aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEugeni Dodonov <eugeni@mandriva.org>2010-02-08 14:07:22 +0000
committerEugeni Dodonov <eugeni@mandriva.org>2010-02-08 14:07:22 +0000
commitc60397c453fee88ec3e97d90ca2882d00fbd0b49 (patch)
treefad8780079d5397c0a1178c45b47ab966b05a200
parent35aaa30c2a0ca81c6a9d55d4c1c1cb53d5228371 (diff)
downloadmsec-c60397c453fee88ec3e97d90ca2882d00fbd0b49.tar
msec-c60397c453fee88ec3e97d90ca2882d00fbd0b49.tar.gz
msec-c60397c453fee88ec3e97d90ca2882d00fbd0b49.tar.bz2
msec-c60397c453fee88ec3e97d90ca2882d00fbd0b49.tar.xz
msec-c60397c453fee88ec3e97d90ca2882d00fbd0b49.zip
Added support for periodic checks
-rwxr-xr-xcron-sh/scripts/01_files.sh25
-rwxr-xr-xcron-sh/scripts/02_network.sh12
-rwxr-xr-xcron-sh/scripts/03_rpm.sh4
-rwxr-xr-xcron-sh/scripts/04_rootkit.sh6
-rwxr-xr-xcron-sh/scripts/05_access.sh10
5 files changed, 28 insertions, 29 deletions
diff --git a/cron-sh/scripts/01_files.sh b/cron-sh/scripts/01_files.sh
index b7f2d76..698b8ef 100755
--- a/cron-sh/scripts/01_files.sh
+++ b/cron-sh/scripts/01_files.sh
@@ -53,8 +53,7 @@ if [[ -f ${UNOWNED_GROUP_TODAY} ]]; then
fi
# only running this check when really required
-if [[ ${CHECK_SUID_MD5} == yes || ${CHECK_SUID_ROOT} == yes || ${CHECK_SGID} == yes || ${CHECK_WRITABLE} == yes || ${CHECK_UNOWNED} == yes ]]; then
-
+if check_is_enabled "${CHECK_SUID_MD5}" || check_is_enabled "${CHECK_SUID_ROOT}" || check_is_enabled "${CHECK_SGID}" || check_is_enabled "${CHECK_WRITABLE}" || check_is_enabled "${CHECK_UNOWNED}" ; then
# Hard disk related file check; the less priority the better...
nice --adjustment=+19 /usr/bin/msec_find ${DIR}
fi
@@ -90,7 +89,7 @@ if [[ -f ${UNOWNED_GROUP_TODAY} ]]; then
mv -f ${UNOWNED_GROUP_TODAY}.tmp ${UNOWNED_GROUP_TODAY}
fi
-if [[ -f ${SUID_ROOT_TODAY} && ${CHECK_SUID_MD5} == yes ]]; then
+if check_is_enabled "${CHECK_SUID_MD5}" && [[ -f ${SUID_ROOT_TODAY} ]]; then
while read line; do
md5sum ${line}
done < ${SUID_ROOT_TODAY} > ${SUID_MD5_TODAY}
@@ -99,25 +98,25 @@ else
fi
### New Suid root files detection
-if [[ ${CHECK_SUID_ROOT} == yes ]]; then
+if check_is_enabled "${CHECK_SUID_ROOT}" ; then
Diffcheck ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_DIFF} "Suid Root files"
Count ${INFOS} ${SUID_ROOT_TODAY} "Total of Suid Root files"
fi
### New Sgid files detection
-if [[ ${CHECK_SGID} == yes ]]; then
+if check_is_enabled "${CHECK_SGID}" ; then
Diffcheck ${SGID_TODAY} ${SGID_YESTERDAY} ${SGID_DIFF} "Sgid files"
Count ${INFOS} ${SGID_TODAY} "Total of Sgid files"
fi
### Writable files detection
-if [[ ${CHECK_WRITABLE} == yes ]]; then
+if check_is_enabled "${CHECK_WRITABLE}" ; then
Diffcheck ${WRITABLE_TODAY} ${WRITABLE_YESTERDAY} ${WRITABLE_DIFF} "World Writable files"
Count ${INFOS} ${WRITABLE_TODAY} "Total of World Writable files"
fi
### Search Non Owned files
-if [[ ${CHECK_UNOWNED} == yes ]]; then
+if check_is_enabled "${CHECK_UNOWNED}" ; then
Diffcheck ${UNOWNED_USER_TODAY} ${UNOWNED_USER_YESTERDAY} ${UNOWNED_USER_DIFF} "Un-owned files"
Count ${INFOS} ${UNOWNED_USER_TODAY} "Total of Un-owned files"
Diffcheck ${UNOWNED_GROUP_TODAY} ${UNOWNED_GROUP_YESTERDAY} ${UNOWNED_GROUP_DIFF} "Un-owned group files"
@@ -125,13 +124,13 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
fi
### Md5 check for SUID root fileg
-if [[ ${CHECK_SUID_MD5} == yes ]]; then
+if check_is_enabled "${CHECK_SUID_MD5}" ; then
Diffcheck ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY} ${SUID_MD5_DIFF} "SUID files MD5 checksum"
Count ${INFOS} ${SUID_MD5_TODAY} "Total of SUID files with controlled MD5 checksum"
fi
### Writable file detection
-if [[ ${CHECK_WRITABLE} == yes ]]; then
+if check_is_enabled "${CHECK_WRITABLE}" ; then
if [[ -s ${WRITABLE_TODAY} ]]; then
printf "\nSecurity Warning: World Writable files found :\n" >> ${SECURITY}
cat ${WRITABLE_TODAY} | awk '{print "\t\t- " $0}' >> ${SECURITY}
@@ -139,7 +138,7 @@ if [[ ${CHECK_WRITABLE} == yes ]]; then
fi
### Search Un Owned file
-if [[ ${CHECK_UNOWNED} == yes ]]; then
+if check_is_enabled "${CHECK_UNOWNED}" ; then
if [[ -s ${UNOWNED_USER_TODAY} ]]; then
printf "\nSecurity Warning : User Unowned files found :\n" >> ${SECURITY}
printf "\t( theses files now have user \"nobody\" as their owner. )\n" >> ${SECURITY}
