php project to sftp files display results

Application Overview The application is to manage a web server and to send a script over multiple server, and once the script is run, the server will collect them, display to the user and it will as the user for input as of suggested commands as we well as customed commands entered by the user that need to run on the remote server(s). ## Deliverables Tabs The application would have the following tabs: Main, Setup, Servers, Reports, Scan Servers, Security, Update, Backup Main:? This screen will contain messages such us reports based on servers Every 2 months will be a reminder to the administrator [login to view URL] Status of the server, Memory, Disk Space Usage, CPU usage. ====================================================================== Setup:? ? The administrator would need to manually input the server Server Name Domain Name IP Address Netmask Gateway Name Servers NTP Server Private Key to SSH to Servers Pull down menu to select eth0, ethX (Based on the nics of the server, the script can find out using ifconfig) Button to add more information about interfaces, this can be accomplished with different NICS NICs eth0 eth1 ethX. ** Admin Email: For the admin to enter their email. ====================================================================== Servers:? ? The application would allow the user to add servers within range which means instead of typing 1000 ip address that start with [login to view URL], the administrator can simply put 10.XX.XX.1 to 10.XX.XX.254 each server will be within a group (Webserver, Database, Application), site(Florida), Customer(Customer A, Customer B). The administrator will set this up, and it will give access to others to add/delete/ modify categories. ====================================================================== Reports: This would be an archive for previous scans, now this can be setup in such a way that servers, would be group into customers, per server application (webserver, database server, app server). In this way, the administration should be able to apply the fixes in parallel to the current status and findings per server. Each server will have a list of cat I's (in red), and only the admin would be able to set the category OK. Cat II's (blue) and Cat III's (green). There are 2 lists per Category one with plain number of Open Security issues, and the other with the actual description. ======================================================================= Scan Servers: This tab will allow admins to scan the servers this can be done in parallel (multiple servers at the time, based in categories such us application, and/or customer). Before that each server will have a checkmark on their side and on top it will have a check/uncheck all option. Once the scan starts, it will wait 3 minutes before the server will collect all of its data from the target server and format it in a html report. After that it will list the finding number with a suggested fix with a warning and a box in which the administrator should be able to enter a custom fix (Linux/Unix commands to change permissions and/or other items). ========================================================================== Security (Since there should be a login screen) - Two Main users the Administrator, who will add users and permissions per user to add/modify servers and add custom commands. This tab will Appear only for the admin. ==========================================================================? Update - The server will go out to the internet to a given site (to be determined) and check if a file is available every time that the scan is run. Now if the file has already being downloaded it will output: The latest file is being used. ========================================================================== Backup - The server will create a dump of the sql server of the entire mysql database. The backup will have a schedule in which the user will be allowed to enter minute, hour, day of the week, ========================================================================== GUI - The GUI looks, it may be something this site [login to view URL] [login to view URL] Colors to be used should be blue and cane green ========================================================================== Scanning process 1) Based on the group of servers that the users select (It should be allowed multiple users to perform scanning, but once the server(s) is being used by user A, user B will be denied access. After the initial scan, the system will wait for 2 minutes and then it will pull 3 files /tmp/[login to view URL]$servername/$[login to view URL] /tmp/[login to view URL]$servername/$[login to view URL] /tmp/[login to view URL]$servername/$[login to view URL] There will be 3 kinds of files one for category I, II and III, For Instance it would say: 3 Category I 15 Category II 50 Category III /tmp/[login to view URL]$servername/$[login to view URL] For example it will say: GEN000340 GEN000450 GEN003040 ********************************************************************** Each file should be imported by issuing cat /tmp/[login to view URL]$servername/[login to view URL] cat /tmp/[login to view URL]$servername/[login to view URL] cat /tmp/[login to view URL]$servername/[login to view URL] All of these files should be zipped up with a tar file and import them to the Central Server. ********************************************************************** It will display the following: FDR Script Version: LINUX_51-25Jun2010 UNIX SRR Checklist Page: 30 PDI Number: GEN000340 Finding Category: CAT II Reference: LINUX 3.1.1 Description: The SA will ensure uids 0 - 99 (0-499 for Linux) are reserved for system accounts. Status: Open For example: GEN000340: avahi-autoipd is not a privileged account. GEN000340: oprofile is not a privileged account. GEN000340: sabayon is not a privileged account. SRR Script Version: UNIX_51-25Jun2010 UNIX SRR Checklist Page: 38 ------------------------------------------------------ Now the action should be entered into a db, also based on the output it will prompt the user for an action previosuly entered, and/or ask to run custom command. then we will 3 of them will display the total amount of finding which will server to let the end user the amount of security findings per server, per group, per site Scanning Script performed on $date, every time it will be run, it should archive its results. 2) After 2 minutes, the server will pull files from each /tmp/[login to view URL]$servername/$[login to view URL] /tmp/[login to view URL]$servername/$[login to view URL] /tmp/[login to view URL]$servername/$[login to view URL] now for each finding it will have to 3) Then the findings will be displayed on the screen of the php page: ======================================================================================================== FDR Script Version: LINUX_51-25Jun2010 UNIX SRR Checklist Page: 30 PDI Number: GEN000340 Finding Category: CAT II Reference: LINUX 3.1.1 Description: The SA will ensure uids 0 - 99 (0-499 for Linux) are reserved for system accounts. Status: Open For example: GEN000340: avahi-autoipd is not a privileged account. GEN000340: oprofile is not a privileged account. GEN000340: sabayon is not a privileged account. SRR Script Version: UNIX_51-25Jun2010 UNIX SRR Checklist Page: 38 PDI Number: GEN000480 Finding Category: CAT II Reference: UNIX STIG: 3.1.3 Description: The login delay between login prompts after a failed login is set to less than four seconds. Status: Open For example: GEN000480: FAIL_DELAY is not set in /etc/login.defs. ======================================================================================================== FDR Script Version: LINUX_51-25Jun2010 UNIX ZSR PDI Number: GEN001240 Finding Category: CAT II Reference: LINUX Description: The group owner of system files, programs, and directories is not a system group. Status: Open For example: -rwxr----- 1 sysadmin sysadmin 916 Jul 19 09:41 /etc/rc.d/init.d/vir -rwxr----- 1 sysadmin sysadmin 752 Jul 19 11:55 /etc/rc.d/init.d/set10netaliases ======================================================================================================== 4) Next based on the finding it will propose a command line solution: FDR Script Version: LINUX_51-25Jun2010 UNIX ZSR PDI Number: GEN001240 Finding Category: CAT II Reference: LINUX Description: The group owner of system files, programs, and directories is not a system group. Status: Open For example: -rwxr----- 1 sysadmin sysadmin 916 Jul 19 09:41 /etc/rc.d/init.d/vir -rwxr----- 1 sysadmin sysadmin 752 Jul 19 11:55 /etc/rc.d/init.d/set10netaliases ------------------------------------------------------------------------------------------------ Proposed Solution: chown root:root /etc/rc.d/init.d/vir? ? (checkbox) to accept solution Enter Custom Command: blank line with a plus sign at the end in case that multiple commands are needed to entry. 5) Once the entire list has been completed, it will create a shell script based on the display above with all of the commands? ? ? ? ? entered and it will be collected via sftp to the target server, and be executed remotely. 6) After that the scanning script will be run again and report the results back.