From db4c80eb37a5847f03255b01bed16ae1569f49ed Mon Sep 17 00:00:00 2001 From: Enrique Martin Date: Wed, 3 Apr 2024 16:30:21 +0200 Subject: [PATCH] Fixed pandora_security_check plugin --- pandora_agents/pc/Linux/pandora_agent.conf | 4 ---- pandora_agents/unix/Linux/pandora_agent.conf | 3 +++ .../unix/plugins/pandora_security_check | 19 ++++++++-------- .../unix/plugins/pandora_security_check.conf | 22 +++++++++++++++++++ 4 files changed, 35 insertions(+), 13 deletions(-) create mode 100644 pandora_agents/unix/plugins/pandora_security_check.conf diff --git a/pandora_agents/pc/Linux/pandora_agent.conf b/pandora_agents/pc/Linux/pandora_agent.conf index 4f49fb8cf5..8cb980cff1 100644 --- a/pandora_agents/pc/Linux/pandora_agent.conf +++ b/pandora_agents/pc/Linux/pandora_agent.conf @@ -310,10 +310,6 @@ module_plugin pandora_df #module_description Postcondition test module #module_end -# This plugin runs several security checks in a Linux system - -#module_plugin pandora_security_check - # Extraction module example #module_begin #module_name Collector diff --git a/pandora_agents/unix/Linux/pandora_agent.conf b/pandora_agents/unix/Linux/pandora_agent.conf index 882be1bda8..20714a13b7 100644 --- a/pandora_agents/unix/Linux/pandora_agent.conf +++ b/pandora_agents/unix/Linux/pandora_agent.conf @@ -270,6 +270,9 @@ module_plugin pandora_netusage # Service autodiscovery plugin module_plugin autodiscover --default +# This plugin runs several security checks in a Linux system +# module_plugin perl /usr/share/pandora_agent/plugins/pandora_security_check --conf /usr/share/pandora_agent/plugins/pandora_security_check.conf + # Plugin for inventory on the agent. # module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route diff --git a/pandora_agents/unix/plugins/pandora_security_check b/pandora_agents/unix/plugins/pandora_security_check index 0ad845639b..53022feba7 100644 --- a/pandora_agents/unix/plugins/pandora_security_check +++ b/pandora_agents/unix/plugins/pandora_security_check @@ -297,6 +297,10 @@ sub parse_configuration { $line =~ s/^\s+//; $line =~ s/\s+$//; + if($line =~ /^$/) { + next; + } + if ($line =~ /^\[($b_ports|$b_files|$b_passwords)\]$/) { $configuration_block = $1; } @@ -537,7 +541,6 @@ if ($check_files) { if ($can_check_files) { # Check each file integrity - my @errored_files; my @no_integrity_files; # Create unique check files list @@ -556,8 +559,6 @@ if ($check_files) { push @no_integrity_files, $file; } $integrity{$file_key} = $file_md5; - } else { - push @errored_files, $file; } } @@ -571,11 +572,6 @@ if ($check_files) { $value = 0; $desc = "Changed files found:\n" . join("\n", @no_integrity_files); } - - if (@errored_files) { - $value = 0; - $desc .= "\nUnable to check integrity of some files:\n" . join("\n", @errored_files); - } } print_xml_module('Files check status', 'generic_proc', $desc, $value); @@ -596,10 +592,15 @@ if ($check_passwords) { open my $shadow_fh, '<', $shadow_file; while (my $line = <$shadow_fh>) { chomp $line; + + if($line =~ /^$/) { + next; + } + my ($username, $password_hash, @rest) = split /:/, $line; # Skip users with no password hash - if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked") { + if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked" && $password_hash ne "!*") { my $salt = substr($password_hash, 0, rindex($password_hash, '$') + 1); my $user_hash = crypt($username, $salt); if ($user_hash eq $password_hash) { diff --git a/pandora_agents/unix/plugins/pandora_security_check.conf b/pandora_agents/unix/plugins/pandora_security_check.conf new file mode 100644 index 0000000000..c48d94af4d --- /dev/null +++ b/pandora_agents/unix/plugins/pandora_security_check.conf @@ -0,0 +1,22 @@ +[PORTS] +22 +80 +443 +41121 +8080 + +[FILES] +/etc/httpd/httpd.conf +/etc/my.cnf +/etc/sudoers +/etc/passwd +/etc/hosts + +[PASSWORDS] +pandora +PANDORA +P4nd0r4 +password +root +linux +admin