mirror of https://github.com/MISP/MISP
Merge branch 'proxy' into hotfix-2.3.59
Iglocska
commit
06f8a9bbd6
|
|
@ -35,6 +35,14 @@ $config = array (
|
|||
'homedir' => '',
|
||||
'password' => '',
|
||||
),
|
||||
'Proxy' =>
|
||||
array (
|
||||
'host' => '',
|
||||
'port' => '',
|
||||
'method' => '',
|
||||
'user' => '',
|
||||
'password' => '',
|
||||
),
|
||||
'SecureAuth' =>
|
||||
array (
|
||||
'amount' => 5,
|
||||
|
|
|
|||
|
|
@ -289,11 +289,13 @@ class ServersController extends AppController {
|
|||
$tabs = array(
|
||||
'MISP' => array('count' => 0, 'errors' => 0, 'severity' => 5),
|
||||
'GnuPG' => array('count' => 0, 'errors' => 0, 'severity' => 5),
|
||||
'Proxy' => array('count' => 0, 'errors' => 0, 'severity' => 5),
|
||||
'Security' => array('count' => 0, 'errors' => 0, 'severity' => 5),
|
||||
'misc' => array('count' => 0, 'errors' => 0, 'severity' => 5)
|
||||
);
|
||||
$writeableErrors = array(0 => 'OK', 1 => 'Directory doesn\'t exist', 2 => 'Directory is not writeable');
|
||||
$gpgErrors = array(0 => 'OK', 1 => 'FAIL: settings not set', 2 => 'FAIL: bad GnuPG.*', 3 => 'FAIL: encrypt failed');
|
||||
$proxyErrors = array(0 => 'OK', 1 => 'not configured (so not tested)', 2 => 'Getting URL via proxy failed');
|
||||
$stixErrors = array(0 => 'ERROR', 1 => 'OK');
|
||||
|
||||
$results = $this->Server->serverSettingsRead();
|
||||
|
|
@ -394,7 +396,29 @@ class ServersController extends AppController {
|
|||
$gpgStatus = 1;
|
||||
}
|
||||
if ($gpgStatus != 0) $diagnostic_errors++;
|
||||
|
||||
// if Proxy is set up in the settings, try to connect to a test URL
|
||||
$proxyStatus = 0;
|
||||
$proxy = Configure::read('Proxy');
|
||||
if(!empty($proxy['host'])) {
|
||||
App::uses('SyncTool', 'Tools');
|
||||
$syncTool = new SyncTool();
|
||||
try {
|
||||
$HttpSocket = $syncTool->setupHttpSocket();
|
||||
$proxyResponse = $HttpSocket->get('http://www.example.com/');
|
||||
} catch (Exception $e) {
|
||||
$proxyStatus = 2;
|
||||
}
|
||||
if(empty($proxyResponse) || $proxyResponse->code > 399) {
|
||||
$proxyStatus = 2;
|
||||
}
|
||||
} else {
|
||||
$proxyStatus = 1;
|
||||
}
|
||||
if ($proxyStatus > 1) $diagnostic_errors++;
|
||||
|
||||
$this->set('gpgStatus', $gpgStatus);
|
||||
$this->set('proxyStatus', $proxyStatus);
|
||||
$this->set('diagnostic_errors', $diagnostic_errors);
|
||||
$this->set('tab', $tab);
|
||||
$this->set('tabs', $tabs);
|
||||
|
|
@ -403,6 +427,7 @@ class ServersController extends AppController {
|
|||
|
||||
$this->set('writeableErrors', $writeableErrors);
|
||||
$this->set('gpgErrors', $gpgErrors);
|
||||
$this->set('proxyErrors', $proxyErrors);
|
||||
$this->set('stixErrors', $stixErrors);
|
||||
|
||||
if (Configure::read('MISP.background_jobs')) {
|
||||
|
|
@ -437,7 +462,7 @@ class ServersController extends AppController {
|
|||
foreach ($dumpResults as &$dr) {
|
||||
unset($dr['description']);
|
||||
}
|
||||
$dump = array('gpgStatus' => $gpgErrors[$gpgStatus], 'stix' => $stixErrors[$stix], 'writeableDirs' => $writeableDirs, 'finalSettings' => $dumpResults);
|
||||
$dump = array('gpgStatus' => $gpgErrors[$gpgStatus], 'proxyStatus' => $proxyErrors[$proxyStatus], 'stix' => $stixErrors[$stix], 'writeableDirs' => $writeableDirs, 'finalSettings' => $dumpResults);
|
||||
$this->response->body(json_encode($dump, JSON_PRETTY_PRINT));
|
||||
$this->response->type('json');
|
||||
$this->response->download('MISP.report.json');
|
||||
|
|
@ -453,12 +478,16 @@ class ServersController extends AppController {
|
|||
|
||||
private function __checkVersion() {
|
||||
if (!$this->_isSiteAdmin()) throw new MethodNotAllowedException();
|
||||
set_error_handler(function() {});
|
||||
$options = array('http' => array('user_agent'=> $_SERVER['HTTP_USER_AGENT']));
|
||||
$context = stream_context_create($options);
|
||||
$tags = file_get_contents('https://api.github.com/repos/MISP/MISP/tags', false, $context);
|
||||
restore_error_handler();
|
||||
if ($tags != false) {
|
||||
App::uses('SyncTool', 'Tools');
|
||||
$syncTool = new SyncTool();
|
||||
try {
|
||||
$HttpSocket = $syncTool->setupHttpSocket();
|
||||
$response = $HttpSocket->get('https://api.github.com/repos/MISP/MISP/tags');
|
||||
$tags = $response->body;
|
||||
} catch (Exception $e) {
|
||||
return false;
|
||||
}
|
||||
if ($response->isOK() && !empty($tags)) {
|
||||
$json_decoded_tags = json_decode($tags);
|
||||
|
||||
// find the latest version tag in the v[major].[minor].[hotfix] format
|
||||
|
|
|
|||
|
|
@ -2,12 +2,18 @@
|
|||
|
||||
class SyncTool {
|
||||
// take a server as parameter and return a HttpSocket object using the ssl options defined in the server settings
|
||||
public function setupHttpSocket($server) {
|
||||
public function setupHttpSocket($server = null) {
|
||||
$params = array();
|
||||
App::uses('HttpSocket', 'Network/Http');
|
||||
if ($server['Server']['cert_file']) $params['ssl_cafile'] = APP . "files" . DS . "certs" . DS . $server['Server']['id'] . '.pem';
|
||||
if ($server['Server']['self_signed']) $params['ssl_allow_self_signed'] = $server['Server']['self_signed'];
|
||||
if(!empty($server)) {
|
||||
if ($server['Server']['cert_file']) $params['ssl_cafile'] = APP . "files" . DS . "certs" . DS . $server['Server']['id'] . '.pem';
|
||||
if ($server['Server']['self_signed']) $params['ssl_allow_self_signed'] = $server['Server']['self_signed'];
|
||||
}
|
||||
$HttpSocket = new HttpSocket($params);
|
||||
|
||||
$proxy = Configure::read('Proxy');
|
||||
$HttpSocket->configProxy($proxy['host'], $proxy['port'], $proxy['method'], $proxy['user'], $proxy['password']);
|
||||
|
||||
return $HttpSocket;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -425,6 +425,49 @@ class Server extends AppModel {
|
|||
'type' => 'string',
|
||||
),
|
||||
),
|
||||
'Proxy' => array(
|
||||
'branch' => 1,
|
||||
'host' => array(
|
||||
'level' => 2,
|
||||
'description' => 'The hostname of an HTTP proxy for outgoing sync requests. Leave empty to not use a proxy.',
|
||||
'value' => '',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
),
|
||||
'port' => array(
|
||||
'level' => 2,
|
||||
'description' => 'The TCP port for the HTTP proxy.',
|
||||
'value' => '',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForNumeric',
|
||||
'type' => 'numeric',
|
||||
),
|
||||
'method' => array(
|
||||
'level' => 2,
|
||||
'description' => 'The authentication method for the HTTP proxy. Currently supported are Basic or Digest. Leave empty for no proxy authentication.',
|
||||
'value' => '',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
),
|
||||
'user' => array(
|
||||
'level' => 2,
|
||||
'description' => 'The authentication username for the HTTP proxy.',
|
||||
'value' => '',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
