tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Report multiple file integrity tools, clean ups, and renumber FINT-4316 to FINT-4402

This commit is contained in:
Michael Boelen 2016-05-16 20:55:42 +02:00
parent fe7f83efa0
commit f7e353fe17
1 changed files with 51 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
include/tests_file_integrity
View File

@ -36,11 +36,13 @@
LogText "Test: Checking AFICK binary" LogText "Test: Checking AFICK binary"
if [ ! "${AFICKBINARY}" = "" ]; then if [ ! "${AFICKBINARY}" = "" ]; then
LogText "Result: AFICK is installed (${AFICKBINARY})" LogText "Result: AFICK is installed (${AFICKBINARY})"
Report "file_integrity_tool[]=afick"
FILE_INT_TOOL="afick" FILE_INT_TOOL="afick"
FILE_INT_TOOL_FOUND=1 FILE_INT_TOOL_FOUND=1
Display --indent 4 --text "- AFICK" --result FOUND --color GREEN Display --indent 4 --text "- AFICK" --result FOUND --color GREEN
else else
LogText "Result: AFICK is not installed" LogText "Result: AFICK is not installed"
if IsVerbose; then Display --indent 4 --text "- AFICK" --result "NOT FOUND" --color WHITE; fi
fi fi
fi fi
# #
@ -53,11 +55,13 @@
LogText "Test: Checking AIDE binary" LogText "Test: Checking AIDE binary"
if [ ! "${AIDEBINARY}" = "" ]; then if [ ! "${AIDEBINARY}" = "" ]; then
LogText "Result: AIDE is installed (${AIDEBINARY})" LogText "Result: AIDE is installed (${AIDEBINARY})"
Report "file_integrity_tool[]=aide"
FILE_INT_TOOL="aide" FILE_INT_TOOL="aide"
FILE_INT_TOOL_FOUND=1 FILE_INT_TOOL_FOUND=1
Display --indent 4 --text "- AIDE" --result FOUND --color GREEN Display --indent 4 --text "- AIDE" --result FOUND --color GREEN
else else
LogText "Result: AIDE is not installed" LogText "Result: AIDE is not installed"
if IsVerbose; then Display --indent 4 --text "- AIDE" --result "NOT FOUND" --color WHITE; fi
fi fi
fi fi
# #
@ -80,8 +84,8 @@
Display --indent 6 --text "- AIDE config file" --result "NOT FOUND" --color YELLOW Display --indent 6 --text "- AIDE config file" --result "NOT FOUND" --color YELLOW
else else
LogText "Checking configuration file ${AIDECONFIG} for errors" LogText "Checking configuration file ${AIDECONFIG} for errors"
FIND=`${AIDEBINARY} --config=${AIDECONFIG} -D; echo $?` FIND=$(${AIDEBINARY} --config=${AIDECONFIG} -D)
if [ "${FIND}" = "0" ]; then if [ $? -eq 0 ]; then
Display --indent 6 --text "- AIDE config file" --result FOUND --color GREEN Display --indent 6 --text "- AIDE config file" --result FOUND --color GREEN
else else
Display --indent 6 --text "- AIDE config file" --result WARNING --color YELLOW Display --indent 6 --text "- AIDE config file" --result WARNING --color YELLOW
@ -91,32 +95,6 @@
fi fi
# #
################################################################################# #################################################################################
#
# Test : FINT-4316
# Description : Check if AIDE is configured to use SHA256 or SHA512 checksums
if [ ! "${AIDEBINARY}" = "" -a ! "${AIDECONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no FINT-4316 --preqs-met ${PREQS_MET} --weight L --network NO --description "AIDE configuration: Checksums (SHA256 or SHA512)"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=`${GREPBINARY} "^Checksums" ${AIDECONFIG}`
FIND2=`${GREPBINARY} "^Checksums" ${AIDECONFIG} | ${EGREPBINARY} "sha256|sha512"`
if [ "${FIND}" = "" ]; then
LogText "Result: Unclear how AIDE is dealing with checksums"
Display --indent 6 --text "- AIDE config (Checksums)" --result UNKNOWN --color YELLOW
else
if [ "${FIND2}" = "" ]; then
LogText "Result: No SHA256 or SHA512 found for creating checksums"
Display --indent 6 --text "- AIDE config (Checksum)" --result WARNING --color RED
ReportSuggestion ${TEST_NO} "Use SHA256 or SHA512 to create checksums in AIDE"
AddHP 1 3
else
LogText "Result: Found SHA256 or SHA512 found for creating checksums"
Display --indent 6 --text "- AIDE config (Checksum)" --result OK --color GREEN
AddHP 2 2
