def __init__(self, *args, **kwargs):
super(ModLogForm, self).__init__(*args, **kwargs)
self = bootstrap_tooltips(self, exclude='repository_choices')
repo_lst = BaseAbstractRepository.get_data_repositories()
data_repo_lst = list()
for rep in repo_lst:
data_repo_lst.append((
rep.id,
rep.repo_name,
))
self.fields['repository_choices'] = ChoiceField(choices=data_repo_lst,
required=False)
repo_lst = BaseAbstractRepository.get_syslog_repositories()
syslog_repo_lst = list()
syslog_repo_lst.append(("", ""))
for rep in repo_lst:
syslog_repo_lst.append((
rep.id,
rep.repo_name,
))
self.fields['repository_syslog'] = ChoiceField(choices=syslog_repo_lst,
required=False)
def __init__(self, type_logs):
"""
Open the specified file and use it as the stream for logging.
"""
# keep the absolute path, otherwise derived classes which use this
# may come a cropper when the current directory changes
self._name = "Database Handler"
self.filters = []
self.lock = None
cluster = Cluster.objects.get()
try:
logs_repository = cluster.system_settings.global_settings.repository
if not logs_repository:
for logs_repository in BaseAbstractRepository.get_data_repositories(
):
if logs_repository.is_internal:
break
except:
for logs_repository in BaseAbstractRepository.get_data_repositories(
):
if logs_repository.is_internal:
break
if logs_repository.type_uri == 'mongodb':
self.client = MongoDBClient(logs_repository)
elif logs_repository.type_uri == 'elasticsearch':
self.client = ElasticSearchClient(logs_repository)
self.type_logs = type_logs
def profile_list(request):
""" Page dedicated to show application list
"""
# Retrieve unicity of (app_id, repo_id, login)
profile_list = list(
SSOProfile.objects.aggregate(
{
"$group": {
"_id": {
"login": "******",
"app_id": "$app_id",
"repo_id": "$repo_id"
}
}
}, {
"$project": {
"_id": 0,
"login": "******",
"app_id": "$_id.app_id",
"login": "******",
"repo_id": "$_id.repo_id"
}
}))
for profile in profile_list:
profile['app_name'] = Application.objects.get(
id=ObjectId(profile['app_id'])).name
profile['repo_name'] = BaseAbstractRepository.search_repository(
profile['repo_id']).repo_name
return render_to_response('sso_profiles.html', {'profiles': profile_list},
context_instance=RequestContext(request))
def get(self, request, repo_id, login=""):
""" Retrieve authentication repository with its id, and return informations from asked user """
try:
assert login, "Login missing."
repo = BaseAbstractRepository.search_repository(repo_id)
assert repo, "Authentication repository not found with id '{}'".format(repo_id)
assert repo.repo_type == "auth", "Repository with id '{}' type is not authentication".format(repo_id)
except AssertionError as e:
logger.error("RepositoriesAPI::GET: {}".format(e))
return JsonResponse({'status': False,
'error': str(e)})
try:
user_infos = repo.get_backend().get_user_infos(login)
return JsonResponse({
'status': True,
'user_infos': user_infos
})
except NotImplementedError:
return JsonResponse({'status': False,
'error': "Get user informations on this type of repository is not supported yet."})
except Exception as e:
logger.critical(e, exc_info=1)
return JsonResponse({
'status': False,
'error': str(e)
})
def get_format(self):
""" Force static format for mongoDB and elasticsearch repositories """
if self.repository_type == 'data':
repo = BaseAbstractRepository.search_repository(
self.data_repository)
