def do_check(self, configuration_file):
		option         = None
		version_number = self.db.server_info()['versionArray']
		
		if version_number[0] <= 2 and version_number[1] < 6:
			option = 'noscripting'
			value = helper.get_config_value(configuration_file, option)
			
			if None == value:
				self.result['level']  = 'RED'
				self.result['output'] = '%s is (not found) not enabled.' % (option)
			elif 'true' != value.lower():
				self.result['level']  = 'GREEN'
				self.result['output'] = '%s is (%s) enabled.' % (option, value)
			else: 
				self.result['level']  = 'RED'
				self.result['output'] = '%s is (%s) not enabled.' % (option, value)
			
		else:
			option = 'security.javascriptEnabled'
			value = helper.get_yaml_config_value(configuration_file, option)
			
			if None == value:
				self.result['level']  = 'RED'
				self.result['output'] = '%s is (not found) enabled.' % (option)
			elif False == value:
				self.result['level']  = 'GREEN'
				self.result['output'] = '%s is (%s) not enabled.' % (option, value)
			else: 
				self.result['level']  = 'RED'
				self.result['output'] = '%s is (%s) enabled.' % (option, value)

		return self.result
	def do_check(self, configuration_file):
		option         = None
		version_number = self.db.server_info()['versionArray']

		if version_number[0] <= 2 and version_number[1] < 6:
			try:
				option = 'bind_ip'
				value  = helper.get_config_value(configuration_file, 'bind_ip')

				self.result['level']  = 'GREEN'
				self.result['output'] = 'Bind IP is (%s) enabled.' % (value)

			except ConfigParser.NoOptionError as e:
				self.result['level']  = 'YELLOW'
				self.result['output'] = 'Bind IP setting not found.'
		else:
			option = 'net.bindIp'
			value  = helper.get_yaml_config_value(configuration_file, option)
			
			if None != value:
				self.result['level']  = 'GREEN'
				self.result['output'] = 'Bind IP is (%s) enabled.' % (value)
			else:
				self.result['level']  = 'YELLOW'
				self.result['output'] = 'Bind IP setting not found.'

		return self.result
Exemple #3
0
    def do_check(self, configuration_file):
        option         = None
        version_number = self.db.server_info()['versionArray']

        if version_number[0] <= 2 and version_number[1] < 6:
            option = 'rest'
            value  = helper.get_config_value(configuration_file, option)

            if None == value:
                self.result['level']  = 'YELLOW'
                self.result['output'] = '%s setting not found.' % (option)
            elif 'false' == value.lower():
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s interface is (%s) enabled.' % (option, value)
            else:
                self.result['level']  = 'RED'
                self.result['output'] = '%s interface is (%s) not enabled.' % (option, value)
        else:
            option = 'net.http.RESTInterfaceEnabled'
            value  = helper.get_yaml_config_value(configuration_file, option)

            if None == value:
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s is (not found, default is False) not enabled.' % (option)
            elif False == value:
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option, value)
            else:
                self.result['level']  = 'RED'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        return self.result
    def do_check(self, configuration_file):
        option = None
        version_number = self.db.server_info()['versionArray']

        if version_number[0] <= 2 and version_number[1] < 6:
            try:
                option = 'bind_ip'
                value = helper.get_config_value(configuration_file, 'bind_ip')

                self.result['level'] = 'GREEN'
                self.result['output'] = 'Bind IP is (%s) enabled.' % (value)

            except ConfigParser.NoOptionError as e:
                self.result['level'] = 'YELLOW'
                self.result['output'] = 'Bind IP setting not found.'
        else:
            option = 'net.bindIp'
            value = helper.get_yaml_config_value(configuration_file, option)

            if None != value:
                self.result['level'] = 'GREEN'
                self.result['output'] = 'Bind IP is (%s) enabled.' % (value)
            else:
                self.result['level'] = 'YELLOW'
                self.result['output'] = 'Bind IP setting not found.'

