aboutsummaryrefslogtreecommitdiffstats
path: root/cron-sh/security.sh
blob: c6367509f064076a01e54176f7b11c8d21013422 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
#!/bin/bash
# msec: this is the main security auditing script
#       it runs all executable scripts from /usr/share/msec/scripts
#       which should be named NN_script_name.sh, where NN represents
#       the order in which they should be executed

if [[ -f /etc/security/msec/security.conf ]]; then
    . /etc/security/msec/security.conf
else
    echo "/etc/security/msec/security.conf don't exist."
    exit 1
fi

# is security check enabled?
if [[ ${CHECK_SECURITY} != yes ]]; then
    exit 0
fi

. /usr/share/msec/functions.sh

# variables
LCK=/var/run/msec-security.pid
SECURITY_LOG="/var/log/security.log"

# log formatting
REPORT_DATE=`date "+%b %W %H:%M:%S"`
REPORT_HOSTNAME=`hostname`
LOG_PREFIX="$REPORT_DATE $REPORT_HOSTNAME"
SECURITY_PREFIX="$LOG_PREFIX security: "
INFO_PREFIX="$LOG_PREFIX info: "
DIFF_PREFIX="$LOG_PREFIX diff: "


function cleanup() {
    # removing temporary files
    rm -f $LCK $MSEC_TMP $SECURITY $INFOS $DIFF
}

if [ -f $LCK ]; then
    if [ -d /proc/`cat $LCK` ]; then
        exit 0
    else
        rm -f $LCK
    fi
fi
echo -n $$ > $LCK
trap cleanup 0 1 2 15

# temporary files
MSEC_TMP=`mktemp /tmp/secure.XXXXXX`
INFOS=`mktemp /tmp/secure.XXXXXX`
SECURITY=`mktemp /tmp/secure.XXXXXX`
DIFF=`mktemp /tmp/secure.XXXXXX`

# creating security log dir if necessary
if [[ ! -d /var/log/security ]]; then
    mkdir /var/log/security
fi

ionice -c3 -p $$

for script in /usr/share/msec/scripts/*sh; do
        test -x $script && . $script
        ret=$?
        if [ $ret -ne 0 ]; then
                echo "MSEC: audit script $script failed"
        fi
done

# fix permissions on newly created msec files according to system policy
/usr/sbin/msecperms -e '/var/log/msec.log' "$SECURITY_LOG" "/var/log/security/*" &> ${MSEC_TMP}

# email/show results

# security check
if [[ -s ${SECURITY} ]]; then
    Syslog ${SECURITY}
    Ttylog ${SECURITY}

    echo "$SECURITY_PREFIX *** Security Check, ${REPORT_DATE} ***" >> ${SECURITY_LOG}
    cat ${SECURITY} | sed -e "s/^/$SECURITY_PREFIX/g" >> ${SECURITY_LOG}
    cat ${INFOS} | sed -e "s/^/$INFO_PREFIX/g" >> ${SECURITY_LOG}

    Maillog "[msec] *** Security Check on ${REPORT_HOSTNAME}, ${REPORT_DATE} ***" "${SECURITY} ${INFOS}"
    Notifylog "MSEC has performed Security Check on ${REPORT_HOSTNAME} on ${REPORT_DATE}"
fi

# diff check
if [[ -s ${DIFF} ]]; then
    Syslog ${DIFF}
    Ttylog ${DIFF}

    echo "$DIFF_PREFIX *** Diff Check, ${REPORT_DATE} ***" >> ${SECURITY_LOG}
    cat ${DIFF} | sed -e "s/^/$DIFF_PREFIX/g" >> ${SECURITY_LOG}

    Notifylog "MSEC has performed Diff Check on ${REPORT_HOSTNAME} on ${REPORT_DATE}. Changes in system security were detected and are available in ${SECURITY_LOG}."
else
    Notifylog "MSEC has performed Diff Check on ${REPORT_HOSTNAME} on ${REPORT_DATE}. No changes were detected in system security."
fi

Maillog "[msec] *** Diff Check on ${REPORT_HOSTNAME}, ${REPORT_DATE} ***" "${DIFF}"