From 0bfe0d1316ffdac1961ced3d27fa106e024706ef Mon Sep 17 00:00:00 2001 From: Abhishek M J Date: Wed, 20 Dec 2023 16:37:16 +0530 Subject: [PATCH] Update config backend for profiles --- config/server/level-1.toml | 5 +++-- config/server/level-2.toml | 5 +++-- config/workstation/level-1.toml | 2 +- config/workstation/level-2.toml | 5 +++-- harden/config_file.py | 2 +- harden/physical_ports.py | 5 ++++- main.py | 1 + 7 files changed, 16 insertions(+), 9 deletions(-) diff --git a/config/server/level-1.toml b/config/server/level-1.toml index 3497389..f991c45 100644 --- a/config/server/level-1.toml +++ b/config/server/level-1.toml @@ -103,7 +103,7 @@ disable_root_login = true disable_host_based_auth = true disable_permit_empty_passwords = true disable_permit_user_env = true -enable_ingore_rhosts = true +enable_ignore_rhosts = true disable_x11_forwarding = false enable_strong_ciphers = true enable_strong_mac_algorithms = true @@ -117,8 +117,9 @@ enable_max_sessions = true max_sessions = 10 enable_login_grace_time = true login_grace_time = 60 # in seconds -enable_client_alive = true +enable_client_alive_interval = true client_alive_interval = 300 # in seconds +enable_client_alive_count_max = true client_alive_count_max = 3 [privilege_escalation] # Privilege Escalation diff --git a/config/server/level-2.toml b/config/server/level-2.toml index 9769535..3026307 100644 --- a/config/server/level-2.toml +++ b/config/server/level-2.toml @@ -102,7 +102,7 @@ disable_root_login = true disable_host_based_auth = true disable_permit_empty_passwords = true disable_permit_user_env = true -enable_ingore_rhosts = true +enable_ignore_rhosts = true disable_x11_forwarding = true enable_strong_ciphers = true enable_strong_mac_algorithms = true @@ -116,8 +116,9 @@ enable_max_sessions = true max_sessions = 10 enable_login_grace_time = true login_grace_time = 60 # in seconds -enable_client_alive = true +enable_client_alive_interval = true client_alive_interval = 300 # in seconds +enable_client_alive_count_max = true client_alive_count_max = 3 [privilege_escalation] # Privilege Escalation diff --git a/config/workstation/level-1.toml b/config/workstation/level-1.toml index 606dc8b..11243f8 100644 --- a/config/workstation/level-1.toml +++ b/config/workstation/level-1.toml @@ -103,7 +103,7 @@ disable_root_login = true disable_host_based_auth = true disable_permit_empty_passwords = true disable_permit_user_env = true -enable_ingore_rhosts = true +enable_ignore_rhosts = true disable_x11_forwarding = true enable_strong_ciphers = true enable_strong_mac_algorithms = true diff --git a/config/workstation/level-2.toml b/config/workstation/level-2.toml index edf5364..783f8af 100644 --- a/config/workstation/level-2.toml +++ b/config/workstation/level-2.toml @@ -102,7 +102,7 @@ disable_root_login = true disable_host_based_auth = true disable_permit_empty_passwords = true disable_permit_user_env = true -enable_ingore_rhosts = true +enable_ignore_rhosts = true disable_x11_forwarding = true enable_strong_ciphers = true enable_strong_mac_algorithms = true @@ -116,8 +116,9 @@ enable_max_sessions = true max_sessions = 10 enable_login_grace_time = true login_grace_time = 60 # in seconds -enable_client_alive = true +enable_client_alive_interval = true client_alive_interval = 300 # in seconds +enable_client_alive_count_max = true client_alive_count_max = 3 [privilege_escalation] # Privilege Escalation diff --git a/harden/config_file.py b/harden/config_file.py index 9ad8bce..4f2e5e2 100644 --- a/harden/config_file.py +++ b/harden/config_file.py @@ -71,6 +71,7 @@ def init(file_path: str = DEFAULT_CONFIG_PATH): def init_profile(profile_name: str): file_path = get_profile_path(profile_name) + shutil.copyfile(DEFAULT_CONFIG_PATH, file_path) create_copy(file_path) return physical_ports.get_devices(read(file_path)) @@ -91,7 +92,6 @@ def import_level(level: str = "w1"): def update_toml_obj(toml_obj: tomlkit.items.Item, config: dict): # Recursively update the toml object with the config dict - print(config) for key, value in config.items(): if isinstance(value, dict): update_toml_obj(value, toml_obj[key]) diff --git a/harden/physical_ports.py b/harden/physical_ports.py index cc04e0e..8a62fba 100644 --- a/harden/physical_ports.py +++ b/harden/physical_ports.py @@ -39,7 +39,10 @@ def get_devices(all_config): else: ports[port_id] = {"id": port_id, "name": device_name, "allow": True} - config.update({"device-rules": list(devices.values()), "port-rules": list(ports.values())}) + new_config = all_config.unwrap() + new_config["physical-ports"]["device-rules"] = list(devices.values()) + new_config["physical-ports"]["port-rules"] = list(ports.values()) + config_file.update_toml_obj(all_config, new_config) return all_config diff --git a/main.py b/main.py index fa98d61..319344e 100644 --- a/main.py +++ b/main.py @@ -11,6 +11,7 @@ class MainWindow(QMainWindow): theme_signal = pyqtSignal(bool) def __init__(self): super().__init__() + config_file.init_config_dir() self.config = config_file.init() self.tooltip = tooltip_file.read() self.init_ui()