1
2
3 __docformat__ = 'restructuredtext'
4 __version__ = '$Id$'
5
6 from routerdefense.common import *
7 from routerdefense.metrics import *
8
9 -def csvReport(outputFile,ManagementPlaneMetrics, ControlPlaneMetrics, DataPlaneMetrics):
10 import csv
11 import inspect
12 import __builtin__
13 File = open(outputFile, 'wt')
14 csvWriter = csv.writer(File, delimiter=',', quotechar='\'', quoting=csv.QUOTE_MINIMAL)
15 csvWriter.writerow(['Class', 'Definition', 'Threat information', 'How to fix', 'fixImpact', 'CVSS'])
16
17 for name in ManagementPlaneMetrics:
18 if name != 'interface':
19 for k,v in inspect.getmembers(name):
20 if isinstance(v, dict):
21 if v['must_report'] == True:
22 definition = v['definition'].strip()
23 threatInfo = v['threatInfo'].strip()
24 howtofix = v['howtofix'].strip()
25 fixImpact = v['fixImpact'].strip()
26 cvss = v['cvss'].strip()
27 csvWriter.writerow([name.long_name, definition, threatInfo, howtofix, fixImpact, cvss])
28
29 for name in ControlPlaneMetrics:
30 if name != 'interface':
31 for k,v in inspect.getmembers(name):
32 if isinstance(v, dict):
33 if v['must_report'] == True:
34 definition = v['definition'].strip()
35 threatInfo = v['threatInfo'].strip()
36 fixImpact = v['fixImpact'].strip()
37 cvss = v['cvss'].strip()
38 if definition == 'OSPF route filtering in':
39 v['howtofix'] = v['howtofix'].strip().replace('[%ospfPID]', ", ".join(name.rfilter_in['pid']), 1)
40 v['howtofix'] = v['howtofix'].strip().replace('[%ospfArea]', ", ".join(name.rfilter_in['area']), 1)
41 elif definition == 'OSPF MD5 authentication':
42 v['howtofix'] = v['howtofix'].strip().replace('[%ospfinterface]', ", ".join(name.auth_md5['interfaces']), 1)
43 v['howtofix'] = v['howtofix'].strip().replace('[%ospfArea]', ", ".join(name.auth_md5['area']), 1)
44 v['howtofix'] = v['howtofix'].strip().replace('[%ospfPID]', ", ".join(name.auth_md5['pid']), 1)
45 elif definition == 'OSPF route filtering out':
46 v['howtofix'] = v['howtofix'].strip().replace('[%ospfPID]', ", ".join(name.rfilter_out['pid']), 1)
47 v['howtofix'] = v['howtofix'].strip().replace('[%ospfArea]', ", ".join(name.rfilter_out['area']), 1)
48 elif definition == 'OSPF passive interface default':
49 v['howtofix'] = v['howtofix'].strip().replace('[%ospfInstance]', ", ".join(name.passive['pid']), 1)
50 elif definition == 'OSPF maximum LSA':
51 v['howtofix'] = v['howtofix'].strip().replace('[%ospfInstance]', ", ".join(name.maxLSA['pid']), 1)
52 elif definition == 'EIGRP MD5 authentication':
53 v['howtofix'] = v['howtofix'].strip().replace('[%eigrpinterface]', ", ".join(name.auth_md5['interfaces']), 1)
54 v['howtofix'] = v['howtofix'].strip().replace('[%eigrpAs]', ", ".join(name.auth_md5['asn']), 1)
55 elif definition == 'EIGRP passive interface default':
56 v['howtofix'] = v['howtofix'].strip().replace('[%eigrpAs]', ", ".join(name.passive['asn']), 1)
57 elif definition == 'EIGRP route filtering inbound':
58 v['howtofix'] = v['howtofix'].strip().replace('[%eigrpAs]', ", ".join(name.rfilter_in['asn']), 1)
59 elif definition == 'EIGRP route filtering outbound':
60 v['howtofix'] = v['howtofix'].strip().replace('[%eigrpAs]', ", ".join(name.rfilter_out['asn']), 1)
61 elif definition == 'RIP MD5 authentication':
62 v['howtofix'] = v['howtofix'].strip().replace('[%ripinterface]', ", ".join(name.auth_md5['interfaces']), 1)
63 howtofix = v['howtofix']
64 csvWriter.writerow([name.long_name, definition, threatInfo, howtofix, fixImpact, cvss])
65 for name in DataPlaneMetrics:
66 if name != 'interface':
67 for k,v in inspect.getmembers(name):
68 if isinstance(v, dict):
69 if v['must_report'] == True:
70 definition = v['definition'].strip()
71 threatInfo = v['threatInfo'].strip()
72 fixImpact = v['fixImpact'].strip()
73 cvss = v['cvss'].strip()
74 if definition == 'Port security violation':
75 v['howtofix'] = v['howtofix'].strip().replace('[%interface]', ", ".join(name.violation['candidates']), 1)
76 if definition == 'Port security MAC address sticky':
77 v['howtofix'] = v['howtofix'].strip().replace('[%interface]', ", ".join(name.sticky['candidates']), 1)
78 if definition == 'Port security total maximum MAC addresses':
79 v['howtofix'] = v['howtofix'].strip().replace('[%interface]', ", ".join(name.maximum_total['candidates']), 1)
80 if definition == 'Port security access vlan maximum MAC addresses':
81 v['howtofix'] = v['howtofix'].strip().replace('[%interface]', ", ".join(name.maximum_access['candidates']), 1)
82 if definition == 'Port security voice vlan maximum MAC addresses':
83 v['howtofix'] = v['howtofix'].strip().replace('[%interface]', ", ".join(name.maximum_voice['candidates']), 1)
84 if definition == 'DTP negotiation':
85 v['howtofix'] = v['howtofix'].strip().replace('[%interface]', ", ".join(name.nonegotiate['candidates']), 1)
86 if definition == 'Flow Control 802.3x':
87 v['howtofix'] = v['howtofix'].strip().replace('[%interface]', ", ".join(name.flowcontrol['candidates']), 1)
88 if definition == 'VLAN 1':
89 v['howtofix'] = v['howtofix'].strip().replace('[%interface]', ", ".join(name.vlan_1['candidates']), 1)
90 if definition == 'Unused ports':
91 v['howtofix'] = v['howtofix'].strip().replace('[%interface]', ", ".join(name.unused_ports['candidates']), 1)
92
93 howtofix = v['howtofix']
94 csvWriter.writerow([name.long_name, definition, threatInfo, howtofix, fixImpact, cvss])
95
96 File.close()
97 print "Audit has been saved under the filename: %s " % outputFile
98