From 909dde9f18ebe2fa300600d67ceee8cd936cdbe3 Mon Sep 17 00:00:00 2001 From: "thibault.dewailly" Date: Thu, 14 Apr 2016 23:05:58 +0200 Subject: [PATCH] 8.3.2_tripwire_cron.sh --- bin/hardening/8.2.5_syslog-ng_remote_host.sh | 5 +- bin/hardening/8.3.2_tripwire_cron.sh | 56 ++++++++++++++++++++ etc/conf.d/8.2.5_syslog-ng_remote_host.cfg | 1 + etc/conf.d/8.3.2_tripwire_cron.cfg | 2 + 4 files changed, 61 insertions(+), 3 deletions(-) create mode 100755 bin/hardening/8.3.2_tripwire_cron.sh create mode 100644 etc/conf.d/8.3.2_tripwire_cron.cfg diff --git a/bin/hardening/8.2.5_syslog-ng_remote_host.sh b/bin/hardening/8.2.5_syslog-ng_remote_host.sh index 5937650..50e1729 100755 --- a/bin/hardening/8.2.5_syslog-ng_remote_host.sh +++ b/bin/hardening/8.2.5_syslog-ng_remote_host.sh @@ -12,13 +12,11 @@ set -e # One error, it's over set -u # One variable unset, it's over -#destination d_httpd_error { tcp("10.1.0.31" log_fifo_size(100000000) template("<187>$MSGHDR$MSG\n") template_escape(no)); }; - PATTERN='^destination.*(tcp|udp)[[:space:]]*\([[:space:]]*\".*\"[[:space:]]*\)' -FILES='/etc/syslog-ng/syslog-ng.conf /etc/syslog-ng/conf.d/*' # This function will be called if the script status is on enabled / audit mode audit () { + FILES="$SYSLOG_BASEDIR/syslog-ng.conf $SYSLOG_BASEDIR/conf.d/*" does_pattern_exists_in_file "$FILES" "$PATTERN" if [ $FNRET != 0 ]; then crit "$PATTERN not present in $FILES" @@ -29,6 +27,7 @@ audit () { # This function will be called if the script status is on enabled mode apply () { + FILES="$SYSLOG_BASEDIR/syslog-ng.conf $SYSLOG_BASEDIR/conf.d/*" does_pattern_exists_in_file "$FILES" "$PATTERN" if [ $FNRET != 0 ]; then crit "$PATTERN not present in $FILES, please set a remote host to send your logs" diff --git a/bin/hardening/8.3.2_tripwire_cron.sh b/bin/hardening/8.3.2_tripwire_cron.sh new file mode 100755 index 0000000..b6758a9 --- /dev/null +++ b/bin/hardening/8.3.2_tripwire_cron.sh @@ -0,0 +1,56 @@ +#!/bin/bash + +# +# CIS Debian 7 Hardening +# Authors : Thibault Dewailly, OVH +# + +# +# 8.3.2 Implement Periodic Execution of File Integrity (Scored) +# + +set -e # One error, it's over +set -u # One variable unset, it's over + +FILES='/etc/crontab /etc/cron.d/*' +PATTERN='tripwire --check' + +# This function will be called if the script status is on enabled / audit mode +audit () { + does_pattern_exists_in_file "$FILES" "$PATTERN" + if [ $FNRET != 0 ]; then + crit "$PATTERN not present in $FILES" + else + ok "$PATTERN present in $FILES" + fi +} + +# This function will be called if the script status is on enabled mode +apply () { + does_pattern_exists_in_file "$FILES" "$PATTERN" + if [ $FNRET != 0 ]; then + warn "$PATTERN not present in $FILES, setting tripwire cron" + echo "0 10 * * * root /usr/sbin/tripwire --check > /dev/shm/tripwire_check 2>&1 " > /etc/cron.d/CIS_8.3.2_tripwire + else + ok "$PATTERN present in $FILES" + fi +} + +# This function will check config parameters required +check_config() { + : +} + +# Source Root Dir Parameter +if [ ! -r /etc/default/cis-hardenning ]; then + echo "There is no /etc/default/cis-hardenning file, cannot source CIS_ROOT_DIR variable, aborting" + exit 128 +else + . /etc/default/cis-hardenning + if [ -z $CIS_ROOT_DIR ]; then + echo "No CIS_ROOT_DIR variable, aborting" + fi +fi + +# Main function, will call the proper functions given the configuration (audit, enabled, disabled) +[ -r $CIS_ROOT_DIR/lib/main.sh ] && . $CIS_ROOT_DIR/lib/main.sh diff --git a/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg b/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg index e1e4502..83a0977 100644 --- a/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg +++ b/etc/conf.d/8.2.5_syslog-ng_remote_host.cfg @@ -1,2 +1,3 @@ # Configuration for script of same name status=enabled +SYSLOG_BASEDIR='/etc/syslog-ng' diff --git a/etc/conf.d/8.3.2_tripwire_cron.cfg b/etc/conf.d/8.3.2_tripwire_cron.cfg new file mode 100644 index 0000000..e1e4502 --- /dev/null +++ b/etc/conf.d/8.3.2_tripwire_cron.cfg @@ -0,0 +1,2 @@ +# Configuration for script of same name +status=enabled