Added support for CHECK_RPM_PACKAGES and CHECK_RPM_INTEGRITY.

author: Eugeni Dodonov <eugeni@mandriva.org> 2009-06-26 19:20:05 +0000
committer: Eugeni Dodonov <eugeni@mandriva.org> 2009-06-26 19:20:05 +0000
commit: 286e97c3d2c32711e76415d93791835b29f8ffca (patch)
tree: 4a7552e382eadae6f784e4ed807d7820e1f4d292
parent: 9b6d6355a5520380e9e0625cefe55d63cbe98fc9 (diff)
download: msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar
msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.gz
msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.bz2
msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.xz
msec-286e97c3d2c32711e76415d93791835b29f8ffca.zip
6 files changed, 35 insertions, 28 deletions
diff --git a/conf/level.secure b/conf/level.secure
index eb4d14d..181917b 100644
--- a/conf/level.secure
+++ b/conf/level.secure
@@ -42,7 +42,8 @@ SHELL_TIMEOUT=600
 ALLOW_REMOTE_ROOT_LOGIN=no
 ENABLE_LOG_STRANGE_PACKETS=yes
 USER_UMASK=077
-CHECK_RPM=yes
+CHECK_RPM_PACKAGES=yes
+CHECK_RPM_INTEGRITY=yes
 ENABLE_SULOGIN=yes
 ENABLE_PAM_ROOT_FROM_WHEEL=no
 MAIL_WARN=yes
diff --git a/conf/level.standard b/conf/level.standard
index 3a20417..b3ded1b 100644
--- a/conf/level.standard
+++ b/conf/level.standard
@@ -42,7 +42,8 @@ SHELL_TIMEOUT=0
 ALLOW_REMOTE_ROOT_LOGIN=without-password
 ENABLE_LOG_STRANGE_PACKETS=yes
 USER_UMASK=022
-CHECK_RPM=no
+CHECK_RPM_PACKAGES=yes
+CHECK_RPM_INTEGRITY=no
 ENABLE_SULOGIN=no
 ENABLE_PAM_ROOT_FROM_WHEEL=no
 MAIL_WARN=yes
diff --git a/cron-sh/scripts/03_rpm.sh b/cron-sh/scripts/03_rpm.sh
index 6bd4307..ae88542 100755
--- a/cron-sh/scripts/03_rpm.sh
+++ b/cron-sh/scripts/03_rpm.sh
@@ -37,19 +37,33 @@ fi
 
 ### rpm database check
 
-if [[ ${CHECK_RPM} == yes ]]; then
+# list of installed packages
+if [[ ${CHECK_RPM_PACKAGES} == yes ]]; then
     rpm -qa --qf "%{NAME}-%{VERSION}-%{RELEASE}\t%{INSTALLTIME}\n" | sort > ${RPM_QA_TODAY}
 
+    if [[ -f ${RPM_QA_YESTERDAY} ]]; then
+        diff -u ${RPM_QA_YESTERDAY} ${RPM_QA_TODAY} > ${RPM_QA_DIFF}
+        if [ -s ${RPM_QA_DIFF} ]; then
+            printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${DIFF}
+            grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+                printf "\t\t-   Newly installed package : ${file}\n"
+            done >> ${DIFF}
+            grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+                printf "\t\t- No longer present package : ${file}\n"
+            done >> ${DIFF}
+        fi
+    fi
+fi
+
+# integrity of installed packages
+if [[ ${CHECK_RPM_INTEGRITY} == yes ]]; then
     rm -f ${RPM_VA_TODAY}.tmp
     nice --adjustment=+19 rpm -Va --noscripts | grep '^..5' | sort > ${RPM_VA_TODAY}.tmp
     grep -v '^..........c.'  ${RPM_VA_TODAY}.tmp | sed 's/^............//' | sort > ${RPM_VA_TODAY}
     grep '^..........c.'  ${RPM_VA_TODAY}.tmp | sed 's/^............//' | sort > ${RPM_VA_CONFIG_TODAY}
     rm -f ${RPM_VA_TODAY}.tmp
-fi
-
-### rpm database checks
-if [[ ${CHECK_RPM} == yes ]]; then
 
+    # full check
     if [[ -s ${RPM_VA_TODAY} ]]; then
         printf "\nSecurity Warning: These files belonging to packages are modified on the system :\n" >> ${SECURITY}
         cat ${RPM_VA_TODAY} | while read f; do
@@ -63,22 +77,8 @@ if [[ ${CHECK_RPM} == yes ]]; then
             printf "\t\t- $f\n"
         done >> ${SECURITY}
     fi
-fi
 
-### rpm database
-if [[ ${CHECK_RPM} == yes ]]; then
-    if [[ -f ${RPM_QA_YESTERDAY} ]]; then
-        diff -u ${RPM_QA_YESTERDAY} ${RPM_QA_TODAY} > ${RPM_QA_DIFF}
-        if [ -s ${RPM_QA_DIFF} ]; then
-            printf "\nSecurity Warning: These packages have changed on the system :\n" >> ${DIFF}
-            grep '^+' ${RPM_QA_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
-                printf "\t\t-   Newly installed package : ${file}\n"
-            done >> ${DIFF}
-            grep '^-' ${RPM_QA_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
-                printf "\t\t- No longer present package : ${file}\n"
-            done >> ${DIFF}
-        fi
-    fi
+    # diff check
     if [[ -f ${RPM_VA_YESTERDAY} ]]; then
         diff -u ${RPM_VA_YESTERDAY} ${RPM_VA_TODAY} > ${RPM_VA_DIFF}
         if [ -s ${RPM_VA_DIFF} ]; then
diff --git a/src/msec/config.py b/src/msec/config.py
index 29bcedb..9760100 100644
--- a/src/msec/config.py
+++ b/src/msec/config.py
@@ -67,7 +67,8 @@ SETTINGS =    {'BASE_LEVEL':                    ("libmsec.base_level",
                'CHECK_PASSWD' :                 ("libmsec.check_passwd",                    ['yes', 'no']),
                'CHECK_SHADOW' :                 ("libmsec.check_shadow",                    ['yes', 'no']),
                'CHECK_CHKROOTKIT' :             ("libmsec.check_chkrootkit",                ['yes', 'no']),
-               'CHECK_RPM' :                    ("libmsec.check_rpm",                       ['yes', 'no']),
+               'CHECK_RPM_PACKAGES' :           ("libmsec.check_rpm_packages",              ['yes', 'no']),
+               'CHECK_RPM_INTEGRITY' :          ("libmsec.check_rpm_integrity",             ['yes', 'no']),
                'CHECK_SHOSTS' :                 ("libmsec.check_shosts",                    ['yes', 'no']),
                'CHECK_USERS' :                  ("libmsec.check_users",                     ['yes', 'no']),
                'CHECK_GROUPS' :                 ("libmsec.check_groups",                    ['yes', 'no']),
@@ -129,8 +130,8 @@ SETTINGS_NETWORK = ["ACCEPT_BOGUS_ERROR_RESPONSES", "ACCEPT_BROADCASTED_ICMP_ECH
 # periodic checks
 SETTINGS_PERIODIC = ["CHECK_PERMS", "CHECK_USER_FILES", "CHECK_SUID_ROOT", "CHECK_SUID_MD5", "CHECK_SGID",
                     "CHECK_WRITABLE", "CHECK_UNOWNED", "FIX_UNOWNED", "CHECK_PROMISC", "CHECK_OPEN_PORT", "CHECK_FIREWALL",
-                    "CHECK_PASSWD", "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM", "CHECK_SHOSTS",
-                    "CHECK_USERS", "CHECK_GROUPS",
+                    "CHECK_PASSWD", "CHECK_SHADOW", "CHECK_CHKROOTKIT", "CHECK_RPM_PACKAGES", "CHECK_RPM_INTEGRITY",
+                    "CHECK_SHOSTS", "CHECK_USERS", "CHECK_GROUPS",
                     "TTY_WARN", "SYSLOG_WARN", "MAIL_EMPTY_CONTENT",
                     ]
 
diff --git a/src/msec/libmsec.py b/src/msec/libmsec.py
index c22a8a6..24fa0dd 100755
--- a/src/msec/libmsec.py
+++ b/src/msec/libmsec.py
@@ -1456,8 +1456,12 @@ class MSEC:
         """ Enable checking for known rootkits using chkrootkit."""
         pass
 
-    def check_rpm(self, param):
-        """ Enable verification of installed RPM packages."""
+    def check_rpm_packages(self, param):
+        """ Enable verification for changes in the installed RPM packages. This will notify you when new packages are installed or removed."""
+        pass
+
+    def check_rpm_integrity(self, param):
+        """ Enable verification of integrity of installed RPM packages. This will notify you if checksums of the installed files were changed, showing separate results for binary and configuration files."""
         pass
 
     def tty_warn(self, param):
diff --git a/src/msec/version.py b/src/msec/version.py
index 9fa799e..9131e62 100644
--- a/src/msec/version.py
+++ b/src/msec/version.py
@@ -1 +1 @@
-version='0.60.12'
+version='0.60.22'
author	Eugeni Dodonov <eugeni@mandriva.org>	2009-06-26 19:20:05 +0000
committer	Eugeni Dodonov <eugeni@mandriva.org>	2009-06-26 19:20:05 +0000
commit	286e97c3d2c32711e76415d93791835b29f8ffca (patch)
tree	4a7552e382eadae6f784e4ed807d7820e1f4d292
parent	9b6d6355a5520380e9e0625cefe55d63cbe98fc9 (diff)
download	msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.gz msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.bz2 msec-286e97c3d2c32711e76415d93791835b29f8ffca.tar.xz msec-286e97c3d2c32711e76415d93791835b29f8ffca.zip