Modify the check_audit_path method to pass check when audited record path does not exist in OS.

2020-04-16 17:21:08 +08:00 · 2020-04-16 17:21:08 +08:00 · da61977969
parent 93031e98fe
commit da61977969
12 changed files with 28 additions and 24 deletions
--- a/bin/hardening/8.1.19_record_sshkeysign_usage.sh
+++ b/bin/hardening/8.1.19_record_sshkeysign_usage.sh
@ -31,7 +31,7 @@ audit () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
@ -54,7 +54,7 @@ apply () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
--- a/bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh
+++ b/bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh
@ -35,7 +35,7 @@ audit () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
@ -58,7 +58,7 @@ apply () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
--- a/bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh
+++ b/bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh
@ -39,7 +39,7 @@ audit () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
@ -62,7 +62,7 @@ apply () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
--- a/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh
+++ b/bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh
@ -31,7 +31,7 @@ audit () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
@ -54,7 +54,7 @@ apply () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
--- a/bin/hardening/8.1.24_record_crontab_cmd_usage.sh
+++ b/bin/hardening/8.1.24_record_crontab_cmd_usage.sh
@ -28,7 +28,7 @@ audit () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
@ -51,7 +51,7 @@ apply () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
--- a/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh
+++ b/bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh
@ -28,7 +28,7 @@ audit () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
@ -51,7 +51,7 @@ apply () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
--- a/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
+++ b/bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
@ -31,7 +31,7 @@ audit () {
    	for AUDIT_VALUE in $AUDIT_PARAMS; do
 			check_audit_path $AUDIT_VALUE 
 			if [ $FNRET -eq 1 ];then
-				crit "path is not exsit! Please check file path is exist!"
+				warn "path is not exsit! Please check file path is exist!"
 				continue
 			else
        		debug "$AUDIT_VALUE should be in file $FILE"
@ -59,7 +59,7 @@ apply () {
    	for AUDIT_VALUE in $AUDIT_PARAMS; do
 			check_audit_path $AUDIT_VALUE 
 			if [ $FNRET -eq 1 ];then
-				crit "path is not exsit! Please check file path is exist!"
+				warn "path is not exsit! Please check file path is exist!"
 				continue
 			else
        		debug "$AUDIT_VALUE should be in file $FILE"
--- a/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh
+++ b/bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh
@ -26,7 +26,7 @@ audit () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist! Rule: $AUDIT_VALUE"
+			warn "path is not exsit! Please check file path is exist! Rule: $AUDIT_VALUE"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
@ -49,7 +49,7 @@ apply () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "Path is not exsit when apply a rule: $AUDIT_VALUE ! Please check file path is exist!"
+			warn "Path is not exsit when apply a rule: $AUDIT_VALUE ! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
--- a/bin/hardening/8.1.28_record_acl_cmd_usage.sh
+++ b/bin/hardening/8.1.28_record_acl_cmd_usage.sh
@ -28,7 +28,7 @@ audit () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
@ -51,7 +51,7 @@ apply () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
--- a/bin/hardening/8.1.29_record_usermod_cmd_usage.sh
+++ b/bin/hardening/8.1.29_record_usermod_cmd_usage.sh
@ -28,7 +28,7 @@ audit () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
@ -51,7 +51,7 @@ apply () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
--- a/bin/hardening/8.1.30_record_unix_update_cmd_usage.sh
+++ b/bin/hardening/8.1.30_record_unix_update_cmd_usage.sh
@ -26,7 +26,7 @@ audit () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
@ -49,7 +49,7 @@ apply () {
    for AUDIT_VALUE in $AUDIT_PARAMS; do
 		check_audit_path $AUDIT_VALUE 
 		if [ $FNRET -eq 1 ];then
-			crit "path is not exsit! Please check file path is exist!"
+			warn "path is not exsit! Please check file path is exist!"
 			continue
 		else
        	debug "$AUDIT_VALUE should be in file $FILE"
--- a/lib/utils.sh
+++ b/lib/utils.sh
@ -1094,15 +1094,19 @@ yum_check_updates()
 # Example: 
 # Process only the following format:
 # AUDITRULE="-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd"
+# Please manually execute apt-file (Debian) / yum Provides (redhat) to ensure that the path already exists in the repository.
+# example: apt-file search /usr/bin/passwd
+# freedom-maker: /usr/bin/passwd-in-image
+# passwd: /usr/bin/passwd
 check_audit_path ()
 {
 	AUDITRULE=$1
 	RESULT=$(echo $AUDITRULE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}')
 	if [ -f $(eval echo $RESULT)  -o -d $(eval echo $RESULT) ]; then
-		debug "Result is not NULL"
+		debug "file $RESULT is exist!"
 		FNRET=0
 	else
-		debug "Result is NULL"
+		warn "file $RESULT is not exist!"
 		FNRET=1
 	fi
 }