Change of SSLProtocol CID 10838 to CID 7786

README.md

@@ -22,7 +22,7 @@ The policy report is the input to our process. In order to get the .csv files, t
     * 16086 - Status of the 'SSLEngine' derivative within the Apache configuration files (server config and virtual host)
     * 9798 - Status of "Header" setting within virtualhost whose "SSLEngine" is set "on"
     * 9799 - List of VirtualHost elements whose "SSLEngine" is set "on" and no "Header" set neither at server level nor at Virtual Host level
-    * 10838 - Status of 'SSLProtocol' at server level
+    * 7786 - Status of the 'sslprotocol' directive on the host
     * 10840 - Status of "SSLCipherSuite" settings
     * 7640 - Status of the 'Listen' directive in the Apache configuration file on the host
     * 19505 - Status of the 'VirtualHost' directive in the apache configuration file
@@ -39,9 +39,9 @@ The first step is to switch to the "Policy Compliance" module, if not already th
 4. Choose Target Hosts from either Asset Groups or Tags (the repor is generated by evaluating through a Tag, given to all assets with Apache HTTP Server instances).
 5. Name your policy. We will pick for the example "Apache_HTTP_Server_TDG_Policy".
 6. An empty Section for the Policy will be present upon creating it. Each Section may store one or multiple Controls. For adding new sections: Add a new Section.
-7. For adding Controls on each Section: `Add Controls > Search (by CIDs: 10838**) > Add`. Repeat for all Controls required on each Section.
+7. For adding Controls on each Section: `Add Controls > Search (by CIDs: 7786**) > Add`. Repeat for all Controls required on each Section.
 
-    ** This particular CID corresponds to "Status of 'SSLProtocol' at server level".
+    ** This particular CID corresponds to "Status of the 'sslprotocol' directive on the host".
 8. Save the Policy
 
 ### Report generation
@@ -118,4 +118,4 @@ Streamlined, the workflow would be the following:
 
 ### Opening issues
 
-Issues can be opened by any participant for the main repository. Questions may be asked about the project itself, code intrincacies, the new technologies being added, etc.
+Issues can be opened by any participant for the main repository. Questions may be asked about the project itself, code intrincacies, the new technologies being added, etc.

config_dictionaries/dictionary_Apache.json

@@ -26,18 +26,18 @@
     "Status - VirtualHosts (CID 9799)":"str", 
     "Current Value(s) - VirtualHosts (CID 9799)":"str", 
     "Extended Evidence(s) - VirtualHosts (CID 9799)":"str",
-    "Control - SSLProtocol":"str", 
-    "Status - SSLProtocol":"str", 
-    "Current Value(s) - SSLProtocol":"str", 
-    "Extended Evidence(s) - SSLProtocol":"str",
+    "Control - SSLProtocol (CID 10838)":"str", 
+    "Status - SSLProtocol (CID 10838)":"str", 
+    "Current Value(s) - SSLProtocol (CID 10838)":"str", 
+    "Extended Evidence(s) - SSLProtocol (CID 10838)":"str",
     "Control - SSLProtocol (CID 10839)":"str", 
     "Status - SSLProtocol (CID 10839)":"str", 
     "Current Value(s) - SSLProtocol (CID 10839)":"str", 
     "Extended Evidence(s) - SSLProtocol (CID 10839)":"str",
-    "Control - SSLProtocol (CID 7786)":"str", 
-    "Status - SSLProtocol (CID 7786)":"str", 
-    "Current Value(s) - SSLProtocol (CID 7786)":"str", 
-    "Extended Evidence(s) - SSLProtocol (CID 7786)":"str",
+    "Control - SSLProtocol":"str", 
+    "Status - SSLProtocol":"str", 
+    "Current Value(s) - SSLProtocol":"str", 
+    "Extended Evidence(s) - SSLProtocol":"str",
     "Control - SSLCipherSuite":"str", 
     "Status - SSLCipherSuite":"str", 
     "Current Value(s) - SSLCipherSuite":"str", 
@@ -62,4 +62,4 @@
     "Status - VirtualHosts (CID 19505)":"str", 
     "Current Value(s) - VirtualHosts (CID 19505)":"str", 
     "Extended Evidence(s) - VirtualHosts (CID 19505)":"str"
-}
+}

