def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'noscripting' value = helper.get_config_value(configuration_file, option) if None == value: self.result['level'] = 'RED' self.result['output'] = '%s is (not found) not enabled.' % (option) elif 'true' != value.lower(): self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: option = 'security.javascriptEnabled' value = helper.get_yaml_config_value(configuration_file, option) if None == value: self.result['level'] = 'RED' self.result['output'] = '%s is (not found) enabled.' % (option) elif False == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) enabled.' % (option, value) return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: try: option = 'bind_ip' value = helper.get_config_value(configuration_file, 'bind_ip') self.result['level'] = 'GREEN' self.result['output'] = 'Bind IP is (%s) enabled.' % (value) except ConfigParser.NoOptionError as e: self.result['level'] = 'YELLOW' self.result['output'] = 'Bind IP setting not found.' else: option = 'net.bindIp' value = helper.get_yaml_config_value(configuration_file, option) if None != value: self.result['level'] = 'GREEN' self.result['output'] = 'Bind IP is (%s) enabled.' % (value) else: self.result['level'] = 'YELLOW' self.result['output'] = 'Bind IP setting not found.' return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'rest'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = '%s setting not found.' % (option)
elif 'false' == value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = '%s interface is (%s) enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s interface is (%s) not enabled.' % (option, value)
else:
option = 'net.http.RESTInterfaceEnabled'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (not found, default is False) not enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
try:
option = 'bind_ip'
value = helper.get_config_value(configuration_file, 'bind_ip')
self.result['level'] = 'GREEN'
self.result['output'] = 'Bind IP is (%s) enabled.' % (value)
except ConfigParser.NoOptionError as e:
self.result['level'] = 'YELLOW'
self.result['output'] = 'Bind IP setting not found.'
else:
option = 'net.bindIp'
value = helper.get_yaml_config_value(configuration_file, option)
if None != value:
self.result['level'] = 'GREEN'
self.result['output'] = 'Bind IP is (%s) enabled.' % (value)
else:
self.result['level'] = 'YELLOW'
self.result['output'] = 'Bind IP setting not found.'
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'keyFile'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = 'keyFile setting not found.'
elif '' != value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = 'keyFile is (%s) enabled.' % (value)
else:
self.result['level'] = 'YELLOW'
self.result['output'] = 'keyFile is (%s) not enabled.' % (value)
else:
option = 'security.keyFile'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = '%s is (not found) not enabled.' % (option)
elif '' == str(value):
self.result['level'] = 'YELLOW'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'rest' value = helper.get_config_value(configuration_file, option) if None == value: self.result['level'] = 'YELLOW' self.result['output'] = '%s setting not found.' % (option) elif 'false' == value.lower(): self.result['level'] = 'GREEN' self.result['output'] = '%s interface is (%s) enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s interface is (%s) not enabled.' % (option, value) else: option = 'net.http.RESTInterfaceEnabled' value = helper.get_yaml_config_value(configuration_file, option) if None == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (not found, default is False) not enabled.' % (option) elif False == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) enabled.' % (option, value) return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['version']
if LooseVersion(version_number) >= LooseVersion("2.6"):
option = 'systemLog.quiet'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s not found, not enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'YELLOW'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
else:
self.result['level'] = 'GRAY'
self.result[
'output'] = 'This check does not apply to MongoDB versions below 2.6.'
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()["versionArray"]
if version_number[0] <= 2 and version_number[1] < 6:
try:
option = "bind_ip"
value = helper.get_config_value(configuration_file, "bind_ip")
self.result["level"] = "GREEN"
self.result["output"] = "Bind IP is (%s) enabled." % (value)
except ConfigParser.NoOptionError as e:
self.result["level"] = "YELLOW"
self.result["output"] = "Bind IP setting not found."
else:
option = "net.bindIp"
value = helper.get_yaml_config_value(configuration_file, option)
if None != value:
self.result["level"] = "GREEN"
self.result["output"] = "Bind IP is (%s) enabled." % (value)
else:
self.result["level"] = "YELLOW"
self.result["output"] = "Bind IP setting not found."
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'sslPEMKeyFile'
value = helper.get_config_value(configuration_file, option)
ssl_on_normal_ports = False
if version_number[0] >= 2 and version_number[1] >= 2:
try:
dcurs = self.db['admin']
result = dcurs.command('getCmdLineOpts')
if '--sslOnNormalPorts' in result['argv']:
ssl_on_normal_ports = True
except Exception as e:
# this will actually be a silent exception values below will be overwritten
# the exception is here so execution doesn't break if something goes wrong
result['level'] = 'ORANGE'
result['output'] = 'Error: %s' % (e)
if None == value:
self.result['level'] = 'RED'
self.result['output'] = '%s is not set, SSL is not enabled.' % (option)
if ssl_on_normal_ports:
self.result['level'] = 'GREEN'
self.result['output'] = 'Command line option --sslOnNormalPorts set, SSL is enabled.'
