Merge branch 'grapheneX:master' into master

.github/ISSUE_TEMPLATE/bug-report.md

@@ -12,8 +12,8 @@ A clear and concise description of what the bug is.
 
 **Log Messages**
 Tell us what make you face this issue.
-Provide log messages if you get them when the error occur.
-Also reproduction steps would be helpful for us to understand the situation.
+Provide log messages if you get them when the error occurs.
+Provide reproduction steps that will help us understand the situation.
 
 **Expected behavior**
 A clear and concise description of what you expected to happen.

.github/workflows/ci.yml

@@ -0,0 +1,87 @@
+name: Continuous Integration
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - "docker/**"
+      - "graphenex/**"
+  push:
+    branches:
+      - master
+    paths:
+      - "docker/**"
+      - "graphenex/**"
+
+jobs:
+  linter:
+    name: "Linter check"
+    runs-on: ubuntu-latest
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: "flake8 python linter"
+        uses: py-actions/flake8@v2
+
+  setup_linux:
+    name: "Linux setup"
+    runs-on: ubuntu-latest
+    #needs: linter
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: "install dependencies"
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            --no-install-recommends \
+            --allow-unauthenticated python3-pip
+
+      - name: "install grapheneX"
+        run: |
+          python3 -m pip install poetry
+          poetry install
+
+      - name: "python import issue workaround"
+        run: |
+          sed -i '/Mapping/s/collections/collections.abc/' \
+            /home/runner/.cache/pypoetry/virtualenvs/graphenex--sEiZHBC-py3.10/lib/python3.10/site-packages/prompt_toolkit/styles/from_dict.py
+
+      - name: "run grapheneX"
+        run: poetry run grapheneX
+
+  setup_windows:
+    name: "Windows setup"
+    runs-on: windows-latest
+    #needs: linter
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: "install python"
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10.0"
+          cache: "pip"
+
+      - name: "update pip"
+        run: python -m pip install --upgrade pip
+
+      - name: "install grapheneX"
+        run: |
+          python3 -m pip install poetry
+          poetry install
+
+      - name: "python import issue workaround"
+        shell: pwsh
+        run: (Get-Content C:\Users\runneradmin\AppData\Local\pypoetry\Cache\virtualenvs\graphenex-6fD1lE0z-py3.10\lib\site-packages\prompt_toolkit\styles\from_dict.py) -Replace 'from collections import Mapping', 'from collections.abc import Mapping' | Set-Content C:\Users\runneradmin\AppData\Local\pypoetry\Cache\virtualenvs\graphenex-6fD1lE0z-py3.10\lib\site-packages\prompt_toolkit\styles\from_dict.py
+
+      - name: "pip update flask_socketio"
+        run: python3 -m pip install --upgrade flask_socketio
+
+      - name: "run grapheneX"
+        run: poetry run grapheneX

LICENSE

@@ -631,8 +631,8 @@ to attach them to the start of each source file to most effectively
 state the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
 
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
+    grapheneX - Automated System Hardening Framework
+    Copyright (C) 2023 2019-2023 Orhun Parmaksız
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail.
   If the program does terminal interaction, make it output a short
 notice like this when it starts in an interactive mode:
 
-    <program>  Copyright (C) <year>  <name of author>
+    grapheneX  Copyright (C) 2019-2023 Orhun Parmaksız
     This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.

README.md

@@ -4,18 +4,12 @@
 
 > In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services.
 
-Although the current technology tries to design systems as safe as possible, security flaws and situations that can lead to vulnerabilities caused by unconscious use and misconfiguration still exist.
-The user must be knowledgeable about the technical side of system architecture and should be aware of the importance of securing his/her system from vulnerabilities like this.
-Unfortunately, it's not possible to know all the details about hardening and necessary commands for every ordinary user and the hardening remains to be a technical issue due to the difficulty of understanding operating system internals.
-Therefore, there are hardening checklists that contain various commands and rules of the specified operating system available such as [trimstray/linux-hardening-checklist](https://github.com/trimstray/linux-hardening-checklist) & [Windows Server Hardening Checklist](https://www.upguard.com/blog/the-windows-server-hardening-checklist) on the internet for providing a set of commands with their sections and of course simplifying the concept for the end user.
-But still, the user must know the commands and apply the hardening manually depending on the system. That's where `grapheneX` exactly comes into play.
-
-> The project name is derived from 'graphene'. Graphene is a one-atom-thick layer of carbon atoms arranged in a hexagonal lattice. In proportion to its thickness, it is about 100 times stronger than the strongest steel.
-
 `grapheneX` project aims to provide a framework for securing the system with hardening commands automatically.
 It's designed for the end user as well as the Linux and Windows developers due to the interface options. (interactive shell/web interface)
 In addition to that, `grapheneX` can be used to secure a web server/application.
 
+> The project name is derived from 'graphene'. Graphene is a one-atom-thick layer of carbon atoms arranged in a hexagonal lattice. In proportion to its thickness, it is about 100 times stronger than the strongest steel.
+
 Hardening commands and the scopes of those commands are referred to `modules` and the `namespaces` in the project.
 They exist at the `modules.json` file after installation. (`$PYPATH/site-packages/graphenex/modules.json`)
 Additionally, it's possible to add, edit or remove modules and namespaces.

graphenex/core/hrd/exec.py

@@ -6,24 +6,22 @@
 
 class OsExec(ABC):
     @abstractmethod
-    def run_cmd(self):
+    def run_cmd(self, cmd):
         pass
 
 
 class LinuxExec(OsExec):
-    def run_cmd(self, cmd, **kwargs):
+    def run_cmd(self, cmd, shell=True, **kwargs):
         """
         Executes the Linux command and returns it's output in UTF-8 format.
         Supports passing `kwargs`.
         """
 
         cmd = cmd.replace("$USER", os.environ["USER"])
-        args = shlex.split(cmd)
-        out = subprocess.PIPE
-        if args[-2] == '>' or args[-2] == '>>':
-            out = open(args[-1], 'w' if args[-2] == '>' else 'a')
-            args = args[:-2]
-        result = subprocess.run(args, stdout=out, **kwargs)
+        result = subprocess.run(cmd, stdout=subprocess.PIPE, shell=shell, **kwargs)
+        if result.returncode != 0:
+            raise PermissionError
+
         try:
             return result.stdout.decode('utf-8')
         except AttributeError: