commit
27bbeeca80
Binary file not shown.
@ -5,7 +5,7 @@
|
|||||||
* Purpose: Represents a checklist that links a PDI and software package
|
* Purpose: Represents a checklist that links a PDI and software package
|
||||||
* Created: Sep 12, 2013
|
* Created: Sep 12, 2013
|
||||||
*
|
*
|
||||||
* Portions Copyright 2017: Cyber Perspectives, All rights reserved
|
* Portions Copyright 2017-2019: CyberPerspectives, LLC, All rights reserved
|
||||||
* Released under the Apache v2.0 License
|
* Released under the Apache v2.0 License
|
||||||
*
|
*
|
||||||
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
|
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
|
||||||
@ -406,7 +406,7 @@ class checklist
|
|||||||
case (preg_match("/Dot Net|DotNet/i", $this->name) ? true : false):
|
case (preg_match("/Dot Net|DotNet/i", $this->name) ? true : false):
|
||||||
$this->icon = 'Microsoft .NET.png';
|
$this->icon = 'Microsoft .NET.png';
|
||||||
break;
|
break;
|
||||||
case (preg_match("/Internet Explorer/i", $this->name) ? true : false):
|
case (preg_match("/Internet Explorer|Microsoft IE/i", $this->name) ? true : false):
|
||||||
$this->icon = 'Internet Explorer.png';
|
$this->icon = 'Internet Explorer.png';
|
||||||
break;
|
break;
|
||||||
case (preg_match("/Windows Phone/i", $this->name) ? true : false):
|
case (preg_match("/Windows Phone/i", $this->name) ? true : false):
|
||||||
@ -452,7 +452,7 @@ class checklist
|
|||||||
case (preg_match("/Red ?Hat/i", $this->name) ? true : false):
|
case (preg_match("/Red ?Hat/i", $this->name) ? true : false):
|
||||||
$this->icon = 'RedHat Linux.jpg';
|
$this->icon = 'RedHat Linux.jpg';
|
||||||
break;
|
break;
|
||||||
case (preg_match("/SUSE Linux/i", $this->name) ? true : false):
|
case (preg_match("/SUSE Linux|SLES/i", $this->name) ? true : false):
|
||||||
$this->icon = 'SUSE Linux.png';
|
$this->icon = 'SUSE Linux.png';
|
||||||
break;
|
break;
|
||||||
case (preg_match("/Solaris/i", $this->name) ? true : false):
|
case (preg_match("/Solaris/i", $this->name) ? true : false):
|
||||||
@ -461,6 +461,9 @@ class checklist
|
|||||||
case (preg_match("/Storage Area/i", $this->name) ? true : false):
|
case (preg_match("/Storage Area/i", $this->name) ? true : false):
|
||||||
$this->icon = 'Storage Area Network.gif';
|
$this->icon = 'Storage Area Network.gif';
|
||||||
break;
|
break;
|
||||||
|
case (preg_match("/Ubuntu/i", $this->name) ? true : false):
|
||||||
|
$this->icon = 'Ubuntu.png';
|
||||||
|
break;
|
||||||
case (preg_match("/z\/OS/i", $this->name) ? true : false):
|
case (preg_match("/z\/OS/i", $this->name) ? true : false):
|
||||||
$this->icon = 'ZOS.jpg';
|
$this->icon = 'ZOS.jpg';
|
||||||
break;
|
break;
|
||||||
|
@ -595,7 +595,7 @@ class software {
|
|||||||
|
|
||||||
if ($regex2['name_match']) {
|
if ($regex2['name_match']) {
|
||||||
foreach (explode(",", $regex2['name_match']) as $idx) {
|
foreach (explode(",", $regex2['name_match']) as $idx) {
|
||||||
if (isset($match[$idx])) {
|
if (isset($match[$idx]) && $match[$idx]) {
|
||||||
$sw['name'] .= " " . $match[$idx];
|
$sw['name'] .= " " . $match[$idx];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -603,7 +603,7 @@ class software {
|
|||||||
|
|
||||||
if ($regex2['ver_match']) {
|
if ($regex2['ver_match']) {
|
||||||
foreach (explode(",", $regex2['ver_match']) as $idx) {
|
foreach (explode(",", $regex2['ver_match']) as $idx) {
|
||||||
if (isset($match[$idx])) {
|
if (isset($match[$idx]) && $match[$idx]) {
|
||||||
$sw['ver'] .= $match[$idx] . " ";
