tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-11965-security-hardening-console-vistas-estaticas' into ent-12050-security-hardening-console-widget-dashboard

This commit is contained in:
Daniel Cebrian 2023-09-13 09:52:09 +02:00
parent a46a43fd89 1cd5d1b0fa
commit 8f146d1af7
15 changed files with 635 additions and 18 deletions

4
pandora_console/extras/mr/66.sql
View File

@ -44,4 +44,8 @@ ADD COLUMN `time_init` VARCHAR(45) NULL AFTER `date_init`,
ADD COLUMN `date_end` VARCHAR(45) NULL AFTER `time_init`,
ADD COLUMN `time_end` VARCHAR(45) NULL AFTER `date_end`;
ALTER TABLE `treport_content` ADD COLUMN `cat_security_hardening` INT NOT NULL DEFAULT 0;
ALTER TABLE `treport_content` ADD COLUMN `ignore_skipped` INT NOT NULL DEFAULT 0;
ALTER TABLE `treport_content` ADD COLUMN `status_of_check` TINYTEXT;
COMMIT;

146
pandora_console/godmode/reporting/reporting_builder.item_editor.php
View File

@ -200,6 +200,12 @@ $text_agent_module = '';
$only_data = false;
$categories_security_hardening = categories_of_cis();
foreach ($categories_security_hardening as $key => $cat) {
$categories_security_hardening[$key] = implode(' ', $cat);
}
// Users.
$id_users = [];
$users_groups = [];
@ -1019,6 +1025,49 @@ switch ($action) {
$idAgent = $item['id_agent'];
break;
case 'top_n_agents_sh':
$group = $item['id_group'];
$recursion = $item['recursion'];
$top_n_value = (empty($item['top_n_value']) === true) ? 10 : $item['top_n_value'];
break;
case 'top_n_checks_failed':
$group = $item['id_group'];
$recursion = $item['recursion'];
$top_n_value = (empty($item['top_n_value']) === true) ? 10 : $item['top_n_value'];
break;
case 'top_n_categories_checks':
$group = $item['id_group'];
$recursion = $item['recursion'];
$top_n_value = (empty($item['top_n_value']) === true) ? 10 : $item['top_n_value'];
break;
case 'vul_by_cat':
$group = $item['id_group'];
$recursion = $item['recursion'];
$cat_selected = $item['cat_security_hardening'];
$ignore_skipped = $item['ignore_skipped'];
break;
case 'list_checks':
$group = $item['id_group'];
$recursion = $item['recursion'];
$cat_selected = $item['cat_security_hardening'];
$status_of_check = $item['status_of_check'];
$idAgent = $item['id_agent'];
break;
case 'scoring':
$group = $item['id_group'];
$recursion = $item['recursion'];
break;
case 'evolution':
$group = $item['id_group'];
$recursion = $item['recursion'];
break;
default:
// It's not possible.
break;
@ -3757,6 +3806,63 @@ if (is_metaconsole() === true) {
?>
</td>
</tr>
<tr id="row_ignore_skipped" class="datos">
<td class="bolder">
<?php
echo __('Ignore skipped');
?>
</td>
<td>
<?php
html_print_checkbox_switch(
'ignore_skipped',
1,
($ignore_skipped !== null) ? $ignore_skipped : true,
);
?>
</td>
</tr>
<tr id="row_cat_security_hardening" class="datos">
<td class="bolder">
<?php
echo __('Category');
?>
</td>
<td>
<?php
html_print_select(
$categories_security_hardening,
'cat_security_hardening',
$cat_selected,
);
?>
</td>
</tr>
<tr id="row_status_check" class="datos">
<td class="bolder">
<?php
echo __('Status of check');
?>
</td>
<td>
<?php
html_print_select(
[
'all' => __('All'),
'PASS' => __('Passed'),
'FAIL' => __('Failed'),
'INVALID' => __('Skipped'),
],
'status_of_check',
$status_of_check,
);
?>
</td>
</tr>
<?php
if ($is_enterprise) {
?>
@ -6630,6 +6736,9 @@ function chooseType() {
$("#row_group_by").hide();
$("#row_type_show").hide();
$("#row_use_prefix_notation").hide();
$("#row_cat_security_hardening").hide();
$("#row_ignore_skipped").hide();
$("#row_status_check").hide();
// SLA list default state.
$("#sla_list").hide();
@ -7484,7 +7593,42 @@ function chooseType() {
case 'ncm':
$("#row_agent").show();
break;
case 'top_n_agents_sh':
$("#row_group").show();
$("#row_max_items").show();
break;
case 'top_n_checks_failed':
$("#row_group").show();
$("#row_max_items").show();
break;
case 'top_n_categories_checks':
$("#row_group").show();
$("#row_max_items").show();
break;
case 'vul_by_cat':
$("#row_group").show();
$("#row_cat_security_hardening").show();
$("#row_ignore_skipped").show();
break;
case 'list_checks':
$("#row_group").show();
$("#row_agent").show();
$("#row_cat_security_hardening").show();
$("#row_status_check").show();
break;
case 'scoring':
$("#row_group").show();
break;
case 'evolution':
$("#row_group").show();
break;
}
switch (type) {

