Merge branch 'main' into new-branch

config/sampleconfig.toml

@@ -55,4 +55,4 @@ client-alive-interval = 300
 client-alive-count-max = 2
 allow-users = ["user1", "user2"]
 allow-groups = ["group1", "group2"]
-x11-forwarding = false
+x11-forwarding = false

harden/physical_ports.py

@@ -1,7 +1,5 @@
 import subprocess
-import config_file
-
-config = config_file.read()["physical-ports"]
+from harden import config_file
 
 
 def _generate_policy():
@@ -10,21 +8,34 @@ def _generate_policy():
     ).decode("utf-8")
 
 
-def get_devices():
-    config_rules = config["device-rules"] 
-    devices = {device["id"]: device for device in config_rules}
+def get_devices(config):
+    device_rules = config["device-rules"]
+    port_rules = config["port-rules"]
+    devices = {device["id"]: device for device in device_rules}
+    ports = {port["id"]: port for port in port_rules}
+
+    for id in ports:
+        ports[id]["name"] = "No Device Connected"
 
     policy = _generate_policy().splitlines()
     rules = filter(lambda x: "via-port" in x, policy)
     for rule in rules:
         rule_split = rule.split()
+
         device_id = rule_split[rule_split.index("id") + 1]
         if device_id in devices:
             continue
         device_name = rule_split[rule_split.index("name") + 1].strip('"')
         devices[device_id] = {"id": device_id, "name": device_name, "allow": True}
+
+        port_id = rule_split[rule_split.index("via-port") + 1].strip('"')
+        if port_id in ports:
+            ports[port_id]["name"] = device_name
+        else:
+            ports[port_id] = {"id": port_id, "name": device_name, "allow": True}
 
-    return list(devices.values())
+    config.update({"device-rules": list(devices.values()), "port-rules": list(ports.values())})
+    return config
 
 
 def get_script(all_config):

main.py

@@ -1,7 +1,9 @@
-from PyQt6.QtWidgets import QApplication, QMainWindow, QDockWidget
+from PyQt6.QtWidgets import QApplication, QMainWindow, QDockWidget \
+    , QHBoxLayout, QWidget
 from PyQt6.QtCore import Qt
 from ui.sidebar import Sidebar
 from ui.page import Pages
+from harden import config_file
 import sys
 
 class MainWindow(QMainWindow):
@@ -15,21 +17,27 @@ def init_ui(self):
 
         self.pages = Pages()
         self.setCentralWidget(self.pages)
-
-        self.sidebar = QDockWidget("Menu")
-        self.sidebar_widget = Sidebar()
-        self.sidebar.setWidget(self.sidebar_widget)
-        self.sidebar.setFixedWidth(250)
+        self.pages.setObjectName("pageBg")
+
+        self.sidebar = Sidebar()
+        self.sidebar.setFixedWidth(200)
+        self.sidebar.setObjectName("sidebarBg")
+        self.sidebar.change_page_signal.connect(self.pages.setCurrentIndex)
 
-        self.addDockWidget(Qt.DockWidgetArea.LeftDockWidgetArea, self.sidebar)
-        self.sidebar.setFeatures(QDockWidget.DockWidgetFeature.NoDockWidgetFeatures)
-        self.sidebar_widget.change_page_signal.connect(self.change_page)
-
-    def change_page(self, index):
-        self.pages.setCurrentIndex(index)
+        self.main_layout = QHBoxLayout()
+        self.main_layout.setSpacing(0)
+        self.main_layout.setContentsMargins(0, 0, 0, 0)
+        self.main_layout.addWidget(self.sidebar)
+        self.main_layout.addWidget(self.pages)
+
+        self.main_widget = QWidget()
+        self.main_widget.setLayout(self.main_layout)
+        self.setCentralWidget(self.main_widget)
 
 def main():
+    config_file.create_copy()
     app = QApplication(sys.argv)
+    app.setStyleSheet(open("ui/qss/style.qss", "r").read())
     window = MainWindow()
     window.show()
     app.exec()

