def auditServersMarketingThread(environment, servername, propertiesDictionary, bApplyRequiredChanges) : # merge global properties into dict - deliberately overwriting local with global dict all values runtimeProperties = dict() runtimeProperties.update(globalDictionary) runtimeProperties.update(propertiesDictionary) if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None: return ############################################################## # Base server audit... ############################################################## auditServersBasePega(environment, servername, runtimeProperties, bApplyRequiredChanges) ############################################################## # OO based auditing atoms - automatically reported on... ############################################################## auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: prsysmgmt Version", "/deployment=prsysmgmt_jboss.ear/", "content", runtimeProperties["prsysmanageVersionHash"], False)) auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: PRPC Version", "/deployment=prpc_j2ee14_jboss61JBM.ear/", "content", runtimeProperties["prpcVersionHash"], False)) bAllMustPass = True AllDatasources = getAllDataSources(servername, runtimeProperties["username"], runtimeProperties["password"]) if (AllDatasources) : auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername, bAllMustPass) for ds in AllDatasources: auditObjectMolecule1.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "JDBC URL - Marketing - " + ds, "/subsystem=datasources/data-source=" + ds + "/", "connection-url", runtimeProperties["targetDSUrlMarketing"], bApplyRequiredChanges))
def auditServersBIXThread(environment, servers, propertiesDictionary, bApplyRequiredChanges) : # merge global properties into dict - deliberately overwriting local with global dict all values runtimeProperties = dict() runtimeProperties.update(globalDictionary) runtimeProperties.update(propertiesDictionary) ############################################################## # Base server audit... ############################################################## auditServersBasePega(environment, servers, runtimeProperties, bApplyRequiredChanges) for servername in servers: if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None: return ############################################################## # OO based auditing atoms - automatically reported on... ############################################################## bAllMustPass = True AllDatasources = getAllDataSources(servername, runtimeProperties["username"], runtimeProperties["password"]) if (AllDatasources) : auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername, bAllMustPass) for ds in AllDatasources: auditObjectMolecule1.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "JDBC URL - " + ds, "/subsystem=datasources/data-source=" + ds + "/", "connection-url", runtimeProperties["targetDSUrl"], bApplyRequiredChanges)) auditReport(environment, servername)
def auditServersBaseAudit(environment, servername, propertiesDict, bApplyRequiredChanges): # merge global propertiesDict into dict - deliberately overwriting local with global dict all values runtimeProperties = dict() runtimeProperties.update(globalDictionary) runtimeProperties.update(propertiesDict) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Running", "/", "server-state", runtimeProperties["targetRunState"], False)) ############################################################## # OO based auditing atoms - automatically reported on... ############################################################## auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Custom Logger Exists", "/subsystem=logging/custom-handler=FILESIZEDATE/", "enabled", runtimeProperties["targetAuditLoggingCustomHandler"], bApplyRequiredChanges)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Custom Logger Level (ALL)", "/subsystem=logging/custom-handler=FILESIZEDATE/", "level", runtimeProperties["targetCustomLoggerLevel"], bApplyRequiredChanges)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Root Logging level (ALL)", "/subsystem=logging/root-logger=ROOT/", "level", runtimeProperties["targetRootLoggerLevel"], bApplyRequiredChanges)) ############################################################## # an auditObjectMolecule enables the user to group atoms together as one ############################################################## oAuditObjectMolecule = auditObjectMolecule("Bind Addresses", servername, True) oAuditObjectMolecule.auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Bind Addr Management", "/interface=management/", "inet-address", runtimeProperties["targetManagementBindAddr"], bApplyRequiredChanges)) oAuditObjectMolecule.auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Bind Addr