tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modify the check_audit_path method to pass check when audited record path does not exist in OS.

Browse Source
This commit is contained in:
Samson-W 2020-04-16 17:21:08 +08:00
parent 93031e98fe
commit da61977969
12 changed files with 28 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bin/hardening/8.1.19_record_sshkeysign_usage.sh
View File

@ -31,7 +31,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -54,7 +54,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

4
bin/hardening/8.1.21_record_Events_that_privileged_passwd_cmd_usage.sh
View File

@ -35,7 +35,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -58,7 +58,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

4
bin/hardening/8.1.22_record_Events_that_privileged_priv_change_cmd_usage.sh
View File

@ -39,7 +39,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -62,7 +62,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

4
bin/hardening/8.1.23_record_Events_that_privileged_postfix_cmd_usage.sh
View File

@ -31,7 +31,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -54,7 +54,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

4
bin/hardening/8.1.24_record_crontab_cmd_usage.sh
View File

@ -28,7 +28,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -51,7 +51,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

4
bin/hardening/8.1.25_record_pam_timestamp_check_cmd_usage.sh
View File

@ -28,7 +28,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -51,7 +51,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

4
bin/hardening/8.1.26_record_pam_tally_cmd_usage.sh
View File

@ -31,7 +31,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -59,7 +59,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

4
bin/hardening/8.1.27_record_Events_that_modify_conf_files.sh
View File

@ -26,7 +26,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist! Rule: $AUDIT_VALUE" warn "path is not exsit! Please check file path is exist! Rule: $AUDIT_VALUE"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -49,7 +49,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "Path is not exsit when apply a rule: $AUDIT_VALUE ! Please check file path is exist!" warn "Path is not exsit when apply a rule: $AUDIT_VALUE ! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

4
bin/hardening/8.1.28_record_acl_cmd_usage.sh
View File

@ -28,7 +28,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -51,7 +51,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

4
bin/hardening/8.1.29_record_usermod_cmd_usage.sh
View File

@ -28,7 +28,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -51,7 +51,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

4
bin/hardening/8.1.30_record_unix_update_cmd_usage.sh
View File

@ -26,7 +26,7 @@ audit () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"
@ -49,7 +49,7 @@ apply () {
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do
check_audit_path $AUDIT_VALUE check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then if [ $FNRET -eq 1 ];then
crit "path is not exsit! Please check file path is exist!" warn "path is not exsit! Please check file path is exist!"
continue continue
else else
debug "$AUDIT_VALUE should be in file $FILE" debug "$AUDIT_VALUE should be in file $FILE"

8
lib/utils.sh
View File

@ -1094,15 +1094,19 @@ yum_check_updates()
# Example: # Example:
# Process only the following format: # Process only the following format:
# AUDITRULE="-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd" # AUDITRULE="-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged-passwd"
# Please manually execute apt-file (Debian) / yum Provides (redhat) to ensure that the path already exists in the repository.
# example: apt-file search /usr/bin/passwd
# freedom-maker: /usr/bin/passwd-in-image
# passwd: /usr/bin/passwd
check_audit_path () check_audit_path ()
{ {
AUDITRULE=$1 AUDITRULE=$1
RESULT=$(echo $AUDITRULE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}') RESULT=$(echo $AUDITRULE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}')
if [ -f $(eval echo $RESULT) -o -d $(eval echo $RESULT) ]; then if [ -f $(eval echo $RESULT) -o -d $(eval echo $RESULT) ]; then
debug "Result is not NULL" debug "file $RESULT is exist!"
FNRET=0 FNRET=0
else else
debug "Result is NULL" warn "file $RESULT is not exist!"
FNRET=1 FNRET=1
fi fi
} }