Fossil SCM
New security audit checks.
Commit
6c543c030846ea8e29a85b8414e476e101c7b9f948771b543f9a2d457953d6d3
Parent
02683077f4a9a83…
1 file changed
+61
+61
| --- src/security_audit.c | ||
| +++ src/security_audit.c | ||
| @@ -42,10 +42,12 @@ | ||
| 42 | 42 | ** This page requires administrator access |
| 43 | 43 | */ |
| 44 | 44 | void secaudit0_page(void){ |
| 45 | 45 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 46 | 46 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 47 | + char *z; | |
| 48 | + int n; | |
| 47 | 49 | |
| 48 | 50 | login_check_credentials(); |
| 49 | 51 | if( !g.perm.Setup && !g.perm.Admin ){ |
| 50 | 52 | login_needed(0); |
| 51 | 53 | return; |
| @@ -183,10 +185,69 @@ | ||
| 183 | 185 | @ <li><p> |
| 184 | 186 | @ Anonymous users can create or edit wiki, but moderator |
| 185 | 187 | @ approval is required before the edits become permanent. |
| 186 | 188 | } |
| 187 | 189 | } |
| 190 | + | |
| 191 | + /* The push-unversioned privilege should only be provided to | |
| 192 | + ** specific individuals, not to entire classes of people. | |
| 193 | + */ | |
| 194 | + z = db_text(0, "SELECT group_concat(login,' AND ') FROM user" | |
| 195 | + " WHERE cap GLOB '*y*'" | |
| 196 | + " AND login in ('anonymous','nobody','reader','developer')"); | |
| 197 | + if( z && z[0] ){ | |
| 198 | + @ <li><p> | |
| 199 | + @ The "Write-Unver" privilege is granted to an entire of users | |
| 200 | + @ (%h(z)). Ideally, the Write-Unver privilege should only be | |
| 201 | + @ granted to specific individuals, each of whom are highly trusted. | |
| 202 | + } | |
| 203 | + | |
| 204 | + /* Check to see if push-unversioned is granted to many people. | |
| 205 | + */ | |
| 206 | + n = db_int(0,"SELECT count(*) FROM user WHERE cap GLOB '*y*'"); | |
| 207 | + if( n>3 ){ | |
| 208 | + @ <li><p> | |
| 209 | + @ The "Write-Unver" privilege is granted to a large number of | |
| 210 | + @ users (%d(n)). Ideally, the Write-Unver privilege should only | |
| 211 | + @ be granted to one or two specific individuals. | |
| 212 | + } | |
| 213 | + | |
| 214 | + /* Notify if REMOTE_USER or HTTP_AUTHENTICATION is used for login. | |
| 215 | + */ | |
| 216 | + if( db_get_boolean("remote_user_ok", 0) ){ | |
| 217 | + @ <li><p> | |
| 218 | + @ This repository trusts that the REMOTE_USER environment variable set | |
| 219 | + @ up by the webserver contains the name of an authenticated user. | |
| 220 | + @ Fossil's built-in authentication mechanism is bypassed. | |
| 221 | + @ <p>Fix this by deactivating the "Allow REMOTE_USER authentication" | |
| 222 | + @ checkbox on the <a href="setup_access">Access Control</a> page. | |
| 223 | + } | |
| 224 | + if( db_get_boolean("http_authentication_ok", 0) ){ | |
| 225 | + @ <li><p> | |
| 226 | + @ This repository trusts that the HTTP_AUTHENITICATION environment | |
| 227 | + @ variable set up by the webserver contains the name of an | |
| 228 | + @ authenticated user. | |
| 229 | + @ Fossil's built-in authentication mechanism is bypassed. | |
| 230 | + @ <p>Fix this by deactivating the "Allow HTTP_AUTHENTICATION authentication" | |
| 231 | + @ checkbox on the <a href="setup_access">Access Control</a> page. | |
| 232 | + } | |
| 233 | + | |
| 234 | + /* Logging should be turned on | |
| 235 | + */ | |
| 236 | + if( db_get_boolean("access-log",0)==0 ){ | |
| 237 | + @ <li><p> | |
| 238 | + @ The <a href="access_log">User Log</a> is disabled. The user log | |
| 239 | + @ keeps a record of successful and unsucessful login attempts and is | |
| 240 | + @ useful for security monitoring. | |
| 241 | + } | |
| 242 | + if( db_get_boolean("admin-log",0)==0 ){ | |
| 243 | + @ <li><p> | |
| 244 | + @ The <a href="admin_log">Administrative Log</a> is disabled. | |
| 245 | + @ The administrative log provides a record of configuration changes | |
| 246 | + @ and is useful for security monitoring. | |
| 247 | + } | |
| 248 | + | |
| 188 | 249 | |
| 189 | 250 | @ </ol> |
| 190 | 251 | style_footer(); |
| 191 | 252 | } |
| 192 | 253 | |
| 193 | 254 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -42,10 +42,12 @@ | |
| 42 | ** This page requires administrator access |
