def auditServersMarketingThread(environment, servername, propertiesDictionary, bApplyRequiredChanges) :
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None:
return
##############################################################
# Base server audit...
##############################################################
auditServersBasePega(environment, servername, runtimeProperties, bApplyRequiredChanges)
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: prsysmgmt Version", "/deployment=prsysmgmt_jboss.ear/", "content", runtimeProperties["prsysmanageVersionHash"], False))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: PRPC Version", "/deployment=prpc_j2ee14_jboss61JBM.ear/", "content", runtimeProperties["prpcVersionHash"], False))
bAllMustPass = True
AllDatasources = getAllDataSources(servername, runtimeProperties["username"], runtimeProperties["password"])
if (AllDatasources) :
auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername, bAllMustPass)
for ds in AllDatasources:
auditObjectMolecule1.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "JDBC URL - Marketing - " + ds, "/subsystem=datasources/data-source=" + ds + "/", "connection-url", runtimeProperties["targetDSUrlMarketing"], bApplyRequiredChanges))
def deployPegaGateway(servername, username, password,
applicationDeploymentSourceFolder):
print 'Deploying Gateway/IAC for server: ' + servername + '...'
cli = None
connected = False
try:
cli = connectSilent(servername, username, password)
connected = True
if cli.getCommandContext().isDomainMode():
cli.cmd("cd /host=master/core-service=platform-mbean/type=runtime")
else:
cli.cmd("cd /core-service=platform-mbean/type=runtime")
deploymentArtefact = 'prgateway.war'
deployToServer(servername, username, password,
applicationDeploymentSourceFolder, deploymentArtefact)
except:
print 'Deploying to server: ' + servername + ' FAILED: '
finally:
if (connected): cli.disconnect()
print 'Deploying Gateway/IAC for server: ' + servername + '...end.'
def setPegaJdbcExaDataOptionsNonXADataSources(servername, username, password):
cli = None
connected = False
print 'setPegaJdbcExaDataOptionsNonXADataSources for server: ' + servername + '...'
try:
cli = connectSilent(servername, username, password)
if (cli):
connected = True
setDatasourceCredentialsSingleDS(servername, username, password,
'AdminPegaRULES')
setDatasourceCredentialsSingleDS(servername, username, password,
'PegaRULES')
setDatasourceCredentialsSingleDS(servername, username, password,
'adm7DataSource')
setDatasourceCredentialsSingleDS(servername, username, password,
'ihDataSource')
setDatasourceCredentialsSingleDS(servername, username, password,
'nbamDataSource')
setDatasourceCredentialsSingleDS(servername, username, password,
'padDataSource')
setDatasourceCredentialsSingleDS(servername, username, password,
'vbdDataSource')
except:
print 'setPegaJdbcExaDataOptionsNonXADataSources for server: ' + servername + ' failed: '
finally:
if (connected): cli.disconnect()
print 'setPegaJdbcExaDataOptionsNonXADataSources for server: ' + servername + '...end.'
def createCTIBoundedQueueThreadPool(servername, username, password):
cli = None
connected = False
print 'createCTIBoundedQueueThreadPool for server: ' + servername + '...'
try:
cli = connectSilent(servername, username, password)
if (cli):
connected = True
print 'createCTIBoundedQueueThreadPool...'
cli.cmd('/subsystem=threads/thread-factory=ctiThreadFactory/:add')
cli.cmd(
'/subsystem=threads/bounded-queue-thread-pool=ctiThreadPool/:add(queue-length=500,max-threads=200,core-threads=8,thread-factory=ctiThreadFactory,allow-core-timeout=false)'
)
print 'createCTIBoundedQueueThreadPool...end.'
except:
print 'createCTIBoundedQueueThreadPool for server: ' + servername + ' failed: '
finally:
if (connected): cli.disconnect()
print 'createCTIBoundedQueueThreadPool for server: ' + servername + '...end.'
def auditServersBIXThread(environment, servers, propertiesDictionary, bApplyRequiredChanges) :
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
##############################################################
# Base server audit...
##############################################################
auditServersBasePega(environment, servers, runtimeProperties, bApplyRequiredChanges)
for servername in servers:
if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None:
return
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
bAllMustPass = True
AllDatasources = getAllDataSources(servername, runtimeProperties["username"], runtimeProperties["password"])
if (AllDatasources) :
auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername, bAllMustPass)
for ds in AllDatasources:
auditObjectMolecule1.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "JDBC URL - " + ds, "/subsystem=datasources/data-source=" + ds + "/", "connection-url", runtimeProperties["targetDSUrl"], bApplyRequiredChanges))
auditReport(environment, servername)
def switchOffPrWebForDMZServers(servername, username, password,
virtualServerName):
print 'switch Off PrWeb For DMZ Servers...'
cliConnected = connectSilent(servername, username, password)
cliConnected.cmd(
'/subsystem=web/virtual-server=' + virtualServerName +
'/rewrite=noPrWeb/:add(substitution=/,flags=nocase,pattern=^/prweb/)')
if (cliConnected != None): cliConnected.disconnect()
print 'switch Off PrWeb For DMZ Servers...end.'
def deployPegaMarketingHelp(servername, username, password,
applicationDeploymentSourceFolder):
print 'Deploying MarketingHelp for server: ' + servername + '...'
cli = None
try:
cli = connectSilent(servername, 9999, username, password)
deploymentArtefact = 'MarketingHelp.war'
deployToServer(servername, username, password,
applicationDeploymentSourceFolder, deploymentArtefact)
except:
print 'Install to server: ' + servername + ' FAILED: '
finally:
cli.disconnect()
print 'Deploying MarketingHelp for server: ' + servername + '...end.'
def upgradeMDMApps(servername, serverusername, serverPassword, applicationDeploymentSourceFolder):
cli = None
print 'upgradeCMD Applications for server: ' + servername + '...'
try:
cli = connectSilent(servername, serverusername, serverPassword)
result = cli.cmd("undeploy entity360view-ear.ear")
print('entity360view-ear.ear remove result: ' + result.getResponse().asString())
undeployResult = result.getResponse().asString()
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder + '\entity360view-ear.ear"')
print('entity360view-ear.ear install result: ' + result.getResponse().asString())
result = cli.cmd("undeploy informatica-mdm-platform-ear.ear")
print('informatica-mdm-platform-ear.ear remove result: ' + result.getResponse().asString())
undeployResult = result.getResponse().asString()
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder + '\informatica-mdm-platform-ear.ear"')
print('informatica-mdm-platform-ear.ear install result: ' + result.getResponse().asString())
result = cli.cmd("undeploy siperian-mrm.ear")
print('siperian-mrm.ear remove result: ' + result.getResponse().asString())
undeployResult = result.getResponse().asString()
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder + '\siperian-mrm.ear"')
print('siperian-mrm.ear install result: ' + result.getResponse().asString())
result = cli.cmd("undeploy siperian-mrm-cleanse.ear")
print('siperian-mrm-cleanse.ear remove result: ' + result.getResponse().asString())
undeployResult = result.getResponse().asString()
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder + '\siperian-mrm-cleanse.ear"')
print('siperian-mrm-cleanse.ear install result: ' + result.getResponse().asString())
# except Exception, e:
except:
print 'Upgrade for server: ' + servername + ' FAILED: '
finally:
if (cli != None) : cli.disconnect()
print 'upgradeCMD Applications for server: ' + servername + '...end.'
def deployMDMApps(servername, serverusername, serverPassword, applicationDeploymentSourceFolder):
print 'deployMDM Applications for server: ' + servername + '...'
cli = None
try:
cli = connectSilent(servername, serverusername, serverPassword)
print 'Deploying entity360view...'
result = cli.cmd('deploy --force "' + applicationDeploymentSourceFolder + '\entity360view-ear.ear"')
print('entity360view-ear.ear install result: ' + result.getResponse().asString())
print 'Deploying entity360view...end.'
