mirror of
https://github.com/ovh/debian-cis.git
synced 2025-02-18 08:25:40 +01:00
80a1146af7
Add func to find pattern in file that spreads over multiple lines
The func will remove commented lines (that begin with '#')
and consider the file as one long line.
Thus, this is not possible to look for pattern at beginning of line
with this func ('^' and '$')
Improved pattern in 8.2.5
Add syslog-ng to installed dependencies in Dockerfiles
Fixed multifile arguments when looking for pattern that got broken
in d2bbf754 due to "nocase" and _does_pattern_exist_in_file wrapper
Please note that you can only look for pattern in ONE FILE at once
Fixed 8.2.5 and 8.3.2 with for loop on files and 'FOUND' flag
You now need to specify each and every file to look for or embed a
'find' command as follow :
`FILES="$SYSLOG_BASEDIR/syslog-ng.conf $(find $SYSLOG_BASEDIR/conf.d/)"`
Improved test files
Applied shellcheck recommendations
84 lines
2.2 KiB
Bash
Executable File
84 lines
2.2 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
#
|
|
# CIS Debian Hardening
|
|
#
|
|
|
|
#
|
|
# 8.2.5 Configure rsyslog to Send Logs to a Remote Log Host (Scored)
|
|
#
|
|
|
|
set -e # One error, it's over
|
|
set -u # One variable unset, it's over
|
|
|
|
HARDENING_LEVEL=3
|
|
DESCRIPTION="Configure syslog-ng to send logs to a remote log host."
|
|
|
|
PATTERN='destination[[:alnum:][:space:]*{]+(tcp|udp)[[:space:]]*\(\"[[:alnum:].]+\".'
|
|
|
|
# This function will be called if the script status is on enabled / audit mode
|
|
audit () {
|
|
FOUND=0
|
|
FILES="$SYSLOG_BASEDIR/syslog-ng.conf $(find $SYSLOG_BASEDIR/conf.d/)"
|
|
for FILE in $FILES; do
|
|
does_pattern_exist_in_file_multiline "$FILE" "$PATTERN"
|
|
if [ $FNRET == 0 ]; then
|
|
FOUND=1
|
|
fi
|
|
done
|
|
|
|
if [ $FOUND == 1 ]; then
|
|
ok "$PATTERN is present in $FILES"
|
|
else
|
|
crit "$PATTERN is not present in $FILES"
|
|
fi
|
|
}
|
|
|
|
# This function will be called if the script status is on enabled mode
|
|
apply () {
|
|
FOUND=0
|
|
FILES="$SYSLOG_BASEDIR/syslog-ng.conf $(find $SYSLOG_BASEDIR/conf.d/ -type f)"
|
|
for FILE in $FILES; do
|
|
does_pattern_exist_in_file_multiline "$FILE" "$PATTERN"
|
|
if [ $FNRET == 0 ]; then
|
|
FOUND=1
|
|
fi
|
|
done
|
|
if [ $FOUND == 1 ]; then
|
|
ok "$PATTERN is present in $FILES"
|
|
else
|
|
crit "$PATTERN is not present in $FILES, please set a remote host to send your logs"
|
|
fi
|
|
}
|
|
|
|
# This function will create the config file for this check with default values
|
|
create_config() {
|
|
cat <<EOF
|
|
status=audit
|
|
SYSLOG_BASEDIR='/etc/syslog-ng'
|
|
EOF
|
|
}
|
|
|
|
# This function will check config parameters required
|
|
check_config() {
|
|
:
|
|
}
|
|
|
|
# Source Root Dir Parameter
|
|
if [ -r /etc/default/cis-hardening ]; then
|
|
. /etc/default/cis-hardening
|
|
fi
|
|
if [ -z "$CIS_ROOT_DIR" ]; then
|
|
echo "There is no /etc/default/cis-hardening file nor cis-hardening directory in current environment."
|
|
echo "Cannot source CIS_ROOT_DIR variable, aborting."
|
|
exit 128
|
|
fi
|
|
|
|
# Main function, will call the proper functions given the configuration (audit, enabled, disabled)
|
|
if [ -r $CIS_ROOT_DIR/lib/main.sh ]; then
|
|
. $CIS_ROOT_DIR/lib/main.sh
|
|
else
|
|
echo "Cannot find main.sh, have you correctly defined your root directory? Current value is $CIS_ROOT_DIR in /etc/default/cis-hardening"
|
|
exit 128
|
|
fi
|