']['recommand_value'] }}
</pre></code> </pre></code>
</div> <!-- end .highlight --> </div> <!-- end .highlight -->
</div> <!-- end .bd-code-snippet --> </div> <!-- end .bd-code-snippet -->

2
reports/templates/apache-signature.html.j2
View File

@ -13,7 +13,7 @@
<span class="text-bg-primary p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['signature']['signature'][item]['level'] }}</span> <span class="text-bg-primary p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['signature']['signature'][item]['level'] }}</span>
</button> </button>
</h2> </h2>
<div id="{{ data['apache']['signature']['signature'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApache"> <div id="{{ data['apache']['signature']['signature'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApacheSignature">
<div class="accordion-body"> <div class="accordion-body">
{{ data['apache']['signature']['signature'][item]['description'] }}. <br /> {{ data['apache']['signature']['signature'][item]['description'] }}. <br />
{% if data['apache']['signature']['signature'][item]['result'] == 'failed' %} {% if data['apache']['signature']['signature'][item]['result'] == 'failed' %}

2
reports/templates/apache-ssl.html.j2
View File

@ -13,7 +13,7 @@
<span class="text-bg-primary p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['ssl']['virtualhost'][item]['level'] }}</span> <span class="text-bg-primary p-1" style="padding-left:10pt;padding-right:10pt;margin-left:15pt;">{{ data['apache']['ssl']['virtualhost'][item]['level'] }}</span>
</button> </button>
</h2> </h2>
<div id="{{ data['apache']['ssl']['virtualhost'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApache"> <div id="{{ data['apache']['ssl']['virtualhost'][item]['accordion-id'] }}" class="accordion-collapse collapse" data-bs-parent="#accordionApacheSsl">
<div class="accordion-body"> <div class="accordion-body">
{{ data['apache']['ssl']['virtualhost'][item]['description'] }}. <br /> {{ data['apache']['ssl']['virtualhost'][item]['description'] }}. <br />
{% if data['apache']['ssl']['virtualhost'][item]['result'] == 'failed' %} {% if data['apache']['ssl']['virtualhost'][item]['result'] == 'failed' %}