defense-mcp-server 0.9.2 → 0.9.3

package/build/tools/logging.js

@@ -19,7 +19,7 @@ import { logChange, createChangeEntry, backupFile } from "../core/changelog.js";
 import { sanitizeArgs, validateAuditdKey, validateTarget, validateToolPath, } from "../core/sanitizer.js";
 import { getDistroAdapter } from "../core/distro-adapter.js";
 import { existsSync } from "node:fs";
-import { spawnSafe } from "../core/spawn-safe.js";
+import { runCommand } from "../core/run-command.js";
 // ── TOOL-015 remediation: allowed directories for log file paths ────────────
 const ALLOWED_LOG_DIRS = ["/var/log", "/var/spool", "/tmp", "/var/lib", "/run/log"];
 // ── SIEM constants ──────────────────────────────────────────────────────────
@@ -34,49 +34,7 @@ const LOG_SOURCE_FILES = {
 };
 /** Hostname/IP validation pattern */
 const SIEM_HOST_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9._-]{0,253}[a-zA-Z0-9]$/;
-async function runCommand(command, args, timeoutMs = 30_000) {
-    return new Promise((resolve) => {
-        let child;
-        try {
-            child = spawnSafe(command, args);
-        }
-        catch (err) {
-            const msg = err instanceof Error ? err.message : String(err);
-            resolve({ stdout: "", stderr: msg, exitCode: -1 });
-            return;
-        }
-        let stdout = "";
-        let stderr = "";
-        let resolved = false;
-        const timer = setTimeout(() => {
-            if (!resolved) {
-                resolved = true;
-                child.kill("SIGTERM");
-                resolve({ stdout, stderr: stderr + "\n[TIMEOUT]", exitCode: -1 });
-            }
-        }, timeoutMs);
-        child.stdout?.on("data", (data) => {
-            stdout += data.toString();
-        });
-        child.stderr?.on("data", (data) => {
-            stderr += data.toString();
-        });
-        child.on("close", (code) => {
-            if (!resolved) {
-                resolved = true;
-                clearTimeout(timer);
-                resolve({ stdout, stderr, exitCode: code ?? -1 });
-            }
-        });
-        child.on("error", (err) => {
-            if (!resolved) {
-                resolved = true;
-                clearTimeout(timer);
-                resolve({ stdout, stderr: err.message, exitCode: -1 });
-            }
-        });
-    });
-}
+// ── SIEM helpers ────────────────────────────────────────────────────────────
 /**
  * Validate a SIEM host string (hostname or IP address).
  * Returns true if the host looks reasonable.
@@ -757,7 +715,7 @@ export function registerLoggingTools(server) {
                     const result = await executeCommand({ command: "sudo", args, toolName: "log_management", timeout: getToolTimeout("auditd") });
                     if (result.exitCode !== 0)
                         return { content: [createErrorContent(`aureport failed (exit ${result.exitCode}): ${result.stderr}`)], isError: true };
-                    return { content: [createTextContent(`Audit Report (${report_type}):\n${"=".repeat(50)}\n${result.stdout}`)] };
+                    return { content: [createTextContent(`Audit Report (${report_type}):\n${result.stdout}`)] };
                 }
                 catch (err) {
                     return { content: [createErrorContent(err instanceof Error ? err.message : String(err))], isError: true };
@@ -809,7 +767,7 @@ export function registerLoggingTools(server) {
                         return { description: r.description, rule: r.rule, present: found };
                     });
                     const present = results.filter(r => r.present).length;
-                    return { content: [createTextContent(JSON.stringify({ summary: { totalRequired: CIS_RULES.length, present, missing: CIS_RULES.length - present, compliancePercent: Math.round((present / CIS_RULES.length) * 100) }, results }, null, 2))] };
+                    return { content: [createTextContent(JSON.stringify({ summary: { totalRequired: CIS_RULES.length, present, missing: CIS_RULES.length - present, compliancePercent: Math.round((present / CIS_RULES.length) * 100) }, results }))] };
                 }
                 catch (error) {
                     return { content: [createErrorContent(error instanceof Error ? error.message : String(error))], isError: true };
@@ -930,7 +888,7 @@ export function registerLoggingTools(server) {
                 try {
                     const statusResult = await executeCommand({ command: "sudo", args: ["fail2ban-client", "status"], timeout: 10000, toolName: "log_management" });
                     if (statusResult.exitCode !== 0) {
-                        return { content: [createTextContent(JSON.stringify({ installed: false, recommendation: "Install fail2ban: sudo apt install fail2ban && sudo systemctl enable fail2ban" }, null, 2))] };
+                        return { content: [createTextContent(JSON.stringify({ installed: false, recommendation: "Install fail2ban: sudo apt install fail2ban && sudo systemctl enable fail2ban" }))] };
                     }
                     const jailLine = statusResult.stdout.match(/Jail list:\s*(.*)/);
                     const jails = jailLine ? jailLine[1].split(",").map(j => j.trim()).filter(Boolean) : [];
@@ -948,7 +906,7 @@ export function registerLoggingTools(server) {
                     }
                     const recommendedJails = ["sshd", "apache-auth", "nginx-http-auth", "postfix"];
                     const missingJails = recommendedJails.filter(j => !jails.includes(j));
-                    return { content: [createTextContent(JSON.stringify({ installed: true, activeJails: jails.length, jails, missingRecommended: missingJails, findings, summary: { pass: findings.filter(f => f.status === "PASS").length, warn: findings.filter(f => f.status === "WARN").length } }, null, 2))] };
+                    return { content: [createTextContent(JSON.stringify({ installed: true, activeJails: jails.length, jails, missingRecommended: missingJails, findings, summary: { pass: findings.filter(f => f.status === "PASS").length, warn: findings.filter(f => f.status === "WARN").length } }))] };
                 }
                 catch (error) {
                     return { content: [createErrorContent(error instanceof Error ? error.message : String(error))], isError: true };
@@ -1021,7 +979,7 @@ export function registerLoggingTools(server) {
                     const logPerms = await executeCommand({ command: "stat", args: ["-c", "%a %U:%G", "/var/log"], timeout: 5000, toolName: "log_management" });
                     findings.push({ check: "var_log_permissions", status: logPerms.stdout.trim().startsWith("755") || logPerms.stdout.trim().startsWith("750") ? "PASS" : "WARN", value: logPerms.stdout.trim(), description: "/var/log directory permissions" });
                     const passCount = findings.filter(f => f.status === "PASS").length;
-                    return { content: [createTextContent(JSON.stringify({ summary: { total: findings.length, pass: passCount, fail: findings.filter(f => f.status === "FAIL").length, warn: findings.filter(f => f.status === "WARN").length }, findings }, null, 2))] };
+                    return { content: [createTextContent(JSON.stringify({ summary: { total: findings.length, pass: passCount, fail: findings.filter(f => f.status === "FAIL").length, warn: findings.filter(f => f.status === "WARN").length }, findings }))] };
                 }
                 catch (error) {
                     return { content: [createErrorContent(error instanceof Error ? error.message : String(error))], isError: true };
@@ -1193,7 +1151,7 @@ export function registerLoggingTools(server) {
                     }
                     else {
                         text += `Version: ${filebeat.version}\n`;
-                        text += `Service Running: ${filebeat.serviceRunning ? "yes ✓" : "no ⚠"}\n`;
+                        text += `Service Running: ${filebeat.serviceRunning ? "yes OK" : "no WARNING"}\n`;
                         text += `Config Path: ${filebeat.configPath}\n`;
                         if (filebeat.enabledModules.length > 0) {
                             text += `\nEnabled Modules (${filebeat.enabledModules.length}):\n`;
@@ -1252,7 +1210,7 @@ export function registerLoggingTools(server) {
                     }
                     let text = "SIEM Integration — Log Forwarding Audit\n\n";
                     text += `CIS Reference: ${audit.cisBenchmark}\n`;
-                    text += `CIS Compliant: ${audit.cisCompliant ? "YES ✓" : "NO ⚠"}\n\n`;
+                    text += `CIS Compliant: ${audit.cisCompliant ? "YES OK" : "NO WARNING"}\n\n`;
                     text += `Rsyslog Forwarding: ${audit.rsyslogForwarding ? "configured" : "not configured"}\n`;
                     text += `Filebeat Running: ${audit.filebeatRunning ? "yes" : "no"}\n`;
                     if (audit.rsyslogRules.length > 0) {
@@ -1263,13 +1221,13 @@ export function registerLoggingTools(server) {
                     }
                     text += `\nCritical Log Source Coverage:\n`;
                     for (const source of audit.criticalSourcesCovered) {
-                        text += `  • ${source.source} (${source.path}): ${source.forwarded ? "forwarded ✓" : "NOT forwarded ⚠"}\n`;
+                        text += `  • ${source.source} (${source.path}): ${source.forwarded ? "forwarded OK" : "NOT forwarded WARNING"}\n`;
                     }
                     if (audit.missingSourcesCount > 0) {
-                        text += `\n⚠ Missing Sources: ${audit.missingSourcesCount}\n`;
+                        text += `\nWARNING: Missing Sources: ${audit.missingSourcesCount}\n`;
                     }
                     if (audit.logRotationInterferes) {
-                        text += "\n⚠ Log rotation may interfere with forwarding\n";
+                        text += "\nWARNING: Log rotation may interfere with forwarding\n";
                     }
                     if (audit.recommendations.length > 0) {
                         text += "\nRecommendations:\n";
@@ -1317,13 +1275,13 @@ export function registerLoggingTools(server) {
                     }
                     let text = "SIEM Integration — Connectivity Test\n\n";
                     text += `Target: ${connectivity.siemHost}:${connectivity.siemPort} (${connectivity.protocol})\n\n`;
-                    text += `DNS Resolution: ${connectivity.dnsResolution ? "✓ " : "✗ "}${connectivity.dnsResult}\n`;
-                    text += `TCP Connectivity: ${connectivity.tcpConnectivity ? "✓ " : "✗ "}${connectivity.tcpMessage}\n`;
+                    text += `DNS Resolution: ${connectivity.dnsResolution ? "OK " : "FAIL "}${connectivity.dnsResult}\n`;
+                    text += `TCP Connectivity: ${connectivity.tcpConnectivity ? "OK " : "FAIL "}${connectivity.tcpMessage}\n`;
                     if (connectivity.protocol === "tls") {
-                        text += `TLS Verification: ${connectivity.tlsVerification ? "✓ " : "✗ "}${connectivity.tlsMessage}\n`;
+                        text += `TLS Verification: ${connectivity.tlsVerification ? "OK " : "FAIL "}${connectivity.tlsMessage}\n`;
                     }
-                    text += `Firewall: ${connectivity.firewallBlocked ? "⚠ BLOCKED" : connectivity.firewallStatus}\n`;
-                    text += `Test Message: ${connectivity.testMessageSent ? "✓ " : "✗ "}${connectivity.testMessageResult}\n`;
+                    text += `Firewall: ${connectivity.firewallBlocked ? "WARNING: BLOCKED" : connectivity.firewallStatus}\n`;
+                    text += `Test Message: ${connectivity.testMessageSent ? "OK " : "FAIL "}${connectivity.testMessageResult}\n`;
                     if (connectivity.recommendations.length > 0) {
                         text += "\nRecommendations:\n";
                         for (const rec of connectivity.recommendations) {

