aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--conf/level.audit_daily1
-rw-r--r--conf/level.audit_weekly1
-rw-r--r--conf/level.fileserver1
-rw-r--r--conf/level.netbook1
-rw-r--r--conf/level.none1
-rw-r--r--conf/level.secure1
-rw-r--r--conf/level.standard1
-rw-r--r--conf/level.webserver1
-rwxr-xr-xcron-sh/scripts/02_network.sh7
-rw-r--r--src/msec/plugins/audit.py7
10 files changed, 20 insertions, 2 deletions
diff --git a/conf/level.audit_daily b/conf/level.audit_daily
index 330ef3a..9d87b99 100644
--- a/conf/level.audit_daily
+++ b/conf/level.audit_daily
@@ -20,6 +20,7 @@ CHECK_USERS=daily
CHECK_GROUPS=daily
NOTIFY_WARN=yes
CHECK_OPEN_PORT=daily
+IGNORE_PID_CHANGES=yes
CHECK_FIREWALL=daily
CHECK_RPM_PACKAGES=daily
CHECK_RPM_INTEGRITY=daily
diff --git a/conf/level.audit_weekly b/conf/level.audit_weekly
index a9e8090..fdc1d8c 100644
--- a/conf/level.audit_weekly
+++ b/conf/level.audit_weekly
@@ -20,6 +20,7 @@ CHECK_USERS=weekly
CHECK_GROUPS=weekly
NOTIFY_WARN=yes
CHECK_OPEN_PORT=weekly
+IGNORE_PID_CHANGES=yes
CHECK_FIREWALL=weekly
CHECK_RPM_PACKAGES=weekly
CHECK_RPM_INTEGRITY=weekly
diff --git a/conf/level.fileserver b/conf/level.fileserver
index 1c9ea9c..61f167d 100644
--- a/conf/level.fileserver
+++ b/conf/level.fileserver
@@ -38,6 +38,7 @@ ENABLE_PASSWORD=yes
NOTIFY_WARN=no
WIN_PARTS_UMASK=000
CHECK_OPEN_PORT=daily
+IGNORE_PID_CHANGES=yes
CHECK_FIREWALL=daily
SHELL_TIMEOUT=0
ALLOW_REMOTE_ROOT_LOGIN=without-password
diff --git a/conf/level.netbook b/conf/level.netbook
index 15ac1a7..cf6e2ba 100644
--- a/conf/level.netbook
+++ b/conf/level.netbook
@@ -38,6 +38,7 @@ ENABLE_PASSWORD=yes
NOTIFY_WARN=yes
WIN_PARTS_UMASK=000
CHECK_OPEN_PORT=no
+IGNORE_PID_CHANGES=yes
CHECK_FIREWALL=no
SHELL_TIMEOUT=0
ALLOW_REMOTE_ROOT_LOGIN=no
diff --git a/conf/level.none b/conf/level.none
index e963d3d..8817ccf 100644
--- a/conf/level.none
+++ b/conf/level.none
@@ -38,6 +38,7 @@ ENABLE_PASSWORD=
NOTIFY_WARN=
WIN_PARTS_UMASK=
CHECK_OPEN_PORT=
+IGNORE_PID_CHANGES=
CHECK_FIREWALL=
SHELL_TIMEOUT=
ALLOW_REMOTE_ROOT_LOGIN=
diff --git a/conf/level.secure b/conf/level.secure
index 0857b91..32bea9d 100644
--- a/conf/level.secure
+++ b/conf/level.secure
@@ -38,6 +38,7 @@ ENABLE_PASSWORD=yes
NOTIFY_WARN=no
WIN_PARTS_UMASK=022
CHECK_OPEN_PORT=daily
+IGNORE_PID_CHANGES=no
CHECK_FIREWALL=daily
SHELL_TIMEOUT=600
ALLOW_REMOTE_ROOT_LOGIN=no
diff --git a/conf/level.standard b/conf/level.standard
index 8e2c6a7..0a9f0e0 100644
--- a/conf/level.standard
+++ b/conf/level.standard
@@ -38,6 +38,7 @@ ENABLE_PASSWORD=yes
NOTIFY_WARN=yes
WIN_PARTS_UMASK=000
CHECK_OPEN_PORT=daily
+IGNORE_PID_CHANGES=yes
CHECK_FIREWALL=daily
SHELL_TIMEOUT=0
ALLOW_REMOTE_ROOT_LOGIN=without-password
diff --git a/conf/level.webserver b/conf/level.webserver
index b303a40..1f81d09 100644
--- a/conf/level.webserver
+++ b/conf/level.webserver
@@ -38,6 +38,7 @@ ENABLE_PASSWORD=yes
NOTIFY_WARN=no
WIN_PARTS_UMASK=000
CHECK_OPEN_PORT=daily
+IGNORE_PID_CHANGES=no
CHECK_FIREWALL=daily
SHELL_TIMEOUT=0
ALLOW_REMOTE_ROOT_LOGIN=without-password
diff --git a/cron-sh/scripts/02_network.sh b/cron-sh/scripts/02_network.sh
index f790dee..c50af4c 100755
--- a/cron-sh/scripts/02_network.sh
+++ b/cron-sh/scripts/02_network.sh
@@ -25,7 +25,12 @@ if [[ -f ${FIREWALL_TODAY} ]]; then
fi
if check_is_enabled "${CHECK_OPEN_PORT}" ; then
- netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
+ if [[ ${IGNORE_PID_CHANGES} = yes ]]; then
+ FILTER="sed -e s/\([0-9]*\)\/\(.*\)$/\2/g"
+ else
+ FILTER="cat"
+ fi
+ netstat -pvlA inet,inet6 2> /dev/null | $FILTER > ${OPEN_PORT_TODAY};
Filter ${OPEN_PORT_TODAY} CHECK_OPEN_PORT
Count ${INFOS} ${OPEN_PORT_TODAY} "Total of open network ports"
fi
diff --git a/src/msec/plugins/audit.py b/src/msec/plugins/audit.py
index 4b72262..cb0b2ed 100644
--- a/src/msec/plugins/audit.py
+++ b/src/msec/plugins/audit.py
@@ -42,6 +42,7 @@ class audit:
config.SETTINGS['FIX_UNOWNED'] = ("audit.fix_unowned", config.VALUES_YESNO)
config.SETTINGS['CHECK_PROMISC'] = ("audit.check_promisc", config.VALUES_PERIODIC)
config.SETTINGS['CHECK_OPEN_PORT'] = ("audit.check_open_port", config.VALUES_PERIODIC)
+ config.SETTINGS['IGNORE_PID_CHANGES'] = ("audit.ignore_pid_changes", config.VALUES_PERIODIC)
config.SETTINGS['CHECK_FIREWALL'] = ("audit.check_firewall", config.VALUES_PERIODIC)
config.SETTINGS['CHECK_PASSWD'] = ("audit.check_passwd", config.VALUES_PERIODIC)
config.SETTINGS['CHECK_SHADOW'] = ("audit.check_shadow", config.VALUES_PERIODIC)
@@ -67,7 +68,7 @@ class audit:
# preparing msecgui menu
for check in ["CHECK_PERMS", "CHECK_PERMS_ENFORCE", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID",
- "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "EXCLUDE_REGEXP", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_FIREWALL",
+ "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "EXCLUDE_REGEXP", "CHECK_PROMISC", "CHECK_OPEN_PORT", "IGNORE_PID_CHANGES", "CHECK_FIREWALL",
"CHECK_PASSWD", "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM_PACKAGES", "CHECK_RPM_INTEGRITY",
"CHECK_SHOSTS", "CHECK_USERS", "CHECK_GROUPS",
"TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT", "CHECK_ON_BATTERY"]:
@@ -191,6 +192,10 @@ class audit:
"""Patterns to exclude from disk checks. This parameter is parsed as a regex (7), so you may use complex expressions."""
pass
+ def ignore_pid_changes(self, param):
+ """Ignore changes in process IDs when checking for open network ports."""
+ pass
+
def check_promisc(self, param):
''' Activate ethernet cards promiscuity check.'''
cron = self.configfiles.get_config_file(CRON)