diff --git a/include/tests_file_integrity b/include/tests_file_integrity index 6e7db43e..408cf301 100644 --- a/include/tests_file_integrity +++ b/include/tests_file_integrity @@ -36,11 +36,13 @@ LogText "Test: Checking AFICK binary" if [ ! "${AFICKBINARY}" = "" ]; then LogText "Result: AFICK is installed (${AFICKBINARY})" + Report "file_integrity_tool[]=afick" FILE_INT_TOOL="afick" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- AFICK" --result FOUND --color GREEN else LogText "Result: AFICK is not installed" + if IsVerbose; then Display --indent 4 --text "- AFICK" --result "NOT FOUND" --color WHITE; fi fi fi # @@ -53,11 +55,13 @@ LogText "Test: Checking AIDE binary" if [ ! "${AIDEBINARY}" = "" ]; then LogText "Result: AIDE is installed (${AIDEBINARY})" + Report "file_integrity_tool[]=aide" FILE_INT_TOOL="aide" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- AIDE" --result FOUND --color GREEN else LogText "Result: AIDE is not installed" + if IsVerbose; then Display --indent 4 --text "- AIDE" --result "NOT FOUND" --color WHITE; fi fi fi # @@ -80,8 +84,8 @@ Display --indent 6 --text "- AIDE config file" --result "NOT FOUND" --color YELLOW else LogText "Checking configuration file ${AIDECONFIG} for errors" - FIND=`${AIDEBINARY} --config=${AIDECONFIG} -D; echo $?` - if [ "${FIND}" = "0" ]; then + FIND=$(${AIDEBINARY} --config=${AIDECONFIG} -D) + if [ $? -eq 0 ]; then Display --indent 6 --text "- AIDE config file" --result FOUND --color GREEN else Display --indent 6 --text "- AIDE config file" --result WARNING --color YELLOW @@ -91,32 +95,6 @@ fi # ################################################################################# -# - # Test : FINT-4316 - # Description : Check if AIDE is configured to use SHA256 or SHA512 checksums - if [ ! "${AIDEBINARY}" = "" -a ! "${AIDECONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --description "AIDE configuration: Checksums (SHA256 or SHA512)" - if [ ${SKIPTEST} -eq 0 ]; then - FIND=`${GREPBINARY} "^Checksums" ${AIDECONFIG}` - FIND2=`${GREPBINARY} "^Checksums" ${AIDECONFIG} | ${EGREPBINARY} "sha256|sha512"` - if [ "${FIND}" = "" ]; then - LogText "Result: Unclear how AIDE is dealing with checksums" - Display --indent 6 --text "- AIDE config (Checksums)" --result UNKNOWN --color YELLOW - else - if [ "${FIND2}" = "" ]; then - LogText "Result: No SHA256 or SHA512 found for creating checksums" - Display --indent 6 --text "- AIDE config (Checksum)" --result WARNING --color RED - ReportSuggestion ${TEST_NO} "Use SHA256 or SHA512 to create checksums in AIDE" - AddHP 1 3 - else - LogText "Result: Found SHA256 or SHA512 found for creating checksums" - Display --indent 6 --text "- AIDE config (Checksum)" --result OK --color GREEN - AddHP 2 2 - fi - fi - fi -# -################################################################################# # # Test : FINT-4318 # Description : Check if Osiris is installed @@ -125,11 +103,13 @@ LogText "Test: Checking Osiris binary" if [ ! "${OSIRISBINARY}" = "" ]; then LogText "Result: Osiris is installed (${OSIRISBINARY})" + Report "file_integrity_tool[]=osiris" FILE_INT_TOOL="osiris" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- Osiris" --result FOUND --color GREEN else LogText "Result: Osiris is not installed" + if IsVerbose; then Display --indent 4 --text "- Osiris" --result "NOT FOUND" --color WHITE; fi fi fi # @@ -142,11 +122,13 @@ LogText "Test: Checking Samhain binary" if [ ! "${SAMHAINBINARY}" = "" ]; then LogText "Result: Samhain is installed (${SAMHAINBINARY})" + Report "file_integrity_tool[]=samhain" FILE_INT_TOOL="samhain" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- Samhain" --result FOUND --color GREEN else LogText "Result: Samhain is not installed" + if IsVerbose; then Display --indent 4 --text "- Samhain" --result "NOT FOUND" --color WHITE; fi fi fi # @@ -159,11 +141,13 @@ LogText "Test: Checking Tripwire binary" if [ ! "${TRIPWIREBINARY}" = "" ]; then LogText "Result: Tripwire is installed (${TRIPWIREBINARY})" + Report "file_integrity_tool[]=tripwire" FILE_INT_TOOL="tripwire" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- Tripwire" --result FOUND --color