mirror of https://github.com/CISOfy/lynis.git
Merge pull request #1399 from xnoguer/issue-1319
Added tests considering Wazuh for file integrity and tooling
This commit is contained in:
commit
4b912ab357
|
@ -148,6 +148,7 @@ FINT-4338:test:security:file_integrity::osqueryd syscheck daemon running:
|
||||||
FINT-4339:test:security:file_integrity:Linux:Check IMA/EVM Status
|
FINT-4339:test:security:file_integrity:Linux:Check IMA/EVM Status
|
||||||
FINT-4340:test:security:file_integrity:Linux:Check dm-integrity status
|
FINT-4340:test:security:file_integrity:Linux:Check dm-integrity status
|
||||||
FINT-4341:test:security:file_integrity:Linux:Check dm-verity status
|
FINT-4341:test:security:file_integrity:Linux:Check dm-verity status
|
||||||
|
FINT-4344:test:security:file_integrity::Wazuh syscheck daemon running:
|
||||||
FINT-4350:test:security:file_integrity::File integrity software installed:
|
FINT-4350:test:security:file_integrity::File integrity software installed:
|
||||||
FINT-4402:test:security:file_integrity::Checksums (SHA256 or SHA512):
|
FINT-4402:test:security:file_integrity::Checksums (SHA256 or SHA512):
|
||||||
FIRE-4502:test:security:firewalls:Linux:Check iptables kernel module:
|
FIRE-4502:test:security:firewalls:Linux:Check iptables kernel module:
|
||||||
|
@ -437,6 +438,7 @@ TOOL-5102:test:security:tooling::Check for presence of Fail2ban:
|
||||||
TOOL-5104:test:security:tooling::Enabled tests for Fail2ban:
|
TOOL-5104:test:security:tooling::Enabled tests for Fail2ban:
|
||||||
TOOL-5120:test:security:tooling::Presence of Snort IDS:
|
TOOL-5120:test:security:tooling::Presence of Snort IDS:
|
||||||
TOOL-5122:test:security:tooling::Snort IDS configuration file:
|
TOOL-5122:test:security:tooling::Snort IDS configuration file:
|
||||||
|
TOOL-5128:test:security:tooling::Check for active Wazuh daemon:
|
||||||
TOOL-5130:test:security:tooling::Check for active Suricata daemon:
|
TOOL-5130:test:security:tooling::Check for active Suricata daemon:
|
||||||
TOOL-5126:test:security:tooling::Check for active OSSEC daemon:
|
TOOL-5126:test:security:tooling::Check for active OSSEC daemon:
|
||||||
TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling:
|
TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling:
|
||||||
|
|
|
@ -398,6 +398,25 @@
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
|
#
|
||||||
|
# Test : FINT-4344
|
||||||
|
# Description : Check if Wazuh system integrity tool is running
|
||||||
|
Register --test-no FINT-4344 --weight L --network NO --category security --description "Wazuh syscheck daemon running"
|
||||||
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
|
LogText "Test: Checking if Wazuh syscheck daemon is running"
|
||||||
|
if IsRunning "wazuh-syscheckd"; then
|
||||||
|
LogText "Result: syscheck (Wazuh) active"
|
||||||
|
Report "file_integrity_tool[]=wazuh"
|
||||||
|
FILE_INT_TOOL="wazuh-syscheck"
|
||||||
|
FILE_INT_TOOL_FOUND=1
|
||||||
|
Display --indent 4 --text "- Wazuh (syscheck)" --result "${STATUS_FOUND}" --color GREEN
|
||||||
|
else
|
||||||
|
LogText "Result: syscheck (Wazuh) is not active"
|
||||||
|
if IsVerbose; then Display --indent 4 --text "- Wazuh" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
#
|
||||||
|
#################################################################################
|
||||||
#
|
#
|
||||||
# Test : FINT-4402 (was FINT-4316)
|
# Test : FINT-4402 (was FINT-4316)
|
||||||
# Description : Check if AIDE is configured to use SHA256 or SHA512 checksums
|
# Description : Check if AIDE is configured to use SHA256 or SHA512 checksums
|
||||||
|
|
|
@ -99,7 +99,7 @@
|
||||||
else
|
else
|
||||||
Display --indent 4 --text "- Installed malware scanner" --result "${STATUS_NOT_FOUND}" --color RED
|
Display --indent 4 --text "- Installed malware scanner" --result "${STATUS_NOT_FOUND}" --color RED
|
||||||
fi
|
fi
|
||||||
ReportSuggestion "${TEST_NO}" "Harden the system by installing at least one malware scanner, to perform periodic file system scans" "-" "Install a tool like rkhunter, chkrootkit, OSSEC"
|
ReportSuggestion "${TEST_NO}" "Harden the system by installing at least one malware scanner, to perform periodic file system scans" "-" "Install a tool like rkhunter, chkrootkit, OSSEC, Wazuh"
|
||||||
AddHP 1 3
|
AddHP 1 3
|
||||||
LogText "Result: no malware scanner found"
|
LogText "Result: no malware scanner found"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -428,6 +428,35 @@
|
||||||
fi
|
fi
|
||||||
#
|
#
|
||||||
#################################################################################
|
#################################################################################
|
||||||
|
#
|
||||||
|
# Test : TOOL-5128
|
||||||
|
# Description : Check for Wazuh daemon
|
||||||
|
Register --test-no TOOL-5128 --weight L --network NO --category security --description "Check for active Wazuh daemon"
|
||||||
|
if [ ${SKIPTEST} -eq 0 ]; then
|
||||||
|
# Server side
|
||||||
|
if IsRunning "wazuh-analysisd"; then
|
||||||
|
IDS_IPS_TOOL_FOUND=1
|
||||||
|
Report "ids_ips_tooling[]=wazuh"
|
||||||
|
Report "ids_ips_tooling[]=wazuh-analysisd"
|
||||||
|
LogText "Result: Wazuh analysis daemon is active"
|
||||||
|
Display --indent 2 --text "- Checking presence of Wazuh (analysis)" --result "${STATUS_FOUND}" --color GREEN
|
||||||
|
else
|
||||||
|
LogText "Result: Wazuh analysis daemon not active"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Client side
|
||||||
|
if IsRunning "wazuh-agentd"; then
|
||||||
|
IDS_IPS_TOOL_FOUND=1
|
||||||
|
Report "ids_ips_tooling[]=wazuh"
|
||||||
|
Report "ids_ips_tooling[]=wazuh-agentd"
|
||||||
|
LogText "Result: Wazuh agent daemon is active"
|
||||||
|
Display --indent 2 --text "- Checking presence of Wazuh (agent)" --result "${STATUS_FOUND}" --color GREEN
|
||||||
|
else
|
||||||
|
LogText "Result: Wazuh agent daemon not active"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
#
|
||||||
|
#################################################################################
|
||||||
#
|
#
|
||||||
# Test : TOOL-5190
|
# Test : TOOL-5190
|
||||||
# Description : Check for an IDS/IPS tool
|
# Description : Check for an IDS/IPS tool
|
||||||
|
|
Loading…
Reference in New Issue