diff options
-rw-r--r-- | conf/level.secure | 1 | ||||
-rw-r--r-- | conf/level.standard | 1 | ||||
-rwxr-xr-x | cron-sh/diff_check.sh | 18 | ||||
-rwxr-xr-x | cron-sh/security.sh | 11 |
4 files changed, 31 insertions, 0 deletions
diff --git a/conf/level.secure b/conf/level.secure index 6b6dc25..b89b554 100644 --- a/conf/level.secure +++ b/conf/level.secure @@ -35,6 +35,7 @@ ENABLE_PASSWORD=yes NOTIFY_WARN=no WIN_PARTS_UMASK=022 CHECK_OPEN_PORT=yes +CHECK_FIREWALL=yes SHELL_TIMEOUT=600 ALLOW_REMOTE_ROOT_LOGIN=no ENABLE_LOG_STRANGE_PACKETS=yes diff --git a/conf/level.standard b/conf/level.standard index 6d0d952..4a07ed3 100644 --- a/conf/level.standard +++ b/conf/level.standard @@ -35,6 +35,7 @@ ENABLE_PASSWORD=yes NOTIFY_WARN=yes WIN_PARTS_UMASK=000 CHECK_OPEN_PORT=yes +CHECK_FIREWALL=yes SHELL_TIMEOUT=0 ALLOW_REMOTE_ROOT_LOGIN=without-password ENABLE_LOG_STRANGE_PACKETS=yes diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh index 5f020cc..4761dc2 100755 --- a/cron-sh/diff_check.sh +++ b/cron-sh/diff_check.sh @@ -140,6 +140,24 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then fi +### Changed firewall +if [[ ${CHECK_FIREWALL} == yes ]]; then + + if [[ -f ${FIREWALL_YESTERDAY} ]]; then + diff -u ${FIREWALL_YESTERDAY} ${FIREWALL_TODAY} 1> ${FIREWALL_DIFF} + if [ -s ${FIREWALL_DIFF} ]; then + printf "\nSecurity Warning: There are modifications for firewall configuration on your machine :\n" >> ${TMP} + grep '^+' ${FIREWALL_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- New entries : ${file}\n" + done >> ${TMP} + grep '^-' ${FIREWALL_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- Removed entries : ${file}\n" + done >> ${TMP} + fi + fi + +fi + ### rpm database if [[ ${CHECK_RPM} == yes ]]; then if [[ -f ${RPM_QA_YESTERDAY} ]]; then diff --git a/cron-sh/security.sh b/cron-sh/security.sh index 9b4040e..4b02cf6 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -50,6 +50,9 @@ SUID_MD5_DIFF="/var/log/security/suid_md5.diff" export OPEN_PORT_TODAY="/var/log/security/open_port.today" OPEN_PORT_YESTERDAY="/var/log/security/open_port.yesterday" OPEN_PORT_DIFF="/var/log/security/open_port.diff" +export FIREWALL_TODAY="/var/log/security/open_port.today" +FIREWALL_YESTERDAY="/var/log/security/open_port.yesterday" +FIREWALL_DIFF="/var/log/security/open_port.diff" export WRITABLE_TODAY="/var/log/security/writable.today" WRITABLE_YESTERDAY="/var/log/security/writable.yesterday" WRITABLE_DIFF="/var/log/security/writable.diff" @@ -113,6 +116,10 @@ if [[ -f ${OPEN_PORT_TODAY} ]]; then mv -f ${OPEN_PORT_TODAY} ${OPEN_PORT_YESTERDAY} fi +if [[ -f ${FIREWALL_TODAY} ]]; then + mv -f ${FIREWALL_TODAY} ${FIREWALL_YESTERDAY} +fi + if [[ -f ${SUID_MD5_TODAY} ]]; then mv ${SUID_MD5_TODAY} ${SUID_MD5_YESTERDAY}; fi @@ -137,6 +144,10 @@ if [[ ${CHECK_OPEN_PORT} == yes ]]; then netstat -pvlA inet,inet6 2> /dev/null > ${OPEN_PORT_TODAY}; fi +if [[ ${CHECK_FIREWALL} == yes ]]; then + iptables -L 2>/dev/null > ${FIREWALL_TODAY} +fi + ionice -c3 -p $$ # only running this check when really required |