def check():
# print ''
# print ' Secure the Pid File '.center(85, '#')
# print ''
global check_num
verify = get_dir_pidfile().find(helper.get_DocumentRoot())
if verify != -1:
error_list.append(
'[WARNING] Pid file directory in the Apache DocumentRoot')
check_num += 1
f = os.popen("ls -ld " + get_dir_pidfile())
result = f.read().split()
f.close()
if result[2] != 'root':
error_list.append(
'[WARNING] Ownership of pid file directory is not root')
check_num += 1
if result[3] != 'root':
error_list.append('[WARNING] Group of pid file directory is not root')
check_num += 1
if result[0][8] == 'w':
error_list.append(
'[WARNING] Pid file directory can write by other user')
check_num += 1
if check_num > 0:
error_list.insert(0, 9)
else:
error_list.insert(0, 0)
return error_list
def fix():
verify = check_mechanism()[0].find(helper.get_DocumentRoot())
if verify != -1:
fix_dir()
f = os.popen("ls -ld " + check_mechanism()[0])
result = f.read().split()
f.close()
if result[2] != 'root' or result[3] != 'root' or result[0][8] == 'w':
fix_permission()
def fix():
verify = get_dir_pidfile().find(helper.get_DocumentRoot())
if verify != -1:
fix_dir()
f = os.popen("ls -ld " + get_dir_pidfile())
result = f.read().split()
f.close()
if result[2] != 'root' or result[3] != 'root' or result[0][8] == 'w':
fix_permission()
def check():
# print ''
# print ' Restrict Group Write Access for the Document Root Directories and Files '.center(85, '#')
# print ''
f = os.popen("find -L " + helper.get_DocumentRoot() +
" -group www-data -perm /g=w -ls")
result = f.read()
f.close()
if len(result) != 0:
error_list.append(
'[WARNING] Detect file or directory in the Apache DocRoot with group write access'
)
error_list.insert(0, 12)
else:
error_list.insert(0, 0)
return error_list
def fix(path):
result = helper.read_file(path)
f = os.popen('find ' + helper.get_DocumentRoot() +
'/index.html 2> /dev/null')
default_index = f.read()[:-1]
if len(default_index) != 0:
remove_default_index()
obj = re.compile(r'[^#]<Location \/server-status>(.*?)<\/Location>',
re.DOTALL).findall(result)
if len(obj) != 0:
remove_handler_config(path, 'server-status')
obj1 = re.compile(r'[^#]<Location \/server-info>(.*?)<\/Location>',
re.DOTALL).findall(result)
if len(obj1) != 0:
remove_handler_config(path, 'server-info')
obj2 = re.compile(r'[^#]<Location \/perl-status>(.*?)<\/Location>',
re.DOTALL).findall(result)
if len(obj2) != 0:
remove_handler_config(path, 'perl-status')
def check():
# print ''
# print ' Secure the Lock File '.center(85, '#')
# print ''
global check_num
verify = check_mechanism()[0].find(helper.get_DocumentRoot())
if verify != -1:
error_list.append(
'[WARNING] Lock file directory in the Apache DocumentRoot')
check_num += 1
f = os.popen("ls -ld " + check_mechanism()[0])
result = f.read().split()
f.close()
if result[2] != 'root':
error_list.append(
'[WARNING] Ownership of lock file directory is not root')
check_num += 1
if result[3] != 'root':
error_list.append('[WARNING] Group of lock file directory is not root')
check_num += 1
if result[0][8] == 'w':
error_list.append(
'[WARNING] Lock file directory can write by other user')
check_num += 1
f = os.popen("df -T " + check_mechanism()[0] +
" | tail -n +2 | awk '{print $2}'")
result = f.read()[:-1]
if result == 'nfs':
error_list.append(
'[WARNING] Lock file directory is NFS mounted file system')
check_num += 1
if check_num > 0:
error_list.insert(0, 8)
else:
error_list.insert(0, 0)
return error_list
def check(path):
# print ''
# print ' Remove Default HTML Content '.center(85, '#')
# print ''
global check_num
result = helper.read_file(path)
f = os.popen('find ' + helper.get_DocumentRoot() +
'/index.html 2> /dev/null')
default_index = f.read()[:-1]
if len(default_index) != 0:
error_list.append(
'[WARNING] Detect default index.html in DocumentRoot')
check_num += 1
# print '[NOTICE] Ensure the Apache User Manual content is not installed by checking the configuration file for manual location directive'
obj = re.compile(r'[^#]<Location \/server-status>(.*?)<\/Location>',
re.DOTALL).findall(result)
if len(obj) != 0:
error_list.append(
'[WARNING] Detect server-status handler configuration')
check_num += 1
obj1 = re.compile(r'[^#]<Location \/server-info>(.*?)<\/Location>',
re.DOTALL).findall(result)
if len(obj1) != 0:
error_list.append('[WARNING] Detect server-info handler configuration')
check_num += 1
obj2 = re.compile(r'[^#]<Location \/perl-status>(.*?)<\/Location>',
re.DOTALL).findall(result)
if len(obj2) != 0:
error_list.append('[WARNING] Detect perl-status handler configuration')
check_num += 1
if check_num > 0:
error_list.insert(0, 20)
else:
error_list.insert(0, 0)
return error_list
def remove_default_index():
os.system('rm ' + helper.get_DocumentRoot() + '/index.html')
def fix():
os.system(
"find -L " + helper.get_DocumentRoot() +
" -group www-data -perm /g=w -print | xargs chmod g-w 2> /dev/null")
os.system("service apache2 reload > /dev/null 2> /dev/null")