if isinstance(repo, MongoDBRepository):
return "@cee:{\\\"app_name\\\":\\\"%{app_name}e\\\",\\\"src_ip\\\":\\\"%a\\\",\\\"user\\\":\\\"%u\\\",\\\"time\\\":\\\"%{%Y-%m-%dT%H:%M:%S:%Z}t\\\",\\\"http_method\\\":\\\"%m\\\",\\\"requested_uri\\\":\\\"%U%q\\\",\\\"http_code\\\":%>s,\\\"incoming_protocol\\\":\\\"%H\\\",\\\"referer\\\":\\\"%{Referer}i\\\",\\\"user_agent\\\":\\\"%{User-agent}i\\\",\\\"size\\\":%B,\\\"bytes_received\\\":%I,\\\"bytes_sent\\\":%O,\\\"time_elapsed\\\":%D,\\\"country\\\":\\\"%{COUNTRY_CODE}e\\\",\\\"city\\\":\\\"%{CITY}e\\\",\\\"lat\\\":\\\"%{LATITUDE}e\\\",\\\"lon\\\":\\\"%{LONGITUDE}e\\\",\\\"reputation\\\":\\\"%{REPUTATION0}e,%{REPUTATION1}e,%{REPUTATION2}e,%{REPUTATION3}e,%{REPUTATION4}e\\\",\\\"owasp_top10\\\":\\\"%{owasp_top10}e\\\",\\\"reasons\\\":\\\"%{reasons}e\\\",\\\"threshold\\\":\\\"%{threshold}e\\\",\\\"score\\\":\\\"%{score}e\\\"}"
elif isinstance(repo, ElasticSearchRepository):
return "@cee:{\\\"app_name\\\":\\\"%{app_name}e\\\",\\\"src_ip\\\":\\\"%a\\\",\\\"user\\\":\\\"%u\\\",\\\"time\\\":\\\"%{%Y-%m-%dT%H:%M:%S%z}t\\\",\\\"http_method\\\":\\\"%m\\\",\\\"requested_uri\\\":\\\"%U%q\\\",\\\"http_code\\\":%>s,\\\"incoming_protocol\\\":\\\"%H\\\",\\\"referer\\\":\\\"%{Referer}i\\\",\\\"user_agent\\\":\\\"%{User-agent}i\\\",\\\"size\\\":%B,\\\"bytes_received\\\":%I,\\\"bytes_sent\\\":%O,\\\"time_elapsed\\\":%D,\\\"country\\\":\\\"%{COUNTRY_CODE}e\\\",\\\"city\\\":\\\"%{CITY}e\\\",\\\"lat\\\":\\\"%{LATITUDE}e\\\",\\\"lon\\\":\\\"%{LONGITUDE}e\\\",\\\"reputation\\\":\\\"%{REPUTATION0}e,%{REPUTATION1}e,%{REPUTATION2}e,%{REPUTATION3}e,%{REPUTATION4}e\\\",\\\"owasp_top10\\\":\\\"%{owasp_top10}e\\\",\\\"reasons\\\":\\\"%{reasons}e\\\",\\\"threshold\\\":\\\"%{threshold}e\\\",\\\"score\\\":\\\"%{score}e\\\"}"
separators = {
'space': ' ',
'tab': '\t',
'comma': ',',
'semicolon': ';',
'underscore': '_',
'minus': '-'
}
sep = separators.get(self.separator, ' ')
ret = ""
for s in self.format.split(','):
s = s.replace('%r', '\\"%r\\"')
s = s.replace('%{Referer}i', '\\"%{Referer}i\\"')
s = s.replace('%{User-agent}i', '\\"%{User-agent}i\\"')
s = s.replace('%{app_name}e', '\\"%{app_name}e\\"')
ret = ret + s + sep
return ret[:-1]
def delete(self, request, repo_id, login=""):
try:
assert login, "Login missing."
repo = BaseAbstractRepository.search_repository(repo_id)
assert repo, "Authentication repository not found with id '{}'".format(repo_id)
assert repo.repo_type == "auth", "Repository with id '{}' type is not authentication".format(repo_id)
backend = repo.get_backend()
except AssertionError as e:
logger.error("RepositoriesAPI::POST: {}".format(e))
return JsonResponse({'status': False,
'error': str(e)})
try:
# First check if that user is in repository
if not self.check_user_exists(backend, login):
return JsonResponse({'status': False, 'error': "User '{}' does not exists in repository "
"'{}'".format(login, repo.repo_name)})
request_data = request.POST or request.JSON
if not request_data.get('confirm'):
return JsonResponse({'status': False, 'error': "Please send confirm=true to delete "
"user {}.".format(login)})
backend.delete_user(login)
return JsonResponse({
'status': True
})
except Exception as e:
logger.critical(e, exc_info=1)
return JsonResponse({
'status': False,
'error': str(e)
})
def setAutologonPassword(self, app_id, app_name, backend_id, username,
old_password, new_password):
