2014-08-26 17:33:55 +02:00
#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
2016-03-13 16:00:39 +01:00
# Copyright 2007-2013, Michael Boelen
2020-03-20 14:50:25 +01:00
# Copyright 2007-2020, CISOfy
2016-03-13 16:00:39 +01:00
#
# Website : https://cisofy.com
# Blog : http://linux-audit.com
# GitHub : https://github.com/CISOfy/lynis
2014-08-26 17:33:55 +02:00
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
2017-08-17 14:20:54 +02:00
ANSIBLE_ARTIFACT_FOUND=0
2014-08-26 17:33:55 +02:00
AUTOMATION_TOOL_FOUND=0
2014-09-18 11:04:22 +02:00
AUTOMATION_TOOL_RUNNING=""
2015-09-08 16:02:41 +02:00
CFENGINE_AGENT_FOUND=0
CFENGINE_SERVER_RUNNING=0
2014-08-26 17:33:55 +02:00
BACKUP_AGENT_FOUND=0
2014-09-18 11:04:22 +02:00
PUPPET_MASTER_RUNNING=0
2014-12-05 12:41:33 +01:00
SALT_MASTER_RUNNING=0
SALT_MINION_RUNNING=0
2018-10-23 12:58:40 +02:00
IDS_IPS_TOOL_FOUND=0
2016-04-13 08:12:26 +02:00
FAIL2BAN_FOUND=0
FAIL2BAN_EMAIL=0
FAIL2BAN_SILENT=0
2016-07-30 12:06:30 +02:00
PERFORM_FAIL2BAN_TESTS=0
2017-04-30 17:59:35 +02:00
SNORT_FOUND=0
SNORT_RUNNING=0
2014-08-26 17:33:55 +02:00
#
#################################################################################
#
InsertSection "Software: System tooling"
#
#################################################################################
#
# Automation
#
#################################################################################
#
# Test : TOOL-5002
# Description : Check if automation tools are found
2016-07-24 17:22:00 +02:00
Register --test-no TOOL-5002 --weight L --network NO --category security --description "Checking for automation tools"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2014-09-15 12:01:09 +02:00
Display --indent 2 --text "- Checking automation tooling"
2014-08-26 17:33:55 +02:00
2017-08-17 14:20:54 +02:00
# Ansible
2017-08-17 20:06:41 +02:00
FOUND=0
2019-09-17 14:04:30 +02:00
LIST="${HOME}/.ansible ${ROOTDIR}etc/ansible ${ROOTDIR}root/.ansible ${ROOTDIR}tmp/.ansible"
2017-08-17 20:10:51 +02:00
for ITEM in ${LIST}; do if DirectoryExists ${ITEM}; then FOUND=1; break; fi; done
# Test for files (only if no match was found)
if [ ${FOUND} -eq 0 ]; then
LIST="${ROOTDIR}var/log/ansible.log ~/.ansible-retry"
for ITEM in ${LIST}; do if FileExists ${ITEM}; then FOUND=1; break; fi; done
fi
2017-08-17 14:20:54 +02:00
2017-08-17 20:06:41 +02:00
if [ ${FOUND} -eq 1 ]; then
LogText "Result: found a possible trace of Ansible"
AUTOMATION_TOOL_FOUND=1
ANSIBLE_ARTIFACT_FOUND=1
Report "automation_tool_running[]=ansible"
Display --indent 4 --text "- Ansible artifact" --result "${STATUS_FOUND}" --color GREEN
fi
2017-08-17 14:20:54 +02:00
2014-08-26 17:33:55 +02:00
# Cfengine
2019-07-16 13:20:30 +02:00
if [ -n "${CFAGENTBINARY}" ]; then
2015-12-21 21:17:15 +01:00
LogText "Result: CFEngine (cfagent) is installed (${CFAGENTBINARY})"
2014-08-26 17:33:55 +02:00
AUTOMATION_TOOL_FOUND=1
2015-09-08 16:02:41 +02:00
CFENGINE_AGENT_FOUND=1
2015-12-21 21:17:15 +01:00
Report "automation_tool_running[]=cf-agent"
2017-08-17 14:20:54 +02:00
Display --indent 4 --text "- Cfengine (cfagent)" --result "${STATUS_FOUND}" --color GREEN
2014-08-26 17:33:55 +02:00
fi
2016-09-26 10:34:38 +02:00
OTHER_CFENGINE_LOCATIONS="/var/cfengine/bin /var/rudder/cfengine-community/bin"
2015-09-08 16:02:41 +02:00
for I in ${OTHER_CFENGINE_LOCATIONS}; do
