Added solution, extended timestamps key values, allow multiple values

2018-01-11 10:19:16 +01:00 · 2018-01-11 10:19:16 +01:00 · 1504370e41
parent 66f8cb2441
commit 1504370e41
2 changed files with 28 additions and 18 deletions
--- a/default.prf
+++ b/default.prf
@ -253,7 +253,7 @@ config-data=sysctl;net.ipv4.icmp_echo_ignore_broadcasts;1;1;Ignore ICMP packets
 config-data=sysctl;net.ipv4.icmp_ignore_bogus_error_responses;1;1;Ignore-;category:security;
 #config-data=sysctl;net.ipv4.ip_forward;0;1;Do not forward traffic;-;category:security;
 config-data=sysctl;net.ipv4.tcp_syncookies;1;1;Use SYN cookies to prevent SYN attack;-;category:security;
-config-data=sysctl;net.ipv4.tcp_timestamps;0;1;Do not use TCP time stamps;-;category:security;
+config-data=sysctl;net.ipv4.tcp_timestamps;0|1;1;Disable TCP time stamps or enable them with different offsets;-;category:security;
 config-data=sysctl;net.ipv6.conf.all.send_redirects;0;1;Disable/ignore ICMP routing redirects;-;category:security;
 config-data=sysctl;net.ipv6.conf.all.accept_redirects;0;1;Disable/Ignore ICMP routing redirects;-;category:security;
 config-data=sysctl;net.ipv6.conf.all.accept_source_route;0;1;Disable IP source routing;-;category:security;
--- a/include/tests_kernel_hardening
+++ b/include/tests_kernel_hardening
@ -71,32 +71,42 @@

        for I in ${DATA_TO_SCAN}; do
            tFINDkey=$(echo ${I} | ${AWKBINARY} -F\; '{ print $2 }')
-            tFINDexpvalue=$(echo ${I} | ${AWKBINARY} -F\; '{ print $3 }')
-            tFINDhp=$(echo ${I} | ${AWKBINARY} -F\; '{ print $4 }' | ${GREPBINARY} "[0-9]")
-            tFINDdesc=$(echo ${I} | ${AWKBINARY} -F\; '{ print $5 }' | ${SEDBINARY} 's/-space-/ /g')
-            tFINDcurvalue=$(${SYSCTL_READKEY} ${tFINDkey} 2> /dev/null)
-            if [ ! "${tFINDcurvalue}" = "" ]; then
-                if [ "${tFINDexpvalue}" = "${tFINDcurvalue}" ]; then
-                    LogText "Result: sysctl key ${tFINDkey} contains equal expected and current value (${tFINDexpvalue})"
-                    Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result "${STATUS_OK}" --color GREEN
-                    AddHP ${tFINDhp} ${tFINDhp}
+            if ! SkipAtomicTest "${TEST_NO}:${tFINDkey}"; then
+                tFINDexpvalue=$(echo ${I} | ${AWKBINARY} -F\; '{ print $3 }' | ${TRBINARY} '|' ' ')
+                tFINDhp=$(echo ${I} | ${AWKBINARY} -F\; '{ print $4 }' | ${GREPBINARY} "[0-9]")
+                tFINDdesc=$(echo ${I} | ${AWKBINARY} -F\; '{ print $5 }' | ${SEDBINARY} 's/-space-/ /g')
+                tFINDcurvalue=$(${SYSCTL_READKEY} ${tFINDkey} 2> /dev/null)
+                if [ ! -z "${tFINDcurvalue}" ]; then
+                    positive_match=0
+                    for value in ${tFINDexpvalue}; do
+                        if [ "${value}" = "${tFINDcurvalue}" ]; then
+                            positive_match=1
+                        fi
+                    done
+                    if [ ${positive_match} -eq 1 ]; then
+                        LogText "Result: sysctl key ${tFINDkey} contains equal expected and current value (${tFINDexpvalue})"
+                        Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result "${STATUS_OK}" --color GREEN
+                        AddHP ${tFINDhp} ${tFINDhp}
+                    else
+                        LogText "Result: sysctl key ${tFINDkey} has a different value than expected in scan profile. Expected=${tFINDexpvalue}, Real=${tFINDcurvalue}"
+                        Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result DIFFERENT --color RED
+                        AddHP 0 ${tFINDhp}
+                        FOUND=1
+                        N=$((N + 1))
+                        ReportDetails --test "${TEST_NO}" --service "sysctl" --field "${tFINDkey}" --value "${tFINDcurvalue}" --preferredvalue "${tFINDexpvalue}" --description "${tFINDdesc}"
+                    fi
                else
-                    LogText "Result: sysctl key ${tFINDkey} has a different value than expected in scan profile. Expected=${tFINDexpvalue}, Real=${tFINDcurvalue}"
-                    Display --indent 4 --text "- ${tFINDkey} (exp: ${tFINDexpvalue})" --result DIFFERENT --color RED
-                    AddHP 0 ${tFINDhp}
-                    FOUND=1
-                    N=$((N + 1))
-                    ReportDetails --test "${TEST_NO}" --service "sysctl" --field "${tFINDkey}" --value "${tFINDcurvalue}" --preferredvalue "${tFINDexpvalue}" --description "${tFINDdesc}"
+                    LogText "Result: key ${tFINDkey} does not exist on this machine"
                fi
            else
-                LogText "Result: key ${tFINDkey} does not exist on this machine"
+                LogText "Skipped test for ${tFINDkey} via profile"
            fi
        done

        # Add suggestion if one or more sysctls have a different value than scan profile
        if [ ${FOUND} -eq 1 ]; then
            LogText "Result: found ${N} keys that can use tuning, according scan profile"
-            ReportSuggestion ${TEST_NO} "One or more sysctl values differ from the scan profile and could be tweaked"
+            ReportSuggestion ${TEST_NO} "One or more sysctl values differ from the scan profile and could be tweaked" "" "Change sysctl value or disable test (skip-test=${TEST_NO}:<sysctl-key>)"
        fi
    fi
 #