result = None
# SECURITY : Verify if the old password is correct !
if self.getAutologonPassword(app_id, backend_id,
username) == old_password:
# Update password
pwd = SSOProfile()
p = pwd.set_data(
str(app_id), app_name, str(backend_id),
BaseAbstractRepository.search_repository(backend_id).repo_name,
username, 'vlt_autologon_password', new_password)
if p:
self.keys['password_' + str(backend_id)] = p
result = self.handler.hset(self.key,
'password_' + str(backend_id), p)
else:
logger.info(
"REDISPortalSession::setAutologonPassword: Unable to encrypt password "
)
else:
logger.info(
"REDISPortalSession::setAutologonPassword: Wrong old_password : cannot set the new one"
)
return result
def __init__(self):
cluster = Cluster.objects.get()
for logs_repository in BaseAbstractRepository.get_data_repositories():
if logs_repository.is_internal:
break
self.log_rotate = cluster.system_settings.global_settings.log_rotate
self.client = MongoDBClient(logs_repository)
def repository(self):
""" Property used to map repository field to Repository Object
:return:
"""
if self.repository_type == 'data':
return BaseAbstractRepository.search_repository(
self.data_repository)
return self.repository_type
def repository(self):
""" Property used to map repository field to Repository Object
:return:
"""
if self.repository_type == 'data':
from gui.models.repository_settings import BaseAbstractRepository
return BaseAbstractRepository.search_repository(self.data_repository)
return self.repository_type
def update():
cluster = Cluster.objects.get()
for repo in BaseAbstractRepository.get_data_repositories():
if repo.is_internal:
break
cluster.system_settings.global_settings.logs_repository = repo.id
cluster.save()
def __init__(self, *args, **kwargs):
super(GLOBALSettingsForm, self).__init__(*args, **kwargs)
self = bootstrap_tooltips(self)
repo_lst = BaseAbstractRepository.get_data_repositories()
data_repo_lst = [(repo.id, repo.repo_name) for repo in repo_lst]
try:
self.fields['logs_repository'] = ChoiceField(choices=data_repo_lst, required=True,
widget=Select(attrs={'class': 'form-control'}))
except:
pass
def post(self, request, repo_id, login=""):
try:
assert login, "Login missing."
repo = BaseAbstractRepository.search_repository(repo_id)
assert repo, "Authentication repository not found with id '{}'".format(repo_id)
assert repo.repo_type == "auth", "Repository with id '{}' type is not authentication".format(repo_id)
backend = repo.get_backend()
except AssertionError as e:
logger.error("RepositoriesAPI::POST: {}".format(e))
return JsonResponse({'status': False,
'error': str(e)})
try:
# First check if that user is in repository
if self.check_user_exists(backend, login):
return JsonResponse({'status': False, 'error': "User '{}' already exists in repository "
"'{}'".format(login, repo.repo_name)})
# Check if fields are correctly filled-in
request_data = request.POST or (request.JSON if hasattr(request, "JSON") else dict())
password = request_data.get('password')
if not password:
return JsonResponse({'status': False, 'error': "Password missing in POST data."})
login = login
password = password
email = request_data.get('email', "")
phone = request_data.get('phone', "")
kwargs = {}
if isinstance(repo, LDAPRepository):
group = request_data.get('group')
update_group = request_data.get('update_group')
if not group:
return JsonResponse({'status': False, 'error': "Group is missing for adding user into LDAP repository."})
else:
group = group
kwargs['group'] = group
kwargs['update_group'] = update_group
backend.add_new_user(login, password, email, phone, **kwargs)
return JsonResponse({
'status': True
})
except Exception as e:
logger.critical(e, exc_info=1)
return JsonResponse({
'status': False,
'error': str(e)
})
def __init__(self, *args, **kwargs):
super(PFSettingsForm, self).__init__(*args, **kwargs)
self = bootstrap_tooltips(self, exclude='repository_choices')
repo_lst = BaseAbstractRepository.get_data_repositories()
data_repo_lst = list()
for rep in repo_lst:
data_repo_lst.append((rep.id, rep.repo_name))
self.fields['repository_choices'] = ChoiceField(choices=data_repo_lst, required=False,
widget=Select(attrs={'class': 'form-control'}))
repo_lst = BaseAbstractRepository.get_syslog_repositories()
syslog_repo_lst = list()
syslog_repo_lst.append(("",""))
for rep in repo_lst:
syslog_repo_lst.append((rep.id, rep.repo_name))
self.fields['repository_syslog'] = ChoiceField(choices=syslog_repo_lst, required=False,
widget=Select(attrs={'class': 'form-control'}))
self.fields['repository_type'] = ChoiceField(choices=PFSettings.TYPE_REPO, required=True,
widget=Select(attrs={'class': 'form-control'}))
def put(self, request, repo_id, login=""):
try:
assert login, "Login missing."
