From 68f9f5619215e306d63cc737abda0dbb0603c8fc Mon Sep 17 00:00:00 2001 From: Charles Herlin Date: Fri, 30 Aug 2019 17:11:03 +0200 Subject: [PATCH] Renumber 7.4.x tcp wrappers renamed: bin/hardening/7.4.1_install_tcp_wrapper.sh -> bin/hardening/3.3.1_install_tcp_wrapper.sh renamed: bin/hardening/7.4.2_hosts_allow.sh -> bin/hardening/3.3.2_hosts_allow.sh renamed: bin/hardening/7.4.4_hosts_deny.sh -> bin/hardening/3.3.3_hosts_deny.sh renamed: bin/hardening/7.4.3_hosts_allow_permissions.sh -> bin/hardening/3.3.4_hosts_allow_permissions.sh renamed: bin/hardening/7.4.5_hosts_deny_permissions.sh -> bin/hardening/3.3.5_hosts_deny_permissions.sh renamed: tests/hardening/7.4.5_hosts_deny_permissions.sh -> tests/hardening/3.3.1_install_tcp_wrapper.sh renamed: tests/hardening/7.4.4_hosts_deny.sh -> tests/hardening/3.3.2_hosts_allow.sh renamed: tests/hardening/7.4.3_hosts_allow_permissions.sh -> tests/hardening/3.3.3_hosts_deny.sh renamed: tests/hardening/7.4.2_hosts_allow.sh -> tests/hardening/3.3.4_hosts_allow_permissions.sh renamed: tests/hardening/7.4.1_install_tcp_wrapper.sh -> tests/hardening/3.3.5_hosts_deny_permissions.sh --- ...tcp_wrapper.sh => 3.3.1_install_tcp_wrapper.sh} | 2 +- .../{7.4.2_hosts_allow.sh => 3.3.2_hosts_allow.sh} | 2 +- .../{7.4.4_hosts_deny.sh => 3.3.3_hosts_deny.sh} | 2 +- ...issions.sh => 3.3.4_hosts_allow_permissions.sh} | 14 +++++++++++--- ...missions.sh => 3.3.5_hosts_deny_permissions.sh} | 14 +++++++++++--- ...tcp_wrapper.sh => 3.3.1_install_tcp_wrapper.sh} | 0 .../{7.4.2_hosts_allow.sh => 3.3.2_hosts_allow.sh} | 0 ...ts_allow_permissions.sh => 3.3.3_hosts_deny.sh} | 0 ...ts_deny.sh => 3.3.4_hosts_allow_permissions.sh} | 0 ...missions.sh => 3.3.5_hosts_deny_permissions.sh} | 0 10 files changed, 25 insertions(+), 9 deletions(-) rename bin/hardening/{7.4.1_install_tcp_wrapper.sh => 3.3.1_install_tcp_wrapper.sh} (96%) rename bin/hardening/{7.4.2_hosts_allow.sh => 3.3.2_hosts_allow.sh} (96%) rename bin/hardening/{7.4.4_hosts_deny.sh => 3.3.3_hosts_deny.sh} (97%) rename bin/hardening/{7.4.3_hosts_allow_permissions.sh => 3.3.4_hosts_allow_permissions.sh} (80%) rename bin/hardening/{7.4.5_hosts_deny_permissions.sh => 3.3.5_hosts_deny_permissions.sh} (80%) rename tests/hardening/{7.4.1_install_tcp_wrapper.sh => 3.3.1_install_tcp_wrapper.sh} (100%) rename tests/hardening/{7.4.2_hosts_allow.sh => 3.3.2_hosts_allow.sh} (100%) rename tests/hardening/{7.4.3_hosts_allow_permissions.sh => 3.3.3_hosts_deny.sh} (100%) rename tests/hardening/{7.4.4_hosts_deny.sh => 3.3.4_hosts_allow_permissions.sh} (100%) rename tests/hardening/{7.4.5_hosts_deny_permissions.sh => 3.3.5_hosts_deny_permissions.sh} (100%) diff --git a/bin/hardening/7.4.1_install_tcp_wrapper.sh b/bin/hardening/3.3.1_install_tcp_wrapper.sh similarity index 96% rename from bin/hardening/7.4.1_install_tcp_wrapper.sh rename to bin/hardening/3.3.1_install_tcp_wrapper.sh index 3b5af94..83715d9 100755 --- a/bin/hardening/7.4.1_install_tcp_wrapper.sh +++ b/bin/hardening/3.3.1_install_tcp_wrapper.sh @@ -5,7 +5,7 @@ # # -# 7.4.1 Install TCP Wrappers (Scored) +# 3.3.1 Ensure TCP Wrappers is installed (Scored) # set -e # One error, it's over diff --git a/bin/hardening/7.4.2_hosts_allow.sh b/bin/hardening/3.3.2_hosts_allow.sh similarity index 96% rename from bin/hardening/7.4.2_hosts_allow.sh rename to bin/hardening/3.3.2_hosts_allow.sh index 53525a8..9291c75 100755 --- a/bin/hardening/7.4.2_hosts_allow.sh +++ b/bin/hardening/3.3.2_hosts_allow.sh @@ -5,7 +5,7 @@ # # -# 7.4.2 Create /etc/hosts.allow (Not Scored) +# 3.3.2 Ensure /etc/hosts.allow is configured (Not Scored) # set -e # One error, it's over diff --git a/bin/hardening/7.4.4_hosts_deny.sh b/bin/hardening/3.3.3_hosts_deny.sh similarity index 97% rename from bin/hardening/7.4.4_hosts_deny.sh rename to bin/hardening/3.3.3_hosts_deny.sh index ff95fbc..40c64e2 100755 --- a/bin/hardening/7.4.4_hosts_deny.sh +++ b/bin/hardening/3.3.3_hosts_deny.sh @@ -5,7 +5,7 @@ # # -# 7.4.4 Create /etc/hosts.deny (Not Scored) +# 3.3.3 Ensure /etc/hosts.deny is configured (Not Scored) # set -e # One error, it's over diff --git a/bin/hardening/7.4.3_hosts_allow_permissions.sh b/bin/hardening/3.3.4_hosts_allow_permissions.sh similarity index 80% rename from bin/hardening/7.4.3_hosts_allow_permissions.sh rename to bin/hardening/3.3.4_hosts_allow_permissions.sh index 39949e5..8924613 100755 --- a/bin/hardening/7.4.3_hosts_allow_permissions.sh +++ b/bin/hardening/3.3.4_hosts_allow_permissions.sh @@ -5,17 +5,19 @@ # # -# 7.4.3 Verify Permissions on /etc/hosts.allow (Scored) +# 3.3.4 Ensure permissions on /etc/hosts.allow are configured (Scored) # set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=3 -DESCRIPTION="Check 644 permissions on /hosts.allow ." +DESCRIPTION="Check 644 permissions and root:root ownership on /hosts.allow ." FILE='/etc/hosts.allow' PERMISSIONS='644' +USER='root' +GROUP='root' # This function will be called if the script status is on enabled / audit mode audit () { @@ -24,7 +26,13 @@ audit () { ok "$FILE has correct permissions" else crit "$FILE permissions were not set to $PERMISSIONS" - fi + fi + has_file_correct_ownership $FILE $USER $GROUP + if [ $FNRET = 0 ]; then + ok "$FILE has correct ownership" + else + crit "$FILE ownership was not set to $USER:$GROUP" + fi } # This function will be called if the script status is on enabled mode diff --git a/bin/hardening/7.4.5_hosts_deny_permissions.sh b/bin/hardening/3.3.5_hosts_deny_permissions.sh similarity index 80% rename from bin/hardening/7.4.5_hosts_deny_permissions.sh rename to bin/hardening/3.3.5_hosts_deny_permissions.sh index fa085e2..acedc1e 100755 --- a/bin/hardening/7.4.5_hosts_deny_permissions.sh +++ b/bin/hardening/3.3.5_hosts_deny_permissions.sh @@ -5,17 +5,19 @@ # # -# 7.4.5 Verify Permissions on /etc/hosts.deny (Scored) +# 3.3.5 Verify Permissions on /etc/hosts.deny (Scored) # set -e # One error, it's over set -u # One variable unset, it's over HARDENING_LEVEL=3 -DESCRIPTION="Check 644 permissions on /etc/hosts.deny ." +DESCRIPTION="Check 644 permissions and root:root ownership on /etc/hosts.deny ." FILE='/etc/hosts.deny' PERMISSIONS='644' +USER='root' +GROUP='root' # This function will be called if the script status is on enabled / audit mode audit () { @@ -24,7 +26,13 @@ audit () { ok "$FILE has correct permissions" else crit "$FILE permissions were not set to $PERMISSIONS" - fi + fi + has_file_correct_ownership $FILE $USER $GROUP + if [ $FNRET = 0 ]; then + ok "$FILE has correct ownership" + else + crit "$FILE ownership was not set to $USER:$GROUP" + fi } # This function will be called if the script status is on enabled mode diff --git a/tests/hardening/7.4.1_install_tcp_wrapper.sh b/tests/hardening/3.3.1_install_tcp_wrapper.sh similarity index 100% rename from tests/hardening/7.4.1_install_tcp_wrapper.sh rename to tests/hardening/3.3.1_install_tcp_wrapper.sh diff --git a/tests/hardening/7.4.2_hosts_allow.sh b/tests/hardening/3.3.2_hosts_allow.sh similarity index 100% rename from tests/hardening/7.4.2_hosts_allow.sh rename to tests/hardening/3.3.2_hosts_allow.sh diff --git a/tests/hardening/7.4.3_hosts_allow_permissions.sh b/tests/hardening/3.3.3_hosts_deny.sh similarity index 100% rename from tests/hardening/7.4.3_hosts_allow_permissions.sh rename to tests/hardening/3.3.3_hosts_deny.sh diff --git a/tests/hardening/7.4.4_hosts_deny.sh b/tests/hardening/3.3.4_hosts_allow_permissions.sh similarity index 100% rename from tests/hardening/7.4.4_hosts_deny.sh rename to tests/hardening/3.3.4_hosts_allow_permissions.sh diff --git a/tests/hardening/7.4.5_hosts_deny_permissions.sh b/tests/hardening/3.3.5_hosts_deny_permissions.sh similarity index 100% rename from tests/hardening/7.4.5_hosts_deny_permissions.sh rename to tests/hardening/3.3.5_hosts_deny_permissions.sh