diff options
-rwxr-xr-x | cron-sh/file_check.sh | 284 | ||||
-rwxr-xr-x | init-sh/level1.sh | 35 | ||||
-rwxr-xr-x | init-sh/level2.sh | 37 | ||||
-rwxr-xr-x | init-sh/level3.sh | 37 | ||||
-rwxr-xr-x | init-sh/level4.sh | 31 | ||||
-rwxr-xr-x | init-sh/level5.sh | 29 |
6 files changed, 295 insertions, 158 deletions
diff --git a/cron-sh/file_check.sh b/cron-sh/file_check.sh index 5118ebc..7886387 100755 --- a/cron-sh/file_check.sh +++ b/cron-sh/file_check.sh @@ -24,38 +24,53 @@ FILTERS="$CS_TYPES|$CS_DEVS|$CS_DIRS" DIR=`mount | grep -vE "$FILTERS" | cut -d ' ' -f3` ### -SUID_ROOT_TODAY="/var/log/security/suid_root.today" -SUID_ROOT_YESTERDAY="/var/log/security/suid_root.yesterday" -SUID_ROOT_DIFF="/var/log/security/suid_root.diff" -SUID_GROUP_TODAY="/var/log/security/suid_group.today" -SUID_GROUP_YESTERDAY="/var/log/security/suid_group.yesterday" -SUID_GROUP_DIFF="/var/log/security/suid_group.diff" +SUID_ROOT_TODAY=/var/log/security/suid_root.today +SUID_ROOT_YESTERDAY=/var/log/security/suid_root.yesterday +SUID_ROOT_DIFF=/var/log/security/suid_root.diff +SUID_GROUP_TODAY=/var/log/security/suid_group.today +SUID_GROUP_YESTERDAY=/var/log/security/suid_group.yesterday +SUID_GROUP_DIFF=/var/log/security/suid_group.diff WRITABLE_TODAY=/var/log/security/writable.today WRITABLE_YESTERDAY=/var/log/security/writable.yesterday WRITABLE_DIFF=/var/log/security/writable.diff UNOWNED_TODAY=/var/log/security/unowned.today UNOWNED_YESTERDAY=/var/log/security/unowned.yesterday UNOWNED_DIFF=/var/log/security/unowned.diff - +PASSWD_TODAY=/var/log/security/passwd.today +PASSWD_YESTERDAY=/var/log/security/passwd.yesterday +PASSWD_DIFF=/var/log/security/passwd.diff +SHADOW_TODAY=/var/log/security/shadow.today +SHADOW_YESTERDAY=/var/log/security/shadow.yesterday +SHADOW_DIFF=/var/log/security/shadow.diff +HOST_TODAY=/var/log/security/hosts.today +HOST_YESTERDAY=/var/log/security/hosts.yesterday +HOST_DIFF=/var/log/security/hosts.diff +SUID_MD5_TODAY=/var/log/security/suid_md5.today +SUID_MD5_YESTERDAY=/var/log/security/suid_md5.yesterday +SUID_MD5_DIFF=/var/log/security/suid_md5.diff +OPEN_PORT_TODAY=/var/log/security/open_port.today +OPEN_PORT_YESTERDAY=/var/log/security/open_port.yesterday +OPEN_PORT_DIFF=/var/log/security/open_port.diff if [ ! -d /var/log/security ]; then mkdir /var/log/security fi -chattr -a /var/log/security +chattr -a /var/log/security/ +chattr -a /var/log/security/* ### Functions ### Syslog() { if [ $SYS_LOG=="yes" ]; then - /sbin/initlog --string=$1 + /sbin/initlog --string="$1" fi } Ttylog() { if [ $TTY_LOG=="yes" ]; then for i in `w | grep -v "load\|TTY" | awk '{print $2}'` ; do - echo -e $1 > /dev/$i + echo -e "$1" > /dev/$i done fi } @@ -65,124 +80,191 @@ Ttylog() { ### New Suid root file detection ### if [ $CHECK_SUID_ROOT=="yes" ]; then - if [ -f $SUID_ROOT_TODAY ]; then - mv $SUID_ROOT_TODAY $SUID_ROOT_YESTERDAY - fi - - find $DIR -xdev -type f -perm +04000 -user root \ - -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > $SUID_ROOT_TODAY - - if [ -f $SUID_ROOT_YESTERDAY ]; then - if ! diff $SUID_ROOT_YESTERDAY $SUID_ROOT_TODAY > $SUID_ROOT_DIFF; then - Syslog "Change in Suid Root file found, please consult $SUID_ROOT_DIFF" - Ttylog "\\033[1;31mChange in Suid Root file found !\\033[0;39m" - Ttylog "\\033[1;31mPlease consult $SUID_ROOT_DIFF\\033[0;39m" - fi + if [ -f $SUID_ROOT_TODAY ]; then + mv $SUID_ROOT_TODAY $SUID_ROOT_YESTERDAY + fi + + find $DIR -xdev -type f -perm +04000 -user root \ + -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > $SUID_ROOT_TODAY + + if [ -f $SUID_ROOT_YESTERDAY ]; then + if ! diff $SUID_ROOT_YESTERDAY $SUID_ROOT_TODAY > $SUID_ROOT_DIFF; then + Syslog "Change in Suid Root file found, please consult $SUID_ROOT_DIFF" + Ttylog "\\033[1;31mChange in Suid Root file found !