|
$sw['ver'] .= $match[$idx] . " ";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
10
config.inc
10
config.inc
@ -16,6 +16,7 @@
|
|||||||
* - May 24, 2018 - Updated constants for 1.3.2 release
|
* - May 24, 2018 - Updated constants for 1.3.2 release
|
||||||
* - Jun 2, 2018 - Added new STIG_EXCLUSIONS constant to permanently exclude STIGs
|
* - Jun 2, 2018 - Added new STIG_EXCLUSIONS constant to permanently exclude STIGs
|
||||||
* - Aug 28, 2018 - Updated constants for 1.3.3 release
|
* - Aug 28, 2018 - Updated constants for 1.3.3 release
|
||||||
|
* - Jan 15, 2019 - Updated constants for 1.3.4 release
|
||||||
*/
|
*/
|
||||||
// @new
|
// @new
|
||||||
/**
|
/**
|
||||||
@ -31,7 +32,7 @@ define('DOC_ROOT', '{DOC_ROOT}');
|
|||||||
define('PWD_FILE', '{PWD_FILE}');
|
define('PWD_FILE', '{PWD_FILE}');
|
||||||
define('TMP', '{TMP_PATH}');
|
define('TMP', '{TMP_PATH}');
|
||||||
define('VER', '1.3.4');
|
define('VER', '1.3.4');
|
||||||
define('REL_DATE', '2018-11-30');
|
define('REL_DATE', '2019-01-15');
|
||||||
define('LOG_LEVEL', '{E_ERROR}');
|
define('LOG_LEVEL', '{E_ERROR}');
|
||||||
define('LOG_PATH', '{LOG_PATH}');
|
define('LOG_PATH', '{LOG_PATH}');
|
||||||
define('SALT', '{SALT}');
|
define('SALT', '{SALT}');
|
||||||
@ -281,6 +282,13 @@ define('PDI_CATALOG', 'PDI_CATALOG');
|
|||||||
*/
|
*/
|
||||||
define('ECHECKLIST_CSV', 'ECHECKLIST_CSV');
|
define('ECHECKLIST_CSV', 'ECHECKLIST_CSV');
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constant for a CSV host list
|
||||||
|
*
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
|
define('HOST_LIST', 'HOST_LIST');
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constant for unsupported retina CSV file format
|
* Constant for unsupported retina CSV file format
|
||||||
*
|
*
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
* Purpose: To parse a STIG file
|
* Purpose: To parse a STIG file
|
||||||
* Created: Jul 9, 2014
|
* Created: Jul 9, 2014
|
||||||
*
|
*
|
||||||
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
|
* Portions Copyright 2016-2019: CyberPerspectives, LLC, All rights reserved
|
||||||
* Released under the Apache v2.0 License
|
* Released under the Apache v2.0 License
|
||||||
*
|
*
|
||||||
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
|
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
|
||||||
@ -31,7 +31,12 @@
|
|||||||
* - Dec 27, 2017 - Added up date for load date
|
* - Dec 27, 2017 - Added up date for load date
|
||||||
* - May 10, 2018 - Starting to migrate logging and fixed install status bar issues (#403)
|
* - May 10, 2018 - Starting to migrate logging and fixed install status bar issues (#403)
|
||||||
*/
|
*/
|
||||||
$cmd = getopt("f:", ['debug::', 'ia_reset::', 'draft::', 'help::']);
|
$cmd = getopt("f:", [
|
||||||
|
'debug::',
|
||||||
|
'ia_reset::',
|
||||||
|
'draft::',
|
||||||
|
'help::'
|
||||||
|
]);
|
||||||
|
|
||||||
if (! isset($cmd['f']) || isset($cmd['help'])) {
|
if (! isset($cmd['f']) || isset($cmd['help'])) {
|
||||||
die(usage());
|
die(usage());
|
||||||
@ -50,9 +55,9 @@ use Monolog\Formatter\LineFormatter;
|
|||||||
$stream = new StreamHandler("php://output", Logger::INFO);
|
$stream = new StreamHandler("php://output", Logger::INFO);
|
||||||
$stream->setFormatter(new LineFormatter("%datetime% %level_name% %message%", "H:i:s.u"));
|
$stream->setFormatter(new LineFormatter("%datetime% %level_name% %message%", "H:i:s.u"));
|
||||||
/*
|
/*
|
||||||
$log = new Logger("parse_stig");
|
* $log = new Logger("parse_stig");
