From 8e61275ff496c4b2170379410106ebc5e903e1ef Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Thu, 16 May 2019 15:23:23 +0200 Subject: [PATCH] Move state recording to report section --- include/report | 114 +++++++++++++++++++++-------------- include/tests_firewalls | 5 -- include/tests_networking | 3 - include/tests_ports_packages | 7 --- 4 files changed, 69 insertions(+), 60 deletions(-) diff --git a/include/report b/include/report index b200f6be..2df666e4 100644 --- a/include/report +++ b/include/report @@ -22,55 +22,79 @@ # ################################################################################# # + + # Add data fields to report file + Report "dhcp_client_running=${DHCP_CLIENT_RUNNING}" + Report "arpwatch_running=${ARPWATCH_RUNNING}" + + # Report firewall installed for now, if we found one active. Next step would be determining binaries first and apply additional checks. + Report "firewall_active=${FIREWALL_ACTIVE}" + Report "firewall_empty_ruleset=${FIREWALL_EMPTY_RULESET}" + Report "firewall_installed=${FIREWALL_ACTIVE}" + + if [ ! -z "${INSTALLED_PACKAGES}" ]; then Report "installed_packages_array=${INSTALLED_PACKAGES}"; fi + + Report "package_audit_tool=${PACKAGE_AUDIT_TOOL}" + Report "package_audit_tool_found=${PACKAGE_AUDIT_TOOL_FOUND}" + Report "vulnerable_packages_found=${VULNERABLE_PACKAGES_FOUND}" + + # Hardening Index - # Define approximately how strong a machine has been hardened - # If no hardening has been found, set value to 1 - if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi - HPINDEX=$((HPPOINTS * 100 / HPTOTAL)) - HPAOBLOCKS=$((HPPOINTS * 20 / HPTOTAL)) - # Set color related to rating - if [ ${HPINDEX} -lt 50 ]; then - HPCOLOR="${RED}" - HIDESCRIPTION="System has not or a low amount been hardened" - elif [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then - HPCOLOR="${YELLOW}" - HIDESCRIPTION="System has been hardened, but could use additional hardening" - elif [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then - HPCOLOR="${GREEN}" - HIDESCRIPTION="System seem to be decent hardened" - elif [ ${HPINDEX} -gt 89 ]; then - HPCOLOR="${GREEN}" - HIDESCRIPTION="System seem to be well hardened" - fi + # Goal: + # Provide a visual way to show how much the system is hardened + # + # Important: + # The index gives a simplified version of the measures taken on the system. + # It should be used to get a first impression about the state of the system or to compare similar systems. + # Getting the maximum score (100 or full bar) does not indicate that the system is fully secured. - case ${HPAOBLOCKS} in - 0) HPBLOCKS="#"; HPEMPTY=" " ;; - 1) HPBLOCKS="#"; HPEMPTY=" " ;; - 2) HPBLOCKS="##"; HPEMPTY=" " ;; - 3) HPBLOCKS="###"; HPEMPTY=" " ;; - 4) HPBLOCKS="####"; HPEMPTY=" " ;; - 5) HPBLOCKS="#####"; HPEMPTY=" " ;; - 6) HPBLOCKS="######"; HPEMPTY=" " ;; - 7) HPBLOCKS="#######"; HPEMPTY=" " ;; - 8) HPBLOCKS="########"; HPEMPTY=" " ;; - 9) HPBLOCKS="#########"; HPEMPTY=" " ;; - 10) HPBLOCKS="##########"; HPEMPTY=" " ;; - 11) HPBLOCKS="###########"; HPEMPTY=" " ;; - 12) HPBLOCKS="############"; HPEMPTY=" " ;; - 13) HPBLOCKS="#############"; HPEMPTY=" " ;; - 14) HPBLOCKS="##############"; HPEMPTY=" " ;; - 15) HPBLOCKS="###############"; HPEMPTY=" " ;; - 16) HPBLOCKS="################"; HPEMPTY=" " ;; - 17) HPBLOCKS="#################"; HPEMPTY=" " ;; - 18) HPBLOCKS="##################"; HPEMPTY=" " ;; - 19) HPBLOCKS="###################"; HPEMPTY=" " ;; - 20) HPBLOCKS="####################"; HPEMPTY="" ;; - esac + # If no hardening has been found, set value to 1 + if [ ${HPPOINTS} -eq 0 ]; then HPPOINTS=1; HPTOTAL=100; fi + HPINDEX=$((HPPOINTS * 100 / HPTOTAL)) + HPAOBLOCKS=$((HPPOINTS * 20 / HPTOTAL)) + # Set color related to rating + if [ ${HPINDEX} -lt 50 ]; then + HPCOLOR="${RED}" + HIDESCRIPTION="System has not or a low amount been hardened" + elif [ ${HPINDEX} -gt 49 -a ${HPINDEX} -lt 80 ]; then + HPCOLOR="${YELLOW}" + HIDESCRIPTION="System has been hardened, but could use additional hardening" + elif [ ${HPINDEX} -gt 79 -a ${HPINDEX} -lt 90 ]; then + HPCOLOR="${GREEN}" + HIDESCRIPTION="System seem to be decent hardened" + elif [ ${HPINDEX} -gt 89 ]; then + HPCOLOR="${GREEN}" + HIDESCRIPTION="System seem to be well hardened" + fi - HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]" - LogText "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]" - LogText "Hardening strength: ${HIDESCRIPTION}" + case ${HPAOBLOCKS} in + 0) HPBLOCKS="#"; HPEMPTY=" " ;; + 1) HPBLOCKS="#"; HPEMPTY=" " ;; + 2) HPBLOCKS="##"; HPEMPTY=" " ;; + 3) HPBLOCKS="###"; HPEMPTY=" " ;; + 4) HPBLOCKS="####"; HPEMPTY=" " ;; + 5) HPBLOCKS="#####"; HPEMPTY=" " ;; + 6) HPBLOCKS="######"; HPEMPTY=" " ;; + 7) HPBLOCKS="#######"; HPEMPTY=" " ;; + 8) HPBLOCKS="########"; HPEMPTY=" " ;; + 9) HPBLOCKS="#########"; HPEMPTY=" " ;; + 10) HPBLOCKS="##########"; HPEMPTY=" " ;; + 11) HPBLOCKS="###########"; HPEMPTY=" " ;; + 12) HPBLOCKS="############"; HPEMPTY=" " ;; + 13) HPBLOCKS="#############"; HPEMPTY=" " ;; + 14) HPBLOCKS="##############"; HPEMPTY=" " ;; + 15) HPBLOCKS="###############"; HPEMPTY=" " ;; + 16) HPBLOCKS="################"; HPEMPTY=" " ;; + 17) HPBLOCKS="#################"; HPEMPTY=" " ;; + 18) HPBLOCKS="##################"; HPEMPTY=" " ;; + 19) HPBLOCKS="###################"; HPEMPTY=" " ;; + 20) HPBLOCKS="####################"; HPEMPTY="" ;; + esac + + HPGRAPH="[${HPCOLOR}${HPBLOCKS}${NORMAL}${HPEMPTY}]" + LogText "Hardening index : [${HPINDEX}] [${HPBLOCKS}${HPEMPTY}]" + LogText "Hardening strength: ${HIDESCRIPTION}" # Only show overview if not running in quiet mode diff --git a/include/tests_firewalls b/include/tests_firewalls index 85f2b150..735059fe 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -596,11 +596,6 @@ ################################################################################# # -# Report firewall installed for now, if we found one active. Next step would be determining binaries first and apply additional checks. -Report "firewall_active=${FIREWALL_ACTIVE}" -Report "firewall_empty_ruleset=${FIREWALL_EMPTY_RULESET}" -Report "firewall_installed=${FIREWALL_ACTIVE}" - WaitForKeyPress # diff --git a/include/tests_networking b/include/tests_networking index 3986220b..5d5df2f6 100644 --- a/include/tests_networking +++ b/include/tests_networking @@ -634,9 +634,6 @@ ################################################################################# # -Report "dhcp_client_running=${DHCP_CLIENT_RUNNING}" -Report "arpwatch_running=${ARPWATCH_RUNNING}" - WaitForKeyPress # diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 4bc75faa..2d8b997e 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -1340,13 +1340,6 @@ ################################################################################# # - -if [ ! -z "${INSTALLED_PACKAGES}" ]; then Report "installed_packages_array=${INSTALLED_PACKAGES}"; fi - -Report "package_audit_tool=${PACKAGE_AUDIT_TOOL}" -Report "package_audit_tool_found=${PACKAGE_AUDIT_TOOL_FOUND}" -Report "vulnerable_packages_found=${VULNERABLE_PACKAGES_FOUND}" - WaitForKeyPress #