package/build/tools/malware.js

@@ -370,12 +370,12 @@ export function registerMalwareTools(server) {
                         const matchResult = await executeCommand({ command: "grep", args: ["-c", "-E", grepPattern, file], timeout: 5000, toolName: "malware" });
                         details.push({ file, stat: statResult.stdout.trim(), patternMatches: parseInt(matchResult.stdout.trim()) || 0 });
                     }
-                    return { content: [createTextContent(JSON.stringify({ scanPath, totalSuspicious: suspiciousFiles.length, details, note: suspiciousFiles.length > 0 ? "Review these files manually — pattern matches may include legitimate code" : "No webshell patterns detected" }, null, 2))] };
+                    return { content: [createTextContent(JSON.stringify({ scanPath, totalSuspicious: suspiciousFiles.length, details, note: suspiciousFiles.length > 0 ? "Review these files manually — pattern matches may include legitimate code" : "No webshell patterns detected" }))] };
                 }
                 catch (error) {
                     const errMsg = error instanceof Error ? error.message : String(error);
                     if (errMsg.includes("exit code 1")) {
-                        return { content: [createTextContent(JSON.stringify({ scanPath: params.path, totalSuspicious: 0, note: "No webshell patterns detected" }, null, 2))] };
+                        return { content: [createTextContent(JSON.stringify({ scanPath: params.path, totalSuspicious: 0, note: "No webshell patterns detected" }))] };
                     }
                     return { content: [createErrorContent(errMsg)], isError: true };
                 }

package/build/tools/meta.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"meta.d.ts","sourceRoot":"","sources":["../../src/tools/meta.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAi6BpE,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAu8CzD"}
+{"version":3,"file":"meta.d.ts","sourceRoot":"","sources":["../../src/tools/meta.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA2zBpE,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAs8CzD"}