Application Overview
The application is to manage a web server and to send a script over multiple server, and once the script is run, the server will collect them, display to the user and it will as the user for input as of suggested commands as we well as customed commands entered by the user that need to run on the remote server(s).
## Deliverables
Tabs
The application would have the following tabs:
Main, Setup, Servers, Reports, Scan Servers, Security, Update, Backup
Main:? This screen will contain messages such us reports based on servers
Every 2 months will be a reminder to the administrator
[login to view URL]
Status of the server, Memory, Disk Space Usage, CPU usage.
======================================================================
Setup:? ? The administrator would need to manually input the server
Server Name
Domain Name
IP Address
Netmask
Gateway
Name Servers
NTP Server
Private Key
to SSH to Servers
Pull down menu to select eth0, ethX (Based on the nics of the server,
the script can find out using ifconfig)
Button to add more information about interfaces,
this can be accomplished with different NICS
NICs eth0
eth1
ethX. **
Admin Email: For the admin to enter their email.
======================================================================
Servers:? ? The application would allow the user to add servers
within range which means instead of typing 1000 ip address that start with
[login to view URL], the administrator can simply put 10.XX.XX.1 to 10.XX.XX.254
each server will be within a group (Webserver, Database, Application), site(Florida), Customer(Customer A, Customer B).
The administrator will set this up, and it will give access to others to add/delete/
modify categories.
======================================================================
Reports: This would be an archive for previous scans, now this can be setup in such a way that servers, would be group into customers, per server application (webserver, database server, app server).
In this way, the administration should be able to apply the fixes in parallel to the
current status and findings per server.
Each server will have a list of cat I's (in red), and only the admin would be able to set the category OK.
Cat II's (blue) and Cat III's (green).
There are 2 lists per Category one with plain number of Open Security issues, and
the other with the actual description.
=======================================================================
Scan Servers: This tab will allow admins to scan the servers this
can be done in parallel (multiple servers at the time, based in categories such us
application, and/or customer). Before that each server will have a checkmark on their
side and on top it will have a check/uncheck all option.
Once the scan starts, it will wait 3 minutes before the server will
collect all of its data from the target server and format it in a html report.
After that it will list the finding number with a suggested fix with a
warning and a box in which the administrator should be able to enter a custom fix (Linux/Unix commands to change permissions and/or other items).
==========================================================================
Security (Since there should be a login screen)
- Two Main users the Administrator, who will add users and permissions per user
to add/modify servers and add custom commands. This tab will Appear only for the admin.
==========================================================================?
Update
- The server will go out to the internet to a given site (to be determined) and check if a file is available every time that the scan is run. Now if the file has already being downloaded it will output: The latest file is being used.
==========================================================================
Backup
- The server will create a dump of the sql server of the entire mysql database.
The backup will have a schedule in which the user will be allowed to enter
minute, hour, day of the week,
==========================================================================
GUI
- The GUI looks, it may be something this site
[login to view URL]
[login to view URL]
Colors to be used should be blue and cane green
==========================================================================
Scanning process
1) Based on the group of servers that the users select (It should be allowed multiple users to perform scanning, but once the server(s) is being used by user A, user B will be denied access.
After the initial scan, the system will wait for 2 minutes and then it will pull 3 files
/tmp/[login to view URL]$servername/$[login to view URL]
/tmp/[login to view URL]$servername/$[login to view URL]
/tmp/[login to view URL]$servername/$[login to view URL]
There will be 3 kinds of files one for category I, II and III,
For Instance it would say:
3 Category I
15 Category II
50 Category III
/tmp/[login to view URL]$servername/$[login to view URL]
For example it will say:
GEN000340
GEN000450
GEN003040
**********************************************************************
Each file should be imported by issuing
cat /tmp/[login to view URL]$servername/[login to view URL]
cat /tmp/[login to view URL]$servername/[login to view URL]
cat /tmp/[login to view URL]$servername/[login to view URL]
All of these files should be zipped up with a tar file
and import them to the Central Server.
**********************************************************************
It will display the following:
FDR Script Version: LINUX_51-25Jun2010
UNIX SRR Checklist Page: 30
PDI Number: GEN000340
Finding Category: CAT II
Reference: LINUX 3.1.1
Description: The SA will ensure uids 0 - 99 (0-499 for Linux) are
reserved for system accounts.
Status: Open
For example:
GEN000340: avahi-autoipd is not a privileged account.
GEN000340: oprofile is not a privileged account.
GEN000340: sabayon is not a privileged account.
SRR Script Version: UNIX_51-25Jun2010
UNIX SRR Checklist Page: 38
------------------------------------------------------
Now the action should be entered into a db, also based on the output it will prompt
the user for an action previosuly entered, and/or ask to run custom command.
then we will
3 of them will display the total amount of finding which will server to let the end user
the amount of security findings per server, per group, per site
Scanning Script performed on $date, every time it will be run, it should
archive its results.
2) After 2 minutes, the server will pull files from each
/tmp/[login to view URL]$servername/$[login to view URL]
/tmp/[login to view URL]$servername/$[login to view URL]
/tmp/[login to view URL]$servername/$[login to view URL]
now for each finding it will have to
3) Then the findings will be displayed on the screen of the php page:
========================================================================================================
FDR Script Version: LINUX_51-25Jun2010
UNIX SRR Checklist Page: 30
PDI Number: GEN000340
Finding Category: CAT II
Reference: LINUX 3.1.1
Description: The SA will ensure uids 0 - 99 (0-499 for Linux) are
reserved for system accounts.
Status: Open
For example:
GEN000340: avahi-autoipd is not a privileged account.
GEN000340: oprofile is not a privileged account.
GEN000340: sabayon is not a privileged account.
SRR Script Version: UNIX_51-25Jun2010
UNIX SRR Checklist Page: 38
PDI Number: GEN000480
Finding Category: CAT II
Reference: UNIX STIG: 3.1.3
Description: The login delay between login prompts after a failed login
is set to less than four seconds.
Status: Open
For example:
GEN000480: FAIL_DELAY is not set in /etc/login.defs.
========================================================================================================
FDR Script Version: LINUX_51-25Jun2010
UNIX ZSR
PDI Number: GEN001240
Finding Category: CAT II
Reference: LINUX
Description: The group owner of system files, programs, and directories
is not a system group.
Status: Open
For example:
-rwxr----- 1 sysadmin sysadmin 916 Jul 19 09:41 /etc/rc.d/init.d/vir
-rwxr----- 1 sysadmin sysadmin 752 Jul 19 11:55 /etc/rc.d/init.d/set10netaliases
========================================================================================================
4) Next based on the finding it will propose a command line solution:
FDR Script Version: LINUX_51-25Jun2010
UNIX ZSR
PDI Number: GEN001240
Finding Category: CAT II
Reference: LINUX
Description: The group owner of system files, programs, and directories
is not a system group.
Status: Open
For example:
-rwxr----- 1 sysadmin sysadmin 916 Jul 19 09:41 /etc/rc.d/init.d/vir
-rwxr----- 1 sysadmin sysadmin 752 Jul 19
11:55 /etc/rc.d/init.d/set10netaliases
------------------------------------------------------------------------------------------------
Proposed Solution:
chown root:root /etc/rc.d/init.d/vir? ? (checkbox) to accept solution
Enter Custom Command:
blank line with a plus sign at the end in case that multiple commands
are needed to entry.
5) Once the entire list has been completed, it will create a shell
script based on the display above with all of the commands? ? ? ? ? entered
and it will be collected via sftp to the target server, and be executed remotely.
6) After that the scanning script will be run again and report the
results back.