elif '' != value:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s: %s) enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s: %s) not enabled.' % (option, value)
else:
option = 'net.ssl.mode'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s not found) not enabled.' % (option)
elif 'requireSSL' == value:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s: %s) is required.' % (option, value)
elif 'preferSSL' == value:
self.result['level'] = 'YELLOW'
self.result['output'] = 'SSL is (%s: %s) is prefered, but not required.' % (option, value)
elif 'allowSSL' == value:
self.result['level'] = 'YELLOW'
self.result['output'] = 'SSL is (%s: %s) is allowed, but not required.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s: %s) not enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'enableLocalhostAuthBypass'
# setParameter can't be retrived using helper.get_config_value(), so do this...
with open(configuration_file, 'r') as config:
for line in config:
values = line.split('=')
if 'setParameter' == values[0].strip():
if option == values[1].strip():
value = values[2].strip()
if None == value:
self.result['level'] = 'RED'
self.result['output'] = '%s is (not found) not enabled.' % (
option)
elif 'false' == value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
else:
option = 'setParameter.enableLocalhostAuthBypass'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'RED'
self.result['output'] = '%s is (not found) enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = '--sslWeakCertificateValidation'
weak_cert_validation = False
try:
dcurs = self.db['admin']
result = dcurs.command('getCmdLineOpts')
if option in result['argv']:
weak_cert_validation = True
except Exception as e:
result['level'] = 'ORANGE'
result['output'] = 'Error: %s' % (e)
if weak_cert_validation:
self.result['level'] = 'RED'
self.result['output'] = '%s is enabled.' % (option)
else:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is not enabled.' % (option)
else:
option = 'net.ssl.weakCertificateValidation'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s not found, not enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = '--sslWeakCertificateValidation'
weak_cert_validation = False
try:
dcurs = self.db['admin']
result = dcurs.command('getCmdLineOpts')
if option in result['argv']:
weak_cert_validation = True
except Exception as e:
result['level'] = 'ORANGE'
result['output'] = 'Error: %s' % (e)
if weak_cert_validation:
self.result['level'] = 'RED'
self.result['output'] = '%s is enabled.' % (option)
else:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is not enabled.' % (option)
else:
option = 'net.ssl.weakCertificateValidation'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s not found, not enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()["versionArray"]
if version_number[0] <= 2 and version_number[1] < 6:
option = "--sslFIPSMode"
fips_mode = False
try:
dcurs = self.db["admin"]
result = dcurs.command("getCmdLineOpts")
if option in result["argv"]:
fips_mode = True
except Exception as e:
result["level"] = "ORANGE"
result["output"] = "Error: %s" % (e)
if fips_mode:
self.result["level"] = "GREEN"
self.result["output"] = "%s is enabled." % (option)
else:
self.result["level"] = "YELLOW"
self.result["output"] = "%s is not enabled." % (option)
else:
option = "net.ssl.FIPSMode"
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result["level"] = "YELLOW"
self.result["output"] = "%s not found, not enabled." % (option)
elif False == value:
self.result["level"] = "YELLOW"
self.result["output"] = "%s is (%s) not enabled." % (option, value)
else:
self.result["level"] = "GREEN"
self.result["output"] = "%s is (%s) enabled." % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'enableLocalhostAuthBypass'
# setParameter can't be retrived using helper.get_config_value(), so do this...
with open(configuration_file, 'r') as config:
for line in config:
values = line.split('=')
if 'setParameter' == values[0].strip():
if option == values[1].strip():
value = values[2].strip()
if None == value:
self.result['level'] = 'RED'
self.result['output'] = '%s is (not found) not enabled.' % (option)
elif 'false' == value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
else:
option = 'setParameter.enableLocalhostAuthBypass'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'RED'
self.result['output'] = '%s is (not found) enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['version']
if LooseVersion(version_number) >= LooseVersion("2.6.4"):
option = 'net.ssl.allowInvalidCertificates'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s not found, not enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
else:
self.result['level'] = 'GRAY'
self.result['output'] = 'This check does not apply to MongoDB versions below 2.6.4.'
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'jsonp'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (not found) not enabled.' % (
option)
elif 'false' == value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
else:
option = 'net.http.JSONPEnabled'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (not found) not enabled.' % (
option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'sslPEMKeyFile'
value = helper.get_config_value(configuration_file, option)
ssl_on_normal_ports = False
if version_number[0] >= 2 and version_number[1] >= 2:
try:
dcurs = self.db['admin']
result = dcurs.command('getCmdLineOpts')
if '--sslOnNormalPorts' in result['argv']:
ssl_on_normal_ports = True
except Exception as e:
# this will actually be a silent exception values below will be overwritten
# the exception is here so execution doesn't break if something goes wrong
result['level'] = 'ORANGE'
result['output'] = 'Error: %s' % (e)
if None == value:
self.result['level'] = 'RED'
self.result[
'output'] = '%s is not set, SSL is not enabled.' % (option)
if ssl_on_normal_ports:
self.result['level'] = 'GREEN'
self.result[
'output'] = 'Command line option --sslOnNormalPorts set, SSL is enabled.'
elif '' != value:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s: %s) enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s: %s) not enabled.' % (
option, value)
else:
option = 'net.ssl.mode'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'RED'
self.result[
'output'] = 'SSL is (%s not found) not enabled.' % (option)
elif 'requireSSL' == value:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s: %s) is required.' % (
option, value)
elif 'preferSSL' == value:
self.result['level'] = 'YELLOW'
self.result[
'output'] = 'SSL is (%s: %s) is prefered, but not required.' % (
option, value)
elif 'allowSSL' == value:
self.result['level'] = 'YELLOW'
self.result[
'output'] = 'SSL is (%s: %s) is allowed, but not required.' % (
option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s: %s) not enabled.' % (
option, value)
return self.result
