def auditServersMarketingThread(environment, servername, propertiesDictionary, bApplyRequiredChanges) :
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None:
return
##############################################################
# Base server audit...
##############################################################
auditServersBasePega(environment, servername, runtimeProperties, bApplyRequiredChanges)
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: prsysmgmt Version", "/deployment=prsysmgmt_jboss.ear/", "content", runtimeProperties["prsysmanageVersionHash"], False))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: PRPC Version", "/deployment=prpc_j2ee14_jboss61JBM.ear/", "content", runtimeProperties["prpcVersionHash"], False))
bAllMustPass = True
AllDatasources = getAllDataSources(servername, runtimeProperties["username"], runtimeProperties["password"])
if (AllDatasources) :
auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername, bAllMustPass)
for ds in AllDatasources:
auditObjectMolecule1.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "JDBC URL - Marketing - " + ds, "/subsystem=datasources/data-source=" + ds + "/", "connection-url", runtimeProperties["targetDSUrlMarketing"], bApplyRequiredChanges))
def auditServersBIXThread(environment, servers, propertiesDictionary, bApplyRequiredChanges) :
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
##############################################################
# Base server audit...
##############################################################
auditServersBasePega(environment, servers, runtimeProperties, bApplyRequiredChanges)
for servername in servers:
if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None:
return
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
bAllMustPass = True
AllDatasources = getAllDataSources(servername, runtimeProperties["username"], runtimeProperties["password"])
if (AllDatasources) :
auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername, bAllMustPass)
for ds in AllDatasources:
auditObjectMolecule1.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "JDBC URL - " + ds, "/subsystem=datasources/data-source=" + ds + "/", "connection-url", runtimeProperties["targetDSUrl"], bApplyRequiredChanges))
auditReport(environment, servername)
def auditServersBaseAudit(environment, servername, propertiesDict,
bApplyRequiredChanges):
# merge global propertiesDict into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDict)
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "Running", "/",
"server-state", runtimeProperties["targetRunState"],
False))
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "Custom Logger Exists",
"/subsystem=logging/custom-handler=FILESIZEDATE/",
"enabled",
runtimeProperties["targetAuditLoggingCustomHandler"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Custom Logger Level (ALL)",
"/subsystem=logging/custom-handler=FILESIZEDATE/",
"level", runtimeProperties["targetCustomLoggerLevel"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Root Logging level (ALL)",
"/subsystem=logging/root-logger=ROOT/", "level",
runtimeProperties["targetRootLoggerLevel"],
bApplyRequiredChanges))
##############################################################
# an auditObjectMolecule enables the user to group atoms together as one
##############################################################
oAuditObjectMolecule = auditObjectMolecule("Bind Addresses", servername,
True)
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "Bind Addr Management",
"/interface=management/", "inet-address",
runtimeProperties["targetManagementBindAddr"],
bApplyRequiredChanges))
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "Bind Addr Public",
"/interface=public/", "inet-address",
runtimeProperties["targetPublicBindAddr"],
bApplyRequiredChanges))
oAuditObjectMolecule2 = auditObjectMolecule(
"Security Hardening - Protocols-Suites", servername, True)
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "SSL Protocols",
"/subsystem=web/connector=https/configuration=ssl/",
"protocol", runtimeProperties["sslProtocols"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "Cipher Suite",
"/subsystem=web/connector=https/configuration=ssl/",
"cipher-suite", runtimeProperties["cipherSuite"],
bApplyRequiredChanges))
allDatasourcesResponseResultList = getAllDataSources(
servername, runtimeProperties["username"],
runtimeProperties["password"])
if (allDatasourcesResponseResultList):
oAuditObjectMolecule3 = auditObjectMolecule(
"Datasource (Non XA) Connection Perf Options", servername, True)
for datasource in allDatasourcesResponseResultList:
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": check-valid-connection-sql",
"/subsystem=datasources/data-source=" + datasource + "/",
"check-valid-connection-sql",
runtimeProperties["jdbcTargetCheckValidConnectionSql"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": validate-on-match",
"/subsystem=datasources/data-source=" + datasource + "/",
"validate-on-match",
runtimeProperties["jdbcValidateOnMatch"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": background-validation",
"/subsystem=datasources/data-source=" + datasource + "/",
"background-validation",
runtimeProperties["jdbcBackgroundValidation"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": use-fast-fail",
"/subsystem=datasources/data-source=" + datasource + "/",
"use-fast-fail", runtimeProperties["jdbcUseFastFail"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": exception-sorter-class-name",
"/subsystem=datasources/data-source=" + datasource + "/",
"exception-sorter-class-name",
runtimeProperties["jdbcExceptionSorterClassName"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": track-statements",
"/subsystem=datasources/data-source=" + datasource + "/",
"track-statements",
runtimeProperties["jdbcTrackStatements"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": valid-connection-checker-class-name",
"/subsystem=datasources/data-source=" + datasource + "/",
"valid-connection-checker-class-name",
runtimeProperties["jdbcValidConnectionCheckerClassName"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": flush-strategy",
"/subsystem=datasources/data-source=" + datasource + "/",
"flush-strategy", runtimeProperties["jdbcFlushStrategy"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": idle-timeout-minutes",
"/subsystem=datasources/data-source=" + datasource + "/",
"idle-timeout-minutes",
runtimeProperties["jdbcIdleTimeoutMinutes"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": blocking-timeout-wait-millis",
"/subsystem=datasources/data-source=" + datasource + "/",
"blocking-timeout-wait-millis",
runtimeProperties["jdbcBlockingTimeoutWaitMillis"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": pool-prefill",
"/subsystem=datasources/data-source=" + datasource + "/",
"pool-prefill", runtimeProperties["jdbcPoolPrefill"],
bApplyRequiredChanges))
allDatasourcesResponseResultListXa = getAllXaDataSources(
servername, runtimeProperties["username"],
runtimeProperties["password"])
if (allDatasourcesResponseResultListXa):
oAuditObjectMolecule4 = auditObjectMolecule(
"Datasource (XA) Connection Perf Options", servername, True)
for datasource in allDatasourcesResponseResultListXa:
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": check-valid-connection-sql",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "check-valid-connection-sql",
runtimeProperties["jdbcTargetCheckValidConnectionSql"],
bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": validate-on-match",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "validate-on-match",
runtimeProperties["jdbcValidateOnMatch"],
bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": background-validation",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "background-validation",
runtimeProperties["jdbcBackgroundValidation"],
bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": use-fast-fail",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "use-fast-fail", runtimeProperties["jdbcUseFastFail"],
bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": exception-sorter-class-name",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "exception-sorter-class-name",
runtimeProperties["jdbcExceptionSorterClassName"],
bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": track-statements",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "track-statements",
runtimeProperties["jdbcTrackStatements"],
bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": valid-connection-checker-class-name",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "valid-connection-checker-class-name",
runtimeProperties["jdbcValidConnectionCheckerClassName"],
bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": flush-strategy",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "flush-strategy",
runtimeProperties["jdbcFlushStrategy"],
bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": idle-timeout-minutes",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "idle-timeout-minutes",
runtimeProperties["jdbcIdleTimeoutMinutes"],
bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": blocking-timeout-wait-millis",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "blocking-timeout-wait-millis",
runtimeProperties["jdbcBlockingTimeoutWaitMillis"],
bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
datasource + ": pool-prefill",
"/subsystem=datasources/xa-data-source=" + datasource +
"/", "pool-prefill", runtimeProperties["jdbcPoolPrefill"],
bApplyRequiredChanges))
def auditServersBasePega(environment, servername, propertiesDictionary, bApplyRequiredChanges) :
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None:
return
##############################################################
# Base server audit...
##############################################################
auditServersBaseAudit(environment, servername, runtimeProperties, bApplyRequiredChanges)
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Messaging Provider (Hornet Q)", "/subsystem=ejb3/", "default-resource-adapter-name", runtimeProperties["targetMessagingProvider"], bApplyRequiredChanges))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ Max Delivery Attempts", "/subsystem=messaging/hornetq-server=default/address-setting=#/", "max-delivery-attempts", runtimeProperties["targetHornetMaxdeliveryAttempts"], bApplyRequiredChanges))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ ReDelivery Delay", "/subsystem=messaging/hornetq-server=default/address-setting=#/", "redelivery-delay", runtimeProperties["targetHornetQRedeliveryDelay"], bApplyRequiredChanges))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ Consumer Window Size", "/subsystem=messaging/hornetq-server=default/pooled-connection-factory=hornetq-ra/", "consumer-window-size", runtimeProperties["consumer-window-size"], bApplyRequiredChanges))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "uRandom RNG", "/core-service=platform-mbean/type=runtime", "input-arguments", runtimeProperties["uRandomRNG"], False))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Pega User Home - Outside Container Folders", "/core-service=platform-mbean/type=runtime", "input-arguments", "-Duser.home", False))
oAuditObjectMolecule = auditObjectMolecule("Bean Poola - Avaya VoIP (EJB) : " + str(runtimeProperties["targetEjbStrictMaxPool"]), servername, False)
oAuditObjectMolecule.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "EJB Pool maxsize: " + str(runtimeProperties["targetEjbStrictMaxPool"]), "/subsystem=ejb3/strict-max-bean-instance-pool=slsb-strict-max-pool/", "max-pool-size", runtimeProperties["targetEjbStrictMaxPool"], False))
oAuditObjectMolecule2 = auditObjectMolecule("Bean Pools - Avaya VoIP (MDB) : " + str(runtimeProperties["targetEjbStrictMaxPool"]), servername, False)
oAuditObjectMolecule2.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "MDB Pool maxsize: " + str(runtimeProperties["targetEjbStrictMaxPool"]), "/subsystem=ejb3/strict-max-bean-instance-pool=mdb-strict-max-pool/", "max-pool-size", runtimeProperties["targetEjbStrictMaxPool"], False))
oAuditObjectMolecule3 = auditObjectMolecule("Bean Pools - Avaya VoIP (Async / CTI) : ", servername, bApplyRequiredChanges)
oAuditObjectMolecule3.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Async Pool minsize: " + str(runtimeProperties["AsyncConnectionFactory-min-pool-size"]), "/subsystem=messaging/hornetq-server=default/pooled-connection-factory=AsyncConnectionFactory/", "min-pool-size", runtimeProperties["AsyncConnectionFactory-min-pool-size"], bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Async Pool maxsize: " + str(runtimeProperties["AsyncConnectionFactory-max-pool-size"]), "/subsystem=messaging/hornetq-server=default/pooled-connection-factory=AsyncConnectionFactory/", "max-pool-size", runtimeProperties["AsyncConnectionFactory-max-pool-size"], bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "CTI thread Pool maxsize: " + str(runtimeProperties["targetEjbStrictMaxPool"]), "/subsystem=threads/bounded-queue-thread-pool=ctiThreadPool/", "max-threads", runtimeProperties["ctiThreadPool-maxThreads"], bApplyRequiredChanges))
allDatasourcesResponseResultList = [
'StagingInbound',
'AdminPegaRULES',
'PegaRULES',
'adm7DataSource',
'ihDataSource',
'nbamDataSource',
'padDataSource',
'vbdDataSource',
]
if (allDatasourcesResponseResultList) :
oAuditObjectMolecule4 = auditObjectMolecule("Datasource (Pega Non XA) Connection Perf Options", servername, True)
for datasource in allDatasourcesResponseResultList :
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": check-valid-connection-sql", "/subsystem=datasources/data-source=" + datasource + "/", "check-valid-connection-sql", runtimeProperties["jdbcTargetCheckValidConnectionSql"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": validate-on-match", "/subsystem=datasources/data-source=" + datasource + "/", "validate-on-match", runtimeProperties["jdbcValidateOnMatch"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": background-validation", "/subsystem=datasources/data-source=" + datasource + "/", "background-validation", runtimeProperties["jdbcBackgroundValidation"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": use-fast-fail", "/subsystem=datasources/data-source=" + datasource + "/", "use-fast-fail", runtimeProperties["jdbcUseFastFail"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": exception-sorter-class-name", "/subsystem=datasources/data-source=" + datasource + "/", "exception-sorter-class-name", runtimeProperties["jdbcExceptionSorterClassName"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": track-statements", "/subsystem=datasources/data-source=" + datasource + "/", "track-statements", runtimeProperties["jdbcTrackStatements"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": valid-connection-checker-class-name", "/subsystem=datasources/data-source=" + datasource + "/", "valid-connection-checker-class-name", runtimeProperties["jdbcValidConnectionCheckerClassName"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": flush-strategy", "/subsystem=datasources/data-source=" + datasource + "/", "flush-strategy", runtimeProperties["jdbcFlushStrategy"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": idle-timeout-minutes", "/subsystem=datasources/data-source=" + datasource + "/", "idle-timeout-minutes", runtimeProperties["jdbcIdleTimeoutMinutes"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": blocking-timeout-wait-millis", "/subsystem=datasources/data-source=" + datasource + "/", "blocking-timeout-wait-millis", runtimeProperties["jdbcBlockingTimeoutWaitMillis"], bApplyRequiredChanges))
oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": pool-prefill", "/subsystem=datasources/data-source=" + datasource + "/", "pool-prefill", runtimeProperties["jdbcPoolPrefill"], bApplyRequiredChanges))
oAuditObjectMolecule5 = auditObjectMolecule("Security Hardening - Pega", servername, True)
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Disable Welcome Page", "/subsystem=web/virtual-server=default-host/", "enable-welcome-root", runtimeProperties["enable-welcome-root"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Remove Sample Web Alias", "/subsystem=web/virtual-server=default-host/", "alias", runtimeProperties["sampleWebAlias"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Custom Server Header", "/system-property=org.apache.coyote.http11.Http11Protocol.SERVER/", "value", runtimeProperties["customServerHeader"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - X Powered By - JSP", "/subsystem=web/configuration=jsp-configuration/", "x-powered-by", runtimeProperties["x-powered-by"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - X Powered By - Catalina Connector", "/system-property=org.apache.catalina.connector.X_POWERED_BY/", "value", runtimeProperties["x-powered-by"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Utf8Encoding - URI_ENCODING", "/system-property=org.apache.catalina.connector.URI_ENCODING/", "value", runtimeProperties["URI_ENCODING"], bApplyRequiredChanges))
oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Utf8Encoding - USE_BODY_ENCODING_FOR_QUERY_STRING", "/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING/", "value", runtimeProperties["USE_BODY_ENCODING_FOR_QUERY_STRING"], bApplyRequiredChanges))
def auditServersMdmThread(environment, servername, propertiesDict,
bApplyRequiredChanges):
# merge global propertiesDict into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalProperties.dictionary)
runtimeProperties.update(propertiesDict)
if connectSilent(servername, runtimeProperties["username"],
runtimeProperties["password"]) == None:
return
##############################################################
# Base server audit...
##############################################################
auditServersBaseAudit(environment, servername, runtimeProperties,
bApplyRequiredChanges)
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"], "JDBC URL - Siperian System DS",
"/subsystem=datasources/xa-data-source=jdbc/siperian-cmx_system-ds/xa-datasource-properties=URL/",
"value", runtimeProperties["targetDSUrl"], bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: Informatica Entity360View",
"/deployment=entity360view-ear.ear/", "enabled",
"true", False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: Informatica Mdm Platform",
"/deployment=informatica-mdm-platform-ear.ear/",
"enabled", "true", False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: Informatica Siperian Mrm",
"/deployment=siperian-mrm.ear/", "enabled", "true",
False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: Informatica Siperian Mrm Cleanse",
"/deployment=siperian-mrm-cleanse.ear/", "enabled",
"true", False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Transactions Default Timeout",
"/subsystem=transactions/", "default-timeout",
runtimeProperties["transactionsDefaultTimeout"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "HornetQ Security OFF",
"/subsystem=messaging/hornetq-server=default/",
"security-enabled",
runtimeProperties["hornetq-security-enabled"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"HornetQ Persistence ON",
"/subsystem=messaging/hornetq-server=default/",
"persistence-enabled",
runtimeProperties["hornetq-persistence-enabled"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Remoting-connector security-realm undefined",
"/subsystem=remoting/connector=remoting-connector/",
"security-realm",
runtimeProperties["remoting-security-realm"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "EJB Pool threads",
"/subsystem=ejb3/thread-pool=default/", "max-threads",
runtimeProperties["targetCmdEjbStrictMaxPool"],
bApplyRequiredChanges))
##############################################################
# an auditObjectMolecule enables the user to group atoms together as one
##############################################################
oAuditObjectMolecule = auditObjectMolecule(
"Siperian System Datasource Pool Sizes", servername, True)
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Siperian Datasource Pool Size (min)",
"/subsystem=datasources/xa-data-source=jdbc/siperian-cmx_system-ds/",
"min-pool-size", runtimeProperties["siperian-min-pool-size"],
bApplyRequiredChanges))
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Siperian Datasource Pool Sizes (max)",
"/subsystem=datasources/xa-data-source=jdbc/siperian-cmx_system-ds/",
"max-pool-size", runtimeProperties["siperian-max-pool-size"],
bApplyRequiredChanges))
oAuditObjectMolecule2 = auditObjectMolecule(
"Web Connections threads http(s)", servername, False)
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Web Connections threads (http)",
"/subsystem=web/connector=http/", "max-connections",
runtimeProperties["targetWebMaxConnections"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Web Connections threads (https)",
"/subsystem=web/connector=https/", "max-connections",
runtimeProperties["targetWebMaxConnections"],
bApplyRequiredChanges))
oAuditObjectMolecule3 = auditObjectMolecule("Security Hardening - MDM",
servername, True)
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - Disable Welcome Page",
"/subsystem=web/virtual-server=default-host/",
"enable-welcome-root",
runtimeProperties["enable-welcome-root"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - Remove Sample Web Alias",
"/subsystem=web/virtual-server=default-host/", "alias",
runtimeProperties["sampleWebAlias"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - Custom Server Header",
"/system-property=org.apache.coyote.http11.Http11Protocol.SERVER/",
"value", runtimeProperties["customServerHeader"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - X Powered By - JSP",
"/subsystem=web/configuration=jsp-configuration/",
"x-powered-by", runtimeProperties["x-powered-by"],
bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - X Powered By - Catalina Connector",
"/system-property=org.apache.catalina.connector.X_POWERED_BY/",
"value", runtimeProperties["x-powered-by"], bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - Utf8Encoding - URI_ENCODING",
"/system-property=org.apache.catalina.connector.URI_ENCODING/",
"value", runtimeProperties["URI_ENCODING"], bApplyRequiredChanges))
oAuditObjectMolecule3.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - Utf8Encoding - USE_BODY_ENCODING_FOR_QUERY_STRING",
"/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING/",
"value", runtimeProperties["USE_BODY_ENCODING_FOR_QUERY_STRING"],
bApplyRequiredChanges))
def auditServersMarketingDMZThread(environment, servername,
propertiesDictionary,
bApplyRequiredChanges):
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
if connectSilent(servername, runtimeProperties["username"],
runtimeProperties["password"]) == None:
return
##############################################################
# Base server audit...
##############################################################
auditServersBasePega(environment, servername, runtimeProperties,
bApplyRequiredChanges)
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
oAuditObjectMolecule = auditObjectMolecule("Bind Addresses", servername,
True)
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"], "Bind Addr Management",
"/interface=management/", "inet-address",
"${jboss.bind.address.management:" + servername + ".theaa.local}",
bApplyRequiredChanges))
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "Bind Addr Public",
"/interface=public/", "inet-address",
runtimeProperties["targetPublicBindAddr"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: prsysmgmt Version",
"/deployment=prsysmgmt_jboss.ear/", "content",
runtimeProperties["prsysmanageVersionHash"], False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "App: PRPC Version",
"/deployment=prpc_j2ee14_jboss61JBM.ear/", "content",
runtimeProperties["prpcVersionHashDMZ"], False))
oAuditObjectMolecule2 = auditObjectMolecule("Security Hardening DMZ",
servername, True)
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - substitution1",
"/subsystem=web/virtual-server=default-host/rewrite=rule-1",
"substitution", runtimeProperties["rewrite-prweb-substitution1"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - pattern1",
"/subsystem=web/virtual-server=default-host/rewrite=rule-1",
"pattern", runtimeProperties["rewrite-prweb-pattern1"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - flags1",
"/subsystem=web/virtual-server=default-host/rewrite=rule-1",
"flags", runtimeProperties["rewrite-prweb-flags1"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - substitution2",
"/subsystem=web/virtual-server=default-host/rewrite=rule-2",
"substitution", runtimeProperties["rewrite-prweb-substitution2"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - pattern2",
"/subsystem=web/virtual-server=default-host/rewrite=rule-2",
"pattern", runtimeProperties["rewrite-prweb-pattern2"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - flags2",
"/subsystem=web/virtual-server=default-host/rewrite=rule-2",
"flags", runtimeProperties["rewrite-prweb-flags2"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - substitution3",
"/subsystem=web/virtual-server=default-host/rewrite=rule-3",
"substitution", runtimeProperties["rewrite-prweb-substitution3"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - pattern3",
"/subsystem=web/virtual-server=default-host/rewrite=rule-3",
"pattern", runtimeProperties["rewrite-prweb-pattern3"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - flags3",
"/subsystem=web/virtual-server=default-host/rewrite=rule-3",
"flags", runtimeProperties["rewrite-prweb-flags3"],
bApplyRequiredChanges))
bAllMustPass = True
AllDatasources = getAllDataSources(servername,
runtimeProperties["username"],
runtimeProperties["password"])
if (AllDatasources):
auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername,
bAllMustPass)
for ds in AllDatasources:
auditObjectMolecule1.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"JDBC URL - Marketing DMZ - " + ds,
"/subsystem=datasources/data-source=" + ds + "/",
"connection-url",
runtimeProperties["targetDSUrlMarketing"],
bApplyRequiredChanges))
