From 7f23fe9c1ced0b2c509fc9977427769c573ebf25 Mon Sep 17 00:00:00 2001 From: Samson-W Date: Tue, 13 Aug 2019 20:04:33 +0800 Subject: [PATCH] modify 8.1.23~8.1.32 to be compatible with CentOS. --- .../8.1.19_record_sshkeysign_usage.sh | 2 +- ...vents_that_privileged_postfix_cmd_usage.sh | 56 +++++++------ .../8.1.24_record_crontab_cmd_usage.sh | 55 ++++++++----- ...25_record_pam_timestamp_check_cmd_usage.sh | 55 ++++++++----- .../8.1.26_record_pam_tally_cmd_usage.sh | 57 ++++++++------ ...27_record_Events_that_modify_conf_files.sh | 78 +++++++++++-------- bin/hardening/8.1.28_record_acl_cmd_usage.sh | 56 +++++++------ .../8.1.29_record_usermod_cmd_usage.sh | 54 ++++++++----- .../8.1.30_record_unix_update_cmd_usage.sh | 54 ++++++++----- bin/hardening/8.1.31_record_syscall_execve.sh | 2 +- .../8.1.32_record_Events_netfilter.sh | 2 +- 11 files changed, 285 insertions(+), 186 deletions(-) diff --git a/bin/hardening/8.1.19_record_sshkeysign_usage.sh b/bin/hardening/8.1.19_record_sshkeysign_usage.sh index 2761a4a..598cec8 100755 --- a/bin/hardening/8.1.19_record_sshkeysign_usage.sh +++ b/bin/hardening/8.1.19_record_sshkeysign_usage.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9/10 or CentOS Hardening # # diff --git a/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh b/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh index 1dc4feb..0f2791f 100755 --- a/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh +++ b/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9/10 or CentOS Hardening # # @@ -9,14 +9,14 @@ # Author : Samson wen, Samson # -set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=4 -AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/postdrop -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix --a always,exit -F path=/usr/sbin/postqueue -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix' +AUDIT_PARAMS='-a always,exit -F path=$(which postdrop 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix +-a always,exit -F path=$(which postqueue 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-postfix' +set -e # One error, it's over FILE='/etc/audit/rules.d/audit.rules' # This function will be called if the script status is on enabled / audit mode @@ -26,15 +26,21 @@ audit () { c_IFS=$'\n' IFS=$c_IFS for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - IFS=$d_IFS - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - IFS=$c_IFS - if [ $FNRET != 0 ]; then - crit "$AUDIT_VALUE is not in file $FILE" - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + IFS=$d_IFS + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + IFS=$c_IFS + if [ $FNRET != 0 ]; then + crit "$AUDIT_VALUE is not in file $FILE" + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done IFS=$d_IFS } @@ -43,15 +49,21 @@ audit () { apply () { IFS=$'\n' for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - if [ $FNRET != 0 ]; then - warn "$AUDIT_VALUE is not in file $FILE, adding it" - add_end_of_file $FILE $AUDIT_VALUE - check_auditd_is_immutable_mode - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + if [ $FNRET != 0 ]; then + warn "$AUDIT_VALUE is not in file $FILE, adding it" + add_end_of_file $FILE $AUDIT_VALUE + check_auditd_is_immutable_mode + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done } diff --git a/bin/hardening/8.1.24_record_crontab_cmd_usage.sh b/bin/hardening/8.1.24_record_crontab_cmd_usage.sh index 4f8d938..4abed4f 100755 --- a/bin/hardening/8.1.24_record_crontab_cmd_usage.sh +++ b/bin/hardening/8.1.24_record_crontab_cmd_usage.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9/10 or CentOS Hardening # # @@ -9,12 +9,13 @@ # Author : Samson wen, Samson # -set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=4 -AUDIT_PARAMS='-a always,exit -F path=/usr/bin/crontab -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron' +AUDIT_PARAMS='-a always,exit -F path=$(which crontab 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-cron' + +set -e # One error, it's over FILE='/etc/audit/rules.d/audit.rules' # This function will be called if the script status is on enabled / audit mode @@ -24,15 +25,21 @@ audit () { c_IFS=$'\n' IFS=$c_IFS for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - IFS=$d_IFS - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - IFS=$c_IFS - if [ $FNRET != 0 ]; then - crit "$AUDIT_VALUE is not in file $FILE" - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + IFS=$d_IFS + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + IFS=$c_IFS + if [ $FNRET != 0 ]; then + crit "$AUDIT_VALUE is not in file $FILE" + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done IFS=$d_IFS } @@ -41,15 +48,21 @@ audit () { apply () { IFS=$'\n' for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - if [ $FNRET != 0 ]; then - warn "$AUDIT_VALUE is not in file $FILE, adding it" - add_end_of_file $FILE $AUDIT_VALUE - check_auditd_is_immutable_mode - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + if [ $FNRET != 0 ]; then + warn "$AUDIT_VALUE is not in file $FILE, adding it" + add_end_of_file $FILE $AUDIT_VALUE + check_auditd_is_immutable_mode + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done } diff --git a/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh b/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh index 32066d8..90de0a5 100755 --- a/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh +++ b/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9/10 or CentOS Hardening # # @@ -9,12 +9,13 @@ # Author : Samson wen, Samson # -set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=4 -AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/pam_timestamp_check -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam' +AUDIT_PARAMS='-a always,exit -F path=$(which pam_timestamp_check 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-pam' + +set -e # One error, it's over FILE='/etc/audit/rules.d/audit.rules' # This function will be called if the script status is on enabled / audit mode @@ -24,15 +25,21 @@ audit () { c_IFS=$'\n' IFS=$c_IFS for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - IFS=$d_IFS - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - IFS=$c_IFS - if [ $FNRET != 0 ]; then - crit "$AUDIT_VALUE is not in file $FILE" - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + IFS=$d_IFS + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + IFS=$c_IFS + if [ $FNRET != 0 ]; then + crit "$AUDIT_VALUE is not in file $FILE" + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done IFS=$d_IFS } @@ -41,15 +48,21 @@ audit () { apply () { IFS=$'\n' for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - if [ $FNRET != 0 ]; then - warn "$AUDIT_VALUE is not in file $FILE, adding it" - add_end_of_file $FILE $AUDIT_VALUE - check_auditd_is_immutable_mode - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + if [ $FNRET != 0 ]; then + warn "$AUDIT_VALUE is not in file $FILE, adding it" + add_end_of_file $FILE $AUDIT_VALUE + check_auditd_is_immutable_mode + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done } diff --git a/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh b/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh index 99bac87..ccdb5ca 100755 --- a/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh +++ b/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9/10 or CentOS Hardening # # @@ -9,13 +9,14 @@ # Author : Samson wen, Samson Author add this # -set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=4 -AUDIT_PARAMS='-a always,exit -F path=/sbin/pam_tally -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam --a always,exit -F path=/sbin/pam_tally2 -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam' +AUDIT_PARAMS='-a always,exit -F path=$(which pam_tally 2>/dev/null) -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam +-a always,exit -F path=$(which pam_tally2 2>/dev/null) -F perm=wxa -F auid>=1000 -F auid!=4294967295 -k privileged-pam' + +set -e # One error, it's over FILE='/etc/audit/rules.d/audit.rules' # This function will be called if the script status is on enabled / audit mode @@ -25,15 +26,21 @@ audit () { c_IFS=$'\n' IFS=$c_IFS for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - IFS=$d_IFS - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - IFS=$c_IFS - if [ $FNRET != 0 ]; then - crit "$AUDIT_VALUE is not in file $FILE" - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + IFS=$d_IFS + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + IFS=$c_IFS + if [ $FNRET != 0 ]; then + crit "$AUDIT_VALUE is not in file $FILE" + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done IFS=$d_IFS } @@ -42,15 +49,21 @@ audit () { apply () { IFS=$'\n' for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - if [ $FNRET != 0 ]; then - warn "$AUDIT_VALUE is not in file $FILE, adding it" - add_end_of_file $FILE $AUDIT_VALUE - check_auditd_is_immutable_mode - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + if [ $FNRET != 0 ]; then + warn "$AUDIT_VALUE is not in file $FILE, adding it" + add_end_of_file $FILE $AUDIT_VALUE + check_auditd_is_immutable_mode + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done } diff --git a/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh b/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh index 2821d17..de23ec9 100755 --- a/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh +++ b/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 9 Hardening +# harbian audit 9/10 or CentOS Hardening # # @@ -9,25 +9,25 @@ # Author: Samson-W (sccxboy@gmail.com) author add this # -set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=4 -AUDIT_PARAMS='-w /etc/audisp/audisp-remote.conf -p wa -k config_file_change --w /etc/audit/auditd.conf -p wa -k config_file_change --w /etc/audit/rules.d/ -p wa -k config_file_change --w /etc/default/grub -p wa -k config_file_change --w /etc/fstab -p wa -k config_file_change --w /etc/hosts.deny -p wa -k config_file_change --w /etc/login.defs -p wa -k config_file_change --w /etc/pam.d/ -p wa -k config_file_change --w /etc/profile -p wa -k config_file_change --w /etc/profile.d/ -p wa -k config_file_change --w /etc/security/ -p wa -k config_file_change --w /etc/iptables/ -p wa -k config_file_change --w /etc/sysctl.conf -p wa -k config_file_change' +AUDIT_PARAMS='-a always,exit -F path=$(find / -name audisp-remote.conf) -F perm=wa -k config_file_change +-a always,exit -F path=$(find / -name auditd.conf) -F perm=wa -k config_file_change +-a always,exit -F dir=$(find /etc/audit/ -name rules.d) -F perm=wa -k config_file_change +-a always,exit -F path=$(find / -name grub) -F perm=wa -k config_file_change +-a always,exit -F path=$(find / -name fstab) -F perm=wa -k config_file_change +-a always,exit -F path=$(find / -name hosts.deny) -F perm=wa -k config_file_change +-a always,exit -F path=$(find / -name login.defs) -F perm=wa -k config_file_change +-a always,exit -F dir=/etc/pam.d/ -F perm=wa -k config_file_change +-a always,exit -F path=/etc/profile -F perm=wa -k config_file_change +-a always,exit -F dir=/etc/profile.d/ -F perm=wa -k config_file_change +-a always,exit -F dir=/etc/security/ -F perm=wa -k config_file_change +-a always,exit -F dir=/etc/iptables/ -F perm=wa -k config_file_change +-a always,exit -F path=/etc/sysctl.conf -F perm=wa -k config_file_change' +set -e # One error, it's over FILE='/etc/audit/rules.d/audit.rules' # This function will be called if the script status is on enabled / audit mode @@ -37,15 +37,21 @@ audit () { c_IFS=$'\n' IFS=$c_IFS for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - IFS=$d_IFS - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - IFS=$c_IFS - if [ $FNRET != 0 ]; then - crit "$AUDIT_VALUE is not in file $FILE" - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + IFS=$d_IFS + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + IFS=$c_IFS + if [ $FNRET != 0 ]; then + crit "$AUDIT_VALUE is not in file $FILE" + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done IFS=$d_IFS } @@ -54,15 +60,21 @@ audit () { apply () { IFS=$'\n' for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - if [ $FNRET != 0 ]; then - warn "$AUDIT_VALUE is not in file $FILE, adding it" - add_end_of_file $FILE $AUDIT_VALUE - check_auditd_is_immutable_mode - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + if [ $FNRET != 0 ]; then + warn "$AUDIT_VALUE is not in file $FILE, adding it" + add_end_of_file $FILE $AUDIT_VALUE + check_auditd_is_immutable_mode + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done } diff --git a/bin/hardening/8.1.28_record_acl_cmd_usage.sh b/bin/hardening/8.1.28_record_acl_cmd_usage.sh index 74bf365..41ce2b0 100755 --- a/bin/hardening/8.1.28_record_acl_cmd_usage.sh +++ b/bin/hardening/8.1.28_record_acl_cmd_usage.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9/10 or CentOS Hardening # # @@ -9,14 +9,14 @@ # Author : Samson wen, Samson # -set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=4 -AUDIT_PARAMS='-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng --a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng' +AUDIT_PARAMS='-a always,exit -F path=$(which setfacl 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng +-a always,exit -F path=$(which chacl 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k perm_chng' +set -e # One error, it's over FILE='/etc/audit/rules.d/audit.rules' # This function will be called if the script status is on enabled / audit mode @@ -26,15 +26,21 @@ audit () { c_IFS=$'\n' IFS=$c_IFS for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - IFS=$d_IFS - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - IFS=$c_IFS - if [ $FNRET != 0 ]; then - crit "$AUDIT_VALUE is not in file $FILE" - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + IFS=$d_IFS + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + IFS=$c_IFS + if [ $FNRET != 0 ]; then + crit "$AUDIT_VALUE is not in file $FILE" + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done IFS=$d_IFS } @@ -43,15 +49,21 @@ audit () { apply () { IFS=$'\n' for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - if [ $FNRET != 0 ]; then - warn "$AUDIT_VALUE is not in file $FILE, adding it" - add_end_of_file $FILE $AUDIT_VALUE - check_auditd_is_immutable_mode - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + if [ $FNRET != 0 ]; then + warn "$AUDIT_VALUE is not in file $FILE, adding it" + add_end_of_file $FILE $AUDIT_VALUE + check_auditd_is_immutable_mode + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done } diff --git a/bin/hardening/8.1.29_record_usermod_cmd_usage.sh b/bin/hardening/8.1.29_record_usermod_cmd_usage.sh index 4079014..fd2e4ed 100755 --- a/bin/hardening/8.1.29_record_usermod_cmd_usage.sh +++ b/bin/hardening/8.1.29_record_usermod_cmd_usage.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9/10 or CentOS Hardening # # @@ -9,13 +9,13 @@ # Author : Samson wen, Samson # -set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=4 -AUDIT_PARAMS='-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod' +AUDIT_PARAMS='-a always,exit -F path=$(which usermod 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-usermod' +set -e # One error, it's over FILE='/etc/audit/rules.d/audit.rules' # This function will be called if the script status is on enabled / audit mode @@ -25,15 +25,21 @@ audit () { c_IFS=$'\n' IFS=$c_IFS for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - IFS=$d_IFS - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - IFS=$c_IFS - if [ $FNRET != 0 ]; then - crit "$AUDIT_VALUE is not in file $FILE" - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + IFS=$d_IFS + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + IFS=$c_IFS + if [ $FNRET != 0 ]; then + crit "$AUDIT_VALUE is not in file $FILE" + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done IFS=$d_IFS } @@ -42,15 +48,21 @@ audit () { apply () { IFS=$'\n' for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - if [ $FNRET != 0 ]; then - warn "$AUDIT_VALUE is not in file $FILE, adding it" - add_end_of_file $FILE $AUDIT_VALUE - check_auditd_is_immutable_mode - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + if [ $FNRET != 0 ]; then + warn "$AUDIT_VALUE is not in file $FILE, adding it" + add_end_of_file $FILE $AUDIT_VALUE + check_auditd_is_immutable_mode + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done } diff --git a/bin/hardening/8.1.30_record_unix_update_cmd_usage.sh b/bin/hardening/8.1.30_record_unix_update_cmd_usage.sh index 9d2bae6..b152ba6 100755 --- a/bin/hardening/8.1.30_record_unix_update_cmd_usage.sh +++ b/bin/hardening/8.1.30_record_unix_update_cmd_usage.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9/10 or CentOS Hardening # # @@ -9,13 +9,13 @@ # Author : Samson wen, Samson # -set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=4 -AUDIT_PARAMS='-a always,exit -F path=/sbin/unix_update -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-unix-update' +AUDIT_PARAMS='-a always,exit -F path=$(which unix_update 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-unix-update' +set -e # One error, it's over FILE='/etc/audit/rules.d/audit.rules' # This function will be called if the script status is on enabled / audit mode @@ -25,15 +25,21 @@ audit () { c_IFS=$'\n' IFS=$c_IFS for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - IFS=$d_IFS - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - IFS=$c_IFS - if [ $FNRET != 0 ]; then - crit "$AUDIT_VALUE is not in file $FILE" - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + IFS=$d_IFS + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + IFS=$c_IFS + if [ $FNRET != 0 ]; then + crit "$AUDIT_VALUE is not in file $FILE" + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done IFS=$d_IFS } @@ -42,15 +48,21 @@ audit () { apply () { IFS=$'\n' for AUDIT_VALUE in $AUDIT_PARAMS; do - debug "$AUDIT_VALUE should be in file $FILE" - does_pattern_exist_in_file $FILE "$AUDIT_VALUE" - if [ $FNRET != 0 ]; then - warn "$AUDIT_VALUE is not in file $FILE, adding it" - add_end_of_file $FILE $AUDIT_VALUE - check_auditd_is_immutable_mode - else - ok "$AUDIT_VALUE is present in $FILE" - fi + check_audit_path $AUDIT_VALUE + if [ $FNRET -eq 1 ];then + crit "path is not exsit! Please check file path is exist!" + continue + else + debug "$AUDIT_VALUE should be in file $FILE" + does_pattern_exist_in_file $FILE "$AUDIT_VALUE" + if [ $FNRET != 0 ]; then + warn "$AUDIT_VALUE is not in file $FILE, adding it" + add_end_of_file $FILE $AUDIT_VALUE + check_auditd_is_immutable_mode + else + ok "$AUDIT_VALUE is present in $FILE" + fi + fi done } diff --git a/bin/hardening/8.1.31_record_syscall_execve.sh b/bin/hardening/8.1.31_record_syscall_execve.sh index 1a6b947..3f39a70 100755 --- a/bin/hardening/8.1.31_record_syscall_execve.sh +++ b/bin/hardening/8.1.31_record_syscall_execve.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# harbian audit 7/8/9 Hardening +# harbian audit 7/8/9/10 or CentOS Hardening # # diff --git a/bin/hardening/8.1.32_record_Events_netfilter.sh b/bin/hardening/8.1.32_record_Events_netfilter.sh index 2f7ee26..4940b81 100755 --- a/bin/hardening/8.1.32_record_Events_netfilter.sh +++ b/bin/hardening/8.1.32_record_Events_netfilter.sh @@ -7,7 +7,7 @@ # # 8.1.32 Record netfilter related Events (Scored) # Author: Samson-W (samson@hardenedlinux.org) author add this -# +# todo test for centos set -e # One error, it's over set -u # One variable unset, it's over