From d5bf9a91e4f34d3869b481cb5e46da6c2773d26b Mon Sep 17 00:00:00 2001 From: Joachim Metz Date: Tue, 5 Mar 2019 20:09:36 +0100 Subject: [PATCH] Added validator check for Mac OS private paths #309 (#322) --- data/config_files.yaml | 14 ++++ data/macos.yaml | 85 +++++++++++++++----- data/tomcat.yaml | 101 ++++++++++++------------ data/unix_common.yaml | 172 ++++++++++++++++++++++++++++------------- data/webservers.yaml | 16 ++-- tools/validator.py | 87 ++++++++++++++++++++- 6 files changed, 344 insertions(+), 131 deletions(-) diff --git a/data/config_files.yaml b/data/config_files.yaml index ef11d1e5..7181245d 100644 --- a/data/config_files.yaml +++ b/data/config_files.yaml @@ -3,16 +3,30 @@ name: NfsExportsFile doc: NFS Exports configuration sources: +- type: FILE + attributes: + paths: + - '/etc/exports' + - '/private/etc/exports' + supported_os: [Darwin] - type: FILE attributes: {paths: ['/etc/exports']} + supported_os: [Linux] labels: [Configuration Files] supported_os: [Linux, Darwin] --- name: SshdConfigFile doc: Sshd configuration sources: +- type: FILE + attributes: + paths: + - '/etc/ssh/sshd_config' + - '/private/etc/ssh/sshd_config' + supported_os: [Darwin] - type: FILE attributes: {paths: ['/etc/ssh/sshd_config']} + supported_os: [Linux] labels: [Configuration Files] supported_os: [Linux, Darwin] --- diff --git a/data/macos.yaml b/data/macos.yaml index a9bdeca5..446433a4 100644 --- a/data/macos.yaml +++ b/data/macos.yaml @@ -4,7 +4,10 @@ name: MacOSAppleSystemLogFiles doc: Apple system log (ASL) files sources: - type: FILE - attributes: {paths: ['/var/log/asl/*']} + attributes: + paths: + - '/private/var/log/asl/*' + - '/var/log/asl/*' labels: [System, Logs] supported_os: [Darwin] urls: @@ -60,7 +63,10 @@ name: MacOSAuditLogFiles doc: Audit log files sources: - type: FILE - attributes: {paths: ['/var/audit/*']} + attributes: + paths: + - '/private/var/audit/*' + - '/var/audit/*' labels: [System, Logs] supported_os: [Darwin] urls: @@ -106,6 +112,7 @@ sources: paths: - '/Library/Logs/DiagnosticReports/*.core_analytics' - '/private/var/db/analyticsd/aggregates/*' + - '/var/db/analyticsd/aggregates/*' labels: [Logs, System] supported_os: [Darwin] urls: @@ -120,6 +127,7 @@ sources: attributes: paths: - '/etc/crontab' + - '/private/etc/crontab' - '/usr/lib/cron/tabs/*' labels: [System] supported_os: [Darwin] @@ -153,7 +161,10 @@ name: MacOSHostsFile doc: Hosts file sources: - type: FILE - attributes: {paths: ['/etc/hosts']} + attributes: + paths: + - '/etc/hosts' + - '/private/etc/hosts' labels: [System, Network] supported_os: [Darwin] urls: @@ -205,7 +216,10 @@ name: MacOSInstallationLogFile doc: Installation log file sources: - type: FILE - attributes: {paths: ['/var/log/install.log']} + attributes: + paths: + - '/private/var/log/install.log' + - '/var/log/install.log' labels: [System, Logs] supported_os: [Darwin] urls: @@ -308,6 +322,7 @@ sources: paths: - '%%users.homedir%%/Library/Application Support/Knowledge/knowledgeC.db' - '/private/var/db/CoreDuet/Knowledge/knowledgeC.db' + - '/var/db/CoreDuet/Knowledge/knowledgeC.db' labels: [Users, Logs] supported_os: [Darwin] urls: ['https://www.mac4n6.com/blog/2018/8/5/knowledge-is-power-using-the-knowledgecdb-database-on-macos-and-ios-to-determine-precise-user-and-application-usage'] @@ -346,7 +361,10 @@ name: MacOSLastlogFile doc: Mac OS X lastlog file. sources: - type: FILE - attributes: {paths: ['/var/log/lastlog']} + attributes: + paths: + - '/private/var/log/lastlog' + - '/var/log/lastlog' labels: [Logs, Authentication] supported_os: [Darwin] --- @@ -544,9 +562,11 @@ sources: - type: FILE attributes: paths: - - '/private/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db2/db' - - '/private/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db/db' - '%%users.homedir%%/Library/Application Support/NotificationCenter/*.db' + - '/private/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db/db' + - '/private/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db2/db' + - '/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db/db' + - '/var/folders/[a-z][0-9]/*/0/com.apple.notificationcenter/db2/db' labels: [Users, Logs] supported_os: [Darwin] --- @@ -556,17 +576,27 @@ sources: - type: FILE attributes: paths: + - '/etc/daily.local/*' - '/etc/defaults/periodic.conf' + - '/etc/monthly.local/*' + - '/etc/periodic/**2' - '/etc/periodic.conf' - '/etc/periodic.conf.local' - - '/etc/periodic/**2' - - '/usr/local/etc/periodic/**2' - - '/etc/daily.local/*' - - '/etc/weekly.local/*' - - '/etc/monthly.local/*' - '/etc/periodic/daily/*' - - '/etc/periodic/weekly/*' - '/etc/periodic/monthly/*' + - '/etc/periodic/weekly/*' + - '/etc/weekly.local/*' + - '/private/etc/daily.local/*' + - '/private/etc/defaults/periodic.conf' + - '/private/etc/monthly.local/*' + - '/private/etc/periodic/**2' + - '/private/etc/periodic.conf' + - '/private/etc/periodic.conf.local' + - '/private/etc/periodic/daily/*' + - '/private/etc/periodic/monthly/*' + - '/private/etc/periodic/weekly/*' + - '/private/etc/weekly.local/*' + - '/usr/local/etc/periodic/**2' labels: [System] supported_os: [Darwin] urls: @@ -648,7 +678,10 @@ name: MacOSSwapFiles doc: Swap files sources: - type: FILE - attributes: {paths: ['/var/vm/swapfile#']} + attributes: + paths: + - '/private/var/vm/swapfile[0-9]' + - '/var/vm/swapfile[0-9]' labels: [System] supported_os: [Darwin] urls: @@ -667,7 +700,10 @@ name: MacOSSystemInstallationTime doc: System installation time sources: - type: FILE - attributes: {paths: ['/var/db/.AppleSetupDone']} + attributes: + paths: + - '/private/var/db/.AppleSetupDone' + - '/var/db/.AppleSetupDone' labels: [System] supported_os: [Darwin] urls: @@ -678,7 +714,10 @@ name: MacOSSystemLogFiles doc: System log files sources: - type: FILE - attributes: {paths: ['/var/log/*']} + attributes: + paths: + - '/private/var/log/*' + - '/var/log/*' labels: [System, Logs] supported_os: [Darwin] urls: @@ -724,6 +763,9 @@ sources: - type: FILE attributes: paths: + - '/private/var/db/diagnostics/*.tracev3' + - '/private/var/db/diagnostics/*/*.tracev3' + - '/private/var/db/uuidtext/*/*' - '/var/db/diagnostics/*.tracev3' - '/var/db/diagnostics/*/*.tracev3' - '/var/db/uuidtext/*/*' @@ -849,8 +891,8 @@ sources: - type: FILE attributes: paths: - - '/var/db/dslocal/nodes/Default/users/*.plist' - '/private/var/db/dslocal/nodes/Default/users/*.plist' + - '/var/db/dslocal/nodes/Default/users/*.plist' labels: [System, Users, Authentication] supported_os: [Darwin] urls: @@ -930,8 +972,10 @@ sources: - type: FILE attributes: paths: - - '/var/log/wtmp' + - '/private/var/run/utmp' + - '/private/var/log/wtmp' - '/var/run/utmp' + - '/var/log/wtmp' labels: [Logs, Authentication] supported_os: [Darwin] urls: ['https://github.com/libyal/dtformats/blob/master/documentation/Utmp%20login%20records%20format.asciidoc'] @@ -940,7 +984,10 @@ name: MacOSUtmpxFile doc: Mac OS X 10.5 utmpx login record file. sources: - type: FILE - attributes: {paths: ['/var/run/utmpx']} + attributes: + paths: + - '/private/var/run/utmpx' + - '/var/run/utmpx' labels: [Logs, Authentication] supported_os: [Darwin] urls: ['https://github.com/libyal/dtformats/blob/master/documentation/Utmp%20login%20records%20format.asciidoc'] diff --git a/data/tomcat.yaml b/data/tomcat.yaml index 7afa0f28..4970b888 100644 --- a/data/tomcat.yaml +++ b/data/tomcat.yaml @@ -17,55 +17,55 @@ sources: - type: FILE attributes: paths: - - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\catalina.out' - - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\catalina.out' - - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\catalina.out' - - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' - - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' - - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' - - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\access_log*' - - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\access_log*' - - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\access_log*' - - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' - - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' - - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' + - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' + - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\access_log*' + - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' + - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\logs\catalina.out' + - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' + - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\access_log*' + - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' + - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\logs\catalina.out' + - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\**\access_log*' + - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\access_log*' + - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\**\catalina.out' + - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\logs\catalina.out' separator: '\' supported_os: [Windows] - type: FILE attributes: paths: - - '/usr/local/tomcat*/logs/catalina.out' - - '/opt/tomcat*/logs/catalina.out' - - '/usr/share/tomcat*/logs/catalina.out' - - '/var/lib/tomcat*/logs/catalina.out' - - '/usr/local/tomcat*/logs/access_log*' - - '/opt/tomcat*/logs/access_log*' - - '/usr/share/tomcat*/logs/access_log*' - - '/var/lib/tomcat*/logs/access_log*' - - '/usr/local/tomcat*/logs/**/catalina.out' - - '/opt/tomcat*/logs/**/catalina.out' - - '/usr/share/tomcat*/logs/**/catalina.out' - - '/var/lib/tomcat*/logs/**/catalina.out' - - '/usr/local/tomcat*/logs/**/access_log*' - - '/opt/tomcat*/logs/**/access_log*' - - '/usr/share/tomcat*/logs/**/access_log*' - - '/var/lib/tomcat*/logs/**/access_log*' + - '/opt/tomcat*/logs/**/access_log*' + - '/opt/tomcat*/logs/access_log*' + - '/opt/tomcat*/logs/**/catalina.out' + - '/opt/tomcat*/logs/catalina.out' + - '/usr/local/tomcat*/logs/**/access_log*' + - '/usr/local/tomcat*/logs/access_log*' + - '/usr/local/tomcat*/logs/**/catalina.out' + - '/usr/local/tomcat*/logs/catalina.out' + - '/usr/share/tomcat*/logs/**/access_log*' + - '/usr/share/tomcat*/logs/access_log*' + - '/usr/share/tomcat*/logs/**/catalina.out' + - '/usr/share/tomcat*/logs/catalina.out' + - '/var/lib/tomcat*/logs/**/access_log*' + - '/var/lib/tomcat*/logs/access_log*' + - '/var/lib/tomcat*/logs/**/catalina.out' + - '/var/lib/tomcat*/logs/catalina.out' supported_os: [Linux] - type: FILE attributes: paths: - - '/Library/Tomcat/logs/catalina.out' - - '/usr/local/apache-tomcat*/logs/catalina.out' - - '/usr/local/Cellar/tomcat*/logs/catalina.out' # Default location for Homebrew - - '/Library/Tomcat/logs/**/catalina.out' - - '/usr/local/apache-tomcat*/logs/**/catalina.out' - - '/usr/local/Cellar/tomcat*/logs/**/catalina.out' # Default location for Homebrew - - '/Library/Tomcat/logs/access_log*' - - '/usr/local/apache-tomcat*/logs/access_log*' - - '/usr/local/Cellar/tomcat*/logs/access_log*' # Default location for Homebrew - - '/Library/Tomcat/logs/**/access_log*' - - '/usr/local/apache-tomcat*/logs/**/access_log*' - - '/usr/local/Cellar/tomcat*/logs/**/access_log*' # Default location for Homebrew + - '/Library/Tomcat/logs/**/access_log*' + - '/Library/Tomcat/logs/access_log*' + - '/Library/Tomcat/logs/**/catalina.out' + - '/Library/Tomcat/logs/catalina.out' + - '/usr/local/apache-tomcat*/logs/**/access_log*' + - '/usr/local/apache-tomcat*/logs/access_log*' + - '/usr/local/apache-tomcat*/logs/**/catalina.out' + - '/usr/local/apache-tomcat*/logs/catalina.out' + - '/usr/local/Cellar/tomcat*/logs/**/access_log*' # Default location for Homebrew + - '/usr/local/Cellar/tomcat*/logs/access_log*' # Default location for Homebrew + - '/usr/local/Cellar/tomcat*/logs/**/catalina.out' # Default location for Homebrew + - '/usr/local/Cellar/tomcat*/logs/catalina.out' # Default location for Homebrew supported_os: [Darwin] supported_os: [Windows,Linux,Darwin] urls: @@ -78,25 +78,26 @@ sources: - type: FILE attributes: paths: - - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' - - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' - - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' + - '%%environ_allusersappdata%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' + - '%%environ_programfiles%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' + - '%%environ_programfilesx86%%\Apache Software Foundation\Tomcat*\conf\tomcat-users.xml' separator: '\' supported_os: [Windows] - type: FILE attributes: paths: - - '/opt/tomcat*/conf/tomcat-users.xml' - - '/usr/local/tomcat*/conf/tomcat-users.xml' - - '/usr/share/tomcat*/conf/tomcat-users.xml' - - '/var/lib/tomcat*/conf/tomcat-users.xml' + - '/opt/tomcat*/conf/tomcat-users.xml' + - '/private/var/lib/tomcat*/conf/tomcat-users.xml' + - '/usr/local/tomcat*/conf/tomcat-users.xml' + - '/usr/share/tomcat*/conf/tomcat-users.xml' + - '/var/lib/tomcat*/conf/tomcat-users.xml' supported_os: [Linux] - type: FILE attributes: paths: - - '/Library/Tomcat/conf/tomcat-users.xml' - - '/usr/local/apache-tomcat-*/conf/tomcat-users.xml' - - '/usr/local/Cellar/tomcat/*/conf/tomcat-users.xml' # Default location for Homebrew + - '/Library/Tomcat/conf/tomcat-users.xml' + - '/usr/local/apache-tomcat-*/conf/tomcat-users.xml' + - '/usr/local/Cellar/tomcat/*/conf/tomcat-users.xml' # Default location for Homebrew supported_os: [Darwin] supported_os: [Windows,Linux,Darwin] urls: ['https://tomcat.apache.org/tomcat-8.0-doc/manager-howto.html#Configuring_Manager_Application_Access'] diff --git a/data/unix_common.yaml b/data/unix_common.yaml index 33dc7732..2ead0332 100644 --- a/data/unix_common.yaml +++ b/data/unix_common.yaml @@ -6,9 +6,9 @@ sources: - type: ARTIFACT_GROUP attributes: names: - - GlobalShellConfigs - - UsersShellConfigs - - RootUserShellConfigs + - 'GlobalShellConfigs' + - 'RootUserShellConfigs' + - 'UsersShellConfigs' labels: [Configuration Files] supported_os: [Linux, Darwin] --- @@ -18,8 +18,8 @@ sources: - type: ARTIFACT_GROUP attributes: names: - - UsersShellHistory - - RootUserShellHistory + - 'RootUserShellHistory' + - 'UsersShellHistory' labels: [History Files] supported_os: [Linux, Darwin] --- @@ -29,20 +29,53 @@ sources: - type: FILE attributes: paths: - - '/etc/bashrc' - - '/etc/bash.bashrc' - - '/etc/kshrc' - - '/etc/csh.cshrc' - - '/etc/csh.login' - - '/etc/csh.logout' - - '/etc/profile' - - '/etc/zsh/zlogin' - - '/etc/zsh/zlogout' - - '/etc/zsh/zprofile' - - '/etc/zsh/zshenv' - - '/etc/zsh/zshrc' - - '/etc/zshenv' - - '/etc/zshrc' + - '/etc/bash.bashrc' + - '/etc/bashrc' + - '/etc/csh.cshrc' + - '/etc/csh.login' + - '/etc/csh.logout' + - '/etc/kshrc' + - '/etc/profile' + - '/etc/zshenv' + - '/etc/zshrc' + - '/etc/zsh/zlogin' + - '/etc/zsh/zlogout' + - '/etc/zsh/zprofile' + - '/etc/zsh/zshenv' + - '/etc/zsh/zshrc' + - '/private/etc/bash.bashrc' + - '/private/etc/bashrc' + - '/private/etc/csh.cshrc' + - '/private/etc/csh.login' + - '/private/etc/csh.logout' + - '/private/etc/kshrc' + - '/private/etc/profile' + - '/private/etc/zshenv' + - '/private/etc/zshrc' + - '/private/etc/zsh/zlogin' + - '/private/etc/zsh/zlogout' + - '/private/etc/zsh/zprofile' + - '/private/etc/zsh/zshenv' + - '/private/etc/zsh/zshrc' + supported_os: [Darwin] +- type: FILE + attributes: + paths: + - '/etc/bash.bashrc' + - '/etc/bashrc' + - '/etc/csh.cshrc' + - '/etc/csh.login' + - '/etc/csh.logout' + - '/etc/kshrc' + - '/etc/profile' + - '/etc/zshenv' + - '/etc/zshrc' + - '/etc/zsh/zlogin' + - '/etc/zsh/zlogout' + - '/etc/zsh/zprofile' + - '/etc/zsh/zshenv' + - '/etc/zsh/zshrc' + supported_os: [Linux] labels: [Configuration Files] supported_os: [Linux, Darwin] --- @@ -52,17 +85,17 @@ sources: - type: FILE attributes: paths: - - '/root/.bashrc' - - '/root/.bash_profile' - - '/root/.bash_logout' - - '/root/.cshrc' - - '/root/.ksh' - - '/root/.logout' - - '/root/.profile' - - '/root/.tcsh' - - '/root/.zlogin' - - '/root/.zlogout' - - '/root/.zprofile' + - '/root/.bash_logout' + - '/root/.bash_profile' + - '/root/.bashrc' + - '/root/.cshrc' + - '/root/.ksh' + - '/root/.logout' + - '/root/.profile' + - '/root/.tcsh' + - '/root/.zlogin' + - '/root/.zlogout' + - '/root/.zprofile' labels: [Configuration Files] supported_os: [Linux, Darwin] --- @@ -72,50 +105,85 @@ sources: - type: FILE attributes: paths: - - '/root/.bash_history' - - '/root/.sh_history' - - '/root/.zhistory' - - '/root/.zsh_history' + - '/root/.bash_history' + - '/root/.sh_history' + - '/root/.zhistory' + - '/root/.zsh_history' labels: [History Files] supported_os: [Linux, Darwin] --- name: UnixGroups doc: Unix groups file. sources: +- type: FILE + attributes: + paths: + - '/etc/group' + - '/private/etc/group' + supported_os: [Darwin] - type: FILE attributes: {paths: ['/etc/group']} + supported_os: [Linux] labels: [Authentication] supported_os: [Linux, Darwin] --- name: UnixHostsFile doc: Unix hosts file sources: +- type: FILE + attributes: + paths: + - '/etc/hosts' + - '/private/etc/hosts' + supported_os: [Darwin] - type: FILE attributes: {paths: ['/etc/hosts']} + supported_os: [Linux] labels: [Configuration Files] supported_os: [Linux, Darwin] --- name: UnixPasswd doc: Unix /etc/passwd file. sources: +- type: FILE + attributes: + paths: + - '/etc/passwd' + - '/private/etc/passwd' + supported_os: [Darwin] - type: FILE attributes: {paths: ['/etc/passwd']} + supported_os: [Linux] labels: [Authentication] supported_os: [Linux, Darwin] --- name: UnixShadowFile doc: Unix /etc/shadow file. sources: +- type: FILE + attributes: + paths: + - '/etc/shadow' + - '/private/etc/shadow' + supported_os: [Darwin] - type: FILE attributes: {paths: ['/etc/shadow']} + supported_os: [Linux] labels: [Authentication] supported_os: [Linux, Darwin] --- name: UnixSudoersConfiguration doc: Unix sudoers configuration. sources: +- type: FILE + attributes: + paths: + - '/etc/sudoers' + - '/private/etc/sudoers' + supported_os: [Darwin] - type: FILE attributes: {paths: ['/etc/sudoers']} + supported_os: [Linux] labels: [Authentication, Configuration Files] supported_os: [Linux, Darwin] --- @@ -125,9 +193,9 @@ sources: - type: ARTIFACT_GROUP attributes: names: - - 'UnixPasswd' - - 'UnixShadowFile' - - 'UnixGroups' + - 'UnixGroups' + - 'UnixPasswd' + - 'UnixShadowFile' labels: [Authentication] supported_os: [Linux, Darwin] --- @@ -137,17 +205,17 @@ sources: - type: FILE attributes: paths: - - '%%users.homedir%%/.bashrc' - - '%%users.homedir%%/.bash_profile' - - '%%users.homedir%%/.bash_logout' - - '%%users.homedir%%/.cshrc' - - '%%users.homedir%%/.ksh' - - '%%users.homedir%%/.logout' - - '%%users.homedir%%/.profile' - - '%%users.homedir%%/.tcsh' - - '%%users.homedir%%/.zlogin' - - '%%users.homedir%%/.zlogout' - - '%%users.homedir%%/.zprofile' + - '%%users.homedir%%/.bash_logout' + - '%%users.homedir%%/.bash_profile' + - '%%users.homedir%%/.bashrc' + - '%%users.homedir%%/.cshrc' + - '%%users.homedir%%/.ksh' + - '%%users.homedir%%/.logout' + - '%%users.homedir%%/.profile' + - '%%users.homedir%%/.tcsh' + - '%%users.homedir%%/.zlogin' + - '%%users.homedir%%/.zlogout' + - '%%users.homedir%%/.zprofile' labels: [Configuration Files] supported_os: [Linux, Darwin] --- @@ -157,9 +225,9 @@ sources: - type: FILE attributes: paths: - - '%%users.homedir%%/.bash_history' - - '%%users.homedir%%/.sh_history' - - '%%users.homedir%%/.zhistory' - - '%%users.homedir%%/.zsh_history' + - '%%users.homedir%%/.bash_history' + - '%%users.homedir%%/.sh_history' + - '%%users.homedir%%/.zhistory' + - '%%users.homedir%%/.zsh_history' labels: [History Files] supported_os: [Linux, Darwin] diff --git a/data/webservers.yaml b/data/webservers.yaml index 0b140860..700c0d2a 100644 --- a/data/webservers.yaml +++ b/data/webservers.yaml @@ -6,7 +6,7 @@ sources: - type: FILE attributes: paths: - - '/var/log/nginx/access.log*' + - '/var/log/nginx/access.log*' labels: [Software, Logs] supported_os: [Linux] --- @@ -16,9 +16,9 @@ sources: - type: FILE attributes: paths: - - '/var/log/apache/access.log*' - - '/var/log/apache2/access.log*' - - '/var/log/httpd/access.log' + - '/var/log/apache/access.log*' + - '/var/log/apache2/access.log*' + - '/var/log/httpd/access.log' labels: [Software, Logs] supported_os: [Linux] --- @@ -28,8 +28,10 @@ sources: - type: FILE attributes: paths: - - '/wp/wp-config.php' - - '/var/www/wp-config.php' - - '/var/www/**/wp-config.php' + - '/private/var/www/**/wp-config.php' + - '/private/var/www/wp-config.php' + - '/var/www/**/wp-config.php' + - '/var/www/wp-config.php' + - '/wp/wp-config.php' labels: [Configuration Files] supported_os: [Linux, Darwin] diff --git a/tools/validator.py b/tools/validator.py index dd182687..1da3b1ac 100755 --- a/tools/validator.py +++ b/tools/validator.py @@ -21,6 +21,8 @@ class ArtifactDefinitionsValidator(object): LEGACY_PATH = os.path.join('data', 'legacy.yaml') + _MACOS_PRIVATE_SUB_PATHS = ('etc', 'tftpboot', 'tmp', 'var') + def __init__(self): """Initializes an artifact definitions validator.""" super(ArtifactDefinitionsValidator, self).__init__() @@ -52,6 +54,69 @@ def _CheckRegistryKeyPath(self, filename, artifact_definition, key_path): return result + def _CheckMacOSPaths(self, filename, artifact_definition, source, paths): + """Checks if the paths are valid MacOS paths. + + Args: + filename (str): name of the artifacts definition file. + artifact_definition (ArtifactDefinition): artifact definition. + source (SourceType): source definition. + paths (list[str]): paths to validate. + + Returns: + bool: True if the MacOS paths is valid. + """ + result = True + + paths_with_private = [] + paths_with_symbolic_link_to_private = [] + + for path in paths: + path_lower = path.lower() + path_segments = path_lower.split(source.separator) + if not path_segments: + logging.warning(( + 'Empty path defined by artifact definition: {0:s} in file: ' + '{1:s}').format(artifact_definition.name, filename)) + result = False + + elif len(path_segments) == 1: + continue + + elif path_segments[1] in self._MACOS_PRIVATE_SUB_PATHS: + paths_with_symbolic_link_to_private.append(path) + + elif path_segments[1] == 'private' and len(path_segments) >= 2: + if path_segments[2] in self._MACOS_PRIVATE_SUB_PATHS: + paths_with_private.append(path) + + else: + logging.warning(( + 'Unsupported private path: {0:s} defined by artifact definition: ' + '{1:s} in file: {2:s}').format( + path, artifact_definition.name, filename)) + result = False + + for private_path in paths_with_private: + if private_path[8:] not in paths_with_symbolic_link_to_private: + logging.warning(( + 'Missing symbolic link: {0:s} for path: {1:s} defined by artifact ' + 'definition: {2:s} in file: {3:s}').format( + private_path[8:], private_path, artifact_definition.name, + filename)) + result = False + + for path in paths_with_symbolic_link_to_private: + private_path = '/private{0:s}'.format(path) + if private_path not in paths_with_private: + logging.warning(( + 'Missing path: {0:s} for symbolic link: {1:s} defined by artifact ' + 'definition: {2:s} in file: {3:s}').format( + private_path, path, artifact_definition.name, filename)) + result = False + + return result + def _CheckWindowsPath(self, filename, artifact_definition, source, path): """Checks if a path is a valid Windows path. @@ -82,8 +147,13 @@ def _CheckWindowsPath(self, filename, artifact_definition, source, path): path_lower = path.lower() path_segments = path_lower.split(source.separator) + if not path_segments: + logging.warning(( + 'Empty path defined by artifact definition: {0:s} in file: ' + '{1:s}').format(artifact_definition.name, filename)) + result = False - if path_segments[0].startswith('%%users.') and path_segments[0] not in ( + elif path_segments[0].startswith('%%users.') and path_segments[0] not in ( '%%users.appdata%%', '%%users.homedir%%', '%%users.localappdata%%', '%%users.temp%%', '%%users.username%%', '%%users.userprofile%%'): logging.warning(( @@ -186,6 +256,9 @@ def CheckFile(self, filename): artifact_definition.name, filename)) result = False + artifact_definition_supports_macos = ( + definitions.SUPPORTED_OS_DARWIN in ( + artifact_definition.supported_os)) artifact_definition_supports_windows = ( definitions.SUPPORTED_OS_WINDOWS in ( artifact_definition.supported_os)) @@ -193,8 +266,16 @@ def CheckFile(self, filename): for source in artifact_definition.sources: if source.type_indicator in ( definitions.TYPE_INDICATOR_FILE, definitions.TYPE_INDICATOR_PATH): - if (artifact_definition_supports_windows or - definitions.SUPPORTED_OS_WINDOWS in source.supported_os): + + if (definitions.SUPPORTED_OS_DARWIN in source.supported_os or ( + artifact_definition_supports_macos and + not source.supported_os)): + if not self._CheckMacOSPaths( + filename, artifact_definition, source, source.paths): + result = False + + elif (artifact_definition_supports_windows or + definitions.SUPPORTED_OS_WINDOWS in source.supported_os): for path in source.paths: if not self._CheckWindowsPath( filename, artifact_definition, source, path):