def validate_id(id):
        prefixes = ValueChecker.get_prefixes()

        for prefix in prefixes:
            if id.startswith(prefix + '_'):
                raise Exception(prefix +
                                '_ is a reserved Prefix. You can\'t use it!')

        if ValueMapper.canonicalize_for_id(id) != id:
            raise Exception(
                'Id\'s can only contains letters (a-z,A-Z), numbers (0-9) and underscore (_)'
            )
示例#2
0
 def get_default_access_check(self, service_baseid, server, domain):
     base_id = service_baseid + '_' + server.get_id() + '_' + ValueMapper.canonicalize_for_id(domain)
     return {
         'ipv4': ConfigBuilder.get_check('web_access_default_ipv4_' + base_id),
         'ipv6': ConfigBuilder.get_check('web_access_default_ipv6_' + base_id)
     }
示例#3
0
    def apply(self):
        for config in self.__vhostconfigs:
            service_baseid = config[0]
            domain = config[1]
            uri = config[2]

            for server in self.get_servers():
                for checkserver in self.get_checkservers():
                    base_id = service_baseid + '_' + server.get_id() + '_' + ValueMapper.canonicalize_for_id(domain)
                    server_ipv4 = server.get_ipv4()
                    server_ipv6 = server.get_ipv6()

                    if None is server_ipv4 and None is server_ipv6:
                        raise Exception('It is required to set the ipv4 or ipv6 on the server with id "' +
                                        server.get_id() + '", before you can apply this checks!')

                    server.add_hostgroup(HostGroup.create('Webserver'))

                    default_ipv4_http_check = None
                    default_ipv6_http_check = None
                    if None is not server_ipv4:
                        default_ipv4_http_check = CheckHttp.create('web_access_default_ipv4_' + base_id)
                        default_ipv4_http_check.set_ip(server_ipv4) \
                            .set_vhost(domain) \
                            .set_uri(uri) \
                            .set_ssl(True) \
                            .set_sni(self.__sni) \
                            .set_display_name(default_ipv4_http_check.get_display_name() + ' ' + domain)
                        self.apply_check(default_ipv4_http_check, server, checkserver)

                    if None is not server_ipv6:
                        default_ipv6_http_check = CheckHttp.create('web_access_default_ipv6_' + base_id)
                        default_ipv6_http_check.set_ip(server_ipv6) \
                            .set_ipv6(True) \
                            .set_vhost(domain) \
                            .set_uri(uri) \
                            .set_ssl(True) \
                            .set_sni(self.__sni) \
                            .set_display_name(default_ipv6_http_check.get_display_name() + ' ' + domain)
                        self.apply_check(default_ipv6_http_check, server, checkserver)

                    if None == default_ipv4_http_check and None == default_ipv6_http_check:
                        raise Exception('Server "' + server.get_id()
                                        + '" has no IPv4 and no IPv6 address set. Can\'t go further right now.')

                    if True is self.__validate_certificate:
                        if None is not server_ipv4:
                            certificate_check = CheckHttp.create('web_access_certificate_ipv4_' + base_id)
                            certificate_check.set_ip(server_ipv4) \
                                .set_vhost(domain) \
                                .set_uri(uri) \
                                .set_ssl(True) \
                                .set_sni(self.__sni) \
                                .set_certificate_check(True) \
                                .set_check_interval('15m') \
                                .add_service_group(ServiceGroup.create('certificate_check')) \
                                .set_display_name(certificate_check.get_display_name() + ' ' + domain)

                            self.apply_check(certificate_check, server, checkserver, default_ipv4_http_check)

                        if None is not server_ipv6:
                            certificate_check = CheckHttp.create('web_access_certificate_ipv6_' + base_id)
                            certificate_check.set_ip(server_ipv6) \
                                .set_ipv6(True) \
                                .set_vhost(domain) \
                                .set_uri(uri) \
                                .set_ssl(True) \
                                .set_sni(self.__sni) \
                                .set_certificate_check(True) \
                                .set_check_interval('15m') \
                                .add_service_group(ServiceGroup.create('certificate_check')) \
                                .set_display_name(certificate_check.get_display_name() + ' ' + domain)

                            self.apply_check(certificate_check, server, checkserver, default_ipv6_http_check)

                    else:
                        server.add_hostgroup(HostGroup.create('no_certificate_check'))

                    if True is self.__validate_http_redirect:
                        if None is not server_ipv4:
                            redirect_check = CheckHttp.create('web_access_http_redirect_ipv4_' + base_id)
                            redirect_check.set_ip(server_ipv4) \
                                .set_vhost(domain) \
                                .set_uri(uri) \
                                .set_ssl(False) \
                                .set_sni(self.__sni) \
                                .set_port(80) \
                                .set_expect('HTTP/1.1 30') \
                                .set_check_interval('15m') \
                                .add_service_group(ServiceGroup.create('http_redirect')) \
                                .set_display_name(redirect_check.get_display_name() + ' ' + domain)

                            self.apply_check(redirect_check, server, checkserver, default_ipv4_http_check)