2015-09-08 14:19:11 +02:00
if [ -d ${I} ]; then
2015-09-08 16:02:41 +02:00
if [ -f ${I}/cf-agent ]; then
2015-12-21 21:17:15 +01:00
LogText "Result: found CFEngine agent (cf-agent) in ${I}"
2015-09-08 16:02:41 +02:00
AUTOMATION_TOOL_FOUND=1
CFENGINE_AGENT_FOUND=1
2015-12-21 21:17:15 +01:00
Report "automation_tool_running[]=cf-agent"
2017-08-17 14:20:54 +02:00
Display --indent 4 --text "- CFEngine (cf-agent)" --result "${STATUS_FOUND}" --color GREEN
2015-09-08 16:02:41 +02:00
fi
2017-10-29 10:52:42 +01:00
if IsRunning "cf-server"; then
2015-12-21 21:17:15 +01:00
LogText "Result: found CFEngine server"
2015-09-08 16:02:41 +02:00
AUTOMATION_TOOL_FOUND=1
CFENGINE_SERVER_RUNNING=1
2015-12-21 21:17:15 +01:00
Report "automation_tool_running[]=cf-server"
2017-08-17 14:20:54 +02:00
Display --indent 4 --text "- CFEngine (cf-server)" --result "${STATUS_FOUND}" --color GREEN
2015-09-08 16:02:41 +02:00
fi
2015-09-08 14:19:11 +02:00
fi
done
2014-08-26 17:33:55 +02:00
2015-09-08 16:02:41 +02:00
# Chef
2015-05-25 17:20:58 +02:00
CHEF_LOCATIONS="/opt/chef/bin /opt/chef-server/sv /opt/chefdk/bin"
for I in ${CHEF_LOCATIONS}; do
if [ -d ${I} ]; then
if [ -f ${I}/chef-client ]; then
CHEFCLIENTBINARY="${I}/chef-client"
AUTOMATION_TOOL_FOUND=1
2015-12-21 21:17:15 +01:00
Report "automation_tool_running[]=chef-client"
2017-08-17 14:20:54 +02:00
Display --indent 4 --text "- Chef client (chef-client)" --result "${STATUS_FOUND}" --color GREEN
2015-12-21 21:17:15 +01:00
LogText "Result: found chef-client (chef client daemon) in ${I}"
2015-05-25 17:20:58 +02:00
fi
if [ -f ${I}/erchef ]; then
CHEFSERVERBINARY="${I}/erchef"
2015-12-21 21:17:15 +01:00
LogText "Result: Chef Server (erchef) is installed (${CHEFSERVERBINARY})"
2015-05-25 17:20:58 +02:00
AUTOMATION_TOOL_FOUND=1
2015-12-21 21:17:15 +01:00
Report "automation_tool_running[]=chef-server"
2017-08-17 14:20:54 +02:00
Display --indent 4 --text "- Chef Server (erchef)" --result "${STATUS_FOUND}" --color GREEN
2015-12-21 21:17:15 +01:00
LogText "Result: found erchef (chef server daemon) in ${I}"
2015-05-25 17:20:58 +02:00
fi
fi
done
2014-08-26 17:33:55 +02:00
# Puppet
2017-03-27 12:21:42 +02:00
# Check for Puppet installation provided by Puppetlabs package
if [ -z "${PUPPETBINARY}" ]; then
if [ -f ${ROOTDIR}opt/puppetlabs/puppet/bin/puppet ]; then
PUPPETBINARY="${ROOTDIR}opt/puppetlabs/puppet/bin/puppet"
fi
fi
2019-07-16 13:20:30 +02:00
if [ -n "${PUPPETBINARY}" ]; then
2015-12-21 21:17:15 +01:00
LogText "Result: Puppet is installed (${PUPPETBINARY})"
2014-08-26 17:33:55 +02:00
AUTOMATION_TOOL_FOUND=1
2015-12-21 21:17:15 +01:00
Report "automation_tool_running[]=puppet-agent"
2017-08-17 14:20:54 +02:00
Display --indent 4 --text "- Puppet (agent)" --result "${STATUS_FOUND}" --color GREEN
2014-08-26 17:33:55 +02:00
fi
2017-03-27 12:21:42 +02:00
2017-10-29 10:52:42 +01:00
if IsRunning --full "puppet master"; then
2015-12-21 21:17:15 +01:00
LogText "Result: found puppet master"
2017-03-27 12:21:42 +02:00
AUTOMATION_TOOL_FOUND=1
2014-08-26 17:33:55 +02:00
PUPPET_MASTER_RUNNING=1
2015-12-21 21:17:15 +01:00
Report "automation_tool_running[]=puppet-master"
2017-08-17 14:20:54 +02:00
Display --indent 4 --text "- Puppet (master)" --result "${STATUS_FOUND}" --color GREEN
2014-08-26 17:33:55 +02:00
fi
2014-09-18 11:04:22 +02:00
# SaltStack
2019-07-16 13:20:30 +02:00
if [ -n "${SALTMINIONBINARY}" ]; then
2019-07-16 19:10:04 +02:00
Display --indent 4 --text "- SaltStack minion" --result "${STATUS_FOUND}" --color GREEN
2015-12-21 21:17:15 +01:00
LogText "Result: SaltStack (salt-minion) is installed (${SALTMINIONBINARY})"
2014-09-18 11:04:22 +02:00
AUTOMATION_TOOL_FOUND=1
2019-07-16 19:10:04 +02:00
Report "automation_tool_installed[]=saltstack-minion"
if IsRunning "salt-minion" --user "root salt"; then
Display --indent 6 --text "- Minion process" --result "${STATUS_RUNNING}" --color GREEN
LogText "Result: found SaltStack (master)"
SALT_MINION_RUNNING=1
Report "automation_tool_running[]=saltstack-minion"
else
Display --indent 6 --text "- Minion process" --result "${STATUS_NOT_RUNNING}" --color YELLOW
fi
2014-09-18 11:04:22 +02:00
fi
2019-07-16 19:10:04 +02:00
2019-07-16 13:20:30 +02:00
if [ -n "${SALTMASTERBINARY}" ]; then
2019-07-16 19:10:04 +02:00
Display --indent 4 --text "- SaltStack master (salt-master)" --result "${STATUS_FOUND}" --color GREEN
2015-12-21 21:17:15 +01:00
LogText "Result: SaltStack (salt-master) is installed (${SALTMASTERBINARY})"
2014-09-18 11:04:22 +02:00
AUTOMATION_TOOL_FOUND=1
2019-07-16 19:10:04 +02:00
Report "automation_tool_installed[]=saltstack-master"
if IsRunning "salt-master" --user "root salt"; then
Display --indent 6 --text "- Master process" --result "${STATUS_RUNNING}" --color GREEN
2015-12-21 21:17:15 +01:00
LogText "Result: found SaltStack (master)"
2015-09-08 16:02:41 +02:00
SALT_MASTER_RUNNING=1
2015-12-21 21:17:15 +01:00
Report "automation_tool_running[]=saltstack-master"
2019-07-16 19:10:04 +02:00
else
Display --indent 6 --text "- Master process" --result "${STATUS_NOT_RUNNING}" --color YELLOW
2015-09-08 16:02:41 +02:00
fi
2014-09-18 11:04:22 +02:00
fi
2014-08-26 17:33:55 +02:00
if [ ${AUTOMATION_TOOL_FOUND} -eq 1 ]; then
2016-06-18 11:14:01 +02:00
Display --indent 2 --text "- Automation tooling" --result "${STATUS_FOUND}" --color GREEN
2017-04-23 20:06:54 +02:00
else
2016-06-18 11:14:01 +02:00
Display --indent 2 --text "- Automation tooling" --result "${STATUS_NOT_FOUND}" --color YELLOW
2019-12-18 12:17:46 +01:00
ReportSuggestion "${TEST_NO}" "Determine if automation tools are present for system management"
2014-08-26 17:33:55 +02:00
fi
fi
2016-04-13 08:12:26 +02:00
#
#################################################################################
#
2017-04-30 17:59:35 +02:00
# Intrusion Detection and Prevention tools
2016-04-13 08:12:26 +02:00
#
#################################################################################
#
2016-04-15 14:51:53 +02:00
# Test : TOOL-5102
# Description : Check for Fail2ban
2016-07-24 17:22:00 +02:00
Register --test-no TOOL-5102 --weight L --network NO --category security --description "Check for presence of Fail2ban"
2016-04-13 08:12:26 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2016-04-15 14:51:53 +02:00
# Fail2ban presence
2019-07-16 13:20:30 +02:00
if [ -n "${FAIL2BANBINARY}" ]; then
2016-04-13 08:12:26 +02:00
FAIL2BAN_FOUND=1
2016-04-28 09:15:54 +02:00
IDS_IPS_TOOL_FOUND=1
LogText "Result: Fail2ban is installed (${FAIL2BANBINARY})"
Report "ids_ips_tooling[]=fail2ban"
2016-06-18 11:14:01 +02:00
Display --indent 2 --text "- Checking presence of Fail2ban" --result "${STATUS_FOUND}" --color GREEN
2017-04-23 20:06:54 +02:00
else
2016-04-15 14:51:53 +02:00
LogText "Result: Fail2ban not present (fail2ban-server not found)"
2016-04-13 08:12:26 +02:00
fi
2016-04-15 14:51:53 +02:00
# Fail2ban configuration
LogText "Checking Fail2ban configuration file"
if [ -f /etc/fail2ban/jail.local ]; then
FAIL2BAN_CONFIG="/etc/fail2ban/jail.local"
elif [ -f /etc/fail2ban/jail.conf ]; then
FAIL2BAN_CONFIG="/etc/fail2ban/jail.conf"
else
FAIL2BAN_CONFIG=""
fi
2016-04-13 08:12:26 +02:00
2016-04-15 14:51:53 +02:00
# Continue if tooling is available and configuration file found
2019-07-16 13:20:30 +02:00
if [ ${FAIL2BAN_FOUND} -eq 1 -a -n "${FAIL2BAN_CONFIG}" ]; then
2016-07-30 12:06:30 +02:00
Report "fail2ban_config=${FAIL2BAN_CONFIG}"
A bunch of Solaris compatibility tweaks (#367)
* Work around Solaris' /bin/sh not being POSIX.
If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be. Exec it right away.
* Work around Solaris 'which' command oddity.
Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.
This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.
Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.
* Improved alternate-sh exec to avoid looping.
* Solaris' /usr/ucb/echo supports -n.
* Check for the best hash type that openssl supports.
When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.
* Solaris does not support sed -i; use a tempfile.
* Use the full path for modinfo.
When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.
* Solaris find does not support -maxdepth.
This mirrors the logic already in tests_homedirs.
* Use PSBINARY instead of ps.
* Work around Solaris' date not supporting +%s.
Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds. A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.
* Revert to using sha1 for HOSTID.
* Whitespace cleanup for openssl hash tests.
2017-03-08 17:24:24 +01:00
FAIL2BANCLIENT=$(which fail2ban-client 2> /dev/null | grep -v "no [^ ]* in ")
2019-07-16 13:20:30 +02:00
if [ -n "${FAIL2BANCLIENT}" ]; then PERFORM_FAIL2BAN_TESTS=1; fi
2016-07-30 12:06:30 +02:00
fi
fi
#
#################################################################################
#
# Test : TOOL-5104
# Description : Check for Fail2ban enabled tests
if [ ${PERFORM_FAIL2BAN_TESTS} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no TOOL-5104 --weight L --network NO --preqs-met ${PREQS_MET} --category security --description "Enabled tests in Fail2ban"
if [ ${SKIPTEST} -eq 0 ]; then
2016-09-08 21:04:17 +02:00
FIND=$(${FAIL2BANCLIENT} -d | ${TRBINARY} -d '[]' | ${TRBINARY} -d "'" | ${AWKBINARY} -F, '{ if ($1=="add") { print $2 }}' | ${TRBINARY} -d ' ')
2019-07-16 13:20:30 +02:00
if [ -n "${FIND}" ]; then
2016-07-30 12:06:30 +02:00
for F2BSERVICE in ${FIND}; do
LogText "Result: service '${F2BSERVICE}' enabled"
Report "fail2ban_enabled_service[]=${F2BSERVICE}"
done
LogText "Result: found at least one enabled jail"
Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_ENABLED}" --color GREEN
AddHP 3 3
else
LogText "Result: Fail2ban installed but completely disabled"
Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_DISABLED}" --color RED
AddHP 0 5
ReportWarning "${TEST_NO}" "All jails in Fail2ban are disabled" "${FAIL2BAN_CONFIG}"
2016-04-13 08:12:26 +02:00
fi
fi
2016-04-15 14:51:53 +02:00
#
#################################################################################
