tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Start of refactor fail2ban tests and splitting them into different test areas

This commit is contained in:
Michael Boelen 2016-07-30 12:06:30 +02:00
parent 8a95b49913
commit f1dc6be5bf
1 changed files with 108 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
include/tests_tooling
View File

@ -30,6 +30,7 @@
FAIL2BAN_FOUND=0 FAIL2BAN_FOUND=0
FAIL2BAN_EMAIL=0 FAIL2BAN_EMAIL=0
FAIL2BAN_SILENT=0 FAIL2BAN_SILENT=0
PERFORM_FAIL2BAN_TESTS=0
# #
################################################################################# #################################################################################
# #
@ -181,102 +182,125 @@
# Continue if tooling is available and configuration file found # Continue if tooling is available and configuration file found
if [ ${FAIL2BAN_FOUND} -eq 1 -a ! "${FAIL2BAN_CONFIG}" = "" ]; then if [ ${FAIL2BAN_FOUND} -eq 1 -a ! "${FAIL2BAN_CONFIG}" = "" ]; then
Report "fail2ban_config=${FAIL2BAN_CONFIG}"
LogText "Result: found configuration file (${FAIL2BAN_CONFIG})" FAIL2BANCLIENT=$(which fail2ban-client 2> /dev/null)
if [ ! -z "${FAIL2BANCLIENT}" ]; then PERFORM_FAIL2BAN_TESTS=1; fi
# Check email alert configuration fi
LogText "Test: checking for email actions within ${FAIL2BAN_CONFIG}" fi
#
FIND=`egrep "^action = \%\(action_m.*\)s" ${FAIL2BAN_CONFIG}` #################################################################################
FIND2=`egrep "^action = \%\(action_\)s" ${FAIL2BAN_CONFIG}` #
# Test : TOOL-5104
if [ ! "${FIND}" = "" ]; then # Description : Check for Fail2ban enabled tests
FAIL2BAN_EMAIL=1 if [ ${PERFORM_FAIL2BAN_TESTS} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
LogText "Result: found at least one jail which sends an email alert" Register --test-no TOOL-5104 --weight L --network NO --preqs-met ${PREQS_MET} --category security --description "Enabled tests in Fail2ban"
fi if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(${FAIL2BANCLIENT} -d | tr -d '[]' | tr -d "'" | awk -F, '{ if ($1=="add") { print $2 }}' | tr -d ' ')
if [ ! "${FIND2}" = "" ]; then
FAIL2BAN_SILENT=1
LogText "Result: found at least one jail which does NOT send an email alert"
fi
if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
LogText "No registered actions found in ${FAIL2BAN_CONFIG}"
Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color RED
ReportWarning "${TEST_NO}" "M" "${FAIL2BAN_CONFIG}" "There are no actions configured for Fail2ban."
AddHP 0 3
fi
if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
LogText "All actions in ${FAIL2BAN_CONFIG} are configured to send email alerts"
Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_OK}" --color GREEN
AddHP 3 3
fi
if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
LogText "Some actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
Display --indent 4 --text "- Checking Fail2ban actions" --result PARTIAL --color YELLOW
ReportSuggestion "${TEST_NO}" "Some Fail2ban jails are configured with non-notified actions. Consider changing these to emailed alerts."
AddHP 2 3
fi
if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
LogText "None of the actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color YELLOW
ReportSuggestion "${TEST_NO}" "None of the Fail2ban jails are configured to send email notifications. Consider changing these to emailed alerts."
