arubdesu · May 16, 2016 15:28
diff --git a/front.html b/front.html

    <div class="panel panel-default panel-traffic-light">
        <div class="panel-heading">
            {{ title }}
        </div>
        <!-- /.panel-heading -->
        <div class="panel-body">
          <a href="{% url 'machine_list_front' plugin 'gatekeep' %}" class="btn btn-danger">
 			<span class="bigger"> {{ gatekeep }} </span><br />
 			{{ gatekeep_label }}
          </a>

          <a href="{% url 'machine_list_front' plugin 'filevault' %}" class="btn btn-danger">
 			<span class="bigger"> {{ filevault }} </span><br />
 			{{ filevault_label }}
          </a>

          <a href="{% url 'machine_list_front' plugin 'firmware' %}" class="btn btn-danger">
 			<span class="bigger"> {{ firmware }} </span><br />
 			{{ firmware_label }}
          </a>
        </div>
      </div>
diff --git a/generic_security.py b/generic_security.py
 from yapsy.IPlugin import IPlugin
 from django.template import loader, Context
 from server.models import *
 from catalog.models import *

 class GenericSecurity(IPlugin):
    def plugin_type(self):
        return 'builtin'

    def widget_width(self):
        return 4

    def get_description(self):
        return 'Security Defaults'

    def widget_content(self, page, machines=None, theid=None):

        if page == 'front':
            t = loader.get_template('genericSecurity/templates/front.html')

        if page == 'bu_dashboard':
            t = loader.get_template('genericSecurity/templates/id.html')

        if page == 'group_dashboard':
            t = loader.get_template('genericSecurity/templates/id.html')

        try:
            gatekeep = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='gatekeep', pluginscriptsubmission__pluginscriptrow__pluginscript_data=False).count()
        except:
            gatekeep = 0

        try:
            filevault = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='filevault', pluginscriptsubmission__pluginscriptrow__pluginscript_data=False).count()
        except:
            filevault = 0

        try:
            firmware = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='firmware',  pluginscriptsubmission__pluginscriptrow__pluginscript_data=False).count()
        except:
            firmware = 0

        c = Context({
            'title': 'Security Defaults',
            'gatekeep_label': 'Gatekeeper',
            'gatekeep_count': gatekeep,
            'filevault_label': 'Filevault',
            'filevault_count': filevault,
            'firmware_label': 'Firmware',
            'firmware_count': firmware,
            'plugin': 'GenericSecurity',
            'theid': theid,
            'page': page
        })
        return t.render(c)

    def filter_machines(self, machines, data):
        if data == 'gatekeep':
            machines = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='gatekeep', pluginscriptsubmission__pluginscriptrow__pluginscript_data=False)
            title = 'Machines without gatekeeper enabled'

        elif data == 'filevault':
            machines = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='filevault', pluginscriptsubmission__pluginscriptrow__pluginscript_data=False)
            title = 'Machines without FileVault2 enabled'

        elif data == 'firmware':
            machines = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='firmware',  pluginscriptsubmission__pluginscriptrow__pluginscript_data=False)
            title = 'Machines without a firmware password set'

        else:
            machines = None

        return machines, title
diff --git a/generic_security.yapsy-plugin b/generic_security.yapsy-plugin
 [Core]
 Name = GenericSecurity
 Module = generic_security

 [Documentation]
 Author = Allister Banks
 Version = 0.1
 Website = http://aru-b.com
 Description = Buttons of should-always-be-enabled security controls
diff --git a/generic_security_script.py b/generic_security_script.py
 #!/usr/bin/python

 import os
 import subprocess
 import sys
 sys.path.append('/usr/local/munki')
 from munkilib import FoundationPlist
 from munkilib import munkicommon

 def main():
    """gimme some main"""
    manual_checkskip()
    plist_path = '/usr/local/sal/plugin_results.plist'
    results_plist = prep_results(plist_path)
    gatekeep = get_gatekeep()
    filevault = get_filevault()
    firmwarepass = get_firmwarepass()