Public", "/interface=public/", "inet-address", runtimeProperties["targetPublicBindAddr"], bApplyRequiredChanges)) oAuditObjectMolecule2 = auditObjectMolecule( "Security Hardening - Protocols-Suites", servername, True) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "SSL Protocols", "/subsystem=web/connector=https/configuration=ssl/", "protocol", runtimeProperties["sslProtocols"], bApplyRequiredChanges)) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Cipher Suite", "/subsystem=web/connector=https/configuration=ssl/", "cipher-suite", runtimeProperties["cipherSuite"], bApplyRequiredChanges)) allDatasourcesResponseResultList = getAllDataSources( servername, runtimeProperties["username"], runtimeProperties["password"]) if (allDatasourcesResponseResultList): oAuditObjectMolecule3 = auditObjectMolecule( "Datasource (Non XA) Connection Perf Options", servername, True) for datasource in allDatasourcesResponseResultList: oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": check-valid-connection-sql", "/subsystem=datasources/data-source=" + datasource + "/", "check-valid-connection-sql", runtimeProperties["jdbcTargetCheckValidConnectionSql"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": validate-on-match", "/subsystem=datasources/data-source=" + datasource + "/", "validate-on-match", runtimeProperties["jdbcValidateOnMatch"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": background-validation", "/subsystem=datasources/data-source=" + datasource + "/", "background-validation", runtimeProperties["jdbcBackgroundValidation"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": use-fast-fail", "/subsystem=datasources/data-source=" + datasource + "/", "use-fast-fail", runtimeProperties["jdbcUseFastFail"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": exception-sorter-class-name", "/subsystem=datasources/data-source=" + datasource + "/", "exception-sorter-class-name", runtimeProperties["jdbcExceptionSorterClassName"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": track-statements", "/subsystem=datasources/data-source=" + datasource + "/", "track-statements", runtimeProperties["jdbcTrackStatements"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": valid-connection-checker-class-name", "/subsystem=datasources/data-source=" + datasource + "/", "valid-connection-checker-class-name", runtimeProperties["jdbcValidConnectionCheckerClassName"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": flush-strategy", "/subsystem=datasources/data-source=" + datasource + "/", "flush-strategy", runtimeProperties["jdbcFlushStrategy"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": idle-timeout-minutes", "/subsystem=datasources/data-source=" + datasource + "/", "idle-timeout-minutes", runtimeProperties["jdbcIdleTimeoutMinutes"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": blocking-timeout-wait-millis", "/subsystem=datasources/data-source=" + datasource + "/", "blocking-timeout-wait-millis", runtimeProperties["jdbcBlockingTimeoutWaitMillis"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": pool-prefill", "/subsystem=datasources/data-source=" + datasource + "/", "pool-prefill", runtimeProperties["jdbcPoolPrefill"], bApplyRequiredChanges)) allDatasourcesResponseResultListXa = getAllXaDataSources( servername, runtimeProperties["username"], runtimeProperties["password"]) if (allDatasourcesResponseResultListXa): oAuditObjectMolecule4 = auditObjectMolecule( "Datasource (XA) Connection Perf Options", servername, True) for datasource in allDatasourcesResponseResultListXa: oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": check-valid-connection-sql", "/subsystem=datasources/xa-data-source=" + datasource + "/", "check-valid-connection-sql", runtimeProperties["jdbcTargetCheckValidConnectionSql"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": validate-on-match", "/subsystem=datasources/xa-data-source=" + datasource + "/", "validate-on-match", runtimeProperties["jdbcValidateOnMatch"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": background-validation", "/subsystem=datasources/xa-data-source=" + datasource + "/", "background-validation", runtimeProperties["jdbcBackgroundValidation"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": use-fast-fail", "/subsystem=datasources/xa-data-source=" + datasource + "/", "use-fast-fail", runtimeProperties["jdbcUseFastFail"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": exception-sorter-class-name", "/subsystem=datasources/xa-data-source=" + datasource + "/", "exception-sorter-class-name", runtimeProperties["jdbcExceptionSorterClassName"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": track-statements", "/subsystem=datasources/xa-data-source=" + datasource + "/", "track-statements", runtimeProperties["jdbcTrackStatements"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": valid-connection-checker-class-name", "/subsystem=datasources/xa-data-source=" + datasource + "/", "valid-connection-checker-class-name", runtimeProperties["jdbcValidConnectionCheckerClassName"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": flush-strategy", "/subsystem=datasources/xa-data-source=" + datasource + "/", "flush-strategy", runtimeProperties["jdbcFlushStrategy"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": idle-timeout-minutes", "/subsystem=datasources/xa-data-source=" + datasource + "/", "idle-timeout-minutes", runtimeProperties["jdbcIdleTimeoutMinutes"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": blocking-timeout-wait-millis", "/subsystem=datasources/xa-data-source=" + datasource + "/", "blocking-timeout-wait-millis", runtimeProperties["jdbcBlockingTimeoutWaitMillis"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": pool-prefill", "/subsystem=datasources/xa-data-source=" + datasource + "/", "pool-prefill", runtimeProperties["jdbcPoolPrefill"], bApplyRequiredChanges))
def auditServersBasePega(environment, servername, propertiesDictionary, bApplyRequiredChanges) : # merge global properties into dict - deliberately overwriting local with global dict all values runtimeProperties = dict() runtimeProperties.update(globalDictionary) runtimeProperties.update(propertiesDictionary) if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None: return ############################################################## # Base server audit... ############################################################## auditServersBaseAudit(environment, servername, runtimeProperties, bApplyRequiredChanges) ############################################################## # OO based auditing atoms - automatically reported on... ############################################################## auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Messaging Provider (Hornet Q)", "/subsystem=ejb3/", "default-resource-adapter-name", runtimeProperties["targetMessagingProvider"], bApplyRequiredChanges)) auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ Max Delivery Attempts", "/subsystem=messaging/hornetq-server=default/address-setting=#/", "max-delivery-attempts", runtimeProperties["targetHornetMaxdeliveryAttempts"], bApplyRequiredChanges)) auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ ReDelivery Delay", "/subsystem=messaging/hornetq-server=default/address-setting=#/", "redelivery-delay", runtimeProperties["targetHornetQRedeliveryDelay"], bApplyRequiredChanges)) auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ Consumer Window Size", "/subsystem=messaging/hornetq-server=default/pooled-connection-factory=hornetq-ra/", "consumer-window-size", runtimeProperties["consumer-window-size"], bApplyRequiredChanges)) auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "uRandom RNG", "/core-service=platform-mbean/type=runtime", "input-arguments", runtimeProperties["uRandomRNG"], False)) auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Pega User Home - Outside Container Folders", "/core-service=platform-mbean/type=runtime", "input-arguments", "-Duser.home", False)) oAuditObjectMolecule = auditObjectMolecule("Bean Poola - Avaya VoIP (EJB) : " + str(runtimeProperties["targetEjbStrictMaxPool"]), servername, False) oAuditObjectMolecule.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "EJB Pool maxsize: " + str(runtimeProperties["targetEjbStrictMaxPool"]), "/subsystem=ejb3/strict-max-bean-instance-pool=slsb-strict-max-pool/", "max-pool-size", runtimeProperties["targetEjbStrictMaxPool"], False)) oAuditObjectMolecule2 = auditObjectMolecule("Bean Pools - Avaya VoIP (MDB) : " + str(runtimeProperties["targetEjbStrictMaxPool"]), servername, False) oAuditObjectMolecule2.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "MDB Pool maxsize: " + str(runtimeProperties["targetEjbStrictMaxPool"]), "/subsystem=ejb3/strict-max-bean-instance-pool=mdb-strict-max-pool/", "max-pool-size", runtimeProperties["targetEjbStrictMaxPool"], False)) oAuditObjectMolecule3 = auditObjectMolecule("Bean Pools - Avaya VoIP (Async / CTI) : ", servername, bApplyRequiredChanges) oAuditObjectMolecule3.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Async Pool minsize: " + str(runtimeProperties["AsyncConnectionFactory-min-pool-size"]), "/subsystem=messaging/hornetq-server=default/pooled-connection-factory=AsyncConnectionFactory/", "min-pool-size", runtimeProperties["AsyncConnectionFactory-min-pool-size"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Async Pool maxsize: " + str(runtimeProperties["AsyncConnectionFactory-max-pool-size"]), "/subsystem=messaging/hornetq-server=default/pooled-connection-factory=AsyncConnectionFactory/", "max-pool-size", runtimeProperties["AsyncConnectionFactory-max-pool-size"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "CTI thread Pool maxsize: " + str(runtimeProperties["targetEjbStrictMaxPool"]), "/subsystem=threads/bounded-queue-thread-pool=ctiThreadPool/", "max-threads", runtimeProperties["ctiThreadPool-maxThreads"], bApplyRequiredChanges)) allDatasourcesResponseResultList = [ 'StagingInbound', 'AdminPegaRULES', 'PegaRULES', 'adm7DataSource', 'ihDataSource', 'nbamDataSource', 'padDataSource', 'vbdDataSource', ] if (allDatasourcesResponseResultList) : oAuditObjectMolecule4 = auditObjectMolecule("Datasource (Pega Non XA) Connection Perf Options", servername, True) for datasource in allDatasourcesResponseResultList : oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": check-valid-connection-sql", "/subsystem=datasources/data-source=" + datasource + "/", "check-valid-connection-sql", runtimeProperties["jdbcTargetCheckValidConnectionSql"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": validate-on-match", "/subsystem=datasources/data-source=" + datasource + "/", "validate-on-match", runtimeProperties["jdbcValidateOnMatch"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": background-validation", "/subsystem=datasources/data-source=" + datasource + "/", "background-validation", runtimeProperties["jdbcBackgroundValidation"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": use-fast-fail", "/subsystem=datasources/data-source=" + datasource + "/", "use-fast-fail", runtimeProperties["jdbcUseFastFail"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": exception-sorter-class-name", "/subsystem=datasources/data-source=" + datasource + "/", "exception-sorter-class-name", runtimeProperties["jdbcExceptionSorterClassName"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": track-statements", "/subsystem=datasources/data-source=" + datasource + "/", "track-statements", runtimeProperties["jdbcTrackStatements"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": valid-connection-checker-class-name", "/subsystem=datasources/data-source=" + datasource + "/", "valid-connection-checker-class-name", runtimeProperties["jdbcValidConnectionCheckerClassName"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": flush-strategy", "/subsystem=datasources/data-source=" + datasource + "/", "flush-strategy", runtimeProperties["jdbcFlushStrategy"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": idle-timeout-minutes", "/subsystem=datasources/data-source=" + datasource + "/", "idle-timeout-minutes", runtimeProperties["jdbcIdleTimeoutMinutes"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": blocking-timeout-wait-millis", "/subsystem=datasources/data-source=" + datasource + "/", "blocking-timeout-wait-millis", runtimeProperties["jdbcBlockingTimeoutWaitMillis"], bApplyRequiredChanges)) oAuditObjectMolecule4.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], datasource + ": pool-prefill", "/subsystem=datasources/data-source=" + datasource + "/", "pool-prefill", runtimeProperties["jdbcPoolPrefill"], bApplyRequiredChanges)) oAuditObjectMolecule5 = auditObjectMolecule("Security Hardening - Pega", servername, True) oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Disable Welcome Page", "/subsystem=web/virtual-server=default-host/", "enable-welcome-root", runtimeProperties["enable-welcome-root"], bApplyRequiredChanges)) oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Remove Sample Web Alias", "/subsystem=web/virtual-server=default-host/", "alias", runtimeProperties["sampleWebAlias"], bApplyRequiredChanges)) oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Custom Server Header", "/system-property=org.apache.coyote.http11.Http11Protocol.SERVER/", "value", runtimeProperties["customServerHeader"], bApplyRequiredChanges)) oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - X Powered By - JSP", "/subsystem=web/configuration=jsp-configuration/", "x-powered-by", runtimeProperties["x-powered-by"], bApplyRequiredChanges)) oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - X Powered By - Catalina Connector", "/system-property=org.apache.catalina.connector.X_POWERED_BY/", "value", runtimeProperties["x-powered-by"], bApplyRequiredChanges)) oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Utf8Encoding - URI_ENCODING", "/system-property=org.apache.catalina.connector.URI_ENCODING/", "value", runtimeProperties["URI_ENCODING"], bApplyRequiredChanges)) oAuditObjectMolecule5.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Utf8Encoding - USE_BODY_ENCODING_FOR_QUERY_STRING", "/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING/", "value", runtimeProperties["USE_BODY_ENCODING_FOR_QUERY_STRING"], bApplyRequiredChanges))
def auditServersMdmThread(environment, servername, propertiesDict, bApplyRequiredChanges): # merge global propertiesDict into dict - deliberately overwriting local with global dict all values runtimeProperties = dict() runtimeProperties.update(globalProperties.dictionary) runtimeProperties.update(propertiesDict) if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None: return ############################################################## # Base server audit... ############################################################## auditServersBaseAudit(environment, servername, runtimeProperties, bApplyRequiredChanges) ############################################################## # OO based auditing atoms - automatically reported on... ############################################################## auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "JDBC URL - Siperian System DS", "/subsystem=datasources/xa-data-source=jdbc/siperian-cmx_system-ds/xa-datasource-properties=URL/", "value", runtimeProperties["targetDSUrl"], bApplyRequiredChanges)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: Informatica Entity360View", "/deployment=entity360view-ear.ear/", "enabled", "true", False)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: Informatica Mdm Platform", "/deployment=informatica-mdm-platform-ear.ear/", "enabled", "true", False)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: Informatica Siperian Mrm", "/deployment=siperian-mrm.ear/", "enabled", "true", False)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: Informatica Siperian Mrm Cleanse", "/deployment=siperian-mrm-cleanse.ear/", "enabled", "true", False)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Transactions Default Timeout", "/subsystem=transactions/", "default-timeout", runtimeProperties["transactionsDefaultTimeout"], bApplyRequiredChanges)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ Security OFF", "/subsystem=messaging/hornetq-server=default/", "security-enabled", runtimeProperties["hornetq-security-enabled"], bApplyRequiredChanges)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "HornetQ Persistence ON", "/subsystem=messaging/hornetq-server=default/", "persistence-enabled", runtimeProperties["hornetq-persistence-enabled"], bApplyRequiredChanges)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Remoting-connector security-realm undefined", "/subsystem=remoting/connector=remoting-connector/", "security-realm", runtimeProperties["remoting-security-realm"], bApplyRequiredChanges)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "EJB Pool threads", "/subsystem=ejb3/thread-pool=default/", "max-threads", runtimeProperties["targetCmdEjbStrictMaxPool"], bApplyRequiredChanges)) ############################################################## # an auditObjectMolecule enables the user to group atoms together as one ############################################################## oAuditObjectMolecule = auditObjectMolecule( "Siperian System Datasource Pool Sizes", servername, True) oAuditObjectMolecule.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Siperian Datasource Pool Size (min)", "/subsystem=datasources/xa-data-source=jdbc/siperian-cmx_system-ds/", "min-pool-size", runtimeProperties["siperian-min-pool-size"], bApplyRequiredChanges)) oAuditObjectMolecule.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Siperian Datasource Pool Sizes (max)", "/subsystem=datasources/xa-data-source=jdbc/siperian-cmx_system-ds/", "max-pool-size", runtimeProperties["siperian-max-pool-size"], bApplyRequiredChanges)) oAuditObjectMolecule2 = auditObjectMolecule( "Web Connections threads http(s)", servername, False) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Web Connections threads (http)", "/subsystem=web/connector=http/", "max-connections", runtimeProperties["targetWebMaxConnections"], bApplyRequiredChanges)) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Web Connections threads (https)", "/subsystem=web/connector=https/", "max-connections", runtimeProperties["targetWebMaxConnections"], bApplyRequiredChanges)) oAuditObjectMolecule3 = auditObjectMolecule("Security Hardening - MDM", servername, True) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Disable Welcome Page", "/subsystem=web/virtual-server=default-host/", "enable-welcome-root", runtimeProperties["enable-welcome-root"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Remove Sample Web Alias", "/subsystem=web/virtual-server=default-host/", "alias", runtimeProperties["sampleWebAlias"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Custom Server Header", "/system-property=org.apache.coyote.http11.Http11Protocol.SERVER/", "value", runtimeProperties["customServerHeader"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - X Powered By - JSP", "/subsystem=web/configuration=jsp-configuration/", "x-powered-by", runtimeProperties["x-powered-by"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - X Powered By - Catalina Connector", "/system-property=org.apache.catalina.connector.X_POWERED_BY/", "value", runtimeProperties["x-powered-by"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Utf8Encoding - URI_ENCODING", "/system-property=org.apache.catalina.connector.URI_ENCODING/", "value", runtimeProperties["URI_ENCODING"], bApplyRequiredChanges)) oAuditObjectMolecule3.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - Utf8Encoding - USE_BODY_ENCODING_FOR_QUERY_STRING", "/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING/", "value", runtimeProperties["USE_BODY_ENCODING_FOR_QUERY_STRING"], bApplyRequiredChanges))
def auditServersMarketingDMZThread(environment, servername, propertiesDictionary, bApplyRequiredChanges): # merge global properties into dict - deliberately overwriting local with global dict all values runtimeProperties = dict() runtimeProperties.update(globalDictionary) runtimeProperties.update(propertiesDictionary) if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None: return ############################################################## # Base server audit... ############################################################## auditServersBasePega(environment, servername, runtimeProperties, bApplyRequiredChanges) ############################################################## # OO based auditing atoms - automatically reported on... ############################################################## oAuditObjectMolecule = auditObjectMolecule("Bind Addresses", servername, True) oAuditObjectMolecule.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Bind Addr Management", "/interface=management/", "inet-address", "${jboss.bind.address.management:" + servername + ".theaa.local}", bApplyRequiredChanges)) oAuditObjectMolecule.auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "Bind Addr Public", "/interface=public/", "inet-address", runtimeProperties["targetPublicBindAddr"], bApplyRequiredChanges)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: prsysmgmt Version", "/deployment=prsysmgmt_jboss.ear/", "content", runtimeProperties["prsysmanageVersionHash"], False)) auditObjectAtoms.append( auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: PRPC Version", "/deployment=prpc_j2ee14_jboss61JBM.ear/", "content", runtimeProperties["prpcVersionHashDMZ"], False)) oAuditObjectMolecule2 = auditObjectMolecule("Security Hardening DMZ", servername, True) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - PRWeb Disabled - substitution1", "/subsystem=web/virtual-server=default-host/rewrite=rule-1", "substitution", runtimeProperties["rewrite-prweb-substitution1"], bApplyRequiredChanges)) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - PRWeb Disabled - pattern1", "/subsystem=web/virtual-server=default-host/rewrite=rule-1", "pattern", runtimeProperties["rewrite-prweb-pattern1"], bApplyRequiredChanges)) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - PRWeb Disabled - flags1", "/subsystem=web/virtual-server=default-host/rewrite=rule-1", "flags", runtimeProperties["rewrite-prweb-flags1"], bApplyRequiredChanges)) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - PRWeb Disabled - substitution2", "/subsystem=web/virtual-server=default-host/rewrite=rule-2", "substitution", runtimeProperties["rewrite-prweb-substitution2"], bApplyRequiredChanges)) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - PRWeb Disabled - pattern2", "/subsystem=web/virtual-server=default-host/rewrite=rule-2", "pattern", runtimeProperties["rewrite-prweb-pattern2"], bApplyRequiredChanges)) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - PRWeb Disabled - flags2", "/subsystem=web/virtual-server=default-host/rewrite=rule-2", "flags", runtimeProperties["rewrite-prweb-flags2"], bApplyRequiredChanges)) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - PRWeb Disabled - substitution3", "/subsystem=web/virtual-server=default-host/rewrite=rule-3", "substitution", runtimeProperties["rewrite-prweb-substitution3"], bApplyRequiredChanges)) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - PRWeb Disabled - pattern3", "/subsystem=web/virtual-server=default-host/rewrite=rule-3", "pattern", runtimeProperties["rewrite-prweb-pattern3"], bApplyRequiredChanges)) oAuditObjectMolecule2.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "Security Hardening - PRWeb Disabled - flags3", "/subsystem=web/virtual-server=default-host/rewrite=rule-3", "flags", runtimeProperties["rewrite-prweb-flags3"], bApplyRequiredChanges)) bAllMustPass = True AllDatasources = getAllDataSources(servername, runtimeProperties["username"], runtimeProperties["password"]) if (AllDatasources): auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername, bAllMustPass) for ds in AllDatasources: auditObjectMolecule1.auditObjectAtoms.append( auditObjectAtom( servername, runtimeProperties["username"], runtimeProperties["password"], "JDBC URL - Marketing DMZ - " + ds, "/subsystem=datasources/data-source=" + ds + "/", "connection-url", runtimeProperties["targetDSUrlMarketing"], bApplyRequiredChanges))