elie/debian-cis
1
0
Fork 0
mirror of https://github.com/ovh/debian-cis.git synced 2024-11-24 14:31:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

syslog-ng : fix remote host test and enhance Regex

Browse Source 
fixes #124
This commit is contained in:
thibault.dewailly 2023-12-27 08:40:35 +00:00
parent c391723fe5
commit 58f4ca0392
No known key found for this signature in database
GPG Key ID: 83AED188AB00EE43
2 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
bin/hardening/4.2.1.5_syslog-ng_remote_host.sh
View File

@ -16,10 +16,9 @@ set -u # One variable unset, it's over
HARDENING_LEVEL=3 HARDENING_LEVEL=3
# shellcheck disable=2034 # shellcheck disable=2034
DESCRIPTION="Configure syslog-ng to send logs to a remote log host." DESCRIPTION="Configure syslog-ng to send logs to a remote log host."
PACKAGE='syslog-ng' PACKAGE='syslog-ng'
SYSLOG_BASEDIR='/etc/syslog-ng'
PATTERN='destination[[:alnum:][:space:]*{]+(tcp|udp)[[:space:]]*\(\"[[:alnum:].]+\".' PATTERN='destination[[:alnum:][:space:]*_*{]+(tcp|network|udp)[[:space:]]*\([[:space:]]*\"?[[:alnum:]\-.]+\"?.'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {

8
bin/hardening/4.2.1.6_remote_syslog-ng_acl.sh
View File

@ -18,9 +18,9 @@ HARDENING_LEVEL=3
DESCRIPTION="Configure syslog to accept remote syslog messages only on designated log hosts." DESCRIPTION="Configure syslog to accept remote syslog messages only on designated log hosts."
PACKAGE='syslog-ng' PACKAGE='syslog-ng'
SYSLOG_BASEDIR='/etc/syslog-ng'
REMOTE_HOST="" REMOTE_HOST=""
PATTERN='source[[:alnum:][:space:]*{]+(tcp|udp)[[:space:]]*\(\"[[:alnum:].]+\".' PATTERN='source[[:alnum:][:space:]*_*{]+(tcp|network|udp)[[:space:]]*\([[:space:]]*\"?[[:alnum:]\-.]+\"?.'
# This function will be called if the script status is on enabled / audit mode # This function will be called if the script status is on enabled / audit mode
audit() { audit() {
@ -37,7 +37,7 @@ audit() {
fi fi
done done
if [[ "$REMOTE_HOST" ]]; then if [[ "$REMOTE_HOST" ]] && [[ "$REMOTE_HOST" != 'false' ]]; then
info "This is the remote host, checking that it only accepts logs from specified zone" info "This is the remote host, checking that it only accepts logs from specified zone"
if [ "$FOUND" = 1 ]; then if [ "$FOUND" = 1 ]; then
ok "$PATTERN is present in $FILES" ok "$PATTERN is present in $FILES"
@ -70,7 +70,7 @@ apply() {
fi fi
done done
if [[ "$REMOTE_HOST" ]]; then if [[ "$REMOTE_HOST" ]] && [[ "$REMOTE_HOST" != 'false' ]]; then
info "This is the remote host, checking that it only accepts logs from specified zone" info "This is the remote host, checking that it only accepts logs from specified zone"
if [ "$FOUND" = 1 ]; then if [ "$FOUND" = 1 ]; then
ok "$PATTERN is present in $FILES" ok "$PATTERN is present in $FILES"