From 3bb4e50a7c8d3f65e74104970687566053511f6c Mon Sep 17 00:00:00 2001 From: Samson-W Date: Thu, 25 Aug 2022 18:11:23 +0000 Subject: [PATCH] Fix issues #37 need extra checks on audisp path on Ubuntu. --- bin/hardening.sh | 14 +++++++++--- .../8.1.1.5_ensure_set_remote_server.sh | 8 +++++-- ...1.6_ensure_set_encrypt_for_audit_remote.sh | 8 +++++-- ...nsure_set_action_for_audit_storage_full.sh | 8 +++++-- .../8.1.1.8_ensure_set_action_for_net_fail.sh | 8 +++++-- ...27_record_Events_that_modify_conf_files.sh | 22 ++++++++++++++++++- 6 files changed, 56 insertions(+), 12 deletions(-) diff --git a/bin/hardening.sh b/bin/hardening.sh index eaadcb1..aa23a17 100755 --- a/bin/hardening.sh +++ b/bin/hardening.sh @@ -205,15 +205,21 @@ fi [ -r $CIS_ROOT_DIR/lib/common.sh ] && . $CIS_ROOT_DIR/lib/common.sh [ -r $CIS_ROOT_DIR/lib/utils.sh ] && . $CIS_ROOT_DIR/lib/utils.sh +### Debian: OS_RELEASE=1 Redhat/centos: OS_RELEASE=2 Ubuntu: OS_RELEASE=3 # For --init if [ $INIT_G_CONFIG -eq 1 ]; then if [ -r /etc/redhat-release ]; then info "This OS is redhat/CentOS." sed -i 's/^OS_RELEASE=.*/OS_RELEASE=2/g' /etc/default/cis-hardening . /etc/default/cis-hardening + elif [ $(grep -i Ubuntu /etc/lsb-release -c) -gt 0 ]; then + info "This OS is Ubuntu." + sed -i 's/^OS_RELEASE=.*/OS_RELEASE=3/g' /etc/default/cis-hardening + . /etc/default/cis-hardening elif [ -r /etc/debian_version ]; then info "This OS is Debian." - : + sed -i 's/^OS_RELEASE=.*/OS_RELEASE=1/g' /etc/default/cis-hardening + . /etc/default/cis-hardening else crit "This OS not support!" exit 128 @@ -225,6 +231,8 @@ if [ $OS_RELEASE -eq 1 ]; then info "Start auditing for Debian." elif [ $OS_RELEASE -eq 2 ]; then info "Start auditing for redhat/CentOS." +elif [ $OS_RELEASE -eq 3 ]; then + info "Start auditing for Ubuntu." else crit "This OS not support!" exit 128 @@ -251,9 +259,9 @@ if [ $FINAL_G_CONFIG -eq 1 ]; then # Reinit aide database info "Will reinitialize the AIDE database" - if [ $OS_RELEASE -eq 1 ]; then + if [ $OS_RELEASE -eq 1 -o $OS_RELEASE -eq 3 ]; then aideinit - elif [ $OS_RELEASE -eq 2 ]; then + elif [ $OS_RELEASE -eq 2]; then aide --init mv /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz fi diff --git a/bin/hardening/8.1.1.5_ensure_set_remote_server.sh b/bin/hardening/8.1.1.5_ensure_set_remote_server.sh index fe65205..55095ef 100755 --- a/bin/hardening/8.1.1.5_ensure_set_remote_server.sh +++ b/bin/hardening/8.1.1.5_ensure_set_remote_server.sh @@ -15,7 +15,6 @@ set -u # One variable unset, it's over HARDENING_LEVEL=4 PACKAGE='audispd-plugins' -FILE='/etc/audisp/audisp-remote.conf' PATTERN='remote_server' # This function will be called if the script status is on enabled / audit mode @@ -59,7 +58,12 @@ apply () { # This function will check config parameters required check_config() { - : + #Ubuntu + if [ $OS_RELEASE -eq 3 ]; then + FILE='/etc/audit/audisp-remote.conf' + else + FILE='/etc/audisp/audisp-remote.conf' + fi } # Source Root Dir Parameter diff --git a/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh b/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh index e4d165d..ba3bc9f 100755 --- a/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh +++ b/bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh @@ -15,7 +15,6 @@ set -u # One variable unset, it's over HARDENING_LEVEL=4 PACKAGE='audispd-plugins' -FILE='/etc/audisp/audisp-remote.conf' PATTERN='enable_krb5' SETVALUE='yes' @@ -68,7 +67,12 @@ apply () { # This function will check config parameters required check_config() { - : + #Ubuntu + if [ $OS_RELEASE -eq 3 ]; then + FILE='/etc/audit/audisp-remote.conf' + else + FILE='/etc/audisp/audisp-remote.conf' + fi } # Source Root Dir Parameter diff --git a/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh b/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh index 6623db6..336eb7b 100755 --- a/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh +++ b/bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh @@ -15,7 +15,6 @@ set -u # One variable unset, it's over HARDENING_LEVEL=4 PACKAGE='audispd-plugins' -FILE='/etc/audisp/audisp-remote.conf' PATTERN='disk_full_action' SETVALUE='syslog' @@ -70,7 +69,12 @@ apply () { # This function will check config parameters required check_config() { - : + #Ubuntu + if [ $OS_RELEASE -eq 3 ]; then + FILE='/etc/audit/audisp-remote.conf' + else + FILE='/etc/audisp/audisp-remote.conf' + fi } # Source Root Dir Parameter diff --git a/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh b/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh index eedde30..c4c0b9f 100755 --- a/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh +++ b/bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh @@ -15,7 +15,6 @@ set -u # One variable unset, it's over HARDENING_LEVEL=4 PACKAGE='audispd-plugins' -FILE='/etc/audisp/audisp-remote.conf' PATTERN='network_failure_action' SETVALUE='syslog' @@ -70,7 +69,12 @@ apply () { # This function will check config parameters required check_config() { - : + #Ubuntu + if [ $OS_RELEASE -eq 3 ]; then + FILE='/etc/audit/audisp-remote.conf' + else + FILE='/etc/audisp/audisp-remote.conf' + fi } # Source Root Dir Parameter diff --git a/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh b/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh index 5200794..8f173bd 100755 --- a/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh +++ b/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh @@ -89,8 +89,26 @@ check_config() { -a always,exit -F path=/etc/audisp/plugins.d/au-remote.conf -F perm=wa -k config_file_change -a always,exit -F path=/etc/logrotate.conf -F perm=wa -k config_file_change -a always,exit -F dir=/etc/logrotate.d/ -F perm=wa -k config_file_change' + # Ubuntu + elif [ $OS_RELEASE -eq 3 ]; then + AUDIT_PARAMS='-a always,exit -F path=/etc/audit/audisp-remote.conf -F perm=wa -k config_file_change +-a always,exit -F path=/etc/audit/auditd.conf -F perm=wa -k config_file_change +-a always,exit -F path=/etc/default/grub -F perm=wa -k config_file_change +-a always,exit -F path=/etc/fstab -F perm=wa -k config_file_change +-a always,exit -F path=/etc/hosts.deny -F perm=wa -k config_file_change +-a always,exit -F path=/etc/login.defs -F perm=wa -k config_file_change +-a always,exit -F dir=/etc/audit/rules.d/ -F perm=wa -k config_file_change +-a always,exit -F dir=/etc/pam.d/ -F perm=wa -k config_file_change +-a always,exit -F path=/etc/profile -F perm=wa -k config_file_change +-a always,exit -F dir=/etc/profile.d/ -F perm=wa -k config_file_change +-a always,exit -F dir=/etc/security/ -F perm=wa -k config_file_change +-a always,exit -F dir=/etc/iptables/ -F perm=wa -k config_file_change +-a always,exit -F path=/etc/sysctl.conf -F perm=wa -k config_file_change +-a always,exit -F path=/etc/rsyslog.conf -F perm=wa -k config_file_change +-a always,exit -F path=/etc/audisp/plugins.d/au-remote.conf -F perm=wa -k config_file_change +-a always,exit -F path=/etc/logrotate.conf -F perm=wa -k config_file_change' # Debian - else + elif [ $OS_RELEASE -eq 1 ]; then AUDIT_PARAMS='-a always,exit -F path=/etc/audisp/audisp-remote.conf -F perm=wa -k config_file_change -a always,exit -F path=/etc/audit/auditd.conf -F perm=wa -k config_file_change -a always,exit -F path=/etc/default/grub -F perm=wa -k config_file_change @@ -108,6 +126,8 @@ check_config() { -a always,exit -F path=/etc/audisp/plugins.d/au-remote.conf -F perm=wa -k config_file_change -a always,exit -F path=/etc/logrotate.conf -F perm=wa -k config_file_change -a always,exit -F dir=/etc/logrotate.d/ -F perm=wa -k config_file_change' + else + warn "No support!!!" fi }