def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'auth'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result[
'output'] = 'MongoDB Authentication setting not found.'
elif 'true' == value.lower():
self.result['level'] = 'GREEN'
self.result[
'output'] = 'MongoDB Authentication is (%s) enabled.' % (
value)
else:
self.result['level'] = 'RED'
self.result[
'output'] = 'MongoDB Authentication is (%s) not enabled.' % (
value)
else:
self.result['level'] = 'GRAY'
self.result[
'output'] = 'This check does not apply to MongoDB versions 2.6 and above.'
return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'rest' value = helper.get_config_value(configuration_file, option) if None == value: self.result['level'] = 'YELLOW' self.result['output'] = '%s setting not found.' % (option) elif 'false' == value.lower(): self.result['level'] = 'GREEN' self.result['output'] = '%s interface is (%s) enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s interface is (%s) not enabled.' % (option, value) else: option = 'net.http.RESTInterfaceEnabled' value = helper.get_yaml_config_value(configuration_file, option) if None == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (not found, default is False) not enabled.' % (option) elif False == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) enabled.' % (option, value) return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()["versionArray"]
if version_number[0] <= 2 and version_number[1] < 6:
try:
option = "bind_ip"
value = helper.get_config_value(configuration_file, "bind_ip")
self.result["level"] = "GREEN"
self.result["output"] = "Bind IP is (%s) enabled." % (value)
except ConfigParser.NoOptionError as e:
self.result["level"] = "YELLOW"
self.result["output"] = "Bind IP setting not found."
else:
option = "net.bindIp"
value = helper.get_yaml_config_value(configuration_file, option)
if None != value:
self.result["level"] = "GREEN"
self.result["output"] = "Bind IP is (%s) enabled." % (value)
else:
self.result["level"] = "YELLOW"
self.result["output"] = "Bind IP setting not found."
return self.result
def do_check(self, configuration_file):
output = ''
pg_hba_file_path = None
self.result['level'] = 'GREEN'
pg_hba_file_path = helper.get_config_value(configuration_file, 'hba_file')
try:
if os.path.isfile(str(pg_hba_file_path)):
with open(str(pg_hba_file_path), 'r') as config:
for line in config:
if not line.startswith('#'):
if '' != line.strip():
values = line.strip().split()
if 'host' == values[0]:
if not values[2].startswith('.'):
self.result['level'] = 'RED'
output += values[2] + '\n'
self.result['output'] = output
except IOError as e:
self.result['level'] = 'ORANGE'
self.result['output'] = 'DbDat could not read configuration file. You may need to run DbDat using sudo.'
return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: option = 'noscripting' value = helper.get_config_value(configuration_file, option) if None == value: self.result['level'] = 'RED' self.result['output'] = '%s is (not found) not enabled.' % (option) elif 'true' != value.lower(): self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: option = 'security.javascriptEnabled' value = helper.get_yaml_config_value(configuration_file, option) if None == value: self.result['level'] = 'RED' self.result['output'] = '%s is (not found) enabled.' % (option) elif False == value: self.result['level'] = 'GREEN' self.result['output'] = '%s is (%s) not enabled.' % (option, value) else: self.result['level'] = 'RED' self.result['output'] = '%s is (%s) enabled.' % (option, value) return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
try:
option = 'bind_ip'
value = helper.get_config_value(configuration_file, 'bind_ip')
self.result['level'] = 'GREEN'
self.result['output'] = 'Bind IP is (%s) enabled.' % (value)
except configparser.NoOptionError as e:
self.result['level'] = 'YELLOW'
self.result['output'] = 'Bind IP setting not found.'
else:
option = 'net.bindIp'
value = get_yaml_config_value(configuration_file, option)
if None != value:
self.result['level'] = 'GREEN'
self.result['output'] = 'Bind IP is (%s) enabled.' % (value)
else:
self.result['level'] = 'YELLOW'
self.result['output'] = 'Bind IP setting not found.'