|
||||||
$log->pushHandler(new StreamHandler(LOG_PATH . "/" . basename($cmd['f']) . ".log", LOG_LEVEL));
|
* $log->pushHandler(new StreamHandler(LOG_PATH . "/" . basename($cmd['f']) . ".log", LOG_LEVEL));
|
||||||
$log->pushHandler($stream);
|
* $log->pushHandler($stream);
|
||||||
*/
|
*/
|
||||||
|
|
||||||
chdir(DOC_ROOT . "/exec");
|
chdir(DOC_ROOT . "/exec");
|
||||||
@ -62,8 +67,7 @@ $start = new DateTime();
|
|||||||
// Check to make sure file argument exists and is an XCCDF file
|
// Check to make sure file argument exists and is an XCCDF file
|
||||||
if (! file_exists($cmd['f'])) {
|
if (! file_exists($cmd['f'])) {
|
||||||
Sagacity_Error::err_handler("XML file not found {$cmd['f']}", E_ERROR);
|
Sagacity_Error::err_handler("XML file not found {$cmd['f']}", E_ERROR);
|
||||||
}
|
} elseif (strpos(strtolower($cmd['f']), "xccdf") === false) {
|
||||||
elseif (strpos(strtolower($cmd['f']), "xccdf") === false) {
|
|
||||||
Sagacity_Error::err_handler("Only compatible with XCCDF file formats", E_ERROR);
|
Sagacity_Error::err_handler("Only compatible with XCCDF file formats", E_ERROR);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -73,7 +77,11 @@ check_path(DOC_ROOT . "/reference/stigs");
|
|||||||
// open db connection
|
// open db connection
|
||||||
$db = new db();
|
$db = new db();
|
||||||
|
|
||||||
$content = str_replace(["’", "–", "“", "â€"], ["'", "-", '"', '"'], file_get_contents($cmd['f']));
|
$content = str_replace([
|
||||||
|
"’", "–", "“", "â€"
|
||||||
|
], [
|
||||||
|
"'", "-", '"', '"'
|
||||||
|
], file_get_contents($cmd['f']));
|
||||||
file_put_contents($cmd['f'], $content);
|
file_put_contents($cmd['f'], $content);
|
||||||
|
|
||||||
// open xml file
|
// open xml file
|
||||||
@ -97,8 +105,13 @@ if (!$exists) {
|
|||||||
$db->add_Catalog_Script($base_name);
|
$db->add_Catalog_Script($base_name);
|
||||||
}
|
}
|
||||||
|
|
||||||
$db->update_Catalog_Script($base_name, ['name' => 'pid', 'value' => getmypid()]);
|
$db->update_Catalog_Script($base_name, [
|
||||||
$db->help->update("sagacity.settings", ['meta_value' => new DateTime()], [
|
'name' => 'pid',
|
||||||
|
'value' => getmypid()
|
||||||
|
]);
|
||||||
|
$db->help->update("sagacity.settings", [
|
||||||
|
'meta_value' => new DateTime()
|
||||||
|
], [
|
||||||
[
|
[
|
||||||
'field' => 'meta_key',
|
'field' => 'meta_key',
|
||||||
'op' => '=',
|
'op' => '=',
|
||||||
@ -127,7 +140,18 @@ if (is_array($regex_arr) && !count($regex_arr)) {
|
|||||||
$csv_file = substr($cmd['f'], 0, - 3) . "csv";
|
$csv_file = substr($cmd['f'], 0, - 3) . "csv";
|
||||||
$csv = fopen($csv_file, "w");
|
$csv = fopen($csv_file, "w");
|
||||||
|
|
||||||
fputcsv($csv, ["STIG_ID", "VMS_ID", "CAT", "IA_Controls", "Short_Title", "Status", "Notes", "Check_Contents", "SV_Rule_ID", "Oval_ID"]);
|
fputcsv($csv, [
|
||||||
|
"STIG_ID",
|
||||||
|
"VMS_ID",
|
||||||
|
"CAT",
|
||||||
|
"IA_Controls",
|
||||||
|
"Short_Title",
|
||||||
|
"Status",
|
||||||
|
"Notes",
|
||||||
|
"Check_Contents",
|
||||||
|
"SV_Rule_ID",
|
||||||
|
"Oval_ID"
|
||||||
|
]);
|
||||||
|
|
||||||
// get checklist data
|
// get checklist data
|
||||||
$checklist = [];
|
$checklist = [];
|
||||||
@ -137,7 +161,10 @@ $checklist['status'] = getValue($xml, "/x:Benchmark/x:status");
|
|||||||
// Skip draft STIGs if debug flag is not set. @Ryan: Shouldn't this be checking the draft flag instead of debug?
|
// Skip draft STIGs if debug flag is not set. @Ryan: Shouldn't this be checking the draft flag instead of debug?
