create check summary report

5 files changed, 40 insertions, 12 deletions

diff --git a/cron-sh/scripts/01_files.sh b/cron-sh/scripts/01_files.sh
index b9940ed..9720f55 100755
--- a/cron-sh/scripts/01_files.sh
+++ b/cron-sh/scripts/01_files.sh
@@ -95,27 +95,33 @@ fi
 ### New Suid root files detection
 if [[ ${CHECK_SUID_ROOT} == yes ]]; then
         Diffcheck ${SUID_ROOT_TODAY} ${SUID_ROOT_YESTERDAY} ${SUID_ROOT_DIFF} "Suid Root files"
+        Count ${INFOS} ${SUID_ROOT_TODAY} "Total of Suid Root files"
 fi
 
 ### New Sgid files detection
 if [[ ${CHECK_SGID} == yes ]]; then
         Diffcheck ${SGID_TODAY} ${SGID_YESTERDAY} ${SGID_DIFF} "Sgid files"
+        Count ${INFOS} ${SGID_TODAY} "Total of Sgid files"
 fi
 
 ### Writable files detection
 if [[ ${CHECK_WRITABLE} == yes ]]; then
         Diffcheck ${WRITABLE_TODAY} ${WRITABLE_YESTERDAY} ${WRITABLE_DIFF} "World Writable files"
+        Count ${INFOS} ${WRITABLE_TODAY} "Total of World Writable files"
 fi
 
 ### Search Non Owned files
 if [[ ${CHECK_UNOWNED} == yes ]]; then
         Diffcheck ${UNOWNED_USER_TODAY} ${UNOWNED_USER_YESTERDAY} ${UNOWNED_USER_DIFF} "Un-owned files"
+        Count ${INFOS} ${UNOWNED_USER_TODAY} "Total of Un-owned files"
         Diffcheck ${UNOWNED_GROUP_TODAY} ${UNOWNED_GROUP_YESTERDAY} ${UNOWNED_GROUP_DIFF} "Un-owned group files"
+        Count ${INFOS} ${UNOWNED_GROUP_TODAY} "Total of Un-owned group files"
 fi
 
 ### Md5 check for SUID root fileg
 if [[ ${CHECK_SUID_MD5} == yes  ]]; then
         Diffcheck ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY} ${SUID_MD5_DIFF} "SUID files MD5 checksum"
+        Count ${INFOS} ${SUID_MD5_TODAY} "Total of SUID files with controlled MD5 checksum"
 fi
 
 ### Writable file detection
@@ -178,6 +184,7 @@ done | awk -F: '$1 != $6 && $6 != "0" \
         { print "\t\t- " $3 " : file is other writable." }' > ${MSEC_TMP}
 
 if [[ -s ${MSEC_TMP} ]]; then
+    Count ${INFOS} ${MSEC_TMP} "Total of unsecure user files"
     printf "\nSecurity Warning: these files shouldn't be owned by someone else or readable :\n" >> ${SECURITY}
     cat ${MSEC_TMP} >> ${SECURITY}
 fi
@@ -208,6 +215,7 @@ done | awk -F: '$1 != $6 && $6 != "0" \
         { print "\t\t- " $3 " : file is other writable." }' > ${MSEC_TMP}
 
 if [[ -s ${MSEC_TMP} ]]; then
+    Count ${INFOS} ${MSEC_TMP} "Total of user files that should not be writable"
     printf "\nSecurity Warning: theses files should not be owned by someone else or writable :\n" >> ${SECURITY}
     cat ${MSEC_TMP} >> ${SECURITY}
 fi
@@ -231,6 +239,7 @@ done | awk -F: '$3 != $5 && $5 != "(0)" \
         { print "user=" $2 $3" : home directory is other writable." }' > ${MSEC_TMP}
 
 if [[ -s $MSEC_TMP ]] ; then
+        Count ${INFOS} ${MSEC_TMP} "Total of users whose home directories have unsafe permissions "
         printf "\nSecurity Warning: these home directory should not be owned by someone else or writable :\n" >> ${SECURITY}
         cat ${MSEC_TMP} >> ${SECURITY}
 fi
@@ -244,8 +253,9 @@ if [[ ${CHECK_PERMS} == yes || ${CHECK_PERMS} == enforce ]]; then
                 MSECPERMS_PARAMS=""
         fi
         # running msec_perms
-        /usr/sbin/msecperms $MSECPERMS_PARAMS > ${MSEC_TMP} 2>&1
+        /usr/sbin/msecperms $MSECPERMS_PARAMS | grep WARNING > ${MSEC_TMP} 2>&1
         if [[ -s ${MSEC_TMP} ]]; then
+                Count ${INFOS} ${MSEC_TMP} "Permission changes on files watched by msecperms"
                 printf "\nPermissions changes on files watched by msec:\n" >> ${SECURITY}
                 cat ${MSEC_TMP} | sed -e 's/WARNING: //g' >> ${SECURITY}
         fi
diff --git a/cron-sh/scripts/02_network.sh b/cron-sh/scripts/02_network.sh
index 8e2286c..c31b101 100755
--- a/cron-sh/scripts/02_network.sh
+++ b/cron-sh/scripts/02_network.sh
@@ -26,10 +26,12 @@ fi
 
 if [[ ${CHECK_OPEN_PORT} == yes ]]; then
         netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
+        Count ${INFOS} ${OPEN_PORT_TODAY} "Total of open network ports"
 fi
 
 if [[ ${CHECK_FIREWALL} == yes ]]; then
         iptables -S 2>/dev/null > ${FIREWALL_TODAY}
+        Count ${INFOS} ${FIREWALL_TODAY} "Total of configured firewall rules"
 fi
 
 ### Changed open port
@@ -45,8 +47,8 @@ fi
 ### Dump a list of open port.
 if [[ ${CHECK_OPEN_PORT} == yes ]]; then
     if [[ -s ${OPEN_PORT_TODAY} ]]; then
-        printf "\nThese are the ports listening on your machine :\n" >> ${INFOS}
-        cat ${OPEN_PORT_TODAY} >> ${INFOS}
+        printf "\nThese are the ports listening on your machine :\n" >> ${SECURITY}
+        cat ${OPEN_PORT_TODAY} >> ${SECURITY}
     fi
 fi
 
diff --git a/cron-sh/scripts/03_rpm.sh b/cron-sh/scripts/03_rpm.sh
index cc10a91..24353e2 100755
--- a/cron-sh/scripts/03_rpm.sh
+++ b/cron-sh/scripts/03_rpm.sh
@@ -40,6 +40,7 @@ fi
 # list of installed packages
 if [[ ${CHECK_RPM_PACKAGES} == yes ]]; then
     rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE}\n" | sort > ${RPM_QA_TODAY}
+    Count ${INFOS} ${RPM_QA_TODAY} "Total of installed packages"
     Diffcheck ${RPM_QA_TODAY} ${RPM_QA_YESTERDAY} ${RPM_QA_DIFF} "packages"
 fi
 
@@ -54,11 +55,13 @@ if [[ ${CHECK_RPM_INTEGRITY} == yes ]]; then
     # full check
     if [[ -s ${RPM_VA_TODAY} ]]; then
         printf "\nSecurity Warning: These files belonging to packages are modified on the system :\n" >> ${SECURITY}
+        Count ${INFOS} ${RPM_VA_TODAY} "Total of files belonging to packages that were modified since the install"
         cat ${RPM_VA_TODAY} >> ${SECURITY}
     fi
 
     if [[ -s ${RPM_VA_CONFIG_TODAY} ]]; then
         printf "\nSecurity Warning: These config files belonging to packages are modified on the system :\n" >> ${SECURITY}
+        Count ${INFOS} ${RPM_VA_CONFIG_TODAY} "Total of configuration files belonging to packages that were modified since the install"
         cat ${RPM_VA_CONFIG_TODAY} >> ${SECURITY}
     fi
 
diff --git a/cron-sh/scripts/04_rootkit.sh b/cron-sh/scripts/04_rootkit.sh
index c518247..3a59b0c 100755
--- a/cron-sh/scripts/04_rootkit.sh
+++ b/cron-sh/scripts/04_rootkit.sh
@@ -18,15 +18,20 @@ if [[ ${CHECK_CHKROOTKIT} == yes ]]; then
     if [ -x /usr/sbin/chkrootkit ]; then
         # do not check on NFS
         /usr/sbin/chkrootkit -n ${CHKROOTKIT_OPTION} > ${CHKROOTKIT_TODAY}
-    fi
-fi
-
-### chkrootkit checks
-if [[ ${CHECK_CHKROOTKIT} == yes ]]; then
-
-    if [[ -s ${CHKROOTKIT_TODAY} ]]; then
-        printf "\nChkrootkit report:\n" >> ${SECURITY}
-        cat ${CHKROOTKIT_TODAY} >> ${SECURITY}
+        res=$?
+        if [ "$res" = "0" ]; then
+                chkrootkit_result="passed"
+        else
+                chkrootkit_result="failed"
+        fi
+        if [[ -s ${CHKROOTKIT_TODAY} ]]; then
+            printf "\nChkrootkit report:\n" >> ${SECURITY}
+            cat ${CHKROOTKIT_TODAY} >> ${SECURITY}
+            echo "Chkrootkit check: $chkrootkit_result" >> ${INFOS}
+        fi
+    else
+            printf "\nChkrootkit check skipped: chkrootkit not found" >> ${SECURITY}
+            echo "Chkrootkit check: skipped (chkrootkit not found)" >> ${INFOS}
     fi
 fi
 
diff --git a/cron-sh/scripts/05_access.sh b/cron-sh/scripts/05_access.sh
index b66e87f..2b35d8c 100755
--- a/cron-sh/scripts/05_access.sh
+++ b/cron-sh/scripts/05_access.sh
@@ -22,6 +22,7 @@ fi
 if [[ ${CHECK_USERS} == yes ]]; then
     getent passwd | cut -f 1 -d : | sort > ${USERS_LIST_TODAY}
     Diffcheck ${USERS_LIST_TODAY} ${USERS_LIST_YESTERDAY} ${USERS_LIST_DIFF} "local users"
+    Count ${INFOS} ${USERS_LIST_TODAY} "Total local users"
 fi
 
 # check for changes in groups
@@ -37,6 +38,7 @@ fi
 if [[ ${CHECK_GROUPS} == yes ]]; then
     getent passwd | cut -f 1 -d : | sort > ${GROUPS_LIST_TODAY}
     Diffcheck ${GROUPS_LIST_TODAY} ${GROUPS_LIST_YESTERDAY} ${GROUPS_LIST_DIFF} "local groups"
+    Count ${INFOS} ${GROUPS_LIST_TODAY} "Total local group"
 fi
 
 ### Passwd file check
@@ -53,6 +55,7 @@ if [[ ${CHECK_PASSWD} == yes ]]; then
     if [[ -s ${MSEC_TMP} ]]; then
         printf "\nSecurity Warning: /etc/passwd check :\n" >> ${SECURITY}
         cat ${MSEC_TMP} >> ${SECURITY}
+        Count ${INFOS} ${MSEC_TMP} "Issues found in /etc/passwd file"
     fi
 fi
 
@@ -66,6 +69,7 @@ if [[ ${CHECK_SHADOW} == yes ]]; then
     if [[ -s ${MSEC_TMP} ]]; then
         printf "\nSecurity Warning: /etc/shadow check :\n" >> ${SECURITY}
         cat ${MSEC_TMP} >> ${SECURITY}
+        Count ${INFOS} ${MSEC_TMP} "Issues found in /etc/shadow file"
     fi
 fi
 
@@ -88,6 +92,7 @@ if [[ -s /etc/exports ]] ; then
     if [[ -s ${MSEC_TMP} ]] ; then
         printf "\nSecurity Warning: Some NFS filesystem are exported globally :\n" >> ${SECURITY}
         cat ${MSEC_TMP} >> ${SECURITY}
+        Count ${INFOS} ${MSEC_TMP} "Issues found in NFS exports"
     fi
 fi
 
@@ -96,6 +101,7 @@ fi
 if [[ -s ${MSEC_TMP} ]] ; then
     printf "\nSecurity Warning: The following NFS mounts haven't got the nosuid option set :\n" >> ${SECURITY}
     cat ${MSEC_TMP} | awk '{ print "\t\t- "$0 }' >> ${SECURITY}
+    Count ${INFOS} ${MSEC_TMP} "Unsafe NFS exports"
 fi
 
 ### Files that should not have + signs.
@@ -134,6 +140,7 @@ if [[ ${CHECK_SHOSTS} == yes ]]; then
                         printf "\tthis probably mean that you trust certains users/domain\n" >> ${SECURITY}
                         printf "\tto connect on this host without proper authentication :\n" >> ${SECURITY}
                         cat ${MSEC_TMP} >> ${SECURITY}
+                        Count ${INFOS} ${MSEC_TMP} "Unsafe hosts trusting files"
                 fi
 fi
 
@@ -150,6 +157,7 @@ for file in ${list}; do
         printf "\nSecurity Warning: The following programs are executed in your mail\n" >> ${SECURITY}
         printf "\tvia ${file} files, this could lead to security problems :\n" >> ${SECURITY}
         cat ${MSEC_TMP} >> ${SECURITY}
+        Count ${INFOS} ${MSEC_TMP} "Unsafe mail aliases"
     fi
 done