fi
fi
fi
#
#################################################################################
# #
# Test : FINT-4318 # Test : FINT-4318
# Description : Check if Osiris is installed # Description : Check if Osiris is installed
@ -125,11 +103,13 @@
LogText "Test: Checking Osiris binary" LogText "Test: Checking Osiris binary"
if [ ! "${OSIRISBINARY}" = "" ]; then if [ ! "${OSIRISBINARY}" = "" ]; then
LogText "Result: Osiris is installed (${OSIRISBINARY})" LogText "Result: Osiris is installed (${OSIRISBINARY})"
Report "file_integrity_tool[]=osiris"
FILE_INT_TOOL="osiris" FILE_INT_TOOL="osiris"
FILE_INT_TOOL_FOUND=1 FILE_INT_TOOL_FOUND=1
Display --indent 4 --text "- Osiris" --result FOUND --color GREEN Display --indent 4 --text "- Osiris" --result FOUND --color GREEN
else else
LogText "Result: Osiris is not installed" LogText "Result: Osiris is not installed"
if IsVerbose; then Display --indent 4 --text "- Osiris" --result "NOT FOUND" --color WHITE; fi
fi fi
fi fi
# #
@ -142,11 +122,13 @@
LogText "Test: Checking Samhain binary" LogText "Test: Checking Samhain binary"
if [ ! "${SAMHAINBINARY}" = "" ]; then if [ ! "${SAMHAINBINARY}" = "" ]; then
LogText "Result: Samhain is installed (${SAMHAINBINARY})" LogText "Result: Samhain is installed (${SAMHAINBINARY})"
Report "file_integrity_tool[]=samhain"
FILE_INT_TOOL="samhain" FILE_INT_TOOL="samhain"
FILE_INT_TOOL_FOUND=1 FILE_INT_TOOL_FOUND=1
Display --indent 4 --text "- Samhain" --result FOUND --color GREEN Display --indent 4 --text "- Samhain" --result FOUND --color GREEN
else else
LogText "Result: Samhain is not installed" LogText "Result: Samhain is not installed"
if IsVerbose; then Display --indent 4 --text "- Samhain" --result "NOT FOUND" --color WHITE; fi
fi fi
fi fi
# #
@ -159,11 +141,13 @@
LogText "Test: Checking Tripwire binary" LogText "Test: Checking Tripwire binary"
if [ ! "${TRIPWIREBINARY}" = "" ]; then if [ ! "${TRIPWIREBINARY}" = "" ]; then
LogText "Result: Tripwire is installed (${TRIPWIREBINARY})" LogText "Result: Tripwire is installed (${TRIPWIREBINARY})"
Report "file_integrity_tool[]=tripwire"
FILE_INT_TOOL="tripwire" FILE_INT_TOOL="tripwire"
FILE_INT_TOOL_FOUND=1 FILE_INT_TOOL_FOUND=1
Display --indent 4 --text "- Tripwire" --result FOUND --color GREEN Display --indent 4 --text "- Tripwire" --result FOUND --color GREEN
else else
LogText "Result: Tripwire is not installed" LogText "Result: Tripwire is not installed"
if IsVerbose; then Display --indent 4 --text "- Tripwire" --result "NOT FOUND" --color WHITE; fi
fi fi
fi fi
# #
@ -177,11 +161,13 @@
IsRunning ossec-syscheckd IsRunning ossec-syscheckd
if [ ${RUNNING} -eq 1 ]; then if [ ${RUNNING} -eq 1 ]; then
LogText "Result: syscheck (OSSEC) installed" LogText "Result: syscheck (OSSEC) installed"
Report "file_integrity_tool[]=ossec"
FILE_INT_TOOL="ossec-syscheck" FILE_INT_TOOL="ossec-syscheck"
FILE_INT_TOOL_FOUND=1 FILE_INT_TOOL_FOUND=1
Display --indent 4 --text "- OSSEC (syscheck)" --result FOUND --color GREEN Display --indent 4 --text "- OSSEC (syscheck)" --result FOUND --color GREEN
else else
LogText "Result: syscheck (OSSEC) not installed" LogText "Result: syscheck (OSSEC) not installed"
if IsVerbose; then Display --indent 4 --text "- OSSEC" --result "NOT FOUND" --color WHITE; fi
fi fi
fi fi
# #
@ -195,11 +181,13 @@
LogText "Test: Checking mtree binary" LogText "Test: Checking mtree binary"
if [ ! "${MTREEBINARY}" = "" ]; then if [ ! "${MTREEBINARY}" = "" ]; then
LogText "Result: mtree is installed (${MTREEBINARY})" LogText "Result: mtree is installed (${MTREEBINARY})"
Report "file_integrity_tool[]=mtree"
FILE_INT_TOOL="mtree" FILE_INT_TOOL="mtree"
FILE_INT_TOOL_FOUND=1 FILE_INT_TOOL_FOUND=1
Display --indent 4 --text "- mtree" --result FOUND --color GREEN Display --indent 4 --text "- mtree" --result FOUND --color GREEN
else else
LogText "Result: mtree is not installed" LogText "Result: mtree is not installed"
if IsVerbose; then Display --indent 4 --text "- mtree" --result "NOT FOUND" --color WHITE; fi
fi fi
fi fi
# #
@ -214,13 +202,17 @@
IsRunning 'lfd ' IsRunning 'lfd '
if [ ${RUNNING} -eq 1 ]; then if [ ${RUNNING} -eq 1 ]; then
LogText "Result: lfd daemon is running (CSF)" LogText "Result: lfd daemon is running (CSF)"
Display --indent 6 --text "- Daemon status" --result RUNNING --color GREEN Report "file_integrity_tool[]=csf-lfd"
Display --indent 6 --text "- LFD (CSF) daemon" --result RUNNING --color GREEN
FILE_INT_TOOL="csf-lfd" FILE_INT_TOOL="csf-lfd"
FILE_INT_TOOL_FOUND=1 FILE_INT_TOOL_FOUND=1
else else
Display --indent 6 --text "- Daemon status" --result "NOT RUNNING" --color YELLOW Display --indent 6 --text "- LFD (CSF) daemon" --result "NOT RUNNING" --color YELLOW
fi fi
fi fi
#
#################################################################################
#
# Test : FINT-4336 # Test : FINT-4336
# Description : Check if LFD is enabled (part of CSF suite) # Description : Check if LFD is enabled (part of CSF suite)
if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
@ -250,7 +242,7 @@
Display --indent 6 --text "- Directory/File watches" --result DISABLED --color YELLOW Display --indent 6 --text "- Directory/File watches" --result DISABLED --color YELLOW
fi fi
fi fi
#
################################################################################# #################################################################################
# #
# Test : FINT-4338 # Test : FINT-4338
@ -261,11 +253,33 @@
IsRunning osqueryd IsRunning osqueryd
if [ ${RUNNING} -eq 1 ]; then if [ ${RUNNING} -eq 1 ]; then
LogText "Result: syscheck (osquery) installed" LogText "Result: syscheck (osquery) installed"
Report "file_integrity_tool[]=osquery"
FILE_INT_TOOL="osquery" FILE_INT_TOOL="osquery"
FILE_INT_TOOL_FOUND=1 FILE_INT_TOOL_FOUND=1
Display --indent 4 --text "- osquery (syscheck)" --result FOUND --color GREEN Display --indent 4 --text "- osquery daemon (syscheck)" --result FOUND --color GREEN
else else
LogText "Result: syscheck (osquery) not installed" LogText "Result: syscheck (osquery) not installed"
if IsVerbose; then Display --indent 4 --text "- osquery daemon (syscheck)" --result "NOT FOUND" --color WHITE; fi
fi
fi
#
#################################################################################
#
# Test : FINT-4402 (was FINT-4316)
# Description : Check if AIDE is configured to use SHA256 or SHA512 checksums
if [ ! "${AIDEBINARY}" = "" -a ! "${AIDECONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no FINT-4402 --preqs-met ${PREQS_MET} --weight L --network NO --description "AIDE configuration: Checksums (SHA256 or SHA512)"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=`${GREPBINARY} -v "^#" ${AIDECONFIG} | ${EGREPBINARY} "= .*(sha256|sha512)"`
if [ "${FIND2}" = "" ]; then
LogText "Result: No SHA256 or SHA512 found for creating checksums"
Display --indent 6 --text "- AIDE config (Checksum)" --result Suggestion --color YELLOW
ReportSuggestion ${TEST_NO} "Use SHA256 or SHA512 to create checksums in AIDE"
AddHP 1 3
else
LogText "Result: Found SHA256 or SHA512 found for creating checksums"
Display --indent 6 --text "- AIDE config (Checksum)" --result OK --color GREEN
AddHP 2 2
fi fi
fi fi
# #
@ -288,12 +302,11 @@
fi fi
fi fi
# #
#################################################################################
#
Report "file_integrity_tool=${FILE_INT_TOOL}" Report "file_integrity_tool=${FILE_INT_TOOL}"
Report "file_integrity_tool_installed=${FILE_INT_TOOL_FOUND}" Report "file_integrity_tool_installed=${FILE_INT_TOOL_FOUND}"
WaitForKeyPress WaitForKeyPress
# #
#================================================================================ #================================================================================
# Lynis - Copyright 2007-2016 Michael Boelen, CISOfy - https://cisofy.com # Lynis - Copyright 2007-2016 Michael Boelen, CISOfy - https://cisofy.com