repo = BaseAbstractRepository.search_repository(repo_id)
assert repo, "Authentication repository not found with id '{}'".format(repo_id)
assert repo.repo_type == "auth", "Repository with id '{}' type is not authentication".format(repo_id)
backend = repo.get_backend()
except AssertionError as e:
logger.error("RepositoriesAPI::POST: {}".format(e))
return JsonResponse({'status': False,
'error': str(e)})
try:
# First check if that user is in repository
if not self.check_user_exists(backend, login):
return JsonResponse({'status': False, 'error': "User '{}' does not exists in repository "
"'{}'".format(login, repo.repo_name)})
# Check if fields are correctly filled-in
request_data = request.POST or request.JSON
login = login
email = request_data.get('email')
phone = request_data.get('phone')
password = request_data.get('password')
if not email and not phone and not password:
return JsonResponse({'status': False, 'error': "Password, Email and Phone missing in POST data. "
"Nothing to do."})
if email:
email = email
if phone:
phone = phone
if email or phone:
backend.update_user(login, email=email, phone=phone)
if password:
password = password
backend.change_password(login, "", password)
return JsonResponse({
'status': True
})
except Exception as e:
logger.critical(e, exc_info=1)
return JsonResponse({
'status': False,
'error': str(e)
})
def register_authentication(self, app_id, app_name, backend_id, url,
dbauthentication_required, username, password,
oauth2_token, app_token, authentication_datas,
timeout):
if dbauthentication_required:
self.keys[backend_id] = 0
else:
self.keys[backend_id] = 1
self.keys['url_' + app_id] = url
self.keys['backend_' + app_id] = backend_id
self.keys['login_' + backend_id] = username
if oauth2_token:
self.keys['oauth2_' + backend_id] = oauth2_token
self.keys['app_id_' + backend_id] = app_id
""" Make the link with precedent portal session to get the list of application cookies """
try:
tmp = literal_eval(self.keys['app_list'])
tmp.append(app_token)
self.keys['app_list'] = str(tmp)
except Exception as e:
self.keys['app_list'] = str([app_token])
# WARNING : THE KEYS ARE NOT INITIALIZED ANYMORE !
# self.keys['otp'] = None
# self.keys['authy_id'] = None
# self.keys['user_phone'] = None
# self.keys['user_mail'] = None
""" Try to retrieve user phone from authentication_results """
self.keys['user_phone'] = authentication_datas.get('user_phone', 'N/A')
self.keys['user_email'] = authentication_datas.get('user_email', 'N/A')
if password:
# Encrypt the password with the application id and user login and store it in portal session
pwd = SSOProfile()
p = pwd.set_data(
app_id, app_name, backend_id,
BaseAbstractRepository.search_repository(backend_id).repo_name,
username, 'vlt_autologon_password', password)
self.keys['password_' + backend_id] = p
if not self.write_in_redis(timeout or self.default_timeout):
raise REDISWriteError(
"REDISPortalSession::register_authentication: Unable to write authentication infos in REDIS"
)
return self.key
def authenticate(self, user_id, key, **kwargs):
totp = TOTP(user_id)
if not totp.verify(key):
raise AuthenticationError("TOTP taped token is not valid.")
logger.info(
"TOTP Token for user {} successfully verified.".format(user_id))
# If the SSOProfile is not yet in MongoDB, set-it
app_id = kwargs['app']
app_name = kwargs['app_name']
backend_id = kwargs['backend']
login = kwargs['login']
try:
aes = AESCipher("{}{}{}{}{}".format(SECRET_KEY, app_id, backend_id,
login, "totp"))
encrypted_field = aes.key.hex()
sso_profile = SSOProfile.objects.filter(
encrypted_name=encrypted_field, login=login).first()
if sso_profile:
decrypted_value = sso_profile.get_data(
sso_profile.encrypted_value, app_id, backend_id, login,
"totp")
if decrypted_value:
logger.debug(
"TOTP token for user '{}' retrieven from database.".