@@ -163,7 +162,7 @@ if [[ ${CHECK_UNOWNED} == yes ]]; then
fi
fi
-if [[ ${CHECK_USER_FILES} == yes ]]; then
+if check_is_enabled "${CHECK_USER_FILES}" ; then
# Files that should not be owned by someone else or readable.
list=".netrc .rhosts .shosts .Xauthority .gnupg/secring.gpg \
.pgp/secring.pgp .ssh/identity .ssh/id_dsa .ssh/id_rsa .ssh/random_seed"
@@ -256,8 +255,8 @@ fi
fi # End of CHECK_USER_FILES
# now check default permissions
-if [[ ${CHECK_PERMS} == yes || ${CHECK_PERMS} == enforce ]]; then
- if [[ ${CHECK_PERMS} == enforce ]]; then
+if check_is_enabled "${CHECK_PERMS}" ; then
+ if [[ ${CHECK_PERMS_ENFORCE} == yes ]]; then
MSECPERMS_PARAMS="-e"
else
MSECPERMS_PARAMS=""
diff --git a/cron-sh/scripts/02_network.sh b/cron-sh/scripts/02_network.sh
index b52f914..7e41d48 100755
--- a/cron-sh/scripts/02_network.sh
+++ b/cron-sh/scripts/02_network.sh
@@ -24,30 +24,30 @@ if [[ -f ${FIREWALL_TODAY} ]]; then
mv -f ${FIREWALL_TODAY} ${FIREWALL_YESTERDAY}
fi
-if [[ ${CHECK_OPEN_PORT} == yes ]]; then
+if check_is_enabled "${CHECK_OPEN_PORT}" ; then
netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
Filter ${OPEN_PORT_TODAY} CHECK_OPEN_PORT
Count ${INFOS} ${OPEN_PORT_TODAY} "Total of open network ports"
fi
-if [[ ${CHECK_FIREWALL} == yes ]]; then
+if check_is_enabled "${CHECK_FIREWALL}" ; then
iptables -S 2>/dev/null > ${FIREWALL_TODAY}
Filter ${FIREWALL_TODAY} CHECK_FIREWALL
Count ${INFOS} ${FIREWALL_TODAY} "Total of configured firewall rules"
fi
### Changed open port
-if [[ ${CHECK_OPEN_PORT} == yes ]]; then
+if check_is_enabled "${CHECK_OPEN_PORT}" ; then
Diffcheck ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY} ${OPEN_PORT_DIFF} "network listening ports"
fi
### Changed firewall
-if [[ ${CHECK_FIREWALL} == yes ]]; then
+if check_is_enabled "${CHECK_FIREWALL}" ; then
Diffcheck ${FIREWALL_TODAY} ${FIREWALL_YESTERDAY} ${FIREWALL_DIFF} "firewall rules"
fi
### Dump a list of open port.
-if [[ ${CHECK_OPEN_PORT} == yes ]]; then
+if check_is_enabled "${CHECK_OPEN_PORT}" ; then
if [[ -s ${OPEN_PORT_TODAY} ]]; then
printf "\nThese are the ports listening on your machine :\n" >> ${SECURITY}
cat ${OPEN_PORT_TODAY} >> ${SECURITY}
@@ -55,7 +55,7 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then
fi
### Check if network is in promisc mode
-if [[ ${CHECK_PROMISC} == yes ]]; then
+if check_is_enabled "${CHECK_PROMISC}" ; then
export SECURITY
/usr/share/msec/promisc_check.sh
fi
diff --git a/cron-sh/scripts/03_rpm.sh b/cron-sh/scripts/03_rpm.sh
index 264bd63..cc6beea 100755
--- a/cron-sh/scripts/03_rpm.sh
+++ b/cron-sh/scripts/03_rpm.sh
@@ -38,7 +38,7 @@ fi
### rpm database check
# list of installed packages
-if [[ ${CHECK_RPM_PACKAGES} == yes ]]; then
+if check_is_enabled "${CHECK_RPM_PACKAGES}" ; then
rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" | sort > ${RPM_QA_TODAY}
Filter ${RPM_QA_TODAY} CHECK_RPM_PACKAGES
Count ${INFOS} ${RPM_QA_TODAY} "Total of installed packages"
@@ -46,7 +46,7 @@ if [[ ${CHECK_RPM_PACKAGES} == yes ]]; then
fi
# integrity of installed packages
-if [[ ${CHECK_RPM_INTEGRITY} == yes ]]; then
+if check_is_enabled "${CHECK_RPM_INTEGRITY}" ; then
rm -f ${RPM_VA_TODAY}.tmp
nice --adjustment=+19 rpm -Va --noscripts | grep '^..5' | sort > ${RPM_VA_TODAY}.tmp
Filter ${RPM_VA_TODAY} CHECK_RPM_INTEGRITY
diff --git a/cron-sh/scripts/04_rootkit.sh b/cron-sh/scripts/04_rootkit.sh
index 8060343..b8f598a 100755
--- a/cron-sh/scripts/04_rootkit.sh
+++ b/cron-sh/scripts/04_rootkit.sh
@@ -17,11 +17,11 @@ if [[ -f ${CHKROOTKIT_TODAY} ]]; then
mv ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY};
if [ ! -x /usr/sbin/chkrootkit ]; then
printf "\nSecurity Warning: chkrootkit is enabled but was uninstalled\n" >> ${CHKROOTKIT_DIFF}
- fi
+ fi
fi
### chkrootkit checks
-if [[ ${CHECK_CHKROOTKIT} == yes ]]; then
+if check_is_enabled "${CHECK_CHKROOTKIT}" ; then
if [ -x /usr/sbin/chkrootkit ]; then
# do not check on NFS
/usr/sbin/chkrootkit -n ${CHKROOTKIT_OPTION} > ${CHKROOTKIT_TODAY}
@@ -43,7 +43,7 @@ if [[ ${CHECK_CHKROOTKIT} == yes ]]; then
fi
### Changed chkrootkit
-if [[ ${CHECK_CHKROOTKIT} == yes ]]; then
+if check_is_enabled "${CHECK_CHKROOTKIT}" ; then
if [ -x /usr/sbin/chkrootkit ]; then
Diffcheck ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_DIFF} "chkrootkit results"
fi
diff --git a/cron-sh/scripts/05_access.sh b/cron-sh/scripts/05_access.sh
index e3ecb72..033aa6b 100755
--- a/cron-sh/scripts/05_access.sh
+++ b/cron-sh/scripts/05_access.sh
@@ -19,7 +19,7 @@ if [[ -f ${USERS_LIST_TODAY} ]]; then
fi
# check for changes in users
-if [[ ${CHECK_USERS} == yes ]]; then
+if check_is_enabled "${CHECK_USERS}" ; then
getent passwd | cut -f 1 -d : | sort > ${USERS_LIST_TODAY}
Filter ${USERS_LIST_TODAY} CHECK_USERS
Diffcheck ${USERS_LIST_TODAY} ${USERS_LIST_YESTERDAY} ${USERS_LIST_DIFF} "local users"
@@ -36,7 +36,7 @@ if [[ -f ${GROUPS_LIST_TODAY} ]]; then
fi
# check for changes in groups
-if [[ ${CHECK_GROUPS} == yes ]]; then
+if check_is_enabled "${CHECK_GROUPS}" ; then
getent passwd | cut -f 1 -d : | sort > ${GROUPS_LIST_TODAY}
Filter ${GROUPS_LIST_TODAY} CHECK_GROUPS
Diffcheck ${GROUPS_LIST_TODAY} ${GROUPS_LIST_YESTERDAY} ${GROUPS_LIST_DIFF} "local groups"
@@ -44,7 +44,7 @@ if [[ ${CHECK_GROUPS} == yes ]]; then
fi
### Passwd file check
-if [[ ${CHECK_PASSWD} == yes ]]; then
+if check_is_enabled "${CHECK_PASSWD}" ; then
getent passwd | awk -F: '{
if ( $2 == "" )
printf("\t\t- /etc/passwd:%d: User \"%s\" has no password !\n", FNR, $1);
@@ -63,7 +63,7 @@ if [[ ${CHECK_PASSWD} == yes ]]; then
fi
### Shadow password file Check
-if [[ ${CHECK_SHADOW} == yes ]]; then
+if check_is_enabled "${CHECK_SHADOW}" ; then
awk -F: '{
if ( $2 == "" )
printf("\t\t- /etc/shadow:%d: User \"%s\" has no password !\n", FNR, $1);
@@ -126,7 +126,7 @@ for file in $list ; do
done > ${MSEC_TMP}
### Passwd file check
-if [[ ${CHECK_SHOSTS} == yes ]]; then
+if check_is_enabled "${CHECK_SHOSTS}" ; then
getent passwd | awk -F: '{print $1" "$6}' |
while read username homedir; do
if ! expr "$homedir" : "$FILTER" > /dev/null; then