84
pandora_console/godmode/reporting/reporting_builder.php
View File

@ -1990,6 +1990,48 @@ switch ($action) {
$good_format = true;
break;
case 'top_n_agents_sh':
$values['id_group'] = get_parameter('combo_group');
$values['top_n_value'] = get_parameter('max_items');
$good_format = true;
break;
case 'top_n_checks_failed':
$values['id_group'] = get_parameter('combo_group');
$values['top_n_value'] = get_parameter('max_items');
$good_format = true;
break;
case 'top_n_categories_checks':
$values['id_group'] = get_parameter('combo_group');
$values['top_n_value'] = get_parameter('max_items');
$good_format = true;
break;
case 'vul_by_cat':
$values['id_group'] = get_parameter('combo_group');
$values['cat_security_hardening'] = get_parameter('cat_security_hardening');
$values['ignore_skipped'] = get_parameter('ignore_skipped');
$good_format = true;
break;
case 'list_checks':
$values['id_group'] = get_parameter('combo_group');
$values['cat_security_hardening'] = get_parameter('cat_security_hardening');
$values['status_of_check'] = get_parameter('status_of_check');
$good_format = true;
break;
case 'scoring':
$values['id_group'] = get_parameter('combo_group');
$good_format = true;
break;
case 'evolution':
$values['id_group'] = get_parameter('combo_group');
$good_format = true;
break;
default:
$values['period'] = get_parameter('period');
$values['top_n'] = get_parameter(
@ -2866,6 +2908,48 @@ switch ($action) {
$good_format = true;
break;
case 'top_n_agents_sh':
$values['id_group'] = get_parameter('combo_group');
$values['top_n_value'] = get_parameter('max_items');
$good_format = true;
break;
case 'top_n_checks_failed':
$values['id_group'] = get_parameter('combo_group');
$values['top_n_value'] = get_parameter('max_items');
$good_format = true;
break;
case 'top_n_categories_checks':
$values['id_group'] = get_parameter('combo_group');
$values['top_n_value'] = get_parameter('max_items');
$good_format = true;
break;
case 'vul_by_cat':
$values['id_group'] = get_parameter('combo_group');
$values['cat_security_hardening'] = get_parameter('cat_security_hardening');
$values['ignore_skipped'] = get_parameter('ignore_skipped');
$good_format = true;
break;
case 'list_checks':
$values['id_group'] = get_parameter('combo_group');
$values['cat_security_hardening'] = get_parameter('cat_security_hardening');
$values['status_of_check'] = get_parameter('status_of_check');
$good_format = true;
break;
case 'scoring':
$values['id_group'] = get_parameter('combo_group');
$good_format = true;
break;
case 'evolution':
$values['id_group'] = get_parameter('combo_group');
$good_format = true;
break;
default:
$values['period'] = get_parameter('period');
$values['top_n'] = get_parameter(

