tyler.durden
/
harbian-audit
mirror of https://github.com/hardenedlinux/harbian-audit.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add new method for check audit path is exist, and update 8.1.19

This commit is contained in:
Samson-W 2019-08-13 17:44:31 +08:00
parent d0bbbb9cc7
commit 99cab257b2
2 changed files with 53 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
bin/hardening/8.1.19_record_sshkeysign_usage.sh
View File

@ -9,13 +9,15 @@
# Author : Samson wen, Samson <sccxboy@gmail.com> # Author : Samson wen, Samson <sccxboy@gmail.com>
# #
set -e # One error, it's over
set -u # One variable unset, it's over set -u # One variable unset, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
AUDIT_PARAMS='-a always,exit -F path=/usr/lib/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh' AUDIT_PARAMS="-a always,exit -F path=$(find / -name "ssh-keysign") -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
-a always,exit -F path=$(which sshd-agent 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh"
set -e # One error, it's over
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
@ -26,6 +28,12 @@ audit () {
c_IFS=$'\n' c_IFS=$'\n'
IFS=$c_IFS IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
info "path is exsit!"
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
IFS=$d_IFS IFS=$d_IFS
does_pattern_exist_in_file $FILE "$AUDIT_VALUE" does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
@ -35,6 +43,7 @@ audit () {
else else
ok "$AUDIT_VALUE is present in $FILE" ok "$AUDIT_VALUE is present in $FILE"
fi fi
fi
done done
IFS=$d_IFS IFS=$d_IFS
} }
@ -43,6 +52,12 @@ audit () {
apply () { apply () {
IFS=$'\n' IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!"
continue
else
info "path is exsit!"
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
does_pattern_exist_in_file $FILE "$AUDIT_VALUE" does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
@ -52,6 +67,7 @@ apply () {
else else
ok "$AUDIT_VALUE is present in $FILE" ok "$AUDIT_VALUE is present in $FILE"
fi fi
fi
done done
} }

16
lib/utils.sh
View File

@ -955,3 +955,19 @@ yum_check_updates()
fi fi
} }
# Check path of audit rule is exist, return 0 if path string is not NULL, else return 1
# Example:
# AUDITRULE="-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd"
check_audit_path ()
{
AUDITRULE=$1
RESULT=$(echo $AUDITRULE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}')
if [ -z $(eval echo $RESULT) ]; then
debug "Result is NULL"
FNRET=1
else
debug "Result is not NULL"
FNRET=0
fi
}