Add audit and apply methods for 8.1.27

bin/hardening/8.1.16_record_sudo_usage.sh

@@ -13,7 +13,7 @@ set -u # One variable unset, it's over
 
 HARDENING_LEVEL=4
 
-AUDIT_PARAMS='-w /var/log/auth.log -p wa -k sudoaction'
+AUDIT_PARAMS='-w /var/log/audit/audit.log -p wa -k sudoaction'
 FILE='/etc/audit/rules.d/audit.rules'
 
 # This function will be called if the script status is on enabled / audit mode

bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh

@@ -0,0 +1,89 @@
+#!/bin/bash
+
+#
+# harbian audit 9  Hardening
+#
+
+#
+# 8.1.27 Record Events That Modify configuration files (Scored)
+# Author: Samson-W (sccxboy@gmail.com) author add this 
+#
+
+set -e # One error, it's over
+set -u # One variable unset, it's over
+
+HARDENING_LEVEL=4
+
+AUDIT_PARAMS='-w /etc/audisp/audisp-remote.conf -p wa -k config_file_change
+-w /etc/audit/auditd.conf -p wa -k config_file_change
+-w  -p wa -k config_file_change
+-w /etc/audit/rules.d/ -p wa -k config_file_change
+-w /etc/default/grub -p wa -k config_file_change
+-w /etc/fstab -p wa -k config_file_change
+-w /etc/hosts.deny -p wa -k config_file_change
+-w /etc/login.defs -p wa -k config_file_change
+-w /etc/pam.d/ -p wa -k config_file_change
+-w /etc/profile -p wa -k config_file_change
+-w /etc/profile.d/ -p wa -k config_file_change
+-w /etc/security/ -p wa -k config_file_change'
+
+FILE='/etc/audit/rules.d/audit.rules'
+
+# This function will be called if the script status is on enabled / audit mode
+audit () {
+    # define custom IFS and save default one
+    d_IFS=$IFS
+    c_IFS=$'\n'
+    IFS=$c_IFS
+    for AUDIT_VALUE in $AUDIT_PARAMS; do
+        debug "$AUDIT_VALUE should be in file $FILE"
+        IFS=$d_IFS
+        does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
+        IFS=$c_IFS
+        if [ $FNRET != 0 ]; then
+            crit "$AUDIT_VALUE is not in file $FILE"
+        else
+            ok "$AUDIT_VALUE is present in $FILE"
+        fi
+    done
+    IFS=$d_IFS
+}
+
+# This function will be called if the script status is on enabled mode
+apply () {
+    IFS=$'\n'
+    for AUDIT_VALUE in $AUDIT_PARAMS; do
+        debug "$AUDIT_VALUE should be in file $FILE"
+        does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
+        if [ $FNRET != 0 ]; then
+            warn "$AUDIT_VALUE is not in file $FILE, adding it"
+            add_end_of_file $FILE $AUDIT_VALUE
+            #eval $(pkill -HUP -P 1 auditd)
+        else
+            ok "$AUDIT_VALUE is present in $FILE"
+        fi
+    done
+}
+
+# This function will check config parameters required
+check_config() {
+    :
+}
+
+# Source Root Dir Parameter
+if [ -r /etc/default/cis-hardening ]; then
+    . /etc/default/cis-hardening
+fi
+if [ -z "$CIS_ROOT_DIR" ]; then
+     echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
+     echo "Cannot source CIS_ROOT_DIR variable, aborting."
+    exit 128
+fi
+
+# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
+if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
+    . $CIS_ROOT_DIR/lib/main.sh
+else
+    echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
+    exit 128
+fi