Skip to main content

Utilities and monitoring probes for Perun ProxyIdP

Project description

Perun proxy utils

Scripts and monitoring probes related to Perun ProxyIdP.

Installation

Install via pip:

pip install perun.proxy.utils

There are several extras which are required only for some scripts:

Scripts

run_probes

  • script designed to execute multiple monitoring probes
  • output is compatible with CheckMK
  • it is required to put configuration file to /etc/run_probes_cfg.yaml

For usage instructions, run:

run_probes

separate_ssp_logs

Script removes all logs from test accounts from SimpleSAMLphp logs.

For usage instructions, run:

separate_ssp_logs.py --help

separate_oidc_logs

Script removes all logs from test accounts from mitreID logs.

For usage instructions, run:

separate_oidc_logs.py --help

metadata_expiration

This script checks whether there are some metadata close to expiration date.

For usage instructions, run:

metadata_expiration.py --help

print_docker_versions

This script collects system info, docker engine info and the versions of running containers and then prints it to the stdout in the JSON format.

For usage instructions, run:

print_docker_versions --help

run_version_script

  • This scripts runs the print_docker_versions script on the given machines. The collected versions are then printed as a MD table to the stdout

For usage instructions, run:

run_version_script --help

sync_usable_token_types.py

Collects information about the usable token types of each privacyIDEA user and sends it to Perun. Each user with usable tokens in privacyIDEA is assigned a list of their types, for example: ['backupcode', 'totp']. A token is considered usable when it is **active ** and it is not locked or revoked and its rollout state allows logging in.

Requires configuration of perun connector module to work properly. It also needs to be executed in the same environment as privacyIDEA to acquire its Flask context (e.g. inside privacyIDEA docker container).

For more usage instructions, run:

sync_usable_token_types --help

Example:

python3 sync_usable_token_types.py
    --mfa-active-tokens-attr-name "attr_name"
    --perun-user-id-regex "\d+"
    --perun-connector-config-path "/path/to/file"

oracle2postgresql.py

Synchronizes data from Oracle db to PostgreSQL db.

Requires config file located at /etc/oracle2postgresql_cfg.yaml and Oracle client.

Functionality

  1. Attribute Import:

Imports attributes from Oracle database tables to the PostgreSQL database, into a table compatible with simplesamlphp-module-sqlattribs. Each attribute is specified with a corresponding SQL SELECT statement.

  1. Table Import:

Imports tables from the Oracle database to the PostgreSQL one. Supports both full and incremental synchronization. For full synchronization, all records from the source table are imported. For incremental synchronization, only records modified since the last synchronization are imported, based on designated change columns. The full sync in turned off by default. Run with -f or --full_sync flag to turn it on.

Attributes and tables intended for import are stated in the config. Target table names from PostgreSQL are hardcoded due to the possibility of needing to create them.

Nagios probes

All nagios scripts are located under nagios directory.

check_mongodb

Nagios monitoring probe for mongodb.

Tested options:

  • connect
  • connections
  • replication_lag
  • replset_state

(some possible options may not work since there are constructs which are not supported by the latest mongodb versions)

For usage instructions, run:

check_mongodb --help

check_saml

SAML authentication check compatible with SimpleSAMLphp and mitreID.

Basic OIDC check can be triggered by adding --basic-oidc-check switch. This checks for state and code parameters in the result url after a log in attempt.

For more usage instructions, run:

check_saml --help

Example:

python3 check_saml
    --username "my_username"
    --password "my_password"
    --username-field "j_username"
    --password-field "j_password"
    --postlogout-string "Successful logout"

check_user_logins

Check users which login in repeatedly more often than a specified threshold (logins per seconds).

For usage instructions, run:

check_user_logins --help

Example:

python3 check_user_logins
    -p /var/log/proxyaai/simplesamlphp/simplesamlphp/simplesamlphp.log
    -l 5
    -s 60
    -r "^(?P<datetime>.{20}).*audit-login.* (?P<userid>[0-9]+)@muni\.cz$"
    -d "%b %d %Y %H:%M:%S"

check_ldap

Check whether an LDAP server is available.

For usage instructions, run:

check_ldap --help

check_ldap_syncrepl

Check whether an LDAP replica is up to date with the provider.

For usage instructions, run:

check_ldap_syncrepl --help

check_privacyidea

Check whether privacyidea is available by performing TOTP authentication via the API. Use caching arguments for avoiding failure when one TOTP code is used two times.

For usage instructions, run:

check_privacyidea --help

check_pgsql

Check connection to PostgreSQL using a configurable query.

For usage instructions, run:

check_pgsql --help

check_oidc_login

Check that OIDC auth process works by acting as an OIDC client (RP) attempting to authenticate against an OIDC server (OP). Supports clients with PKCE and non-PKCE authentication. Additional tag -pkce must be added to test PKCE log in. Using client secret is always enforced since some clients might require it on top of PKCE.

Target OIDC server (OP) should not require authentication for this probe to work. It does not test the credentials' validity but rather the OIDC auth process. This can be achieved, for example, by setting up SATOSA's reflector backend.

For usage instructions, run:

check_oidc_login --help

Example:

python3 check_oidc_login
    --redirect-uri "http://localhost:44322/signin-oidc"
    --client-id "my_oidc_client_id"
    --client-secret "my_oidc_pkce_secret"
    --issuer "https://id.muni.cz"
    -vvv # verbose debug output
    -pkce

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

perun.proxy.utils-2.7.1.tar.gz (43.2 kB view hashes)

Uploaded Source

Built Distribution

perun.proxy.utils-2.7.1-py3-none-any.whl (50.4 kB view hashes)

Uploaded Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page