risu 1.4.8 → 1.4.9
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE +1 -1
- data/NEWS.markdown +25 -0
- data/README.markdown +7 -4
- data/TODO.markdown +24 -15
- data/lib/risu/base/schema.rb +9 -0
- data/lib/risu/base/template_base.rb +7 -4
- data/lib/risu/base.rb +0 -5
- data/lib/risu/cli/application.rb +0 -4
- data/lib/risu/models/host.rb +30 -28
- data/lib/risu/models/item.rb +104 -29
- data/lib/risu/models/report.rb +1 -1
- data/lib/risu/parsers/nessus/nessus_sax_listener.rb +29 -172
- data/lib/risu/templates/assets.rb +5 -5
- data/lib/risu/templates/cover_sheet.rb +1 -1
- data/lib/risu/templates/exec_summary.rb +8 -5
- data/lib/risu/templates/executive_summary.rb +2 -2
- data/lib/risu/templates/finding_statistics.rb +1 -1
- data/lib/risu/templates/findings_host.rb +1 -1
- data/lib/risu/templates/findings_summary.rb +11 -8
- data/lib/risu/templates/findings_summary_with_pluginid.rb +1 -1
- data/lib/risu/templates/graphs.rb +1 -1
- data/lib/risu/templates/host_summary.rb +1 -1
- data/lib/risu/templates/ms_patch_summary.rb +1 -1
- data/lib/risu/templates/ms_update_summary.rb +1 -1
- data/lib/risu/templates/notable.rb +45 -0
- data/lib/risu/templates/notable_detailed.rb +135 -0
- data/lib/risu/templates/pci_compliance.rb +1 -1
- data/lib/risu/templates/technical_findings.rb +3 -1
- data/lib/risu/templates/template.rb +3 -2
- data/lib/risu.rb +1 -1
- metadata +30 -28
data/LICENSE
CHANGED
data/NEWS.markdown
CHANGED
@@ -1,5 +1,30 @@
|
|
1
1
|
# News
|
2
2
|
|
3
|
+
#1.4.9 (January 23, 2012)
|
4
|
+
- Added a simple notable vulnerability template table report
|
5
|
+
- Added a detailed notable vulnerability template like the technical_findings report just limited to the top vulnerabilities up to 10
|
6
|
+
- API for the top 10 vulnerabilities can be found on the Item model
|
7
|
+
- top_10_sorted_raw(), returns the top 10 vulnerabilities in an Array sorted in the form of [plugin_id, count]
|
8
|
+
- top_10_sorted(), returns the top 10 vulnerabilities in an Array sorted in the form of [name, count]
|
9
|
+
- top_10_table(output), inserts a table into the output parameter object with the top 10 data using the top_10_sorted() method
|
10
|
+
- All report template classification headers are forced upper case
|
11
|
+
- Added 6 PCI related fields
|
12
|
+
- pcidss:directory_browsing
|
13
|
+
- pcidss:known_credentials
|
14
|
+
- pcidss:compromised_host:worm
|
15
|
+
- pcidss:unprotected_mssql_db
|
16
|
+
- pcidss:obsolete_software
|
17
|
+
- pcidss:www:sql_injection
|
18
|
+
- Added New XML fields
|
19
|
+
- exploit_framework_exploithub
|
20
|
+
- exploithub_sku
|
21
|
+
- stig_severity
|
22
|
+
- Item.risks_by_host now only returns High findings. New accessors for each level will be added for 1.5 with support for the next version of Nessus
|
23
|
+
- Fixed a bug on the exec_summary_detailed detailed report
|
24
|
+
- A quick reference for Microsoft findings can now be found in the Patch model,
|
25
|
+
You are able to get host_id, name(patch name, ie MS01-001), value (plugin_id)
|
26
|
+
- Please report any missing tags that risu outputs to jacob[dot]hammackj[@]hammackj[.]com, I expect a ton of Microsoft Patch tags missing
|
27
|
+
|
3
28
|
#1.4.8 (August 21, 2011)
|
4
29
|
- Fixed a gemspec dependency error reported by mlpotgieter
|
5
30
|
- Fixed a parser error related to Microsoft Bulletins report by stevelodin
|
data/README.markdown
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
Risu is [Nessus](http://www.nessus.org) parser, that converts the generated reports into a [ActiveRecord](http://api.rubyonrails.org/classes/ActiveRecord/Base.html) database, this allows for easy report generation and vulnerability verification.
|
4
4
|
|
5
|
-
Version 1.4.
|
5
|
+
Version 1.4.9 is the current release.
|
6
6
|
|
7
7
|
## Requirements
|
8
8
|
|
@@ -10,7 +10,7 @@ Version 1.4.5 is the current release.
|
|
10
10
|
Risu has been tested with ruby-1.8.7-p334, ruby-1.9.1-p431, ruby-1.9.2-p180. Please try to use one of these versions if possible. I recommend using RVM to setup your ruby environment you can get it [here](https://rvm.beginrescueend.com/).
|
11
11
|
|
12
12
|
### RubyGems
|
13
|
-
Risu relies heavily on RubyGems to install other dependencies I highly recommend using it. RubyGems is included by default in the
|
13
|
+
Risu relies heavily on [RubyGems](http://rubygems.org/) to install other dependencies I highly recommend using it. RubyGems is included by default in the 1.9.x versions of [Ruby](http://ruby-lang.org/).
|
14
14
|
|
15
15
|
- libxml
|
16
16
|
- rails
|
@@ -74,7 +74,7 @@ Using the risu Console is just like using Rails. You can access all of the Activ
|
|
74
74
|
|_| |_|___/\__,_|
|
75
75
|
|
76
76
|
|
77
|
-
risu Console v1.4.
|
77
|
+
risu Console v1.4.9
|
78
78
|
>> Host.first
|
79
79
|
=> #<Risu::Models::Host id: 1, report_id: 1, name: "10.69.69.74", os: "Linux Kernel 2.6 on Debian 4.0 (etch)", mac: "XX:XX:XX:XX:XX:XX", start: "2011-04-20 16:29:37", end: "2011-04-20 16:32:14", ip: "10.69.69.74", fqdn: "redada.hammackj.net", netbios: "REDADA", local_checks_proto: nil, smb_login_used: nil, ssh_auth_meth: nil, ssh_login_used: nil, pci_dss_compliance: nil, notes: nil>
|
80
80
|
|
@@ -100,7 +100,10 @@ Several templates are included:
|
|
100
100
|
template - template
|
101
101
|
[hammackj@taco:~/Projects/public/risu]$
|
102
102
|
|
103
|
-
The templates are written in ruby using [prawn](http://prawn.majesticseacreature.com/), they are fairly easy to make. I will add any templates as requested. See 'template' for creating your own template.
|
103
|
+
The templates are written in ruby using [prawn](http://prawn.majesticseacreature.com/), they are fairly easy to make. I will add any templates as requested. See the 'template' example for creating your own template.
|
104
|
+
|
105
|
+
# Contributing
|
106
|
+
If you would like to contribute templates/bug fixes/etc to risu. The easiest way is to fork the project on [github](http://github.com/hammackj/risu) and make the changes in your fork and the submit a pull request to the project.
|
104
107
|
|
105
108
|
# Issues
|
106
109
|
If you have any problems, bugs or feature requests please use the [github issue tracker](http://github.com/hammackj/risu/issues).
|
data/TODO.markdown
CHANGED
@@ -2,21 +2,21 @@
|
|
2
2
|
|
3
3
|
**Release dates are estimates, and features can be changed at any time.**
|
4
4
|
|
5
|
-
## 1.4.
|
6
|
-
- Make sure all classification headers are upcase
|
5
|
+
## 1.4.10 (??)
|
7
6
|
- Ensure font sizes are standard in the templates
|
8
7
|
- The font in tech findings could be 1 size smaller
|
9
8
|
- Add a filtering system for lowering the rating of plugins based on config
|
10
9
|
- Compact the data in tech findings to be more printer friendly
|
11
|
-
|
12
|
-
- pcidss:directory_browsing
|
13
|
-
- pcidss:known_credentials
|
14
|
-
- pcidss:compromised_host:worm
|
15
10
|
- Add tests for Patch model
|
16
|
-
-
|
11
|
+
- Plugin reference accessors with auto text
|
12
|
+
- finding summary coversheet looks odd
|
13
|
+
- unsupported OS template
|
14
|
+
- add list of unsupported os ip's accessor
|
15
|
+
- detailed findings should be combined to save paper on printing
|
16
|
+
- add more detailed pci templates
|
17
17
|
|
18
|
-
## 1.5 (
|
19
|
-
-
|
18
|
+
## 1.5 (??)
|
19
|
+
- Nessus 5.0 compatible
|
20
20
|
- Complete comments for all existing code
|
21
21
|
- Create rSpec tests for everything (95%+ code coverage goal)
|
22
22
|
- Parser tests
|
@@ -45,7 +45,16 @@
|
|
45
45
|
- pci compliance
|
46
46
|
- tech findings
|
47
47
|
|
48
|
-
|
48
|
+
- CentOS 6 tutorial
|
49
|
+
- Ubuntu latest tutorial
|
50
|
+
- Implement the ability to filter data out of the report
|
51
|
+
- Filter on
|
52
|
+
- Host Mac Address
|
53
|
+
- Host IP
|
54
|
+
- Plugin ID
|
55
|
+
-
|
56
|
+
|
57
|
+
##1.5.1 (??) - Template work
|
49
58
|
- Provide more templates
|
50
59
|
- Virtual Machine Summary
|
51
60
|
- Fix list Report?
|
@@ -56,11 +65,11 @@
|
|
56
65
|
- Colorize the reports with better style
|
57
66
|
- Added TOC/Index to the technical findings report, issue 15
|
58
67
|
|
59
|
-
##1.5.2 (
|
68
|
+
##1.5.2 (??) - Parser work
|
60
69
|
- Add Schema checks to make sure the schema is compatible with the version of risu
|
61
70
|
- Create a Nessus document generator, for testing the parser
|
62
71
|
|
63
|
-
#1.5.3 (
|
72
|
+
#1.5.3 (??) - Template Work
|
64
73
|
- Implement different renderers
|
65
74
|
- pdf
|
66
75
|
- cvs
|
@@ -69,7 +78,7 @@
|
|
69
78
|
- Abstract the api for prawn to support different renders
|
70
79
|
- DSL for report creation to abstract the reports to have different output types
|
71
80
|
|
72
|
-
## 1.6 (
|
81
|
+
## 1.6 (??)
|
73
82
|
- Remove rmagick (GRRRR!)
|
74
83
|
- Move to ruby 1.9.2 only support
|
75
84
|
- Add Parser for Nessus NBE Format
|
@@ -79,8 +88,8 @@
|
|
79
88
|
- Add Parser for SecurityCenter Output
|
80
89
|
- Add Parser for Nexpose xml
|
81
90
|
- Add Parser for Qualys xml
|
82
|
-
- Look at moving to nokogiri for xml parsing
|
91
|
+
- Look at moving to nokogiri for xml parsing; http://nokogiri.org
|
83
92
|
- Easier way to select the Scan to generate reports from
|
84
93
|
|
85
|
-
## 2.0 (
|
94
|
+
## 2.0 (??)
|
86
95
|
- Rails FrontEnd to Risu
|
data/lib/risu/base/schema.rb
CHANGED
@@ -69,6 +69,12 @@ module Risu
|
|
69
69
|
t.string :pcidss_medium_risk_flaw
|
70
70
|
t.string :pcidss_reachable_db
|
71
71
|
t.string :pcidss_www_xss
|
72
|
+
t.string :pcidss_directory_browsing
|
73
|
+
t.string :pcidss_known_credentials
|
74
|
+
t.string :pcidss_compromised_host_worm
|
75
|
+
t.string :pcidss_unprotected_mssql_db
|
76
|
+
t.string :pcidss_obsolete_software
|
77
|
+
t.string :pcidss_www_sql_injection
|
72
78
|
t.string :system_type
|
73
79
|
t.text :notes
|
74
80
|
end
|
@@ -107,6 +113,9 @@ module Risu
|
|
107
113
|
t.text :solution
|
108
114
|
t.text :synopsis
|
109
115
|
t.string :plugin_type
|
116
|
+
t.string :exploit_framework_exploithub
|
117
|
+
t.string :exploithub_sku
|
118
|
+
t.string :stig_severity
|
110
119
|
end
|
111
120
|
|
112
121
|
create_table :individual_plugin_selections do |t|
|
@@ -1,6 +1,7 @@
|
|
1
1
|
module Risu
|
2
2
|
module Base
|
3
|
-
|
3
|
+
|
4
|
+
# Base template class, all report templates must be a subclass of this.
|
4
5
|
#
|
5
6
|
class TemplateBase
|
6
7
|
@possible_templates = []
