tuxgyver/SecureCheck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Johnny
2026-04-05 18:56:26 +02:00
parent 9f5e146229
commit 751dc8892c
43 changed files with 4278 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

158
securecheck/catalog.py Normal file
View File

@@ -0,0 +1,158 @@
from __future__ import annotations
from .models import Scenario, TaskDefinition
from .tasks import (
automatic_updates,
bind,
docker_setup,
firewall_setup,
log_rotation,
lynis_audit,
rootkit_check,
system_update,
utilities_setup,
zram_setup,
zsh_setup,
)
def task_catalog() -> list[TaskDefinition]:
base = [
TaskDefinition(
key="system_update",
label="Mise à jour système",
description="Met à jour le système et nettoie les paquets obsolètes.",
category="Maintenance",
handler=lambda context: None, # replaced by bind()
default_selected=True,
),
TaskDefinition(
key="automatic_updates",
label="Mises à jour automatiques",
description="Configure unattended-upgrades ou dnf-automatic.",
category="Maintenance",
handler=lambda context: None,
default_selected=True,
),
TaskDefinition(
key="lynis_audit",
label="Audit Lynis",
description="Lance un audit sécurité automatisé avec Lynis.",
category="Sécurité",
handler=lambda context: None,
default_selected=True,
),
TaskDefinition(
key="rootkit_check",
label="Vérification rootkits",
description="Exécute rkhunter et chkrootkit.",
category="Sécurité",
handler=lambda context: None,
default_selected=True,
),
TaskDefinition(
key="log_rotation",
label="Rotation des logs",
description="Installe et configure logrotate pour SecureCheck.",
category="Maintenance",
handler=lambda context: None,
default_selected=True,
),
TaskDefinition(
key="zsh_setup",
label="Installation et configuration zsh",
description="Installe zsh et applique une configuration utilisateur propre.",
category="Poste",
handler=lambda context: None,
default_selected=True,
),
TaskDefinition(
key="utilities_setup",
label="Utilitaires pratiques",
description="Installe les outils usuels de maintenance et sécurité.",
category="Poste",
handler=lambda context: None,
default_selected=True,
),
TaskDefinition(
key="zram_setup",
label="zram auto-configuré",
description="Déploie un service zram dimensionné automatiquement.",
category="Performance",
handler=lambda context: None,
default_selected=True,
),
TaskDefinition(
key="firewall_setup",
label="Vérification / autoconfig du firewall",
description="Active et sécurise UFW ou firewalld.",
category="Sécurité",
handler=lambda context: None,
default_selected=True,
),
TaskDefinition(
key="docker_setup",
label="Installation / check Docker",
description="Installe Docker et configure la rotation de ses logs.",
category="Services",
handler=lambda context: None,
default_selected=False,
),
]
handlers = {
"system_update": system_update,
"automatic_updates": automatic_updates,
"lynis_audit": lynis_audit,
"rootkit_check": rootkit_check,
"log_rotation": log_rotation,
"zsh_setup": zsh_setup,
"utilities_setup": utilities_setup,
"zram_setup": zram_setup,
"firewall_setup": firewall_setup,
"docker_setup": docker_setup,
}
return [bind(task, handlers[task.key]) for task in base]
def builtin_scenarios() -> list[Scenario]:
return [
Scenario(
name="baseline_workstation",
description="Socle poste Linux durci et outillé.",
task_keys=[
"system_update",
"automatic_updates",
"log_rotation",
"zsh_setup",
"utilities_setup",
"zram_setup",
"firewall_setup",
],
builtin=True,
),
Scenario(
name="security_audit",
description="Audit et vérifications de sécurité.",
task_keys=[
"system_update",
"lynis_audit",
"rootkit_check",
"firewall_setup",
"log_rotation",
],
builtin=True,
),
Scenario(
name="docker_host",
description="Socle serveur avec Docker et pare-feu.",
task_keys=[
"system_update",
"automatic_updates",
"firewall_setup",
"docker_setup",
"log_rotation",
],
builtin=True,
),
]