Merge branch 'ent-13165-casque-en-plugin-de-seguridad' into 'develop'

Fixed pandora_security_check plugin See merge request artica/pandorafms!7135
2024-04-05 07:39:15 +00:00 · 2024-04-05 07:39:15 +00:00 · 376c94a015
parent af5e96158d db4c80eb37
commit 376c94a015
4 changed files with 35 additions and 13 deletions
--- a/pandora_agents/pc/Linux/pandora_agent.conf
+++ b/pandora_agents/pc/Linux/pandora_agent.conf
@ -310,10 +310,6 @@ module_plugin pandora_df
 #module_description Postcondition test module
 #module_end

-# This plugin runs several security checks in a Linux system
-
-#module_plugin pandora_security_check
-
 # Extraction module example
 #module_begin                    
 #module_name Collector   
--- a/pandora_agents/unix/Linux/pandora_agent.conf
+++ b/pandora_agents/unix/Linux/pandora_agent.conf
@ -270,6 +270,9 @@ module_plugin pandora_netusage
 # Service autodiscovery plugin
 module_plugin autodiscover --default

+# This plugin runs several security checks in a Linux system
+# module_plugin perl /usr/share/pandora_agent/plugins/pandora_security_check --conf /usr/share/pandora_agent/plugins/pandora_security_check.conf
+
 # Plugin for inventory on the agent.
 # module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route

--- a/pandora_agents/unix/plugins/pandora_security_check
+++ b/pandora_agents/unix/plugins/pandora_security_check
@ -297,6 +297,10 @@ sub parse_configuration {
        $line =~ s/^\s+//;
        $line =~ s/\s+$//;

+        if($line =~ /^$/) {
+            next;
+        }
+
        if ($line =~ /^\[($b_ports|$b_files|$b_passwords)\]$/) {
            $configuration_block = $1;
        }
@ -537,7 +541,6 @@ if ($check_files) {

    if ($can_check_files) {
        # Check each file integrity
-        my @errored_files;
        my @no_integrity_files;

        # Create unique check files list
@ -556,8 +559,6 @@ if ($check_files) {
                    push @no_integrity_files, $file;
                }
                $integrity{$file_key} = $file_md5;
-            } else {
-                push @errored_files, $file;
            }
        }

@ -571,11 +572,6 @@ if ($check_files) {
            $value = 0;
            $desc = "Changed files found:\n" . join("\n", @no_integrity_files);
        }
-
-        if (@errored_files) {
-            $value = 0;
-            $desc .= "\nUnable to check integrity of some files:\n" . join("\n", @errored_files);
-        }
    }

    print_xml_module('Files check status', 'generic_proc', $desc, $value);
@ -596,10 +592,15 @@ if ($check_passwords) {
        open my $shadow_fh, '<', $shadow_file;
        while (my $line = <$shadow_fh>) {
            chomp $line;
+
+            if($line =~ /^$/) {
+                next;
+            }
+            
            my ($username, $password_hash, @rest) = split /:/, $line;

            # Skip users with no password hash
-            if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked") {
+            if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked" && $password_hash ne "!*") {
                my $salt = substr($password_hash, 0, rindex($password_hash, '$') + 1);
                my $user_hash = crypt($username, $salt);
                if ($user_hash eq $password_hash) {
--- a/pandora_agents/unix/plugins/pandora_security_check.conf
+++ b/pandora_agents/unix/plugins/pandora_security_check.conf
@ -0,0 +1,22 @@
+[PORTS]
+22
+80
+443
+41121
+8080
+
+[FILES]
+/etc/httpd/httpd.conf
+/etc/my.cnf
+/etc/sudoers
+/etc/passwd
+/etc/hosts
+
+[PASSWORDS]
+pandora
+PANDORA
+P4nd0r4
+password
+root
+linux
+admin