print 'Deploying informatica-mdm-platform-ear...'
result = cli.cmd('deploy --force "' + applicationDeploymentSourceFolder + '\informatica-mdm-platform-ear.ear"')
print('informatica-mdm-platform-ear.ear install result: ' + result.getResponse().asString())
print 'Deploying informatica-mdm-platform-ear...end.'
print 'Deploying siperian-mrm...'
result = cli.cmd('deploy --force "' + applicationDeploymentSourceFolder + '\siperian-mrm.ear"')
print('siperian-mrm.ear install result: ' + result.getResponse().asString())
print 'Deploying siperian-mrm...end.'
print 'Deploying siperian-mrm-cleanse...'
result = cli.cmd('deploy --force "' + applicationDeploymentSourceFolder + '\siperian-mrm-cleanse.ear"')
print('siperian-mrm-cleanse.ear install result: ' + result.getResponse().asString())
print 'Deploying siperian-mrm-cleanse...end.'
# except Exception, e:
except:
print 'Deploy for server: ' + servername + ' FAILED: '
finally:
if (cli != None) : cli.disconnect()
print 'deployMDM Applications for server: ' + servername + '...end.'
def upgradePegaApps(servername, username, password,
applicationDeploymentSourceFolder):
print 'Upgrading Applications for server: ' + servername + '...'
connected = False
cli = None
try:
cli = connectSilent(servername, username, password)
if (cli): connected = True
print 'Upgrading prgateway.war...'
result = cli.cmd("undeploy prgateway.war")
print('prgateway.war remove result: ' +
result.getResponse().asString())
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder +
'\prgateway.war"')
print('prgateway.war install result: ' +
result.getResponse().asString())
print 'Upgrading prgateway.war...end.'
print 'Upgrading MS.war...'
result = cli.cmd("undeploy MS.war")
print('MS.war remove result: ' + result.getResponse().asString())
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder +
'\MS.war"')
print('MS.war install result: ' + result.getResponse().asString())
print 'Upgrading MS.war...end.'
print 'Upgrading PRPC ear...'
result = cli.cmd("undeploy prpc_j2ee14_jboss61JBM.ear")
print('prpc_j2ee14_jboss61JBM.ear remove result: ' +
result.getResponse().asString())
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder +
'\prpc_j2ee14_jboss61JBM.ear"')
print('prpc_j2ee14_jboss61JBM.war install result: ' +
result.getResponse().asString())
print 'Upgrading PRPC ear...end.'
print 'Upgrading PRSys Manage ear...'
result = cli.cmd("undeploy prsysmgmt_jboss.ear")
print('prsysmgmt_jboss.ear remove result: ' +
result.getResponse().asString())
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder +
'\prsysmgmt_jboss.ear"')
print('prsysmgmt_jboss.ear install result: ' +
result.getResponse().asString())
print 'Upgrading PRSys Manage ear...end.'
print 'Upgrading ADM7 ear...'
result = cli.cmd("undeploy adm7.ear")
print('adm7.ear remove result: ' + result.getResponse().asString())
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder +
'\adm7.ear"')
print('adm7.ear install result: ' +
result.getResponse().asString())
print 'Upgrading ADM7 ear...end.'
print 'Upgrading VBD ear...'
result = cli.cmd("undeploy vbd.ear")
print('vbd.ear remove result: ' + result.getResponse().asString())
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder +
'\vbd.ear"')
print('vbd.ear install result: ' + result.getResponse().asString())
print 'Upgrading VBD ear...end.'
print 'Upgrading PRHelp war...'
result = cli.cmd("undeploy prhelp.war")
print('prhelp.war remove result: ' + result.getResponse().asString())
if (result.success):
result = cli.cmd('deploy "' + applicationDeploymentSourceFolder +
'\prhelp.war"')
print('prhelp.war install result: ' +
result.getResponse().asString())
print 'Upgrading PRHelp war...end.'
