Update config backend for profiles

config/server/level-1.toml

@@ -103,7 +103,7 @@ disable_root_login = true
 disable_host_based_auth = true
 disable_permit_empty_passwords = true
 disable_permit_user_env = true
-enable_ingore_rhosts = true
+enable_ignore_rhosts = true
 disable_x11_forwarding = false
 enable_strong_ciphers = true
 enable_strong_mac_algorithms = true
@@ -117,8 +117,9 @@ enable_max_sessions = true
 max_sessions = 10
 enable_login_grace_time = true
 login_grace_time = 60 # in seconds
-enable_client_alive = true
+enable_client_alive_interval = true
 client_alive_interval = 300 # in seconds
+enable_client_alive_count_max = true
 client_alive_count_max = 3
 
 [privilege_escalation] # Privilege Escalation

config/server/level-2.toml

@@ -102,7 +102,7 @@ disable_root_login = true
 disable_host_based_auth = true
 disable_permit_empty_passwords = true
 disable_permit_user_env = true
-enable_ingore_rhosts = true
+enable_ignore_rhosts = true
 disable_x11_forwarding = true
 enable_strong_ciphers = true
 enable_strong_mac_algorithms = true
@@ -116,8 +116,9 @@ enable_max_sessions = true
 max_sessions = 10
 enable_login_grace_time = true
 login_grace_time = 60 # in seconds
-enable_client_alive = true
+enable_client_alive_interval = true
 client_alive_interval = 300 # in seconds
+enable_client_alive_count_max = true
 client_alive_count_max = 3
 
 [privilege_escalation] # Privilege Escalation

config/workstation/level-1.toml

@@ -103,7 +103,7 @@ disable_root_login = true
 disable_host_based_auth = true
 disable_permit_empty_passwords = true
 disable_permit_user_env = true
-enable_ingore_rhosts = true
+enable_ignore_rhosts = true
 disable_x11_forwarding = true
 enable_strong_ciphers = true
 enable_strong_mac_algorithms = true

config/workstation/level-2.toml

@@ -102,7 +102,7 @@ disable_root_login = true
 disable_host_based_auth = true
 disable_permit_empty_passwords = true
 disable_permit_user_env = true
-enable_ingore_rhosts = true
+enable_ignore_rhosts = true
 disable_x11_forwarding = true
 enable_strong_ciphers = true
 enable_strong_mac_algorithms = true
@@ -116,8 +116,9 @@ enable_max_sessions = true
 max_sessions = 10
 enable_login_grace_time = true
 login_grace_time = 60 # in seconds
-enable_client_alive = true
+enable_client_alive_interval = true
 client_alive_interval = 300 # in seconds
+enable_client_alive_count_max = true
 client_alive_count_max = 3
 
 [privilege_escalation] # Privilege Escalation

harden/config_file.py

@@ -71,6 +71,7 @@ def init(file_path: str = DEFAULT_CONFIG_PATH):
 
 def init_profile(profile_name: str):
     file_path = get_profile_path(profile_name)
+    shutil.copyfile(DEFAULT_CONFIG_PATH, file_path)
     create_copy(file_path)
     return physical_ports.get_devices(read(file_path))
 
@@ -91,7 +92,6 @@ def import_level(level: str = "w1"):
 
 def update_toml_obj(toml_obj: tomlkit.items.Item, config: dict):
     # Recursively update the toml object with the config dict
-    print(config)
     for key, value in config.items():
         if isinstance(value, dict):
             update_toml_obj(value, toml_obj[key])

harden/physical_ports.py

@@ -39,7 +39,10 @@ def get_devices(all_config):
         else:
             ports[port_id] = {"id": port_id, "name": device_name, "allow": True}
 
-    config.update({"device-rules": list(devices.values()), "port-rules": list(ports.values())})
+    new_config = all_config.unwrap()
+    new_config["physical-ports"]["device-rules"] = list(devices.values())
+    new_config["physical-ports"]["port-rules"] = list(ports.values())
+    config_file.update_toml_obj(all_config, new_config)
     return all_config
 
 

main.py

@@ -11,6 +11,7 @@ class MainWindow(QMainWindow):
     theme_signal = pyqtSignal(bool)
     def __init__(self):
         super().__init__()
+        config_file.init_config_dir()
         self.config = config_file.init()
         self.tooltip = tooltip_file.read()
         self.init_ui()