From 46f9a3dec8a6c6f5cd93ea79b95a208dabc61794 Mon Sep 17 00:00:00 2001 From: mboelen Date: Sun, 17 May 2015 23:01:38 +0200 Subject: [PATCH] Log file integrity monitoring tool, adding support for lfd (CSF) tool --- include/tests_file_integrity | 65 +++++++++++++++++++++++++++++++++--- 1 file changed, 60 insertions(+), 5 deletions(-) diff --git a/include/tests_file_integrity b/include/tests_file_integrity index d5d7ef1e..0fe987c5 100644 --- a/include/tests_file_integrity +++ b/include/tests_file_integrity @@ -14,6 +14,8 @@ # ################################################################################# # + CSF_CONFIG="/etc/csf/csf.conf" + FILE_INT_TOOL="" FILE_INT_TOOL_FOUND=0 # Boolean, file integrity tool found # ################################################################################# @@ -30,11 +32,11 @@ logtext "Test: Checking AFICK binary" if [ ! "${AFICKBINARY}" = "" ]; then logtext "Result: AFICK is installed (${AFICKBINARY})" + FILE_INT_TOOL="afick" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- AFICK" --result FOUND --color GREEN else logtext "Result: AFICK is not installed" - Display --indent 4 --text "- AFICK" --result "NOT FOUND" --color WHITE fi fi # @@ -47,11 +49,11 @@ logtext "Test: Checking AIDE binary" if [ ! "${AIDEBINARY}" = "" ]; then logtext "Result: AIDE is installed (${AIDEBINARY})" + FILE_INT_TOOL="aide" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- AIDE" --result FOUND --color GREEN else logtext "Result: AIDE is not installed" - Display --indent 4 --text "- AIDE" --result "NOT FOUND" --color WHITE fi fi # @@ -119,11 +121,11 @@ logtext "Test: Checking Osiris binary" if [ ! "${OSIRISBINARY}" = "" ]; then logtext "Result: Osiris is installed (${OSIRISBINARY})" + FILE_INT_TOOL="osiris" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- Osiris" --result FOUND --color GREEN else logtext "Result: Osiris is not installed" - Display --indent 4 --text "- Osiris" --result "NOT FOUND" --color WHITE fi fi # @@ -136,11 +138,11 @@ logtext "Test: Checking Samhain binary" if [ ! "${SAMHAINBINARY}" = "" ]; then logtext "Result: Samhain is installed (${SAMHAINBINARY})" + FILE_INT_TOOL="samhain" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- Samhain" --result FOUND --color GREEN else logtext "Result: Samhain is not installed" - Display --indent 4 --text "- Samhain" --result "NOT FOUND" --color WHITE fi fi # @@ -153,6 +155,7 @@ logtext "Test: Checking Tripwire binary" if [ ! "${TRIPWIREBINARY}" = "" ]; then logtext "Result: Tripwire is installed (${TRIPWIREBINARY})" + FILE_INT_TOOL="tripwire" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- Tripwire" --result FOUND --color GREEN else @@ -170,10 +173,13 @@ logtext "Test: Checking if OSSEC syscheck daemon is running" IsRunning ossec-syscheckd if [ ${RUNNING} -eq 1 ]; then + logtext "Result: syscheck (OSSEC) installed" + FILE_INT_TOOL="ossec-syscheck" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- OSSEC (syscheck)" --result FOUND --color GREEN else Display --indent 4 --text "- OSSEC (syscheck)" --result "NOT FOUND" --color WHITE + logtext "Result: syscheck (OSSEC) not installed" fi fi # @@ -187,11 +193,59 @@ logtext "Test: Checking mtree binary" if [ ! "${MTREEBINARY}" = "" ]; then logtext "Result: mtree is installed (${MTREEBINARY})" + FILE_INT_TOOL="mtree" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- mtree" --result FOUND --color GREEN else logtext "Result: mtree is not installed" - Display --indent 4 --text "- mtree" --result "NOT FOUND" --color WHITE + fi + fi +# +################################################################################# +# + # Test : FINT-4334 + # Description : Check if LFD is used (part of CSF suite) + if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no FINT-4334 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check lfd daemon status" + if [ ${SKIPTEST} -eq 0 ]; then + Display --indent 4 --text "- lfd (CSF)" --result FOUND --color GREEN + IsRunning 'lfd ' + if [ ${RUNNING} -eq 1 ]; then + logtext "Result: lfd daemon is running (CSF)" + Display --indent 6 --text "- Daemon status" --result RUNNING --color GREEN + FILE_INT_TOOL="csf-lfd" + FILE_INT_TOOL_FOUND=1 + else + Display --indent 6 --text "- Daemon status" --result "NOT RUNNING" --color YELLOW + fi + fi + # Test : FINT-4336 + # Description : Check if LFD is enabled (part of CSF suite) + if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no FINT-4336 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check lfd configuration status" + if [ ${SKIPTEST} -eq 0 ]; then + # LFD configuration parameters + ENABLED=`grep "^LF_DAEMON = \"1\"" ${CSF_CONFIG}` + if [ ! "${ENABLED}" = "" ]; then + logtext "Result: lfd service is configured to run" + Display --indent 6 --text "- Configuration status" --result ENABLED --color GREEN + else + logtext "Result: lfd service is configured NOT to run" + Display --indent 6 --text "- Configuration status" --result DISABLED --color YELLOW + fi + ENABLED=`grep "^LF_DIRWATCH =" ${CSF_CONFIG} | awk '{ print $3 }' | sed 's/\"//g'` + if [ ! "${ENABLED}" = "0" -a ! "${ENABLED}" = "" ]; then + logtext "Result: lfd directory watching is enabled (value: ${ENABLED})" + Display --indent 6 --text "- Temporary directory watches" --result ENABLED --color GREEN + else + logtext "Result: lfd directory watching is disabled" + Display --indent 6 --text "- Temporary directory watches" --result DISABLED --color YELLOW + fi + ENABLED=`grep "^LF_DIRWATCH_FILE =" ${CSF_CONFIG} | awk '{ print $3 }' | sed 's/\"//g'` + if [ ! "${ENABLED}" = "0" -a ! "${ENABLED}" = "" ]; then + Display --indent 6 --text "- Directory/File watches" --result ENABLED --color GREEN + else + Display --indent 6 --text "- Directory/File watches" --result DISABLED --color YELLOW fi fi # @@ -217,6 +271,7 @@ ################################################################################# # +report "file_integrity_tool=${FILE_INT_TOOL}" report "file_integrity_tool_installed=${FILE_INT_TOOL_FOUND}" wait_for_keypress