        return self.result
Exemple #5
0
    def do_check(self, configuration_file):
        option         = None
        version_number = self.db.server_info()['versionArray']

        if version_number[0] <= 2 and version_number[1] < 6:
            option = 'keyFile'
            value  = helper.get_config_value(configuration_file, option)

            if None == value:
                self.result['level']  = 'YELLOW'
                self.result['output'] = 'keyFile setting not found.'
            elif '' != value.lower():
                self.result['level']  = 'GREEN'
                self.result['output'] = 'keyFile is (%s) enabled.' % (value)
            else:
                self.result['level']  = 'YELLOW'
                self.result['output'] = 'keyFile is (%s) not enabled.' % (value)
        else:
            option = 'security.keyFile'
            value  = helper.get_yaml_config_value(configuration_file, option)

            if None == value:
                self.result['level']  = 'YELLOW'
                self.result['output'] = '%s is (not found) not enabled.' % (option)
            elif '' == str(value):
                self.result['level']  = 'YELLOW'
                self.result['output'] = '%s is (%s) not enabled.' % (option, value)
            else:
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        return self.result
	def do_check(self, configuration_file):
		option         = None
		version_number = self.db.server_info()['versionArray']
		
		if version_number[0] <= 2 and version_number[1] < 6:
			option = 'rest'
			value  = helper.get_config_value(configuration_file, option)

			if None == value:
				self.result['level']  = 'YELLOW'
				self.result['output'] = '%s setting not found.' % (option)
			elif 'false' == value.lower():
				self.result['level']  = 'GREEN'
				self.result['output'] = '%s interface is (%s) enabled.' % (option, value)
			else: 
				self.result['level']  = 'RED'
				self.result['output'] = '%s interface is (%s) not enabled.' % (option, value)
		else:
			option = 'net.http.RESTInterfaceEnabled'
			value  = helper.get_yaml_config_value(configuration_file, option)
			
			if None == value:
				self.result['level']  = 'GREEN'
				self.result['output'] = '%s is (not found, default is False) not enabled.' % (option)
			elif False == value:
				self.result['level']  = 'GREEN'
				self.result['output'] = '%s is (%s) not enabled.' % (option, value)
			else: 
				self.result['level']  = 'RED'
				self.result['output'] = '%s is (%s) enabled.' % (option, value)
		
		return self.result
    def do_check(self, configuration_file):
        option = None
        version_number = self.db.server_info()['version']

        if LooseVersion(version_number) >= LooseVersion("2.6"):
            option = 'systemLog.quiet'
            value = helper.get_yaml_config_value(configuration_file, option)

            if None == value:
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s not found, not enabled.' % (option)
            elif False == value:
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option,
                                                                     value)
            else:
                self.result['level'] = 'YELLOW'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        else:
            self.result['level'] = 'GRAY'
            self.result[
                'output'] = 'This check does not apply to MongoDB versions below 2.6.'

        return self.result
    def do_check(self, configuration_file):
        option = None
        version_number = self.db.server_info()["versionArray"]

        if version_number[0] <= 2 and version_number[1] < 6:
            try:
                option = "bind_ip"
                value = helper.get_config_value(configuration_file, "bind_ip")

                self.result["level"] = "GREEN"
                self.result["output"] = "Bind IP is (%s) enabled." % (value)

            except ConfigParser.NoOptionError as e:
                self.result["level"] = "YELLOW"
                self.result["output"] = "Bind IP setting not found."
        else:
            option = "net.bindIp"
            value = helper.get_yaml_config_value(configuration_file, option)

            if None != value:
                self.result["level"] = "GREEN"
                self.result["output"] = "Bind IP is (%s) enabled." % (value)
            else:
                self.result["level"] = "YELLOW"
                self.result["output"] = "Bind IP setting not found."

