root/modules/branches/2.6/weakpasswords/functions.inc.php

Revision 7525, 3.2 kB (checked in by p_lindheimer, 4 years ago)

Merged revisions 7417-7418,7420-7431,7433-7457,7460-7476,7478-7518,7520-7523 via svnmerge from
http://svn.freepbx.org/modules/branches/2.5

........

r7473 | ethans | 2009-03-10 12:55:44 -0700 (Tue, 10 Mar 2009) | 3 lines


New module: detects weak SIP secrets and sets security notifications

........

r7474 | ethans | 2009-03-10 14:29:05 -0700 (Tue, 10 Mar 2009) | 3 lines


Support for IAX trunks. Shows differentiation between trunks/extensions and trunk tech. Tabular display. Shortened notification messages with extended
details.

........

r7475 | ethans | 2009-03-10 14:46:56 -0700 (Tue, 10 Mar 2009) | 2 lines


verbiage

........

r7476 | mickecarlsson | 2009-03-10 23:53:00 -0700 (Tue, 10 Mar 2009) | 1 line


Localized module, added .pot file

........

r7480 | p_lindheimer | 2009-03-11 18:10:41 -0700 (Wed, 11 Mar 2009) | 1 line


fixes #3526 puts from-internal-custom before prarkedcalls context

........

r7481 | mickecarlsson | 2009-03-12 05:27:18 -0700 (Thu, 12 Mar 2009) | 1 line


More localization for weakpasswords

........

r7516 | p_lindheimer | 2009-03-12 17:04:29 -0700 (Thu, 12 Mar 2009) | 1 line


fixes #3350 don't include app-daynight in from-internal

........

r7517 | ethans | 2009-03-13 09:45:32 -0700 (Fri, 13 Mar 2009) | 3 lines


Merged individiual security notifications into one all encompassing security notification. This will hopefully alleviate interface slowdown when a large deployment has multiple weak
passwords.

........

r7518 | mickecarlsson | 2009-03-13 10:24:27 -0700 (Fri, 13 Mar 2009) | 1 line


Updated localization files for weakpasswords

........

Line 
1 <?php
2 /* $Id: */
3 //Copyright (C) 2009 Ethan Schreoder (ethan.schroeder@schmoozecom.com)
4 //
5 //This program is free software; you can redistribute it and/or
6 //modify it under the terms of version 2 of the GNU General Public
7 //License as published by the Free Software Foundation.
8 //
9 //This program is distributed in the hope that it will be useful,
10 //but WITHOUT ANY WARRANTY; without even the implied warranty of
11 //MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 //GNU General Public License for more details.
13
14 function weakpasswords_get_config($engine) {
15         switch($engine) {
16                 case "asterisk":
17             // Clear all weak password notifications
18             $nt = notifications::create($db);
19             $security_notifications = $nt->list_security();
20             foreach($security_notifications as $notification)  {
21                 if($notification['module'] == "weakpasswords")  {
22                     $nt->delete($notification['module'],$notification['id']);
23                 }
24             }
25             // Generate new notifications
26             $weak = weakpasswords_get_users();
27             if(sizeof($weak) > 0)  {
28                 $extended_text = _("Warning: The use of SIP/IAX passwords that are weak can allow hackers to make brute force registrations and possibly make calls through your PBX.  It is strongly recommended, you choose strong secrets.")."<br>";
29                 $count = 0;
30                 foreach($weak as $details)  {
31                     $extended_text .= sprintf(_("%s %s has a weak secret of %s: %s<br>"), $details['deviceortrunk'], $details['name'], $details['secret'], $details['message']);
32                     $count++;
33                 }
34                 $nt->add_security("weakpasswords", "all", $count." "._("extensions/trunks has weak secrets"),$extended_text);
35
36
37             }
38         break;
39     }
40 }
41
42 function weakpasswords_get_users()  {
43     global $db;
44
45     $sql = "SELECT 'SIP' as tech,s.id as id, s2.data as device,s.data as secret FROM sip s LEFT JOIN sip s2 ON s.id=s2.id AND s2.keyword='account' WHERE s.keyword='secret'";
46     $sipsecrets = sql($sql,"getAll",DB_FETCHMODE_ASSOC);
47     $sql = "SELECT 'IAX' as tech,s.id as id, s2.data as device,s.data as secret FROM iax s LEFT JOIN iax s2 ON s.id=s2.id AND s2.keyword='account' WHERE s.keyword='secret'";
48     $iaxsecrets = sql($sql,"getAll",DB_FETCHMODE_ASSOC);
49     $secrets = array_merge($sipsecrets,$iaxsecrets);
50     $weak = array();
51     foreach($secrets as $arr)  {
52         $name = $arr['device'];
53         $id = $arr['id'];
54         $secret = $arr['secret'];
55         $tech = $arr['tech'];
56
57         if($id == $name)  {
58             $deviceortrunk = _("Extension");
59         }
60         else  {
61             $deviceortrunk = sprintf(_("%s Trunk"), $tech);
62         }
63         $reversed = strrev($secret);
64         $match = "0123456789";
65         if(strpos($match,$secret) || strpos($match,$reversed))  {
66             $weak[] = array("deviceortrunk" => $deviceortrunk, "name" => $name, "message" => _("Secret has sequential digits"), "secret" => $secret);
67         }
68         else if($device == $secret)  {
69             $weak[] = array("deviceortrunk" => $deviceortrunk, "name" => $name, "message" => _("Secret same as device"), "secret" => $secret);
70         }
71         else if(preg_match("/(.)\\1{3,}/",$secret,$regs))  {
72             $weak[] = array("deviceortrunk" => $deviceortrunk, "name" => $name, "message" => _("Secret has consecutive digit ").$regs[1], "secret" => $secret);
73         }
74         else if(strlen($secret) < 6)  {
75             $weak[] = array("deviceortrunk" => $deviceortrunk, "name" => $name, "message" => _("Secret less than 6 digits"), "secret" => $secret);
76         }
77     }
78     return $weak;
79 }
80 ?>
81
Note: See TracBrowser for help on using the browser.