From 53e21bfaf5602634e801ebc5403047ad6ce89455 Mon Sep 17 00:00:00 2001 From: samson <sccxboy@gmail.com> Date: Thu, 6 Sep 2018 03:44:28 +0800 Subject: [PATCH] Add audit and apply 5.7 document. --- bin/hardening/5.7_enable_screen.sh | 1 + .../8.5_verify_integrity_packages.sh | 2 +- .../harbian_audit_Debian_9_Benchmark_v0.1.mkd | 55 +++++++++++++++++-- 3 files changed, 51 insertions(+), 7 deletions(-) diff --git a/bin/hardening/5.7_enable_screen.sh b/bin/hardening/5.7_enable_screen.sh index 17ce04f..14c3fcc 100755 --- a/bin/hardening/5.7_enable_screen.sh +++ b/bin/hardening/5.7_enable_screen.sh @@ -6,6 +6,7 @@ # # 5.7 Install screen (Scored) +# Authors : Samson wen, Samson <sccxboy@gmail.com> # set -e # One error, it's over diff --git a/bin/hardening/8.5_verify_integrity_packages.sh b/bin/hardening/8.5_verify_integrity_packages.sh index c7c5858..d744f6a 100755 --- a/bin/hardening/8.5_verify_integrity_packages.sh +++ b/bin/hardening/8.5_verify_integrity_packages.sh @@ -3,9 +3,9 @@ # # harbian audit 7/8/9 Hardening # - # # 8.5 8.5_Verifies integrity all packages (Scored) +# Authors : Samson wen, Samson <sccxboy@gmail.com> # set -e # One error, it's over diff --git a/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd b/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd index 9f2a7e8..97e2b1f 100644 --- a/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd +++ b/docs/harbian_audit_Debian_9_Benchmark_v0.1.mkd @@ -1,17 +1,17 @@ # harbian audit Debian Linux 9 Benchmark -## 8.5 Verifies integrity all packages +## 8.5 Verifies integrity all packages (scored) -### Profile Applicability: +### Profile Applicability Level 5 -### Description: +### Description Without cryptographic integrity protections, system command and files can be altered by unauthorized users without detection. Cryptographic mechanisms used for protecting the integrity of information include, for example, signed hash functions using asymmetric cryptography enabling distribution of the public key to verify the hash information while maintaining the confidentiality of the key used to generate the hash. -### Rationale: +### Rationale Verify integrity all packages features to to monitor the files of the packages installed by the system. -### Aduit: +### Aduit Perform the following to determine(example): ``` # dpkg -V @@ -19,7 +19,7 @@ Perform the following to determine(example): ??5?????? c /etc/vim/vimrc ``` -### Remediation: +### Remediation Run the following command to determine which package owns the file: ``` # dpkg -S <filename> @@ -29,3 +29,46 @@ If the confirmation is not modified by owner, the package can be reinstalled fro # apt-get --reinstall <packagename> ``` +## 5.7 Install screen (scored) + +### Profile Applicability +Level 4 + +### Description +A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, operating systems need to be able to identify when a user's session has idled and take action to initiate the session lock. The screen package allows for a session lock to be implemented and configured. + +### Rationale +You can use the lock function of the screen to lock the current terminal and prevent the current session from exiting due to timeout. + +### Aduit +Verify the operating system has the screen package installed. Check to see if the screen package is installed with the following command: +``` +# dpkg -s screen | grep '^Status: install' +``` + +### Remediation +Install the screen program (if it is not on the system) with the following command: +``` +# apt-get install screen +``` +The console can now be locked with the following key combination: ctrl+a x + + + + + + + + +template + +### Profile Applicability +Level 5 + +### Description + +### Rationale + +### Aduit + +### Remediation