    result = {}
    result['plugin'] = 'genericSecurity'
    result['historical'] = True
    data = {'Gatekeeper Enabled:': gatekeep,
            'FileVault2 Enabled:': filevault,
            'FirmwarePassword Enabled:': firmwarepass
            }
    result['data'] = data
    results_plist.append(result)
    FoundationPlist.writePlist(results_plist, plist_path)


 def manual_checkskip():
    """Skips plugin if running a manual munki checkin"""
    if len(sys.argv) > 1:
        if sys.argv[1] == 'manualcheck':
            munkicommon.display_debug2("Manual check: skipping genericSecurity Plugin")
            exit(0)


 def prep_results(plist_path):
    """Looks for previous plugin results to append to, otherwise returns empty list"""
    if os.path.exists(plist_path):
        return FoundationPlist.readPlist(plist_path)
    else:
        return []


 def get_gatekeep():
    gatekeep = subprocess.check_output(['spctl', '--status'])
    if gatekeep == 'assessments enabled':
        return True
    else:
        return False


 def get_filevault():
    filevault = subprocess.check_output(['fdesetup', 'status'])
    if filevault == 'FileVault is On.':
        return True
    else:
        return False

 def get_firmwarepass():
    firmwarepasswd = subprocess.check_output(['firmwarepasswd', '-check'])
    if firmwarepasswd == 'Password Enabled: Yes':
        return True
    else:
        return False


 if __name__ == '__main__':
    main()
diff --git a/id.html b/id.html

    <div class="panel panel-default">
        <div class="panel-heading">
            {{ title }}
        </div>
        <!-- /.panel-heading -->
        <div class="panel-body">
          <a href="{% url 'machine_list_front' plugin 'gatekeep' %}" class="btn btn-danger">
 			<span class="bigger"> {{ gatekeep }} </span><br />
 			{{ gatekeep_label }}
          </a>

          <a href="{% url 'machine_list_front' plugin 'filevault' %}" class="btn btn-danger">
 			<span class="bigger"> {{ filevault }} </span><br />
 			{{ filevault_label }}
          </a>

          <a href="{% url 'machine_list_front' plugin 'firmware' %}" class="btn btn-danger">
 			<span class="bigger"> {{ firmware }} </span><br />
 			{{ firmware_label }}
          </a>
        </div>
      </div>

	<div class="panel panel-default panel-traffic-light">
	<div class="panel-heading">
	{{ title }}
	</div>
	<!-- /.panel-heading -->
	<div class="panel-body">
	<a href="{% url 'machine_list_front' plugin 'gatekeep' %}" class="btn btn-danger">
	<span class="bigger"> {{ gatekeep }} </span><br />
	{{ gatekeep_label }}
	</a>

	<a href="{% url 'machine_list_front' plugin 'filevault' %}" class="btn btn-danger">
	<span class="bigger"> {{ filevault }} </span><br />
	{{ filevault_label }}
	</a>

	<a href="{% url 'machine_list_front' plugin 'firmware' %}" class="btn btn-danger">
	<span class="bigger"> {{ firmware }} </span><br />
	{{ firmware_label }}
	</a>
	</div>
	</div>
	from yapsy.IPlugin import IPlugin
	from django.template import loader, Context
	from server.models import *
	from catalog.models import *

	class GenericSecurity(IPlugin):
	def plugin_type(self):
	return 'builtin'

	def widget_width(self):
	return 4

	def get_description(self):
	return 'Security Defaults'

	def widget_content(self, page, machines=None, theid=None):

	if page == 'front':
	t = loader.get_template('genericSecurity/templates/front.html')

	if page == 'bu_dashboard':
	t = loader.get_template('genericSecurity/templates/id.html')

	if page == 'group_dashboard':
	t = loader.get_template('genericSecurity/templates/id.html')

	try:
	gatekeep = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='gatekeep', pluginscriptsubmission__pluginscriptrow__pluginscript_data=False).count()
	except:
	gatekeep = 0

	try:
	filevault = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='filevault', pluginscriptsubmission__pluginscriptrow__pluginscript_data=False).count()
	except:
	filevault = 0

	try:
	firmware = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='firmware', pluginscriptsubmission__pluginscriptrow__pluginscript_data=False).count()
	except:
	firmware = 0