ui/components/hardware/file_systems.py

@@ -0,0 +1,84 @@
+from PyQt6.QtWidgets import QWidget, QVBoxLayout, QLabel, QCheckBox \
+    , QHBoxLayout, QLineEdit
+from PyQt6.QtGui import QIntValidator
+from harden import config_file
+
+class FileSystems(QWidget):
+    def __init__(self):
+        super().__init__()
+        self.init_ui()
+
+    def init_ui(self):
+        self.layout = QVBoxLayout()
+        self.setLayout(self.layout)
+
+        self.temp_toml_dict = config_file.read()
+        self.toml_file_systems = self.temp_toml_dict['file-systems']
+
+        self.main_label = QLabel("File Systems")
+        self.layout.addWidget(self.main_label)
+
+        # Basic Hardening
+        self.label_basic = QLabel("# Basic Hardening")
+        self.layout.addWidget(self.label_basic)
+
+        # block items
+        for name, state in self.toml_file_systems['block'].items():
+            checkbox = QCheckBox(f'Block {name}')
+            checkbox.setChecked(state)
+            checkbox.stateChanged.connect(lambda state, name=name: self.save_checkbox_state(state, 'block', name))
+            self.layout.addWidget(checkbox)
+
+        # Intermediate Hardening
+        self.label_basic = QLabel("# Intermediate Hardening")
+        self.layout.addWidget(self.label_basic)
+
+        # configure_fs items
+        for name, state in self.toml_file_systems['configure_fs'].items():
+            checkbox = QCheckBox(f"Configure /{name.replace('_', '/')}")
+            checkbox.setChecked(state)
+            checkbox.stateChanged.connect(lambda state, name=name: self.save_checkbox_state(state, 'configure_fs', name))
+            self.layout.addWidget(checkbox)
+
+        # configure /tmp size
+        hlayout = QHBoxLayout()
+
+        self.configure_label = QLabel('Configure /tmp size (in GB):')
+        self.size_input = QLineEdit()
+        self.size_input.setText(str(self.toml_file_systems['tmp_size']))
+        validator = QIntValidator()
+        self.size_input.setValidator(validator)
+        self.size_input.textChanged.connect(self.size_changed)
+
+        hlayout.addWidget(self.configure_label)
+        hlayout.addWidget(self.size_input)
+        self.layout.addLayout(hlayout)
+
+        # disable_automount
+        self.disable_auto_mount = QCheckBox('Disable Auto-Mount')
+        self.disable_auto_mount.setChecked(self.toml_file_systems['disable_automount'])
+        self.disable_auto_mount.stateChanged.connect(lambda state: self.save_checkbox_state(state, 'disable_automount', None))
+        self.layout.addWidget(self.disable_auto_mount)
+
+        # Advanced Hardening
+        self.label_basic = QLabel("# Advanced Hardening")
+        self.layout.addWidget(self.label_basic)
+
+        self.enable_aide = QCheckBox('Enable AIDE (Advanced Intrusion Detection Environment)')
+        self.enable_aide.setChecked(self.toml_file_systems['enable_aide'])
+        self.enable_aide.stateChanged.connect(lambda state: self.save_checkbox_state(state, 'enable_aide', None))
+        self.layout.addWidget(self.enable_aide)
+
+    def save_checkbox_state(self, state, type, name):
+        if name:
+            self.toml_file_systems[type][name] = (state == 2)
+        else:
+            self.toml_file_systems[type] = (state == 2)
+        config_file.write(self.temp_toml_dict)
+
+    def size_changed(self, new_size):
+        if new_size:
+            self.toml_file_systems['tmp_size'] = int(new_size)
+        else:
+            self.size_input.setText('0')
+        config_file.write(self.temp_toml_dict)

ui/components/hardware/physical_ports.py

@@ -0,0 +1,105 @@
+from PyQt6.QtWidgets import QWidget, QVBoxLayout, QLabel, QCheckBox, QPushButton \
+    , QTableWidget, QTableWidgetItem, QHBoxLayout
+from harden import config_file
+
+class PhysicalPorts(QWidget):
+    def __init__(self):
+        super().__init__()
+        self.init_ui()
+
+    def init_ui(self):
+        self.layout = QVBoxLayout()
+        self.setLayout(self.layout)
+        self.layout.setSpacing(0)
+        self.layout.setContentsMargins(0, 0, 0, 0)
+
+        self.temp_toml_dict = config_file.read() 
+        self.toml_physical_ports = self.temp_toml_dict['physical-ports']
+
+        hlayout = QHBoxLayout()
+        hlayout.setSpacing(0)
+        hlayout.setContentsMargins(0, 0, 0, 0)
+
+        self.main_label = QLabel("Physical Ports")
+        hlayout.addWidget(self.main_label)
+
+        # refresh button
+        self.refresh_button = QPushButton("Refresh")    # no connect function yet
+        hlayout.addWidget(self.refresh_button)
+
+        self.layout.addLayout(hlayout)
+
+        # enable checkbox
+        self.main_checkbox = QCheckBox("Enable USB Blocking")
+        self.layout.addWidget(self.main_checkbox)
+        self.main_checkbox.setChecked(self.toml_physical_ports['enable'])
+        self.main_checkbox.stateChanged.connect(self.enable_checkbox_clicked)
+
+        # table to block devices
+        self.block_devices_table()
+
+        # table to block ports
+        self.block_ports_table()
+
+    def block_devices_table(self):
+        self.block_devices_label = QLabel("Block Devices")
+        self.layout.addWidget(self.block_devices_label)
+
+        self.devices_table = QTableWidget()
+        self.devices_table.setColumnCount(3)
+        self.layout.addWidget(self.devices_table)
+
+        self.devices_table.setHorizontalHeaderLabels(["Device Name", "Device ID", "Allow"])
+
+        def add_device_rows():
+            rows = self.toml_physical_ports['device-rules']
+
+            for i in range(len(rows)):
+                self.devices_table.insertRow(i)
+                self.devices_table.setItem(i, 0, QTableWidgetItem(rows[i]['name']))
+                self.devices_table.setItem(i, 1, QTableWidgetItem(rows[i]['id']))
+
+                checkbox = QCheckBox()
+                checkbox.setChecked(rows[i]['allow'])
+                checkbox.stateChanged.connect(lambda state, i=i: self.save_checkbox_state(state, i, 'device-rules'))
+
+                self.devices_table.setCellWidget(i, 2, checkbox)
+
+        add_device_rows()
+
+    def block_ports_table(self):
+        self.block_ports_label = QLabel("Block Ports")
+        self.layout.addWidget(self.block_ports_label)
+
+        self.ports_table = QTableWidget()
+        self.ports_table.setColumnCount(3)
+        self.layout.addWidget(self.ports_table)
+
+        self.ports_table.setHorizontalHeaderLabels(["Port ID", "Device Name", "Allow"])
+
+        def add_port_rows():
+            rows = self.toml_physical_ports['port-rules']
+
+            for i in range(len(rows)):
+                self.ports_table.insertRow(i)
+                self.ports_table.setItem(i, 0, QTableWidgetItem(rows[i]['id']))
+
+                self.ports_table.setItem(i, 1, QTableWidgetItem(rows[i]['name']))
+
+                checkbox = QCheckBox()
+                checkbox.setChecked(rows[i]['allow'])
+                checkbox.stateChanged.connect(lambda state, i=i: self.save_checkbox_state(state, i, 'port-rules'))
+
+                self.ports_table.setCellWidget(i, 2, checkbox)
+
+        add_port_rows()
+
+    def enable_checkbox_clicked(self, state):
+        self.toml_physical_ports['enable'] = (state == 2)
+        self.devices_table.setEnabled((state == 2))
+        self.ports_table.setEnabled((state == 2))
+        config_file.write(self.temp_toml_dict)
+
+    def save_checkbox_state(self, state, idx, rule):
+        self.toml_physical_ports[rule][idx]['allow'] = (state == 2)
+        config_file.write(self.temp_toml_dict)

