tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[TOOL-5102] Imported Fail2ban support and minor improvements

This commit is contained in:
mboelen 2016-04-15 14:51:53 +02:00
parent 04ed554cd2
commit e86f0522bf
1 changed files with 57 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
include/tests_tooling
View File

@ -153,46 +153,43 @@
# #
################################################################################# #################################################################################
# #
# Fail2Ban # Test : TOOL-5102
# Denyhosts? (deprecated) # Description : Check for Fail2ban
# Register --test-no TOOL-5102 --weight L --network NO --description "Check for presence of Fail2ban"
#################################################################################
#
# Test : TOOL-5004
# Description : Check for Fail2Ban
Register --test-no TOOL-5004 --weight L --network NO --description "Check for presence of Fail2Ban"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
# Fail2Ban presence # Fail2ban presence
if [ ! "${FAIL2BANBINARY}" = "" ]; then if [ ! "${FAIL2BANBINARY}" = "" ]; then
LogText "Result: Fail2Ban is installed (${FAIL2BANBINARY})" LogText "Result: Fail2ban is installed (${FAIL2BANBINARY})"
IPS_TOOL_FOUND=1 IPS_TOOL_FOUND=1
FAIL2BAN_FOUND=1 FAIL2BAN_FOUND=1
Report "IPS_tool_running[]=fail2ban-server" Report "IPS_tool_running[]=fail2ban-server"
Display --indent 2 --text "- Checking presence of Fail2Ban" --result FOUND --color GREEN Display --indent 2 --text "- Checking presence of Fail2ban" --result FOUND --color GREEN
else else
LogText "Result: Fail2Ban not present (fail2ban-server not found)" LogText "Result: Fail2ban not present (fail2ban-server not found)"
Display --indent 2 --text "- Checking presence of Fail2Ban" --result "NOT FOUND" --color WHITE Display --indent 2 --text "- Checking presence of Fail2ban" --result "NOT FOUND" --color WHITE
fi fi
# Fail2Ban configuration # Fail2ban configuration
if [ ${FAIL2BAN_FOUND} -eq 1 ]; then LogText "Checking Fail2ban configuration file"
LogText "Checking Fail2Ban configuration" if [ -f /etc/fail2ban/jail.local ]; then
FAIL2BAN_CONFIG="/etc/fail2ban/jail.local"
elif [ -f /etc/fail2ban/jail.conf ]; then
FAIL2BAN_CONFIG="/etc/fail2ban/jail.conf"
else
FAIL2BAN_CONFIG=""
fi
if [ -f /etc/fail2ban/jail.local ]; then # Continue if tooling is available and configuration file found
FAIL2BAN_CONFIG="/etc/fail2ban/jail.local" if [ ${FAIL2BAN_FOUND} -eq 1 -a ! "${FAIL2BAN_CONFIG}" = "" ]; then
else
FAIL2BAN_CONFIG="/etc/fail2ban/jail.conf" LogText "Result: found configuration file (${FAIL2BAN_CONFIG})"
fi
# Check email alert configuration # Check email alert configuration
LogText "Test: checking for email actions within ${FAIL2BAN_CONFIG}"
LogText "Checking for email actions within $FAIL2BAN_CONFIG" FIND=`egrep "^action = \%\(action_m.*\)s" ${FAIL2BAN_CONFIG}`
FIND2=`egrep "^action = \%\(action_\)s" ${FAIL2BAN_CONFIG}`
FIND=`egrep "^action = \%\(action_m.*\)s" $FAIL2BAN_CONFIG`
FIND2=`egrep "^action = \%\(action_\)s" $FAIL2BAN_CONFIG`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
FAIL2BAN_EMAIL=1 FAIL2BAN_EMAIL=1
@ -205,74 +202,73 @@
fi fi
if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
LogText "No registered actions found in $FAIL2BAN_CONFIG" LogText "No registered actions found in ${FAIL2BAN_CONFIG}"
Display --indent 4 --text "- Checking Fail2Ban actions" --result NONE --color RED Display --indent 4 --text "- Checking Fail2ban actions" --result NONE --color RED
ReportWarning "${TEST_NO}" "M" "$FAIL2BAN_CONFIG" "There are no actions configured for Fail2Ban." ReportWarning "${TEST_NO}" "M" "${FAIL2BAN_CONFIG}" "There are no actions configured for Fail2ban."
AddHP 0 3 AddHP 0 3
fi fi
if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
LogText "All actions in $FAIL2BAN_CONFIG are configured to send email alerts" LogText "All actions in ${FAIL2BAN_CONFIG} are configured to send email alerts"
Display --indent 4 --text "- Checking Fail2Ban actions" --result OK --color GREEN Display --indent 4 --text "- Checking Fail2ban actions" --result OK --color GREEN
AddHP 3 3 AddHP 3 3
fi fi
if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
LogText "Some actions found in $FAIL2BAN_CONFIG are configured to send email alerts" LogText "Some actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
Display --indent 4 --text "- Checking Fail2Ban actions" --result PARTIAL --color YELLOW Display --indent 4 --text "- Checking Fail2ban actions" --result PARTIAL --color YELLOW
ReportSuggestion "${TEST_NO}" "Some Fail2Ban jails are configured with non-notified actions. Consider changing these to emailed alerts." ReportSuggestion "${TEST_NO}" "Some Fail2ban jails are configured with non-notified actions. Consider changing these to emailed alerts."
