def validate_id(id):
prefixes = ValueChecker.get_prefixes()
for prefix in prefixes:
if id.startswith(prefix + '_'):
raise Exception(prefix +
'_ is a reserved Prefix. You can\'t use it!')
if ValueMapper.canonicalize_for_id(id) != id:
raise Exception(
'Id\'s can only contains letters (a-z,A-Z), numbers (0-9) and underscore (_)'
)
def get_default_access_check(self, service_baseid, server, domain):
base_id = service_baseid + '_' + server.get_id() + '_' + ValueMapper.canonicalize_for_id(domain)
return {
'ipv4': ConfigBuilder.get_check('web_access_default_ipv4_' + base_id),
'ipv6': ConfigBuilder.get_check('web_access_default_ipv6_' + base_id)
}
def apply(self):
for config in self.__vhostconfigs:
service_baseid = config[0]
domain = config[1]
uri = config[2]
for server in self.get_servers():
for checkserver in self.get_checkservers():
base_id = service_baseid + '_' + server.get_id() + '_' + ValueMapper.canonicalize_for_id(domain)
server_ipv4 = server.get_ipv4()
server_ipv6 = server.get_ipv6()
if None is server_ipv4 and None is server_ipv6:
raise Exception('It is required to set the ipv4 or ipv6 on the server with id "' +
server.get_id() + '", before you can apply this checks!')
server.add_hostgroup(HostGroup.create('Webserver'))
default_ipv4_http_check = None
default_ipv6_http_check = None
if None is not server_ipv4:
default_ipv4_http_check = CheckHttp.create('web_access_default_ipv4_' + base_id)
default_ipv4_http_check.set_ip(server_ipv4) \
.set_vhost(domain) \
.set_uri(uri) \
.set_ssl(True) \
.set_sni(self.__sni) \
.set_display_name(default_ipv4_http_check.get_display_name() + ' ' + domain)
self.apply_check(default_ipv4_http_check, server, checkserver)
if None is not server_ipv6:
default_ipv6_http_check = CheckHttp.create('web_access_default_ipv6_' + base_id)
default_ipv6_http_check.set_ip(server_ipv6) \
.set_ipv6(True) \
.set_vhost(domain) \
.set_uri(uri) \
.set_ssl(True) \
.set_sni(self.__sni) \
.set_display_name(default_ipv6_http_check.get_display_name() + ' ' + domain)
self.apply_check(default_ipv6_http_check, server, checkserver)
if None == default_ipv4_http_check and None == default_ipv6_http_check:
raise Exception('Server "' + server.get_id()
+ '" has no IPv4 and no IPv6 address set. Can\'t go further right now.')
if True is self.__validate_certificate:
if None is not server_ipv4:
certificate_check = CheckHttp.create('web_access_certificate_ipv4_' + base_id)
certificate_check.set_ip(server_ipv4) \
.set_vhost(domain) \
.set_uri(uri) \
.set_ssl(True) \
.set_sni(self.__sni) \
.set_certificate_check(True) \
.set_check_interval('15m') \
.add_service_group(ServiceGroup.create('certificate_check')) \
.set_display_name(certificate_check.get_display_name() + ' ' + domain)
self.apply_check(certificate_check, server, checkserver, default_ipv4_http_check)
if None is not server_ipv6:
certificate_check = CheckHttp.create('web_access_certificate_ipv6_' + base_id)
certificate_check.set_ip(server_ipv6) \
.set_ipv6(True) \
.set_vhost(domain) \
.set_uri(uri) \
.set_ssl(True) \
.set_sni(self.__sni) \
.set_certificate_check(True) \
.set_check_interval('15m') \
.add_service_group(ServiceGroup.create('certificate_check')) \
.set_display_name(certificate_check.get_display_name() + ' ' + domain)
self.apply_check(certificate_check, server, checkserver, default_ipv6_http_check)
else:
server.add_hostgroup(HostGroup.create('no_certificate_check'))
if True is self.__validate_http_redirect:
if None is not server_ipv4:
redirect_check = CheckHttp.create('web_access_http_redirect_ipv4_' + base_id)
redirect_check.set_ip(server_ipv4) \
.set_vhost(domain) \
.set_uri(uri) \
.set_ssl(False) \
.set_sni(self.__sni) \
.set_port(80) \
.set_expect('HTTP/1.1 30') \
.set_check_interval('15m') \
.add_service_group(ServiceGroup.create('http_redirect')) \
.set_display_name(redirect_check.get_display_name() + ' ' + domain)
self.apply_check(redirect_check, server, checkserver, default_ipv4_http_check)
if None is not server_ipv6:
redirect_check = CheckHttp.create('web_access_http_redirect_ipv6_' + base_id)
redirect_check.set_ip(server_ipv6) \
.set_ipv6(True) \
.set_vhost(domain) \
.set_uri(uri) \
.set_ssl(False) \
.set_sni(self.__sni) \
.set_port(80) \
.set_expect('HTTP/1.1 30') \
.set_check_interval('15m') \
.add_service_group(ServiceGroup.create('http_redirect')) \
.set_display_name(redirect_check.get_display_name() + ' ' + domain)
self.apply_check(redirect_check, server, checkserver, default_ipv6_http_check)
server.add_hostgroup(HostGroup.create('http_redirect'))
elif True is self.__warn_no_http_redirect:
redirect_check = CheckDummy.create('web_access_missing_http_redirect_' + base_id)
redirect_check.set_state(1) \
.set_text(redirect_check.get_display_name() + ' ' + domain) \
.set_check_interval('15m') \
.add_service_group(ServiceGroup.create('missing_http_redirect_check')) \
.add_service_group(ServiceGroup.create('Webserver')) \
.set_display_name(redirect_check.get_display_name() + ' ' + domain)
self.apply_check(redirect_check, server, checkserver)
server.add_hostgroup(HostGroup.create('no_http_redirect'))
else:
server.add_hostgroup(HostGroup.create('http_redirect_unchecked'))
self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain,
server, checkserver, server_ipv4, server_ipv6, uri, '1.0',
self.__validate_allow_tls1, self.__validate_deny_tls1, True)
self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain,
server, checkserver, server_ipv4, server_ipv6, uri, '1.1',
self.__validate_allow_tls1_1, self.__validate_deny_tls1_1, True)
self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain,
server, checkserver, server_ipv4, server_ipv6, uri, '1.2',
self.__validate_allow_tls1_2, self.__validate_deny_tls1_2, False)
self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain,
server, checkserver, server_ipv4, server_ipv6, uri, '1.3',
self.__validate_allow_tls1_3, self.__validate_deny_tls1_3, False)
def apply(self):
if self.__inherit:
DefaultWebserverChecks.apply(self)
for config in DefaultWordpressChecks.get_vhostconfigs(self):
service_baseid = config[0]
domain = config[1]
for server in DefaultWebserverChecks.get_servers(self):
for checkserver in DefaultWebserverChecks.get_checkservers(
self):
server.add_hostgroup(HostGroup.create('wordpress'))
base_id = service_baseid + '_' + server.get_id(
) + '_' + ValueMapper.canonicalize_for_id(
domain) + '_' + checkserver.get_id()
if True is self.__validate_deny_license:
self.create_wp_check('license', service_baseid,
base_id, server, checkserver,
domain, '/license.txt')
if True is self.__validate_deny_readme:
self.create_wp_check('readme', service_baseid, base_id,
server, checkserver, domain,
'/readme.html')
if True is self.__validate_deny_wp_admin:
self.create_wp_check('wp_admin', service_baseid,
base_id, server, checkserver,
domain, '/wp-admin/')
if True is self.__validate_deny_wp_content:
self.create_wp_check('wp_includes', service_baseid,
base_id, server, checkserver,
domain, '/wp-includes/')
if True is self.__validate_deny_wp_content:
self.create_wp_check('wp_content', service_baseid,
base_id, server, checkserver,
domain, '/wp-content/')
if True is self.__validate_deny_wp_login:
self.create_wp_check('wp_login', service_baseid,
base_id, server, checkserver,
domain, '/wp-login.php')
if True is self.__validate_deny_wp_cron:
self.create_wp_check('wp_cron', service_baseid,
base_id, server, checkserver,
domain, '/wp-cron.php')
if True is self.__validate_deny_wp_load:
self.create_wp_check('wp_load', service_baseid,
base_id, server, checkserver,
domain, '/wp-load.php')
if True is self.__validate_deny_wp_mail:
self.create_wp_check('wp_mail', service_baseid,
base_id, server, checkserver,
domain, '/wp-mail.php')
if True is self.__validate_deny_wp_signup:
self.create_wp_check('wp_signup', service_baseid,
base_id, server, checkserver,
domain, '/wp-signup.php')
if True is self.__validate_deny_wp_trackback:
self.create_wp_check('wp_trackback', service_baseid,
base_id, server, checkserver,
domain, '/wp-trackback.php')
if True is self.__validate_deny_wp_xmlrpc:
self.create_wp_check('wp_xmlrpc', service_baseid,
base_id, server, checkserver,
domain, '/xmlrpc.php')
if True is self.__validate_deny_wp_config:
self.create_wp_check('wp_config', service_baseid,
base_id, server, checkserver,
domain, '/wp-config.php')
if True is self.__validate_deny_wp_config_sample:
self.create_wp_check('wp_config_sample',
service_baseid, base_id, server,
checkserver, domain,
'/wp-config-sample.php')
if True is self.__validate_deny_wp_blog_header:
self.create_wp_check('wp_blog_header', service_baseid,
base_id, server, checkserver,
domain, '/wp-blog-header.php')
if True is self.__validate_deny_wp_activate:
self.create_wp_check('wp_activate', service_baseid,
base_id, server, checkserver,
domain, '/wp-activate.php')
if True is self.__validate_deny_wp_links_opml:
self.create_wp_check('wp_links_opml', service_baseid,
base_id, server, checkserver,
domain, '/wp-links-opml.php')