Exemple #1
0
 function InstallDB($arParams = array())
 {
     global $DB, $DBType, $APPLICATION;
     $this->errors = false;
     // Database tables creation
     if (!$DB->Query("SELECT 'x' FROM b_sec_iprule WHERE 1=0", true)) {
         $this->errors = $DB->RunSQLBatch($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/security/install/db/" . strtolower($DB->type) . "/install.sql");
     }
     if ($this->errors !== false) {
         $APPLICATION->ThrowException(implode("<br>", $this->errors));
         return false;
     } else {
         $this->InstallTasks();
         RegisterModule("security");
         RegisterModuleDependences("main", "OnUserDelete", "security", "CSecurityUser", "OnUserDelete");
         RegisterModuleDependences("main", "OnEventLogGetAuditTypes", "security", "CSecurityFilter", "GetAuditTypes");
         RegisterModuleDependences("main", "OnEventLogGetAuditTypes", "security", "CSecurityAntiVirus", "GetAuditTypes");
         RegisterModuleDependences("main", "OnAdminInformerInsertItems", "security", "CSecurityFilter", "OnAdminInformerInsertItems");
         RegisterModuleDependences("main", "OnAdminInformerInsertItems", "security", "CSecuritySiteChecker", "OnAdminInformerInsertItems");
         CModule::IncludeModule("security");
         //agents
         CAgent::RemoveAgent("CSecuritySession::CleanUpAgent();", "security");
         CAgent::Add(array("NAME" => "CSecuritySession::CleanUpAgent();", "MODULE_ID" => "security", "ACTIVE" => "Y", "AGENT_INTERVAL" => 1800, "IS_PERIOD" => "N"));
         CAgent::RemoveAgent("CSecurityIPRule::CleanUpAgent();", "security");
         CAgent::Add(array("NAME" => "CSecurityIPRule::CleanUpAgent();", "MODULE_ID" => "security", "ACTIVE" => "Y", "AGENT_INTERVAL" => 3600, "IS_PERIOD" => "N"));
         if (!COption::GetOptionString("security", "ipcheck_disable_file")) {
             COption::SetOptionString("security", "ipcheck_disable_file", "/bitrix/modules/ipcheck_disable_" . md5(mt_rand()));
         }
         CAgent::RemoveAgent("CSecurityFilter::ClearTmpFiles();", "security");
         CSecurityFilter::SetActive(true);
         CSecurityRedirect::SetActive(true);
         return true;
     }
 }
 protected function checkSecurityLevel()
 {
     $isFailed = false;
     if (!CSecurityFilter::IsActive()) {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_WAF_OFF", CSecurityCriticalLevel::HIGHT);
         $isFailed = true;
     }
     if (!CSecurityRedirect::IsActive()) {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_REDIRECT_OFF", CSecurityCriticalLevel::MIDDLE);
         $isFailed = true;
     }
     if (self::AdminPolicyLevel() != "high") {
         $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_ADMIN_SECURITY_LEVEL", CSecurityCriticalLevel::HIGHT);
         $isFailed = true;
     }
     if ($isFailed) {
         return self::STATUS_FAILED;
     } else {
         return self::STATUS_PASSED;
     }
 }
Exemple #3
0
	public static function SetActive($bActive = false)
	{
		if($bActive)
		{
			if(!CSecurityRedirect::IsActive())
			{
				COption::SetOptionString("security", "redirect_sid", md5(mt_rand()));
				RegisterModuleDependences("main", "OnBeforeLocalRedirect", "security", "CSecurityRedirect", "BeforeLocalRedirect", "1");
				RegisterModuleDependences("main", "OnEndBufferContent", "security", "CSecurityRedirect", "EndBufferContent", "1");
			}
		}
		else
		{
			if(CSecurityRedirect::IsActive())
			{
				UnRegisterModuleDependences("main", "OnBeforeLocalRedirect", "security", "CSecurityRedirect", "BeforeLocalRedirect");
				UnRegisterModuleDependences("main", "OnEndBufferContent", "security", "CSecurityRedirect", "EndBufferContent");
			}
		}
	}
    ?>
" id="redirect_message_warning_<?php 
    echo $ar["LID"];
    ?>
" cols=40 rows=5 <?php 
    if ($disabled) {
        echo "disabled";
    }
    ?>
				><?php 
    $mess = trim(COption::GetOptionString("security", "redirect_message_warning_" . $ar["LID"]));
    if (strlen($mess) <= 0) {
        $mess = trim(COption::GetOptionString("security", "redirect_message_warning"));
    }
    if (strlen($mess) <= 0) {
        $mess = trim(CSecurityRedirect::GetDefaultMessage($ar["LID"]));
    }
    echo htmlspecialcharsbx($mess);
    $arLangs[] = $ar["LID"];
    ?>
</textarea></td>
			</tr>
		<?php 
}
?>
		<tr>
			<td>
				<script>
					var arLangs = <?php 
echo CUtil::PHPToJSObject($arLangs);
?>
$bSecurityFrame = CSecurityFrame::IsActive();
$data['high']['ITEMS'][] = array("IS_OK" => $bSecurityFrame, "KPI_NAME" => GetMessage("SEC_PANEL_FRAME_NAME"), "KPI_VALUE" => $bSecurityFrame ? GetMessage("SEC_PANEL_FRAME_VALUE_ON") : GetMessage("SEC_PANEL_FRAME_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityFrame ? '&nbsp;' : ($USER->CanDoOperation('security_frame_settings_write') ? '<a href="security_frame.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_FRAME_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FRAME_RECOMMENDATION")));
