Merge branch 'main' of https://github.com/abhishekmj303/HardeningHub

abhishekmj303 · Dec 20, 2023 · 0f7c3d5 · 0f7c3d5
2 parents df1069d + 7d9d7cb
commit 0f7c3d5
Show file tree

Hide file tree

Showing 13 changed files with 314 additions and 57 deletions.
diff --git a/config/sampleconfig.toml b/config/sampleconfig.toml
@@ -110,9 +110,9 @@ enable_strong_mac_algorithms = true
 enable_strong_key_exchange_algorithms = true
 disable_tcp_forwarding = false
 configure_warning_banner = true
+configure_max_startups = true
 enable_max_auth_tries = true
 max_auth_tries = 4
-configure_max_startups = true
 enable_max_sessions = true
 max_sessions = 10
 enable_login_grace_time = true

diff --git a/config/server/level-1.toml b/config/server/level-1.toml
@@ -124,7 +124,7 @@ client_alive_count_max = 3
 [privilege_escalation] # Privilege Escalation
 use_pty = true
 enable_logfile = true
-disable_nopasswd = false
+disable_nopassword = false
 enable_reauthentication = true
 enable_authentication_timeout = true
 authentication_timeout = 15 # in minutes

diff --git a/config/server/level-2.toml b/config/server/level-2.toml
@@ -123,7 +123,7 @@ client_alive_count_max = 3
 [privilege_escalation] # Privilege Escalation
 use_pty = true
 enable_logfile = true
-disable_nopasswd = false
+disable_nopassword = false
 enable_reauthentication = true
 enable_authentication_timeout = true
 authentication_timeout = 15 # in minutes

diff --git a/config/workstation/level-1.toml b/config/workstation/level-1.toml
@@ -120,7 +120,7 @@ client_alive_count_max = {enable = true, value = 3}
 [privilege_escalation] # Privilege Escalation
 use_pty = true
 enable_logfile = true
-disable_nopasswd = false
+disable_nopassword = false
 enable_reauthentication = true
 enable_authentication_timeout = true
 authentication_timeout = 15 # in minutes

diff --git a/config/workstation/level-2.toml b/config/workstation/level-2.toml
@@ -123,7 +123,7 @@ client_alive_count_max = 3
 [privilege_escalation] # Privilege Escalation
 use_pty = true
 enable_logfile = true
-disable_nopasswd = false
+disable_nopassword = false
 enable_reauthentication = true
 enable_authentication_timeout = true
 authentication_timeout = 15 # in minutes

diff --git a/ui/components/network/ssh.py b/ui/components/network/ssh.py
@@ -45,9 +45,11 @@ def init_ui(self):
             self.container_layout.addWidget(checkbox)
             self.configure_permissions_checkboxes[name] = checkbox
 
-        self.allow_users_label = QLabel("Allow Users")
-        self.container_layout.addWidget(self.allow_users_label)
-        self.allow_users_label.setObjectName("sub-component-title")
+        self.allow_users_checkbox = QCheckBox('Allow Users')
+        self.allow_users_checkbox.stateChanged.connect(lambda state: self.allow_users(state))
+        self.allow_users_checkbox.setProperty('class', 'in-checkbox')
+        self.container_layout.addWidget(self.allow_users_checkbox)
+
 
         hlayout = QHBoxLayout()
         self.container_layout.addLayout(hlayout)
@@ -62,9 +64,10 @@ def init_ui(self):
 
         self.user_table()
 
-        self.allow_groups_label = QLabel("Allow Groups")
-        self.container_layout.addWidget(self.allow_groups_label)
-        self.allow_groups_label.setObjectName("sub-component-title")
+        self.allow_groups_checkbox = QCheckBox('Allow Groups')
+        self.allow_groups_checkbox.stateChanged.connect(lambda state: self.allow_groups(state))
+        self.allow_groups_checkbox.setProperty('class', 'in-checkbox')
+        self.container_layout.addWidget(self.allow_groups_checkbox)
 
         hlayout = QHBoxLayout()
 
@@ -83,47 +86,74 @@ def init_ui(self):
 
         hlayout = QHBoxLayout()
 
-        self.log_level_label = QLabel('Log Level:')
-        self.log_level_label.setToolTip(self.ssh_tooltip['log_level'])
-        self.log_level_label.setProperty('class', 'normal-label-for')
+        self.log_level_check = QCheckBox('Log Level')
+        self.log_level_check.stateChanged.connect(lambda state: self.save_checkbox_state('log_level', state))
+        self.log_level_check.setProperty('class', 'in-checkbox')
 
         self.log_level_list = QComboBox()
         self.log_level_list.addItems(['VERBOSE', 'INFO'])
         self.log_level_list.currentTextChanged.connect(self.new_item_selected)
 
