tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed pandora_security_check plugin

This commit is contained in:
Enrique Martin 2024-04-03 16:30:21 +02:00
parent 6ccdc8c4d3
commit db4c80eb37
4 changed files with 35 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pandora_agents/pc/Linux/pandora_agent.conf
View File

@ -310,10 +310,6 @@ module_plugin pandora_df
#module_description Postcondition test module #module_description Postcondition test module
#module_end #module_end
# This plugin runs several security checks in a Linux system
#module_plugin pandora_security_check
# Extraction module example # Extraction module example
#module_begin #module_begin
#module_name Collector #module_name Collector

3
pandora_agents/unix/Linux/pandora_agent.conf
View File

@ -270,6 +270,9 @@ module_plugin pandora_netusage
# Service autodiscovery plugin # Service autodiscovery plugin
module_plugin autodiscover --default module_plugin autodiscover --default
# This plugin runs several security checks in a Linux system
# module_plugin perl /usr/share/pandora_agent/plugins/pandora_security_check --conf /usr/share/pandora_agent/plugins/pandora_security_check.conf
# Plugin for inventory on the agent. # Plugin for inventory on the agent.
# module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route # module_plugin inventory 1 cpu ram video nic hd cdrom software init_services filesystem users route

19
pandora_agents/unix/plugins/pandora_security_check
View File

@ -297,6 +297,10 @@ sub parse_configuration {
$line =~ s/^\s+//; $line =~ s/^\s+//;
$line =~ s/\s+$//; $line =~ s/\s+$//;
if($line =~ /^$/) {
next;
}
if ($line =~ /^\[($b_ports|$b_files|$b_passwords)\]$/) { if ($line =~ /^\[($b_ports|$b_files|$b_passwords)\]$/) {
$configuration_block = $1; $configuration_block = $1;
} }
@ -537,7 +541,6 @@ if ($check_files) {
if ($can_check_files) { if ($can_check_files) {
# Check each file integrity # Check each file integrity
my @errored_files;
my @no_integrity_files; my @no_integrity_files;
# Create unique check files list # Create unique check files list
@ -556,8 +559,6 @@ if ($check_files) {
push @no_integrity_files, $file; push @no_integrity_files, $file;
} }
$integrity{$file_key} = $file_md5; $integrity{$file_key} = $file_md5;
} else {
push @errored_files, $file;
} }
} }
@ -571,11 +572,6 @@ if ($check_files) {
$value = 0; $value = 0;
$desc = "Changed files found:\n" . join("\n", @no_integrity_files); $desc = "Changed files found:\n" . join("\n", @no_integrity_files);
} }
if (@errored_files) {
$value = 0;
$desc .= "\nUnable to check integrity of some files:\n" . join("\n", @errored_files);
}
} }
print_xml_module('Files check status', 'generic_proc', $desc, $value); print_xml_module('Files check status', 'generic_proc', $desc, $value);
@ -596,10 +592,15 @@ if ($check_passwords) {
open my $shadow_fh, '<', $shadow_file; open my $shadow_fh, '<', $shadow_file;
while (my $line = <$shadow_fh>) { while (my $line = <$shadow_fh>) {
chomp $line; chomp $line;
if($line =~ /^$/) {
next;
}
my ($username, $password_hash, @rest) = split /:/, $line; my ($username, $password_hash, @rest) = split /:/, $line;
# Skip users with no password hash # Skip users with no password hash
if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked") { if ($password_hash ne "*" && $password_hash ne "!!" && $password_hash ne "!locked" && $password_hash ne "!*") {
my $salt = substr($password_hash, 0, rindex($password_hash, '$') + 1); my $salt = substr($password_hash, 0, rindex($password_hash, '$') + 1);
my $user_hash = crypt($username, $salt); my $user_hash = crypt($username, $salt);
if ($user_hash eq $password_hash) { if ($user_hash eq $password_hash) {

22
pandora_agents/unix/plugins/pandora_security_check.conf Normal file
View File

@ -0,0 +1,22 @@
[PORTS]
22
80
443
41121
8080
[FILES]
/etc/httpd/httpd.conf
/etc/my.cnf
/etc/sudoers
/etc/passwd
/etc/hosts
[PASSWORDS]
pandora
PANDORA
P4nd0r4
password
root
linux
admin