	c = Context({
	'title': 'Security Defaults',
	'gatekeep_label': 'Gatekeeper',
	'gatekeep_count': gatekeep,
	'filevault_label': 'Filevault',
	'filevault_count': filevault,
	'firmware_label': 'Firmware',
	'firmware_count': firmware,
	'plugin': 'GenericSecurity',
	'theid': theid,
	'page': page
	})
	return t.render(c)

	def filter_machines(self, machines, data):
	if data == 'gatekeep':
	machines = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='gatekeep', pluginscriptsubmission__pluginscriptrow__pluginscript_data=False)
	title = 'Machines without gatekeeper enabled'

	elif data == 'filevault':
	machines = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='filevault', pluginscriptsubmission__pluginscriptrow__pluginscript_data=False)
	title = 'Machines without FileVault2 enabled'

	elif data == 'firmware':
	machines = machines.filter(pluginscriptsubmission__plugin='genericSecurity', pluginscriptsubmission__pluginscriptrow__pluginscript_name='firmware', pluginscriptsubmission__pluginscriptrow__pluginscript_data=False)
	title = 'Machines without a firmware password set'

	else:
	machines = None

	return machines, title
	[Core]
	Name = GenericSecurity
	Module = generic_security

	[Documentation]
	Author = Allister Banks
	Version = 0.1
	Website = http://aru-b.com
	Description = Buttons of should-always-be-enabled security controls
	#!/usr/bin/python

	import os
	import subprocess
	import sys
	sys.path.append('/usr/local/munki')
	from munkilib import FoundationPlist
	from munkilib import munkicommon

	def main():
	"""gimme some main"""
	manual_checkskip()
	plist_path = '/usr/local/sal/plugin_results.plist'
	results_plist = prep_results(plist_path)
	gatekeep = get_gatekeep()
	filevault = get_filevault()
	firmwarepass = get_firmwarepass()

	result = {}
	result['plugin'] = 'genericSecurity'
	result['historical'] = True
	data = {'Gatekeeper Enabled:': gatekeep,
	'FileVault2 Enabled:': filevault,
	'FirmwarePassword Enabled:': firmwarepass
	}
	result['data'] = data
	results_plist.append(result)
	FoundationPlist.writePlist(results_plist, plist_path)


	def manual_checkskip():
	"""Skips plugin if running a manual munki checkin"""
	if len(sys.argv) > 1:
	if sys.argv[1] == 'manualcheck':
	munkicommon.display_debug2("Manual check: skipping genericSecurity Plugin")
	exit(0)


	def prep_results(plist_path):
	"""Looks for previous plugin results to append to, otherwise returns empty list"""
	if os.path.exists(plist_path):
	return FoundationPlist.readPlist(plist_path)
	else:
	return []


	def get_gatekeep():
	gatekeep = subprocess.check_output(['spctl', '--status'])
	if gatekeep == 'assessments enabled':
	return True
	else:
	return False


	def get_filevault():
	filevault = subprocess.check_output(['fdesetup', 'status'])
	if filevault == 'FileVault is On.':
	return True
	else:
	return False

	def get_firmwarepass():
	firmwarepasswd = subprocess.check_output(['firmwarepasswd', '-check'])
	if firmwarepasswd == 'Password Enabled: Yes':
	return True
	else:
	return False


	if __name__ == '__main__':
	main()

	<div class="panel panel-default">
	<div class="panel-heading">
	{{ title }}
	</div>
	<!-- /.panel-heading -->
	<div class="panel-body">
	<a href="{% url 'machine_list_front' plugin 'gatekeep' %}" class="btn btn-danger">
	<span class="bigger"> {{ gatekeep }} </span><br />
	{{ gatekeep_label }}
	</a>

	<a href="{% url 'machine_list_front' plugin 'filevault' %}" class="btn btn-danger">
	<span class="bigger"> {{ filevault }} </span><br />
	{{ filevault_label }}
	</a>

	<a href="{% url 'machine_list_front' plugin 'firmware' %}" class="btn btn-danger">
	<span class="bigger"> {{ firmware }} </span><br />
	{{ firmware_label }}
	</a>
	</div>
	</div>