risu 1.5.0 → 1.5.1

data/lib/risu/templates/ms_patch_summary.rb

@@ -1,19 +1,45 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Templates
 		class MSPatchSummary < Risu::Base::TemplateBase
-			
+
 			#
 			#
 			def initialize ()
-				@template_info = 
-				{ 
-					:name => "ms_patch_summary", 
-					:author => "hammackj", 
-					:version => "0.0.1", 
+				@template_info =
+				{
+					:name => "ms_patch_summary",
+					:author => "hammackj",
+					:version => "0.0.1",
 					:description => "Generates a Microsoft Patch Summary Report"
 				}
 			end
-			
+
 			#
 			#
 			def render(output)
@@ -21,7 +47,7 @@ module Risu
 				output.text "\n"
 
 				output.font_size(22) { output.text Report.title, :align => :center }
-				output.font_size(18) { 
+				output.font_size(18) {
 					output.text "Missing Microsoft Patch Summary", :align => :center
 					output.text "\n"
 					output.text "This report was prepared by\n#{Report.author}", :align => :center
@@ -37,7 +63,7 @@ module Risu
 					end
 
 					if host.name != nil
-						output.text "Host:", :style => :bold 
+						output.text "Host:", :style => :bold
 						output.text host.name
 					end
 

data/lib/risu/templates/ms_update_summary.rb

@@ -1,19 +1,45 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Templates
 		class MSUpdateSummary < Risu::Base::TemplateBase
-			
+
 			#
 			#
 			def initialize ()
-				@template_info = 
-				{ 
-					:name => "ms_update_summary", 
-					:author => "hammackj", 
-					:version => "0.0.1", 
+				@template_info =
+				{
+					:name => "ms_update_summary",
+					:author => "hammackj",
+					:version => "0.0.1",
 					:description => "Generates a Microsoft Update Summary Report"
 				}
 			end
-			
+
 			#
 			#
 			def render(output)
@@ -21,7 +47,7 @@ module Risu
 				output.text "\n"
 
 				output.font_size(22) { output.text Report.title, :align => :center }
-				output.font_size(18) { 
+				output.font_size(18) {
 					output.text "Microsoft Update Summary", :align => :center
 					output.text "\n"
 					output.text "This report was prepared by\n#{Report.author}", :align => :center

data/lib/risu/templates/ms_wsus_findings.rb

@@ -0,0 +1,99 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Risu
+	module Templates
+		class MSWSUSFindingsTemplate < Risu::Base::TemplateBase
+
+			# Initializes the template loading metadata
+			#
+			def initialize ()
+				@template_info =
+				{
+					:name => "ms_wsus_findings",
+					:author => "hammackj",
+					:version => "0.0.1",
+					:description => "Generates a report based on the findings of the Patch Management: WSUS Report plugin"
+				}
+			end
+
+			# Called during the rendering process
+			#
+			def render(output)
+				output.text Report.classification.upcase, :align => :center
+				output.text "\n"
+
+				output.font_size(22) { output.text Report.title, :align => :center }
+				output.font_size(18) {
+					output.text "Patch Management: WSUS Report", :align => :center
+					output.text "\n"
+					output.text "This report was prepared by\n#{Report.author}", :align => :center
+				}
+
+				output.text "\n\n\n"
+
+				output.font_size 12
+
+				results = Item.where(:plugin_id => 58133)
+
+				results.each do |item|
+					if item.plugin_output == nil
+						next
+					end
+
+					if item.plugin_output =~ /This system is not managed by or has not yet reported to the WSUS server./
+						next
+					end
+
+					item.plugin_output.scan(/\+ WSUS Computer Information \r?\n?\r?\n?\r?\n?    FQDN : (.*)\r?\n?    IP Address : (.*)\r?\n?    Last Sync Time : (.*)\r?\n?    Last Reported Status : (.*)\r?\n?    Last Sync Result : (.*)$/).each do
+						|fqdn, ip, last_sync_time, last_reported_status, last_sync_result|
+
+						output.text "Host: #{ip} (#{fqdn})"
+						output.text "Last Sync Time: #{last_sync_time}"
+						output.text "Last Reported Status: #{last_reported_status}"
+						output.text "Last Sync Result: #{last_sync_result}"
+					end
+
+					output.text "\n"
+
+					output.font_size 10
+
+					item.plugin_output.scan(/^\d* :(.*)\n    Patch State : (.*)\n    Microsoft KB : (.*)\n    severity : (.*)\n    Bulletin Date : (.*)\n    Patch Link : (.*)\n    Description : (.*)\n\r?\n?/).each do
+						|name, patch_state, kb, severity, date, link, description|
+						output.text "Name: #{name}"
+						output.text "State: #{patch_state}"
+						output.text "Severity: #{severity}"
+						output.text "Release date: #{date}"
+						output.text "Link: #{link}"
+						output.text "Description: #{description}"
+						output.text "\n"
+					end
+				end
+			end
+		end
+	end
+end
+

data/lib/risu/templates/notable.rb

@@ -1,29 +1,55 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Templates
 		class Top10 < Risu::Base::TemplateBase
-			
+
 			#
 			#
 			def initialize ()
-				@template_info = 
-				{ 
-					:name => "notable", 
-					:author => "hammackj", 
-					:version => "0.0.2", 
+				@template_info =
+				{
+					:name => "notable",
+					:author => "hammackj",
+					:version => "0.0.2",
 					:description => "Notable Vulnerabilities"
 				}
 			end
-			
+
 			#
 			#
 			def render(output)
 				output.text Report.classification.upcase, :align => :center
 				output.text "\n"
 
