Package routerdefense :: Package reports :: Module stdout_reporting
[hide private]
[frames] | no frames]

Source Code for Module routerdefense.reports.stdout_reporting

  1  # -*- coding: iso-8859-1 -*- 
  2   
  3  __docformat__ = 'restructuredtext' 
  4  __version__ = '$Id$' 
  5   
  6  from routerdefense.common import * 
  7  from routerdefense.metrics import * 
  8  import inspect 
  9  import __builtin__ 
 10   
 11   
12 -def add(title, comment):
13 strippedLine = line.lstrip().rstrip() 14 return strippedLine
15
16 -def stdout_header():
17 """Write header at the beginning of stdout.""" 18 header = """ 19 ______ _ ______ __ 20 | ___ \ | | | _ \ / _| 21 | |_/ /___ _ _| |_ ___ _ __ | | | |___| |_ ___ _ __ ___ ___ 22 | // _ \| | | | __/ _ \ '__| | | | / _ \ _/ _ \ '_ \/ __|/ _ \\ 23 | |\ \ (_) | |_| | || __/ | | |/ / __/ || __/ | | \__ \ __/ 24 \_| \_\___/ \__,_|\__\___|_| |___/ \___|_| \___|_| |_|___/\___| 25 26 =[ Cisco IOS security assessment tool 27 =[ http://code.google.com/p/routerdefense 28 =[ version 2012.1 29 30 """ 31 return header;
32 37
38 -def stdout_report(generic, mgmt_plane, ctrl_plane, data_plane):
39 """Generate the stdout report.""" 40 summary = list() 41 vty_already_reported = False 42 try: 43 44 print stdout_banner('Generic information') 45 print "" 46 print " => Hostname: %s" % generic.hostName 47 print " => IOS version: %s" % generic.iosVersion 48 print " => Switching: %s" % generic.switchingMethod 49 print " => Multicast: %s" % generic.multicast 50 print " => QoS: %s" % generic.qos 51 print " => IPv6: %s" % generic.ipv6 52 print " => IPSEC VPN: %s" % generic.ipsec 53 54 print stdout_category_banner('ManagementPlane') 55 summary.append('\nManagement Plane\n') 56 for name in mgmt_plane: 57 counter = 0 58 total = 0 59 if name != 'interface': 60 print stdout_banner(name.long_name) 61 for k,v in inspect.getmembers(name): 62 if isinstance(v, dict): 63 total = total + 1 64 if v['must_report'] == True: 65 counter = counter + 1 66 defn = v['definition'].strip() 67 threatInfo = v['threatInfo'].strip() 68 howtofix = v['howtofix'].strip() 69 fiximpact = v['fixImpact'].strip() 70 cvss = v['cvss'].strip() 71 print stdout_content( 72 defn, 73 threatInfo, 74 howtofix, 75 fiximpact, 76 cvss 77 ) 78 79 print '\nNumber of threatInfo(s) to fix: %d/%d' % \ 80 (counter, total) 81 if ( (name.long_name == 'Vty lines') and 82 (vty_already_reported == False)): 83 summary.append('%s: %d/%d' % \ 84 (name.long_name, counter, total)) 85 vty_already_reported = True 86 elif ( (name.long_name == 'Vty lines') and 87 (vty_already_reported == True)): 88 pass 89 else: 90 summary.append('%s: %d/%d' % \ 91 (name.long_name, counter, total)) 92 93 print stdout_category_banner('ControlPlane') 94 summary.append('\nControl Plane\n') 95 for name in ctrl_plane: 96 total = 0 97 counter = 0 98 if name != 'interface': 99 print stdout_banner(name.long_name) 100 for k,v in inspect.getmembers(name): 101 if isinstance(v, dict): 102 total = total + 1 103 if v['must_report'] == True: 104 counter = counter + 1 105 defn = v['definition'].strip() 106 threatInfo = v['threatInfo'].strip() 107 fiximpact = v['fixImpact'].strip() 108 cvss = v['cvss'].strip() 109 if defn == \ 110 'OSPF route filtering in': 111 v['howtofix'] = \ 112 v['howtofix'].strip() \ 113 .replace('[%ospfPID]', ", " \ 114 .join(name.rfilter_in['pid']), 1) 115 v['howtofix'] = \ 116 v['howtofix'].strip() \ 117 .replace('[%ospfArea]', ", " \ 118 .join(name.rfilter_in['area']), 1) 119 elif defn == \ 120 'OSPF MD5 authentication': 121 v['howtofix'] = \ 122 v['howtofix'].strip() \ 123 .replace('[%ospfinterface]', ", " \ 124 .join(name.auth_md5['interfaces']), 1) 125 v['howtofix'] = \ 126 v['howtofix'].strip() \ 127 .replace('[%ospfArea]', ", " \ 128 .join(name.auth_md5['area']), 1) 129 v['howtofix'] = \ 130 v['howtofix'].strip() \ 131 .replace('[%ospfPID]', ", " \ 132 .join(name.auth_md5['pid']), 1) 133 elif defn == \ 134 'OSPF route filtering out': 135 v['howtofix'] = \ 136 v['howtofix'].strip() \ 137 .replace('[%ospfPID]', ", " \ 138 .join(name.rfilter_out['pid']), 1) 139 v['howtofix'] = \ 140 v['howtofix'].strip() \ 141 .replace('[%ospfArea]', ", " \ 142 .join(name.rfilter_out['area']), 1) 143 elif defn == \ 144 'OSPF passive interface default': 145 v['howtofix'] = \ 146 v['howtofix'].strip() \ 147 .replace('[%ospfInstance]', ", " \ 148 .join(name.passive['pid']), 1) 149 elif defn == \ 150 'OSPF maximum LSA': 151 v['howtofix'] = \ 152 v['howtofix'].strip() \ 153 .replace('[%ospfInstance]', ", " \ 154 .join(name.maxLSA['pid']), 1) 155 elif defn == \ 156 'EIGRP MD5 authentication': 157 v['howtofix'] = \ 158 v['howtofix'].strip() \ 159 .replace('[%eigrpinterface]', ", " \ 160 .join(name.auth_md5['interfaces']), 1) 161 v['howtofix'] = \ 162 v['howtofix'].strip() \ 163 .replace('[%eigrpAs]', ", " \ 164 .join(name.auth_md5['asn']), 1) 165 elif defn == \ 166 'EIGRP passive interface default': 167 v['howtofix'] = \ 168 v['howtofix'].strip() \ 169 .replace('[%eigrpAs]', ", " \ 170 .join(name.passive['asn']), 1) 171 elif defn == \ 172 'EIGRP route filtering inbound': 173 v['howtofix'] = \ 174 v['howtofix'].strip() \ 175 .replace('[%eigrpAs]', ", " \ 176 .join(name.rfilter_in['asn']), 1) 177 elif defn == \ 178 'EIGRP route filtering outbound': 179 v['howtofix'] = \ 180 v['howtofix'].strip() \ 181 .replace('[%eigrpAs]', ", " \ 182 .join(name.rfilter_out['asn']), 1) 183 elif defn == \ 184 'RIP MD5 authentication': 185 v['howtofix'] = \ 186 v['howtofix'].strip() \ 187 .replace('[%ripinterface]', ", " \ 188 .join(name.auth_md5['interfaces']), 1) 189 howtofix = v['howtofix'] 190 print stdout_content( 191 defn, 192 threatInfo, 193 howtofix, 194 fiximpact, 195 cvss 196 ) 197 198 print '\nNumber of threatInfo(s) to fix: %d/%d' % \ 199 (counter, total) 200 summary.append('%s: %d/%d' % \ 201 (name.long_name, counter, total)) 202 203 204 print stdout_category_banner('DataPlane') 205 summary.append('\nData Plane\n') 206 207 for name in data_plane: 208 total = 0 209 counter = 0 210 if name != 'interface': 211 print stdout_banner(name.long_name) 212 for k,v in inspect.getmembers(name): 213 if isinstance(v, dict): 214 total = total + 1 215 if v['must_report'] == True: 216 counter = counter + 1 217 definition = v['definition'].strip() 218 threatInfo = v['threatInfo'].strip() 219 fiximpact = v['fixImpact'].strip() 220 cvss = v['cvss'].strip() 221 if definition == \ 222 'Port security violation': 223 v['howtofix'] = \ 224 v['howtofix'].strip() \ 225 .replace('[%interface]', ", " \ 226 .join(name.violation['candidates']), 1) 227 if definition == \ 228 'Port security MAC address sticky': 229 v['howtofix'] = \ 230 v['howtofix'].strip() \ 231 .replace('[%interface]', ", " \ 232 .join(name.sticky['candidates']), 1) 233 if definition == \ 234 'Port security total maximum MAC addresses': 235 v['howtofix'] = \ 236 v['howtofix'].strip() \ 237 .replace('[%interface]', ", " \ 238 .join( \ 239 name.maximum_total['candidates']), 1) 240 if definition == \ 241 'Port security access vlan \ 242 maximum MAC addresses': 243 v['howtofix'] = \ 244 v['howtofix'].strip() \ 245 .replace('[%interface]', ", " \ 246 .join( \ 247 name.maximum_access['candidates']), 1) 248 if definition == \ 249 'Port security voice vlan \ 250 maximum MAC addresses': 251 v['howtofix'] = \ 252 v['howtofix'].strip() \ 253 .replace('[%interface]', ", " \ 254 .join( \ 255 name.maximum_voice['candidates']), 1) 256 if definition == 'DTP negotiation': 257 v['howtofix'] = \ 258 v['howtofix'].strip() \ 259 .replace('[%interface]', ", " \ 260 .join( \ 261 name.nonegotiate['candidates']), 1) 262 if definition == 'Flow Control 802.3x': 263 v['howtofix'] = \ 264 v['howtofix'].strip() \ 265 .replace('[%interface]', ", " \ 266 .join( \ 267 name.flowcontrol['candidates']), 1) 268 if definition == 'VLAN 1': 269 v['howtofix'] = \ 270 v['howtofix'].strip() \ 271 .replace('[%interface]', ", " \ 272 .join(name.vlan_1['candidates']), 1) 273 if definition == 'Unused ports': 274 v['howtofix'] = \ 275 v['howtofix'].strip() \ 276 .replace('[%interface]', ", " \ 277 .join( \ 278 name.unused_ports['candidates']), 1) 279 280 howtofix = v['howtofix'] 281 print stdout_content( 282 definition, 283 threatInfo, 284 howtofix, 285 fiximpact, 286 cvss 287 ) 288 289 print '\nNumber of threatInfo(s) to fix: %d/%d' % \ 290 (counter, total) 291 summary.append('%s: %d/%d' % \ 292 (name.long_name, counter, total)) 293 294 295 296 print '\n=[ summary ]=' 297 for entry in summary: 298 print entry 299 300 except: 301 return "error while genefixImpact stdout audit output." 302 303 return "stdout"
304