tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

modify 8.1.23~8.1.32 to be compatible with CentOS.

Browse Source
This commit is contained in:
Samson-W 2019-08-13 20:04:33 +08:00
parent 36d8055522
commit 7f23fe9c1c
11 changed files with 285 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/hardening/8.1.19_record_sshkeysign_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
# harbian audit 7/8/9/10 or CentOS Hardening
#
#

56
bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
# harbian audit 7/8/9/10 or CentOS Hardening
#
#
@ -9,14 +9,14 @@
# Author : Samson wen, Samson <sccxboy@gmail.com>
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix
-a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
AUDIT_PARAMS='-a always,exit -F path=$(which postdrop 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix
-a always,exit -F path=$(which postqueue 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode
@ -26,15 +26,21 @@ audit () {
c_IFS=$'\n'
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -43,15 +49,21 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
}

55
bin/hardening/8.1.24_record_crontab_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
# harbian audit 7/8/9/10 or CentOS Hardening
#
#
@ -9,12 +9,13 @@
# Author : Samson wen, Samson <sccxboy@gmail.com>
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron'
AUDIT_PARAMS='-a always,exit -F path=$(which crontab 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode
@ -24,15 +25,21 @@ audit () {
c_IFS=$'\n'
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -41,15 +48,21 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
}

55
bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
# harbian audit 7/8/9/10 or CentOS Hardening
#
#
@ -9,12 +9,13 @@
# Author : Samson wen, Samson <sccxboy@gmail.com>
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
AUDIT_PARAMS='-a always,exit -F path=$(which pam_timestamp_check 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode
@ -24,15 +25,21 @@ audit () {
c_IFS=$'\n'
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -41,15 +48,21 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
}

57
bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
# harbian audit 7/8/9/10 or CentOS Hardening
#
#
@ -9,13 +9,14 @@
# Author : Samson wen, Samson <sccxboy@gmail.com> Author add this
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
AUDIT_PARAMS='-a always,exit -F path=$(which pam_tally 2>/dev/null) -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam
-a always,exit -F path=$(which pam_tally2 2>/dev/null) -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode
@ -25,15 +26,21 @@ audit () {
c_IFS=$'\n'
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -42,15 +49,21 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
}

78
bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# harbian audit 9 Hardening
# harbian audit 9/10 or CentOS Hardening
#
#
@ -9,25 +9,25 @@
# Author: Samson-W (sccxboy@gmail.com) author add this
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=4
AUDIT_PARAMS='-w /etc/audisp/audisp-remote.conf -p wa -k config_file_change
-w /etc/audit/auditd.conf -p wa -k config_file_change
-w /etc/audit/rules.d/ -p wa -k config_file_change
-w /etc/default/grub -p wa -k config_file_change
-w /etc/fstab -p wa -k config_file_change
-w /etc/hosts.deny -p wa -k config_file_change
-w /etc/login.defs -p wa -k config_file_change
-w /etc/pam.d/ -p wa -k config_file_change
-w /etc/profile -p wa -k config_file_change
-w /etc/profile.d/ -p wa -k config_file_change
-w /etc/security/ -p wa -k config_file_change
-w /etc/iptables/ -p wa -k config_file_change
-w /etc/sysctl.conf -p wa -k config_file_change'
AUDIT_PARAMS='-a always,exit -F path=$(find / -name audisp-remote.conf) -F perm=wa -k config_file_change
-a always,exit -F path=$(find / -name auditd.conf) -F perm=wa -k config_file_change
-a always,exit -F dir=$(find /etc/audit/ -name rules.d) -F perm=wa -k config_file_change
-a always,exit -F path=$(find / -name grub) -F perm=wa -k config_file_change
-a always,exit -F path=$(find / -name fstab) -F perm=wa -k config_file_change
-a always,exit -F path=$(find / -name hosts.deny) -F perm=wa -k config_file_change
-a always,exit -F path=$(find / -name login.defs) -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/pam.d/ -F perm=wa -k config_file_change
-a always,exit -F path=/etc/profile -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/profile.d/ -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/security/ -F perm=wa -k config_file_change
-a always,exit -F dir=/etc/iptables/ -F perm=wa -k config_file_change
-a always,exit -F path=/etc/sysctl.conf -F perm=wa -k config_file_change'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode
@ -37,15 +37,21 @@ audit () {
c_IFS=$'\n'
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -54,15 +60,21 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
}

56
bin/hardening/8.1.28_record_acl_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
# harbian audit 7/8/9/10 or CentOS Hardening
#
#
@ -9,14 +9,14 @@
# Author : Samson wen, Samson <sccxboy@gmail.com>
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng
-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng'
AUDIT_PARAMS='-a always,exit -F path=$(which setfacl 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng
-a always,exit -F path=$(which chacl 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode
@ -26,15 +26,21 @@ audit () {
c_IFS=$'\n'
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -43,15 +49,21 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
}

54
bin/hardening/8.1.29_record_usermod_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
# harbian audit 7/8/9/10 or CentOS Hardening
#
#
@ -9,13 +9,13 @@
# Author : Samson wen, Samson <sccxboy@gmail.com>
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod'
AUDIT_PARAMS='-a always,exit -F path=$(which usermod 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode
@ -25,15 +25,21 @@ audit () {
c_IFS=$'\n'
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -42,15 +48,21 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
}

54
bin/hardening/8.1.30_record_unix_update_cmd_usage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
# harbian audit 7/8/9/10 or CentOS Hardening
#
#
@ -9,13 +9,13 @@
# Author : Samson wen, Samson <sccxboy@gmail.com>
#
set -e # One error, it's over
set -u # One variable unset, it's over
HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-unix-update'
AUDIT_PARAMS='-a always,exit -F path=$(which unix_update 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-unix-update'
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode
@ -25,15 +25,21 @@ audit () {
c_IFS=$'\n'
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
IFS=$c_IFS
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -42,15 +48,21 @@ audit () {
apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
}

2
bin/hardening/8.1.31_record_syscall_execve.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash
#
# harbian audit 7/8/9 Hardening
# harbian audit 7/8/9/10 or CentOS Hardening
#
#

2
bin/hardening/8.1.32_record_Events_netfilter.sh
View File

@ -7,7 +7,7 @@
#
# 8.1.32 Record netfilter related Events (Scored)
# Author: Samson-W (samson@hardenedlinux.org) author add this
#
# todo test for centos
set -e # One error, it's over
set -u # One variable unset, it's over