From b84fb622b57b041c128ca736bf53387038fd9ba9 Mon Sep 17 00:00:00 2001 From: Samson-W Date: Mon, 21 Jun 2021 22:23:49 +0800 Subject: [PATCH] Modify 8.1.34 for apply --dont-auditd-by-uid, and add aide-common pkg for 8.4.1 --- .../8.1.34_record_file_transfer_related.sh | 17 +++++++++++------ bin/hardening/8.4.1_install_aide.sh | 2 +- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/bin/hardening/8.1.34_record_file_transfer_related.sh b/bin/hardening/8.1.34_record_file_transfer_related.sh index 996ecc2..7c8e1ab 100755 --- a/bin/hardening/8.1.34_record_file_transfer_related.sh +++ b/bin/hardening/8.1.34_record_file_transfer_related.sh @@ -14,11 +14,6 @@ set -u # One variable unset, it's over HARDENING_LEVEL=4 -AUDIT_PARAMS='-a always,exit -F path=/usr/bin/scp -F perm=x -k file_transfer_exec --a always,exit -F path=/usr/bin/wget -F perm=x -k file_transfer_exec --a always,exit -F path=/usr/bin/sftp -F perm=x -k file_transfer_exec --a always,exit -F path=/usr/bin/curl -F perm=x -k file_transfer_exec' - FILE='/etc/audit/rules.d/audit.rules' # This function will be called if the script status is on enabled / audit mode @@ -62,7 +57,17 @@ apply () { # This function will check config parameters required check_config() { - : + if [ $DONT_AUDITD_BY_UID -eq 1 ]; then +AUDIT_PARAMS='-a always,exit -F path=/usr/bin/scp -F perm=x -k file_transfer_exec +-a always,exit -F path=/usr/bin/wget -F perm=x -k file_transfer_exec +-a always,exit -F path=/usr/bin/sftp -F perm=x -k file_transfer_exec +-a always,exit -F path=/usr/bin/curl -F perm=x -k file_transfer_exec' + else +AUDIT_PARAMS='-a always,exit -F path=/usr/bin/scp -F perm=x -F auid>=1000 -F auid!=4294967295 -k file_transfer_exec +-a always,exit -F path=/usr/bin/wget -F perm=x -F auid>=1000 -F auid!=4294967295 -k file_transfer_exec +-a always,exit -F path=/usr/bin/sftp -F perm=x -F auid>=1000 -F auid!=4294967295 -k file_transfer_exec +-a always,exit -F path=/usr/bin/curl -F perm=x -F auid>=1000 -F auid!=4294967295 -k file_transfer_exec' + fi } # Source Root Dir Parameter diff --git a/bin/hardening/8.4.1_install_aide.sh b/bin/hardening/8.4.1_install_aide.sh index 7f0a5b4..1a512c2 100755 --- a/bin/hardening/8.4.1_install_aide.sh +++ b/bin/hardening/8.4.1_install_aide.sh @@ -15,7 +15,7 @@ set -u # One variable unset, it's over HARDENING_LEVEL=4 # NB : in CIS, AIDE has been chosen, however we chose tripwire -PACKAGE='aide' +PACKAGE='aide aide-common' # This function will be called if the script status is on enabled / audit mode audit () {