function InstallDB($arParams = array()) { global $DB, $DBType, $APPLICATION; $this->errors = false; // Database tables creation if (!$DB->Query("SELECT 'x' FROM b_sec_iprule WHERE 1=0", true)) { $this->errors = $DB->RunSQLBatch($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/security/install/db/" . strtolower($DB->type) . "/install.sql"); } if ($this->errors !== false) { $APPLICATION->ThrowException(implode("<br>", $this->errors)); return false; } else { $this->InstallTasks(); RegisterModule("security"); RegisterModuleDependences("main", "OnUserDelete", "security", "CSecurityUser", "OnUserDelete"); RegisterModuleDependences("main", "OnEventLogGetAuditTypes", "security", "CSecurityFilter", "GetAuditTypes"); RegisterModuleDependences("main", "OnEventLogGetAuditTypes", "security", "CSecurityAntiVirus", "GetAuditTypes"); RegisterModuleDependences("main", "OnAdminInformerInsertItems", "security", "CSecurityFilter", "OnAdminInformerInsertItems"); RegisterModuleDependences("main", "OnAdminInformerInsertItems", "security", "CSecuritySiteChecker", "OnAdminInformerInsertItems"); CModule::IncludeModule("security"); //agents CAgent::RemoveAgent("CSecuritySession::CleanUpAgent();", "security"); CAgent::Add(array("NAME" => "CSecuritySession::CleanUpAgent();", "MODULE_ID" => "security", "ACTIVE" => "Y", "AGENT_INTERVAL" => 1800, "IS_PERIOD" => "N")); CAgent::RemoveAgent("CSecurityIPRule::CleanUpAgent();", "security"); CAgent::Add(array("NAME" => "CSecurityIPRule::CleanUpAgent();", "MODULE_ID" => "security", "ACTIVE" => "Y", "AGENT_INTERVAL" => 3600, "IS_PERIOD" => "N")); if (!COption::GetOptionString("security", "ipcheck_disable_file")) { COption::SetOptionString("security", "ipcheck_disable_file", "/bitrix/modules/ipcheck_disable_" . md5(mt_rand())); } CAgent::RemoveAgent("CSecurityFilter::ClearTmpFiles();", "security"); CSecurityFilter::SetActive(true); CSecurityRedirect::SetActive(true); return true; } }
protected function checkSecurityLevel() { $isFailed = false; if (!CSecurityFilter::IsActive()) { $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_WAF_OFF", CSecurityCriticalLevel::HIGHT); $isFailed = true; } if (!CSecurityRedirect::IsActive()) { $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_REDIRECT_OFF", CSecurityCriticalLevel::MIDDLE); $isFailed = true; } if (self::AdminPolicyLevel() != "high") { $this->addUnformattedDetailError("SECURITY_SITE_CHECKER_ADMIN_SECURITY_LEVEL", CSecurityCriticalLevel::HIGHT); $isFailed = true; } if ($isFailed) { return self::STATUS_FAILED; } else { return self::STATUS_PASSED; } }
public static function SetActive($bActive = false) { if($bActive) { if(!CSecurityRedirect::IsActive()) { COption::SetOptionString("security", "redirect_sid", md5(mt_rand())); RegisterModuleDependences("main", "OnBeforeLocalRedirect", "security", "CSecurityRedirect", "BeforeLocalRedirect", "1"); RegisterModuleDependences("main", "OnEndBufferContent", "security", "CSecurityRedirect", "EndBufferContent", "1"); } } else { if(CSecurityRedirect::IsActive()) { UnRegisterModuleDependences("main", "OnBeforeLocalRedirect", "security", "CSecurityRedirect", "BeforeLocalRedirect"); UnRegisterModuleDependences("main", "OnEndBufferContent", "security", "CSecurityRedirect", "EndBufferContent"); } } }