        return self.result
	def do_check(self, configuration_file):
		option         = None
		version_number = self.db.server_info()['versionArray']
		
		if version_number[0] <= 2 and version_number[1] < 6:
			option              = 'sslPEMKeyFile'
			value               = helper.get_config_value(configuration_file, option)
			ssl_on_normal_ports = False
			
			if version_number[0] >= 2 and version_number[1] >= 2:
				try:
					dcurs  = self.db['admin']
					result = dcurs.command('getCmdLineOpts')
					
					if '--sslOnNormalPorts' in result['argv']:
						ssl_on_normal_ports = True
							
				except Exception as e:
					# this will actually be a silent exception values below will be overwritten
					# the exception is here so execution doesn't break if something goes wrong
					result['level']  = 'ORANGE'
					result['output'] = 'Error: %s' % (e)

			if None == value:
				self.result['level']  = 'RED'
				self.result['output'] = '%s is not set, SSL is not enabled.' % (option)
				
				if ssl_on_normal_ports:
					self.result['level']  = 'GREEN'
					self.result['output'] = 'Command line option --sslOnNormalPorts set, SSL is enabled.'
					
			elif '' != value:
				self.result['level']  = 'GREEN'
				self.result['output'] = 'SSL is (%s: %s) enabled.' % (option, value)
			else: 
				self.result['level']  = 'RED'
				self.result['output'] = 'SSL is (%s: %s) not enabled.' % (option, value)

		else:
			option = 'net.ssl.mode'
			value  = helper.get_yaml_config_value(configuration_file, option)
			
			if None == value:
				self.result['level']  = 'RED'
				self.result['output'] = 'SSL is (%s not found) not enabled.' % (option)
			elif 'requireSSL' == value:
				self.result['level']  = 'GREEN'
				self.result['output'] = 'SSL is (%s: %s) is required.' % (option, value)
			elif 'preferSSL' == value:
				self.result['level']  = 'YELLOW'
				self.result['output'] = 'SSL is (%s: %s) is prefered, but not required.' % (option, value)
			elif 'allowSSL' == value:
				self.result['level']  = 'YELLOW'
				self.result['output'] = 'SSL is (%s: %s) is allowed, but not required.' % (option, value)
			else: 
				self.result['level']  = 'RED'
				self.result['output'] = 'SSL is (%s: %s) not enabled.' % (option, value)

		return self.result
Exemple #10
0
    def do_check(self, configuration_file):
        option = None
        version_number = self.db.server_info()['versionArray']

        if version_number[0] <= 2 and version_number[1] < 6:
            option = 'enableLocalhostAuthBypass'

            # setParameter can't be retrived using helper.get_config_value(), so do this...
            with open(configuration_file, 'r') as config:
                for line in config:
                    values = line.split('=')
                    if 'setParameter' == values[0].strip():
                        if option == values[1].strip():
                            value = values[2].strip()

            if None == value:
                self.result['level'] = 'RED'
                self.result['output'] = '%s is (not found) not enabled.' % (
                    option)
            elif 'false' == value.lower():
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option,
                                                                     value)
            else:
                self.result['level'] = 'RED'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        else:
            option = 'setParameter.enableLocalhostAuthBypass'
            value = helper.get_yaml_config_value(configuration_file, option)

            if None == value:
                self.result['level'] = 'RED'
                self.result['output'] = '%s is (not found) enabled.' % (option)
            elif False == value:
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option,
                                                                     value)
            else:
                self.result['level'] = 'RED'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        return self.result
Exemple #11
0
    def do_check(self, configuration_file):
        option = None
        version_number = self.db.server_info()['versionArray']

        if version_number[0] <= 2 and version_number[1] < 6:
            option = '--sslWeakCertificateValidation'
            weak_cert_validation = False

            try:
                dcurs = self.db['admin']
                result = dcurs.command('getCmdLineOpts')

                if option in result['argv']:
                    weak_cert_validation = True

            except Exception as e:
                result['level'] = 'ORANGE'
                result['output'] = 'Error: %s' % (e)

            if weak_cert_validation:
                self.result['level'] = 'RED'
                self.result['output'] = '%s is enabled.' % (option)
            else:
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s is not enabled.' % (option)

        else:
            option = 'net.ssl.weakCertificateValidation'
            value = helper.get_yaml_config_value(configuration_file, option)

            if None == value:
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s not found, not enabled.' % (option)
            elif False == value:
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option,
                                                                     value)
            else:
                self.result['level'] = 'RED'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        return self.result
    def do_check(self, configuration_file):
        option         = None
        version_number = self.db.server_info()['versionArray']

        if version_number[0] <= 2 and version_number[1] < 6:
            option               = '--sslWeakCertificateValidation'
            weak_cert_validation = False

            try:
                dcurs  = self.db['admin']
                result = dcurs.command('getCmdLineOpts')

                if option in result['argv']:
                    weak_cert_validation = True

            except Exception as e:
                result['level']  = 'ORANGE'
                result['output'] = 'Error: %s' % (e)

            if weak_cert_validation:
                self.result['level']  = 'RED'
                self.result['output'] = '%s is enabled.' % (option)
            else:
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s is not enabled.' % (option)

        else:
            option = 'net.ssl.weakCertificateValidation'
            value  = helper.get_yaml_config_value(configuration_file, option)

            if None == value:
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s not found, not enabled.' % (option)
            elif False == value:
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option, value)
            else:
                self.result['level']  = 'RED'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        return self.result
    def do_check(self, configuration_file):
        option = None
        version_number = self.db.server_info()["versionArray"]

        if version_number[0] <= 2 and version_number[1] < 6:
            option = "--sslFIPSMode"
            fips_mode = False

            try:
                dcurs = self.db["admin"]
                result = dcurs.command("getCmdLineOpts")

                if option in result["argv"]:
                    fips_mode = True

            except Exception as e:
                result["level"] = "ORANGE"
                result["output"] = "Error: %s" % (e)

            if fips_mode:
                self.result["level"] = "GREEN"
                self.result["output"] = "%s is enabled." % (option)
            else:
                self.result["level"] = "YELLOW"
                self.result["output"] = "%s is not enabled." % (option)

        else:
            option = "net.ssl.FIPSMode"
            value = helper.get_yaml_config_value(configuration_file, option)

            if None == value:
                self.result["level"] = "YELLOW"
                self.result["output"] = "%s not found, not enabled." % (option)
            elif False == value:
                self.result["level"] = "YELLOW"
                self.result["output"] = "%s is (%s) not enabled." % (option, value)
            else:
                self.result["level"] = "GREEN"
                self.result["output"] = "%s is (%s) enabled." % (option, value)

        return self.result
    def do_check(self, configuration_file):
        option         = None
        version_number = self.db.server_info()['versionArray']
        
        if version_number[0] <= 2 and version_number[1] < 6:
            option = 'enableLocalhostAuthBypass'
            
            # setParameter can't be retrived using helper.get_config_value(), so do this...
            with open(configuration_file, 'r') as config:
                for line in config:
                    values = line.split('=')
                    if 'setParameter' == values[0].strip():
                        if option == values[1].strip():
                            value = values[2].strip()

            if None == value:
                self.result['level']  = 'RED'
                self.result['output'] = '%s is (not found) not enabled.' % (option)
            elif 'false' == value.lower():
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option, value)
            else: 
                self.result['level']  = 'RED'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)
            
        else:
            option = 'setParameter.enableLocalhostAuthBypass'
            value  = helper.get_yaml_config_value(configuration_file, option)
            
            if None == value:
                self.result['level']  = 'RED'
                self.result['output'] = '%s is (not found) enabled.' % (option)
            elif False == value:
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option, value)
            else: 
                self.result['level']  = 'RED'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        return self.result
    def do_check(self, configuration_file):
        option         = None
        version_number = self.db.server_info()['version']
        
        if LooseVersion(version_number) >= LooseVersion("2.6.4"):
            option = 'net.ssl.allowInvalidCertificates'
            value  = helper.get_yaml_config_value(configuration_file, option)

            if None == value:
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s not found, not enabled.' % (option)
            elif False == value:
                self.result['level']  = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option, value)
            else:
                self.result['level']  = 'RED'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        else:
            self.result['level']  = 'GRAY'
            self.result['output'] = 'This check does not apply to MongoDB versions below 2.6.4.'

        return self.result
    def do_check(self, configuration_file):
        option = None
        version_number = self.db.server_info()['versionArray']

        if version_number[0] <= 2 and version_number[1] < 6:
            option = 'jsonp'
            value = helper.get_config_value(configuration_file, option)

            if None == value:
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s is (not found) not enabled.' % (
                    option)
            elif 'false' == value.lower():
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option,
                                                                     value)
            else:
                self.result['level'] = 'RED'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        else:
            option = 'net.http.JSONPEnabled'
            value = helper.get_yaml_config_value(configuration_file, option)

            if None == value:
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s is (not found) not enabled.' % (
                    option)
            elif False == value:
                self.result['level'] = 'GREEN'
                self.result['output'] = '%s is (%s) not enabled.' % (option,
                                                                     value)
            else:
                self.result['level'] = 'RED'
                self.result['output'] = '%s is (%s) enabled.' % (option, value)

        return self.result
    def do_check(self, configuration_file):
        option = None
        version_number = self.db.server_info()['versionArray']

        if version_number[0] <= 2 and version_number[1] < 6:
            option = 'sslPEMKeyFile'
            value = helper.get_config_value(configuration_file, option)
            ssl_on_normal_ports = False

            if version_number[0] >= 2 and version_number[1] >= 2:
                try:
                    dcurs = self.db['admin']
                    result = dcurs.command('getCmdLineOpts')

                    if '--sslOnNormalPorts' in result['argv']:
                        ssl_on_normal_ports = True

                except Exception as e:
                    # this will actually be a silent exception values below will be overwritten
                    # the exception is here so execution doesn't break if something goes wrong
                    result['level'] = 'ORANGE'
                    result['output'] = 'Error: %s' % (e)

            if None == value:
                self.result['level'] = 'RED'
                self.result[
                    'output'] = '%s is not set, SSL is not enabled.' % (option)

                if ssl_on_normal_ports:
                    self.result['level'] = 'GREEN'
                    self.result[
                        'output'] = 'Command line option --sslOnNormalPorts set, SSL is enabled.'

            elif '' != value:
                self.result['level'] = 'GREEN'
                self.result['output'] = 'SSL is (%s: %s) enabled.' % (option,
                                                                      value)
            else:
                self.result['level'] = 'RED'
                self.result['output'] = 'SSL is (%s: %s) not enabled.' % (
                    option, value)

        else:
            option = 'net.ssl.mode'
            value = helper.get_yaml_config_value(configuration_file, option)

            if None == value:
                self.result['level'] = 'RED'
                self.result[
                    'output'] = 'SSL is (%s not found) not enabled.' % (option)
            elif 'requireSSL' == value:
                self.result['level'] = 'GREEN'
                self.result['output'] = 'SSL is (%s: %s) is required.' % (
                    option, value)
            elif 'preferSSL' == value:
                self.result['level'] = 'YELLOW'
                self.result[
                    'output'] = 'SSL is (%s: %s) is prefered, but not required.' % (
                        option, value)
            elif 'allowSSL' == value:
                self.result['level'] = 'YELLOW'
                self.result[
                    'output'] = 'SSL is (%s: %s) is allowed, but not required.' % (
                        option, value)
            else:
                self.result['level'] = 'RED'
                self.result['output'] = 'SSL is (%s: %s) not enabled.' % (
                    option, value)

        return self.result