except:
print 'Update to server: ' + servername + ' FAILED: '
finally:
if (connected): cli.disconnect()
print 'Upgrading Applications for server: ' + servername + '...end.'
def auditServersBasePega(environment, servername, propertiesDictionary, bApplyRequiredChanges) :
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None:
return
##############################################################
# Base server audit...
##############################################################
auditServersBaseAudit(environment, servername, runtimeProperties, bApplyRequiredChanges)
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Messaging Provider (Hornet Q)", "/subsystem=ejb3/", "default-resource-adapter-name", runtimeProperties["targetMessagingProvider"], bApplyRequiredChanges))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ Max Delivery Attempts", "/subsystem=messaging/hornetq-server=default/address-setting=#/", "max-delivery-attempts", runtimeProperties["targetHornetMaxdeliveryAttempts"], bApplyRequiredChanges))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ ReDelivery Delay", "/subsystem=messaging/hornetq-server=default/address-setting=#/", "redelivery-delay", runtimeProperties["targetHornetQRedeliveryDelay"], bApplyRequiredChanges))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ Consumer Window Size", "/subsystem=messaging/hornetq-server=default/pooled-connection-factory=hornetq-ra/", "consumer-window-size", runtimeProperties["consumer-window-size"], bApplyRequiredChanges))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "uRandom RNG", "/core-service=platform-mbean/type=runtime", "input-arguments", runtimeProperties["uRandomRNG"], False))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Pega User Home - Outside Container Folders", "/core-service=platform-mbean/type=runtime", "input-arguments", "-Duser.home", False))
oAuditObjectMolecule = auditObjectMolecule("Bean Poola - Avaya VoIP (EJB) : " + str(runtimeProperties["targetEjbStrictMaxPool"]), servername, False)
oAuditObjectMolecule.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "EJB Pool maxsize: " + str(runtimeProperties["targetEjbStrictMaxPool"]), "/subsystem=ejb3/strict-max-bean-instance-pool=slsb-strict-max-pool/", "max-pool-size", runtimeProperties["targetEjbStrictMaxPool"], False))
oAuditObjectMolecule2 = auditObjectMolecule("Bean Pools - Avaya VoIP (MDB) : " + str(runtimeProperties["targetEjbStrictMaxPool"]), servername, False)
oAuditObjectMolecule2.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "MDB Pool maxsize: " + str(runtimeProperties["targetEjbStrictMaxPool"]), "/subsystem=ejb3/strict-max-bean-instance-pool=mdb-strict-max-pool/", "max-pool-size", runtimeProperties["targetEjbStrictMaxPool"], False))
oAuditObjectMolecule3 = auditObjectMolecule("Bean Pools - Avaya VoIP (Async / CTI) : ", servername, bApplyRequiredChanges)
oAuditObjectMolecule3.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Async Pool minsize: " + str(runtimeProperties["AsyncConnectionFactory-min-pool-size"]), "/subsystem=messaging/hornetq-server=default/pooled-connection-factory=AsyncConnectionFactory/", "min-pool-size", runtimeProperties["AsyncConnectionFactory-min-pool-size"], bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Async Pool maxsize: " + str(runtimeProperties["AsyncConnectionFactory-max-pool-size"]), "/subsystem=messaging/hornetq-server=default/pooled-connection-factory=AsyncConnectionFactory/", "max-pool-size", runtimeProperties["AsyncConnectionFactory-max-pool-size"], bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "CTI thread Pool maxsize: " + str(runtimeProperties["targetEjbStrictMaxPool"]), "/subsystem=threads/bounded-queue-thread-pool=ctiThreadPool/", "max-threads", runtimeProperties["ctiThreadPool-maxThreads"], bApplyRequiredChanges))
allDatasourcesResponseResultList = [
'StagingInbound',
'AdminPegaRULES',
'PegaRULES',
'adm7DataSource',
'ihDataSource',
'nbamDataSource',
'padDataSource',
'vbdDataSource',
]
if (allDatasourcesResponseResultList) :
oAuditObjectMolecule4 = auditObjectMolecule("Datasource (Pega Non XA) Connection Perf Options", servername, True)
for datasource in allDatasourcesResponseResultList :
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": check-valid-connection-sql", "/subsystem=datasources/data-source=" + datasource + "/", "check-valid-connection-sql", runtimeProperties["jdbcTargetCheckValidConnectionSql"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": validate-on-match", "/subsystem=datasources/data-source=" + datasource + "/", "validate-on-match", runtimeProperties["jdbcValidateOnMatch"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": background-validation", "/subsystem=datasources/data-source=" + datasource + "/", "background-validation", runtimeProperties["jdbcBackgroundValidation"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": use-fast-fail", "/subsystem=datasources/data-source=" + datasource + "/", "use-fast-fail", runtimeProperties["jdbcUseFastFail"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": exception-sorter-class-name", "/subsystem=datasources/data-source=" + datasource + "/", "exception-sorter-class-name", runtimeProperties["jdbcExceptionSorterClassName"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": track-statements", "/subsystem=datasources/data-source=" + datasource + "/", "track-statements", runtimeProperties["jdbcTrackStatements"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": valid-connection-checker-class-name", "/subsystem=datasources/data-source=" + datasource + "/", "valid-connection-checker-class-name", runtimeProperties["jdbcValidConnectionCheckerClassName"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": flush-strategy", "/subsystem=datasources/data-source=" + datasource + "/", "flush-strategy", runtimeProperties["jdbcFlushStrategy"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": idle-timeout-minutes", "/subsystem=datasources/data-source=" + datasource + "/", "idle-timeout-minutes", runtimeProperties["jdbcIdleTimeoutMinutes"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": blocking-timeout-wait-millis", "/subsystem=datasources/data-source=" + datasource + "/", "blocking-timeout-wait-millis", runtimeProperties["jdbcBlockingTimeoutWaitMillis"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": pool-prefill", "/subsystem=datasources/data-source=" + datasource + "/", "pool-prefill", runtimeProperties["jdbcPoolPrefill"], bApplyRequiredChanges))
oAuditObjectMolecule5 = auditObjectMolecule("Security Hardening - Pega", servername, True)
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Disable Welcome Page", "/subsystem=web/virtual-server=default-host/", "enable-welcome-root", runtimeProperties["enable-welcome-root"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Remove Sample Web Alias", "/subsystem=web/virtual-server=default-host/", "alias", runtimeProperties["sampleWebAlias"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Custom Server Header", "/system-property=org.apache.coyote.http11.Http11Protocol.SERVER/", "value", runtimeProperties["customServerHeader"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - X Powered By - JSP", "/subsystem=web/configuration=jsp-configuration/", "x-powered-by", runtimeProperties["x-powered-by"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - X Powered By - Catalina Connector", "/system-property=org.apache.catalina.connector.X_POWERED_BY/", "value", runtimeProperties["x-powered-by"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Utf8Encoding - URI_ENCODING", "/system-property=org.apache.catalina.connector.URI_ENCODING/", "value", runtimeProperties["URI_ENCODING"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Utf8Encoding - USE_BODY_ENCODING_FOR_QUERY_STRING", "/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING/", "value", runtimeProperties["USE_BODY_ENCODING_FOR_QUERY_STRING"], bApplyRequiredChanges))
import datetime
from time import sleep
from library.jboss.jbossLibrary import getParameterValue, connectSilent, \
issueCliCommand
from library.util import appendToFile
username = "******"
password = "******"
serverList = {"localhost",
"127.0.0.1",
}
for servername in serverList:
cli = connectSilent(servername, username, password)
if (cli) :
result = issueCliCommand(cli, "/deployment=prpc_j2ee14_jboss61JBM.ear/subdeployment=pradapter.rar/subsystem=resource-adapters/statistics=statistics/connection-definitions=java\:\/eis\/PRAdapterConnectionFactory/:write-attribute(name=statistics-enabled,value=true)")
print "cli stats enable complete..."
else :
print "CLI connection FAILED..."
exit()
datetimeSuffix = datetime.datetime.strftime(datetime.datetime.now(), '%Y-%m-%d %H.%M.%S')
filename = "ConnectionFactoryPool-" + datetimeSuffix + ".csv"
# Title for table
appendToFile("PRPC PRAdapterConnectionFactory In-Use,", filename)
for servername in serverList:
appendToFile(servername + ",", filename)
appendToFile("\n", filename)
def auditServersMdmThread(environment, servername, propertiesDict,
bApplyRequiredChanges):
# merge global propertiesDict into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalProperties.dictionary)
runtimeProperties.update(propertiesDict)
if connectSilent(servername, runtimeProperties["username"],
runtimeProperties["password"]) == None:
return
##############################################################
# Base server audit...
##############################################################
auditServersBaseAudit(environment, servername, runtimeProperties,
bApplyRequiredChanges)
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"], "JDBC URL - Siperian System DS",
"/subsystem=datasources/xa-data-source=jdbc/siperian-cmx_system-ds/xa-datasource-properties=URL/",
"value", runtimeProperties["targetDSUrl"], bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: Informatica Entity360View",
"/deployment=entity360view-ear.ear/", "enabled",
"true", False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: Informatica Mdm Platform",
"/deployment=informatica-mdm-platform-ear.ear/",
"enabled", "true", False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: Informatica Siperian Mrm",
"/deployment=siperian-mrm.ear/", "enabled", "true",
False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: Informatica Siperian Mrm Cleanse",
"/deployment=siperian-mrm-cleanse.ear/", "enabled",
"true", False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Transactions Default Timeout",
"/subsystem=transactions/", "default-timeout",
runtimeProperties["transactionsDefaultTimeout"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "HornetQ Security OFF",
"/subsystem=messaging/hornetq-server=default/",
"security-enabled",
runtimeProperties["hornetq-security-enabled"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"HornetQ Persistence ON",
"/subsystem=messaging/hornetq-server=default/",
"persistence-enabled",
runtimeProperties["hornetq-persistence-enabled"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Remoting-connector security-realm undefined",
"/subsystem=remoting/connector=remoting-connector/",
"security-realm",
runtimeProperties["remoting-security-realm"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "EJB Pool threads",
"/subsystem=ejb3/thread-pool=default/", "max-threads",
runtimeProperties["targetCmdEjbStrictMaxPool"],
bApplyRequiredChanges))
##############################################################
# an auditObjectMolecule enables the user to group atoms together as one
##############################################################
oAuditObjectMolecule = auditObjectMolecule(
"Siperian System Datasource Pool Sizes", servername, True)
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Siperian Datasource Pool Size (min)",
"/subsystem=datasources/xa-data-source=jdbc/siperian-cmx_system-ds/",
"min-pool-size", runtimeProperties["siperian-min-pool-size"],
bApplyRequiredChanges))
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Siperian Datasource Pool Sizes (max)",
"/subsystem=datasources/xa-data-source=jdbc/siperian-cmx_system-ds/",
"max-pool-size", runtimeProperties["siperian-max-pool-size"],
bApplyRequiredChanges))
oAuditObjectMolecule2 = auditObjectMolecule(
"Web Connections threads http(s)", servername, False)
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Web Connections threads (http)",
"/subsystem=web/connector=http/", "max-connections",
runtimeProperties["targetWebMaxConnections"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Web Connections threads (https)",
"/subsystem=web/connector=https/", "max-connections",
runtimeProperties["targetWebMaxConnections"],
bApplyRequiredChanges))
oAuditObjectMolecule3 = auditObjectMolecule("Security Hardening - MDM",
servername, True)
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - Disable Welcome Page",
"/subsystem=web/virtual-server=default-host/",
"enable-welcome-root",
runtimeProperties["enable-welcome-root"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - Remove Sample Web Alias",
"/subsystem=web/virtual-server=default-host/", "alias",
runtimeProperties["sampleWebAlias"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - Custom Server Header",
"/system-property=org.apache.coyote.http11.Http11Protocol.SERVER/",
"value", runtimeProperties["customServerHeader"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - X Powered By - JSP",
"/subsystem=web/configuration=jsp-configuration/",
"x-powered-by", runtimeProperties["x-powered-by"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - X Powered By - Catalina Connector",
"/system-property=org.apache.catalina.connector.X_POWERED_BY/",
"value", runtimeProperties["x-powered-by"], bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - Utf8Encoding - URI_ENCODING",
"/system-property=org.apache.catalina.connector.URI_ENCODING/",
"value", runtimeProperties["URI_ENCODING"], bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - Utf8Encoding - USE_BODY_ENCODING_FOR_QUERY_STRING",
"/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING/",
"value", runtimeProperties["USE_BODY_ENCODING_FOR_QUERY_STRING"],
bApplyRequiredChanges))
def auditServersMarketingDMZThread(environment, servername,
propertiesDictionary,
bApplyRequiredChanges):
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
if connectSilent(servername, runtimeProperties["username"],
runtimeProperties["password"]) == None:
return
##############################################################
# Base server audit...
##############################################################
auditServersBasePega(environment, servername, runtimeProperties,
bApplyRequiredChanges)
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
oAuditObjectMolecule = auditObjectMolecule("Bind Addresses", servername,
True)
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"], "Bind Addr Management",
"/interface=management/", "inet-address",
"${jboss.bind.address.management:" + servername + ".theaa.local}",
bApplyRequiredChanges))
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "Bind Addr Public",
"/interface=public/", "inet-address",
runtimeProperties["targetPublicBindAddr"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: prsysmgmt Version",
"/deployment=prsysmgmt_jboss.ear/", "content",
runtimeProperties["prsysmanageVersionHash"], False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "App: PRPC Version",
"/deployment=prpc_j2ee14_jboss61JBM.ear/", "content",
runtimeProperties["prpcVersionHashDMZ"], False))
oAuditObjectMolecule2 = auditObjectMolecule("Security Hardening DMZ",
servername, True)
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - substitution1",
"/subsystem=web/virtual-server=default-host/rewrite=rule-1",
"substitution", runtimeProperties["rewrite-prweb-substitution1"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - pattern1",
"/subsystem=web/virtual-server=default-host/rewrite=rule-1",
"pattern", runtimeProperties["rewrite-prweb-pattern1"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - flags1",
"/subsystem=web/virtual-server=default-host/rewrite=rule-1",
"flags", runtimeProperties["rewrite-prweb-flags1"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - substitution2",
"/subsystem=web/virtual-server=default-host/rewrite=rule-2",
"substitution", runtimeProperties["rewrite-prweb-substitution2"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - pattern2",
"/subsystem=web/virtual-server=default-host/rewrite=rule-2",
"pattern", runtimeProperties["rewrite-prweb-pattern2"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - flags2",
"/subsystem=web/virtual-server=default-host/rewrite=rule-2",
"flags", runtimeProperties["rewrite-prweb-flags2"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - substitution3",
"/subsystem=web/virtual-server=default-host/rewrite=rule-3",
"substitution", runtimeProperties["rewrite-prweb-substitution3"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - pattern3",
"/subsystem=web/virtual-server=default-host/rewrite=rule-3",
"pattern", runtimeProperties["rewrite-prweb-pattern3"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - flags3",
"/subsystem=web/virtual-server=default-host/rewrite=rule-3",
"flags", runtimeProperties["rewrite-prweb-flags3"],
bApplyRequiredChanges))
bAllMustPass = True
AllDatasources = getAllDataSources(servername,
runtimeProperties["username"],
runtimeProperties["password"])
if (AllDatasources):
auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername,
bAllMustPass)
for ds in AllDatasources:
auditObjectMolecule1.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"JDBC URL - Marketing DMZ - " + ds,
"/subsystem=datasources/data-source=" + ds + "/",
"connection-url",
runtimeProperties["targetDSUrlMarketing"],
bApplyRequiredChanges))