def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['version']
if LooseVersion(version_number) >= LooseVersion("2.6"):
option = 'systemLog.quiet'
value = get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s not found, not enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'YELLOW'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
else:
self.result['level'] = 'GRAY'
self.result[
'output'] = 'This check does not apply to MongoDB versions below 2.6.'
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'keyFile'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = 'keyFile setting not found.'
elif '' != value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = 'keyFile is (%s) enabled.' % (value)
else:
self.result['level'] = 'YELLOW'
self.result['output'] = 'keyFile is (%s) not enabled.' % (
value)
else:
option = 'security.keyFile'
value = get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = '%s is (not found) not enabled.' % (
option)
elif '' == str(value):
self.result['level'] = 'YELLOW'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
try:
option = 'bind_ip'
value = helper.get_config_value(configuration_file, 'bind_ip')
self.result['level'] = 'GREEN'
self.result['output'] = 'Bind IP is (%s) enabled.' % (value)
except configparser.NoOptionError as e:
self.result['level'] = 'YELLOW'
self.result['output'] = 'Bind IP setting not found.'
else:
option = 'net.bindIp'
value = get_yaml_config_value(configuration_file, option)
if None != value:
self.result['level'] = 'GREEN'
self.result['output'] = 'Bind IP is (%s) enabled.' % (value)
else:
self.result['level'] = 'YELLOW'
self.result['output'] = 'Bind IP setting not found.'
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = '--sslWeakCertificateValidation'
weak_cert_validation = False
try:
dcurs = self.db['admin']
result = dcurs.command('getCmdLineOpts')
if option in result['argv']:
weak_cert_validation = True
except Exception as e:
result['level'] = 'ORANGE'
result['output'] = 'Error: %s' % (e)
if weak_cert_validation:
self.result['level'] = 'RED'
self.result['output'] = '%s is enabled.' % (option)
else:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is not enabled.' % (option)
else:
option = 'net.ssl.weakCertificateValidation'
value = get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s not found, not enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'enableLocalhostAuthBypass'
# setParameter can't be retrived using helper.get_config_value(), so do this...
with open(configuration_file, 'r') as config:
for line in config:
values = line.split('=')
if 'setParameter' == values[0].strip():
if option == values[1].strip():
value = values[2].strip()
if None == value:
self.result['level'] = 'RED'
self.result['output'] = '%s is (not found) not enabled.' % (option)
elif 'false' == value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
else:
option = 'setParameter.enableLocalhostAuthBypass'
value = get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'RED'
self.result['output'] = '%s is (not found) enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'nohttpinterface'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'YELLOW'
self.result['output'] = 'No HTTP Interface setting not found.'
elif 'true' == value.lower():
self.result['level'] = 'GREEN'
self.result[
'output'] = 'No HTTP Interface is (%s) enabled.' % (value)
else:
self.result['level'] = 'RED'
self.result[
'output'] = 'No HTTP Interface is (%s) not enabled.' % (
value)
else:
option = 'net.http.enabled'
value = get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result[
'output'] = '%s is (not found, default is False) not enabled.' % (
option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['version']
if LooseVersion(version_number) >= LooseVersion("2.6.4"):
option = 'net.ssl.allowInvalidCertificates'
value = get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s not found, not enabled.' % (option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
else:
self.result['level'] = 'GRAY'
self.result['output'] = 'This check does not apply to MongoDB versions below 2.6.4.'
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'jsonp'
value = helper.get_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (not found) not enabled.' % (
option)
elif 'false' == value.lower():
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
else:
option = 'net.http.JSONPEnabled'
value = get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (not found) not enabled.' % (
option)
elif False == value:
self.result['level'] = 'GREEN'
self.result['output'] = '%s is (%s) not enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = '%s is (%s) enabled.' % (option, value)
return self.result
def do_check(self, configuration_file):
option = None
version_number = self.db.server_info()['versionArray']
if version_number[0] <= 2 and version_number[1] < 6:
option = 'sslPEMKeyFile'
value = helper.get_config_value(configuration_file, option)
ssl_on_normal_ports = False
if version_number[0] >= 2 and version_number[1] >= 2:
try:
dcurs = self.db['admin']
result = dcurs.command('getCmdLineOpts')
if '--sslOnNormalPorts' in result['argv']:
ssl_on_normal_ports = True
except Exception as e:
# this will actually be a silent exception values below will be overwritten
# the exception is here so execution doesn't break if something goes wrong
result['level'] = 'ORANGE'
result['output'] = 'Error: %s' % (e)
if None == value:
self.result['level'] = 'RED'
self.result[
'output'] = '%s is not set, SSL is not enabled.' % (option)
if ssl_on_normal_ports:
self.result['level'] = 'GREEN'
self.result[
'output'] = 'Command line option --sslOnNormalPorts set, SSL is enabled.'
elif '' != value:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s: %s) enabled.' % (option,
value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s: %s) not enabled.' % (
option, value)
else:
option = 'net.ssl.mode'
value = get_yaml_config_value(configuration_file, option)
if None == value:
self.result['level'] = 'RED'
self.result[
'output'] = 'SSL is (%s not found) not enabled.' % (option)
elif 'requireSSL' == value:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is (%s: %s) is required.' % (
option, value)
elif 'preferSSL' == value:
self.result['level'] = 'YELLOW'
self.result[
'output'] = 'SSL is (%s: %s) is prefered, but not required.' % (
option, value)
elif 'allowSSL' == value:
self.result['level'] = 'YELLOW'
self.result[
'output'] = 'SSL is (%s: %s) is allowed, but not required.' % (
option, value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is (%s: %s) not enabled.' % (
option, value)
return self.result