Zope Security Audit, v. 0.3

Overview

Zope's fine-grained security model is powerful, but hard to manage. This tool gives the system administrator an overview of the security status of the site, by searching for "exceptions" to the default / acquired behavior. In particular, it flags all objects which meet have any of these criteria:

• Local role assigments;
• Proxy roles;
• Overridden permission mappings;
• Executable ownership which differes from the ownership of the 'aq_parent';
• Owner local roles which don't include the executable owner (leave out System Processes for unowned).

Example

See the screenshot.

Change History

1. 3 (2001/06/04)
   • Fix typo in class-level declaration of permission_overrides (Thanks to Oleg Broytman for pointing this out).
2. 2 (2001/03/11)
   • Add exception handling for items which raise errors during tweak construction (thanks to Wolfgang Strobl for pointing this out!)
   • Modify both showTweaks and allTweaks to be usable only with Manager role (thanks to Joel Burton for pointing this out!)
3. 1 (2001/03/10)
   • Initial release, prompeted by the "Enterprise Zope BoF" at IPC9.

Installation

1. Untar the tarball, into the root of your Zope instance (on the filesystem); the tarball will create the following files:

   Extensions/secaudit.py

   the script file for the external method;

   doc/README_secaudit.txt

   this file;

   doc/secaudit_example.png

   the screenshot;

   import/allTweaks.zexp

   contains the external method which does the actual search;

   import/showTweaks.zexp

   contains the script which generates the audit report.

2. Using the Zope management interface, import allTweaks.zexp and showTweaks.zexp into the root folder.
3. View showTweaks.