GREEN else LogText "Result: Tripwire is not installed" + if IsVerbose; then Display --indent 4 --text "- Tripwire" --result "NOT FOUND" --color WHITE; fi fi fi # @@ -177,11 +161,13 @@ IsRunning ossec-syscheckd if [ ${RUNNING} -eq 1 ]; then LogText "Result: syscheck (OSSEC) installed" + Report "file_integrity_tool[]=ossec" FILE_INT_TOOL="ossec-syscheck" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- OSSEC (syscheck)" --result FOUND --color GREEN else LogText "Result: syscheck (OSSEC) not installed" + if IsVerbose; then Display --indent 4 --text "- OSSEC" --result "NOT FOUND" --color WHITE; fi fi fi # @@ -195,11 +181,13 @@ LogText "Test: Checking mtree binary" if [ ! "${MTREEBINARY}" = "" ]; then LogText "Result: mtree is installed (${MTREEBINARY})" + Report "file_integrity_tool[]=mtree" FILE_INT_TOOL="mtree" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- mtree" --result FOUND --color GREEN else LogText "Result: mtree is not installed" + if IsVerbose; then Display --indent 4 --text "- mtree" --result "NOT FOUND" --color WHITE; fi fi fi # @@ -214,13 +202,17 @@ IsRunning 'lfd ' if [ ${RUNNING} -eq 1 ]; then LogText "Result: lfd daemon is running (CSF)" - Display --indent 6 --text "- Daemon status" --result RUNNING --color GREEN + Report "file_integrity_tool[]=csf-lfd" + Display --indent 6 --text "- LFD (CSF) daemon" --result RUNNING --color GREEN FILE_INT_TOOL="csf-lfd" FILE_INT_TOOL_FOUND=1 else - Display --indent 6 --text "- Daemon status" --result "NOT RUNNING" --color YELLOW + Display --indent 6 --text "- LFD (CSF) daemon" --result "NOT RUNNING" --color YELLOW fi fi +# +################################################################################# +# # Test : FINT-4336 # Description : Check if LFD is enabled (part of CSF suite) if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi @@ -250,7 +242,7 @@ Display --indent 6 --text "- Directory/File watches" --result DISABLED --color YELLOW fi fi - +# ################################################################################# # # Test : FINT-4338 @@ -261,11 +253,33 @@ IsRunning osqueryd if [ ${RUNNING} -eq 1 ]; then LogText "Result: syscheck (osquery) installed" + Report "file_integrity_tool[]=osquery" FILE_INT_TOOL="osquery" FILE_INT_TOOL_FOUND=1 - Display --indent 4 --text "- osquery (syscheck)" --result FOUND --color GREEN + Display --indent 4 --text "- osquery daemon (syscheck)" --result FOUND --color GREEN else LogText "Result: syscheck (osquery) not installed" + if IsVerbose; then Display --indent 4 --text "- osquery daemon (syscheck)" --result "NOT FOUND" --color WHITE; fi + fi + fi +# +################################################################################# +# + # Test : FINT-4402 (was FINT-4316) + # Description : Check if AIDE is configured to use SHA256 or SHA512 checksums + if [ ! "${AIDEBINARY}" = "" -a ! "${AIDECONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no FINT-4402 --preqs-met ${PREQS_MET} --weight L --network NO --description "AIDE configuration: Checksums (SHA256 or SHA512)" + if [ ${SKIPTEST} -eq 0 ]; then + FIND=`${GREPBINARY} -v "^#" ${AIDECONFIG} | ${EGREPBINARY} "= .*(sha256|sha512)"` + if [ "${FIND2}" = "" ]; then + LogText "Result: No SHA256 or SHA512 found for creating checksums" + Display --indent 6 --text "- AIDE config (Checksum)" --result Suggestion --color YELLOW + ReportSuggestion ${TEST_NO} "Use SHA256 or SHA512 to create checksums in AIDE" + AddHP 1 3 + else + LogText "Result: Found SHA256 or SHA512 found for creating checksums" + Display --indent 6 --text "- AIDE config (Checksum)" --result OK --color GREEN + AddHP 2 2 fi fi # @@ -288,12 +302,11 @@ fi fi # - - -Report "file_integrity_tool=${FILE_INT_TOOL}" -Report "file_integrity_tool_installed=${FILE_INT_TOOL_FOUND}" -WaitForKeyPress - +################################################################################# +# + Report "file_integrity_tool=${FILE_INT_TOOL}" + Report "file_integrity_tool_installed=${FILE_INT_TOOL_FOUND}" + WaitForKeyPress # #================================================================================ # Lynis - Copyright 2007-2016 Michael Boelen, CISOfy - https://cisofy.com