?> " id="redirect_message_warning_<?php echo $ar["LID"]; ?> " cols=40 rows=5 <?php if ($disabled) { echo "disabled"; } ?> ><?php $mess = trim(COption::GetOptionString("security", "redirect_message_warning_" . $ar["LID"])); if (strlen($mess) <= 0) { $mess = trim(COption::GetOptionString("security", "redirect_message_warning")); } if (strlen($mess) <= 0) { $mess = trim(CSecurityRedirect::GetDefaultMessage($ar["LID"])); } echo htmlspecialcharsbx($mess); $arLangs[] = $ar["LID"]; ?> </textarea></td> </tr> <?php } ?> <tr> <td> <script> var arLangs = <?php echo CUtil::PHPToJSObject($arLangs); ?>
$bSecurityFrame = CSecurityFrame::IsActive(); $data['high']['ITEMS'][] = array("IS_OK" => $bSecurityFrame, "KPI_NAME" => GetMessage("SEC_PANEL_FRAME_NAME"), "KPI_VALUE" => $bSecurityFrame ? GetMessage("SEC_PANEL_FRAME_VALUE_ON") : GetMessage("SEC_PANEL_FRAME_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityFrame ? ' ' : ($USER->CanDoOperation('security_frame_settings_write') ? '<a href="security_frame.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_FRAME_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FRAME_RECOMMENDATION"))); $rsIPRule = CSecurityIPRule::GetList(array(), array("=RULE_TYPE" => "A", "=ADMIN_SECTION" => "Y", "=SITE_ID" => false, "=SORT" => 10, "=ACTIVE_FROM" => false, "=ACTIVE_TO" => false), array("ID" => "ASC")); $arIPRule = $rsIPRule->Fetch(); if ($arIPRule) { $bIPProtection = $arIPRule["ACTIVE"] == "Y"; } else { $bIPProtection = false; } $msgStopListDisabled = CSecurityIPRule::CheckAntiFile(true); $data['high']['ITEMS'][] = array("IS_OK" => $bIPProtection && $msgStopListDisabled === false, "KPI_NAME" => GetMessage("SEC_PANEL_IPBLOCK_NAME"), "KPI_VALUE" => $bIPProtection && $msgStopListDisabled === false ? GetMessage("SEC_PANEL_IPBLOCK_VALUE_ON") : GetMessage("SEC_PANEL_IPBLOCK_VALUE_OFF"), "KPI_RECOMMENDATION" => $bIPProtection ? $msgStopListDisabled === false ? ' ' : $msgStopListDisabled->Show() : ($USER->CanDoOperation('security_iprule_admin_settings_write') ? '<a href="security_iprule_admin.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_IPBLOCK_RECOMMENDATION"))); $bSessionsDB = COption::GetOptionString("security", "session") == "Y"; $data['high']['ITEMS'][] = array("IS_OK" => $bSessionsDB, "KPI_NAME" => GetMessage("SEC_PANEL_SESSDB_NAME"), "KPI_VALUE" => $bSessionsDB ? GetMessage("SEC_PANEL_SESSDB_VALUE_ON") : GetMessage("SEC_PANEL_SESSDB_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionsDB ? ' ' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=savedb">' . GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSDB_RECOMMENDATION"))); $bSessionTTL = COption::GetOptionString("main", "use_session_id_ttl", "N") == "Y" && COption::GetOptionInt("main", "session_id_ttl", 0) > 0; $data['high']['ITEMS'][] = array("IS_OK" => $bSessionTTL, "KPI_NAME" => GetMessage("SEC_PANEL_SESSID_NAME"), "KPI_VALUE" => $bSessionTTL ? GetMessage("SEC_PANEL_SESSID_VALUE_ON") : GetMessage("SEC_PANEL_SESSID_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSessionTTL ? ' ' : ($USER->CanDoOperation('security_session_settings_write') ? '<a href="security_session.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=sessid">' . GetMessage("SEC_PANEL_SESSID_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_SESSID_RECOMMENDATION"))); $bRedirect = CSecurityRedirect::IsActive(); $data['high']['ITEMS'][] = array("IS_OK" => $bRedirect, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIFISHING_NAME"), "KPI_VALUE" => $bRedirect ? GetMessage("SEC_PANEL_ANTIFISHING_VALUE_ON") : GetMessage("SEC_PANEL_ANTIFISHING_VALUE_OFF"), "KPI_RECOMMENDATION" => $bRedirect ? ' ' : ($USER->CanDoOperation('security_redirect_settings_write') ? '<a href="security_redirect.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIFISHING_RECOMMENDATION"))); $bOTP = CSecurityUser::isActive(); $data['very_high']['ITEMS'][] = array("IS_OK" => $bOTP, "KPI_NAME" => GetMessage("SEC_PANEL_OTP_NAME"), "KPI_VALUE" => $bOTP ? GetMessage("SEC_PANEL_OTP_VALUE_ON") : GetMessage("SEC_PANEL_OTP_VALUE_OFF"), "KPI_RECOMMENDATION" => $bOTP ? ' ' : ($USER->CanDoOperation('security_otp_settings_write') ? '<a href="security_otp.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_OTP_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_OTP_RECOMMENDATION"))); $timeFC = COption::GetOptionInt("security", "last_files_check", -1); $data['very_high']['ITEMS'][] = array("IS_OK" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600, "KPI_NAME" => GetMessage("SEC_PANEL_FILES_NAME"), "KPI_VALUE" => $timeFC < 0 ? GetMessage("SEC_PANEL_FILES_VALUE_NEVER") : (time() - $timeFC > 24 * 3600 ? GetMessage("SEC_PANEL_FILES_VALUE_LONGTIMEAGO") : GetMessage("SEC_PANEL_FILES_VALUE_ACTUAL")), "KPI_RECOMMENDATION" => $timeFC > 1 && time() - $timeFC < 7 * 24 * 3600 ? ' ' : ($USER->CanDoOperation('security_file_verifier_verify') ? '<a href="security_file_verifier.php?lang=' . LANGUAGE_ID . '">' . GetMessage("SEC_PANEL_FILES_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_FILES_RECOMMENDATION"))); $bSecurityAV = CSecurityAntiVirus::IsActive(); $data['very_high']['ITEMS'][] = array("IS_OK" => $bSecurityAV, "KPI_NAME" => GetMessage("SEC_PANEL_ANTIVIRUS_NAME"), "KPI_VALUE" => $bSecurityAV ? GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_ON") : GetMessage("SEC_PANEL_ANTIVIRUS_VALUE_OFF"), "KPI_RECOMMENDATION" => $bSecurityAV ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '">' . GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_ANTIVIRUS_RECOMMENDATION"))); $strSecurityAVAction = COption::GetOptionString("security", "antivirus_action"); $data['very_high']['ITEMS'][] = array("IS_OK" => $strSecurityAVAction !== "notify_only", "KPI_NAME" => GetMessage("SEC_PANEL_AV_ACTION_NAME"), "KPI_VALUE" => $strSecurityAVAction === "notify_only" ? GetMessage("SEC_PANEL_AV_ACTION_VALUE_NOTIFY") : GetMessage("SEC_PANEL_AV_ACTION_VALUE_ACT"), "KPI_RECOMMENDATION" => $strSecurityAVAction !== "notify_only" ? ' ' : ($USER->CanDoOperation('security_antivirus_settings_write') ? '<a href="security_antivirus.php?lang=' . LANGUAGE_ID . '&return_url=' . urlencode('security_panel.php?lang=' . LANGUAGE_ID) . '&tabControl_active_tab=params">' . GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION") . '</a>' : GetMessage("SEC_PANEL_AV_ACTION_RECOMMENDATION"))); $rsSecurityWhiteList = CSecurityAntiVirus::GetWhiteList(); if ($rsSecurityWhiteList->Fetch()) { $bSecurityWhiteList = true; } else { $bSecurityWhiteList = false; }