Added ZeroLogon overview section to the report

This commit is contained in:
VakarisZ 2021-02-25 14:28:16 +02:00
parent 6581a5ab0c
commit 8b7e0d0fa0
3 changed files with 50 additions and 11 deletions

View File

@ -65,6 +65,7 @@ class ReportService:
VSFTPD = 13 VSFTPD = 13
DRUPAL = 14 DRUPAL = 14
ZEROLOGON = 15 ZEROLOGON = 15
ZEROLOGON_CRED_RESTORE_FAILED = 16
class WARNINGS_DICT(Enum): class WARNINGS_DICT(Enum):
CROSS_SEGMENT = 0 CROSS_SEGMENT = 0
@ -714,6 +715,9 @@ class ReportService:
elif issue['type'] == 'drupal': elif issue['type'] == 'drupal':
issues_byte_array[ReportService.ISSUES_DICT.DRUPAL.value] = True issues_byte_array[ReportService.ISSUES_DICT.DRUPAL.value] = True
elif issue['type'] == 'zerologon': elif issue['type'] == 'zerologon':
# TODO fix to propperly set restoration flag
if issue['info']['zero_logon_restore_failed']:
issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON_CRED_RESTORE_FAILED.value] = True
issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON.value] = True issues_byte_array[ReportService.ISSUES_DICT.ZEROLOGON.value] = True
elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \ elif issue['type'].endswith('_password') and issue['password'] in config_passwords and \
issue['username'] in config_users or issue['type'] == 'ssh': issue['username'] in config_users or issue['type'] == 'ssh':

View File

@ -14,6 +14,7 @@ import ReportLoader from './common/ReportLoader';
import SecurityIssuesGlance from './common/SecurityIssuesGlance'; import SecurityIssuesGlance from './common/SecurityIssuesGlance';
import PrintReportButton from './common/PrintReportButton'; import PrintReportButton from './common/PrintReportButton';
import WarningIcon from '../ui-components/WarningIcon'; import WarningIcon from '../ui-components/WarningIcon';
import {Button} from 'react-bootstrap';
import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome';
import { faMinus } from '@fortawesome/free-solid-svg-icons/faMinus'; import { faMinus } from '@fortawesome/free-solid-svg-icons/faMinus';
@ -42,7 +43,8 @@ class ReportPageComponent extends AuthComponent {
MSSQL: 12, MSSQL: 12,
VSFTPD: 13, VSFTPD: 13,
DRUPAL: 14, DRUPAL: 14,
ZEROLOGON: 15 ZEROLOGON: 15,
ZEROLOGON_CRED_RESTORE_FAILED: 16
}; };
Warning = Warning =
@ -308,6 +310,7 @@ class ReportPageComponent extends AuthComponent {
<li>Machines are vulnerable to 'Zerologon' <li>Machines are vulnerable to 'Zerologon'
(<a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472"> (<a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472">
CVE-2020-1472</a>).</li> : null} CVE-2020-1472</a>).</li> : null}
{this.generateZeroLogonOverview()}
</ul> </ul>
</div> </div>
: :
@ -365,6 +368,29 @@ class ReportPageComponent extends AuthComponent {
); );
} }
generateZeroLogonOverview() {
let zeroLogonOverview = [];
// TODO finish this by linking to the documentation
if(this.state.report.overview.issues[this.Issue.ZEROLOGON_CRED_RESTORE_FAILED]) {
zeroLogonOverview.push(<span>
<WarningIcon/> Automatic password restoration on a domain controller failed!
<Button variant={"link"} href={"#"} className={'security-report-link'}>
Restore your domain controller's password manually.</Button>
</span>)
}
if(this.state.report.overview.issues[this.Issue.ZEROLOGON]) {
zeroLogonOverview.push(<>
Some domain controllers are vulnerable to ZeroLogon exploiter(
<a href="https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472">
CVE-2020-1472</a>)!
</>)
} else {
return none;
}
return (<li>{zeroLogonOverview}</li>)
}
generateReportRecommendationsSection() { generateReportRecommendationsSection() {
return ( return (
<div id="recommendations"> <div id="recommendations">

View File

@ -7,15 +7,15 @@
font-size: large; font-size: large;
} }
.report-nav > li > a{ .report-nav > li > a {
height: 50px !important; height: 50px !important;
} }
.report-nav .nav-item > a{ .report-nav .nav-item > a {
color: $black; color: $black;
} }
.report-nav .nav-item > a.active{ .report-nav .nav-item > a.active {
font-weight: bold; font-weight: bold;
color: $black; color: $black;
} }
@ -72,7 +72,7 @@ div.report-wrapper {
padding-bottom: 20px; padding-bottom: 20px;
} }
div.report-wrapper .nav-tabs > .nav-item > a:hover:not(.active), .nav-tabs > .nav-item > a:focus:not(.active){ div.report-wrapper .nav-tabs > .nav-item > a:hover:not(.active), .nav-tabs > .nav-item > a:focus:not(.active) {
text-decoration: none; text-decoration: none;
background-color: $light-gray; background-color: $light-gray;
} }
@ -82,6 +82,15 @@ ul.cross-segment-issues {
padding: 0px; padding: 0px;
margin: 0px; margin: 0px;
} }
span.cross-segment-service { span.cross-segment-service {
text-transform: uppercase; text-transform: uppercase;
} }
.report-page li a.btn,.security-report-link {
position: relative;
font-size: 1em;
padding: 0 5px;
line-height: 1em;
top: -3px;
}