lynis-autofix/app.py at master · maestroi/lynis-autofix · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
import json
import logging
import platform
import sys
import shlex
import time
import os
import re
import subprocess
from StringIO import StringIO
from pprint import pprint

## Logging stuff
datum = time.strftime("%d-%m-%Y-%H-%M-%S")
logging.basicConfig(filename='%s-log.log'%(datum) ,format='%(asctime)s - %(name)s - %(levelname)s | %(message)s |', stream=sys.stdout, level=logging.INFO)
console = logging.StreamHandler()
console.setLevel(logging.INFO)
formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s | %(message)s |')
console.setFormatter(formatter)
logging.getLogger('').addHandler(console)
listtodo = []

def fix_yes_no(question, default="yes"):
    valid = {"yes": True, "y": True, "ye": True,
             "no": False, "n": False}
    if default is None:
        prompt = " [y/n] "
    elif default == "yes":
        prompt = " [Y/n] "
    elif default == "no":
        prompt = " [y/N] "
    else:
        raise ValueError("invalid default answer: '%s'" % default)

    while True:
        sys.stdout.write(question + prompt)
        choice = raw_input().lower()
        if default is not None and choice == '':
            return valid[default]
        elif choice in valid:
            return valid[choice]
        else:
            sys.stdout.write("Please respond with 'yes' or 'no' "
                             "(or 'y' or 'n').\n")

def run_shell_command(command_line):
    command_line_args = shlex.split(command_line)

    logging.info('Subprocess: "' + command_line + '"')

    try:
        command_line_process = subprocess.Popen(
            command_line_args,
            stdout=subprocess.PIPE,
            stderr=subprocess.STDOUT,
            shell=True,
        )

        process_output, _ =  command_line_process.communicate()

    except (OSError) as exception:
        logging.info('Exception occured: ' + str(exception))
        logging.info('Subprocess failed')
        return False
    else:
        # no exception was raised
        logging.info('Subprocess finished')
    return True

def fixes():
    for todo in listtodo:
        try:
            with open('json/%s.json' % todo[0]) as data_file:
                data = json.load(data_file)
            for fix in data:
                for d in fix:
                     if fix_yes_no('Do you want to install %s - %s?'%(data[d]['id'], data[d]['Description']), default="yes") == True:
                        logging.info('We installed: %s :)' % (data[d]['id']))
                     else:
                         logging.warning('%s - %s is not installed' % (data[d]['id'], data[d]['command']))
        except:
            logging.critical('%s.json does not excist in the json directory' % todo[0])

def lynisupdate():
    if os.path.exists("/usr/local/lynis") == True:
        os.system("cd /usr/local/lynis && git pull > /dev/null 2>&1")
        logging.info('Lynis updated')
    elif os.path.exists("/usr/local/lynis") == False:
        os.system("sudo git clone https://github.com/CISOfy/lynis.git /usr/local/lynis > /dev/null 2>&1")
        logging.info('Lynis Installed')
    else:
        logging.critical('Could not update/download lynis')

def runlynis():
    try:
        logging.info('Generate Lynis Report bare with us :-)')
        os.system("cd /usr/local/lynis && sudo ./lynis audit system -q --auditor 'Lynis-autofix' --report-file /usr/local/lynis/%s-report.dat > /dev/null 2>&1 && cat /usr/local/lynis/%s-report.dat | grep suggestion > /usr/local/lynis/%s-suggestion.txt "%(datum,datum,datum))
    except:
        logging.critical('Could not create report from lynis')

def todolist():
    file = open("/usr/local/lynis/%s-suggestion.txt"%datum, "r")
    regex = r"suggestion\[\]=([A-z-0-9]+)\|"
    for row in file:
        matches = re.findall(regex, row)
        listtodo.append(matches)
    file.close()


def main():
    logging.info("Welcome to Lynis Autofix!")
    if platform.system() == "Linux":
        logging.info("Running on %s version %s" % (platform.system(), platform.release()))
    elif platform.system() != "Linux":
        logging.info("Running on %s version %s" % (platform.system(), platform.release()))
        logging.critical("%s %s not Supported!" % (platform.system(), platform.release()))
        exit()
    else:
        exit()
    logging.info(40 * "-")
    lynisupdate()
    logging.info(40 * "-")
    runlynis()
    logging.info(40 * "-")
    todolist()
    logging.info(40 * "-")
    fixes()


if __name__ == "__main__":
    user = os.getenv("SUDO_USER")
    if user is None:
        print("This program need 'sudo'")
        exit()
    main()