Package routerdefense :: Package engines :: Module fhrp
[hide private]
[frames] | no frames]

Source Code for Module routerdefense.engines.fhrp

  1  # -*- coding: iso-8859-1 -*- 
  2   
  3  __docformat__ = 'restructuredtext' 
  4  __version__ = '$Id$' 
  5   
  6  import __builtin__ 
  7  from routerdefense.common import * 
  8   
  9  from xml import * 
 10   
11 -def engine_glbp(lines, glbp, ifaceCfg):
12 """GLBP configuration assessment.""" 13 14 glbpConfigured = [] 15 for index in ifaceCfg: 16 glbpConfigured = search_re_multi_string(index.configuration,'glbp .* ip .*') 17 if len(glbpConfigured) >= 1: 18 for indexInstance in glbpConfigured: 19 glbpInstance = indexInstance.split(' ')[1] 20 authentication = 'glbp ' + glbpInstance + ' authentication md5 key-string .*' 21 if search_re_string(index.configuration,authentication) is None: 22 glbp.auth_md5['must_report'] = True 23 24 if glbp.auth_md5['must_report'] == True: 25 items = search_xml('glbpMD5') 26 cvssMetrics = str(cvss_score(items[5])) 27 glbp.auth_md5 = { 28 "must_report": True, 29 "fixImpact": (items[0]), 30 "definition": (items[1]), 31 "threatInfo": (items[2]), 32 "howtofix": (items[3]), 33 "cvss": (cvssMetrics)} 34 35 toBeReturned = '' 36 if glbp.auth_md5['must_report'] == True: 37 toBeReturned = glbp.auth_md5['definition'] + '\n' + glbp.auth_md5['threatInfo'] + '\n\n' + glbp.auth_md5['howtofix'] + '\n' 38 39 return toBeReturned
40 41
42 -def engine_hsrp(lines, hsrp, ifaceCfg):
43 hsrpConfigured = [] 44 for index in ifaceCfg: 45 hsrpConfigured = search_re_multi_string(index.configuration,'hsrp .* ip .*') 46 if len(hsrpConfigured) >= 1: 47 for indexInstance in hsrpConfigured: 48 hsrpInstance = indexInstance.split(' ')[1] 49 authentication = 'hsrp ' + hsrpInstance + ' authentication md5 key-string .*' 50 if search_re_string(index.configuration,authentication) is None: 51 hsrp.auth_md5['must_report'] = True 52 53 if hsrp.auth_md5['must_report'] == True: 54 items = search_xml('hsrpMD5') 55 cvssMetrics = str(cvss_score(items[5])) 56 hsrp.auth_md5 = { 57 "must_report": True, 58 "fixImpact": (items[0]), 59 "definition": (items[1]), 60 "threatInfo": (items[2]), 61 "howtofix": (items[3]), 62 "cvss": (cvssMetrics)} 63 64 toBeReturned = '' 65 if hsrp.auth_md5['must_report'] == True: 66 toBeReturned = hsrp.auth_md5['definition'] + '\n' + hsrp.auth_md5['threatInfo'] + '\n\n' + hsrp.auth_md5['howtofix'] + '\n' 67 68 return toBeReturned
69
70 -def engine_vrrp(lines, vrrp, ifaceCfg):
71 """VRRP configuration assessment.""" 72 73 vrrpConfigured = [] 74 for index in ifaceCfg: 75 vrrpConfigured = search_re_multi_string(index.configuration,'vrrp .* ip .*') 76 if len(vrrpConfigured) >= 1: 77 for indexInstance in vrrpConfigured: 78 vrrpInstance = indexInstance.split(' ')[1] 79 authentication = 'vrrp ' + vrrpInstance + ' authentication md5 key-string .*' 80 if search_re_string(index.configuration,authentication) is None: 81 vrrp.auth_md5['must_report'] = True 82 83 if vrrp.auth_md5['must_report'] == True: 84 items = search_xml('vrrpMD5') 85 cvssMetrics = str(cvss_score(items[5])) 86 vrrp.auth_md5 = { 87 "must_report": True, 88 "fixImpact": (items[0]), 89 "definition": (items[1]), 90 "threatInfo": (items[2]), 91 "howtofix": (items[3]), 92 "cvss": (cvssMetrics)} 93 94 toBeReturned = '' 95 if vrrp.auth_md5['must_report'] == True: 96 toBeReturned = vrrp.auth_md5['definition'] + '\n' + vrrp.auth_md5['threatInfo'] + '\n\n' + vrrp.auth_md5['howtofix'] + '\n' 97 98 return toBeReturned
99