def validate_id(id): prefixes = ValueChecker.get_prefixes() for prefix in prefixes: if id.startswith(prefix + '_'): raise Exception(prefix + '_ is a reserved Prefix. You can\'t use it!') if ValueMapper.canonicalize_for_id(id) != id: raise Exception( 'Id\'s can only contains letters (a-z,A-Z), numbers (0-9) and underscore (_)' )
def get_default_access_check(self, service_baseid, server, domain): base_id = service_baseid + '_' + server.get_id() + '_' + ValueMapper.canonicalize_for_id(domain) return { 'ipv4': ConfigBuilder.get_check('web_access_default_ipv4_' + base_id), 'ipv6': ConfigBuilder.get_check('web_access_default_ipv6_' + base_id) }
def apply(self): for config in self.__vhostconfigs: service_baseid = config[0] domain = config[1] uri = config[2] for server in self.get_servers(): for checkserver in self.get_checkservers(): base_id = service_baseid + '_' + server.get_id() + '_' + ValueMapper.canonicalize_for_id(domain) server_ipv4 = server.get_ipv4() server_ipv6 = server.get_ipv6() if None is server_ipv4 and None is server_ipv6: raise Exception('It is required to set the ipv4 or ipv6 on the server with id "' + server.get_id() + '", before you can apply this checks!') server.add_hostgroup(HostGroup.create('Webserver')) default_ipv4_http_check = None default_ipv6_http_check = None if None is not server_ipv4: default_ipv4_http_check = CheckHttp.create('web_access_default_ipv4_' + base_id) default_ipv4_http_check.set_ip(server_ipv4) \ .set_vhost(domain) \ .set_uri(uri) \ .set_ssl(True) \ .set_sni(self.__sni) \ .set_display_name(default_ipv4_http_check.get_display_name() + ' ' + domain) self.apply_check(default_ipv4_http_check, server, checkserver) if None is not server_ipv6: default_ipv6_http_check = CheckHttp.create('web_access_default_ipv6_' + base_id) default_ipv6_http_check.set_ip(server_ipv6) \ .set_ipv6(True) \ .set_vhost(domain) \ .set_uri(uri) \ .set_ssl(True) \ .set_sni(self.__sni) \ .set_display_name(default_ipv6_http_check.get_display_name() + ' ' + domain) self.apply_check(default_ipv6_http_check, server, checkserver) if None == default_ipv4_http_check and None == default_ipv6_http_check: raise Exception('Server "' + server.get_id() + '" has no IPv4 and no IPv6 address set. Can\'t go further right now.') if True is self.__validate_certificate: if None is not server_ipv4: certificate_check = CheckHttp.create('web_access_certificate_ipv4_' + base_id) certificate_check.set_ip(server_ipv4) \ .set_vhost(domain) \ .set_uri(uri) \ .set_ssl(True) \ .set_sni(self.__sni) \ .set_certificate_check(True) \ .set_check_interval('15m') \ .add_service_group(ServiceGroup.create('certificate_check')) \ .set_display_name(certificate_check.get_display_name() + ' ' + domain) self.apply_check(certificate_check, server, checkserver, default_ipv4_http_check) if None is not server_ipv6: certificate_check = CheckHttp.create('web_access_certificate_ipv6_' + base_id) certificate_check.set_ip(server_ipv6) \ .set_ipv6(True) \ .set_vhost(domain) \ .set_uri(uri) \ .set_ssl(True) \ .set_sni(self.__sni) \ .set_certificate_check(True) \ .set_check_interval('15m') \ .add_service_group(ServiceGroup.create('certificate_check')) \ .set_display_name(certificate_check.get_display_name() + ' ' + domain) self.apply_check(certificate_check, server, checkserver, default_ipv6_http_check) else: server.add_hostgroup(HostGroup.create('no_certificate_check')) if True is self.__validate_http_redirect: if None is not server_ipv4: redirect_check = CheckHttp.create('web_access_http_redirect_ipv4_' + base_id) redirect_check.set_ip(server_ipv4) \ .set_vhost(domain) \ .set_uri(uri) \ .set_ssl(False) \ .set_sni(self.__sni) \ .set_port(80) \ .set_expect('HTTP/1.1 30') \ .set_check_interval('15m') \ .add_service_group(ServiceGroup.create('http_redirect')) \ .set_display_name(redirect_check.get_display_name() + ' ' + domain) self.apply_check(redirect_check, server, checkserver, default_ipv4_http_check) if None is not server_ipv6: redirect_check = CheckHttp.create('web_access_http_redirect_ipv6_' + base_id) redirect_check.set_ip(server_ipv6) \ .set_ipv6(True) \ .set_vhost(domain) \ .set_uri(uri) \ .set_ssl(False) \ .set_sni(self.__sni) \ .set_port(80) \ .set_expect('HTTP/1.1 30') \ .set_check_interval('15m') \ .add_service_group(ServiceGroup.create('http_redirect')) \ .set_display_name(redirect_check.get_display_name() + ' ' + domain) self.apply_check(redirect_check, server, checkserver, default_ipv6_http_check) server.add_hostgroup(HostGroup.create('http_redirect')) elif True is self.__warn_no_http_redirect: redirect_check = CheckDummy.create('web_access_missing_http_redirect_' + base_id) redirect_check.set_state(1) \ .set_text(redirect_check.get_display_name() + ' ' + domain) \ .set_check_interval('15m') \ .add_service_group(ServiceGroup.create('missing_http_redirect_check')) \ .add_service_group(ServiceGroup.create('Webserver')) \ .set_display_name(redirect_check.get_display_name() + ' ' + domain) self.apply_check(redirect_check, server, checkserver) server.add_hostgroup(HostGroup.create('no_http_redirect')) else: server.add_hostgroup(HostGroup.create('http_redirect_unchecked')) self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain, server, checkserver, server_ipv4, server_ipv6, uri, '1.0', self.__validate_allow_tls1, self.__validate_deny_tls1, True) self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain, server, checkserver, server_ipv4, server_ipv6, uri, '1.1', self.__validate_allow_tls1_1, self.__validate_deny_tls1_1, True) self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain, server, checkserver, server_ipv4, server_ipv6, uri, '1.2', self.__validate_allow_tls1_2, self.__validate_deny_tls1_2, False) self.add_tls_check(base_id, default_ipv4_http_check, default_ipv6_http_check, domain, server, checkserver, server_ipv4, server_ipv6, uri, '1.3', self.__validate_allow_tls1_3, self.__validate_deny_tls1_3, False)
def apply(self): if self.__inherit: DefaultWebserverChecks.apply(self) for config in DefaultWordpressChecks.get_vhostconfigs(self): service_baseid = config[0] domain = config[1] for server in DefaultWebserverChecks.get_servers(self): for checkserver in DefaultWebserverChecks.get_checkservers( self): server.add_hostgroup(HostGroup.create('wordpress')) base_id = service_baseid + '_' + server.get_id( ) + '_' + ValueMapper.canonicalize_for_id( domain) + '_' + checkserver.get_id() if True is self.__validate_deny_license: self.create_wp_check('license', service_baseid, base_id, server, checkserver, domain, '/license.txt') if True is self.__validate_deny_readme: self.create_wp_check('readme', service_baseid, base_id, server, checkserver, domain, '/readme.html') if True is self.__validate_deny_wp_admin: self.create_wp_check('wp_admin', service_baseid, base_id, server, checkserver, domain, '/wp-admin/') if True is self.__validate_deny_wp_content: self.create_wp_check('wp_includes', service_baseid, base_id, server, checkserver, domain, '/wp-includes/') if True is self.__validate_deny_wp_content: self.create_wp_check('wp_content', service_baseid, base_id, server, checkserver, domain, '/wp-content/') if True is self.__validate_deny_wp_login: self.create_wp_check('wp_login', service_baseid, base_id, server, checkserver, domain, '/wp-login.php') if True is self.__validate_deny_wp_cron: self.create_wp_check('wp_cron', service_baseid, base_id, server, checkserver, domain, '/wp-cron.php') if True is self.__validate_deny_wp_load: self.create_wp_check('wp_load', service_baseid, base_id, server, checkserver, domain, '/wp-load.php') if True is self.__validate_deny_wp_mail: self.create_wp_check('wp_mail', service_baseid, base_id, server, checkserver, domain, '/wp-mail.php') if True is self.__validate_deny_wp_signup: self.create_wp_check('wp_signup', service_baseid, base_id, server, checkserver, domain, '/wp-signup.php') if True is self.__validate_deny_wp_trackback: self.create_wp_check('wp_trackback', service_baseid, base_id, server, checkserver, domain, '/wp-trackback.php') if True is self.__validate_deny_wp_xmlrpc: self.create_wp_check('wp_xmlrpc', service_baseid, base_id, server, checkserver, domain, '/xmlrpc.php') if True is self.__validate_deny_wp_config: self.create_wp_check('wp_config', service_baseid, base_id, server, checkserver, domain, '/wp-config.php') if True is self.__validate_deny_wp_config_sample: self.create_wp_check('wp_config_sample', service_baseid, base_id, server, checkserver, domain, '/wp-config-sample.php') if True is self.__validate_deny_wp_blog_header: self.create_wp_check('wp_blog_header', service_baseid, base_id, server, checkserver, domain, '/wp-blog-header.php') if True is self.__validate_deny_wp_activate: self.create_wp_check('wp_activate', service_baseid, base_id, server, checkserver, domain, '/wp-activate.php') if True is self.__validate_deny_wp_links_opml: self.create_wp_check('wp_links_opml', service_baseid, base_id, server, checkserver, domain, '/wp-links-opml.php')