Commit 5cc1515b authored by Franco Fichtner's avatar Franco Fichtner

firmware: add audit feature, @jschellevis will like this...

parent dd80bded
...@@ -551,6 +551,7 @@ ...@@ -551,6 +551,7 @@
/usr/local/opnsense/scripts/filter/list_table.py /usr/local/opnsense/scripts/filter/list_table.py
/usr/local/opnsense/scripts/filter/list_tables.py /usr/local/opnsense/scripts/filter/list_tables.py
/usr/local/opnsense/scripts/filter/pfinfo.py /usr/local/opnsense/scripts/filter/pfinfo.py
/usr/local/opnsense/scripts/firmware/audit.sh
/usr/local/opnsense/scripts/firmware/changelog.sh /usr/local/opnsense/scripts/firmware/changelog.sh
/usr/local/opnsense/scripts/firmware/check.sh /usr/local/opnsense/scripts/firmware/check.sh
/usr/local/opnsense/scripts/firmware/hotfix.sh /usr/local/opnsense/scripts/firmware/hotfix.sh
......
...@@ -273,6 +273,26 @@ class FirmwareController extends ApiControllerBase ...@@ -273,6 +273,26 @@ class FirmwareController extends ApiControllerBase
return $response; return $response;
} }
/**
* run a security audit
* @return array status
* @throws \Exception
*/
public function auditAction()
{
$backend = new Backend();
$response = array();
if ($this->request->isPost()) {
$response['status'] = 'ok';
$response['msg_uuid'] = trim($backend->configdRun("firmware audit", true));
} else {
$response['status'] = 'failure';
}
return $response;
}
/** /**
* reinstall package * reinstall package
* @param string $pkg_name package name to reinstall * @param string $pkg_name package name to reinstall
......
...@@ -63,6 +63,7 @@ POSSIBILITY OF SUCH DAMAGE. ...@@ -63,6 +63,7 @@ POSSIBILITY OF SUCH DAMAGE.
// unhide upgrade button // unhide upgrade button
$("#upgrade").attr("style",""); $("#upgrade").attr("style","");
$("#audit").attr("style","display:none");
// show upgrade list // show upgrade list
$('#update_status').hide(); $('#update_status').hide();
...@@ -91,6 +92,7 @@ POSSIBILITY OF SUCH DAMAGE. ...@@ -91,6 +92,7 @@ POSSIBILITY OF SUCH DAMAGE.
packagesInfo(false); packagesInfo(false);
} else { } else {
$("#upgrade").attr("style","display:none"); $("#upgrade").attr("style","display:none");
$("#audit").attr("style","");
// update list so plugins sync as well (all) // update list so plugins sync as well (all)
packagesInfo(true); packagesInfo(true);
...@@ -106,6 +108,7 @@ POSSIBILITY OF SUCH DAMAGE. ...@@ -106,6 +108,7 @@ POSSIBILITY OF SUCH DAMAGE.
$('#update_status').show(); $('#update_status').show();
$('#updatetab > a').tab('show'); $('#updatetab > a').tab('show');
$('#updatestatus').html("{{ lang._('Upgrading...') }}"); $('#updatestatus').html("{{ lang._('Upgrading...') }}");
$("#audit").attr("style","display:none");
$("#upgrade").attr("style",""); $("#upgrade").attr("style","");
$("#upgrade_progress").addClass("fa fa-spinner fa-pulse"); $("#upgrade_progress").addClass("fa fa-spinner fa-pulse");
...@@ -115,6 +118,24 @@ POSSIBILITY OF SUCH DAMAGE. ...@@ -115,6 +118,24 @@ POSSIBILITY OF SUCH DAMAGE.
}); });
} }
/**
* perform audit, install poller to update status
*/
function audit() {
$.upgrade_action = 'audit';
$('#updatelist').hide();
$('#update_status').show();
$('#updatetab > a').tab('show');
$('#updatestatus').html("{{ lang._('Auditing...') }}");
$("#audit").attr("style","");
$("#audit_progress").addClass("fa fa-spinner fa-pulse");
ajaxCall('/api/core/firmware/audit', {}, function () {
$('#updatelist').empty();
setTimeout(trackStatus, 500);
});
}
/** /**
* read license from backend * read license from backend
*/ */
...@@ -218,9 +239,9 @@ POSSIBILITY OF SUCH DAMAGE. ...@@ -218,9 +239,9 @@ POSSIBILITY OF SUCH DAMAGE.
} }
/** /**
* handle update status * handle check/audit/upgrade status
*/ */
function trackStatus(){ function trackStatus() {
ajaxGet('/api/core/firmware/upgradestatus',{},function(data, status) { ajaxGet('/api/core/firmware/upgradestatus',{},function(data, status) {
if (data['log'] != undefined) { if (data['log'] != undefined) {
$('#update_status').html(data['log']); $('#update_status').html(data['log']);
...@@ -228,12 +249,16 @@ POSSIBILITY OF SUCH DAMAGE. ...@@ -228,12 +249,16 @@ POSSIBILITY OF SUCH DAMAGE.