config_dictionaries/dictionary_aggr_functions_Apache.json

@@ -26,18 +26,18 @@
     "Status - VirtualHosts (CID 9799)":"sum", 
     "Current Value(s) - VirtualHosts (CID 9799)":"sum", 
     "Extended Evidence(s) - VirtualHosts (CID 9799)":"sum",
-    "Control - SSLProtocol":"sum", 
-    "Status - SSLProtocol":"sum", 
-    "Current Value(s) - SSLProtocol":"sum", 
-    "Extended Evidence(s) - SSLProtocol":"sum",
+    "Control - SSLProtocol (CID 10838)":"sum", 
+    "Status - SSLProtocol (CID 10838)":"sum", 
+    "Current Value(s) - SSLProtocol (CID 10838)":"sum", 
+    "Extended Evidence(s) - SSLProtocol (CID 10838)":"sum",
     "Control - SSLProtocol (CID 10839)":"sum", 
     "Status - SSLProtocol (CID 10839)":"sum", 
     "Current Value(s) - SSLProtocol (CID 10839)":"sum", 
     "Extended Evidence(s) - SSLProtocol (CID 10839)":"sum",
-    "Control - SSLProtocol (CID 7786)":"sum", 
-    "Status - SSLProtocol (CID 7786)":"sum", 
-    "Current Value(s) - SSLProtocol (CID 7786)":"sum", 
-    "Extended Evidence(s) - SSLProtocol (CID 7786)":"sum",
+    "Control - SSLProtocol":"sum", 
+    "Status - SSLProtocol":"sum", 
+    "Current Value(s) - SSLProtocol":"sum", 
+    "Extended Evidence(s) - SSLProtocol":"sum",
     "Control - SSLCipherSuite":"sum", 
     "Status - SSLCipherSuite":"sum", 
     "Current Value(s) - SSLCipherSuite":"sum", 
@@ -74,4 +74,4 @@
     "Status - VirtualHosts (CID 19505)":"sum", 
     "Current Value(s) - VirtualHosts (CID 19505)":"sum", 
     "Extended Evidence(s) - VirtualHosts (CID 19505)":"sum"
-}
+}

stage2_row_merging/column_controls_adder.py

@@ -8,9 +8,9 @@ def column_controls_adder(db:pandas.DataFrame, row:str, technology:str):
         db[row+" - SSLEngine"] = db[db["Control"]=="Status of the 'SSLEngine' derivative within the Apache configuration files (server config and virtual host)"][row]
         db[row+" - VirtualHosts (CID 9798)"] = db[db["Control"]=="Status of \"Header\" setting within virtualhost whose \"SSLEngine\" is set \"on\""][row]
         db[row+" - VirtualHosts (CID 9799)"] = db[db["Control"]=="List of VirtualHost elements whose \"SSLEngine\" is set \"on\" and no \"Header\" set neither at server level nor at Virtual Host level"][row]
-        db[row+" - SSLProtocol"] = db[db["Control"]=="Status of 'SSLProtocol' at server level"][row]
+        db[row+" - SSLProtocol (CID 10838)"] = db[db["Control"]=="Status of 'SSLProtocol' at server level"][row]
         db[row+" - SSLProtocol (CID 10839)"] = db[db["Control"]=="Status of 'SSLProtocol' for every SSL enabled virtual hosts"][row]
-        db[row+" - SSLProtocol (CID 7786)"] = db[db["Control"]=="Status of the 'sslprotocol' directive on the host"][row]
+        db[row+" - SSLProtocol"] = db[db["Control"]=="Status of the 'sslprotocol' directive on the host"][row]
         db[row+" - SSLCipherSuite"] = db[db["Control"]=="Status of \"SSLCipherSuite\" settings"][row]
         db[row+" - SSLCipherSuite (CID 10841)"] = db[db["Control"]=="Status of \"SSLCipherSuite\" settings for every SSL enabled virtual hosts"][row]
         db[row+" - SSLCipherSuite (CID 7787)"] = db[db["Control"]=="Status of the 'SSLCipherSuite' directive within the Apache server-level configuration on the host"][row]
@@ -20,4 +20,4 @@ def column_controls_adder(db:pandas.DataFrame, row:str, technology:str):
         db[row+" - OpenSSL Version"] = db[db["Control"]=="Status of the 'openssl version' on the host"][row]
         db[row+" - Listen Ports"] = db[db["Control"]=="Status of the 'Listen' directive in the Apache configuration file on the host"][row]
         db[row+" - VirtualHosts (CID 19505)"] = db[db["Control"]=="Status of the 'VirtualHost' directive in the apache configuration file"][row]
-
+

stage3_vh/ip_port_transformation.py

@@ -11,9 +11,9 @@ def filter_undetected_controls(dataFrame):
         (dataFrame["Control - SSLEngine"] != "0") &
         (dataFrame["Control - VirtualHosts (CID 9798)"] != "0") &
         (dataFrame["Control - VirtualHosts (CID 9799)"] != "0") &
-        (dataFrame["Control - SSLProtocol"] != "0") &
+        (dataFrame["Control - SSLProtocol (CID 10838)"] != "0") &
         (dataFrame["Control - SSLProtocol (CID 10839)"] != "0") &
-        (dataFrame["Control - SSLProtocol (CID 7786)"] != "0") &
+        (dataFrame["Control - SSLProtocol"] != "0") &
         (dataFrame["Control - SSLCipherSuite"] != "0") &
         (dataFrame["Control - SSLCipherSuite (CID 10841)"] != "0") &
         (dataFrame["Control - SSLCipherSuite (CID 7787)"] != "0") &
@@ -78,4 +78,4 @@ def dataFrames_by_IPPort(dataFrame, dict_VHSSL):
                 row_to_clone_copy["VirtualHost"] = dict_VHSSL[str(j)][0]
                 row_to_clone_copy["TLS_ENABLED"] = dict_VHSSL[str(j)][1]
                 dataFrame_stage3_rowlist.append(row_to_clone_copy)
-    return pandas.concat(dataFrame_stage3_rowlist, axis=1, ignore_index=True, sort=False)
+    return pandas.concat(dataFrame_stage3_rowlist, axis=1, ignore_index=True, sort=False)