format(login))
return True
# SSOProfile not found -> Create it
sso_profile = SSOProfile()
sso_profile.set_data(
app_id, app_name, backend_id,
BaseAbstractRepository.search_repository(
ObjectId(backend_id)).repo_name, login, "totp", user_id)
logger.info(
"TOTP token for user {} stored in database.".format(login))
# Save in Mongo
sso_profile.store()
except Exception as e:
logger.exception(e)
raise e
return True
def repository(self):
""" Property used to map repository field to Repository Object
:return:
"""
return BaseAbstractRepository.search_repository(self.logs_repository)
def check_status():
""" Check if krb5.conf need updates. Update file if needed
:return: True if krb5.conf was updated, False otherwise
"""
# No matter if keytab need update : Do it !
# First ; Clear file (don't delete to not change permissions)
try:
proc = subprocess.Popen([
'/usr/local/bin/sudo', '-u', 'vlt-sys', '/usr/local/bin/sudo',
'/home/vlt-sys/scripts/flush_keytab.sh'
],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
res, errors = proc.communicate()
logger.debug("CONF::Kerberos: Flushing keytab stdout: {}".format(
str(res)))
if errors:
logger.error("CONF::Kerberos: Flushing keytab error: {}".format(
str(errors)))
except Exception as e:
logger.error("CONF::Kerberos: Flushing keytab error: {}".format(
str(e)))
# retrieve the Kerberos repositories to generate the configuration file and the keytab
krb5_repos = list()
repo_list = BaseAbstractRepository.get_auth_repositories()
for repo in repo_list:
if isinstance(repo.get_backend(), KerberosBackend):
# Don't write bullshit in system files
if test_keytab(repo.keytab)['status']:
# Retrieve keytabs from repos and import them into master keytab
result = import_keytab(logger, repo.keytab)
if not result:
logger.error(
"CONF::Kerberos: Fail to import keytab for repository : {}"
.format(str(repo.repo_name)))
else:
logger.info(
"CONF::Kerberos: Successfully imported keytab for repository : {}"
.format(str(repo.repo_name)))
else:
logger.error(
"CONF::Kerberos: Unable to decode the keytab : write_on_system not allowed."
)
# And other attributes needed to generate the configuration file
krb5_repo = dict()
krb5_repo['realm'] = repo.realm
if str(repo.domain_realm)[0] == '.':
krb5_repo['domain'] = str(repo.domain_realm)[1:]
else:
krb5_repo['domain'] = repo.domain_realm
krb5_repo['kdcs'] = str(repo.kdc).split(',')
krb5_repo['admin_server'] = repo.admin_server
krb5_repos.append(krb5_repo)
if len(krb5_repos) > 0:
# Get required fields to generate the template with Kerberos Repositories
parameters = {
'default_realm': krb5_repos[0]['realm'],
'repos': krb5_repos,
}
# Generate the configuration with template and repositories retrieved
tpl, path_rc = tpl_utils.get_template('kerberos')
conf_rc = tpl.render(conf=parameters)
try:
f = open(path_rc, 'r')
orig_conf = f.read()
except IOError:
orig_conf = ""
# If krb5.conf and newly generated conf differs => writing new version
if orig_conf != conf_rc:
write_result = write_in_file(path_rc, conf_rc)
return True
else:
return False
return False
import sys
sys.path.append('/home/vlt-gui/vulture')
os.environ.setdefault("DJANGO_SETTINGS_MODULE", 'vulture.settings')
import django
django.setup()
from gui.models.application_settings import Application
from gui.models.repository_settings import BaseAbstractRepository, SSOProfile
if __name__ == '__main__':
for sso_profile in SSOProfile.objects.all():
try:
app = Application.objects.get(name=sso_profile.app_name)
except:
print(
"Error updating SSOProfile '<SSOProfile(app={},repo={},login={}' : Application named '{}' not found."
.format(sso_profile.app_name, sso_profile.repo_name,
sso_profile.login, sso_profile.app_name))
else:
sso_profile.app_id = app.id
# Search for repository
for repo in BaseAbstractRepository.get_auth_repositories():
if repo.repo_name == sso_profile.repo_name:
sso_profile.repo_id = repo.id
sso_profile.store()
print("SSO learning profiles updated.")
