From 195163b81af9428a1780d09bcaa632a3b2f121d1 Mon Sep 17 00:00:00 2001 From: Laurent Destailleur Date: Fri, 30 Apr 2021 11:45:45 +0200 Subject: [PATCH] Enhance security center --- htdocs/admin/system/security.php | 123 ++++++++++++++++++++----------- htdocs/langs/en_US/admin.lang | 3 +- 2 files changed, 81 insertions(+), 45 deletions(-) diff --git a/htdocs/admin/system/security.php b/htdocs/admin/system/security.php index de59957f5c9..d8dd21719fd 100644 --- a/htdocs/admin/system/security.php +++ b/htdocs/admin/system/security.php @@ -128,32 +128,13 @@ if ($test) { } print '
'; -print '
'; -print '
'; -print load_fiche_titre($langs->trans("ConfigurationFile").' ('.$conffile.')', '', 'folder'); -print ''.$langs->trans("dolibarr_main_prod").': '.$dolibarr_main_prod; -if (empty($dolibarr_main_prod)) { - print '   '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 1); -} -print '
'; - -print ''.$langs->trans("dolibarr_nocsrfcheck").': '.$dolibarr_nocsrfcheck; -if (!empty($dolibarr_nocsrfcheck)) { - print img_picto('', 'warning').'   '.$langs->trans("IfYouAreOnAProductionSetThis", 0); -} -print '
'; - -print ''.$langs->trans("dolibarr_main_restrict_ip").': '.$dolibarr_main_restrict_ip; -/*if (empty($dolibarr_main_restrict_ip)) { - print '   '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 1); -}*/ -print '
'; +// OS Permissions print '
'; print '
'; print '
'; -print load_fiche_titre($langs->trans("PermissionsOnFiles"), '', 'folder'); +print load_fiche_titre($langs->trans("OSSetup").' - '.$langs->trans("PermissionsOnFiles"), '', 'folder'); print ''.$langs->trans("PermissionsOnFilesInWebRoot").': '; $arrayoffilesinroot = dol_dir_list(DOL_DOCUMENT_ROOT, 'all', 1, '', array('\/custom'), 'name', SORT_ASC, 4, 1, '', 1); @@ -205,38 +186,36 @@ if ($perms) { } print '
'; -print '
'; + +// File conf.php print '
'; print '
'; -print load_fiche_titre($langs->trans("Modules"), '', 'folder'); +print '
'; +print load_fiche_titre($langs->trans("ConfigurationFile").' ('.$conffile.')', '', 'folder'); -// Module log -print ''.$langs->trans("Syslog").': '; -$test = empty($conf->syslog->enabled); -if ($test) { - print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis"); -} else { - if ($conf->global->SYSLOG_LEVEL > LOG_NOTICE) { - print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedMayExposeInformation", $langs->transnoentities("Syslog")); - } else { - print img_picto('', 'tick.png').' '.$langs->trans("ModuleSyslogActivatedButLevelNotTooVerbose", $langs->transnoentities("Syslog"), $conf->global->SYSLOG_LEVEL); - } - //print ' '.$langs->trans("MoreInformation").' XDebug admin page'; +print '$dolibarr_main_prod: '.$dolibarr_main_prod; +if (empty($dolibarr_main_prod)) { + print '   '.img_picto('', 'warning').' '.$langs->trans("IfYouAreOnAProductionSetThis", 1); } print '
'; -// Module debugbar -print ''.$langs->trans("DebugBar").': '; -$test = empty($conf->debugbar->enabled); -if ($test) { - print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis"); -} else { - print img_picto('', 'error').' '.$langs->trans("ModuleActivatedDoNotUseInProduction", $langs->transnoentities("DebugBar")); - //print ' '.$langs->trans("MoreInformation").' XDebug admin page'; +print '$dolibarr_nocsrfcheck: '.$dolibarr_nocsrfcheck; +if (!empty($dolibarr_nocsrfcheck)) { + print img_picto('', 'warning').'   '.$langs->trans("IfYouAreOnAProductionSetThis", 0); } print '
'; +print '$dolibarr_main_restrict_ip: '; +if (empty($dolibarr_main_restrict_ip)) { + print ''.$langs->trans("None").''; + //print ' ('.$langs->trans("RecommendedValueIs", $langs->transnoentitiesnoconv("IPsOfUsers")).')'; +} +print '
'; + + +// Menu security + print '
'; print '
'; print '
'; @@ -276,7 +255,6 @@ if (!empty($conf->global->MAIN_ANTIVIRUS_COMMAND)) { } } print '
'; - print '
'; $securityevent = new Events($db); @@ -299,10 +277,67 @@ if (!empty($eventstolog) && is_array($eventstolog)) { } } } + print '
'; } else { print img_warning().' '.$langs->trans("NoSecurityEventsAreAduited", $langs->transnoentities("Home").' - '.$langs->transnoentities("Setup").' - '.$langs->transnoentities("Audit")).'
'; } + +// Modules/Applications + +print '
'; +print '
'; +print '
'; +print load_fiche_titre($langs->trans("Modules"), '', 'folder'); + +// Module log +print ''.$langs->trans("Syslog").': '; +$test = empty($conf->syslog->enabled); +if ($test) { + print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis"); +} else { + if ($conf->global->SYSLOG_LEVEL > LOG_NOTICE) { + print img_picto('', 'warning').' '.$langs->trans("ModuleActivatedWithTooHighLogLevel", $langs->transnoentities("Syslog")); + } else { + print img_picto('', 'tick.png').' '.$langs->trans("ModuleSyslogActivatedButLevelNotTooVerbose", $langs->transnoentities("Syslog"), $conf->global->SYSLOG_LEVEL); + } + //print ' '.$langs->trans("MoreInformation").' XDebug admin page'; +} +print '
'; + +// Module debugbar +print ''.$langs->trans("DebugBar").': '; +$test = empty($conf->debugbar->enabled); +if ($test) { + print img_picto('', 'tick.png').' '.$langs->trans("NotInstalled").' - '.$langs->trans("NotRiskOfLeakWithThis"); +} else { + print img_picto('', 'error').' '.$langs->trans("ModuleActivatedDoNotUseInProduction", $langs->transnoentities("DebugBar")); + //print ' '.$langs->trans("MoreInformation").' XDebug admin page'; +} +print '
'; + + +// APIs + +print '
'; +print '
'; +print '
'; +print load_fiche_titre($langs->trans("API"), '', 'folder'); + +if (empty($conf->api->enabled) && empty($conf->webservices->enabled)) { + print $langs->trans("APIsAreNotEnabled"); +} else { + if (!empty($conf->webservices->enabled)) { + print $langs->trans('YouEnableDeprecatedWSAPIsUseRESTAPIsInstead')."
\n"; + print '
'; + } + if (!empty($conf->api->enabled)) { + print 'API_ENDPOINT_RULES = '.(empty($conf->global->API_ENDPOINT_RULES) ? ''.$langs->trans("Undefined").'' : $conf->global->API_ENDPOINT_RULES)."
\n"; + print '
'; + } +} + + print '

'; // End of page diff --git a/htdocs/langs/en_US/admin.lang b/htdocs/langs/en_US/admin.lang index e5803332b9b..720532a066e 100644 --- a/htdocs/langs/en_US/admin.lang +++ b/htdocs/langs/en_US/admin.lang @@ -64,6 +64,7 @@ RemoveLock=Remove/rename file %s if it exists, to allow usage of the Upda RestoreLock=Restore file %s, with read permission only, to disable any further use of the Update/Install tool. SecuritySetup=Security setup PHPSetup=PHP setup +OSSetup=OS setup SecurityFilesDesc=Define here options related to security about uploading files. ErrorModuleRequirePHPVersion=Error, this module requires PHP version %s or higher ErrorModuleRequireDolibarrVersion=Error, this module requires Dolibarr version %s or higher @@ -2063,7 +2064,7 @@ UseDebugBar=Use the debug bar DEBUGBAR_LOGS_LINES_NUMBER=Number of last log lines to keep in console WarningValueHigherSlowsDramaticalyOutput=Warning, higher values slows dramaticaly output ModuleActivated=Module %s is activated and slows the interface -ModuleActivatedWithTooHighLogLevel=Module %s is activated with a too high logging level (try to use a lower level for better performances) +ModuleActivatedWithTooHighLogLevel=Module %s is activated with a too high logging level (try to use a lower level for better performances and security) ModuleSyslogActivatedButLevelNotTooVerbose=Module %s is activated and log level (%s) is correct (not too verbose) IfYouAreOnAProductionSetThis=If you are on a production environment, you should set this property to %s. AntivirusEnabledOnUpload=Antivirus enabled on uploaded files