} }
if (data['status'] == 'done') { if (data['status'] == 'done') {
$("#upgrade_progress").removeClass("fa fa-spinner fa-pulse"); $("#upgrade_progress").removeClass("fa fa-spinner fa-pulse");
if ($.upgrade_action != 'pkg') { $("#audit_progress").removeClass("fa fa-spinner fa-pulse");
$('#updatestatus').html("{{ lang._('Upgrade done!') }}"); if ($.upgrade_action == 'pkg') {
} else {
$('#updatestatus').html("{{ lang._('Package manager update done. Please check for more updates.') }}"); $('#updatestatus').html("{{ lang._('Package manager update done. Please check for more updates.') }}");
} else if ($.upgrade_action == 'audit') {
$('#updatestatus').html("{{ lang._('Audit done.') }}");
} else {
$('#updatestatus').html("{{ lang._('Upgrade done.') }}");
} }
$("#upgrade").attr("style","display:none"); $("#upgrade").attr("style","display:none");
$("#audit").attr("style","");
packagesInfo(true); packagesInfo(true);
} else if (data['status'] == 'reboot') { } else if (data['status'] == 'reboot') {
BootstrapDialog.show({ BootstrapDialog.show({
...@@ -418,6 +443,7 @@ POSSIBILITY OF SUCH DAMAGE. ...@@ -418,6 +443,7 @@ POSSIBILITY OF SUCH DAMAGE.
// link event handlers // link event handlers
$('#checkupdate').click(updateStatus); $('#checkupdate').click(updateStatus);
$('#upgrade').click(upgrade_ui); $('#upgrade').click(upgrade_ui);
$('#audit').click(audit);
// show upgrade message if there // show upgrade message if there
if ($('#message').html() != '') { if ($('#message').html() != '') {
$('#message').attr('style', ''); $('#message').attr('style', '');
...@@ -550,6 +576,7 @@ POSSIBILITY OF SUCH DAMAGE. ...@@ -550,6 +576,7 @@ POSSIBILITY OF SUCH DAMAGE.
<div id="message" style="display:none" class="alert alert-warning" role="alert"><?= @file_get_contents('/usr/local/opnsense/firmware-message') ?></div> <div id="message" style="display:none" class="alert alert-warning" role="alert"><?= @file_get_contents('/usr/local/opnsense/firmware-message') ?></div>
<div class="alert alert-info" role="alert" style="min-height: 65px;"> <div class="alert alert-info" role="alert" style="min-height: 65px;">
<button class='btn btn-primary pull-right' id="upgrade" style="display:none"><i id="upgrade_progress" class=""></i> {{ lang._('Upgrade now') }}</button> <button class='btn btn-primary pull-right' id="upgrade" style="display:none"><i id="upgrade_progress" class=""></i> {{ lang._('Upgrade now') }}</button>
<button class='btn btn-primary pull-right' id="audit"><i id="audit_progress" class=""></i> {{ lang._('Audit now') }}</button>
<button class='btn btn-default pull-right' id="checkupdate" style="margin-right: 8px;"><i id="checkupdate_progress" class=""></i> {{ lang._('Check for updates')}}</button> <button class='btn btn-default pull-right' id="checkupdate" style="margin-right: 8px;"><i id="checkupdate_progress" class=""></i> {{ lang._('Check for updates')}}</button>
<div style="margin-top: 8px;" id="updatestatus">{{ lang._('Click to check for updates.')}}</div> <div style="margin-top: 8px;" id="updatestatus">{{ lang._('Click to check for updates.')}}</div>
</div> </div>
......
#!/bin/sh
# Copyright (C) 2016 Franco Fichtner <franco@opnsense.org>
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
PKG_PROGRESS_FILE=/tmp/pkg_upgrade.progress
# Truncate upgrade progress file
: > ${PKG_PROGRESS_FILE}
echo "***GOT REQUEST TO AUDIT" >> ${PKG_PROGRESS_FILE}
pkg audit -F >> ${PKG_PROGRESS_FILE} 2>&1
echo '***DONE***' >> ${PKG_PROGRESS_FILE}
...@@ -28,6 +28,7 @@ BASEDIR="/usr/local/opnsense/scripts/firmware" ...@@ -28,6 +28,7 @@ BASEDIR="/usr/local/opnsense/scripts/firmware"
LOCKFILE="/tmp/pkg_upgrade.progress" LOCKFILE="/tmp/pkg_upgrade.progress"
FLOCK="/usr/local/bin/flock -n -o" FLOCK="/usr/local/bin/flock -n -o"
COMMANDS=" COMMANDS="
audit
hotfix hotfix
install install
lock lock
......
...@@ -35,6 +35,12 @@ parameters:%s ...@@ -35,6 +35,12 @@ parameters:%s
type:script_output type:script_output
message:Viewing license for %s message:Viewing license for %s
[audit]
command:/usr/sbin/daemon -f /usr/local/opnsense/scripts/firmware/launcher.sh audit
parameters:
type:script
message:Retrieving vulnerability report
[running] [running]
command:/usr/local/opnsense/scripts/firmware/running.sh command:/usr/local/opnsense/scripts/firmware/running.sh
parameters: parameters:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment