From e10b1b8c2dc3175fd9c023bf1159847312b153be Mon Sep 17 00:00:00 2001 From: jxd1337 Date: Tue, 19 Sep 2023 20:52:01 +0000 Subject: [PATCH 1/6] docs: Edit README / LICENSE (#148) * Add mising info to LICENSE * Simplify README * doc changes --- LICENSE | 6 +++--- README.md | 10 ++-------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/LICENSE b/LICENSE index f288702d..2674ce08 100644 --- a/LICENSE +++ b/LICENSE @@ -631,8 +631,8 @@ to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. - - Copyright (C) + grapheneX - Automated System Hardening Framework + Copyright (C) 2023 2019-2023 Orhun Parmaksız This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -652,7 +652,7 @@ Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: - Copyright (C) + grapheneX Copyright (C) 2019-2023 Orhun Parmaksız This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. diff --git a/README.md b/README.md index 7aef0fbc..14a33f09 100644 --- a/README.md +++ b/README.md @@ -4,18 +4,12 @@ > In computing, hardening is usually the process of securing a system by reducing its surface of vulnerability, which is larger when a system performs more functions; in principle a single-function system is more secure than a multipurpose one. Reducing available ways of attack typically includes changing default passwords, the removal of unnecessary software, unnecessary usernames or logins, and the disabling or removal of unnecessary services. -Although the current technology tries to design systems as safe as possible, security flaws and situations that can lead to vulnerabilities caused by unconscious use and misconfiguration still exist. -The user must be knowledgeable about the technical side of system architecture and should be aware of the importance of securing his/her system from vulnerabilities like this. -Unfortunately, it's not possible to know all the details about hardening and necessary commands for every ordinary user and the hardening remains to be a technical issue due to the difficulty of understanding operating system internals. -Therefore, there are hardening checklists that contain various commands and rules of the specified operating system available such as [trimstray/linux-hardening-checklist](https://github.com/trimstray/linux-hardening-checklist) & [Windows Server Hardening Checklist](https://www.upguard.com/blog/the-windows-server-hardening-checklist) on the internet for providing a set of commands with their sections and of course simplifying the concept for the end user. -But still, the user must know the commands and apply the hardening manually depending on the system. That's where `grapheneX` exactly comes into play. - -> The project name is derived from 'graphene'. Graphene is a one-atom-thick layer of carbon atoms arranged in a hexagonal lattice. In proportion to its thickness, it is about 100 times stronger than the strongest steel. - `grapheneX` project aims to provide a framework for securing the system with hardening commands automatically. It's designed for the end user as well as the Linux and Windows developers due to the interface options. (interactive shell/web interface) In addition to that, `grapheneX` can be used to secure a web server/application. +> The project name is derived from 'graphene'. Graphene is a one-atom-thick layer of carbon atoms arranged in a hexagonal lattice. In proportion to its thickness, it is about 100 times stronger than the strongest steel. + Hardening commands and the scopes of those commands are referred to `modules` and the `namespaces` in the project. They exist at the `modules.json` file after installation. (`$PYPATH/site-packages/graphenex/modules.json`) Additionally, it's possible to add, edit or remove modules and namespaces. From 071f90709515c4d27e3d9d22148fcc6c38020a8b Mon Sep 17 00:00:00 2001 From: jxd1337 Date: Wed, 20 Sep 2023 15:27:42 +0000 Subject: [PATCH 2/6] fix: Use shell for running commands on Linux (#150) --- graphenex/core/hrd/exec.py | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/graphenex/core/hrd/exec.py