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()["versionArray"]
if version_number[0] <= 2 and version_number[1] < 6:
option = "noauth"
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result["level"] = "YELLOW"
self.result[
"output"
] = '%s setting not found. The default value is "true", ensure the "auth" option is enabled.' % (option)
elif "true" == value.lower():
self.result["level"] = "RED"
self.result["output"] = "%s is (%s) enabled." % (option, value)
else:
self.result["level"] = "GREEN"
self.result["output"] = "%s is (%s) not enabled." % (option, value)
else:
self.result["level"] = "GRAY"
self.result["output"] = "This check does not apply to MongoDB versions 2.6 and above."
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'rest'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = '%s setting not found.' % (option)
elif 'false' == value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = '%s interface is (%s) enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s interface is (%s) not enabled.' % (option, value)
else:
option = 'net.http.RESTInterfaceEnabled'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (not found, default is False) not enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'keyFile'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = 'keyFile setting not found.'
elif '' != value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = 'keyFile is (%s) enabled.' % (value)
else:
self.result['level'] = 'YELLOW'
self.result['output'] = 'keyFile is (%s) not enabled.' % (value)
else:
option = 'security.keyFile'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = '%s is (not found) not enabled.' % (option)
elif '' == str(value):
self.result['level'] = 'YELLOW'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file): option = None version_number = self.db.server_info()['versionArray'] if version_number[0] <= 2 and version_number[1] < 6: try: option = 'bind_ip' value = helper.get_config_value(configuration_file, 'bind_ip') self.result['level'] = 'GREEN' self.result['output'] = 'Bind IP is (%s) enabled.' % (value) except ConfigParser.NoOptionError as e: self.result['level'] = 'YELLOW' self.result['output'] = 'Bind IP setting not found.' else: option = 'net.bindIp' value = helper.get_yaml_config_value(configuration_file, option) if None != value: self.result['level'] = 'GREEN' self.result['output'] = 'Bind IP is (%s) enabled.' % (value) else: self.result['level'] = 'YELLOW' self.result['output'] = 'Bind IP setting not found.' return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'sslPEMKeyFile'
value = helper.get_config_value(configuration_file, option)
ssl_on_normal_ports = False
if version_number[0] >= 2 and version_number[1] >= 2:
try:
dcurs = self.db['admin']
result = dcurs.command('getCmdLineOpts')
if '--sslOnNormalPorts' in result['argv']:
ssl_on_normal_ports = True
except Exception as e:
# this will actually be a silent exception values below will be overwritten
# the exception is here so execution doesn't break if something goes wrong
result['level'] = 'ORANGE'
result['output'] = 'Error: %s' % (e)
if None == value:
self.result['level'] = 'RED'
self.result['output'] = '%s is not set, SSL is not enabled.' % (option)
if ssl_on_normal_ports:
self.result['level'] = 'GREEN'
self.result['output'] = 'Command line option --sslOnNormalPorts set, SSL is enabled.'
elif '' != value:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s: %s) enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s: %s) not enabled.' % (option, value)
else:
option = 'net.ssl.mode'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s not found) not enabled.' % (option)
elif 'requireSSL' == value:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s: %s) is required.' % (option, value)
elif 'preferSSL' == value:
self.result['level'] = 'YELLOW'
self.result['output'] = 'SSL is (%s: %s) is prefered, but not required.' % (option, value)
elif 'allowSSL' == value:
self.result['level'] = 'YELLOW'
self.result['output'] = 'SSL is (%s: %s) is allowed, but not required.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s: %s) not enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
value = helper.get_config_value(configuration_file, 'nohttpinterface')
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = 'No HTTP Interface setting not found.'
elif 'true' == value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = 'No HTTP Interface is (%s) enabled.' % (value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'No HTTP Interface is (%s) not enabled.' % (value)
return self.result
def do_check(self, configuration_file):
value = helper.get_config_value(configuration_file, "keyFile")
if None == value:
self.result["level"] = "YELLOW"
self.result["output"] = "keyFile setting not found."