7
pandora_console/images/menu/security.svg Normal file
View File

@ -0,0 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="16px" height="16px" viewBox="0 0 16 16" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<title>Hardening@svg</title>
<g id="Hardening" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
<path d="M11.0387503,1.15463195e-14 C11.6463177,1.01024435e-14 12.2209436,0.276179438 12.6004879,0.750609905 L15.5617376,4.45217202 C15.8454385,4.80679812 16,5.24741913 16,5.70156212 L16,6.23960136 C16,6.72942968 15.8202429,7.20222678 15.4948186,7.56832903 L8.74740932,15.1591645 C8.72137833,15.1884494 8.6936487,15.216179 8.66436384,15.24221 C8.25158107,15.609128 7.6195087,15.5719473 7.25259068,15.1591645 L0.505181363,7.56832903 C0.179757138,7.20222678 -8.28191751e-16,6.72942968 0,6.23960136 L0,5.70156212 C8.32561944e-16,5.24741913 0.154561504,4.80679812 0.438262381,4.45217202 L3.39951208,0.750609905 C3.77905645,0.276179438 4.35368225,1.0991794e-14 4.96124969,1.15463195e-14 Z M8.00018082,3 C7.09496946,3 6.30261511,3.60799488 6.06832917,4.48236191 C5.83404323,5.35672894 6.21624479,6.27944513 7.00018082,6.73205081 L7.00018082,9.00205081 C7.00018082,9.55433556 7.44789607,10.0020508 8.00018082,10.0020508 C8.55246557,10.0020508 9.00018082,9.55433556 9.00018082,9.00205081 L9.00018082,6.73205081 C9.78411685,6.27944513 10.1663184,5.35672894 9.93203247,4.48236191 C9.69774653,3.60799488 8.90539218,3 8.00018082,3 Z" id="Path-32" fill="#A7ADAF"></path>
</g>
</svg>
Side by Side

After

(image error) Size: 1.4 KiB

21
pandora_console/include/functions_html.php
View File

@ -7397,14 +7397,29 @@ function html_print_select_date_range(
});
// To get position must to be showed, hide elements return 0 on offset function.
var def_state_range = $('#".$name."_range').is(':visible');
var def_state_default = $('#".$name."_default').is(':visible');
var def_state_extend = $('#".$name."_extend').is(':visible');
$('#".$name."_range').show();
$('#".$name."_default').hide();
$('#".$name."_extend').hide();
position_top_init = $('#text-date_init').offset().top + $('#text-date_init').outerHeight();
position_top_end = $('#text-date_end').offset().top + $('#text-date_end').outerHeight();
$('#".$name."_range').hide();
$('#".$name."_extend').hide();
$('#".$name."_default').show();
if(def_state_range){
$('#".$name."_range').show();
} else {
$('#".$name."_range').hide();
}
if(def_state_default){
$('#".$name."_default').show();
} else {
$('#".$name."_default').hide();
}
if(def_state_extend){
$('#".$name."_extend').show();
} else {
$('#".$name."_extend').hide();
}
});
var position_top_init = 0;

49
pandora_console/include/functions_reporting.php
View File

@ -940,6 +940,55 @@ function reporting_make_reporting_data(
);
break;
case 'top_n_agents_sh':
$report['contents'][] = reporting_top_n_agents_sh(
$report,
$content
);
break;
case 'top_n_checks_failed':
$report['contents'][] = reporting_top_n_checks_failed(
$report,
$content
);
break;
case 'top_n_categories_checks':
$report['contents'][] = reporting_top_n_categories_checks(
$report,
$content
);
break;
case 'vul_by_cat':
$report['contents'][] = reporting_vul_by_categories(
$report,
$content
);
break;
case 'list_checks':
$report['contents'][] = reporting_list_checks(
$report,
$content
);
break;
case 'scoring':
$report['contents'][] = reporting_scoring(
$report,
$content
);
break;
case 'evolution':
$report['contents'][] = reporting_evolution_hardening(
$report,
$content
);
break;
default:
// Default.
break;

200
pandora_console/include/functions_reporting_html.php
View File

@ -475,6 +475,34 @@ function reporting_html_print_report($report, $mini=false, $report_info=1, $cust
case 'ncm':
reporting_html_ncm_config($table, $item);
break;
case 'top_n_agents_sh':
reporting_html_top_n_agents_sh($table, $item);
break;
case 'top_n_checks_failed':
reporting_html_top_n_checks_failed($table, $item);
break;
case 'top_n_categories_checks':
reporting_html_top_n_categories_checks($table, $item);
break;
case 'vul_by_cat':
reporting_vul_by_cat_graph($table, $item);
break;
case 'list_checks':
reporting_html_list_checks($table, $item);
break;
case 'scoring':
reporting_html_scoring($table, $item);
break;
case 'evolution':
reporting_evolution_graph($table, $item);
break;
}
if ($item['type'] == 'agent_module') {
@ -490,6 +518,178 @@ function reporting_html_print_report($report, $mini=false, $report_info=1, $cust
}
/**
* Function to print the security hardening evolution.
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
*
* @return void
*/
function reporting_evolution_graph($table, $item)
{
$table->rowclass[0] = '';
$table->colspan['chart']['cell'] = 3;
$table->cellstyle['chart']['cell'] = 'text-align: center;';
$table->data['chart']['cell'] = $item['chart'];
}
/**
* Function to print the agents scoring.
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
*
* @return void
*/
function reporting_html_scoring($table, $item)
{
global $config;
$table1 = new stdClass();
$table1->width = '100%';
$table1->class = 'databox filters';
$table1->styleTable = 'border: 0px;';
$table1->data[0][0] = '<b>'.__('Date').'</b>';
$table1->data[0][1] = '<b>'.__('Agent').'</b>';
$table1->data[0][2] = '<b>'.__('Score').'</b>';
$row = 1;
foreach ($item['data'] as $key => $check) {
$table1->data[$row][1] = date($config['date_format'], $check['date']);
$table1->data[$row][2] = $check['agent'];
$table1->data[$row][3] = $check['scoring'].' %';
$row++;
}
$table->colspan[2][0] = 3;
$table->data[2][0] = html_print_table($table1, true);
}
/**
* Function to print HTML checks filtered by agent and category.
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
*
* @return void
*/
function reporting_html_list_checks($table, $item)
{
$table->rowclass[0] = '';
$table->colspan[0][1] = 2;
$table->align[3] = 'center';
$table->data[1][0] = '<b>'.__('Id').'</b>';
$table->data[1][1] = '<b>'.__('Title').'</b>';
$table->data[1][2] = '<b>'.__('Category').'</b>';
$table->data[1][3] = '<b>'.__('Status').'</b>';
$row = 2;
foreach ($item['data'] as $key => $check) {
$table->data[$row][0] = $check['id'];
$table->data[$row][1] = $check['title'];
$table->data[$row][2] = $check['category'];
$table->data[$row][3] = $check['status'];
$row++;
}
}
/**
* Function to print HTML top checks failed by category
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
*
* @return void
*/
function reporting_html_top_n_categories_checks($table, $item)
{
$table->rowclass[0] = '';
$table->data[1][0] = '<b>'.__('Id').'</b>';
$table->data[1][1] = '<b>'.__('Category').'</b>';
$table->data[1][2] = '<b>'.__('Total Failed').'</b>';
$row = 2;
foreach ($item['data'] as $key => $check) {
$table->data[$row][0] = $check['id'];
$table->data[$row][1] = $check['category'];
$table->data[$row][2] = $check['total'];
$row++;
}
}
/**
* Function to print HTML top checks failed.
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
*
* @return void
*/
function reporting_html_top_n_checks_failed($table, $item)
{
global $config;
$table->rowclass[0] = '';
$table->data[1][1] = '<b>'.__('Title').'</b>';
$table->data[1][2] = '<b>'.__('Total Failed').'</b>';
$table->data[1][3] = '<b>'.__('Description').'</b>';
$row = 2;
foreach ($item['data'] as $key => $check) {
$table->data[$row][1] = $check['title'];
$table->data[$row][2] = $check['total'];
$table->data[$row][3] = $check['description'];
$row++;
}
}
/**
* Function to print HTML top categories in graph.
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
*
* @return void
*/
function reporting_vul_by_cat_graph($table, $item)
{
$table->rowclass[0] = '';
$table->colspan['chart']['cell'] = 3;
$table->cellstyle['chart']['cell'] = 'text-align: center;';
$table->data['chart']['cell'] = $item['chart'];
}
/**
* Function to print HTML top n agents from security hardening.
*
* @param object $table Head table or false if it comes from pdf.
* @param array $item Items data.
*
* @return void
*/
function reporting_html_top_n_agents_sh($table, $item)
{
global $config;
$table->rowclass[0] = '';
$table->data[1][0] = '<b>'.__('Agent').'</b>';
$table->data[1][1] = '<b>'.__('Last audit scan').'</b>';
$table->data[1][2] = '<b>'.__('Score').'</b>';
$row = 2;
foreach ($item['data'] as $key => $agent) {
$table->data[$row][0] = $agent['alias'];
$table->data[$row][1] = date($config['date_format'], $agent['utimestamp']);
$table->data[$row][2] = $agent['datos'].' %';
$row++;
}
}
/**
* Function to print to HTML SLA report.
*

37
pandora_console/include/functions_reports.php
View File

@ -963,6 +963,43 @@ function reports_get_report_types($template=false, $not_editor=false)
'name' => __('Network configuration changes'),
];
if (enterprise_installed() === true) {
$types['top_n_agents_sh'] = [
'optgroup' => __('Security hardening'),
'name' => __('Top-N agents with the worst score'),
];
$types['top_n_checks_failed'] = [
'optgroup' => __('Security hardening'),
'name' => __('Top-N most frequent failed checks'),
];
$types['top_n_categories_checks'] = [
'optgroup' => __('Security hardening'),
'name' => __('Top-N checks failed by category'),
];
$types['vul_by_cat'] = [
'optgroup' => __('Security hardening'),
'name' => __('Vulnerabilities by category'),
];
$types['list_checks'] = [
'optgroup' => __('Security hardening'),
'name' => __('List of checks'),
];
$types['scoring'] = [
'optgroup' => __('Security hardening'),
'name' => __('Scoring by date'),
];
$types['evolution'] = [
'optgroup' => __('Security hardening'),
'name' => __('Evolution'),
];
}
return $types;
}

3
pandora_console/include/functions_ui.php
View File

@ -4223,8 +4223,7 @@ function ui_print_datatable(array $parameters)
$spinner = '<div id="'.$table_id.'-spinner" class="invisible spinner-fixed"><span></span><span></span><span></span><span></span></div>';
// TODO This widget should take a return: ui_print_info_message($info_msg_arr, '', true)
$info_msg = '<div>'.ui_print_info_message($info_msg_arr).'</div>';
$info_msg = '<div>'.ui_print_info_message($info_msg_arr, '', true).'</div>';
$info_msg_filter = '<div>'.ui_print_info_message($info_msg_arr_filter, true).'</div>';

8
pandora_console/include/graphs/fgraph.php
View File

@ -498,8 +498,12 @@ function radar_graph(
$chart_data,
$options
) {
$chart = get_build_setup_charts('RADAR', $options, $chart_data);
return $chart->render(true, true);
if (count($chart_data[0]['data']) > 0) {
$chart = get_build_setup_charts('RADAR', $options, $chart_data);
return $chart->render(true, true);
} else {
return graph_nodata_image([]);
}
}

5
pandora_console/include/styles/menu.css
View File

@ -239,6 +239,11 @@
background-size: 18px;
}
.icon_security {
background: url(../../images/menu/security.svg) no-repeat 50% 50%;
background-size: 18px;
}
.icon_oper-agents {
background: url(../../images/menu/monitoring.svg) no-repeat 50% 50%;
background-size: 18px;

80
pandora_console/include/styles/security_hardening.css
View File

@ -31,6 +31,26 @@
margin: 10px;
}
.col-md-1 {
width: 15%;
margin: 10px;
}
.col-md-2 {
width: 30%;
margin: 10px;
}
.col-md-7 {
width: 40%;
margin: 10px;
}
.col-md-9 {
width: 63%;
margin: 10px;
}
.text-fail {
font-size: 18px;
color: #e63c52;
@ -75,7 +95,7 @@
margin-right: 10px;
}
.issues-audit {
.resume-audit {
margin: 11px 12px 0px 18px;
}
@ -88,7 +108,15 @@
margin: 21px auto;
}
.time-line {
.custom-filter label {
font-size: 13px !important;
margin-right: 10px;
}
#time-line-graph {
height: 300px;
}
.time-line,
#time-line-graph {
max-height: 300px;
}
.summary_categories {
@ -96,8 +124,8 @@
margin: 20px;
}
#list_total_resume .sorting_asc {
background-image: none;
.sorting_asc {
background-image: none !important;
}
#form_list_resume {
@ -105,31 +133,67 @@
align-items: flex-end;
}
#form_list_total_resume {
#form_list_total_resume,
#form_list_total_failed {
display: flex;
align-items: flex-end;
}
.dt-buttons {
display: flex;
margin-top: 10px;
}
#date-result {
padding-left: 4px !important;
}
.total-agents {
font-weight: 800;
font-size: 40px;
text-align: center;
}
.avg-scoring {
font-size: 25px;
font-weight: 700;
line-height: normal;
}
.separator-bar {
font-size: 50px;
}
#filter-range-date {
width: 90%;
margin: 0 auto;
align-items: flex-end;
}
#filter-category > div,
#filter-group > div {
display: flex;
align-items: center;
}
@media (max-width: 1500px) {
.col-md-3 {
width: 40%;
}
.col-md-1 {
width: 20%;
}
.col-md-2 {
width: 45%;
}
.col-md-6 {
width: 88%;
}
.issues-audit {
.col-md-7 {
width: 80%;
}
.resume-audit {
justify-content: center;
}
.time-line {
.time-line,
#time-line-graph {
max-height: 230px;
}
}

2
pandora_console/operation/menu.php
View File

@ -443,6 +443,8 @@ if ($access_console_node === true) {
$menu_operation['network']['sub'] = $sub;
}
enterprise_hook('security_menu');
// End networkview.
// Reports read.
if (check_acl($config['id_user'], 0, 'RR') || check_acl($config['id_user'], 0, 'RW') || check_acl($config['id_user'], 0, 'RM')) {

3
pandora_console/pandoradb.sql
View File

@ -1673,6 +1673,9 @@ CREATE TABLE IF NOT EXISTS `treport_content` (
`macros_definition` TEXT,
`render_definition` TEXT,
`use_prefix_notation` TINYINT UNSIGNED NOT NULL DEFAULT 1,
`cat_security_hardening` INT NOT NULL DEFAULT 0,
`ignore_skipped` INT NOT NULL DEFAULT 0,
`status_of_check` TINYTEXT,
PRIMARY KEY(`id_rc`),
FOREIGN KEY (`id_report`) REFERENCES treport(`id_report`)
ON UPDATE CASCADE ON DELETE CASCADE

4
tentacle/tentacle_client
View File

@ -2,7 +2,7 @@
################################################################################
#
# Copyright (c) 2007-2008 Ramon Novoa <rnovoa@artica.es>
# Copyright (c) 2007-2023 Pandora FMS.
# Copyright (c) 2007-2023 Pandora FMS.
#
# tentacle_client.pl Tentacle Client. See https://pandorafms.com/docs/ for
# protocol description.
@ -1095,7 +1095,7 @@ Protocol description and more info at: L<< https://pandorafms.com/manual/en/docu
=head1 COPYRIGHT
Copyright (c) 2005-2023 Pandora FMS.
Copyright (c) 2005-2010 Artica Soluciones Tecnologicas S.L
=cut