def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'auth' value = helper.get_config_value(configuration_file, option) if None == value: self.result['level'] = 'YELLOW' self.result[ 'output'] = 'MongoDB Authentication setting not found.' elif 'true' == value.lower(): self.result['level'] = 'GREEN' self.result[ 'output'] = 'MongoDB Authentication is (%s) enabled.' % ( value) else: self.result['level'] = 'RED' self.result[ 'output'] = 'MongoDB Authentication is (%s) not enabled.' % ( value) else: self.result['level'] = 'GRAY' self.result[ 'output'] = 'This check does not apply to MongoDB versions 2.6 and above.' return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'rest' value = helper.get_config_value(configuration_file, option) if None == value: self.result['level'] = 'YELLOW' self.result['output'] = '%s setting not found.' % (option) elif 'false' == value.lower(): self.result['level'] = 'GREEN' self.result['output'] = '%s interface is (%s) enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s interface is (%s) not enabled.' % (option, value) else: option = 'net.http.RESTInterfaceEnabled' value = helper.get_yaml_config_value(configuration_file, option) if None == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (not found, default is False) not enabled.' % (option) elif False == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) enabled.' % (option, value) return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()["versionArray"] if version_number[0] <= 2 and version_number[1] < 6: try: option = "bind_ip" value = helper.get_config_value(configuration_file, "bind_ip") self.result["level"] = "GREEN" self.result["output"] = "Bind IP is (%s) enabled." % (value) except ConfigParser.NoOptionError as e: self.result["level"] = "YELLOW" self.result["output"] = "Bind IP setting not found." else: option = "net.bindIp" value = helper.get_yaml_config_value(configuration_file, option) if None != value: self.result["level"] = "GREEN" self.result["output"] = "Bind IP is (%s) enabled." % (value) else: self.result["level"] = "YELLOW" self.result["output"] = "Bind IP setting not found." return self.result
def do_check(self, configuration_file): output = '' pg_hba_file_path = None self.result['level'] = 'GREEN' pg_hba_file_path = helper.get_config_value(configuration_file, 'hba_file') try: if os.path.isfile(str(pg_hba_file_path)): with open(str(pg_hba_file_path), 'r') as config: for line in config: if not line.startswith('#'): if '' != line.strip(): values = line.strip().split() if 'host' == values[0]: if not values[2].startswith('.'): self.result['level'] = 'RED' output += values[2] + '\n' self.result['output'] = output except IOError as e: self.result['level'] = 'ORANGE' self.result['output'] = 'DbDat could not read configuration file. You may need to run DbDat using sudo.' return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'noscripting' value = helper.get_config_value(configuration_file, option) if None == value: self.result['level'] = 'RED' self.result['output'] = '%s is (not found) not enabled.' % (option) elif 'true' != value.lower(): self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: option = 'security.javascriptEnabled' value = helper.get_yaml_config_value(configuration_file, option) if None == value: self.result['level'] = 'RED' self.result['output'] = '%s is (not found) enabled.' % (option) elif False == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) enabled.' % (option, value) return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: try: option = 'bind_ip' value = helper.get_config_value(configuration_file, 'bind_ip') self.result['level'] = 'GREEN' self.result['output'] = 'Bind IP is (%s) enabled.' % (value) except configparser.NoOptionError as e: self.result['level'] = 'YELLOW' self.result['output'] = 'Bind IP setting not found.' else: option = 'net.bindIp' value = get_yaml_config_value(configuration_file, option) if None != value: self.result['level'] = 'GREEN' self.result['output'] = 'Bind IP is (%s) enabled.' % (value) else: self.result['level'] = 'YELLOW' self.result['output'] = 'Bind IP setting not found.' return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()["versionArray"] if version_number[0] <= 2 and version_number[1] < 6: option = "noauth" value = helper.get_config_value(configuration_file, option) if None == value: self.result["level"] = "YELLOW" self.result[ "output" ] = '%s setting not found. The default value is "true", ensure the "auth" option is enabled.' % (option) elif "true" == value.lower(): self.result["level"] = "RED" self.result["output"] = "%s is (%s) enabled." % (option, value) else: self.result["level"] = "GREEN" self.result["output"] = "%s is (%s) not enabled." % (option, value) else: self.result["level"] = "GRAY" self.result["output"] = "This check does not apply to MongoDB versions 2.6 and above." return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'keyFile' value = helper.get_config_value(configuration_file, option) if None == value: self.result['level'] = 'YELLOW' self.result['output'] = 'keyFile setting not found.' elif '' != value.lower(): self.result['level'] = 'GREEN' self.result['output'] = 'keyFile is (%s) enabled.' % (value) else: self.result['level'] = 'YELLOW' self.result['output'] = 'keyFile is (%s) not enabled.' % (value) else: option = 'security.keyFile' value = helper.get_yaml_config_value(configuration_file, option) if None == value: self.result['level'] = 'YELLOW' self.result['output'] = '%s is (not found) not enabled.' % (option) elif '' == str(value): self.result['level'] = 'YELLOW' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) enabled.' % (option, value) return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: try: option = 'bind_ip' value = helper.get_config_value(configuration_file, 'bind_ip') self.result['level'] = 'GREEN' self.result['output'] = 'Bind IP is (%s) enabled.' % (value) except ConfigParser.NoOptionError as e: self.result['level'] = 'YELLOW' self.result['output'] = 'Bind IP setting not found.' else: option = 'net.bindIp' value = helper.get_yaml_config_value(configuration_file, option) if None != value: self.result['level'] = 'GREEN' self.result['output'] = 'Bind IP is (%s) enabled.' % (value) else: self.result['level'] = 'YELLOW' self.result['output'] = 'Bind IP setting not found.' return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'sslPEMKeyFile' value = helper.get_config_value(configuration_file, option) ssl_on_normal_ports = False if version_number[0] >= 2 and version_number[1] >= 2: try: dcurs = self.db['admin'] result = dcurs.command('getCmdLineOpts') if '--sslOnNormalPorts' in result['argv']: ssl_on_normal_ports = True except Exception as e: # this will actually be a silent exception values below will be overwritten # the exception is here so execution doesn't break if something goes wrong result['level'] = 'ORANGE' result['output'] = 'Error: %s' % (e) if None == value: self.result['level'] = 'RED' self.result['output'] = '%s is not set, SSL is not enabled.' % (option) if ssl_on_normal_ports: self.result['level'] = 'GREEN' self.result['output'] = 'Command line option --sslOnNormalPorts set, SSL is enabled.' elif '' != value: self.result['level'] = 'GREEN' self.result['output'] = 'SSL is (%s: %s) enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = 'SSL is (%s: %s) not enabled.' % (option, value) else: option = 'net.ssl.mode' value = helper.get_yaml_config_value(configuration_file, option) if None == value: self.result['level'] = 'RED' self.result['output'] = 'SSL is (%s not found) not enabled.' % (option) elif 'requireSSL' == value: self.result['level'] = 'GREEN' self.result['output'] = 'SSL is (%s: %s) is required.' % (option, value) elif 'preferSSL' == value: self.result['level'] = 'YELLOW' self.result['output'] = 'SSL is (%s: %s) is prefered, but not required.' % (option, value) elif 'allowSSL' == value: self.result['level'] = 'YELLOW' self.result['output'] = 'SSL is (%s: %s) is allowed, but not required.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = 'SSL is (%s: %s) not enabled.' % (option, value) return self.result
def do_check(self, configuration_file): value = helper.get_config_value(configuration_file, 'nohttpinterface') if None == value: self.result['level'] = 'YELLOW' self.result['output'] = 'No HTTP Interface setting not found.' elif 'true' == value.lower(): self.result['level'] = 'GREEN' self.result['output'] = 'No HTTP Interface is (%s) enabled.' % (value) else: self.result['level'] = 'RED' self.result['output'] = 'No HTTP Interface is (%s) not enabled.' % (value) return self.result
def do_check(self, configuration_file): value = helper.get_config_value(configuration_file, "keyFile") if None == value: self.result["level"] = "YELLOW" self.result["output"] = "keyFile setting not found." elif "" != value.lower(): self.result["level"] = "GREEN" self.result["output"] = "keyFile is (%s) enabled." % (value) else: self.result["level"] = "YELLOW" self.result["output"] = "keyFile is (%s) not enabled." % (value) return self.result
def do_check(self, configuration_file): value = helper.get_config_value(configuration_file, 'sslPEMKeyFile') if None == value: self.result['level'] = 'RED' self.result['output'] = 'SSL is (not found) not enabled.' elif '' != value.lower(): self.result['level'] = 'GREEN' self.result['output'] = 'SSL is (%s) enabled.' % (value) else: self.result['level'] = 'RED' self.result['output'] = 'SSL is (%s) not enabled.' % (value) return self.result
def do_check(self, configuration_file): addresses = None output = '' self.result['level'] = 'GREEN' addresses = helper.get_config_value(configuration_file, 'listen_addresses') if not addresses: # if option not found then postgresql defaults to localhost addresses = 'localhost' if 'localhost' != addresses: self.result['level'] = 'YELLOW' output = 'Database listening is not localhost only (' + addresses + ')' self.result['output'] = output return self.result
def do_check(self, configuration_file): output = "" pg_hba_file_path = None self.result["level"] = "GREEN" pg_hba_file_path = helper.get_config_value(configuration_file, "hba_file") try: if os.path.isfile(str(pg_hba_file_path)): with open(str(pg_hba_file_path), "r") as config: for line in config: if not line.startswith("#"): if "" != line.strip(): output += line.strip() + "\n" self.result["output"] = output except IOError as e: self.result["level"] = "ORANGE" self.result["output"] = "DbDat could not read configuration file. You may need to run DbDat using sudo." return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] < 2 and version_number[1] < 6: option = 'auth' value = helper.get_config_value(configuration_file, option) if None == value: self.result['level'] = 'YELLOW' self.result['output'] = 'MongoDB Authentication setting not found.' elif 'true' == value.lower(): self.result['level'] = 'GREEN' self.result['output'] = 'MongoDB Authentication is (%s) enabled.' % (value) else: self.result['level'] = 'RED' self.result['output'] = 'MongoDB Authentication is (%s) not enabled.' % (value) else: self.result['level'] = 'GRAY' self.result['output'] = 'This check does not apply to MongoDB versions 2.6 and above.' return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'jsonp' value = helper.get_config_value(configuration_file, option) if None == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (not found) not enabled.' % ( option) elif 'false' == value.lower(): self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) enabled.' % (option, value) else: option = 'net.http.JSONPEnabled' value = helper.get_yaml_config_value(configuration_file, option) if None == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (not found) not enabled.' % ( option) elif False == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) enabled.' % (option, value) return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'sslPEMKeyFile' value = helper.get_config_value(configuration_file, option) ssl_on_normal_ports = False if version_number[0] >= 2 and version_number[1] >= 2: try: dcurs = self.db['admin'] result = dcurs.command('getCmdLineOpts') if '--sslOnNormalPorts' in result['argv']: ssl_on_normal_ports = True except Exception as e: # this will actually be a silent exception values below will be overwritten # the exception is here so execution doesn't break if something goes wrong result['level'] = 'ORANGE' result['output'] = 'Error: %s' % (e) if None == value: self.result['level'] = 'RED' self.result[ 'output'] = '%s is not set, SSL is not enabled.' % (option) if ssl_on_normal_ports: self.result['level'] = 'GREEN' self.result[ 'output'] = 'Command line option --sslOnNormalPorts set, SSL is enabled.' elif '' != value: self.result['level'] = 'GREEN' self.result['output'] = 'SSL is (%s: %s) enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = 'SSL is (%s: %s) not enabled.' % ( option, value) else: option = 'net.ssl.mode' value = get_yaml_config_value(configuration_file, option) if None == value: self.result['level'] = 'RED' self.result[ 'output'] = 'SSL is (%s not found) not enabled.' % (option) elif 'requireSSL' == value: self.result['level'] = 'GREEN' self.result['output'] = 'SSL is (%s: %s) is required.' % ( option, value) elif 'preferSSL' == value: self.result['level'] = 'YELLOW' self.result[ 'output'] = 'SSL is (%s: %s) is prefered, but not required.' % ( option, value) elif 'allowSSL' == value: self.result['level'] = 'YELLOW' self.result[ 'output'] = 'SSL is (%s: %s) is allowed, but not required.' % ( option, value) else: self.result['level'] = 'RED' self.result['output'] = 'SSL is (%s: %s) not enabled.' % ( option, value) return self.result