AddHP 2 3 AddHP 2 3
fi fi
if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
LogText "None of the actions found in $FAIL2BAN_CONFIG are configured to send email alerts" LogText "None of the actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
Display --indent 4 --text "- Checking Fail2Ban actions" --result NONE --color YELLOW Display --indent 4 --text "- Checking Fail2ban actions" --result NONE --color YELLOW
ReportSuggestion "${TEST_NO}" "None of the Fail2Ban jails are configured to send email notifications. Consider changing these to emailed alerts." ReportSuggestion "${TEST_NO}" "None of the Fail2ban jails are configured to send email notifications. Consider changing these to emailed alerts."
AddHP 1 3 AddHP 1 3
fi fi
# Check at least one enabled Jail # Check at least one enabled jail
LogText "Checking for enabled jails within ${FAIL2BAN_CONFIG}"
LogText "Checking for enabled Jails within $FAIL2BAN_CONFIG" FIND=`egrep "^enabled\s*=\s*true" ${FAIL2BAN_CONFIG}`
FIND=`egrep "^enabled\s*=\s*true" $FAIL2BAN_CONFIG`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
LogText "Result: found at least one enabled jail" LogText "Result: found at least one enabled jail"
Display --indent 4 --text "- Checking Fail2Ban jails" --result ENABLED --color GREEN Display --indent 4 --text "- Checking Fail2ban jails" --result ENABLED --color GREEN
AddHP 3 3 AddHP 3 3
else else
LogText "Result: Fail2Ban installed but completely disabled" LogText "Result: Fail2ban installed but completely disabled"
Display --indent 4 --text "- Checking Fail2Ban jails" --result DISABLED --color RED Display --indent 4 --text "- Checking Fail2ban jails" --result DISABLED --color RED
AddHP 0 3 AddHP 0 3
ReportWarning "${TEST_NO}" "M" "All jails in Fail2Ban are disabled" "$FAIL2BAN_CONFIG" ReportWarning "${TEST_NO}" "M" "All jails in Fail2ban are disabled" "${FAIL2BAN_CONFIG}"
fi fi
# Confirm at least one iptables chain for fail2ban # Confirm at least one iptables chain for fail2ban
LogText "Checking for fail2ban iptables chains" LogText "Checking for fail2ban iptables chains"
if [ -f $IPTABLESBINARY ]; then if [ ! "${IPTABLESBINARY}" = "" ]; then
CHECK_CHAINS=`${IPTABLESBINARY} -L 2>&1 | grep fail2ban`
CHECK_CHAINS=`$IPTABLESBINARY -L | grep fail2ban` 2>&1
if [ ! "${CHECK_CHAINS}" = "" ]; then if [ ! "${CHECK_CHAINS}" = "" ]; then
LogText "Result: found at least one iptables chain for fail2ban" LogText "Result: found at least one iptables chain for fail2ban"
Display --indent 4 --text "- Checking for Fail2Ban iptables chain" --result OK --color GREEN Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result OK --color GREEN
else else
LogText "Result: Fail2Ban installed but iptables chain not present - fail2ban will not work" LogText "Result: Fail2ban installed but iptables chain not present - fail2ban will not work"
Display --indent 4 --text "- Checking for Fail2Ban iptables chain" --result WARNING --color RED Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result WARNING --color RED
AddHP 0 3 AddHP 0 3
ReportWarning "${TEST_NO}" "M" "Check config to see why iptables does not have a fail2ban chain" "$FAIL2BAN_CONFIG" ReportSuggestion "${TEST_NO}" "M" "Check config to see why iptables does not have a fail2ban chain" "${FAIL2BAN_CONFIG}"
fi fi
else else
Display --indent 4 --text "- Checking for Fail2Ban iptables chain" --result WARNING --color RED Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result WARNING --color RED
ReportWarning "${TEST_NO}" "H" "iptables doesn't seem to be installed; Fail2Ban will not work" "$FAIL2BAN_CONFIG" ReportSuggestion "${TEST_NO}" "H" "iptables doesn't seem to be installed; Fail2ban will not work. Remove Fail2ban or install iptables" "${FAIL2BAN_CONFIG}"
fi fi
fi fi
fi fi
#
# Test : TOOL-5014 #################################################################################
#
# Test : TOOL-5190
# Description : Check for an IPS tool # Description : Check for an IPS tool
Register --test-no TOOL-5014 --weight L --network NO --description "Check presence of IPS tool" Register --test-no TOOL-5014 --weight L --network NO --description "Check presence of IPS tool"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
@ -281,12 +277,10 @@
AddHP 2 2 AddHP 2 2
else else
Display --indent 2 --text "- Checking for implemented IPS" --result NONE --color YELLOW Display --indent 2 --text "- Checking for implemented IPS" --result NONE --color YELLOW
ReportSuggestion ${TEST_NO} "Ensure that automatic intrusion prevention tools are installed" #ReportSuggestion ${TEST_NO} "Ensure that automatic intrusion prevention tools are installed"
AddHP 0 2 AddHP 0 2
fi fi
fi fi
# #
################################################################################# #################################################################################
# #