\\033[0;39m" + Ttylog "\\033[1;31mPlease consult $SUID_ROOT_DIFF\\033[0;39m" fi + fi fi ############################# ### New Suid group file detection ### if [ $CHECK_SUID_GROUP ]; then - if [ -f $SUID_GROUP_TODAY ]; then - mv $SUID_GROUP_TODAY $SUID_GROUP_YESTERDAY - fi - - find $DIR -xdev -type f -perm +02000 \ - -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > $SUID_GROUP_TODAY - - if [ -f $SUID_GROUP_YESTERDAY ]; then - if ! diff $SUID_GROUP_YESTERDAY $SUID_GROUP_TODAY > $SUID_GROUP_DIFF; then - Syslog "Change in Suid Group file found, please consult $SUID_GROUP_DIFF" - Ttylog "\\033[1;31mChange in Suid Group file found !\\033[0;39m" - Ttylog "\\033[1;31mPlease consult $SUID_GROUP_DIFF\\033[0;39m" - fi + if [ -f $SUID_GROUP_TODAY ]; then + mv $SUID_GROUP_TODAY $SUID_GROUP_YESTERDAY + fi + + find $DIR -xdev -type f -perm +02000 \ + -printf "%8i %5m %3n %-10u %-10g %9s %t %h/%f\n" | sort > $SUID_GROUP_TODAY + + if [ -f $SUID_GROUP_YESTERDAY ]; then + if ! diff $SUID_GROUP_YESTERDAY $SUID_GROUP_TODAY > $SUID_GROUP_DIFF; then + Syslog "Change in Suid Group file found, please consult $SUID_GROUP_DIFF" + Ttylog "\\033[1;31mChange in Suid Group file found !\\033[0;39m" + Ttylog "\\033[1;31mPlease consult $SUID_GROUP_DIFF\\033[0;39m" fi + fi fi ############################# ### Writable file detection ### if [ $CHECK_WRITABLE=="yes" ]; then - if [ -f $WRITABLE_TODAY ]; then - mv $WRITABLE_TODAY $WRITABLE_YESTERDAY - fi - - find $DIR -xdev -type f -perm -2 \ - -ls -print | sort > $WRITABLE_TODAY - - if [ -f $WRITABLE_YESTERDAY ]; then - if ! diff $WRITABLE_YESTERDAY $WRITABLE_TODAY > $WRITABLE_DIFF; then - Syslog "Change in World Writable File found, please consult $WRITABLE_DIFF" - Ttylog "\\033[1;31mChange in World Writable File found !\\033[0;39m" - Ttylog "\\033[1;31mPlease consult $WRITABLE_DIFF\\033[0;39m" - fi + if [ -f $WRITABLE_TODAY ]; then + mv $WRITABLE_TODAY $WRITABLE_YESTERDAY + fi + + find $DIR -xdev -type f -perm -2 \ + -ls -print | sort > $WRITABLE_TODAY + + if [ -f $WRITABLE_YESTERDAY ]; then + if ! diff $WRITABLE_YESTERDAY $WRITABLE_TODAY > $WRITABLE_DIFF; then + Syslog "Change in World Writable File found, please consult $WRITABLE_DIFF" + Ttylog "\\033[1;31mChange in World Writable File found !\\033[0;39m" + Ttylog "\\033[1;31mPlease consult $WRITABLE_DIFF\\033[0;39m" fi + fi fi ################################# ### Search Un Owned file ### if [ $CHECK_UNOWNED=="yes" ]; then - if [ -f $UNOWNED_TODAY ]; then - mv $UNOWNED_TODAY $UNOWNED_YESTERDAY + if [ -f $UNOWNED_TODAY ]; then + mv $UNOWNED_TODAY $UNOWNED_YESTERDAY + fi + + find $DIR -xdev -nouser -o -nogroup -print \ + -ls | sort > $UNOWNED_TODAY + + if [ -f $UNOWNED_YESTERDAY ]; then + if ! diff $UNOWNED_YESTERDAY $UNOWNED_TODAY; then + Syslog "Change in Un-Owned file user/group, please consult $UNOWNED_DIFF" + Ttylog "\\033[1;31mChange in Un-Owned file user/group found !\\033[0;39m" + Ttylog "\\033[1;31mPlease consult $UNOWNED_DIFF\\033[0;39m" fi + fi +fi - find $DIR -xdev -nouser -o -nogroup -print \ - -ls | sort > $UNOWNED_TODAY +########## Md5 check for SUID root file ######### +if [ ${CHECK_SUID_MD5}=="yes" ]; then + if [ -f ${SUID_MD5_TODAY} ]; then + mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY} + fi + + touch ${SUID_MD5_TODAY} + awk '{print $12}' ${SUID_ROOT_TODAY} | + while read line; do + md5sum ${line} >> ${SUID_MD5_TODAY} + done + + if [ -f ${SUID_MD5_YESTERDAY} ]; then + if ! diff ${SUID_MD5_YESTERDAY} ${SUID_MD5_TODAY} 1> ${SUID_MD5_DIFF}; then + Syslog "Warning, the md5 checksum for one of your SUID files has