-				output.font_size(22) { 
-					output.text Report.title, :align => :center 
+				output.font_size(22) {
+					output.text Report.title, :align => :center
 				}
-				
+
 				output.font_size(18) {
 					output.text "Notable Vulnerabilities", :align => :center
 					output.text "\n"
@@ -31,13 +57,13 @@ module Risu
 				}
 
 				output.text "\n\n\n"
-				
+
 				output.text "Scan Date:", :style => :bold
 				output.text "#{Report.scan_date}"
 				output.text "\n"
-				
+
 				Item.top_10_table(output)
-				
+
 			end
 		end
 	end

data/lib/risu/templates/notable_detailed.rb

@@ -1,19 +1,45 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Templates
 		class NotableDetailed < Risu::Base::TemplateBase
-			
+
 			#
 			#
 			def initialize ()
-				@template_info = 
-				{ 
-					:name => "notable_detailed", 
-					:author => "hammackj", 
-					:version => "0.0.4", 
+				@template_info =
+				{
+					:name => "notable_detailed",
+					:author => "hammackj",
+					:version => "0.0.4",
 					:description => "Notable Vulnerabilities Detailed"
 				}
 			end
-			
+
 			#
 			#
 			def render(output)
@@ -21,9 +47,9 @@ module Risu
 				output.text "\n"
 
 				output.font_size(22) do
-					output.text Report.title, :align => :center 
+					output.text Report.title, :align => :center
 				end
-				
+
 				output.font_size(18) do
 					output.text "Notable Vulnerabilities", :align => :center
 					output.text "\n"
@@ -31,26 +57,26 @@ module Risu
 				end
 
 				output.text "\n\n\n"
-				
+
 				output.text "Scan Date:", :style => :bold
 				output.text "#{Report.scan_date}"
 				output.text "\n"
-				
+
 				output.font_size(10)
-				
+
 				data = Item.top_10_sorted_raw
-				
+
 				unique_risks = Array.new
 				unique_risks << Hash[:title => "Notable Findings", :color => "9B30FF", :values => Item.top_10_sorted_raw[0..9]]
 				counter = 1
-				
+
 				unique_risks.each do |h|
 					if h[:values].length > 1
 						output.text "\n"
 
 						h[:values].each do |f|
 							plugin_id = f[0]
-							
+
 							hosts = Item.where(:plugin_id => plugin_id)
 							item = Item.where(:plugin_id => plugin_id)
 							plugin = Plugin.find_by_id(plugin_id)
@@ -127,7 +153,7 @@ module Risu
 					output.start_new_page unless h[:values] == nil
 				end
 
-				output.number_pages "<page> of <total>", :at => [output.bounds.right - 75, 0], :width => 150, :page_filter => :all				
+				output.number_pages "<page> of <total>", :at => [output.bounds.right - 75, 0], :width => 150, :page_filter => :all
 			end
 		end
 	end

data/lib/risu/templates/pci_compliance.rb

@@ -1,19 +1,45 @@
+# Copyright (c) 2010-2012 Arxopia LLC.
+# All rights reserved.
+
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * Neither the name of the Arxopia LLC nor the names of its contributors
+#     	may be used to endorse or promote products derived from this software
+#     	without specific prior written permission.
+
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL ARXOPIA LLC BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
+# OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+#OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+#OF THE POSSIBILITY OF SUCH DAMAGE.
+
 module Risu
 	module Templates
 		class PCICompliance < Risu::Base::TemplateBase
-			
+
 			#
 			#
 			def initialize ()
-				@template_info = 
-				{ 
-					:name => "pci_compliance", 
-					:author => "hammackj", 
-					:version => "0.0.1", 
+				@template_info =
+				{
+					:name => "pci_compliance",
+					:author => "hammackj",
+					:version => "0.0.2",
 					:description => "Generates a PCI Compliance Overview Report"
 				}
 			end
-			
+
 			#
 			#
 			def render(output)
@@ -21,8 +47,8 @@ module Risu
 				output.text "\n"
 
 				output.font_size(22) { output.text Report.title, :align => :center }
-				output.font_size(18) { 
-					output.text "PCI /DSS Complience Overview", :align => :center
+				output.font_size(18) {
+					output.text "PCI /DSS Compliance Overview", :align => :center
 					output.text "\n"
 					output.text "This report was prepared by\n#{Report.author}", :align => :center
 				}
@@ -42,7 +68,7 @@ module Risu
 				output.text "\n\n"
 
 				if @hosts_passed.length > 0
-					output.font_size(20) { 
+					output.font_size(20) {
 						output.fill_color "00FF00"
 						output.text "PCI / DSS Compliant Hosts", :style => :bold
 						output.fill_color "000000"
@@ -50,7 +76,7 @@ module Risu
 
 					output.text "\n"
 
-					@hosts_passed.each do |host|	
+					@hosts_passed.each do |host|
 						output.text "#{host.ip} / #{host.fqdn} - passed\n"
 					end unless @hosts_passed == nil
 
@@ -58,15 +84,15 @@ module Risu
 				end
 
 				if @hosts_failed.length > 0
-					output.font_size(20) { 
+					output.font_size(20) {
 						output.fill_color "FF0000"
-						output.text "Non PCI / DSS Compliant Hosts", :style => :bold 
+						output.text "Non PCI / DSS Compliant Hosts", :style => :bold
 						output.fill_color "000000"
 						}
 
 					output.text "\n"
 
-					@hosts_failed.each do |host|	
+					@hosts_failed.each do |host|
 							host_id = host.id
 							plugin = Plugin.find(:first, :conditions => { :id => 33929 })
 							item = Item.find(:first, :conditions => { :host_id => host_id, :plugin_id => plugin.id })