def stock_sso_field(self, username, field, value):
try:
sso_profile = self.retrieve_sso_profile(username, field)
if not sso_profile:
raise Exception("Cannot retrieve sso profile")
except Exception as e:
logger.debug("Cannot retrieve sso profile '{}' for user '{}' : {}".format(field, username, e))
try:
sso_profile = SSOProfile()
sso_profile.set_data(str(self.application.id), self.application.name, str(self.backend_id), BaseAbstractRepository.search_repository(self.backend_id).repo_name, str(username), str(field), str(value))
sso_profile.store()
except Exception as e:
logger.error("SSOForward::stock_sso_field: Unable to store SSO Profile (field={},username={}) : {}".format(field, username, str(e)))
logger.exception(e)
def clean(self):
super(ApplicationForm, self).clean()
if self.cleaned_data.get('type') == 'balanced' \
and not self.cleaned_data.get('proxy_balancer'):
self.add_error('proxy_balancer', 'Please choose a proxy balancer')
if self.cleaned_data.get('need_auth') and self.cleaned_data.get(
'auth_type'
) == "form" and not self.cleaned_data.get('template'):
self.add_error(
'template',
'Please choose a template for authentication forms')
if self.cleaned_data.get(
'public_name') and '/' in self.cleaned_data.get('public_name'):
self.add_error('public_name', 'Public FQDN cannot contain "/"')
if self.cleaned_data.get(
'public_alias') and '/' in self.cleaned_data.get(
'public_alias'):
self.add_error('public_alias', 'Public FQDN cannot contain "/"')
if ' ' in self.cleaned_data.get('public_dir'):
self.add_error('public_dir', 'Public dir must not contain space')
if self.cleaned_data.get('auth_type') != 'form':
self.cleaned_data['otp_repository'] = None
# It is not possible to set auth_type AND sso_type to 'kerberos'
if self.cleaned_data.get(
'auth_type') == 'kerberos' and self.cleaned_data.get(
'sso_forward') == 'kerberos':
self.add_error(
'auth_type',
" You cannot set authentication type AND sso forward type to 'kerberos'"
)
self.add_error(
'sso_forward',
" You cannot set authentication type AND sso forward type to 'kerberos'"
)
loadbalancers = [
"{}:{}".format(lb.incoming_listener.ip, lb.incoming_port)
for lb in Loadbalancer.objects.all()
]
for listener in self.listeners:
if "{}:{}".format(listener.address.ip,
listener.port) in loadbalancers:
self.add_error(
'Network',
" An haproxy configuration is currently using this port with this Listener"
)
# If sso_forward == "kerberos" -> verify if auth_backend(fallback) is a KerberosRepository
error = True
if self.cleaned_data.get('sso_forward') == 'kerberos':
for repo in BaseAbstractRepository.get_auth_repositories():
if str(self.cleaned_data.get('auth_backend')) == str(
repo.id) and isinstance(repo.get_backend(),
KerberosBackend):
error = False
break
elif str(
self.cleaned_data.get('auth_backend_fallback')) == str(
repo.id) and isinstance(repo.get_backend(),
KerberosBackend):
error = False
break
if error:
self.add_error(
'sso_forward',
"If sso_forward = 'Kerberos', you must have a kerberos backend"
)
auth_type = [x[0] for x in Application().AUTH_TYPE]
if self.cleaned_data.get('sso_enabled') and self.cleaned_data.get(
'auth_type') not in auth_type:
self.add_error(
'auth_type',
"Please select a forward type for the SSO Forward configuration"
)
# If there is a modsec rulesSet selected
if self.cleaned_data.get('rules_set', None):
# And a ModSecPolicy with 'body_inspection' if Off
modsec_policy = self.cleaned_data.get('modsec_policy', None)
if not hasattr(modsec_policy, 'seccontentinjection'
) or not modsec_policy.seccontentinjection:
self.add_error(
'rules_set',
'The ModSec Policy must have "Content injection" to On to activate ModSec RulesSet'
)
self.cleaned_data["custom_location"] = self.cleaned_data.get(
'custom_location', "").replace("\r", "")
self.cleaned_data["custom_vhost"] = self.cleaned_data.get(
'custom_vhost', "").replace("\r", "")
self.cleaned_data["custom_proxy"] = self.cleaned_data.get(
'custom_proxy', "").replace("\r", "")
return self.cleaned_data
def __init__(self, *args, **kwargs):
try:
self.listeners = kwargs.pop('listeners')
except KeyError:
pass
super(ApplicationForm, self).__init__(*args, **kwargs)
self = bootstrap_tooltips(self)
repo_lst = BaseAbstractRepository.get_auth_repositories()
auth_repo_lst = list()
for rep in repo_lst:
auth_repo_lst.append((
ObjectId(rep.id),
rep.repo_name,
))
mod_sec_choices = list()
for rule in ModSecRulesSet.objects(type_rule__nin=('wlbl', )):
mod_sec_choices.append((ObjectId(rule.id), rule.name))
dataset_list = list()
dataset_list.append(((None), "------------------------------"))
for dataset in Dataset.objects(svm_built=True).only('name', 'id'):
dataset_list.append((ObjectId(dataset.id), dataset.name))
client_certificate = [('', '---------')]
for cert in SSLCertificate.objects(is_trusted_ca__ne=True).only(
'id', 'cn'):
client_certificate.append(("%sSSLProxyCertificateFile-%s.txt" %
(settings.CONF_DIR, cert.id), cert.cn))
COOCKIE_CIPHER = (
('rc4', 'RC4 (128 bits)'),
('aes128', 'AES 128 (128 bits)'),
('aes256', 'AES 256 (256 bits)'),
)
IP_REPUTATION = []
loganalyser_rules = Cluster.objects.get(
).system_settings.loganalyser_settings.loganalyser_rules
for rule in loganalyser_rules:
tags = rule.tags.split(',')
for tag in tags:
IP_REPUTATION.append((tag, tag.capitalize()))
GEOIP = []
for tag in [
"AF", "AX", "AL", "DZ", "AS", "AD", "AO", "AI", "AQ", "AG",
"AR", "AM", "AW", "AU", "AT", "AZ", "BS", "BH", "BD", "BB",
"BY", "BE", "BZ", "BJ", "BM", "BT", "BO", "BQ", "BA", "BW",
"BV", "BR", "IO", "BN", "BG", "BF", "BI", "KH", "CM", "CA",
"CV", "KY", "CF", "TD", "CL", "CN", "CX", "CC", "CO", "KM",
"CG", "CD", "CK", "CR", "CI", "HR", "CU", "CW", "CY", "CZ",
"DK", "DJ", "DM", "DO", "EC", "EG", "SV", "GQ", "ER", "EE",
"ET", "FK", "FO", "FJ", "FI", "FR", "GF", "PF", "TF", "GA",
"GM", "GE", "DE", "GH", "GI", "GR", "GL", "GD", "GP", "GU",
"GT", "GG", "GN", "GW", "GY", "HT", "HM", "VA", "HN", "HK",
"HU", "IS", "IN", "ID", "IR", "IQ", "IE", "IM", "IL", "IT",
"JM", "JP", "JE", "JO", "KZ", "KE", "KI", "KP", "KR", "KW",
"KG", "LA", "LV", "LB", "LS", "LR", "LY", "LI", "LT", "LU",
"MO", "MK", "MG", "MW", "MY", "MV", "ML", "MT", "MH", "MQ",
"MR", "MU", "YT", "MX", "FM", "MD", "MC", "MN", "ME", "MS",
"MA", "MZ", "MM", "NA", "NR", "NP", "NL", "NC", "NZ", "NI",
"NE", "NG", "NU", "NF", "MP", "NO", "OM", "PK", "PW", "PS",
"PA", "PG", "PY", "PE", "PH", "PN", "PL", "PT", "PR", "QA",
"RE", "RO", "RU", "RW", "BL", "SH", "KN", "LC", "MF", "PM",
"VC", "WS", "SM", "ST", "SA", "SN", "RS", "SC", "SL", "SG",
"SX", "SK", "SI", "SB", "SO", "ZA", "GS", "SS", "ES", "LK",
"SD", "SR", "SJ", "SZ", "SE", "CH", "SY", "TW", "TJ", "TZ",
"TH", "TL", "TG", "TK", "TO", "TT", "TN", "TR", "TM", "TC",
"TV", "UG", "UA", "AE", "GB", "US", "UM", "UY", "UZ", "VU",
"VE", "VN", "VG", "VI", "WF", "EH", "YE", "ZM", "ZW"
]:
GEOIP.append((tag, tag))
self.fields['block_reputation'] = MultipleChoiceField(
required=False,
choices=set(IP_REPUTATION),
widget=SelectMultiple(attrs={'class': 'form-control select2'}))
self.fields['block_geoip'] = MultipleChoiceField(
required=False,
choices=set(GEOIP),
widget=SelectMultiple(attrs={'class': 'form-control select2'}))
self.fields['allow_geoip'] = MultipleChoiceField(
required=False,
choices=set(GEOIP),
widget=SelectMultiple(attrs={'class': 'form-control select2'}))