changed..." + Syslog "Maybe an intruder modified one of these suid binary in order to put in a backdoor..." + Syslog "Please consult ${SUID_MD5_DIFF}." + Ttylog "Warning, the md5 checksum for one of your SUID files has changed..." + Ttylog "Maybe an intruder modified one of these suid binary in order to put in a backdoor..." + Ttylog "Please consult ${SUID_MD5_DIFF}." + fi + fi +fi +################################################## + +#### Passwd check #### +if [ ${CHECK_PASSWD}=="yes" ]; then + if [ -f ${PASSWD_TODAY} ]; then + mv ${PASSWD_TODAY} ${PASSWD_YESTERDAY}; + fi + + awk -F: '{ + if ( $2 == "" ) + printf("/etc/passwd:%d: User \"%s\" has no password !\n", FNR, $1); + else if ($2 !~ /^[x*!]+$/) + printf("/etc/passwd:%d: User \"%s\" has a real password (it is not shadowed).\n", FNR, $1); + }' < /etc/passwd > ${PASSWD_TODAY} + + if [ -f ${PASSWD_YESTERDAY} ]; then + if ! diff ${PASSWD_YESTERDAY} ${PASSWD_TODAY} 1> ${PASSWD_DIFF}; then + Syslog `cat ${PASSWD_DIFF}` + Ttylog `cat ${PASSWD_DIFF}` + fi + fi +fi +###################### + +#### Shadow Check #### +if [ ${CHECK_SHADOW}=="yes" ]; then + if [ -f ${SHADOW_TODAY} ]; then + mv -f ${SHADOW_TODAY} ${SHADOW_YESTERDAY}; + fi + + awk -F: '{ + if ( $2 == "" ) + printf("/etc/shadow:%d: User \"%s\" has no password !\n", FNR, $1); + }' < /etc/shadow > ${SHADOW_TODAY} + + if [ -f ${SHADOW_YESTERDAY} ]; then + if ! diff ${SHADOW_YESTERDAY} ${SHADOW_TODAY} 1> ${SHADOW_DIFF}; then + Syslog `cat ${SHADOW_DIFF}` + Ttylog `cat ${SHADOW_DIFF}` + fi + fi +fi - if [ -f $UNOWNED_YESTERDAY ]; then - if ! diff $UNOWNED_YESTERDAY $UNOWNED_TODAY; then - Syslog "Change in Un-Owned file user/group, please consult $UNOWNED_DIFF" - Ttylog "\\033[1;31mChange in Un-Owned file user/group found !\\033[0;39m" - Ttylog "\\033[1;31mPlease consult $UNOWNED_DIFF\\033[0;39m" +#### .[sr]hosts check #### +if [ ${CHECK_RHOST}=="yes" ]; then + if [ -f ${HOST_TODAY} ]; then + mv -f ${HOST_TODAY} ${HOST_YESTERDAY}; + fi + + awk -F: '{print $1" "$6}' /etc/passwd | + while read username homedir; do + for file in .rhosts .shosts; do + if [ -s ${homedir}/${file} ] ; then + rhost=`ls -lcdg ${homedir}/${file}` + printf "${username}: ${rhost}\n" + if grep "+" ${homedir}/${file} > /dev/null ; then + printf "\tThere is a (+) character in ${file} : this is a *big* security problem \!\n" + fi fi + done + done > ${HOST_TODAY} + + if [ -f ${HOST_YESTERDAY} ]; then + if ! diff ${HOST_YESTERDAY} ${HOST_TODAY} 1> ${HOST_DIFF}; then + Syslog `cat ${HOST_DIFF}` + Ttylog `cat ${HOST_DIFF}` fi + fi fi - -chattr +a /var/log/security - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +### Network check ### +if [ ${CHECK_OPEN_PORT}=="yes" ]; then + if [ -f ${OPEN_PORT_TODAY} ]; then + mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY} + fi + + netstat -pvlA inet > ${OPEN_PORT_TODAY}; + + if [ -f ${OPEN_PORT_YESTERDAY} ]; then + if ! diff ${OPEN_PORT_YESTERDAY} ${OPEN_PORT_TODAY} 1> ${OPEN_PORT_DIFF}; then + Syslog "There is a new port listening on your machine..." + Syslog "Please consult ${OPEN_PORT_DIFF} for security purpose..." + Ttylog "There is a new port listening on your machine..." + Ttylog "Please consult ${OPEN_PORT_DIFF} for security purpose..." + fi + fi +fi diff --git a/init-sh/level1.sh b/init-sh/level1.sh index b54b85b..2fef869 100755 --- a/init-sh/level1.sh +++ b/init-sh/level1.sh @@ -20,22 +20,33 @@ AddRules "tty4" /etc/securetty quiet AddRules "tty5" /etc/securetty quiet AddRules "tty6" /etc/securetty -# Suid Check -echo "Updating file check variable :" +# Security check +echo "Updating file check variable : " echo -e "\t- Check suid root file : no." -AddRules "CHECK_SUID_ROOT=no" /etc/security/msec/security.conf quiet -echo -e "\t- Check suid goup file : no." -AddRules "CHECK_SUID_GROUP=no" /etc/security/msec/security.conf quiet + AddRules "CHECK_SUID_ROOT=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid root file integrity (backdoor check) : no." + AddRules "CHECK_SUID_MD5=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid group file : no." + AddRules "CHECK_SUID_GROUP=no" /etc/security/msec/security.conf quiet echo -e "\t- Check world writable file : no." -AddRules "CHECK_WRITABLE=no" /etc/security/msec/security.conf quiet + AddRules "CHECK_WRITABLE=no" /etc/security/msec/security.conf quiet echo -e "\t- Check unowned file : no." -AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf quiet + AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf quiet echo -e "\t- Check promiscuous mode : no." -AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf quiet -echo -e "\t- Security warning on tty : no." -AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet -echo -e "\t- Security warning in syslog : yes." -AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf + AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check listening port : no." + AddRules "CHECK_OPEN_PORT=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check for dangerous .[sr]hosts file : no." + AddRules "CHECK_RHOST=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check passwd file integrity : no." + AddRules "CHECK_PASSWD=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check shadow file integrity : no." + AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning on tty : \"no\" :" + AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning in syslog : \"no\" :" + AddRules "SYSLOG_WARN=no" /etc/security/msec/security.conf +# end security check # lilo update echo -n "Running lilo to record new config : " diff --git a/init-sh/level2.sh b/init-sh/level2.sh index b9385f9..ec80c5d 100755 --- a/init-sh/level2.sh +++ b/init-sh/level2.sh @@ -20,22 +20,33 @@ AddRules "tty4" /etc/securetty quiet AddRules "tty5" /etc/securetty quiet AddRules "tty6" /etc/securetty -# security.conf -echo "Updating file check variable :" +# Security check +echo "Updating file check variable : " echo -e "\t- Check suid root file : yes." -AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf quiet -echo -e "\t- Check suid goup file : no." -AddRules "CHECK_SUID_GROUP=no" /etc/security/msec/security.conf quiet -echo -e "\t- Check world writable file : no." -AddRules "CHECK_WRITABLE=no" /etc/security/msec/security.conf quiet + AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid root file integrity (backdoor check) : yes." + AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid group file : yes." + AddRules "CHECK_SUID_GROUP=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check world writable file : yes." + AddRules "CHECK_WRITABLE=yes" /etc/security/msec/security.conf quiet echo -e "\t- Check unowned file : no." -AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf quiet + AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf quiet echo -e "\t- Check promiscuous mode : no." -AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf quiet -echo -e "\t- Security warning on tty : no." -AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet -echo -e "\t- Security warning in syslog : yes." -AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf + AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check listening port : no." + AddRules "CHECK_OPEN_PORT=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check for dangerous .[sr]hosts file : no." + AddRules "CHECK_RHOST=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check passwd file integrity : no." + AddRules "CHECK_PASSWD=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check shadow file integrity : no." + AddRules "CHECK_SHADOW=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning on tty : \"no\" :" + AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning in syslog : \"yes\" :" + AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf +# end security check # lilo update echo -n "Running lilo to record new config : " diff --git a/init-sh/level3.sh b/init-sh/level3.sh index bfb71ea..29ea9b7 100755 --- a/init-sh/level3.sh +++ b/init-sh/level3.sh @@ -24,22 +24,33 @@ AddRules "tty4" /etc/securetty quiet AddRules "tty5" /etc/securetty quiet AddRules "tty6" /etc/securetty quiet -# / +# Security check echo "Updating file check variable : " echo -e "\t- Check suid root file : yes." -AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf quiet -echo -e "\t- Check suid goup file : yes." -AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf quiet + AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid root file integrity (backdoor check) : yes." + AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid group file : no." + AddRules "CHECK_SUID_GROUP=no" /etc/security/msec/security.conf quiet echo -e "\t- Check world writable file : yes." -AddRules "CHECK_WRITABLE=yes" /etc/security/msec/security.conf quiet -echo -e "\t- Check unowned file : yes." -AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf quiet -echo -e "\t- Check promiscuous mode : \"no\" :" -AddRules "CHECK_PROMISC=no" /etc/security/msec/security.conf quiet -echo -e "\t- Security warning on tty : \"no\" :" -AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet -echo -e "\t- Security warning on syslog : \"yes\" :" -AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf + AddRules "CHECK_WRITABLE=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check unowned file : no." + AddRules "CHECK_UNOWNED=no" /etc/security/msec/security.conf quiet +echo -e "\t- Check promiscuous mode : no." + AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check listening port : yes." + AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check for dangerous .[sr]hosts file : yes." + AddRules "CHECK_RHOST=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check passwd file integrity : yes." + AddRules "CHECK_PASSWD=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check shadow file integrity : yes." + AddRules "CHECK_SHADOW=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning on tty : \"yes\" :" + AddRules "TTY_WARN=no" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning in syslog : \"yes\" :" + AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf +# end security check # Crontab echo "Adding permission check in crontab (scheduled every midnight) :" diff --git a/init-sh/level4.sh b/init-sh/level4.sh index c3e0e5e..421c5e0 100755 --- a/init-sh/level4.sh +++ b/init-sh/level4.sh @@ -34,22 +34,33 @@ AddRules "tty4" /etc/securetty quiet AddRules "tty5" /etc/securetty quiet AddRules "tty6" /etc/securetty -# Suid check +# Security check echo "Updating file check variable : " echo -e "\t- Check suid root file : yes." -AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf quiet -echo -e "\t- Check suid goup file : yes." -AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf quiet + AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid root file integrity (backdoor check) : yes." + AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid group file : yes." + AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf quiet echo -e "\t- Check world writable file : yes." -AddRules "CHECK_WRITABLE=yes" /etc/security/msec/security.conf quiet + AddRules "CHECK_WRITABLE=yes" /etc/security/msec/security.conf quiet echo -e "\t- Check unowned file : yes." -AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf quiet + AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf quiet echo -e "\t- Check promiscuous mode : yes." -AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf quiet + AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check listening port : yes." + AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check for dangerous .[sr]hosts file : yes." + AddRules "CHECK_RHOST=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check passwd file integrity : yes." + AddRules "CHECK_PASSWD=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check shadow file integrity : yes." + AddRules "CHECK_SHADOW=yes" /etc/security/msec/security.conf quiet echo -e "\t- Security warning on tty : \"yes\" :" -AddRules "TTY_WARN=yes" /etc/security/msec/security.conf quiet -echo -e "\t- Security warning in syslog : \"yes\" :" -AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf + AddRules "TTY_WARN=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Security warning in syslog : \"yes\" :" + AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf +# end security check # Check every 1 minutes for promisc problem echo "Adding promisc check in crontab (scheduled every minutes) :" diff --git a/init-sh/level5.sh b/init-sh/level5.sh index a39944e..0b60c2d 100755 --- a/init-sh/level5.sh +++ b/init-sh/level5.sh @@ -25,22 +25,33 @@ echo "Login as root is denied : " echo "Modified file : /etc/securetty..." echo -e "done.\n\n" -# Suid check +# Security check echo "Updating file check variable : " echo -e "\t- Check suid root file : yes." -AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf quiet -echo -e "\t- Check suid goup file : yes." -AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf quiet + AddRules "CHECK_SUID_ROOT=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid root file integrity (backdoor check) : yes." + AddRules "CHECK_SUID_MD5=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check suid group file : yes." + AddRules "CHECK_SUID_GROUP=yes" /etc/security/msec/security.conf quiet echo -e "\t- Check world writable file : yes." -AddRules "CHECK_WRITABLE=yes" /etc/security/msec/security.conf quiet + AddRules "CHECK_WRITABLE=yes" /etc/security/msec/security.conf quiet echo -e "\t- Check unowned file : yes." -AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf quiet + AddRules "CHECK_UNOWNED=yes" /etc/security/msec/security.conf quiet echo -e "\t- Check promiscuous mode : yes." -AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf quiet + AddRules "CHECK_PROMISC=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check listening port : yes." + AddRules "CHECK_OPEN_PORT=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check for dangerous .[sr]hosts file : yes." + AddRules "CHECK_RHOST=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check passwd file integrity : yes." + AddRules "CHECK_PASSWD=yes" /etc/security/msec/security.conf quiet +echo -e "\t- Check shadow file integrity : yes." + AddRules "CHECK_SHADOW=yes" /etc/security/msec/security.conf quiet echo -e "\t- Security warning on tty : \"yes\" :" -AddRules "TTY_WARN=yes" /etc/security/msec/security.conf quiet + AddRules "TTY_WARN=yes" /etc/security/msec/security.conf quiet echo -e "\t- Security warning in syslog : \"yes\" :" -AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf + AddRules "SYSLOG_WARN=yes" /etc/security/msec/security.conf +# end security check ################ Crontab things ################### # Check every 1 minutes for promisc problem |