From 6fbba9242715a77861f790a50040f6f4809747a5 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Wed, 8 Jul 2020 15:28:08 +0100 Subject: [PATCH] Security audit script --- README.md | 15 +++++++++++++-- deploy/i2p | 4 ++-- deploy/onion | 4 ++-- gemini/EN/install.gmi | 2 +- security_audit | 2 ++ website/EN/index.html | 2 +- 6 files changed, 21 insertions(+), 8 deletions(-) create mode 100755 security_audit diff --git a/README.md b/README.md index 13ec8785a..51eea597e 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ On Arch/Parabola: sudo pacman -S tor python-pip python-pysocks python-pycryptodome \ imagemagick python-pillow python-requests \ perl-image-exiftool python-numpy python-dateutil \ - certbot flake8 + certbot flake8 bandit sudo pip3 install pyLD pyqrcode pypng ``` @@ -37,7 +37,8 @@ sudo apt install -y \ python3-idna python3-requests \ python3-pyld python3-django-timezone-field \ libimage-exiftool-perl python3-flake8 \ - python3-pyqrcode python3-png certbot nginx + python3-pyqrcode python3-png python3-bandit \ + certbot nginx ``` ## Installation @@ -196,6 +197,16 @@ Static analysis can be run with: ./static_analysis ``` +## Running a security audit + +To run a security audit: + +``` bash +./security_audit +``` + +Note that not all of the issues identified will necessarily be relevant to this project. + ## Installing on Onion or i2p domains If you don't have access to the clearnet, or prefer not to use it, then it's possible to run an Epicyon instance easily from your laptop. There are scripts within the ```deploy``` directory which can be used to install an instance on a Debian or Arch/Parabola operating system. With some modification of package names they could be also used with other distros. diff --git a/deploy/i2p b/deploy/i2p index d390d5500..2afeb74ab 100755 --- a/deploy/i2p +++ b/deploy/i2p @@ -64,7 +64,7 @@ if [ -f /usr/bin/pacman ]; then imagemagick python-pillow python-requests \ perl-image-exiftool python-numpy python-dateutil \ certbot flake8 git i2pd wget qrencode \ - proxychains midori + proxychains midori bandit pip3 install pyLD pyqrcode pypng else apt-get update @@ -75,7 +75,7 @@ else libimage-exiftool-perl python3-flake8 python3-pyld \ python3-django-timezone-field nginx git i2pd wget \ python3-pyqrcode qrencode python3-png \ - proxychains midori + proxychains midori python3-bandit fi if [ ! -d /etc/i2pd ]; then diff --git a/deploy/onion b/deploy/onion index 6c1093c04..c60df40b1 100755 --- a/deploy/onion +++ b/deploy/onion @@ -38,7 +38,7 @@ if [ -f /usr/bin/pacman ]; then pacman -S --noconfirm tor python-pip python-pysocks python-pycryptodome \ imagemagick python-pillow python-requests \ perl-image-exiftool python-numpy python-dateutil \ - certbot flake8 git qrencode + certbot flake8 git qrencode bandit pip3 install pyLD pyqrcode pypng else apt-get update @@ -48,7 +48,7 @@ else python3-setuptools python3-socks python3-idna \ libimage-exiftool-perl python3-flake8 python3-pyld \ python3-django-timezone-field tor nginx git qrencode \ - python3-pyqrcode python3-png + python3-pyqrcode python3-png python3-bandit fi echo 'Cloning the epicyon repo' diff --git a/gemini/EN/install.gmi b/gemini/EN/install.gmi index 6484b30fa..0eb54ba71 100644 --- a/gemini/EN/install.gmi +++ b/gemini/EN/install.gmi @@ -4,7 +4,7 @@ You will need python version 3.7 or later. On a Debian based system: - sudo apt install -y tor python3-socks imagemagick python3-numpy python3-setuptools python3-crypto python3-pycryptodome python3-dateutil python3-pil.imagetk python3-idna python3-requests python3-flake8 python3-pyld python3-django-timezone-field python3-pyqrcode python3-png libimage-exiftool-perl certbot nginx + sudo apt install -y tor python3-socks imagemagick python3-numpy python3-setuptools python3-crypto python3-pycryptodome python3-dateutil python3-pil.imagetk python3-idna python3-requests python3-flake8 python3-pyld python3-django-timezone-field python3-pyqrcode python3-png python3-bandit libimage-exiftool-perl certbot nginx The following instructions install Epicyon to the /opt directory. It's not essential that it be installed there, and it could be in any other preferred directory. diff --git a/security_audit b/security_audit new file mode 100755 index 000000000..5a47f8c46 --- /dev/null +++ b/security_audit @@ -0,0 +1,2 @@ +#!/bin/bash +bandit *.py -x tests.py \ No newline at end of file diff --git a/website/EN/index.html b/website/EN/index.html index 61afe827d..712b11ea1 100644 --- a/website/EN/index.html +++ b/website/EN/index.html @@ -1264,7 +1264,7 @@

You will need python version 3.7 or later.

On a Debian based system:

-

sudo apt install -y tor python3-socks imagemagick python3-numpy python3-setuptools python3-crypto python3-pycryptodome python3-dateutil python3-pil.imagetk python3-idna python3-requests python3-flake8 python3-pyld python3-django-timezone-field python3-pyqrcode python3-png libimage-exiftool-perl certbot nginx

+

sudo apt install -y tor python3-socks imagemagick python3-numpy python3-setuptools python3-crypto python3-pycryptodome python3-dateutil python3-pil.imagetk python3-idna python3-requests python3-flake8 python3-pyld python3-django-timezone-field python3-pyqrcode python3-png python3-bandit libimage-exiftool-perl certbot nginx