moved version 1.2 from sourceforge to github

README.md

@@ -1,2 +1,22 @@
 # SCAAMP
 Security Configuration Assistant for Apache-MySQL-PHP
+
+# What is SCAAMP All About?
+Given the configuration paths for Apache HTTP server, PHP interpreter, and MySQL database server, SCAAMP automatically audits the three environments for possible configuration vulnerabilities. It generates an audit summary that shows current values of security-critical configration directives. On the same summary, it also shows the recommended values for each configuration directive. Finally, it allows automated fixing of configuration by changing values from "Unsafe" to "Safe" as per configuration security best practices.
+
+## Requirements
+* Apache Web Server
+* PHP Interpreter
+* Browser
+
+## Installation
+1. Download the latest release
+2. Extract the files to your local web server's document root 
+3. Make sure your web server has file permissions
+5. Open your browser at http://localhost/SCAAMP/  
+
+## Usage
+Follow the instructions on the docs/scaamp11.pdf.
+
+## Contact
+* Birhanu Eshete ([email protected])

apache/change.php

@@ -0,0 +1,93 @@
+<?php
+
+/* 
+ * This is the script to change apache diretive values.
+ * The script should consider the changeable access level of each directive and
+ * treat each group of directives accordingly.
+ */
+include('../inc/header.php');
+include ('../inc/databasehandler.php');
+include ('../inc/utils.php');
+include ('../inc/ApacheDirective_Class.php');
+?>
+		<div id="navigation">
+			<ul>
+			    <li><a href="index.php"><span>home</span></a></li>
+			    <li><a href="notes.php"><span>notes</span></a></li>
+			    <li><a href="credits.php"><span>credits</span></a></li>
+			    <li><a href="contact.php"><span>contact</span></a></li>
+			</ul>
+			<div class="cl">&nbsp;</div>
+		</div>
+	</div>
+	<!-- END Logo + Description + Navigation -->
+	<!-- Header -->
+	<div id="main">
+            <h2 >Apache Configuration Change Summary</h2>
+     <?php
+       $key_values = $_POST;  //get all the key values submitted 
+       getCredentials();
+       $apacheDirectiveObjects = new ApacheDirective();
+       //copy the whole php.ini file to an array, one line at a time
+       $handle = fopen($httpdconf_path, 'r'); //read each line on an array
+       $original = array();
+       $index = 0;
+       while (!feof($handle))
+                {
+                 $original[$index] = fgets($handle);
+                 //echo $original[$index]."<br />";
+                 $index++;
+                }
+            fclose($handle);
+
+            //strcasecmp(substr($oneLine,0,2),"</") == 0
+            // search the array and make replacement of value submitted per each directive
+              $length =  count($key_values);
+              $counter = 0;
+              foreach($key_values as $key => $newValue){
+              	$counter = $counter + 1;
+              	if ($counter < $length) {
+              		$key2 = explode("_", $key);
+              		if (strlen($newValue) != 0 ){   
+              			$name = trim($key2[0]);
+              			$value = $apacheDirectiveObjects->processHttpd(trim($httpdconf_path),$name);
+              			$curValue = $value["value"];
+              			$lineNumber = $value["line"];  
+
+              			for ($i = 0;$i<count($original);$i++){   
+              				if ($lineNumber == ($i+1)) {
+              					if (strcmp($curValue,$newValue) != 0 && strlen($newValue) != 0) { 
+              						if (strcmp($newValue, "Select") != 0) {
+              							$original[$i] = $name." ".$newValue."\n";
+              						}
+              						break;
+              					}//inner if
+              				}//outer if
+              			}//inner for 
+              		}//if
+              	}else {
+              		break;
+              	} 
+              }//foreach
+
+            //rewrite the php.ini file with the modified array
+
+            $handle = fopen($httpdconf_path, 'w'); // open httpd.conf for writitng
+            for($i=0;$i<count($original)-1;$i++){
+                fwrite ($handle, $original[$i]);
+            }
+            fclose($handle);
+            echo "<br><h3>"."Your configuration changes are successfully saved. Please reset the server before you "
+            ?>
+
+            <a href="index.php">Redo Audit to Verify Changes </h3></a>
+	</div>
+        <!-- END Main -->
+
+<div id="description" class="separator"></div>
+
+
+<!-- Footer -->
+<?php
+include ('../inc/footer.php');
+?>

