Add new method for check audit path is exist, and update 8.1.19
This commit is contained in:
Samson-W
parent
d0bbbb9cc7
commit
99cab257b2
|
|
@ -9,13 +9,15 @@
|
|||
# Author : Samson wen, Samson <sccxboy@gmail.com>
|
||||
#
|
||||
|
||||
set -e # One error, it's over
|
||||
set -u # One variable unset, it's over
|
||||
|
||||
HARDENING_LEVEL=4
|
||||
|
||||
AUDIT_PARAMS='-a always,exit -F path=/usr/lib/openssh/ssh-keysign -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
|
||||
-a always,exit -F path=/usr/bin/ssh-agent -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh'
|
||||
|
||||
AUDIT_PARAMS="-a always,exit -F path=$(find / -name "ssh-keysign") -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh
|
||||
-a always,exit -F path=$(which sshd-agent 2>/dev/null) -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-ssh"
|
||||
|
||||
set -e # One error, it's over
|
||||
|
||||
FILE='/etc/audit/rules.d/audit.rules'
|
||||
|
||||
|
|
@ -26,6 +28,12 @@ audit () {
|
|||
c_IFS=$'\n'
|
||||
IFS=$c_IFS
|
||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||
check_audit_path $AUDIT_VALUE
|
||||
if [ $FNRET -eq 1 ];then
|
||||
crit "path is not exsit! Please check file path is exist!"
|
||||
continue
|
||||
else
|
||||
info "path is exsit!"
|
||||
debug "$AUDIT_VALUE should be in file $FILE"
|
||||
IFS=$d_IFS
|
||||
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
|
||||
|
|
@ -35,6 +43,7 @@ audit () {
|
|||
else
|
||||
ok "$AUDIT_VALUE is present in $FILE"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
IFS=$d_IFS
|
||||
}
|
||||
|
|
@ -43,6 +52,12 @@ audit () {
|
|||
apply () {
|
||||
IFS=$'\n'
|
||||
for AUDIT_VALUE in $AUDIT_PARAMS; do
|
||||
check_audit_path $AUDIT_VALUE
|
||||
if [ $FNRET -eq 1 ];then
|
||||
crit "path is not exsit! Please check file path is exist!"
|
||||
continue
|
||||
else
|
||||
info "path is exsit!"
|
||||
debug "$AUDIT_VALUE should be in file $FILE"
|
||||
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
|
||||
if [ $FNRET != 0 ]; then
|
||||
|
|
@ -52,6 +67,7 @@ apply () {
|
|||
else
|
||||
ok "$AUDIT_VALUE is present in $FILE"
|
||||
fi
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
|
|
|
|||
16
lib/utils.sh
16
lib/utils.sh
|
|
@ -955,3 +955,19 @@ yum_check_updates()
|
|||
fi
|
||||
}
|
||||
|
||||
# Check path of audit rule is exist, return 0 if path string is not NULL, else return 1
|
||||
# Example:
|
||||
# AUDITRULE="-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd"
|
||||
check_audit_path ()
|
||||
{
|
||||
AUDITRULE=$1
|
||||
RESULT=$(echo $AUDITRULE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}')
|
||||
if [ -z $(eval echo $RESULT) ]; then
|
||||
debug "Result is NULL"
|
||||
FNRET=1
|
||||
else
|
||||
debug "Result is not NULL"
|
||||
FNRET=0
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue