Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

make port classification configurable #1418

Merged
merged 12 commits into from
Jul 25, 2023
Merged

make port classification configurable #1418

merged 12 commits into from
Jul 25, 2023

Conversation

noamblitz
Copy link
Contributor

@noamblitz noamblitz commented Jul 19, 2023
edited
Loading

Changes

It is now configurable with config a config ooi on network

Issue link

Closes #975

To qa you can create this config ooi and create a port that is a database port by default. Now it should be an uncommon port.

image

Will add unit test

Code Checklist

  • All the commits in this PR are properly PGP-signed and verified;
  • This PR only contains functionality relevant to the issue; tickets have been created for newly discovered issues.
  • I have written unit tests for the changes or fixes I made.
  • For any non-trivial functionality, I have added integration and/or end-to-end tests.
  • I have performed a self-review of my code and refactored it to the best of my abilities.

Communication

  • I have informed others of any required .env changes files if required and changed the .env-dist accordingly.
  • I have made corresponding changes to the documentation, if necessary.

Checklist for code reviewers:

Copy-paste the checklist from the docs/source/templates folder into your comment.

Checklist for QA:

Copy-paste the checklist from the docs/source/templates folder into your comment.

@noamblitz noamblitz requested a review from a team as a code owner July 19, 2023 08:29
ammar92
ammar92 previously approved these changes Jul 19, 2023
View reviewed changes
@noamblitz noamblitz changed the title make ports configurable make port classification configurable Jul 20, 2023
Darwinkel
Darwinkel reviewed Jul 24, 2023
View reviewed changes
docs/source/manual/usermanual.rst Outdated
@@ -435,3 +435,15 @@ will be aggregated into one finding, instead of one separate finding per port.
"bit-id": "port-classification-ip",
"config": {"aggregate_findings": "True"}
}

Also you can configure which open ports should create findings and which ports should not. This is done by settings
common_tcp_ports, common_udp_ports, sa_tcp_ports and/or db_tcp_ports. As an example:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does sa_tcp_ports mean? What is the difference between the four setting lists?

Also, from this wording it's unclear whether defining these ports here means that they will trigger findings or not. Maybe rephrase to something like: "Any port defined in common_tcp_ports will no longer trigger an uncommon open port finding."

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense! Will rephrase!

@Darwinkel
Copy link
Contributor

Checklist for QA:

  • I have checked out this branch, and successfully ran a fresh make reset.
  • I confirmed that there are no unintended functional regressions in this branch:
    • I have managed to pass the onboarding flow
    • Objects and Findings are created properly
    • Tasks are created and completed properly
  • I confirmed that the PR's advertised feature or hotfix works as intended.

What works:

Bug or feature?:

  • I had some notes about the documentation, but those have been processed.

@noamblitz
Copy link
Contributor Author

Will work on accepting empty string as config and extending docs as discussed

@dekkers dekkers merged commit c4e772e into main Jul 25, 2023
@dekkers dekkers deleted the feature/open-port-config branch July 25, 2023 11:58
jpbruinsslot added a commit that referenced this pull request Jul 25, 2023
@jpbruinsslot
Merge branch 'main' into feature/mula/rescheduling
3607738 
* main: (95 commits)
  Translations for release 1.11 - EN -> NL, PAP (#1439)
  Add Question ooi model and create the first bit that generates a question (#1407)
  make port classification configurable (#1418)
  KATalogus API filtering and pagination (#1405)
  Fix robot test (#1420)
  Use the correct clearance level variable in organization member list template (#1427)
  Fix translation in Debian package (#1432)
  Reschedule tasks when no results in bytes are found after grace period (#1410)
  Don't scan hostname nmap in nmap boefje (#1415)
  Add and use our own CVE API (#1383)
  Add `task_id` as a query parameter to the `GET /origins` endpoint (#1414)
  Remove member group checks and check for permission instead (#1275)
  Bump cryptography from 41.0.0 to 41.0.2 in /boefjes/boefjes/plugins/kat_ssl_certificates (#1396)
  Bump cryptography from 41.0.1 to 41.0.2 in /bytes (#1397)
  Build the Debian build image on the main branch (#1387)
  Add explicit `black` config to all modules (#1395)
  Fix <no title> in the user guide docs (#1391)
  Add configurable octpoes request timeout (#1382)
  Remove hardcoded clearance level in member list for superusers (#1390)
  Add Debian build depends for CVE API package (#1384)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Darwinkel Darwinkel Darwinkel left review comments

@dekkers dekkers dekkers approved these changes

@ammar92 ammar92 ammar92 left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

implement ConfigOOI for allowed/denied ports as used in the ports bit.
5 participants
@noamblitz @Darwinkel @dekkers @ammar92 @underdarknl