apache/css/style.css

@@ -0,0 +1,104 @@
+* { padding: 0; margin: 0; outline: 0; }
+body {
+	background: #e8eae1;
+	font-family: "Lucida Sans", "Lucida Grande", "Lucida Sans Unicode", Tahoma, Sans-Serif;
+	font-size: 12px;
+	line-height: 20px;
+	color: #010101;
+	padding-bottom: 10px;
+}
+input, textarea, select { font-family: "Lucida Sans", "Lucida Grande", "Lucida Sans Unicode", Tahoma, Sans-Serif; font-size:10px; }
+.field { padding: 7px 5px; border: solid 1px #cdd1bd; color: #969696; height: 14px; }
+.field-focused { color: #333; }
+input.button { padding: 4px 5px; cursor: pointer; }
+
+a { color: #5c7025; text-decoration: underline; cursor: pointer; }
+a:hover { text-decoration: none; }
+a img { border: 0; }
+
+p { padding-bottom: 4px; }
+
+.left, .alignleft { float: left; display: inline; }
+.right, .alignright { float: right; display: inline; }
+
+.cl { font-size: 0; line-height: 0; clear: both; display: block; height: 0; }
+
+.notext { font-size: 0; line-height: 0; text-indent: -4000px; background-repeat: no-repeat; }
+
+.al { text-align: left; }
+.ar { text-align: right; }
+.ac { text-align: center; }
+
+.shell { width: 960px; margin: 0 auto; }
+
+h2.txt-solutions { background-image: url(images/txt-solutions.gif); height: 33px; }
+h2.txt-about-bizgroup { background-image: url(images/txt-about-bizgroup.gif); }
+h2.txt-bizgroup-services { background-image: url(images/txt-bizgroup-services.gif); }
+h2.txt-support { background-image: url(images/txt-support.gif); }
+h2.txt-partnership-program { background-image: url(images/txt-parnership-program.gif); }
+h2.txt-newsletters { background-image: url(images/txt-newsletters.gif); }
+
+.more { background: url(images/arr.gif) no-repeat 0 center; padding-left: 8px; }
+
+.separator { background: url(images/separator.gif) repeat-x 0 bottom; }
+
+#top { padding: 30px 0 10px 250px; position: relative; height: 100%; }
+
+#logo { width: 240px; font-size: 0; line-height: 0; position: absolute; top: 20px; left: 0; }
+#logo a { display: block; height: 57px; text-indent: -4000px; background: url(images/logo.jpg); }
+
+#description { padding-bottom: 10px; margin-bottom: 10px; }
+#description h2 { height: 18px; background: url(images/description.gif) no-repeat 0 0; }
+
+#navigation { height: 21px; font-family: Verdana, Arial, Sans-Serif; font-size: 11px; line-height: 21px; text-transform: uppercase; }
+#navigation ul { float: right; display: inline; list-style-type: none; }
+#navigation li, 
+#navigation li a, 
+#navigation li a span { float: left; display: inline; padding-left: 10px; }
+#navigation li a { color: #747963; text-decoration: none; background-position: 0 0; }
+#navigation li a span { float: left; display: inline; padding-right: 10px; padding-left: 0; background-position: right 0; }
+#navigation li a:hover,
+#navigation li a.active,
+#navigation li a:hover span,
+#navigation li a.active span { background-image: url(images/nav-active.gif); color: #fff; }
+
+#slider { background: url(images/slider-cnt.gif) repeat-y 0 0; }
+#slider .top { background: url(images/slider-top.gif) no-repeat 0 0; }
+#slider .bot { background: url(images/slider-bot.gif) no-repeat 0 bottom; position: relative; height: 100%; padding: 0 2px 2px 0; }
+
+#slider .slider-controls { position: absolute; bottom: 10px; right: 10px; z-index: 100; }
+
+#slider-holder { height: 400px; }
+#slider-holder .jcarousel-clip { width: 958px; height: 400px; position: relative; overflow: hidden; }
+#slider-holder ul { width: 958px; height: 400px; position: relative; overflow: hidden; }
+#slider-holder ul li { list-style-type: none; float: left; display: inline; height: 350px; width: 868px; padding: 40px 45px 10px; }
+#slider-holder .slide-info { float: left; display: inline; width: 475px; padding-top: 100px; }
+#slider-holder .slide-image { float: right; display: inline; }
+#slider-holder .slide-info h2 { font-size: 31px; line-height: 1; color: #899464; text-transform: uppercase; font-weight: normal; margin-bottom: 8px; }
+
+.slider-controls a { float: left; display: inline; font-size: 0; line-height: 0; text-indent: -4000px; width: 10px; height: 10px; margin-left: 2px; }
+.slider-controls a { background: url(images/slider-nav.gif) no-repeat right 0; }
+.slider-controls a.active { background-position: 0 0; }
+
+.cols { padding: 28px 0 34px; }
+.cols .col { float: left; display: inline; }
+.cols .col-last { margin-right: 0 !important; }
+.cols .col h2 { padding-bottom: 10px; margin-left: 5px; text-transform: uppercase; font-weight: normal; }
+.cols .col h2.notext { height: 26px; }
+.cols .col .content { padding: 5px 0 0 5px; }
+
+.three-cols .col { width: 240px; margin-right: 120px; }
+
+.two-cols .col { width: 310px; margin-right: 20px; }
+.two-cols .col .content { padding-top: 0; }
+.two-cols .col-big { width: 630px; }
+.two-cols .col-big h2 { margin-left: 0; }
+.two-cols .col-big .content { padding-left: 0; }
+
+.subscribe .field { float: left; display: inline; width: 224px; }
+.subscribe .button { float: right; display: inline; width: 64px; height: 30px; border: 0; background: url(images/button-subscribe.gif) no-repeat 0 0; }
+
+#footer { font-size: 10px; text-transform: uppercase; padding-top: 5px; color: #9d8e8e; }
+#footer a { color: #959a87; text-decoration: underline; }
+#footer a:hover { color: #6d852c; text-decoration: none; }
+#footer span { margin: 0 8px; color: #ced1c7; }