self.fields['template'].queryset = portalTemplate.objects.filter()
self.fields['auth_backend'] = ChoiceField(
choices=auth_repo_lst,
required=False,
widget=Select(attrs={'class': 'form-control'}))
self.fields['auth_backend_fallbacks'] = MultipleChoiceField(
choices=auth_repo_lst,
required=False,
widget=SelectMultiple(attrs={'class': 'form-control select2'}))
self.fields['redirect_uri'] = CharField(
required=False,
widget=Textarea(attrs={
'cols': 80,
'rows': 1,
'class': 'form-control'
}))
self.fields['sso_capture_content'] = CharField(
required=False,
widget=Textarea(attrs={
'cols': 80,
'rows': 2,
'class': 'form-control'
}))
self.fields['sso_replace_pattern'] = CharField(
required=False,
widget=Textarea(attrs={
'cols': 40,
'rows': 2,
'class': 'form-control'
}))
self.fields['sso_replace_content'] = CharField(
required=False,
widget=Textarea(attrs={
'cols': 40,
'rows': 2,
'class': 'form-control'
}))
self.fields['sso_after_post_request'] = CharField(
required=False,
widget=Textarea(attrs={
'cols': 80,
'rows': 2,
'class': 'form-control'
}))
self.fields['rules_set'] = MultipleChoiceField(
choices=mod_sec_choices,
required=False,
widget=SelectMultiple(attrs={'class': 'form-control'}))
self.fields['datasets'] = ChoiceField(
choices=dataset_list,
required=False,
widget=Select(attrs={'class': 'form-control'}))
self.fields['ssl_protocol'] = ChoiceField(
choices=SSL_PROTOCOLS,
required=False,
widget=Select(attrs={'class': 'form-control'}))
self.fields['ssl_client_certificate'] = ChoiceField(
choices=client_certificate,
required=False,
widget=Select(attrs={'class': 'form-control'}))
self.fields['custom_vhost'] = CharField(
required=False,
widget=Textarea(attrs={
'cols': 80,
'rows': 15,
'class': 'form-control'
}))
self.fields['custom_location'] = CharField(
required=False,
widget=Textarea(attrs={
'cols': 80,
'rows': 15,
'class': 'form-control'
}))
self.fields['custom_proxy'] = CharField(
required=False,
widget=Textarea(attrs={
'cols': 80,
'rows': 15,
'class': 'form-control'
}))
self.fields['cookie_cipher'] = ChoiceField(
choices=COOCKIE_CIPHER,
required=False,
widget=Select(attrs={'class': 'form-control'}))
if self.initial.get("auth_backend"):
repo = BaseAbstractRepository.search_repository(
self.initial.get('auth_backend'))
if isinstance(repo, LDAPRepository):
try:
groups = [(x, x)
for x in repo.get_backend().enumerate_groups()]
except:
groups = []
finally:
self.fields['group_registration'] = ChoiceField(
choices=groups,
required=False,
widget=Select(attrs={'class': 'form-control'}))
__doc__ = """This migration script update the names of collection and index"""
import os
import sys
sys.path.append('/home/vlt-gui/vulture')
os.environ.setdefault("DJANGO_SETTINGS_MODULE", 'vulture.settings')
import django
django.setup()
from gui.models.repository_settings import BaseAbstractRepository, MongoDBRepository, ElasticSearchRepository
if __name__ == '__main__':
repositories = BaseAbstractRepository.get_data_repositories()
for repo in repositories:
if isinstance(repo, MongoDBRepository):
repo.db_packetfilter_collection_name = "vulture_pf"
repo.db_diagnostic_collection_name = "vulture_diagnostic"
repo.db_vulturelogs_collection_name = "vulture_logs"
elif isinstance(repo, ElasticSearchRepository):
repo.es_packetfilter_index_name = "vulture_pf"
repo.es_packetfilter_type_name = "vulture_pf"
repo.es_diagnostic_index_name = "vulture_diagnostic"
repo.es_diagnostic_type_name = "vulture_diagnostic"
repo.es_vulturelogs_index_name = "vulture_logs"
repo.es_vulturelogs_type_name = "vulture_logs"
def __init__(self):
super(Module, self).__init__()
self.log_level = 'debug'
self.repositories = BaseAbstractRepository.get_repositories()