),
|
||||
'password' => array(
|
||||
'level' => 2,
|
||||
'description' => 'The authentication password for the HTTP proxy.',
|
||||
'value' => '',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testForEmpty',
|
||||
'type' => 'string',
|
||||
),
|
||||
),
|
||||
'Security' => array(
|
||||
'branch' => 1,
|
||||
'salt' => array(
|
||||
|
|
@ -1016,7 +1059,7 @@ class Server extends AppModel {
|
|||
|
||||
public function serverSettingsSaveValue($setting, $value) {
|
||||
Configure::write($setting, $value);
|
||||
Configure::dump('config.php', 'default', array('MISP', 'GnuPG', 'SecureAuth', 'Security', 'debug'));
|
||||
Configure::dump('config.php', 'default', array('MISP', 'GnuPG', 'Proxy', 'SecureAuth', 'Security', 'debug'));
|
||||
}
|
||||
|
||||
public function checkVersion($newest) {
|
||||
|
|
|
|||
|
|
@ -86,4 +86,18 @@
|
|||
echo 'GnuPG installation and settings....<span style="color:' . $colour . ';">' . $message . '</span>';
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
<h3>
|
||||
Proxy
|
||||
</h3>
|
||||
<p>This tool tests whether your HTTP proxy settings are correct.</p>
|
||||
<div style="background-color:#f7f7f9;width:300px;">
|
||||
<?php
|
||||
$colour = 'green';
|
||||
$message = $proxyErrors[$proxyStatus];
|
||||
if ($proxyStatus > 1) {
|
||||
$colour = 'red';
|
||||
}
|
||||
echo 'Proxy settings....<span style="color:' . $colour . ';">' . $message . '</span>';
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@
|
|||
<li><b>Overview</b>: General overview of the current state of your MISP installation</li>
|
||||
<li><b>MISP settings</b>: Basic MISP settings. This includes the way MISP handles the default settings for distribution settings, whether background jobs are enabled, etc</li>
|
||||
<li><b>GnuPG settings</b>: GPG related settings.</li>
|
||||
<li><b>Proxy settings</b>: HTTP proxy related settings.</li>
|
||||
<li><b>Security settings</b>: Settings controlling the brute-force protection and the application's salt key.</li>
|
||||
<li><b>Misc settings</b>: You change the debug options here, but make sure that debug is always disabled on a production system.</li>
|
||||
<li><b>Diagnostics</b>: The diagnostics tool checks if all directories that MISP uses to store data are writeable by the apache user. Also, the tool checks whether the STIX libraries and GPG are working as intended.</li>
|
||||
|
|
@ -240,4 +241,4 @@
|
|||
<li><b>Message</b>: This field shows when the job was queued by the scheduler for execution. </li>
|
||||
</ul>
|
||||
<br /><img src="/img/doc/schedule.png" alt = "" title = "Site administrators can schedule reccuring tasks on this page."/><br />
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
<h2>Server settings</h2>
|
||||
<?php
|
||||
echo $this->element('healthElements/tabs');
|
||||
if (in_array($tab, array('MISP', 'Security', 'GnuPG', 'misc'))) {
|
||||
if (in_array($tab, array('MISP', 'Security', 'GnuPG', 'Proxy', 'misc'))) {
|
||||
echo $this->element('healthElements/settings_tab');
|
||||
} else if ($tab == 'diagnostics') {
|
||||
echo $this->element('healthElements/diagnostics');
|
||||
|
|
@ -17,4 +17,4 @@
|
|||
</div>
|
||||
<?php
|
||||
echo $this->element('side_menu', array('menuList' => 'admin', 'menuItem' => 'serverSettings'));
|
||||
?>
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue