def __get_num_updates(self):
self.package_updates = self.security_updates = 0
os_name = get_system_name()
if 'red hat' in os_name:
package_updates = execute_command('yum list updates | wc -l')
if 'ERROR' in package_updates:
self.package_updates = 0
else:
self.package_updates = package_updates
security_updates = execute_command('yum list security | wc -l')
if 'ERROR' in security_updates:
self.security_updates = 0
else:
self.security_updates = security_updates
else:
command = Popen(["/usr/lib/update-notifier/apt-check"],
stdout=PIPE,
stderr=PIPE)
out, err = command.communicate()
if err:
if isinstance(err, bytes):
err = err.decode('utf-8')
updates = err.split(';')
self.package_updates = updates[0]
self.security_updates = updates[1]
def get_header(user, company, security_lvl):
"""Generate html with ens result
Args:
user (str): username
company (str): company name
security_lvl: security level
Returns:
str: return html header
"""
system_name = execute_command('hostname')
html = """
<div style="width: 100%; display: table;">
<div style="font-size: 16px; width: 60%; border-bottom: 5px solid #4169E1; float:left;" >
<span><strong>Nombre del sistema:</strong> {0}</span><br>
<span><strong>Organización:</strong> {1}</span><br>
<span><strong>Usuario Solicitante:</strong> {2}</span><br>
<span><strong>Nivel de seguridad a comprobar:</strong> {3}</span><br>
<span><strong>Fecha del informe:</strong> {4}</span><br><br>
</div>
<div style="width: 40%; float:left; text-align: center;">
<img style="width: 80%; height: 120px;" src='statics/img/ens.jpg'></span>
</div>
</div>
<br>
""".format(system_name, company, user, security_lvl.capitalize(),
datetime.now().strftime("%Y/%m/%d %H:%M:%S"))
return html
def get_params(self):
command = 'systemctl list-units --type service'
response_splitted = execute_command(command).splitlines()
for line in response_splitted:
info = line.split()
if info and info[0].endswith('.service'):
self.list_services_to_show.append(
(info[0], ' '.join(info[4:])))
def _check_crypt_partitions(self):
partitions_crypted = None
exists_partitions_crypted = secure_encryption = swap_crypted = False
command = "ls /dev/mapper/ | grep crypt"
content = execute_command(command)
partitions_crypted = content.splitlines()
for partition in partitions_crypted:
if 'swap' in partition:
swap_crypted = True
exists_partitions_crypted = True
check_status_command = 'cryptsetup status %s' % partition
check_status_content = execute_command(check_status_command)
result_status = check_status_content.splitlines()
for info_config in result_status:
cipher = size = ''
info_config = info_config.strip()
if info_config.startswith('cipher'):
cipher = info_config[7:]
if info_config.startswith('keysize'):
size = info_config[8:]
if 'aes-xts' in cipher and '512' in size:
secure_encryption = True
else:
secure_encryption = False
description = 'Deben de existir unidades cifradas en el sistema'
self.entries_to_display.append([
'¿Existen unidades cifradas?',
'Sí' if exists_partitions_crypted else 'No',
'Correcto' if exists_partitions_crypted else 'Incorrecto',
description
])
if exists_partitions_crypted:
description = 'El método de cifrado de dichas unidades, debe de ser AES-XTS 512 bits'
self.entries_to_display.append([
'Método de cifrado de las unidades (AES-XTS 512 bits)',
'Sí' if secure_encryption else 'No',
'Correcto' if secure_encryption else 'Incorrecto', description
])
description = 'La partición SWAP debe de estar cifrada'
self.entries_to_display.append([
'¿SWAP cifrado?', 'Sí' if swap_crypted else 'No',
'Correcto' if swap_crypted else 'Incorrecto', description
])
def system_info(self):
system_info = {}
command = 'lsb_release -a'
command_response = execute_command(command).splitlines()
for line in command_response:
if ':' in line: # Avoid this message: No LSB modules are available.
param_splitted = line.split(':')
system_info[param_splitted[0]] = param_splitted[1]
return system_info
def get_params(self):
command = 'netstat -lntu'
response_splitted = execute_command(command).splitlines()
for line in response_splitted:
info = line.split()
if info and info[0][:3] in ['tcp', 'udp']:
ip = info[3][:info[3].rfind(':')]
port = info[3][info[3].rfind(':') + 1:]
self.list_connections.append((info[0], ip, port))
def memory_info(self):
command = "free"
memory_info = []
command_response = execute_command(command).splitlines()
for mem_info in command_response:
list_mem_info = mem_info.split()
if len(list_mem_info) != 7:
continue
memory_info.append(list_mem_info)
return memory_info
def hd_info(self):
hd_info = []
command = 'df -kh'
command_response = execute_command(command).splitlines()
for device in command_response:
params_hd = device.split()
if len(params_hd) != 6:
continue
hd_info.append(params_hd)
return hd_info
def _check_accounts_with_uid_to_0(self):
# Comprobar si existe más de una cuenta super usuario
counts_with_uid_to_0 = False
command = """awk -F: '($3 == "0") {print}' /etc/passwd"""
command_result = execute_command(command).splitlines()
if len(command_result) > 1:
counts_with_uid_to_0 = True
result = 'Correcto' if not counts_with_uid_to_0 else 'Incorrecto'
description = 'Solo debe de haber una cuenta con UID a 0, es decir, que sea superusuario, además del root'
self.entries_to_display.append([
'Usuarios de sistema con UID a 0',
'Sí' if counts_with_uid_to_0 else 'No', result, description
])
def _get_counts_without_password(self):
# Cuentas sin contraseña
counts_without_password = False
command = """awk -F: '($2 == "") {print}' /etc/shadow"""
command_result = execute_command(command)
if command_result:
counts_without_password = True
result = 'Correcto' if not counts_without_password else 'Incorrecto'
description = 'No debe de existir ninguna cuenta en el sistema sin contraseña'
self.entries_to_display.append([
'Cuentas sin contraseña',
'Sí' if counts_without_password else 'No', result, description
])
def _get_log_properties(self):
self.log_properties = dict()
if self.logs:
for log_name in self.logs:
command = 'ls -l {0}'.format(default_logs[log_name])
response_command = execute_command(command)
response_command = response_command.splitlines()
for line in response_command:
if log_name in line:
props = " ".join(line.split())
all_props = self.log_properties.get(log_name, [])
all_props.append(props)
self.log_properties[log_name] = all_props
return self.log_properties
def network_info(self):
interfaces = {}
command = 'ifconfig'
command_response = execute_command(command).split('\n\n')
for network_interface in command_response:
if not network_interface:
continue
network_params = {}
network_interface = network_interface.replace('\n', '')
interface = network_interface.split(':')
interface_name = interface[0]
data_config = ':'.join(interface[1:]).split()
fields_to_get = ['inet', 'broadcast', 'inet6', 'ether', 'netmask']
for field in fields_to_get:
if field in data_config:
pos_field = data_config.index(field)
network_params[field] = data_config[pos_field + 1]
interfaces[interface_name] = network_params
return interfaces
def kernel_version(self):
command = 'uname -r'
return execute_command(command)