2016-07-30 12:06:30 +02:00
#
# These tests are temporarily disabled to split them up in different areas to check
#
# LogText "Result: found configuration file (${FAIL2BAN_CONFIG})"
#
# # Check email alert configuration
# LogText "Test: checking for email actions within ${FAIL2BAN_CONFIG}"
#
2017-03-06 08:41:21 +01:00
# FIND=$(${EGREPBINARY} "^action = \%\(action_m.*\)s" ${FAIL2BAN_CONFIG})
# FIND2=$(${EGREPBINARY} "^action = \%\(action_\)s" ${FAIL2BAN_CONFIG})
2016-07-30 12:06:30 +02:00
#
2019-07-16 13:20:30 +02:00
# if [ -n "${FIND}" ]; then
2016-07-30 12:06:30 +02:00
# FAIL2BAN_EMAIL=1
# LogText "Result: found at least one jail which sends an email alert"
# fi
#
2019-07-16 13:20:30 +02:00
# if [ -n "${FIND2}" ]; then
2016-07-30 12:06:30 +02:00
# FAIL2BAN_SILENT=1
# LogText "Result: found at least one jail which does NOT send an email alert"
# fi
#
# if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
# LogText "No registered actions found in ${FAIL2BAN_CONFIG}"
# Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color RED
# ReportWarning "${TEST_NO}" "${FAIL2BAN_CONFIG}" "There are no actions configured for Fail2ban."
# AddHP 0 3
# fi
#
# if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
# LogText "All actions in ${FAIL2BAN_CONFIG} are configured to send email alerts"
# Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_OK}" --color GREEN
# AddHP 3 3
# fi
#
# if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
# LogText "Some actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
# Display --indent 4 --text "- Checking Fail2ban actions" --result PARTIAL --color YELLOW
# ReportSuggestion "${TEST_NO}" "Some Fail2ban jails are configured with non-notified actions. Consider changing these to emailed alerts."
# AddHP 2 3
# fi
#
# if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
# LogText "None of the actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
# Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color YELLOW
# ReportSuggestion "${TEST_NO}" "None of the Fail2ban jails are configured to send email notifications. Consider changing these to emailed alerts."
# AddHP 1 3
# fi
#
# # Check at least one enabled jail
# LogText "Checking for enabled jails within ${FAIL2BAN_CONFIG}"
#
#
#
# # Confirm at least one iptables chain for fail2ban
#
# LogText "Checking for fail2ban iptables chains"
#
2019-07-16 13:20:30 +02:00
# if [ -n "${IPTABLESBINARY}" ]; then
2017-03-06 08:41:21 +01:00
# CHECK_CHAINS=$(${IPTABLESBINARY} -L 2>&1 | ${GREPBINARY} fail2ban)
2019-07-16 13:20:30 +02:00
# if [ -n "${CHECK_CHAINS}" ]; then
2016-07-30 12:06:30 +02:00
# LogText "Result: found at least one iptables chain for fail2ban"
# Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_OK}" --color GREEN
2017-04-30 17:59:35 +02:00
# else
2016-07-30 12:06:30 +02:00
# LogText "Result: Fail2ban installed but iptables chain not present - fail2ban will not work"
# Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED
# AddHP 0 3
# ReportSuggestion "${TEST_NO}" "Check config to see why iptables does not have a fail2ban chain" "${FAIL2BAN_CONFIG}"
# fi
# else
# Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED
# ReportSuggestion "${TEST_NO}" "iptables doesn't seem to be installed; Fail2ban will not work. Remove Fail2ban or install iptables" "${FAIL2BAN_CONFIG}"
# fi
# fi
# fi
#
#################################################################################
2017-04-30 17:59:35 +02:00
#
# Test : TOOL-5120
# Description : Check for Snort
Register --test-no TOOL-5120 --weight L --network NO --category security --description "Check for presence of Snort"
if [ ${SKIPTEST} -eq 0 ]; then
# Snort presence
if [ -n "${SNORTBINARY}" ]; then
SNORT_FOUND=1
IDS_IPS_TOOL_FOUND=1
LogText "Result: Snort is installed (${SNORTBINARY})"
Report "ids_ips_tooling[]=snort"
Display --indent 2 --text "- Checking presence of Snort" --result "${STATUS_FOUND}" --color GREEN
fi
2017-10-29 10:52:42 +01:00
if IsRunning "snort"; then
2017-04-30 17:59:35 +02:00
SNORT_FOUND=1
SNORT_RUNNING=1
SNORT_LOG=$(${PSBINARY} | ${AWKBINARY} -F-.. '/snort/ {print $4}' | ${HEADBINARY} -1)
else
LogText "Result: Snort not present (Snort not running)"
fi
fi
#
#################################################################################
#
# Test : TOOL-5122
# Description : Check for Snort configuration
Register --test-no TOOL-5122 --weight L --network NO --category security --description "Check Snort configuration file"
if [ ${SKIPTEST} -eq 0 ]; then
# Continue if tooling is available and snort is running
2019-09-17 14:04:30 +02:00
if [ -n "${SNORT_FOUND}" ] || [ -n "${SNORT_RUNNING}" ]; then
2017-04-30 17:59:35 +02:00
if [ ${SNORT_FOUND} -eq 1 ] && [ ${SNORT_RUNNING} -eq 1 ]; then
SNORT_CONFIG=$(${PSBINARY} | ${AWKBINARY} -F-.. '/snort/ {print $3}' | ${HEADBINARY} -1)
if HasData "${SNORT_CONFIG}"; then
LogText "Result: found Snort configuration file: ${SNORT_CONFIG}"
Report "snort_config=${SNORT_CONFIG}"
fi
SNORT=$(which snort 2> /dev/null)
fi
fi
fi
#
#################################################################################
2018-10-23 12:58:22 +02:00
#
# Test : TOOL-5160
# Description : Check for OSSEC
2019-08-28 15:36:59 +02:00
Register --test-no TOOL-5126 --weight L --network NO --category security --description "Check for active OSSEC daemon"
2018-10-23 12:58:22 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2019-08-28 15:36:59 +02:00
# Server side
2018-10-23 12:58:22 +02:00
if IsRunning "ossec-analysisd"; then
IDS_IPS_TOOL_FOUND=1
Report "ids_ips_tooling[]=ossec"
2019-08-28 15:36:59 +02:00
Report "ids_ips_tooling[]=ossec-analysisd"
LogText "Result: OSSEC analysis daemon is active"
Display --indent 2 --text "- Checking presence of OSSEC (analysis)" --result "${STATUS_FOUND}" --color GREEN
2018-10-23 12:58:22 +02:00
else
LogText "Result: OSSEC analysis daemon not active"
fi
2019-08-28 15:36:59 +02:00
# Client side
if IsRunning "ossec-agentd"; then
IDS_IPS_TOOL_FOUND=1
Report "ids_ips_tooling[]=ossec"
Report "ids_ips_tooling[]=ossec-agentd"
LogText "Result: OSSEC agent daemon is active"
Display --indent 2 --text "- Checking presence of OSSEC (agent)" --result "${STATUS_FOUND}" --color GREEN
else
LogText "Result: OSSEC agent daemon not active"
fi
2018-10-23 12:58:22 +02:00
fi
#
#################################################################################
2016-04-15 14:51:53 +02:00
#
# Test : TOOL-5190
2016-04-15 20:07:20 +02:00
# Description : Check for an IDS/IPS tool
2016-07-30 12:06:30 +02:00
Register --test-no TOOL-5190 --weight L --network NO --category security --description "Check presence of IDS/IPS tool"
2016-04-13 08:12:26 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2016-04-15 20:07:20 +02:00
if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then
2016-07-30 12:06:30 +02:00
Display --indent 2 --text "- Checking for IDS/IPS tooling" --result "${STATUS_FOUND}" --color GREEN
2016-04-13 08:12:26 +02:00
AddHP 2 2
2017-04-23 20:06:54 +02:00
else
2016-07-30 12:06:30 +02:00
Display --indent 2 --text "- Checking for IDS/IPS tooling" --result "${STATUS_NONE}" --color YELLOW
2019-12-18 12:17:46 +01:00
#ReportSuggestion "${TEST_NO}" "Install and configure automated intrusion detection/prevention tools"
2016-04-13 08:12:26 +02:00
AddHP 0 2
fi
fi
2014-08-26 17:33:55 +02:00
#
#################################################################################
#
# Backup tools
#
#################################################################################
2014-09-18 11:04:22 +02:00
#
# Netvault
# Rsync in cron
#
#################################################################################
2014-08-26 17:33:55 +02:00
#
2015-12-21 21:17:15 +01:00
Report "automation_tool_present=${AUTOMATION_TOOL_FOUND}"
2014-12-05 12:41:33 +01:00
2016-04-28 12:31:57 +02:00
WaitForKeyPress
2014-08-26 17:33:55 +02:00
#
#================================================================================
2016-03-13 16:03:46 +01:00
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com