-        hlayout.addWidget(self.log_level_label)
+        hlayout.addWidget(self.log_level_check)
         hlayout.addWidget(self.log_level_list)
         self.container_layout.addLayout(hlayout)
 
         self.ssh_checkboxes = {}
         self.ssh_inputs = {}
         i = 0
-        for name, state in self.toml_ssh.items():
-            if i < 4:
+        self.names = list(self.toml_ssh.keys())
+        while i < len(self.names):
+            if i < 7:
                 i += 1
                 continue
-            elif i <= 17 and name != 'max_auth_tries':
+            elif i < 20:
+                name = self.names[i]
                 checkbox = QCheckBox(f"{name.replace('_',' ').title()}")
                 checkbox.setToolTip(self.ssh_tooltip[name])
                 checkbox.stateChanged.connect(lambda state, name=name: self.save_checkbox_state(name, state))
-                self.ssh_checkboxes[name] = checkbox
+                checkbox.setProperty('class', 'in-checkbox')
                 self.container_layout.addWidget(checkbox)
-            elif i > 17 or name == 'max_auth_tries':
+                self.ssh_checkboxes[name] = checkbox
+            else:
+                name = self.names[i]
                 hlayout = QHBoxLayout()
-                label = QLabel(f"{name.replace('_',' ').title()}")
-                label.setToolTip(self.ssh_tooltip[name])
-                label.setProperty('class', 'normal-label-for')
+                checkbox = QCheckBox(f"{name.replace('_',' ').title()}")
+                checkbox.setToolTip(self.ssh_tooltip[name])
+                checkbox.stateChanged.connect(lambda state, name=name: self.save_checkbox_state(name, state))
+                checkbox.setProperty('class', 'in-checkbox')
+                self.ssh_checkboxes[name] = checkbox
+                i += 1
+                name = self.names[i]
                 input = QLineEdit()
-                input.setText(str(state))
-                validator = QIntValidator()
-                input.setValidator(validator)
+                input.setValidator(QIntValidator())
                 input.textChanged.connect(lambda text, name=name: self.save_text_input(name, text))
-                hlayout.addWidget(label)
+                self.ssh_inputs[name] = input
+                hlayout.addWidget(checkbox)
                 hlayout.addWidget(input)
                 self.container_layout.addLayout(hlayout)
-                self.ssh_inputs[name] = input
             i += 1
 
+
+    def allow_users(self, state):
+        if state == 2:
+            self.new_user.setEnabled(True)
+            self.add_user_button.setEnabled(True)
+            self.users_table.setEnabled(True)
+        else:
+            self.new_user.setEnabled(False)
+            self.add_user_button.setEnabled(False)
+            self.users_table.setEnabled(False)
+
+    def allow_groups(self, state):
+        if state == 2:
+            self.new_group.setEnabled(True)
+            self.add_group_button.setEnabled(True)
+            self.groups_table.setEnabled(True)
+        else:
+            self.new_group.setEnabled(False)
+            self.add_group_button.setEnabled(False)
+            self.groups_table.setEnabled(False)
+
     def user_table(self):
         self.users_table = QTableWidget()
         self.users_table.setColumnCount(2)
@@ -224,6 +254,14 @@ def new_item_selected(self, text):
     def save_checkbox_state(self, name, state):
         self.toml_ssh[name] = (state == 2)
         config_file.write(self.config)
+        if name == 'log_level':
+            self.log_level_list.setEnabled(state == 2)
+        for i in self.ssh_checkboxes:
+            if i == name:
+                for j in self.ssh_inputs:
+                    if name.endswith(j):
+                        self.ssh_inputs[j].setEnabled(state == 2)
+                        break
 
     def save_checkbox_state_configure(self, state, category, name):
         self.toml_ssh[category][name] = (state == 2)
@@ -241,15 +279,23 @@ def refresh_config(self, config):
         self.toml_ssh = self.config['ssh']
         for name, state in self.toml_ssh['configure_permissions'].items():
             self.configure_permissions_checkboxes[name].setChecked(state)
+        self.allow_users_checkbox.setChecked(self.toml_ssh['enable_allow_users'])
+        self.allow_groups_checkbox.setChecked(self.toml_ssh['enable_allow_groups'])
+        self.log_level_check.setChecked(self.toml_ssh['enable_log_level'])
         i = 0
-        for name, state in self.toml_ssh.items():
-            if i < 4:
+        while i < len(self.names):
+            if i < 7:
                 i += 1
                 continue
-            elif i <= 17 and name != 'max_auth_tries':
-                self.ssh_checkboxes[name].setChecked(state)
-            elif i > 17 or name == 'max_auth_tries':
-                self.ssh_inputs[name].setText(str(state))
+            elif i < 20:
+                name = self.names[i]
+                self.ssh_checkboxes[name].setChecked(self.toml_ssh[name])
+            else:
+                name = self.names[i]
+                self.ssh_checkboxes[name].setChecked(self.toml_ssh[name])
+                i += 1
+                name = self.names[i]
+                self.ssh_inputs[name].setText(str(self.toml_ssh[name]))
             i += 1
 
         self.users_table.setRowCount(0)

diff --git a/ui/components/software/gdm.py b/ui/components/software/gdm.py
@@ -43,9 +43,9 @@ def init_ui(self):
         hlayout = QHBoxLayout()
 
         # Lock on Idle Label
-        self.lockon_lable = QLabel('Lock on Idle(seconds)')
-        self.lockon_lable.setToolTip(self.gdm_tooltip['lock_on_idle'])
-        self.lockon_lable.setProperty('class', 'normal-label-for')
+        self.lockon_lable = QCheckBox('Enable Lock on Idle (seconds): ')
+        self.lockon_lable.setToolTip(self.gdm_tooltip['enable_lock_on_idle'])
+        self.lockon_lable.stateChanged.connect(self.enable_lock_on_idle_changed)
 
         self.time_input = QLineEdit()
         self.time_input.setText(str(self.toml_gdm['lock_on_idle']))
@@ -70,6 +70,7 @@ def init_ui(self):
     def refresh_config(self, config):
         self.config = config
         self.toml_gdm = self.config['gdm']
+        self.lockon_lable.setChecked(self.toml_gdm['enable_lock_on_idle'])
         for name, state in self.toml_gdm.items():
             if name == 'lock_on_idle':
                 continue
@@ -100,4 +101,12 @@ def time_changed(self, new_size):
             self.toml_gdm['lock_on_idle'] = int(new_size)
         else:
             self.time_input.setText('0')
+        config_file.write(self.config)
+
+    def enable_lock_on_idle_changed(self, state):
+        self.toml_gdm['enable_lock_on_idle'] = (state == 2)
+        if state == 2:
+            self.time_input.setEnabled(True)
+        else:
+            self.time_input.setEnabled(False)
         config_file.write(self.config)
diff --git a/ui/components/software/pam.py b/ui/components/software/pam.py
@@ -0,0 +1,148 @@
+from PyQt6.QtWidgets import QWidget, QVBoxLayout, QLabel, QCheckBox \
+    , QHBoxLayout, QComboBox, QLineEdit
+from harden import config_file
+from PyQt6.QtGui import QIntValidator
+
+class PAM(QWidget):
+    def __init__(self, config, tooltip):
+        super().__init__()
+        self.config = config
+        self.tooltip = tooltip
+        self.toml_pam = self.config['pam']
+        self.pam_tooltip = self.tooltip['pam']
+        self.init_ui()
+        self.refresh_config(config)
+
+    def init_ui(self):
+        self.layout = QVBoxLayout()
+        self.setLayout(self.layout)
+        self.layout.setSpacing(0)
+        self.layout.setContentsMargins(0, 0, 0, 0)
+
+        self.main_label = QLabel("PAM")
+        self.layout.addWidget(self.main_label)
+        self.main_label.setObjectName("component-title")
+
+        # container widget
+        self.container_widget = QWidget()
+        self.container_layout = QVBoxLayout()
+        self.container_widget.setLayout(self.container_layout)
+        self.layout.addWidget(self.container_widget)
+        self.container_layout.setSpacing(0)
+        self.container_layout.setContentsMargins(30, 30, 30, 30)
+        self.container_widget.setObjectName("container-widget")
+
+        # Enable Password Checkbox
+        self.enable_password_checkbox = QCheckBox('Enable Password Level')
+        self.enable_password_checkbox.setToolTip(self.pam_tooltip['enable_password_level'])
+        self.enable_password_checkbox.stateChanged.connect(lambda state: self.save_checkbox_state(state, 'enable_password_level'))
+        self.container_layout.addWidget(self.enable_password_checkbox)
+
+        # Enable Password Dropdown
+        hlayout = QHBoxLayout()
+
+        # Select Mode Label
+        self.mode_label = QLabel('Required Password Level:')
+        self.mode_label.setToolTip(self.pam_tooltip['enable_password_level'])
+        self.mode_label.setProperty('class', 'normal-label-for')
+
+        # Mode Dropdown
+        self.mode_list = QComboBox()
+        self.mode_list.addItems(['weak', 'medium', 'strong', 'stronger'])
+        self.mode_list.currentTextChanged.connect(lambda text: self.new_item_selected(text, 'required_password_level'))
+
+        hlayout.addWidget(self.mode_label)
+        hlayout.addWidget(self.mode_list)
+        self.container_layout.addLayout(hlayout)
+
+        # Enable Password Length Checkbox
+        self.enable_password_len_checkbox = QCheckBox('Enable Password Length')
+        self.enable_password_len_checkbox.setToolTip(self.pam_tooltip['enable_password_length'])
+        self.enable_password_len_checkbox.stateChanged.connect(lambda state: self.save_checkbox_state(state, 'enable_password_length'))
+        self.container_layout.addWidget(self.enable_password_len_checkbox)
+
+        # Enable Password Dropdown
+        hlayout = QHBoxLayout()
+
+        self.len_label = QLabel('Minimum Password Length: ')
+        self.len_label.setToolTip(self.pam_tooltip['enable_password_length'])
+        self.len_label.setProperty('class', 'normal-label-for')
+
+        self.size_input = QLineEdit()
+        validator = QIntValidator()
+        self.size_input.setValidator(validator)
+        self.size_input.textChanged.connect(lambda text: self.size_changed(text, 'minimum_password_length', self.size_input))
+
+        hlayout.addWidget(self.len_label)
+        hlayout.addWidget(self.size_input)
+        self.container_layout.addLayout(hlayout)
+
+        # Enable Password Length Checkbox
+        self.limit_password_reuse_checkbox = QCheckBox('Enable Limit Password Reuse')
+        self.limit_password_reuse_checkbox.setToolTip(self.pam_tooltip['limit_password_reuse'])
+        self.limit_password_reuse_checkbox.stateChanged.connect(lambda state: self.save_checkbox_state(state, 'limit_password_reuse'))
+        self.container_layout.addWidget(self.limit_password_reuse_checkbox)
+
+        # Enable Password Dropdown
+        hlayout = QHBoxLayout()
+
+        self.reuse_label = QLabel('Minimum Password Length: ')
+        self.reuse_label.setToolTip(self.pam_tooltip['limit_password_reuse'])
+        self.reuse_label.setProperty('class', 'normal-label-for')
+
+        self.size_input_2 = QLineEdit()
+        validator = QIntValidator()
+        self.size_input_2.setValidator(validator)
+        self.size_input_2.textChanged.connect(lambda text: self.size_changed(text, 'password_reuse_limit', self.size_input_2))
+
+        hlayout.addWidget(self.reuse_label)
+        hlayout.addWidget(self.size_input_2)
+        self.container_layout.addLayout(hlayout)
+
+        # Configure Hashing Algorithm
+        self.configure_hashing_algorithm = QCheckBox('Configure Hashing Algorithm')
+        self.configure_hashing_algorithm.setToolTip(self.pam_tooltip['configure_hashing_algorithm'])
+        self.configure_hashing_algorithm.stateChanged.connect(lambda state: self.save_checkbox_state(state, 'configure_hashing_algorithm'))
+        self.container_layout.addWidget(self.configure_hashing_algorithm)
+
+    def refresh_config(self, config):
+        self.config = config
+        self.toml_pam = self.config['pam']
+        self.enable_password_checkbox.setChecked(self.toml_pam['enable_password_level'])
+        self.enable_password_len_checkbox.setChecked(self.toml_pam['enable_password_length'])
+        self.limit_password_reuse_checkbox.setChecked(self.toml_pam['limit_password_reuse'])
+        self.configure_hashing_algorithm.setChecked(self.toml_pam['configure_hashing_algorithm'])
+        self.mode_list.setCurrentText(self.toml_pam['required_password_level'])
+        self.size_input.setText(str(self.toml_pam['minimum_password_length']))
+        self.size_input_2.setText(str(self.toml_pam['password_reuse_limit']))
+
+    def save_checkbox_state(self, state, key):
+        self.toml_pam[key] = (state == 2)
+        if state == 0:
+            if key == 'enable_password_level':
+                self.mode_list.setEnabled(False)
+            elif key == 'enable_password_length':
+                self.size_input.setEnabled(False)
+            elif key == 'limit_password_reuse':
+                self.size_input_2.setEnabled(False)
+        else:
+            if key == 'enable_password_level':
+                self.mode_list.setEnabled(True)
+            elif key == 'enable_password_length':
+                self.size_input.setEnabled(True)
+            elif key == 'limit_password_reuse':
+                self.size_input_2.setEnabled(True)
+        config_file.write(self.config)
+
+    def new_item_selected(self, text, key):
+        self.toml_pam[key] = text
+        config_file.write(self.config)
+
+    def size_changed(self, new_size, key, input):
+        if new_size.startswith('0') and len(new_size) > 1:
+            input.setText(new_size[1:])
+        if new_size:
+            self.toml_pam[key] = int(new_size)
+        else:
+            input.setText('0')
+        config_file.write(self.config)