|
@@ -9,12 +10,14 @@ module Risu
|
|
9
10
|
attr_reader :possible_templates
|
10
11
|
end
|
11
12
|
|
13
|
+
# Accessor for template metadata
|
12
14
|
#
|
13
|
-
#
|
15
|
+
# @return [Hash] Containing template metadata
|
14
16
|
attr_accessor :template_info
|
15
17
|
|
16
|
-
#
|
17
|
-
#
|
18
|
+
# Adds any class that inherits from [TemplateBase] into an [Array] of
|
19
|
+
# possible templates for further validation.
|
20
|
+
#
|
18
21
|
def self.inherited(child)
|
19
22
|
possible_templates << child
|
20
23
|
end
|
data/lib/risu/base.rb
CHANGED
@@ -3,11 +3,6 @@ module Risu
|
|
3
3
|
end
|
4
4
|
end
|
5
5
|
|
6
|
-
#Remove this by 1.5 as it doesn't seem to be needed
|
7
|
-
#if ActiveRecord::Base.connected? == true
|
8
|
-
# require 'risu/base/schema'
|
9
|
-
#end
|
10
|
-
|
11
6
|
require 'risu/base/template_base'
|
12
7
|
require 'risu/base/template_manager'
|
13
8
|
require 'risu/base/prawn_templater'
|
data/lib/risu/cli/application.rb
CHANGED
@@ -132,15 +132,11 @@ module Risu
|
|
132
132
|
|
133
133
|
rescue ActiveRecord::AdapterNotSpecified => ans
|
134
134
|
puts "[!] Database adapter not found, please check your config file"
|
135
|
-
|
136
135
|
puts "#{ans.message}\n #{ans.backtrace}" if @options[:debug]
|
137
|
-
|
138
136
|
exit
|
139
137
|
rescue ActiveRecord::AdapterNotFound => anf
|
140
138
|
puts "[!] Database adapter not found, please check your config file"
|
141
|
-
|
142
139
|
puts "#{anf.message}\n #{anf.backtrace}" if @options[:debug]
|
143
|
-
|
144
140
|
exit
|
145
141
|
rescue => e
|
146
142
|
puts "[!] Exception! #{e.message}\n #{e.backtrace}"
|
data/lib/risu/models/host.rb
CHANGED
@@ -273,8 +273,9 @@ module Risu
|
|
273
273
|
# @return [StringIO] Binary image object of the results
|
274
274
|
def top_vuln_graph(limit=10)
|
275
275
|
g = Gruff::Bar.new(GRAPH_WIDTH)
|
276
|
-
g.title = sprintf "Top
|
276
|
+
g.title = sprintf "Top 10 Hosts with Notable Findings Count"
|
277
277
|
g.sort = false
|
278
|
+
g.y_axis_increment = 1
|
278
279
|
g.theme = {
|
279
280
|
:colors => %w(red orange yellow blue green purple black grey brown pink),
|
280
281
|
:background_colors => %w(white white)
|
@@ -282,9 +283,11 @@ module Risu
|
|
282
283
|
|
283
284
|
Item.risks_by_host(limit).all.each do |item|
|
284
285
|
ip = Host.find_by_id(item.host_id).name
|
285
|
-
count = Item.where(:host_id => item.host_id).where("severity IN (?)", [2,3]).count
|
286
|
-
|
287
|
-
|
286
|
+
# count = Item.where(:host_id => item.host_id).where("severity IN (?)", [2,3]).count
|
287
|
+
count = Item.where(:host_id => item.host_id).where(:severity => 3).count
|
288
|
+
if count > 0
|
289
|
+
g.data(ip, count)
|
290
|
+
end
|
288
291
|
end
|
289
292
|
|
290
293
|
StringIO.new(g.to_blob)
|
@@ -359,10 +362,10 @@ module Risu
|
|
359
362
|
g.data("Server 2008", w2k8) if w2k8 >= 1
|
360
363
|
g.data("7", w7) if w7 >= 1
|
361
364
|
g.data("Other Windows", other) if other >= 1
|
362
|
-
|
365
|
+
|
363
366
|
StringIO.new(g.to_blob)
|
364
367
|
end
|
365
|
-
|
368
|
+
|
366
369
|
#
|
367
370
|
#
|
368
371
|
def windows_os_graph_text
|
@@ -374,21 +377,21 @@ module Risu
|
|
374
377
|
w2k8 = Host.os_windows_2k8.all.count
|
375
378
|
w7 = Host.os_windows_7.all.count
|
376
379
|
other = (Host.os_windows.os_windows_other).all.count
|
377
|
-
|
378
|
-
windows_os_count = nt + w2k + xp + w2k3 + vista + w7 + w2k8
|
379
|
-
|
380
|
+
|
381
|
+
windows_os_count = nt + w2k + xp + w2k3 + vista + w7 + w2k8 + other
|
382
|
+
|
380
383
|
nt_percent = (nt.to_f / windows_os_count.to_f) * 100
|
381
384
|
w2k_percent = (w2k.to_f / windows_os_count.to_f) * 100
|
382
385
|
xp_percent = (xp.to_f / windows_os_count.to_f) * 100
|
383
386
|
w2k3_percent = (w2k3.to_f / windows_os_count.to_f) * 100
|
384
387
|
vista_percent = (vista.to_f / windows_os_count.to_f) * 100
|
385
|
-
|
388
|
+
|
386
389
|
w2k8_percent = (w2k8.to_f / windows_os_count.to_f) * 100
|
387
390
|
w7_percent = (w7.to_f / windows_os_count.to_f) * 100
|
388
|
-
|
391
|
+
|
389
392
|
text = "This graph shows the percentage of the different Microsoft Windows based operating systems " +
|
390
393
|
"found on the #{Report.title} network.\n\n"
|
391
|
-
|
394
|
+
|
392
395
|
text << "#{nt_percent.round.to_i}% of the network is Windows NT. " if nt_percent >= 1
|
393
396
|
text << "#{w2k_percent.round.to_i}% of the network is Windows 2000. " if w2k_percent >= 1
|
394
397
|
text << "#{xp_percent.round.to_i}% of the network is Windows XP. " if xp_percent >= 1
|
@@ -396,10 +399,10 @@ module Risu
|
|
396
399
|
text << "#{vista_percent.round.to_i}% of the network is Windows Vista. " if vista_percent >= 1
|
397
400
|
text << "#{w2k8_percent.round.to_i}% of the network is Windows Server 2008. " if w2k8_percent >= 1
|
398
401
|
text << "#{w7_percent.round.to_i}% of the network is Windows 7. " if w7_percent >= 1
|
399
|
-
|
402
|
+
|
400
403
|
text << "\n\n" << unsupported_os_windows if nt > 0 or w2k > 0
|
401
|
-
|
402
|
-
return text
|
404
|
+
|
405
|
+
return text
|
403
406
|
end
|
404
407
|
|
405
408
|
# @todo add plural check
|
@@ -411,12 +414,12 @@ module Risu
|
|
411
414
|
|
412
415
|
unsupported_os_text = "Several unsupported operating systems were discovered on the network. " +
|
413
416
|
"These operating systems are no longer updated by the specific vendor. These operating systems should be " +
|
414
|
-
"updated and replaced as soon as possible.\n\n"
|
417
|
+
"updated and replaced as soon as possible. If possible, disconnected from the network until updated.\n\n"
|
415
418
|
|
416
419
|
unsupported_os_text << "#{win_text}" if win_text != ""
|
417
420
|
unsupported_os_text << "#{aix_text}" if aix_text != ""
|
418
421
|
unsupported_os_text << "#{freebsd_text}" if freebsd_text != ""
|
419
|
-
|
422
|
+
|
420
423
|
return unsupported_os_text
|
421
424
|
end
|
422
425
|
|
@@ -428,10 +431,10 @@ module Risu
|
|
428
431
|
|
429
432
|
#Host.os_windows.not_os_windows_7.not_os_windows_2008.not_os_windows_vista.not_os_windows_2003.not_os_windows_xp
|
430
433
|
|
431
|
-
win_nt_text = "Windows NT is an unsupported sperating system
|
434
|
+
win_nt_text = "Windows NT is an unsupported sperating system; Microsoft has stopped support as of June 2004. " +
|
432
435
|
"Please see http://windows.microsoft.com/en-us/windows/products/lifecycle for more information.\n\n" if win_nt.count >= 1
|
433
436
|
|
434
|
-
win_2000_text = "Windows 2000 is an unsupported operating system
|
437
|
+
win_2000_text = "Windows 2000 is an unsupported operating system; Microsoft has stopped support as of June 2004. " +
|
435
438
|
"Please see http://windows.microsoft.com/en-us/windows/products/lifecycle for more information.\n\n" if win_2000.count >= 1
|
436
439
|
|
437
440
|
return "#{win_nt_text}#{win_2000_text}"
|
@@ -450,16 +453,16 @@ module Risu
|
|
450
453
|
|
451
454
|
return text
|
452
455
|
end
|
453
|
-
|
456
|
+
|
454
457
|
#
|
455
458
|
#
|
456
459
|
def unsupported_os_freebsd
|
457
460
|
text = ""
|
458
461
|
freebsd = Host.os_freebsd.where("OS LIKE 'FreeBSD 5.%'")
|
459
|
-
|
460
|
-
text = "FreeBSD 5 support ended on 2008-05-31. Upgrade to FreeBSD 8.2 or 7.4. For more information, " +
|
462
|
+
|
463
|
+
text = "FreeBSD 5 support ended on 2008-05-31. Upgrade to FreeBSD 8.2 or 7.4. For more information, " +
|
461
464
|
"see : http://www.freebsd.org/security/\n\n" if freebsd.count >= 1
|
462
|
-
|
465
|
+
|
463
466
|
return text
|
464
467
|
end
|
465
468
|
|
@@ -483,19 +486,18 @@ module Risu
|
|
483
486
|
linux_percent = (linux.to_f / other_os_count.to_f) * 100
|
484
487
|
aix_percent = (aix.to_f / other_os_count.to_f) * 100
|
485
488
|
freebsd_percent = (freebsd.to_f / other_os_count.to_f) * 100
|
486
|
-
vmware_percent = (esx.to_f / other_os_count.to_f) * 100
|
487
|
-
|
489
|
+
vmware_percent = (esx.to_f / other_os_count.to_f) * 100
|
490
|
+
|
488
491
|
#todo add other os's here
|
489
|
-
|
492
|
+
|
490
493
|
|
491
494
|
text << "#{linux_percent.to_i}% of the network is running an Linux based operating system. " if linux_percent >= 1
|
492
495
|
text << "#{aix_percent.to_i}% of the network is running an AIX based operating system. " if aix_percent >= 1
|
493
496
|
text << "#{freebsd_percent.to_i}% of the network is running an FreeBSD based operating system. " if freebsd_percent >= 1
|
494
497
|
text << "#{vmware_percent.to_i}% of the network is running an VMware based operating system. " if vmware_percent >= 1
|
495
|
-
|
498
|
+
|
496
499
|
text << "\n\n"<< unsupported_os_aix if aix > 0
|
497
500
|
text << "\n\n" << unsupported_os_freebsd if freebsd > 0
|
498
|
-
|
499
501
|
|
500
502
|
return text
|
501
503
|
end
|
data/lib/risu/models/item.rb
CHANGED
@@ -117,13 +117,15 @@ module Risu
|
|
117
117
|
select("items.*").select("count(*) as count_all").joins(:plugin).where("plugin_id != 1").where(:severity => 3).group(:plugin_id).order("count_all DESC").limit(limit)
|
118
118
|
end
|
119
119
|
|
120
|
-
# Queries for all the risks by host
|
120
|
+
# Queries for all the high risks by host
|
121
121
|
#
|
122
122
|
# @param limit Limits the result to a specific number, default 10
|
123
123
|
#
|
124
|
+
# @todo add high/med/low_risks_by_host functions
|
125
|
+
#
|
124
126
|
# @return [ActiveRecord::Relation] with the query results
|
125
127
|
def risks_by_host(limit=10)
|
126
|
-
select("items.*").select("count(*) as count_all").joins(:host).where("plugin_id != 1").where(:severity =>
|
128
|
+
select("items.*").select("count(*) as count_all").joins(:host).where("plugin_id != 1").where(:severity => 3).group(:host_id).order("count_all DESC").limit(limit)
|
127
129
|
end
|
128
130
|
|
129
131
|
# Queries for all the hosts with the Microsoft patch summary plugin (38153)
|
@@ -161,14 +163,13 @@ module Risu
|
|
161
163
|
StringIO.new(g.to_blob)
|
162
164
|
end
|
163
165
|
|
166
|
+
#@todo comment
|
164
167
|
def risks_by_service_graph_text
|
165
168
|
"This graph is a representation of the findings found by service. This graph can help " +
|
166
169
|
"understand what services are running on the network and if they are vulnerable, where " +
|
167
|
-
"the risks are and how they should be protected.\n\n"
|
168
|
-
|
170
|
+
"the risks are and how they should be protected.\n\n"
|
169
171
|
end
|
170
172
|
|
171
|
-
|
172
173
|
# Generates a Graph of all the risks by severity
|
173
174
|
#
|
174
175
|
# @return [StringIO] Object containing the generated PNG image
|
@@ -200,7 +201,7 @@ module Risu
|
|
200
201
|
end
|
201
202
|
|
202
203
|
# @todo change Report.title to a real variable
|
203
|
-
#
|
204
|
+
# @todo rewite this
|
204
205
|
def risks_by_severity_graph_text
|
205
206
|
high = Item.high_risks.count
|
206
207
|
medium = Item.medium_risks.count
|
@@ -208,23 +209,8 @@ module Risu
|
|
208
209
|
if high == nil then high = 0 end
|
209
210
|
if medium == nil then medium = 0 end
|
210
211
|
|
211
|
-
percentage = high
|
212
|
-
|
213
|
-
adjective = case percentage
|
214
|
-
when 0..5
|
215
|
-
"excellent"
|
216
|
-
when 6..10
|
217
|
-
"great"
|
218
|
-
when 11..20
|
219
|
-
"very good"
|
220
|
-
when 21..30
|
221
|
-
"good"
|
222
|
-
when 31..40
|
223
|
-
"fair"
|
224
|
-
else
|
225
|
-
"poor"
|
226
|
-
end
|
227
|
-
|
212
|
+
#percentage = high
|
213
|
+
|
228
214
|
hosts_with_high = Hash.new
|
229
215
|
|
230
216
|
Item.high_risks.all.each do |item|
|
@@ -238,25 +224,55 @@ module Risu
|
|
238
224
|
|
239
225
|
host_percent = (hosts_with_high.count.to_f / Host.all.count.to_f) * 100
|
240
226
|
|
227
|
+
adjective = case host_percent
|
228
|
+
when 0..5
|
229
|
+
"excellent"
|
230
|
+
#when 6..10
|
231
|
+
# "great"
|
232
|
+
when 6..10
|
233
|
+
"very good"
|
234
|
+
when 15..25
|
235
|
+
"good"
|
236
|
+
when 25..35
|
237
|
+
"fair"
|
238
|
+
else
|
239
|
+
"poor"
|
240
|
+
end
|
241
|
+
|
241
242
|
percent_text = case host_percent
|
242
243
|
when 0..5
|
243
244
|
"This implies that only a handful of computers are missing patches, and the current patch management is working well."
|
244
|
-
when 6..
|
245
|
+
when 6..9
|
245
246
|
"This implies that there is a minor patch management issue. If there is a patch management system, it should be checked for problems. " +
|
247
|
+
"Each host should also be inspected to be certain it can receive patches."
|
248
|
+
when 10..15
|
249
|
+
"This implies that there is a substantial patch management issue. If there is a patch management system, it should be checked for problems. " +
|
250
|
+
"Each host should also be inspected to be certain it can receive patches."
|
251
|
+
when 16..20
|
252
|
+
"This implies that there is a significant patch management issue. If there is a patch management system, it should be checked for problems. " +
|
246
253
|
"Each host should also be inspected to be certain it can receive patches."
|
247
254
|
else
|
248
|
-
"This implies that there is a
|
249
|
-
"be inspected for issues and they should be
|
255
|
+
"This implies that there is a major patch management problem on the network. Any patch management solutions should " +
|
256
|
+
"be inspected for issues and they should be corrected as soon as possible. Each host should also be inspected to be certain it can receive patches."
|
250
257
|
end
|
251
258
|
|
259
|
+
#graph_text = "This bar graph is a representation of the findings by severity; the " +
|
260
|
+
#"graph shows that, overall, #{Report.title} has a #{adjective} handle on the patch " +
|
261
|
+
#"management of the network. "
|
262
|
+
|
252
263
|
graph_text = "This bar graph is a representation of the findings by severity; the " +
|
253
|
-
"graph shows that,
|
254
|
-
|
264
|
+
"graph shows that, Overall #{Report.title} needs to implement patch management and configuration management as a priority."
|
265
|
+
|
266
|
+
#if adjective == "good" or adjective == "fair"
