def __get_num_updates(self): self.package_updates = self.security_updates = 0 os_name = get_system_name() if 'red hat' in os_name: package_updates = execute_command('yum list updates | wc -l') if 'ERROR' in package_updates: self.package_updates = 0 else: self.package_updates = package_updates security_updates = execute_command('yum list security | wc -l') if 'ERROR' in security_updates: self.security_updates = 0 else: self.security_updates = security_updates else: command = Popen(["/usr/lib/update-notifier/apt-check"], stdout=PIPE, stderr=PIPE) out, err = command.communicate() if err: if isinstance(err, bytes): err = err.decode('utf-8') updates = err.split(';') self.package_updates = updates[0] self.security_updates = updates[1]
def get_header(user, company, security_lvl): """Generate html with ens result Args: user (str): username company (str): company name security_lvl: security level Returns: str: return html header """ system_name = execute_command('hostname') html = """ <div style="width: 100%; display: table;"> <div style="font-size: 16px; width: 60%; border-bottom: 5px solid #4169E1; float:left;" > <span><strong>Nombre del sistema:</strong> {0}</span><br> <span><strong>Organización:</strong> {1}</span><br> <span><strong>Usuario Solicitante:</strong> {2}</span><br> <span><strong>Nivel de seguridad a comprobar:</strong> {3}</span><br> <span><strong>Fecha del informe:</strong> {4}</span><br><br> </div> <div style="width: 40%; float:left; text-align: center;"> <img style="width: 80%; height: 120px;" src='statics/img/ens.jpg'></span> </div> </div> <br> """.format(system_name, company, user, security_lvl.capitalize(), datetime.now().strftime("%Y/%m/%d %H:%M:%S")) return html
def get_params(self): command = 'systemctl list-units --type service' response_splitted = execute_command(command).splitlines() for line in response_splitted: info = line.split() if info and info[0].endswith('.service'): self.list_services_to_show.append( (info[0], ' '.join(info[4:])))
def _check_crypt_partitions(self): partitions_crypted = None exists_partitions_crypted = secure_encryption = swap_crypted = False command = "ls /dev/mapper/ | grep crypt" content = execute_command(command) partitions_crypted = content.splitlines() for partition in partitions_crypted: if 'swap' in partition: swap_crypted = True exists_partitions_crypted = True check_status_command = 'cryptsetup status %s' % partition check_status_content = execute_command(check_status_command) result_status = check_status_content.splitlines() for info_config in result_status: cipher = size = '' info_config = info_config.strip() if info_config.startswith('cipher'): cipher = info_config[7:] if info_config.startswith('keysize'): size = info_config[8:] if 'aes-xts' in cipher and '512' in size: secure_encryption = True else: secure_encryption = False description = 'Deben de existir unidades cifradas en el sistema' self.entries_to_display.append([ '¿Existen unidades cifradas?', 'Sí' if exists_partitions_crypted else 'No', 'Correcto' if exists_partitions_crypted else 'Incorrecto', description ]) if exists_partitions_crypted: description = 'El método de cifrado de dichas unidades, debe de ser AES-XTS 512 bits' self.entries_to_display.append([ 'Método de cifrado de las unidades (AES-XTS 512 bits)', 'Sí' if secure_encryption else 'No', 'Correcto' if secure_encryption else 'Incorrecto', description ]) description = 'La partición SWAP debe de estar cifrada' self.entries_to_display.append([ '¿SWAP cifrado?', 'Sí' if swap_crypted else 'No', 'Correcto' if swap_crypted else 'Incorrecto', description ])
def system_info(self): system_info = {} command = 'lsb_release -a' command_response = execute_command(command).splitlines() for line in command_response: if ':' in line: # Avoid this message: No LSB modules are available. param_splitted = line.split(':') system_info[param_splitted[0]] = param_splitted[1] return system_info
def get_params(self): command = 'netstat -lntu' response_splitted = execute_command(command).splitlines() for line in response_splitted: info = line.split() if info and info[0][:3] in ['tcp', 'udp']: ip = info[3][:info[3].rfind(':')] port = info[3][info[3].rfind(':') + 1:] self.list_connections.append((info[0], ip, port))
def memory_info(self): command = "free" memory_info = [] command_response = execute_command(command).splitlines() for mem_info in command_response: list_mem_info = mem_info.split() if len(list_mem_info) != 7: continue memory_info.append(list_mem_info) return memory_info
def hd_info(self): hd_info = [] command = 'df -kh' command_response = execute_command(command).splitlines() for device in command_response: params_hd = device.split() if len(params_hd) != 6: continue hd_info.append(params_hd) return hd_info
def _check_accounts_with_uid_to_0(self): # Comprobar si existe más de una cuenta super usuario counts_with_uid_to_0 = False command = """awk -F: '($3 == "0") {print}' /etc/passwd""" command_result = execute_command(command).splitlines() if len(command_result) > 1: counts_with_uid_to_0 = True result = 'Correcto' if not counts_with_uid_to_0 else 'Incorrecto' description = 'Solo debe de haber una cuenta con UID a 0, es decir, que sea superusuario, además del root' self.entries_to_display.append([ 'Usuarios de sistema con UID a 0', 'Sí' if counts_with_uid_to_0 else 'No', result, description ])
def _get_counts_without_password(self): # Cuentas sin contraseña counts_without_password = False command = """awk -F: '($2 == "") {print}' /etc/shadow""" command_result = execute_command(command) if command_result: counts_without_password = True result = 'Correcto' if not counts_without_password else 'Incorrecto' description = 'No debe de existir ninguna cuenta en el sistema sin contraseña' self.entries_to_display.append([ 'Cuentas sin contraseña', 'Sí' if counts_without_password else 'No', result, description ])
def _get_log_properties(self): self.log_properties = dict() if self.logs: for log_name in self.logs: command = 'ls -l {0}'.format(default_logs[log_name]) response_command = execute_command(command) response_command = response_command.splitlines() for line in response_command: if log_name in line: props = " ".join(line.split()) all_props = self.log_properties.get(log_name, []) all_props.append(props) self.log_properties[log_name] = all_props return self.log_properties
def network_info(self): interfaces = {} command = 'ifconfig' command_response = execute_command(command).split('\n\n') for network_interface in command_response: if not network_interface: continue network_params = {} network_interface = network_interface.replace('\n', '') interface = network_interface.split(':') interface_name = interface[0] data_config = ':'.join(interface[1:]).split() fields_to_get = ['inet', 'broadcast', 'inet6', 'ether', 'netmask'] for field in fields_to_get: if field in data_config: pos_field = data_config.index(field) network_params[field] = data_config[pos_field + 1] interfaces[interface_name] = network_params return interfaces
def kernel_version(self): command = 'uname -r' return execute_command(command)