aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--conf/level.secure1
-rw-r--r--conf/level.standard1
-rwxr-xr-xcron-sh/diff_check.sh18
-rwxr-xr-xcron-sh/security.sh11
4 files changed, 31 insertions, 0 deletions
diff --git a/conf/level.secure b/conf/level.secure
index 6b6dc25..b89b554 100644
--- a/conf/level.secure
+++ b/conf/level.secure
@@ -35,6 +35,7 @@ ENABLE_PASSWORD=yes
NOTIFY_WARN=no
WIN_PARTS_UMASK=022
CHECK_OPEN_PORT=yes
+CHECK_FIREWALL=yes
SHELL_TIMEOUT=600
ALLOW_REMOTE_ROOT_LOGIN=no
ENABLE_LOG_STRANGE_PACKETS=yes
diff --git a/conf/level.standard b/conf/level.standard
index 6d0d952..4a07ed3 100644
--- a/conf/level.standard
+++ b/conf/level.standard
@@ -35,6 +35,7 @@ ENABLE_PASSWORD=yes
NOTIFY_WARN=yes
WIN_PARTS_UMASK=000
CHECK_OPEN_PORT=yes
+CHECK_FIREWALL=yes
SHELL_TIMEOUT=0
ALLOW_REMOTE_ROOT_LOGIN=without-password
ENABLE_LOG_STRANGE_PACKETS=yes
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index 5f020cc..4761dc2 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -140,6 +140,24 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then
fi
+### Changed firewall
+if [[ ${CHECK_FIREWALL} == yes ]]; then
+
+ if [[ -f ${FIREWALL_YESTERDAY} ]]; then
+ diff -u ${FIREWALL_YESTERDAY} ${FIREWALL_TODAY} 1> ${FIREWALL_DIFF}
+ if [ -s ${FIREWALL_DIFF} ]; then
+ printf "\nSecurity Warning: There are modifications for firewall configuration on your machine :\n" >> ${TMP}
+ grep '^+' ${FIREWALL_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+ printf "\t\t- New entries : ${file}\n"
+ done >> ${TMP}
+ grep '^-' ${FIREWALL_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+ printf "\t\t- Removed entries : ${file}\n"
+ done >> ${TMP}
+ fi
+ fi
+
+fi
+
### rpm database
if [[ ${CHECK_RPM} == yes ]]; then
if [[ -f ${RPM_QA_YESTERDAY} ]]; then
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 9b4040e..4b02cf6 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -50,6 +50,9 @@ SUID_MD5_DIFF="/var/log/security/suid_md5.diff"
export OPEN_PORT_TODAY="/var/log/security/open_port.today"
OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday"
OPEN_PORT_DIFF="/var/log/security/open_port.diff"
+export FIREWALL_TODAY="/var/log/security/open_port.today"
+FIREWALL_YESTERDAY="/var/log/security/open_port.yesterday"
+FIREWALL_DIFF="/var/log/security/open_port.diff"
export WRITABLE_TODAY="/var/log/security/writable.today"
WRITABLE_YESTERDAY="/var/log/security/writable.yesterday"
WRITABLE_DIFF="/var/log/security/writable.diff"
@@ -113,6 +116,10 @@ if [[ -f ${OPEN_PORT_TODAY} ]]; then
mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY}
fi
+if [[ -f ${FIREWALL_TODAY} ]]; then
+ mv -f ${FIREWALL_TODAY} ${FIREWALL_YESTERDAY}
+fi
+
if [[ -f ${SUID_MD5_TODAY} ]]; then
mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY};
fi
@@ -137,6 +144,10 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then
netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY};
fi
+if [[ ${CHECK_FIREWALL} == yes ]]; then
+ iptables -L 2>/dev/null > ${FIREWALL_TODAY}
+fi
+
ionice -c3 -p $$
# only running this check when really required