tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix some bugs for Debian12.

Browse Source
This commit is contained in:
Samson-W 2023-06-17 00:14:38 +08:00
parent 754ff95056
commit 1eecbc633f
10 changed files with 43 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/hardening/2.17_sticky_bit_world_writable_folder.sh
View File

@ -8,7 +8,7 @@
# 2.17 Set Sticky Bit on All World-Writable Directories (Scored) # 2.17 Set Sticky Bit on All World-Writable Directories (Scored)
# #
set -e # One error, it's over #set -e # One error, it's over
set -u # One variable unset, it's over set -u # One variable unset, it's over
HARDENING_LEVEL=2 HARDENING_LEVEL=2

11
bin/hardening/8.1.18_record_Events_netfilter.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 10 Hardening # harbian-audit for Debian GNU/Linux 10/11/12 Hardening
# #
# #
@ -15,11 +15,12 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
PACKAGE_NFT='nftables'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
is_debian_10 is_pkg_installed $PACKAGE_NFT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
ok "OS not support nft, so pass" ok "OS not support nft, so pass"
else else
# define custom IFS and save default one # define custom IFS and save default one
@ -43,8 +44,8 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
is_debian_10 is_pkg_installed $PACKAGE_NFT
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
ok "OS not support nft, so pass" ok "OS not support nft, so pass"
else else
IFS=$'\n' IFS=$'\n'

10
bin/hardening/8.1.19_record_sshkeysign_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening # harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
# #
# #
@ -10,7 +10,7 @@
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over #set -e # One error, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
@ -79,10 +79,10 @@ AUDIT_PARAMS_CENTOS="-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F
-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh" -a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh"
fi fi
if [ $OS_RELEASE -eq 1 ]; then if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
elif [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
else
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
fi fi
} }

8
bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening # harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
# #
# #
@ -87,10 +87,10 @@ AUDIT_PARAMS_CENTOS="-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1
-a always,exit -F path=/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd" -a always,exit -F path=/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd"
fi fi
if [ $OS_RELEASE -eq 1 ]; then if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
elif [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
else
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
fi fi
} }

8
bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening # harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
# #
# #
@ -95,10 +95,10 @@ AUDIT_PARAMS_CENTOS="-a always,exit -F path=/bin/su -F perm=x -F auid>=1000 -F a
-a always,exit -F path=/bin/chfn -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged-priv_change" -a always,exit -F path=/bin/chfn -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged-priv_change"
fi fi
if [ $OS_RELEASE -eq 1 ]; then if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
elif [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
else
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
fi fi
} }

8
bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening # harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
# #
# #
@ -79,10 +79,10 @@ AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/postdrop -F perm=x -F auid>=10
-a always,exit -F path=/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix' -a always,exit -F path=/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
fi fi
if [ $OS_RELEASE -eq 1 ]; then if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
elif [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
else
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
fi fi
} }

8
bin/hardening/8.1.24_record_crontab_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening # harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
# #
# #
@ -75,10 +75,10 @@ AUDIT_PARAMS_DEBIAN='-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=
AUDIT_PARAMS_CENTOS='-a always,exit -F path=/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron' AUDIT_PARAMS_CENTOS='-a always,exit -F path=/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron'
fi fi
if [ $OS_RELEASE -eq 1 ]; then if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
elif [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
else
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
fi fi
} }

8
bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening # harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
# #
# #
@ -75,10 +75,10 @@ AUDIT_PARAMS_DEBIAN='-a always,exit -F path=/usr/sbin/pam_timestamp_check -F per
AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam' AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
fi fi
if [ $OS_RELEASE -eq 1 ]; then if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
elif [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
else
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
fi fi
} }

15
bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening # harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
# #
# #
@ -21,7 +21,7 @@ audit () {
# This feature is only for debian # This feature is only for debian
if [ $OS_RELEASE -eq 2 ]; then if [ $OS_RELEASE -eq 2 ]; then
ok "CentOS/Redhat is not support, so pass" ok "CentOS/Redhat is not support, so pass"
elif [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then else
# define custom IFS and save default one # define custom IFS and save default one
d_IFS=$IFS d_IFS=$IFS
c_IFS=$'\n' c_IFS=$'\n'
@ -52,7 +52,7 @@ apply () {
# This feature is only for debian # This feature is only for debian
if [ $OS_RELEASE -eq 2 ]; then if [ $OS_RELEASE -eq 2 ]; then
ok "CentOS/Redhat is not support, so pass" ok "CentOS/Redhat is not support, so pass"
elif [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then else
IFS=$'\n' IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
@ -85,19 +85,18 @@ AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privilege
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam' AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
fi fi
else else
is_debian_11
if [ $DONT_AUDITD_BY_UID -eq 1 ]; then if [ $DONT_AUDITD_BY_UID -eq 1 ]; then
if [ $FNRET = 1 ]; then if [ $OS_RELEASE -lt 11 ]; then
AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -k privileged-pam AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -k privileged-pam
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -k privileged-pam' -a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -k privileged-pam'
elif [ $FNRET = 0 ]; then else
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privileged-pam' AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -k privileged-pam'
fi fi
else else
if [ $FNRET = 1 ]; then if [ $OS_RELEASE -lt 11 ]; then
AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam' -a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
elif [ $FNRET = 0 ]; then else
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam' AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/faillock -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
fi fi
fi fi

8
bin/hardening/8.1.29_record_usermod_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian-audit for Debian GNU/Linux 7/8/9/10 or CentOS Hardening # harbian-audit for Debian GNU/Linux 7/8/9/10/11/12 or CentOS Hardening
# #
# #
@ -75,10 +75,10 @@ AUDIT_PARAMS_DEBIAN='-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>
AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod' AUDIT_PARAMS_CENTOS='-a always,exit -F path=/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod'
fi fi
if [ $OS_RELEASE -eq 1 ]; then if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
elif [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS AUDIT_PARAMS=$AUDIT_PARAMS_CENTOS
else
AUDIT_PARAMS=$AUDIT_PARAMS_DEBIAN
fi fi
} }