b/graphenex/core/hrd/exec.py index 8f9920d5..2b80492a 100644 --- a/graphenex/core/hrd/exec.py +++ b/graphenex/core/hrd/exec.py @@ -6,24 +6,22 @@ class OsExec(ABC): @abstractmethod - def run_cmd(self): + def run_cmd(self, cmd): pass class LinuxExec(OsExec): - def run_cmd(self, cmd, **kwargs): + def run_cmd(self, cmd, shell=True, **kwargs): """ Executes the Linux command and returns it's output in UTF-8 format. Supports passing `kwargs`. """ cmd = cmd.replace("$USER", os.environ["USER"]) - args = shlex.split(cmd) - out = subprocess.PIPE - if args[-2] == '>' or args[-2] == '>>': - out = open(args[-1], 'w' if args[-2] == '>' else 'a') - args = args[:-2] - result = subprocess.run(args, stdout=out, **kwargs) + result = subprocess.run(cmd, stdout=subprocess.PIPE, shell=shell, **kwargs) + if result.returncode != 0: + raise PermissionError + try: return result.stdout.decode('utf-8') except AttributeError: From bfcb38d83ff8581eacd4b46b3095d33351b39a47 Mon Sep 17 00:00:00 2001 From: jxd1337 Date: Thu, 21 Sep 2023 11:46:57 +0000 Subject: [PATCH 3/6] fix: correct typo and phrasing of bug-report.md (#151) --- .github/ISSUE_TEMPLATE/bug-report.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug-report.md b/.github/ISSUE_TEMPLATE/bug-report.md index 1fabb48c..8bea337a 100644 --- a/.github/ISSUE_TEMPLATE/bug-report.md +++ b/.github/ISSUE_TEMPLATE/bug-report.md @@ -12,8 +12,8 @@ A clear and concise description of what the bug is. **Log Messages** Tell us what make you face this issue. -Provide log messages if you get them when the error occur. -Also reproduction steps would be helpful for us to understand the situation. +Provide log messages if you get them when the error occurs. +Provide reproduction steps that will help us understand the situation. **Expected behavior** A clear and concise description of what you expected to happen. From 9be980d115b96ec5ac9cbd8e0d69818ddf00638b Mon Sep 17 00:00:00 2001 From: KacperNapierski <80033411+KacperNapierski@users.noreply.github.com> Date: Fri, 22 Sep 2023 15:42:27 +0200 Subject: [PATCH 4/6] Add CI workflow (#149) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Orhun Parmaksız --- .github/workflows/CI.yaml | 89 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) create mode 100644 .github/workflows/CI.yaml diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml new file mode 100644 index 00000000..42c158aa --- /dev/null +++ b/.github/workflows/CI.yaml @@ -0,0 +1,89 @@ +name: Continuous Integration + +on: + workflow_dispatch: + pull_request: + branches: + - master + paths: + - 'docker/**' + - 'graphenex/**' + push: + branches: + - master + paths: + - 'docker/**' + - 'graphenex/**' + + +jobs: + linter: + name: "Linter check" + runs-on: ubuntu-latest + steps: + - name: checkout + uses: actions/checkout@v3 + + - name: 'flake8 python linter' + uses: py-actions/flake8@v2 + + + setup_linux: + name: "Linux setup" + runs-on: ubuntu-latest + #needs: linter + steps: + - name: checkout + uses: actions/checkout@v3 + + - name: 'install dependencies' + run: | + sudo apt-get update + sudo apt-get install -y \ + --no-install-recommends \ + --allow-unauthenticated python3-pip + + - name: 'install graphenex' + run: | + python3 -m pip install poetry + poetry install + + - name: "python import issue workaround" + run: sed -i '/Mapping/s/collections/collections.abc/' /home/runner/.cache/pypoetry/virtualenvs/graphenex--sEiZHBC-py3.10/lib/python3.10/site-packages/prompt_toolkit/styles/from_dict.py + + - name: 'run graphenex' + run: poetry run grapheneX + + + setup_windows: + name: "Windows setup" + runs-on: windows-latest + #needs: linter + steps: + - name: checkout + uses: actions/checkout@v3 + + - name: 'install python' + uses: actions/setup-python@v4 + with: + python-version: '3.10.0' + cache: 'pip' + + - name: 'update pip' + run: python -m pip install --upgrade pip + + - name: 'install graphenex' + run: | + python3 -m pip install poetry + poetry install + + - name: 'python import issue workaround' + shell: pwsh + run: (Get-Content C:\Users\runneradmin\AppData\Local\pypoetry\Cache\virtualenvs\graphenex-6fD1lE0z-py3.10\lib\site-packages\prompt_toolkit\styles\from_dict.py) -Replace 'from collections import Mapping', 'from collections.abc import Mapping' | Set-Content C:\Users\runneradmin\AppData\Local\pypoetry\Cache\virtualenvs\graphenex-6fD1lE0z-py3.10\lib\site-packages\prompt_toolkit\styles\from_dict.py + + - name: "pip update flask_socketio" + run: python3 -m pip install --upgrade flask_socketio + + - name: 'run graphenex' + run: poetry run grapheneX + From 42da9bdcb903af199ebbf0ba44795166ca9230be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Orhun=20Parmaks=C4=B1z?= Date: Fri, 22 Sep 2023 16:40:07 +0300 Subject: [PATCH 5/6] Format the workflow file --- .github/workflows/CI.yaml | 46 +++++++++++++++++++-------------------- 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml index 42c158aa..f3a52d07 100644 --- a/.github/workflows/CI.yaml +++ b/.github/workflows/CI.yaml @@ -6,15 +6,14 @@ on: branches: - master paths: - - 'docker/**' - - 'graphenex/**' + - "docker/**" + - "graphenex/**" push: branches: - master paths: - - 'docker/**' - - 'graphenex/**' - + - "docker/**" + - "graphenex/**" jobs: linter: @@ -24,10 +23,9 @@ jobs: - name: checkout uses: actions/checkout@v3 - - name: 'flake8 python linter' + - name: "flake8 python linter" uses: py-actions/flake8@v2 - setup_linux: name: "Linux setup" runs-on: ubuntu-latest @@ -35,26 +33,27 @@ jobs: steps: - name: checkout uses: actions/checkout@v3 - - - name: 'install dependencies' + + - name: "install dependencies" run: | sudo apt-get update sudo apt-get install -y \ --no-install-recommends \ --allow-unauthenticated python3-pip - - name: 'install graphenex' + - name: "install grapheneX" run: | python3 -m pip install poetry - poetry install + poetry install - name: "python import issue workaround" - run: sed -i '/Mapping/s/collections/collections.abc/' /home/runner/.cache/pypoetry/virtualenvs/graphenex--sEiZHBC-py3.10/lib/python3.10/site-packages/prompt_toolkit/styles/from_dict.py + run: | + sed -i '/Mapping/s/collections/collections.abc/' \ + /home/runner/.cache/pypoetry/virtualenvs/graphenex--sEiZHBC-py3.10/lib/python3.10/site-packages/prompt_toolkit/styles/from_dict.py - - name: 'run graphenex' + - name: "run grapheneX" run: poetry run grapheneX - setup_windows: name: "Windows setup" runs-on: windows-latest @@ -63,27 +62,26 @@ jobs: - name: checkout uses: actions/checkout@v3 - - name: 'install python' + - name: "install python" uses: actions/setup-python@v4 with: - python-version: '3.10.0' - cache: 'pip' - - - name: 'update pip' + python-version: "3.10.0" + cache: "pip" + + - name: "update pip" run: python -m pip install --upgrade pip - - name: 'install graphenex' + - name: "install grapheneX" run: | python3 -m pip install poetry - poetry install + poetry install - - name: 'python import issue workaround' + - name: "python import issue workaround" shell: pwsh run: (Get-Content C:\Users\runneradmin\AppData\Local\pypoetry\Cache\virtualenvs\graphenex-6fD1lE0z-py3.10\lib\site-packages\prompt_toolkit\styles\from_dict.py) -Replace 'from collections import Mapping', 'from collections.abc import Mapping' | Set-Content C:\Users\runneradmin\AppData\Local\pypoetry\Cache\virtualenvs\graphenex-6fD1lE0z-py3.10\lib\site-packages\prompt_toolkit\styles\from_dict.py - name: "pip update flask_socketio" run: python3 -m pip install --upgrade flask_socketio - - name: 'run graphenex' + - name: "run grapheneX" run: poetry run grapheneX - From bb6bc5fa6e478bafdf5befbbb120b08d479516c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Orhun=20Parmaks=C4=B1z?= Date: Fri, 22 Sep 2023 16:41:27 +0300 Subject: [PATCH 6/6] Rename workflow file --- .github/workflows/{CI.yaml => ci.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{CI.yaml => ci.yml} (100%) diff --git a/.github/workflows/CI.yaml b/.github/workflows/ci.yml similarity index 100% rename from .github/workflows/CI.yaml rename to .github/workflows/ci.yml