From 5cd3befa2a446b70980cf861edbde20d73fcd924 Mon Sep 17 00:00:00 2001 From: Chad Russell Date: Mon, 23 Aug 2021 08:52:30 -0500 Subject: [PATCH 1/5] working on database client --- cloud_guard/all_detectors_responders.py | 50 ++++++++++++++++++++----- 1 file changed, 41 insertions(+), 9 deletions(-) diff --git a/cloud_guard/all_detectors_responders.py b/cloud_guard/all_detectors_responders.py index 7cf68c0..d60cee3 100644 --- a/cloud_guard/all_detectors_responders.py +++ b/cloud_guard/all_detectors_responders.py @@ -5,7 +5,8 @@ import datetime import csv import os - +from pyfiglet import figlet_format +from oci.database.models import AutonomousDatabase ########################################################################## # Print to CSV @@ -87,13 +88,13 @@ def execute_report(): # Identity extract compartments config, signer = create_signer(cmd.config_profile, cmd.is_instance_principals, cmd.is_delegation_token) - cg = Cloud_Guard_Data(config, signer, cmd.proxy) + oci_data = OCI_Data(config, signer, cmd.proxy) - cg.get_responders() - cg.get_detectors() - cg.get_problems() - cg.get_recommendations() - + oci_data.get_responders() + oci_data.get_detectors() + oci_data.get_problems() + oci_data.get_recommendations() + oci_data.get_settings() @@ -167,18 +168,19 @@ def create_signer(config_profile, is_instance_principals, is_delegation_token): return config, signer -class Cloud_Guard_Data: +class OCI_Data: __compartments = [] __problems = [] __detectors = [] __responders = [] __recommendations = [] + __databases = [] def __init__(self, config, signer, proxy): # Start print time info print("Written by Josh Hammer February 2021. Hacked and botched by Chad Russell") print("\n") - print("Cloud Guard Data") + print( figlet_format("Cloud Guard Data +", font = "standard")) self.__config = config self.__signer = signer # self.__output_bucket = output_bucket @@ -190,7 +192,11 @@ def __init__(self, config, signer, proxy): self.__cloud_guard = oci.cloud_guard.CloudGuardClient(self.__config, signer=self.__signer) if proxy: self.__cloud_guard.base_client.session.proxies = {'https': proxy} + self.__database = oci.database.DatabaseClient(self.__config, signer=self.__signer) + if proxy: + self.__database.base_client.session.proxies = {'https': proxy} + # Getting Tenancy Data and Region data self.__tenancy = self.__identity.get_tenancy(config["tenancy"]).data print(self.__tenancy) @@ -235,6 +241,32 @@ def get_detectors(self): print_to_csv_file('all_detectors', self.__detectors) except Exception as e: raise RuntimeError("Failed to get responders" + str(e.args)) + + + def get_settings(self): + try: + raw_settings = oci.pagination.list_call_get_all_results( + self.__database.list_autonomous_databases, + compartment_id=self.__tenancy.id + ).data + print(raw_settings) + # for adbdata in raw_settings: + # adb_data_raw = oci.pagination.list_call_get_all_results( + # self.__database, + #private_endpoint=private_endpoint.id, + # compartment_id=self.__tenancy.id + # ).data + + for settings in raw_settings: + adb_data = { + "display_name" : display_name, + # "private_endpoint" : databases.private_endpoint, + + } + self.__settings.append(adb_data) + print_to_csv_file('adb_data', self.__databases) + except Exception as e: + raise RuntimeError("Failed to get settings" + str(e.args)) def get_responders(self): try: From fee120b1b4e11baa94a5a6e4e4e2c9ba0dba0eb0 Mon Sep 17 00:00:00 2001 From: Josh Hammer Date: Mon, 23 Aug 2021 09:59:19 -0400 Subject: [PATCH 2/5] Quick Comment --- cloud_guard/all_detectors_responders.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cloud_guard/all_detectors_responders.py b/cloud_guard/all_detectors_responders.py index d60cee3..a2b82af 100644 --- a/cloud_guard/all_detectors_responders.py +++ b/cloud_guard/all_detectors_responders.py @@ -96,7 +96,7 @@ def execute_report(): oci_data.get_recommendations() oci_data.get_settings() - +# To remove ########################################################################## # Create signer for Authentication From 1811ecf103c73894d7b9fe00d12d15dee0d14e2c Mon Sep 17 00:00:00 2001 From: Chad Russell Date: Mon, 23 Aug 2021 11:46:50 -0500 Subject: [PATCH 3/5] Create database_checker.py Need to figure out how to iterate over all the compartments. After that just pull relevant key values. --- database/database_checker.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 database/database_checker.py diff --git a/database/database_checker.py b/database/database_checker.py new file mode 100644 index 0000000..b7c239b --- /dev/null +++ b/database/database_checker.py @@ -0,0 +1,26 @@ +import oci +from oci.database.models import AutonomousDatabase +from oci.config import from_file +import os + +config = from_file(file_location="~/.oci/config") + + +print(config) + +compartment_id = config["tenancy"] + +identity = oci.database.DatabaseClient(config) +request = AutonomousDatabase() +request.name = "Checking ADB Settings" +request.description = "created by Chad with the OCI Python SDK to check ADB security settings" +settings = identity.list_autonomous_databases(compartment_id) + + + + + + +print(settings.data) + + From 50904e21e8d4470bfbf0e1998d8d8494641f8285 Mon Sep 17 00:00:00 2001 From: Josh Hammer Date: Fri, 28 Feb 2025 12:51:45 -0500 Subject: [PATCH 4/5] Update README.md --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 19724bd..92b169c 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,16 @@ + +--- + +**NOTE** + +--- +As of March 2025, CIS Landing Zone **only** the Terraform deliverable is in maintenance mode. +- **The [CIS compliance checking script]((compliance-script.md)) in this repository is not impacted. Users should continue using it to determine tenancy compliance with the CIS OCI Foundations Benchmark.** +- Users looking for a deployment experience similar to CIS Landing Zone should now use [OCI Core Landing Zone](https://github.com/oci-landing-zones/terraform-oci-core-landingzone). OCI Core Landing Zone evolves CIS Landing Zone and is compliant with CIS OCI Foundations Benchmark for OCI. 2.0.0. +- Users looking for a deployment experience based on fully declarable and customizable templates should use the [Operating Entities Landing Zone](https://github.com/oci-landing-zones/oci-landing-zone-operating-entities) or the [OCI Landing Zones Modules](#modules) in the [OCI Landing Zones GitHub organization](https://github.com/oci-landing-zones). + +--- + # OCI Scripts This repo contains samples of python3 Oracle Cloud Infrastructure scripts. Please read code and documentation before use as they have no warranty. - [Oracle Cloud Guard Scripts](cloud_guard/README.md) From d4a8a2ac8ec67f3b16e572acc6ebfca255045e21 Mon Sep 17 00:00:00 2001 From: Josh Hammer Date: Fri, 28 Feb 2025 12:56:31 -0500 Subject: [PATCH 5/5] Update README.md --- README.md | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/README.md b/README.md index 92b169c..8e2b3e3 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,4 @@ ---- - -**NOTE** - ---- -As of March 2025, CIS Landing Zone **only** the Terraform deliverable is in maintenance mode. -- **The [CIS compliance checking script]((compliance-script.md)) in this repository is not impacted. Users should continue using it to determine tenancy compliance with the CIS OCI Foundations Benchmark.** -- Users looking for a deployment experience similar to CIS Landing Zone should now use [OCI Core Landing Zone](https://github.com/oci-landing-zones/terraform-oci-core-landingzone). OCI Core Landing Zone evolves CIS Landing Zone and is compliant with CIS OCI Foundations Benchmark for OCI. 2.0.0. -- Users looking for a deployment experience based on fully declarable and customizable templates should use the [Operating Entities Landing Zone](https://github.com/oci-landing-zones/oci-landing-zone-operating-entities) or the [OCI Landing Zones Modules](#modules) in the [OCI Landing Zones GitHub organization](https://github.com/oci-landing-zones). - ---- - # OCI Scripts This repo contains samples of python3 Oracle Cloud Infrastructure scripts. Please read code and documentation before use as they have no warranty. - [Oracle Cloud Guard Scripts](cloud_guard/README.md)