def auditServersBIXThread(environment, servers, propertiesDictionary, bApplyRequiredChanges) :
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
##############################################################
# Base server audit...
##############################################################
auditServersBasePega(environment, servers, runtimeProperties, bApplyRequiredChanges)
for servername in servers:
if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None:
return
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
bAllMustPass = True
AllDatasources = getAllDataSources(servername, runtimeProperties["username"], runtimeProperties["password"])
if (AllDatasources) :
auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername, bAllMustPass)
for ds in AllDatasources:
auditObjectMolecule1.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "JDBC URL - " + ds, "/subsystem=datasources/data-source=" + ds + "/", "connection-url", runtimeProperties["targetDSUrl"], bApplyRequiredChanges))
auditReport(environment, servername)
def auditServersMarketingThread(environment, servername, propertiesDictionary, bApplyRequiredChanges) :
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
if connectSilent(servername, runtimeProperties["username"], runtimeProperties["password"]) == None:
return
##############################################################
# Base server audit...
##############################################################
auditServersBasePega(environment, servername, runtimeProperties, bApplyRequiredChanges)
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: prsysmgmt Version", "/deployment=prsysmgmt_jboss.ear/", "content", runtimeProperties["prsysmanageVersionHash"], False))
auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "App: PRPC Version", "/deployment=prpc_j2ee14_jboss61JBM.ear/", "content", runtimeProperties["prpcVersionHash"], False))
bAllMustPass = True
AllDatasources = getAllDataSources(servername, runtimeProperties["username"], runtimeProperties["password"])
if (AllDatasources) :
auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername, bAllMustPass)
for ds in AllDatasources:
auditObjectMolecule1.auditObjectAtoms.append(auditObjectAtom(servername, runtimeProperties["username"], runtimeProperties["password"], "JDBC URL - Marketing - " + ds, "/subsystem=datasources/data-source=" + ds + "/", "connection-url", runtimeProperties["targetDSUrlMarketing"], bApplyRequiredChanges))
def auditServersMarketingDMZThread(environment, servername,
propertiesDictionary,
bApplyRequiredChanges):
# merge global properties into dict - deliberately overwriting local with global dict all values
runtimeProperties = dict()
runtimeProperties.update(globalDictionary)
runtimeProperties.update(propertiesDictionary)
if connectSilent(servername, runtimeProperties["username"],
runtimeProperties["password"]) == None:
return
##############################################################
# Base server audit...
##############################################################
auditServersBasePega(environment, servername, runtimeProperties,
bApplyRequiredChanges)
##############################################################
# OO based auditing atoms - automatically reported on...
##############################################################
oAuditObjectMolecule = auditObjectMolecule("Bind Addresses", servername,
True)
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"], "Bind Addr Management",
"/interface=management/", "inet-address",
"${jboss.bind.address.management:" + servername + ".theaa.local}",
bApplyRequiredChanges))
oAuditObjectMolecule.auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "Bind Addr Public",
"/interface=public/", "inet-address",
runtimeProperties["targetPublicBindAddr"],
bApplyRequiredChanges))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"],
"App: prsysmgmt Version",
"/deployment=prsysmgmt_jboss.ear/", "content",
runtimeProperties["prsysmanageVersionHash"], False))
auditObjectAtoms.append(
auditObjectAtom(servername, runtimeProperties["username"],
runtimeProperties["password"], "App: PRPC Version",
"/deployment=prpc_j2ee14_jboss61JBM.ear/", "content",
runtimeProperties["prpcVersionHashDMZ"], False))
oAuditObjectMolecule2 = auditObjectMolecule("Security Hardening DMZ",
servername, True)
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - substitution1",
"/subsystem=web/virtual-server=default-host/rewrite=rule-1",
"substitution", runtimeProperties["rewrite-prweb-substitution1"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - pattern1",
"/subsystem=web/virtual-server=default-host/rewrite=rule-1",
"pattern", runtimeProperties["rewrite-prweb-pattern1"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - flags1",
"/subsystem=web/virtual-server=default-host/rewrite=rule-1",
"flags", runtimeProperties["rewrite-prweb-flags1"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - substitution2",
"/subsystem=web/virtual-server=default-host/rewrite=rule-2",
"substitution", runtimeProperties["rewrite-prweb-substitution2"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - pattern2",
"/subsystem=web/virtual-server=default-host/rewrite=rule-2",
"pattern", runtimeProperties["rewrite-prweb-pattern2"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - flags2",
"/subsystem=web/virtual-server=default-host/rewrite=rule-2",
"flags", runtimeProperties["rewrite-prweb-flags2"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - substitution3",
"/subsystem=web/virtual-server=default-host/rewrite=rule-3",
"substitution", runtimeProperties["rewrite-prweb-substitution3"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - pattern3",
"/subsystem=web/virtual-server=default-host/rewrite=rule-3",
"pattern", runtimeProperties["rewrite-prweb-pattern3"],
bApplyRequiredChanges))
oAuditObjectMolecule2.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"Security Hardening - PRWeb Disabled - flags3",
"/subsystem=web/virtual-server=default-host/rewrite=rule-3",
"flags", runtimeProperties["rewrite-prweb-flags3"],
bApplyRequiredChanges))
bAllMustPass = True
AllDatasources = getAllDataSources(servername,
runtimeProperties["username"],
runtimeProperties["password"])
if (AllDatasources):
auditObjectMolecule1 = auditObjectMolecule("JDBC URL", servername,
bAllMustPass)
for ds in AllDatasources:
auditObjectMolecule1.auditObjectAtoms.append(
auditObjectAtom(
servername, runtimeProperties["username"],
runtimeProperties["password"],
"JDBC URL - Marketing DMZ - " + ds,
"/subsystem=datasources/data-source=" + ds + "/",
"connection-url",
runtimeProperties["targetDSUrlMarketing"],
bApplyRequiredChanges))