|
||||||
if (! isset($cmd['draft'])) {
|
if (! isset($cmd['draft'])) {
|
||||||
if (strtolower($checklist['status']) == 'draft') {
|
if (strtolower($checklist['status']) == 'draft') {
|
||||||
$db->update_Catalog_Script($base_name, ["name" => "status", "value" => "SKIPPED"]);
|
$db->update_Catalog_Script($base_name, [
|
||||||
|
"name" => "status",
|
||||||
|
"value" => "SKIPPED"
|
||||||
|
]);
|
||||||
fclose($csv);
|
fclose($csv);
|
||||||
unset($xml);
|
unset($xml);
|
||||||
unlink($cmd['f']);
|
unlink($cmd['f']);
|
||||||
@ -179,31 +206,25 @@ if (isset($cmd['debug'])) {
|
|||||||
|
|
||||||
foreach ($sw_arr as $key => $sw) {
|
foreach ($sw_arr as $key => $sw) {
|
||||||
do {
|
do {
|
||||||
$cpe = "cpe:/" . ($sw->is_OS() ? "o" : "a") . ":{$sw->get_Man()}:{$sw->get_Name()}" .
|
$cpe = "cpe:/" . ($sw->is_OS() ? "o" : "a") . ":{$sw->get_Man()}:{$sw->get_Name()}" . ($sw->get_Version() != '-' ? ":{$sw->get_Version()}" : "");
|
||||||
($sw->get_Version() != '-' ? ":{$sw->get_Version()}" : "");
|
$cpe = str_replace([" ", "(", ")"], ["_", "%28","%29"], strtolower($cpe));
|
||||||
$cpe = str_replace(
|
|
||||||
[" ", "(", ")"], ["_", "%28", "%29"], strtolower($cpe)
|
|
||||||
);
|
|
||||||
|
|
||||||
$db_sw = $db->get_Software($cpe);
|
$db_sw = $db->get_Software($cpe);
|
||||||
|
|
||||||
if (! count($db_sw) && ! count($checklist['software'])) {
|
if (! count($db_sw) && ! count($checklist['software'])) {
|
||||||
$sw->reduce_CPE();
|
$sw->reduce_CPE();
|
||||||
}
|
} elseif (is_array($db_sw) && count($db_sw) == 1 && $db_sw[0]->get_Version() == '-' && ! preg_match("/generic/", $sw->get_CPE())) {
|
||||||
elseif (is_array($db_sw) && count($db_sw) == 1 && $db_sw[0]->get_Version() == '-' && !preg_match("/generic/", $sw->get_CPE())) {
|
|
||||||
$checklist['software'] = array_merge($checklist['software'], $db_sw);
|
$checklist['software'] = array_merge($checklist['software'], $db_sw);
|
||||||
$sw->reduce_CPE();
|
$sw->reduce_CPE();
|
||||||
$db_sw = [];
|
$db_sw = [];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (isset($cmd['debug'])) {
|
if (isset($cmd['debug'])) {
|
||||||
$log->script_log("$cpe found " . count($db_sw), E_DEBUG);
|
$log->script_log("$cpe found " . count($db_sw), E_DEBUG);
|
||||||
}
|
}
|
||||||
}
|
} while (! count($db_sw));
|
||||||
while (!count($db_sw));
|
|
||||||
|
|
||||||
$checklist['software'] = array_merge($checklist['software'], $db_sw);
|
$checklist['software'] = array_merge($checklist['software'], $db_sw);
|
||||||
}
|
}
|
||||||
@ -218,16 +239,14 @@ $match = [];
|
|||||||
|
|
||||||
if (preg_match('/Release: (\d+\.\d+|\d+)/', $checklist['plain_text'], $match)) {
|
if (preg_match('/Release: (\d+\.\d+|\d+)/', $checklist['plain_text'], $match)) {
|
||||||
$checklist['rel'] = $match[1];
|
$checklist['rel'] = $match[1];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$checklist['rel'] = '';
|
$checklist['rel'] = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the date of the benchmark in the 'plain-text' element or set to 'status-date' if match fails
|
// Get the date of the benchmark in the 'plain-text' element or set to 'status-date' if match fails
|
||||||
if (preg_match('/Benchmark Date: (.*)$/', $checklist['plain_text'], $match)) {
|
if (preg_match('/Benchmark Date: (.*)$/', $checklist['plain_text'], $match)) {
|
||||||
$checklist['benchmark_date'] = new DateTime($match[1]);
|
$checklist['benchmark_date'] = new DateTime($match[1]);
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$checklist['benchmark_date'] = $checklist['status_date'];
|
$checklist['benchmark_date'] = $checklist['status_date'];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -244,26 +263,22 @@ $checklist['type'] = 'benchmark';
|
|||||||
|
|
||||||
if (preg_match('/IAVM/i', $base_name)) {