elif "" != value.lower():
self.result["level"] = "GREEN"
self.result["output"] = "keyFile is (%s) enabled." % (value)
else:
self.result["level"] = "YELLOW"
self.result["output"] = "keyFile is (%s) not enabled." % (value)
return self.result
def do_check(self, configuration_file):
value = helper.get_config_value(configuration_file, 'sslPEMKeyFile')
if None == value:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (not found) not enabled.'
elif '' != value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s) enabled.' % (value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s) not enabled.' % (value)
return self.result
def do_check(self, configuration_file):
addresses = None
output = ''
self.result['level'] = 'GREEN'
addresses = helper.get_config_value(configuration_file, 'listen_addresses')
if not addresses:
# if option not found then postgresql defaults to localhost
addresses = 'localhost'
if 'localhost' != addresses:
self.result['level'] = 'YELLOW'
output = 'Database listening is not localhost only (' + addresses + ')'
self.result['output'] = output
return self.result
def do_check(self, configuration_file):
addresses = None
output = ''
self.result['level'] = 'GREEN'
addresses = helper.get_config_value(configuration_file, 'listen_addresses')
if not addresses:
# if option not found then postgresql defaults to localhost
addresses = 'localhost'
if 'localhost' != addresses:
self.result['level'] = 'YELLOW'
output = 'Database listening is not localhost only (' + addresses + ')'
self.result['output'] = output
return self.result
def do_check(self, configuration_file):
output = ""
pg_hba_file_path = None
self.result["level"] = "GREEN"
pg_hba_file_path = helper.get_config_value(configuration_file, "hba_file")
try:
if os.path.isfile(str(pg_hba_file_path)):
with open(str(pg_hba_file_path), "r") as config:
for line in config:
if not line.startswith("#"):
if "" != line.strip():
output += line.strip() + "\n"
self.result["output"] = output
except IOError as e:
self.result["level"] = "ORANGE"
self.result["output"] = "DbDat could not read configuration file. You may need to run DbDat using sudo."
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] < 2 and version_number[1] < 6:
option = 'auth'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = 'MongoDB Authentication setting not found.'
elif 'true' == value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = 'MongoDB Authentication is (%s) enabled.' % (value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'MongoDB Authentication is (%s) not enabled.' % (value)
else:
self.result['level'] = 'GRAY'
self.result['output'] = 'This check does not apply to MongoDB versions 2.6 and above.'
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'jsonp'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (not found) not enabled.' % (
option)
elif 'false' == value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
else:
option = 'net.http.JSONPEnabled'
value = helper.get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (not found) not enabled.' % (
option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'sslPEMKeyFile'
value = helper.get_config_value(configuration_file, option)
ssl_on_normal_ports = False
if version_number[0] >= 2 and version_number[1] >= 2:
try:
dcurs = self.db['admin']
result = dcurs.command('getCmdLineOpts')
if '--sslOnNormalPorts' in result['argv']:
ssl_on_normal_ports = True
except Exception as e:
# this will actually be a silent exception values below will be overwritten
# the exception is here so execution doesn't break if something goes wrong
result['level'] = 'ORANGE'
result['output'] = 'Error: %s' % (e)
if None == value:
self.result['level'] = 'RED'
self.result[
'output'] = '%s is not set, SSL is not enabled.' % (option)
if ssl_on_normal_ports:
self.result['level'] = 'GREEN'
self.result[
'output'] = 'Command line option --sslOnNormalPorts set, SSL is enabled.'
elif '' != value:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s: %s) enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s: %s) not enabled.' % (
option, value)
else:
option = 'net.ssl.mode'
value = get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'RED'
self.result[
'output'] = 'SSL is (%s not found) not enabled.' % (option)
elif 'requireSSL' == value:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s: %s) is required.' % (
option, value)
elif 'preferSSL' == value:
self.result['level'] = 'YELLOW'
self.result[
'output'] = 'SSL is (%s: %s) is prefered, but not required.' % (
option, value)
elif 'allowSSL' == value:
self.result['level'] = 'YELLOW'
self.result[
'output'] = 'SSL is (%s: %s) is allowed, but not required.' % (
option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s: %s) not enabled.' % (
option, value)
return self.result