| 43 | */ |
| 44 | void secaudit0_page(void){ |
| 45 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 46 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 47 | |
| 48 | login_check_credentials(); |
| 49 | if( !g.perm.Setup && !g.perm.Admin ){ |
| 50 | login_needed(0); |
| 51 | return; |
| @@ -183,10 +185,69 @@ | |
| 183 | @ <li><p> |
| 184 | @ Anonymous users can create or edit wiki, but moderator |
| 185 | @ approval is required before the edits become permanent. |
| 186 | } |
| 187 | } |
| 188 | |
| 189 | @ </ol> |
| 190 | style_footer(); |
| 191 | } |
| 192 | |
| 193 |
| --- src/security_audit.c | |
| +++ src/security_audit.c | |
| @@ -42,10 +42,12 @@ | |
| 42 | ** This page requires administrator access |
| 43 | */ |
| 44 | void secaudit0_page(void){ |
| 45 | const char *zAnonCap; /* Capabilities of user "anonymous" and "nobody" */ |
| 46 | const char *zPubPages; /* GLOB pattern for public pages */ |
| 47 | char *z; |
| 48 | int n; |
| 49 | |
| 50 | login_check_credentials(); |
| 51 | if( !g.perm.Setup && !g.perm.Admin ){ |
| 52 | login_needed(0); |
| 53 | return; |
| @@ -183,10 +185,69 @@ | |
| 185 | @ <li><p> |
| 186 | @ Anonymous users can create or edit wiki, but moderator |
| 187 | @ approval is required before the edits become permanent. |
| 188 | } |
| 189 | } |
| 190 | |
| 191 | /* The push-unversioned privilege should only be provided to |
| 192 | ** specific individuals, not to entire classes of people. |
| 193 | */ |
| 194 | z = db_text(0, "SELECT group_concat(login,' AND ') FROM user" |
| 195 | " WHERE cap GLOB '*y*'" |
| 196 | " AND login in ('anonymous','nobody','reader','developer')"); |
| 197 | if( z && z[0] ){ |
| 198 | @ <li><p> |
| 199 | @ The "Write-Unver" privilege is granted to an entire of users |
| 200 | @ (%h(z)). Ideally, the Write-Unver privilege should only be |
| 201 | @ granted to specific individuals, each of whom are highly trusted. |
| 202 | } |
| 203 | |
| 204 | /* Check to see if push-unversioned is granted to many people. |
| 205 | */ |
| 206 | n = db_int(0,"SELECT count(*) FROM user WHERE cap GLOB '*y*'"); |
| 207 | if( n>3 ){ |
| 208 | @ <li><p> |
| 209 | @ The "Write-Unver" privilege is granted to a large number of |
| 210 | @ users (%d(n)). Ideally, the Write-Unver privilege should only |
| 211 | @ be granted to one or two specific individuals. |
| 212 | } |
| 213 | |
| 214 | /* Notify if REMOTE_USER or HTTP_AUTHENTICATION is used for login. |
| 215 | */ |
| 216 | if( db_get_boolean("remote_user_ok", 0) ){ |
| 217 | @ <li><p> |
| 218 | @ This repository trusts that the REMOTE_USER environment variable set |
| 219 | @ up by the webserver contains the name of an authenticated user. |
| 220 | @ Fossil's built-in authentication mechanism is bypassed. |
| 221 | @ <p>Fix this by deactivating the "Allow REMOTE_USER authentication" |
| 222 | @ checkbox on the <a href="setup_access">Access Control</a> page. |
| 223 | } |
| 224 | if( db_get_boolean("http_authentication_ok", 0) ){ |
| 225 | @ <li><p> |
| 226 | @ This repository trusts that the HTTP_AUTHENITICATION environment |
| 227 | @ variable set up by the webserver contains the name of an |
| 228 | @ authenticated user. |
| 229 | @ Fossil's built-in authentication mechanism is bypassed. |
| 230 | @ <p>Fix this by deactivating the "Allow HTTP_AUTHENTICATION authentication" |
| 231 | @ checkbox on the <a href="setup_access">Access Control</a> page. |
| 232 | } |
| 233 | |
| 234 | /* Logging should be turned on |
| 235 | */ |
| 236 | if( db_get_boolean("access-log",0)==0 ){ |
| 237 | @ <li><p> |
| 238 | @ The <a href="access_log">User Log</a> is disabled. The user log |
| 239 | @ keeps a record of successful and unsucessful login attempts and is |
| 240 | @ useful for security monitoring. |
| 241 | } |
| 242 | if( db_get_boolean("admin-log",0)==0 ){ |
| 243 | @ <li><p> |
| 244 | @ The <a href="admin_log">Administrative Log</a> is disabled. |
| 245 | @ The administrative log provides a record of configuration changes |
| 246 | @ and is useful for security monitoring. |
| 247 | } |
| 248 | |
| 249 | |
| 250 | @ </ol> |
| 251 | style_footer(); |
| 252 | } |
| 253 | |
| 254 |