|
if (preg_match('/IAVM/i', $base_name)) {
|
||||||
$checklist['type'] = 'iavm';
|
$checklist['type'] = 'iavm';
|
||||||
}
|
} elseif (preg_match('/policy|srg/i', $base_name)) {
|
||||||
elseif (preg_match('/policy|srg/i', $base_name)) {
|
|
||||||
$checklist['type'] = 'policy';
|
$checklist['type'] = 'policy';
|
||||||
}
|
} elseif (preg_match('/manual/i', $base_name)) {
|
||||||
elseif (preg_match('/manual/i', $base_name)) {
|
|
||||||
$checklist['type'] = 'manual';
|
$checklist['type'] = 'manual';
|
||||||
}
|
}
|
||||||
|
|
||||||
// Capture version release in filename as sometimes it doesn't match the plain_text element
|
// Capture version release in filename as sometimes it doesn't match the plain_text element
|
||||||
if (preg_match('/V(\d+)R/', $base_name, $match)) {
|
if (preg_match('/V(\d+)R/', $base_name, $match)) {
|
||||||
$checklist['file_ver'] = $match[1];
|
$checklist['file_ver'] = $match[1];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$checklist['file_ver'] = 0;
|
$checklist['file_ver'] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (preg_match('/V\d+R(\d+|\d+\.\d+)/', $base_name, $match)) {
|
if (preg_match('/V\d+R(\d+|\d+\.\d+)/', $base_name, $match)) {
|
||||||
$checklist['file_rel'] = $match[1];
|
$checklist['file_rel'] = $match[1];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$checklist['file_rel'] = 0;
|
$checklist['file_rel'] = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -310,28 +325,23 @@ if ($chk) {
|
|||||||
if (count($chk) && is_a($chk[0], 'checklist')) {
|
if (count($chk) && is_a($chk[0], 'checklist')) {
|
||||||
$chk = $chk[0];
|
$chk = $chk[0];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** @var checklist $chk */
|
||||||
|
$chk->find_Icon();
|
||||||
|
|
||||||
// Update software products associated with this checklist
|
// Update software products associated with this checklist
|
||||||
$sw_arr = [];
|
|
||||||
foreach ($checklist['software'] as $sw) {
|
foreach ($checklist['software'] as $sw) {
|
||||||
$sw_arr[] = [$chk->get_ID(), $sw->get_ID()];
|
$chk->add_SW($sw);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (is_array($sw_arr) && count($sw_arr)) {
|
$db->save_Checklist($chk);
|
||||||
$db->help->extended_insert("sagacity.checklist_software_lookup", ['chk_id', 'sw_id'], $sw_arr, true);
|
|
||||||
if (!$db->help->execute()) {
|
|
||||||
$db->debug(E_WARNING);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (isset($cmd['debug'])) {
|
if (isset($cmd['debug'])) {
|
||||||
$log->script_log(print_r($chk, true), E_DEBUG);
|
$log->script_log(print_r($chk, true), E_DEBUG);
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
// If checklist is not found, add checklist to DB
|
// If checklist is not found, add checklist to DB
|
||||||
$chk = new checklist(
|
$chk = new checklist(null, $checklist['id'], $checklist['title'], $checklist['desc'], $checklist['status_date'], $base_name, $checklist['ver'], $checklist['rel'], ($checklist['type'] == 'iavm' ? 'IAVM' : ucfirst($checklist['type'])), null);
|
||||||
null, $checklist['id'], $checklist['title'], $checklist['desc'], $checklist['status_date'], $base_name, $checklist['ver'], $checklist['rel'], ($checklist['type'] == 'iavm' ? 'IAVM' : ucfirst($checklist['type'])), null
|
|
||||||
);
|
|
||||||
$chk->add_SW($checklist['software']);
|
$chk->add_SW($checklist['software']);
|
||||||
|
|
||||||
if (! ($chk->id = $db->save_Checklist($chk))) {
|
if (! ($chk->id = $db->save_Checklist($chk))) {
|
||||||
@ -351,7 +361,10 @@ $groups = getValue($xml, '/x:Benchmark/x:Group', null, true);
|
|||||||
|
|
||||||
$log->script_log("$groups->length STIGs to run", E_DEBUG);
|
$log->script_log("$groups->length STIGs to run", E_DEBUG);
|
||||||
|
|
||||||
$db->update_Catalog_Script($base_name, ['name' => 'stig_count', 'value' => $groups->length]);
|
$db->update_Catalog_Script($base_name, [
|
||||||
|
'name' => 'stig_count',
|
||||||
|
'value' => $groups->length
|
||||||
|
]);
|
||||||
|
|
||||||
print "File: $base_name" . PHP_EOL;
|
print "File: $base_name" . PHP_EOL;
|
||||||
print "Total: $groups->length" . PHP_EOL;
|
print "Total: $groups->length" . PHP_EOL;
|
||||||
@ -379,11 +392,9 @@ foreach ($groups as $group) {
|
|||||||
$cat = 0;
|
$cat = 0;
|
||||||
if ($group_rule->getAttribute('severity') == 'high') {
|
if ($group_rule->getAttribute('severity') == 'high') {
|
||||||
$cat = 1;
|
$cat = 1;
|
||||||
}
|
} elseif ($group_rule->getAttribute('severity') == 'medium') {
|
||||||
elseif ($group_rule->getAttribute('severity') == 'medium') {
|
|
||||||
$cat = 2;
|
$cat = 2;
|
||||||
}
|
} elseif ($group_rule->getAttribute('severity') == 'low') {
|
||||||
elseif ($group_rule->getAttribute('severity') == 'low') {
|
|
||||||
$cat = 3;
|
$cat = 3;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -397,8 +408,7 @@ foreach ($groups as $group) {
|
|||||||
$fix_text = getValue($xml, './/x:fixtext', $group_rule);
|
$fix_text = getValue($xml, './/x:fixtext', $group_rule);
|
||||||
if ($rule_check_ref->length) {
|
if ($rule_check_ref->length) {
|
||||||
$oval_id = $rule_check_ref->item(0)->getAttribute('name');
|
$oval_id = $rule_check_ref->item(0)->getAttribute('name');
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$oval_id = '';
|
$oval_id = '';
|
||||||
}
|
}
|
||||||
$match = [];
|
$match = [];
|
||||||
@ -431,8 +441,7 @@ foreach ($groups as $group) {
|
|||||||
if (! $rule_stig_id) {
|
if (! $rule_stig_id) {
|
||||||
if ($vms_id == 'V0001073' || $vms_id == 'V-1073') {
|
if ($vms_id == 'V0001073' || $vms_id == 'V-1073') {
|
||||||
$rule_stig_id = '2.005';
|
$rule_stig_id = '2.005';
|
||||||
}
|
} elseif ($vms_id == 'V0001103' || $vms_id == 'V-1103') {
|
||||||
elseif ($vms_id == 'V0001103' || $vms_id == 'V-1103') {
|
|
||||||
$rule_stig_id = '4.010';
|
$rule_stig_id = '4.010';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -505,8 +514,7 @@ foreach ($groups as $group) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$db->save_PDI($db_pdi, $chk);
|
$db->save_PDI($db_pdi, $chk);
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
print "*";
|
print "*";
|
||||||
// add pdi
|
// add pdi
|
||||||
$new_count ++;
|
$new_count ++;
|
||||||
@ -535,13 +543,17 @@ foreach ($groups as $group) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
if (!$db->save_Check_Contents($db_pdi, $chk, $rule_check_content, $fix_text)) {
|
* if (!$db->save_Check_Contents($db_pdi, $chk, $rule_check_content, $fix_text)) {
|
||||||
$log->script_log("Couldn't save check contents for STIG ID: {$db_stig->get_ID()} in checklist {$chk->get_Checklist_ID()} ({$chk->get_File_Name()})\n", E_ERROR);
|
* $log->script_log("Couldn't save check contents for STIG ID: {$db_stig->get_ID()} in checklist {$chk->get_Checklist_ID()} ({$chk->get_File_Name()})\n", E_ERROR);
|
||||||
}
|
* }
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$new_controls = [];
|
$new_controls = [];
|
||||||
$control_fields = ['pdi_id', 'type', 'type_id'];
|
$control_fields = [
|
||||||
|
'pdi_id',
|
||||||
|
'type',
|
||||||
|
'type_id'
|
||||||
|
];
|
||||||
|
|
||||||
if (preg_match("/<IAControls>(.*)<\/IAControls>/i", $rule_desc, $match)) {
|
if (preg_match("/<IAControls>(.*)<\/IAControls>/i", $rule_desc, $match)) {
|
||||||
$ia_controls = (isset($match[1]) && ! empty($match[1]) ? $match[1] : null);
|
$ia_controls = (isset($match[1]) && ! empty($match[1]) ? $match[1] : null);
|
||||||
@ -553,8 +565,7 @@ foreach ($groups as $group) {
|
|||||||
'1'
|
'1'
|
||||||
];
|
];
|
||||||
$ias[] = "VIVM-1";
