tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix some bug for audit rules set.

Browse Source
This commit is contained in:
Samson-W 2019-09-10 17:14:59 +08:00
parent b3d8a08ac4
commit 6e7bef7a9d
13 changed files with 143 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
bin/hardening/8.1.19_record_sshkeysign_usage.sh
View File

@ -10,14 +10,17 @@
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
if [ $OS_RELEASE -eq 1 ]; then
AUDIT_PARAMS="-a always,exit -F path=$(find /usr/ -name "ssh-keysign") -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh AUDIT_PARAMS="-a always,exit -F path=/usr/lib/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
-a always,exit -F path=$(which ssh-agent 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh" -a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh"
elif [ $OS_RELEASE -eq 2 ]; then
set -e # One error, it's over AUDIT_PARAMS="-a always,exit -F path=/usr/libexec/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh"
fi
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'

17
bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh
View File

@ -10,15 +10,22 @@
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
AUDIT_PARAMS="-a always,exit -F path=$(which passwd 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd if [ $OS_RELEASE -eq 1 ]; then
-a always,exit -F path=$(which unix_chkpwd 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd AUDIT_PARAMS="-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=$(which gpasswd 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd -a always,exit -F path=/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=$(which chage 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd" -a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd"
elif [ $OS_RELEASE -eq 1 ]; then
AUDIT_PARAMS="-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/sbin/unix_chkpwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/usr/bin/gpasswd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd
-a always,exit -F path=/bin/chage -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd"
fi
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode

23
bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh
View File

@ -10,17 +10,26 @@
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
AUDIT_PARAMS="-a always,exit -F path=$(which su 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change if [ $OS_RELEASE -eq 1 ]; then
-a always,exit -F path=$(which sudo 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change AUDIT_PARAMS="-a always,exit -F path=/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=$(which newgrp 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change -a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=$(which chsh 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change -a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=$(which sudoedit 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change -a always,exit -F path=/usr/bin/chsh -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=$(which chfn 2>/dev/null) -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged-priv_change" -a always,exit -F path=/usr/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/usr/bin/chfn -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged-priv_change"
elif [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS="-a always,exit -F path=/bin/su -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/bin/sudo -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/bin/newgrp -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/bin/chsh -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/bin/sudoedit -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-priv_change
-a always,exit -F path=/bin/chfn -F perm=x -F auid>=500 -F auid!=4294967295 -k privileged-priv_change"
fi
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode

11
bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh
View File

@ -10,13 +10,18 @@
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=$(which postdrop 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix if [ $OS_RELEASE -eq 1 ]; then
-a always,exit -F path=$(which postqueue 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix' AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix
-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS='-a always,exit -F path=/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix
-a always,exit -F path=/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
fi
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode

11
bin/hardening/8.1.24_record_crontab_cmd_usage.sh
View File

@ -10,14 +10,17 @@
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=$(which crontab 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
if [ $OS_RELEASE -eq 1 ]; then
AUDIT_PARAMS='-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron'
elif [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS='-a always,exit -F path=/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron'
fi
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
# define custom IFS and save default one # define custom IFS and save default one

10
bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh
View File

@ -10,13 +10,15 @@
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=$(which pam_timestamp_check 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
if [ $OS_RELEASE -eq 1 ]; then
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
elif [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
fi
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {

103
bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
View File

@ -5,66 +5,75 @@
# #
# #
# 8.1.26 Recored pam_tally/pam_tally2 command usage (Scored) # 8.1.26 Recored pam_tally/pam_tally2 command usage(Only for Debian) (Scored)
# Author : Samson wen, Samson <sccxboy@gmail.com> Author add this # Author : Samson wen, Samson <sccxboy@gmail.com> Author add this
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=$(which pam_tally 2>/dev/null) -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=$(which pam_tally2 2>/dev/null) -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
set -e # One error, it's over set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
# define custom IFS and save default one # This feature is only for debian
d_IFS=$IFS if [ $OS_RELEASE -eq 2 ]; then
c_IFS=$'\n' ok "CentOS/Redhat is not support, so pass"
IFS=$c_IFS elif [ $OS_RELEASE -eq 1 ]; then
for AUDIT_VALUE in $AUDIT_PARAMS; do # define custom IFS and save default one
check_audit_path $AUDIT_VALUE d_IFS=$IFS
if [ $FNRET -eq 1 ];then c_IFS=$'\n'
crit "path is not exsit! Please check file path is exist!" IFS=$c_IFS
continue for AUDIT_VALUE in $AUDIT_PARAMS; do
else check_audit_path $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE" if [ $FNRET -eq 1 ];then
IFS=$d_IFS crit "path is not exsit! Please check file path is exist!"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE" continue
IFS=$c_IFS else
if [ $FNRET != 0 ]; then debug "$AUDIT_VALUE should be in file $FILE"
crit "$AUDIT_VALUE is not in file $FILE" IFS=$d_IFS
else does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
ok "$AUDIT_VALUE is present in $FILE" IFS=$c_IFS
fi if [ $FNRET != 0 ]; then
fi crit "$AUDIT_VALUE is not in file $FILE"
done else
IFS=$d_IFS ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
fi
} }
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
IFS=$'\n' # This feature is only for debian
for AUDIT_VALUE in $AUDIT_PARAMS; do if [ $OS_RELEASE -eq 2 ]; then
check_audit_path $AUDIT_VALUE ok "CentOS/Redhat is not support, so pass"
if [ $FNRET -eq 1 ];then elif [ $OS_RELEASE -eq 1 ]; then
crit "path is not exsit! Please check file path is exist!" IFS=$'\n'
continue for AUDIT_VALUE in $AUDIT_PARAMS; do
else check_audit_path $AUDIT_VALUE
debug "$AUDIT_VALUE should be in file $FILE" if [ $FNRET -eq 1 ];then
does_pattern_exist_in_file $FILE "$AUDIT_VALUE" crit "path is not exsit! Please check file path is exist!"
if [ $FNRET != 0 ]; then continue
warn "$AUDIT_VALUE is not in file $FILE, adding it" else
add_end_of_file $FILE $AUDIT_VALUE debug "$AUDIT_VALUE should be in file $FILE"
check_auditd_is_immutable_mode does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
else if [ $FNRET != 0 ]; then
ok "$AUDIT_VALUE is present in $FILE" warn "$AUDIT_VALUE is not in file $FILE, adding it"
fi add_end_of_file $FILE $AUDIT_VALUE
fi check_auditd_is_immutable_mode
done else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
fi
} }
# This function will check config parameters required # This function will check config parameters required

14
bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh
View File

@ -10,16 +10,17 @@
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=$(find /etc/ -name audisp-remote.conf) -F perm=wa -k config_file_change AUDIT_PARAMS='-a always,exit -F path=/etc/audisp/audisp-remote.conf -F perm=wa -k config_file_change
-a always,exit -F path=$(find /etc/ -name auditd.conf) -F perm=wa -k config_file_change -a always,exit -F path=/etc/audit/auditd.conf -F perm=wa -k config_file_change
-a always,exit -F path=/etc/default/grub -F perm=wa -k config_file_change
-a always,exit -F path=/etc/fstab -F perm=wa -k config_file_change
-a always,exit -F path=/etc/hosts.deny -F perm=wa -k config_file_change
-a always,exit -F path=/etc/login.defs -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/audit/rules.d/ -F perm=wa -k config_file_change -a always,exit -F dir=/etc/audit/rules.d/ -F perm=wa -k config_file_change
-a always,exit -F path=$(find /etc/ -name grub) -F perm=wa -k config_file_change
-a always,exit -F path=$(find /etc/ -name fstab) -F perm=wa -k config_file_change
-a always,exit -F path=$(find /etc/ -name hosts.deny) -F perm=wa -k config_file_change
-a always,exit -F path=$(find /etc/ -name login.defs) -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/pam.d/ -F perm=wa -k config_file_change -a always,exit -F dir=/etc/pam.d/ -F perm=wa -k config_file_change
-a always,exit -F path=/etc/profile -F perm=wa -k config_file_change -a always,exit -F path=/etc/profile -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/profile.d/ -F perm=wa -k config_file_change -a always,exit -F dir=/etc/profile.d/ -F perm=wa -k config_file_change
@ -27,7 +28,6 @@ AUDIT_PARAMS='-a always,exit -F path=$(find /etc/ -name audisp-remote.conf) -F p
-a always,exit -F dir=/etc/iptables/ -F perm=wa -k config_file_change -a always,exit -F dir=/etc/iptables/ -F perm=wa -k config_file_change
-a always,exit -F path=/etc/sysctl.conf -F perm=wa -k config_file_change' -a always,exit -F path=/etc/sysctl.conf -F perm=wa -k config_file_change'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode

10
bin/hardening/8.1.28_record_acl_cmd_usage.sh
View File

@ -8,16 +8,16 @@
# 8.1.28 Recored Events that privileged-acl command usage (Scored) # 8.1.28 Recored Events that privileged-acl command usage (Scored)
# Author : Samson wen, Samson <sccxboy@gmail.com> # Author : Samson wen, Samson <sccxboy@gmail.com>
# #
# todo to ensure path in debian
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
HARDENING_LEVEL=4 HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=$(which setfacl 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng AUDIT_PARAMS='-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng
-a always,exit -F path=$(which chacl 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng' -a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {

11
bin/hardening/8.1.29_record_usermod_cmd_usage.sh
View File

@ -10,13 +10,16 @@
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
HARDENING_LEVEL=4 HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=$(which usermod 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod' if [ $OS_RELEASE -eq 1 ]; then
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod'
set -e # One error, it's over elif [ $OS_RELEASE -eq 2 ]; then
FILE='/etc/audit/rules.d/audit.rules' AUDIT_PARAMS='-a always,exit -F path=/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod'
fi
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {

7
bin/hardening/8.1.30_record_unix_update_cmd_usage.sh
View File

@ -10,13 +10,12 @@
# #
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
HARDENING_LEVEL=4 HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=$(which unix_update 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-unix-update' AUDIT_PARAMS='-a always,exit -F path=/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-unix-update'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {

10
bin/hardening/8.1.7_record_mac_edit.sh
View File

@ -11,6 +11,7 @@
# todo test for centos # todo test for centos
set -u # One variable unset, it's over set -u # One variable unset, it's over
set -e # One error, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
@ -19,17 +20,16 @@ SELINUX_PKG_REDHAT="selinux-policy"
SE_AUDIT_PARAMS="-a always,exit -F dir=/etc/selinux/ -F perm=wa -k MAC-policy SE_AUDIT_PARAMS="-a always,exit -F dir=/etc/selinux/ -F perm=wa -k MAC-policy
-a always,exit -F dir=/usr/share/selinux/ -F perm=wa -k MAC-policy -a always,exit -F dir=/usr/share/selinux/ -F perm=wa -k MAC-policy
-a always,exit -F path=$(which chcon 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng -a always,exit -F path=/usr/bin/chcon -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng
-a always,exit -F path=$(which semanage 2>/dev/null) -F auid>=1000 -F auid!=4294967295 -k perm_chng -a always,exit -F path=/usr/sbin/semanage -F auid>=1000 -F auid!=4294967295 -k perm_chng
-a always,exit -F path=$(which setsebool 2>/dev/null) -F auid>=1000 -F auid!=4294967295 -k perm_chng -a always,exit -F path=/usr/sbin/setsebool -F auid>=1000 -F auid!=4294967295 -k perm_chng
-a always,exit -F path=$(which setfiles 2>/dev/null) -F auid>=1000 -F auid!=4294967295 -k perm_chng" -a always,exit -F path=/usr/sbin/setfiles -F auid>=1000 -F auid!=4294967295 -k perm_chng"
APPARMOR_PKG="apparmor" APPARMOR_PKG="apparmor"
AA_AUDIT_PARAMS='-w /etc/apparmor/ -p wa -k MAC-policy AA_AUDIT_PARAMS='-w /etc/apparmor/ -p wa -k MAC-policy
-w /etc/apparmor.d/ -p wa -k MAC-policy -w /etc/apparmor.d/ -p wa -k MAC-policy
-a always,exit -F path=/sbin/apparmor_parser -F perm=x -F auid>=1000 -F auid!=4294967295 -k MAC-policy' -a always,exit -F path=/sbin/apparmor_parser -F perm=x -F auid>=1000 -F auid!=4294967295 -k MAC-policy'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode

4
bin/hardening/8.5_ensure_permissions_on_all_logfiles.sh
View File

@ -41,7 +41,9 @@ apply () {
else else
warn "Permissions of all log files are not correctly configured! Set it" warn "Permissions of all log files are not correctly configured! Set it"
chmod -R $PERMISS_SET $LOGDIR/* chmod -R $PERMISS_SET $LOGDIR/*
rm $ERRPERFILELIST if [ -r $ERRPERFILELIST ]; then
rm $ERRPERFILELIST
fi
fi fi
} }