AddHP 1 3
fi
# Check at least one enabled jail
LogText "Checking for enabled jails within ${FAIL2BAN_CONFIG}"
FIND=`egrep "^enabled\s*=\s*true" ${FAIL2BAN_CONFIG}`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
for F2BSERVICE in ${FIND}; do
LogText "Result: service '${F2BSERVICE}' enabled"
Report "fail2ban_enabled_service[]=${F2BSERVICE}"
done
LogText "Result: found at least one enabled jail" LogText "Result: found at least one enabled jail"
Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_ENABLED}" --color GREEN Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_ENABLED}" --color GREEN
AddHP 3 3 AddHP 3 3
else else
LogText "Result: Fail2ban installed but completely disabled" LogText "Result: Fail2ban installed but completely disabled"
Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_DISABLED}" --color RED Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_DISABLED}" --color RED
AddHP 0 3 AddHP 0 5
ReportWarning "${TEST_NO}" "M" "All jails in Fail2ban are disabled" "${FAIL2BAN_CONFIG}" ReportWarning "${TEST_NO}" "All jails in Fail2ban are disabled" "${FAIL2BAN_CONFIG}"
fi
# Confirm at least one iptables chain for fail2ban
LogText "Checking for fail2ban iptables chains"
if [ ! "${IPTABLESBINARY}" = "" ]; then
CHECK_CHAINS=`${IPTABLESBINARY} -L 2>&1 | grep fail2ban`
if [ ! "${CHECK_CHAINS}" = "" ]; then
LogText "Result: found at least one iptables chain for fail2ban"
Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_OK}" --color GREEN
else
LogText "Result: Fail2ban installed but iptables chain not present - fail2ban will not work"
Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED
AddHP 0 3
ReportSuggestion "${TEST_NO}" "M" "Check config to see why iptables does not have a fail2ban chain" "${FAIL2BAN_CONFIG}"
fi
else
Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED
ReportSuggestion "${TEST_NO}" "H" "iptables doesn't seem to be installed; Fail2ban will not work. Remove Fail2ban or install iptables" "${FAIL2BAN_CONFIG}"
fi
fi fi
fi fi
# #
################################################################################# #################################################################################
#
# These tests are temporarily disabled to split them up in different areas to check
#
# LogText "Result: found configuration file (${FAIL2BAN_CONFIG})"
#
# # Check email alert configuration
# LogText "Test: checking for email actions within ${FAIL2BAN_CONFIG}"
#
# FIND=`egrep "^action = \%\(action_m.*\)s" ${FAIL2BAN_CONFIG}`
# FIND2=`egrep "^action = \%\(action_\)s" ${FAIL2BAN_CONFIG}`
#
# if [ ! "${FIND}" = "" ]; then
# FAIL2BAN_EMAIL=1
# LogText "Result: found at least one jail which sends an email alert"
# fi
#
# if [ ! "${FIND2}" = "" ]; then
# FAIL2BAN_SILENT=1
# LogText "Result: found at least one jail which does NOT send an email alert"
# fi
#
# if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
# LogText "No registered actions found in ${FAIL2BAN_CONFIG}"
# Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color RED
# ReportWarning "${TEST_NO}" "${FAIL2BAN_CONFIG}" "There are no actions configured for Fail2ban."
# AddHP 0 3
# fi
#
# if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
# LogText "All actions in ${FAIL2BAN_CONFIG} are configured to send email alerts"
# Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_OK}" --color GREEN
# AddHP 3 3
# fi
#
# if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
# LogText "Some actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
# Display --indent 4 --text "- Checking Fail2ban actions" --result PARTIAL --color YELLOW
# ReportSuggestion "${TEST_NO}" "Some Fail2ban jails are configured with non-notified actions. Consider changing these to emailed alerts."
# AddHP 2 3
# fi
#
# if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
# LogText "None of the actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
# Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color YELLOW
# ReportSuggestion "${TEST_NO}" "None of the Fail2ban jails are configured to send email notifications. Consider changing these to emailed alerts."
# AddHP 1 3
# fi
#
# # Check at least one enabled jail
# LogText "Checking for enabled jails within ${FAIL2BAN_CONFIG}"
#
#
#
# # Confirm at least one iptables chain for fail2ban
#
# LogText "Checking for fail2ban iptables chains"
#
# if [ ! "${IPTABLESBINARY}" = "" ]; then
# CHECK_CHAINS=`${IPTABLESBINARY} -L 2>&1 | grep fail2ban`
# if [ ! "${CHECK_CHAINS}" = "" ]; then
# LogText "Result: found at least one iptables chain for fail2ban"
# Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_OK}" --color GREEN
# else
# LogText "Result: Fail2ban installed but iptables chain not present - fail2ban will not work"
# Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED
# AddHP 0 3
# ReportSuggestion "${TEST_NO}" "Check config to see why iptables does not have a fail2ban chain" "${FAIL2BAN_CONFIG}"
# fi
# else
# Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED
# ReportSuggestion "${TEST_NO}" "iptables doesn't seem to be installed; Fail2ban will not work. Remove Fail2ban or install iptables" "${FAIL2BAN_CONFIG}"
# fi
# fi
# fi
#
#################################################################################
# #
# Test : TOOL-5190 # Test : TOOL-5190
# Description : Check for an IDS/IPS tool # Description : Check for an IDS/IPS tool
Register --test-no TOOL-5014 --weight L --network NO --category security --description "Check presence of IDS/IPS tool" Register --test-no TOOL-5190 --weight L --network NO --category security --description "Check presence of IDS/IPS tool"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then
Display --indent 2 --text "- Checking for intrusion detection/prevention system" --result "${STATUS_FOUND}" --color GREEN Display --indent 2 --text "- Checking for IDS/IPS tooling" --result "${STATUS_FOUND}" --color GREEN
AddHP 2 2 AddHP 2 2
else else
Display --indent 2 --text "- Checking for intrusion detection/prevention system" --result "${STATUS_NONE}" --color YELLOW Display --indent 2 --text "- Checking for IDS/IPS tooling" --result "${STATUS_NONE}" --color YELLOW
#ReportSuggestion ${TEST_NO} "Ensure that automatic intrusion detection/prevention tools are installed" #ReportSuggestion ${TEST_NO} "Install and configure automated intrusion detection/prevention tools"
AddHP 0 2 AddHP 0 2
fi fi
fi fi