|
267
|
+
# graph_text << "But improvements in patch management could be made to ensure an excellent rating."
|
268
|
+
#end
|
269
|
+
|
270
|
+
graph_text << "\n\n"
|
255
271
|
|
256
272
|
graph_text << "The majority of the high findings were found on #{host_percent.round}% of the total assessed computers. #{percent_text}\n\n"
|
257
273
|
|
258
274
|
graph_text << "The systems with high vulnerabilities represent the largest threat to the network, " +
|
259
|
-
"so patching this group is paramount to the overall network security. It only takes one
|
275
|
+
"so patching this group is paramount to the overall network security. It only takes one vulnerability " +
|
260
276
|
"to create a security incident.\n\n"
|
261
277
|
|
262
278
|
graph_text << "It should be noted that low findings and open ports represent the discovery "
|
@@ -267,6 +283,65 @@ module Risu
|
|
267
283
|
|
268
284
|
return graph_text
|
269
285
|
end
|
286
|
+
|
287
|
+
#sqlite only @todo @fix
|
288
|
+
def top_10_sorted_raw
|
289
|
+
raw = Item.joins(:plugin).where(:severity => 3).order("cast(plugins.cvss_base_score as real)").count(:all, :group => :plugin_id)
|
290
|
+
data = Array.new
|
291
|
+
|
292
|
+
raw.each do |vuln|
|
293
|
+
row = Array.new
|
294
|
+
plugin_id = vuln[0]
|
295
|
+
count = vuln[1]
|
296
|
+
|
297
|
+
row.push(plugin_id)
|
298
|
+
row.push(count)
|
299
|
+
data.push(row)
|
300
|
+
end
|
301
|
+
|
302
|
+
data = data.sort do |a, b|
|
303
|
+
b[1] <=> a[1]
|
304
|
+
end
|
305
|
+
|
306
|
+
return data
|
307
|
+
end
|
308
|
+
|
309
|
+
def top_10_sorted
|
310
|
+
#raw = Item.where(:severity => 3).count(:all, :group => :plugin_id)
|
311
|
+
raw = Item.joins(:plugin).where(:severity => 3).order(:cvss_base_score).count(:all, :group => :plugin_id)
|
312
|
+
data = Array.new
|
313
|
+
|
314
|
+
raw.each do |vuln|
|
315
|
+
row = Array.new
|
316
|
+
plugin_id = vuln[0]
|
317
|
+
count = vuln[1]
|
318
|
+
|
319
|
+
name = Plugin.find_by_id(plugin_id).plugin_name
|
320
|
+
|
321
|
+
row.push(name)
|
322
|
+
row.push(count)
|
323
|
+
data.push(row)
|
324
|
+
end
|
325
|
+
|
326
|
+
data = data.sort do |a, b|
|
327
|
+
b[1] <=> a[1]
|
328
|
+
end
|
329
|
+
|
330
|
+
return data
|
331
|
+
end
|
332
|
+
|
333
|
+
def top_10_table(output)
|
334
|
+
headers = ["Description", "Count"]
|
335
|
+
header_widths = {0 => (output.bounds.width - 50), 1 => 50}
|
336
|
+
|
337
|
+
data = top_10_sorted
|
338
|
+
|
339
|
+
output.table([headers] + data[0..9], :header => true, :column_widths => header_widths, :width => output.bounds.width) do
|
340
|
+
row(0).style(:font_style => :bold, :background_color => 'cccccc')
|
341
|
+
cells.borders = [:top, :bottom, :left, :right]
|
342
|
+
end
|
343
|
+
end
|
344
|
+
|
270
345
|
end
|
271
346
|
end
|
272
347
|
end
|
data/lib/risu/models/report.rb
CHANGED
@@ -23,7 +23,7 @@ module Risu
|
|
23
23
|
# @todo comment this
|
24
24
|
#
|
25
25
|
def scanner_nessus_ratings_text
|
26
|
-
text = "The vulnerability scanner used by #{Report.company} rates the findings as follows: High, Medium, Low and Open Ports. High findings represents a security hole, initially this is the highest rating a risk can get. These generally represent vulnerabilities that can lead to full system compromise due to missing security patches. High findings should be
|
26
|
+
text = "The vulnerability scanner used by #{Report.company} rates the findings as follows: High, Medium, Low and Open Ports. High findings represents a security hole, initially this is the highest rating a risk can get. These generally represent vulnerabilities that can lead to full system compromise due to missing security patches. High findings should be remediated first as they generally leave the network wide open. Medium findings are considered a security warning; these are not as severe as high but should be evaluated on a risk-by-risk basis. These are typically configuration errors that can lead to information disclosures such as usernames, passwords, and configuration settings. Low findings are identified as security notes; these provide information the scanner discovered during the scanning process. The information includes items such as hostname, domain name, and MAC address. Open Port findings represent the open ports on each system that the scanner found during the scan process. These should be evaluated against firewall settings to test the firewall configurations.\n\n"
|
27
27
|
text << "After the scanner is complete, the scanner evaluates each finding and bases it on the Common Vulnerability Scoring System (CVSS) score assigned to each finding. Any findings with a CVSS base score of 10 are upgraded to a Critical finding. These represent vulnerabilities that are trivial to gain administrator access to the system, with little to no effort. For more information on the CVSS scoring system please visit: http://nvd.nist.gov/cvss.cfm.\n\n"
|
28
28
|
|
29
29
|
return text
|