                        if None is not server_ipv6:
                            redirect_check = CheckHttp.create('web_access_http_redirect_ipv6_' + base_id)
                            redirect_check.set_ip(server_ipv6) \
                                .set_ipv6(True) \
                                .set_vhost(domain) \
                                .set_uri(uri) \
                                .set_ssl(False) \
                                .set_sni(self.__sni) \
                                .set_port(80) \
                                .set_expect('HTTP/1.1 30') \
                                .set_check_interval('15m') \
                                .add_service_group(ServiceGroup.create('http_redirect')) \
                                .set_display_name(redirect_check.get_display_name() + ' ' + domain)

                            self.apply_check(redirect_check, server, checkserver, default_ipv6_http_check)

                        server.add_hostgroup(HostGroup.create('http_redirect'))

                    elif True is self.__warn_no_http_redirect:
                        redirect_check = CheckDummy.create('web_access_missing_http_redirect_' + base_id)
                        redirect_check.set_state(1) \
                            .set_text(redirect_check.get_display_name() + ' ' + domain) \
                            .set_check_interval('15m') \
                            .add_service_group(ServiceGroup.create('missing_http_redirect_check')) \
                            .add_service_group(ServiceGroup.create('Webserver')) \
                            .set_display_name(redirect_check.get_display_name() + ' ' + domain)

                        self.apply_check(redirect_check, server, checkserver)
                        server.add_hostgroup(HostGroup.create('no_http_redirect'))

                    else:
                        server.add_hostgroup(HostGroup.create('http_redirect_unchecked'))

                    self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain,
                                       server, checkserver, server_ipv4, server_ipv6, uri, '1.0',
                                       self.__validate_allow_tls1, self.__validate_deny_tls1, True)

                    self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain,
                                       server, checkserver, server_ipv4, server_ipv6, uri, '1.1',
                                       self.__validate_allow_tls1_1, self.__validate_deny_tls1_1, True)

                    self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain,
                                       server, checkserver, server_ipv4, server_ipv6, uri, '1.2',
                                       self.__validate_allow_tls1_2, self.__validate_deny_tls1_2, False)

                    self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain,
                                       server, checkserver, server_ipv4, server_ipv6, uri, '1.3',
                                       self.__validate_allow_tls1_3, self.__validate_deny_tls1_3, False)
    def apply(self):
        if self.__inherit:
            DefaultWebserverChecks.apply(self)

        for config in DefaultWordpressChecks.get_vhostconfigs(self):
            service_baseid = config[0]
            domain = config[1]

            for server in DefaultWebserverChecks.get_servers(self):
                for checkserver in DefaultWebserverChecks.get_checkservers(
                        self):
                    server.add_hostgroup(HostGroup.create('wordpress'))
                    base_id = service_baseid + '_' + server.get_id(
                    ) + '_' + ValueMapper.canonicalize_for_id(
                        domain) + '_' + checkserver.get_id()

                    if True is self.__validate_deny_license:
                        self.create_wp_check('license', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/license.txt')
                    if True is self.__validate_deny_readme:
                        self.create_wp_check('readme', service_baseid, base_id,
                                             server, checkserver, domain,
                                             '/readme.html')
                    if True is self.__validate_deny_wp_admin:
                        self.create_wp_check('wp_admin', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-admin/')
                    if True is self.__validate_deny_wp_content:
                        self.create_wp_check('wp_includes', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-includes/')
                    if True is self.__validate_deny_wp_content:
                        self.create_wp_check('wp_content', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-content/')
                    if True is self.__validate_deny_wp_login:
                        self.create_wp_check('wp_login', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-login.php')
                    if True is self.__validate_deny_wp_cron:
                        self.create_wp_check('wp_cron', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-cron.php')
                    if True is self.__validate_deny_wp_load:
                        self.create_wp_check('wp_load', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-load.php')
                    if True is self.__validate_deny_wp_mail:
                        self.create_wp_check('wp_mail', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-mail.php')
                    if True is self.__validate_deny_wp_signup:
                        self.create_wp_check('wp_signup', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-signup.php')
                    if True is self.__validate_deny_wp_trackback:
                        self.create_wp_check('wp_trackback', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-trackback.php')
                    if True is self.__validate_deny_wp_xmlrpc:
                        self.create_wp_check('wp_xmlrpc', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/xmlrpc.php')
                    if True is self.__validate_deny_wp_config:
                        self.create_wp_check('wp_config', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-config.php')
                    if True is self.__validate_deny_wp_config_sample:
                        self.create_wp_check('wp_config_sample',
                                             service_baseid, base_id, server,
                                             checkserver, domain,
                                             '/wp-config-sample.php')
                    if True is self.__validate_deny_wp_blog_header:
                        self.create_wp_check('wp_blog_header', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-blog-header.php')
                    if True is self.__validate_deny_wp_activate:
                        self.create_wp_check('wp_activate', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-activate.php')
                    if True is self.__validate_deny_wp_links_opml:
                        self.create_wp_check('wp_links_opml', service_baseid,
                                             base_id, server, checkserver,
                                             domain, '/wp-links-opml.php')