tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-31 01:24:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

Modify some checklists apply check_audit_path

Browse Source
This commit is contained in:
Samson-W 2021-06-22 21:20:30 +08:00
parent fad9b17d38
commit e45da09761
14 changed files with 322 additions and 171 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
bin/hardening/8.1.10_record_dac_edit.sh
View File

@ -29,12 +29,18 @@ audit () {
fi
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -45,6 +51,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
@ -53,6 +64,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}

12
bin/hardening/8.1.15_record_sudoers_edit.sh
View File

@ -24,12 +24,18 @@ audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -40,6 +46,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
@ -48,6 +59,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}

11
bin/hardening/8.1.16_record_sudo_usage.sh
View File

@ -22,13 +22,18 @@ audit () {
# define custom IFS and save default one
d_IFS=$IFS
IFS=$'\n'
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
FNRET=1
FNRET=2
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
IFS=$d_IFS
}
@ -37,10 +42,12 @@ apply () {
# define custom IFS and save default one
d_IFS=$IFS
IFS=$'\n'
if [ $FNRET = 1 ]; then
if [ $FNRET = 2 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
add_end_of_file $FILE $AUDIT_VALUE
check_auditd_is_immutable_mode
elif [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
else
ok "$AUDIT_VALUE is present in $FILE"
fi

12
bin/hardening/8.1.17_record_kernel_modules.sh
View File

@ -41,12 +41,18 @@ audit () {
fi
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -57,6 +63,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
@ -65,6 +76,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}

8
bin/hardening/8.1.18_record_Events_netfilter.sh
View File

@ -67,13 +67,13 @@ check_config() {
if [ $DONT_AUDITD_BY_UID -eq 1 ]; then
AUDIT_PARAMS='-w /etc/nftables.conf -p wa -k nft_config_file_change
-w /usr/share/netfilter-persistent/plugins.d/ -p wa -k nft_config_file_change
-a always,exit -F path=/usr/sbin/netfilter-persistent -F perm=x -k nft_persistent_use
-a always,exit -F path=/usr/sbin/nft -F perm=x -k nft_cmd_use'
-w /usr/sbin/netfilter-persistent -p x -k nft_persistent_use
-w /usr/sbin/nft -p x -k nft_cmd_use'
else
AUDIT_PARAMS='-w /etc/nftables.conf -p wa -k nft_config_file_change
-w /usr/share/netfilter-persistent/plugins.d/ -p wa -k nft_config_file_change
-a always,exit -F path=/usr/sbin/netfilter-persistent -F perm=x -F auid>=1000 -F auid!=4294967295 -k nft_persistent_use
-a always,exit -F path=/usr/sbin/nft -F perm=x -F auid>=1000 -F auid!=4294967295 -k nft_cmd_use'
-w /usr/sbin/netfilter-persistent -p x -F auid>=1000 -F auid!=4294967295 -k nft_persistent_use
-w /usr/sbin/nft -p x -F auid>=1000 -F auid!=4294967295 -k nft_cmd_use'
fi
}

12
bin/hardening/8.1.31_record_file_transfer_related.sh
View File

@ -25,6 +25,11 @@ audit () {
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
IFS=$d_IFS
RESULT=$(echo $AUDIT_VALUE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}')
does_valid_pattern_exist_in_file $FILE "$RESULT"
@ -34,6 +39,7 @@ audit () {
else
ok "$RESULT is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -43,6 +49,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
RESULT=$(echo $AUDIT_VALUE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}')
does_valid_pattern_exist_in_file $FILE "$RESULT"
if [ $FNRET != 0 ]; then
@ -52,6 +63,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
}

12
bin/hardening/8.1.32_record_ufw_of_debian_like.sh
View File

@ -33,6 +33,11 @@ audit () {
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
IFS=$d_IFS
RESULT=$(echo $AUDIT_VALUE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}')
does_valid_pattern_exist_in_file $FILE "$RESULT"
@ -42,6 +47,7 @@ audit () {
else
ok "$RESULT is present in $FILE"
fi
fi
done
IFS=$d_IFS
fi
@ -55,6 +61,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
RESULT=$(echo $AUDIT_VALUE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}')
does_valid_pattern_exist_in_file $FILE "$RESULT"
if [ $FNRET != 0 ]; then
@ -64,6 +75,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
fi
}

12
bin/hardening/8.1.33_record_iptables_restore_exec.sh
View File

@ -27,6 +27,11 @@ audit () {
IFS=$c_IFS
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
IFS=$d_IFS
RESULT=$(echo $AUDIT_VALUE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}')
does_valid_pattern_exist_in_file $FILE "$RESULT"
@ -36,6 +41,7 @@ audit () {
else
ok "$RESULT is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -45,6 +51,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
RESULT=$(echo $AUDIT_VALUE | awk -F"-F" '{print $2}' | awk -F"=" '{print $2}')
does_valid_pattern_exist_in_file $FILE "$RESULT"
if [ $FNRET != 0 ]; then
@ -54,6 +65,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
}

12
bin/hardening/8.1.4_record_date_time_edit.sh
View File

@ -39,12 +39,18 @@ audit () {
fi
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE ""$AUDIT_VALUE""
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -55,6 +61,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE ""$AUDIT_VALUE""
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
@ -63,6 +74,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}

12
bin/hardening/8.1.5_record_user_group_edit.sh
View File

@ -27,12 +27,18 @@ audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -43,6 +49,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
@ -51,6 +62,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}

12
bin/hardening/8.1.6_record_network_edit.sh
View File

@ -40,12 +40,18 @@ audit () {
fi
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -56,6 +62,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
@ -64,6 +75,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}

12
bin/hardening/8.1.7_record_mac_edit.sh
View File

@ -46,12 +46,18 @@ audit () {
fi
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -78,6 +84,11 @@ apply () {
fi
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
@ -86,6 +97,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}

12
bin/hardening/8.1.8_record_login_logout.sh
View File

@ -32,12 +32,18 @@ audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -51,6 +57,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
@ -59,6 +70,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}

12
bin/hardening/8.1.9_record_session_init.sh
View File

@ -31,12 +31,18 @@ audit () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
crit "$AUDIT_VALUE is not in file $FILE"
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}
@ -50,6 +56,11 @@ apply () {
IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do
debug "$AUDIT_VALUE should be in file $FILE"
check_audit_path $AUDIT_VALUE
if [ $FNRET -eq 1 ];then
warn "path is not exsit! Please check file path is exist!"
continue
else
does_pattern_exist_in_file $FILE "$AUDIT_VALUE"
if [ $FNRET != 0 ]; then
warn "$AUDIT_VALUE is not in file $FILE, adding it"
@ -58,6 +69,7 @@ apply () {
else
ok "$AUDIT_VALUE is present in $FILE"
fi
fi
done
IFS=$d_IFS
}