ui/components/software/apparmor.py

@@ -0,0 +1,46 @@
+from PyQt6.QtWidgets import QWidget, QVBoxLayout, QLabel, QCheckBox \
+    , QHBoxLayout, QComboBox
+from harden import config_file
+
+class AppArmor(QWidget):
+    def __init__(self):
+        super().__init__()
+        self.init_ui()
+
+    def init_ui(self):
+        self.layout = QVBoxLayout()
+        self.setLayout(self.layout)
+
+        self.temp_toml_dict = config_file.read()
+        self.toml_apparmor = self.temp_toml_dict['apparmor']
+
+        self.main_label = QLabel("AppArmor")
+        self.layout.addWidget(self.main_label)
+
+        # Enable Checkbox
+        checkbox = QCheckBox('Enable')
+        checkbox.setChecked(self.toml_apparmor['enable'])
+        checkbox.stateChanged.connect(self.save_checkbox_state)
+        self.layout.addWidget(checkbox)
+
+        # Mode Dropdown
+        hlayout = QHBoxLayout()
+
+        self.mode_label = QLabel('Select mode:')
+        self.mode_list = QComboBox()
+        self.mode_list.addItems(['enforce', 'complain'])
+        self.mode_list.setCurrentText(self.toml_apparmor['mode'])
+        self.mode_list.currentTextChanged.connect(self.new_item_selected)
+
+        hlayout.addWidget(self.mode_label)
+        hlayout.addWidget(self.mode_list)
+        self.layout.addLayout(hlayout)
+
+    def save_checkbox_state(self, state):
+        self.toml_apparmor['enable'] = (state == 2)
+        self.mode_list.setEnabled((state == 2))
+        config_file.write(self.temp_toml_dict)
+
+    def new_item_selected(self, mode):
+        self.toml_apparmor['mode'] = mode
+        config_file.write(self.temp_toml_dict)

ui/components/software/processes.py

@@ -0,0 +1,27 @@
+from PyQt6.QtWidgets import QWidget, QVBoxLayout, QLabel, QCheckBox
+from harden import config_file
+
+class Processes(QWidget):
+    def __init__(self):
+        super().__init__()
+        self.init_ui()
+
+    def init_ui(self):
+        self.layout = QVBoxLayout()
+        self.setLayout(self.layout)
+
+        self.temp_toml_dict = config_file.read()
+        self.toml_processes = self.temp_toml_dict['processes']
+
+        self.main_label = QLabel("Process Hardening")
+        self.layout.addWidget(self.main_label)
+
+        for name, state in self.toml_processes.items():
+            checkbox = QCheckBox(name.replace('_', ' ').title().replace('Aslr', 'ASLR'))
+            checkbox.setChecked(state)
+            checkbox.stateChanged.connect(lambda state, name=name: self.save_checkbox_state(state, name))
+            self.layout.addWidget(checkbox)
+
+    def save_checkbox_state(self, state, name):
+        self.toml_processes[name] = (state == 2)
+        config_file.write(self.temp_toml_dict)