tyler.durden/harbian-audit
1
0
Fork 0
mirror of https://github.com/hardenedlinux/harbian-audit.git synced 2025-07-01 10:54:59 +02:00
Code Issues Packages Projects Releases Wiki Activity

modify 8.1.1.1~8.1.9 to be compatible with CentOS.

Browse Source
This commit is contained in:
Samson-W 2019-08-11 03:20:55 +08:00
parent 8c9e91dab3
commit ff38211d6e
18 changed files with 52 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/hardening/8.1.1.1_audit_log_storage.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.1.2_halt_when_audit_log_full.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.1.3_keep_all_audit_logs.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.1.4_set_failure_mode.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 9 Hardening # harbian audit 9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.1.5_ensure_set_remote_server.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 9 Hardening # harbian audit 9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.1.6_ensure_set_encrypt_for_audit_remote.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 9 Hardening # harbian audit 9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.1.7_ensure_set_action_for_audit_storage_full.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 9 Hardening # harbian audit 9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.1.8_ensure_set_action_for_net_fail.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 9 Hardening # harbian audit 9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.1.9_set_space_left_audit.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 9 Hardening # harbian audit 9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.11_record_failed_access_file.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# #
# #

18
bin/hardening/8.1.2_enable_auditd.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# #
# #
@ -15,10 +15,14 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=4 HARDENING_LEVEL=4
PACKAGE='auditd' PACKAGE='auditd'
PACKAGE_REDHAT='auditd'
SERVICE_NAME='auditd' SERVICE_NAME='auditd'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
if [ $OS_RELEASE -eq 2 ]; then
PACKAGE=$PACKAGE_REDHAT
fi
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET != 0 ]; then if [ $FNRET != 0 ]; then
crit "$PACKAGE is not installed!" crit "$PACKAGE is not installed!"
@ -35,21 +39,29 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
if [ $OS_RELEASE -eq 2 ]; then
PACKAGE=$PACKAGE_REDHAT
fi
is_pkg_installed $PACKAGE is_pkg_installed $PACKAGE
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$PACKAGE is installed" ok "$PACKAGE is installed"
else else
warn "$PACKAGE is absent, installing it" warn "$PACKAGE is absent, installing it"
if [ $OS_RELEASE -eq 2 ]; then
yum install -y $PACKAGE
else
apt_install $PACKAGE apt_install $PACKAGE
fi fi
fi
is_service_enabled $SERVICE_NAME is_service_enabled $SERVICE_NAME
if [ $FNRET = 0 ]; then if [ $FNRET = 0 ]; then
ok "$SERVICE_NAME is enabled" ok "$SERVICE_NAME is enabled"
else else
warn "$SERVICE_NAME is not enabled, enabling it" warn "$SERVICE_NAME is not enabled, enabling it"
is_debian_9 is_debian_9
if [ $FNRET = 0 ]; then if [ $FNRET = 0 -o $OS_RELEASE -eq 2 ]; then
systemctl enable auditd systemctl enable $SERVICE_NAME
systemctl start $SERVICE_NAME
else else
update-rc.d $SERVICE_NAME remove > /dev/null 2>&1 update-rc.d $SERVICE_NAME remove > /dev/null 2>&1
update-rc.d $SERVICE_NAME defaults > /dev/null 2>&1 update-rc.d $SERVICE_NAME defaults > /dev/null 2>&1

1
bin/hardening/8.1.3_audit_bootloader.sh
View File

@ -9,6 +9,7 @@
# #
# 8.1.3 Enable Auditing for Processes That Start Prior to auditd (Scored) # 8.1.3 Enable Auditing for Processes That Start Prior to auditd (Scored)
# #
# todo test for centos
set -e # One error, it's over set -e # One error, it's over
set -u # One variable unset, it's over set -u # One variable unset, it's over

2
bin/hardening/8.1.4_record_date_time_edit.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.5_record_user_group_edit.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# #
# #

2
bin/hardening/8.1.6_record_network_edit.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# #
# #

1
bin/hardening/8.1.7_record_mac_edit.sh
View File

@ -8,6 +8,7 @@
# 8.1.7 Record Events That Modify the System's Mandatory Access Controls (Scored) # 8.1.7 Record Events That Modify the System's Mandatory Access Controls (Scored)
# Modify by: Samson-W (sccxboy@gmail.com) # Modify by: Samson-W (sccxboy@gmail.com)
# #
# todo test for centos
set -e # One error, it's over set -e # One error, it's over
set -u # One variable unset, it's over set -u # One variable unset, it's over

12
bin/hardening/8.1.8_record_login_logout.sh
View File

@ -1,9 +1,11 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# Modify by: Samson-W (samson@hardenedlinux.org)
# #
# #
# 8.1.8 Collect Login and Logout Events (Scored) # 8.1.8 Collect Login and Logout Events (Scored)
# #
@ -16,10 +18,15 @@ HARDENING_LEVEL=4
AUDIT_PARAMS='-w /var/log/faillog -p wa -k logins AUDIT_PARAMS='-w /var/log/faillog -p wa -k logins
-w /var/log/lastlog -p wa -k logins -w /var/log/lastlog -p wa -k logins
-w /var/log/tallylog -p wa -k logins' -w /var/log/tallylog -p wa -k logins'
AUDIT_PARAMS_REDHAT='-w /var/log/lastlog -p wa -k logins
-w /var/log/tallylog -p wa -k logins'
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_REDHAT
fi
# define custom IFS and save default one # define custom IFS and save default one
d_IFS=$IFS d_IFS=$IFS
IFS=$'\n' IFS=$'\n'
@ -37,6 +44,9 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_REDHAT
fi
d_IFS=$IFS d_IFS=$IFS
IFS=$'\n' IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do

11
bin/hardening/8.1.9_record_session_init.sh
View File

@ -1,7 +1,8 @@
#!/bin/bash #!/bin/bash
# #
# harbian audit 7/8/9 Hardening # harbian audit 7/8/9/10 or CentOS Hardening
# Modify by: Samson-W (samson@hardenedlinux.org)
# #
# #
@ -16,10 +17,15 @@ HARDENING_LEVEL=4
AUDIT_PARAMS='-w /var/run/utmp -p wa -k session AUDIT_PARAMS='-w /var/run/utmp -p wa -k session
-w /var/log/wtmp -p wa -k session -w /var/log/wtmp -p wa -k session
-w /var/log/btmp -p wa -k session' -w /var/log/btmp -p wa -k session'
AUDIT_PARAMS_REDHAT='-w /var/log/wtmp -p wa -k session
-w /var/log/btmp -p wa -k session'
FILE='/etc/audit/rules.d/audit.rules' FILE='/etc/audit/rules.d/audit.rules'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit () { audit () {
if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_REDHAT
fi
# define custom IFS and save default one # define custom IFS and save default one
d_IFS=$IFS d_IFS=$IFS
IFS=$'\n' IFS=$'\n'
@ -37,6 +43,9 @@ audit () {
# This function will be called if the script status is on enabled mode # This function will be called if the script status is on enabled mode
apply () { apply () {
if [ $OS_RELEASE -eq 2 ]; then
AUDIT_PARAMS=$AUDIT_PARAMS_REDHAT
fi
d_IFS=$IFS d_IFS=$IFS
IFS=$'\n' IFS=$'\n'
for AUDIT_VALUE in $AUDIT_PARAMS; do for AUDIT_VALUE in $AUDIT_PARAMS; do