|
$ias[] = "VIVM-1";
|
||||||
}
|
} elseif ($ia_controls) {
|
||||||
elseif ($ia_controls) {
|
|
||||||
$split_ias = preg_split('/\, ?/', $ia_controls);
|
$split_ias = preg_split('/\, ?/', $ia_controls);
|
||||||
|
|
||||||
foreach ($split_ias as $ia) {
|
foreach ($split_ias as $ia) {
|
||||||
@ -570,8 +581,7 @@ foreach ($groups as $group) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} elseif ($rule_ident->length) {
|
||||||
elseif ($rule_ident->length) {
|
|
||||||
for ($x = 0; $x < $rule_ident->length; $x ++) {
|
for ($x = 0; $x < $rule_ident->length; $x ++) {
|
||||||
if (substr($rule_ident->item($x)->textContent, 0, 3) == 'CCI') {
|
if (substr($rule_ident->item($x)->textContent, 0, 3) == 'CCI') {
|
||||||
$split_ia = explode("-", $rule_ident->item($x)->textContent);
|
$split_ia = explode("-", $rule_ident->item($x)->textContent);
|
||||||
@ -586,8 +596,7 @@ foreach ($groups as $group) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
if ($is_iavm) {
|
if ($is_iavm) {
|
||||||
$ias[] = "CCI-002613";
|
$ias[] = "CCI-002613";
|
||||||
$new_controls[] = [
|
$new_controls[] = [
|
||||||
@ -595,8 +604,7 @@ foreach ($groups as $group) {
|
|||||||
"CCI",
|
"CCI",
|
||||||
"002613"
|
"002613"
|
||||||
];
|
];
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
$ias[] = "CCI-000366";
|
$ias[] = "CCI-000366";
|
||||||
$new_controls[] = [
|
$new_controls[] = [
|
||||||
$pdi_id,
|
$pdi_id,
|
||||||
@ -627,7 +635,9 @@ foreach ($groups as $group) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
$sv = new sv_rule($pdi_id, $sv_rule);
|
$sv = new sv_rule($pdi_id, $sv_rule);
|
||||||
$db->save_SV_Rule(array(0 => $sv));
|
$db->save_SV_Rule(array(
|
||||||
|
0 => $sv
|
||||||
|
));
|
||||||
|
|
||||||
if ($rule_ident->length) {
|
if ($rule_ident->length) {
|
||||||
foreach ($rule_ident as $ident_node) {
|
foreach ($rule_ident as $ident_node) {
|
||||||
@ -643,15 +653,10 @@ foreach ($groups as $group) {
|
|||||||
if (substr($ref, 0, 3) == 'CVE' || substr($ref, 0, 3) == 'CAN') {
|
if (substr($ref, 0, 3) == 'CVE' || substr($ref, 0, 3) == 'CAN') {
|
||||||
$tmp[] = new cve($pdi_id, $ref);
|
$tmp[] = new cve($pdi_id, $ref);
|
||||||
$db->save_CVE($tmp);
|
$db->save_CVE($tmp);
|
||||||
}
|
} elseif (substr($ref, 0, 3) == 'CCE') {
|
||||||
elseif (substr($ref, 0, 3) == 'CCE') {
|
|
||||||
$tmp[] = new cce($pdi_id, $ref);
|
$tmp[] = new cce($pdi_id, $ref);
|
||||||
$db->save_CCE($tmp);
|
$db->save_CCE($tmp);
|
||||||
}
|
} elseif (substr($ref, 0, 2) == 'KB') {} elseif (substr($ref, 0, 2) == 'MS') {
|
||||||
elseif (substr($ref, 0, 2) == 'KB') {
|
|
||||||
|
|
||||||
}
|
|
||||||
elseif (substr($ref, 0, 2) == 'MS') {
|
|
||||||
$tmp[] = new advisory($pdi_id, $ref, '', 'MS', '');
|
$tmp[] = new advisory($pdi_id, $ref, '', 'MS', '');
|
||||||
$db->save_Advisory($tmp);
|
$db->save_Advisory($tmp);
|
||||||
}
|
}
|
||||||
@ -665,10 +670,24 @@ foreach ($groups as $group) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Output the CSV contents
|
// Output the CSV contents
|
||||||
fputcsv($csv, [$rule_stig_id, $vms_id, implode("", array_fill(0, $cat, "I")), implode(" ", $ias), $rule_title, "Not Reviewed", "", $rule_check_content, $sv_rule, $oval_id]);
|
fputcsv($csv, [
|
||||||
|
$rule_stig_id,
|
||||||
|
$vms_id,
|
||||||
|
implode("", array_fill(0, $cat, "I")),
|
||||||
|
implode(" ", $ias),
|
||||||
|
$rule_title,
|
||||||
|
"Not Reviewed",
|
||||||
|
"",
|
||||||
|
$rule_check_content,
|
||||||
|
$sv_rule,
|
||||||
|
$oval_id
|
||||||
|
]);
|
||||||
|
|
||||||
unset($references);
|
unset($references);
|
||||||
$db->update_Catalog_Script($base_name, ['name' => 'perc_comp', 'value' => ($perc_comp / $groups->length) * 100]);
|
$db->update_Catalog_Script($base_name, [
|
||||||
|
'name' => 'perc_comp',
|
||||||
|
'value' => ($perc_comp / $groups->length) * 100
|
||||||
|
]);
|
||||||
}
|
}
|
||||||
|
|
||||||
$db->help->select_count("sagacity.stigs");
|
$db->help->select_count("sagacity.stigs");
|
||||||
@ -677,13 +696,20 @@ $db->set_Setting('stig-count', $stig_count);
|
|||||||
|
|
||||||
$end = new DateTime();
|
$end = new DateTime();
|
||||||
$diff = $end->diff($start);
|
$diff = $end->diff($start);
|
||||||
|
$total = $new_count + $updated_count;
|
||||||
|
|
||||||
print PHP_EOL . "Start Time: {$start->format("H:i:s")}" . PHP_EOL;
|
print <<<EOO
|
||||||
print "End Time: {$end->format("H:i:s")}" . PHP_EOL;
|
|
||||||
print "Execution time: {$diff->format("%H:%I:%S")}" . PHP_EOL . PHP_EOL;
|
Start Time: {$start->format("H:i:s")}
|
||||||
print "New STIGs: $new_count" . PHP_EOL;
|
End Time: {$end->format("H:i:s")}
|
||||||
print "Updated STIGs: $updated_count" . PHP_EOL;
|
Execution time: {$diff->format("%H:%I:%S")}
|
||||||
print "Total STIGs: " . ($new_count + $updated_count) . PHP_EOL . PHP_EOL . PHP_EOL;
|
|
||||||
|
New STIGs: $new_count
|
||||||
|
Updated STIGs: $updated_count
|
||||||
|
Total STIGs: $total
|
||||||
|
|
||||||
|
|
||||||
|
EOO;
|
||||||
|
|
||||||
$log->script_log("$groups->length complete");
|
$log->script_log("$groups->length complete");
|
||||||
fclose($csv);
|
fclose($csv);
|
||||||
@ -692,12 +718,17 @@ if (!isset($cmd['debug'])) {
|
|||||||
rename($cmd['f'], DOC_ROOT . "/reference/stigs/$base_name");
|
rename($cmd['f'], DOC_ROOT . "/reference/stigs/$base_name");
|
||||||
}
|
}
|
||||||
rename($csv_file, DOC_ROOT . "/reference/stigs/" . basename($csv_file));
|
rename($csv_file, DOC_ROOT . "/reference/stigs/" . basename($csv_file));
|
||||||
$db->update_Catalog_Script($base_name, ['name' => 'perc_comp', 'value' => 100, 'complete' => 1]);
|
$db->update_Catalog_Script($base_name, [
|
||||||
|
'name' => 'perc_comp',
|
||||||
|
'value' => 100,
|
||||||
|
'complete' => 1
|
||||||
|
]);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Usage output
|
* Usage output
|
||||||
*/
|
*/
|
||||||
function usage() {
|
function usage()
|
||||||
|
{
|
||||||
print <<<EOO
|
print <<<EOO
|
||||||
Purpose: To parse a STIG XCCDF checklist file and populate/update the database
|
Purpose: To parse a STIG XCCDF checklist file and populate/update the database
|
||||||
|
|
||||||
|
@ -5,7 +5,7 @@
|
|||||||
* Purpose: Read STIG Viewer checklist files
|
* Purpose: Read STIG Viewer checklist files
|
||||||
* Created: Apr 10, 2014
|
* Created: Apr 10, 2014
|
||||||
*
|
*
|
||||||
* Portions Copyright 2016-2017: Cyber Perspectives, LLC, All rights reserved
|
* Portions Copyright 2016-2019: CyberPerspectives, LLC, All rights reserved
|
||||||
* Released under the Apache v2.0 License
|
* Released under the Apache v2.0 License
|
||||||
*
|
*
|
||||||
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
|
* Portions Copyright (c) 2012-2015, Salient Federal Solutions
|
||||||
@ -74,6 +74,7 @@ $host_mac = getValue($xml, '//HOST_MAC');
|
|||||||
|
|
||||||
if (!$host_name) {
|
if (!$host_name) {
|
||||||
$db->update_Running_Scan($base_name, ['name' => 'status', 'value' => 'TERMINATED']);
|
$db->update_Running_Scan($base_name, ['name' => 'status', 'value' => 'TERMINATED']);
|
||||||
|
$db->update_Running_Scan($base_name, ['name' => 'notes', 'value' => 'File parsing was terminated because <HOST_NAME> was empty or absent']);
|
||||||
unset($xml);
|
unset($xml);
|
||||||
|
|
||||||
rename($cmd['f'], TMP . "/terminated/{$base_name}");
|
rename($cmd['f'], TMP . "/terminated/{$base_name}");
|
||||||
|
BIN
img/checklist_icons/Ubuntu.png
Normal file
BIN
img/checklist_icons/Ubuntu.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 17 KiB |
Loading…
Reference in New Issue
Block a user