$rsIPRule = CSecurityIPRule::GetList(array(), array("=RULE_TYPE" => "A", "=ADMIN_SECTION" => "Y", "=SITE_ID" => false, "=SORT" => 10, "=ACTIVE_FROM" => false, "=ACTIVE_TO" => false), array("ID" => "ASC"));
$arIPRule = $rsIPRule->Fetch();
if ($arIPRule) {
    $bIPProtection = $arIPRule["ACTIVE"] == "Y";
} else {
    $bIPProtection = false;
}
$msgStopListDisabled = CSecurityIPRule::CheckAntiFile(true);
$data['high']['ITEMS'][] = array("IS_OK" => $bIPProtection && $msgStopListDisabled === false, "KPI_NAME" => GetMessage("SEC_PANEL_IPBLOCK_NAME"), "KPI_VALUE" => $bIPProtection && $msgStopListDisabled === false ? GetMessage("SEC_PANEL_IPBLOCK_VALUE_ON") : GetMessage("SEC_PANEL_IPBLOCK_VALUE_OFF"), "KPI_RECOMMENDATION" => $bIPProtection ? $msgStopListDisabled === false ? '&nbsp;' : $msgStopListDisabled->Show() : ($USER->CanDoOperation('security_iprule_admin_settings_write') ? '<a href="security_iprule_admin.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION")));
$bSessionsDB = COption::GetOptionString("security", "session") == "Y";
$data['high']['ITEMS'][] = array("IS_OK" => $bSessionsDB, "KPI_NAME" => GetMessage("SEC_PANEL_SESSDB_NAME"), "KPI_VALUE" => $bSessionsDB ? GetMessage("SEC_PANEL_SESSDB_VALUE_ON") : GetMessage("SEC_PANEL_SESSDB_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionsDB ? '&nbsp;' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&amp;tabControl_active_tab=savedb">' . GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION")));
$bSessionTTL = COption::GetOptionString("main", "use_session_id_ttl", "N") == "Y" && COption::GetOptionInt("main", "session_id_ttl", 0) > 0;
$data['high']['ITEMS'][] = array("IS_OK" => $bSessionTTL, "KPI_NAME" => GetMessage("SEC_PANEL_SESSID_NAME"), "KPI_VALUE" => $bSessionTTL ? GetMessage("SEC_PANEL_SESSID_VALUE_ON") : GetMessage("SEC_PANEL_SESSID_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionTTL ? '&nbsp;' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&amp;tabControl_active_tab=sessid">' . GetMessage("SEC_PANEL_SESSID_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSID_RECOMMENDATION")));
$bRedirect = CSecurityRedirect::IsActive();
$data['high']['ITEMS'][] = array("IS_OK" => $bRedirect, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIFISHING_NAME"), "KPI_VALUE" => $bRedirect ? GetMessage("SEC_PANEL_ANTIFISHING_VALUE_ON") : GetMessage("SEC_PANEL_ANTIFISHING_VALUE_OFF"), "KPI_RECOMMENDATION" => $bRedirect ? '&nbsp;' : ($USER->CanDoOperation('security_redirect_settings_write') ? '<a href="security_redirect.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION")));
$bOTP = CSecurityUser::isActive();
$data['very_high']['ITEMS'][] = array("IS_OK" => $bOTP, "KPI_NAME" => GetMessage("SEC_PANEL_OTP_NAME"), "KPI_VALUE" => $bOTP ? GetMessage("SEC_PANEL_OTP_VALUE_ON") : GetMessage("SEC_PANEL_OTP_VALUE_OFF"), "KPI_RECOMMENDATION" => $bOTP ? '&nbsp;' : ($USER->CanDoOperation('security_otp_settings_write') ? '<a href="security_otp.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_OTP_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_OTP_RECOMMENDATION")));
$timeFC = COption::GetOptionInt("security", "last_files_check", -1);
$data['very_high']['ITEMS'][] = array("IS_OK" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600, "KPI_NAME" => GetMessage("SEC_PANEL_FILES_NAME"), "KPI_VALUE" => $timeFC < 0 ? GetMessage("SEC_PANEL_FILES_VALUE_NEVER") : (time() - $timeFC > 24 * 3600 ? GetMessage("SEC_PANEL_FILES_VALUE_LONGTIMEAGO") : GetMessage("SEC_PANEL_FILES_VALUE_ACTUAL")), "KPI_RECOMMENDATION" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600 ? '&nbsp;' : ($USER->CanDoOperation('security_file_verifier_verify') ? '<a href="security_file_verifier.php?lang=' . LANGUAGE_ID . '">' . GetMessage("SEC_PANEL_FILES_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILES_RECOMMENDATION")));
$bSecurityAV = CSecurityAntiVirus::IsActive();
$data['very_high']['ITEMS'][] = array("IS_OK" => $bSecurityAV, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIVIRUS_NAME"), "KPI_VALUE" => $bSecurityAV ? GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_ON") : GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityAV ? '&nbsp;' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION")));
$strSecurityAVAction = COption::GetOptionString("security", "antivirus_action");
$data['very_high']['ITEMS'][] = array("IS_OK" => $strSecurityAVAction !== "notify_only", "KPI_NAME" => GetMessage("SEC_PANEL_AV_ACTION_NAME"), "KPI_VALUE" => $strSecurityAVAction === "notify_only" ? GetMessage("SEC_PANEL_AV_ACTION_VALUE_NOTIFY") : GetMessage("SEC_PANEL_AV_ACTION_VALUE_ACT"), "KPI_RECOMMENDATION" => $strSecurityAVAction !== "notify_only" ? '&nbsp;' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&amp;return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&amp;tabControl_active_tab=params">' . GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION")));
$rsSecurityWhiteList = CSecurityAntiVirus::GetWhiteList();
if ($rsSecurityWhiteList->Fetch()) {
    $bSecurityWhiteList = true;
} else {
    $bSecurityWhiteList = false;
}