forked from fbprogmbh/Audit-Test-Automation
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request fbprogmbh#545 from fbprogmbh/ticket_524
Ticket 524
- Loading branch information
Showing
17 changed files
with
433 additions
and
239 deletions.
There are no files selected for viewing
537 changes: 298 additions & 239 deletions
537
ATAPAuditor/AuditGroups/SUSE Linux Enterprise 15-CIS-1.1.1.ps1
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
grep -E -i "(\\\v|\\\r|\\\m|\\\s|$(grep '^ID=' /etc/os-release | cut -d= -f2 | sed -e 's/"//g'))" /etc/issue.net |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $1!~/^\+/ && $3<'"$(awk '/^\s*UID_MIN/{print $2}' /etc/login.defs)"' && $7!="'"$(which nologin)"'" && $7!="/bin/false") {print}' /etc/passwd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
awk -F: '($1!="root" && $1!~/^\+/ && $3<'"$(awk '/^\s*UID_MIN/{print $2}' /etc/login.defs)"') {print $1}' /etc/passwd | xargs -I '{}' passwd -S '{}' | awk '($2!="L" && $2!="LK") {print $1}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/bash | ||
for f in /etc/profile.d/*.sh ; do | ||
grep -Eq '(^|^[^#]*;)\s*(readonly|export(\s+[^$#;]+\s*)*)?\s*TMOUT=(900|[1-8][0-9][0-9]|[1-9][0-9]|[1-9])\b' $f && grep -Eq '(^|^[^#]*;)\s*readonly\s+TMOUT\b' $f && grep -Eq '(^|^[^#]*;)\s*export\s+([^$#;]+\s+)*TMOUT\b' $f && echo "TMOUT correctly configured in file: $f"; | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
awk -F: '($2 != "x" ) { print $1 " is not set to shadowed passwords "}' /etc/passwd |
10 changes: 10 additions & 0 deletions
10
ATAPAuditor/Helpers/ShellScripts/SLE_15/CIS-SEL15-6.2.10.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
#!/bin/bash | ||
awk -F: '($1 !~ /^(root|halt|sync|shutdown)$/ && $7 != "'"$(which nologin)"'" && $7 != "/bin/false" && $7 != "/usr/bin/false") { print $1 " " $6 }' /etc/passwd | while read user dir; do | ||
if [ ! -d "$dir" ]; then | ||
echo "The home directory ($dir) of user $user does not exist." | ||
else | ||
if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then | ||
echo ".netrc file $dir/.netrc exists" | ||
fi | ||
fi | ||
done |
30 changes: 30 additions & 0 deletions
30
ATAPAuditor/Helpers/ShellScripts/SLE_15/CIS-SEL15-6.2.11.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
#!/bin/bash | ||
awk -F: '($1 !~ /^(root|halt|sync|shutdown)$/ && $7 != "'"$(which nologin)"'" && $7 != "/bin/false" && $7 != "/usr/bin/false") { print $1 " " $6 }' /etc/passwd | while read user dir; do | ||
if [ ! -d "$dir" ]; then | ||
echo "The home directory ($dir) of user $user does not exist." | ||
else | ||
for file in $dir/.netrc; do | ||
if [ ! -h "$file" -a -f "$file" ]; then | ||
fileperm=$(ls -ld $file | cut -f1 -d" ") | ||
if [ $(echo $fileperm | cut -c5) != "-" ]; then | ||
echo "Group Read set on $file" | ||
fi | ||
if [ $(echo $fileperm | cut -c6) != "-" ]; then | ||
echo "Group Write set on $file" | ||
fi | ||
if [ $(echo $fileperm | cut -c7) != "-" ]; then | ||
echo "Group Execute set on $file" | ||
fi | ||
if [ $(echo $fileperm | cut -c8) != "-" ]; then | ||
echo "Other Read set on $file" | ||
fi | ||
if [ $(echo $fileperm | cut -c9) != "-" ]; then | ||
echo "Other Write set on $file" | ||
fi | ||
if [ $(echo $fileperm | cut -c10) != "-" ]; then | ||
echo "Other Execute set on $file" | ||
fi | ||
fi | ||
done | ||
fi | ||
done |
12 changes: 12 additions & 0 deletions
12
ATAPAuditor/Helpers/ShellScripts/SLE_15/CIS-SEL15-6.2.12.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
#!/bin/bash | ||
awk -F: '($1 !~ /^(root|halt|sync|shutdown)$/ && $7 != "'"$(which nologin)"'" && $7 != "/bin/false" && $7 != "/usr/bin/false") { print $1 " " $6 }' /etc/passwd | while read user dir; do | ||
if [ ! -d "$dir" ]; then | ||
echo "The home directory ($dir) of user $user does not exist." | ||
else | ||
for file in $dir/.rhosts; do | ||
if [ ! -h "$file" -a -e "$file" ]; then | ||
echo ".rhosts file in $dir" | ||
fi | ||
done | ||
fi | ||
done |
2 changes: 2 additions & 0 deletions
2
ATAPAuditor/Helpers/ShellScripts/SLE_15/CIS-SEL15-6.2.18_1.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
grep ^shadow:[^:]*:[^:]*:[^:]+ /etc/group |
2 changes: 2 additions & 0 deletions
2
ATAPAuditor/Helpers/ShellScripts/SLE_15/CIS-SEL15-6.2.18_2.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
awk -F: '($4 == "<shadow-gid>") { print }' /etc/passwd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
#!/bin/bash | ||
awk -F: '($2 == "" ) { print $1 " does not have a password "}' /etc/shadow |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
#!/bin/bash | ||
grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read -r user dir; do | ||
if [ ! -d "$dir" ]; then | ||
echo "The home directory ($dir) of user $user does not exist." | ||
fi | ||
done |
20 changes: 20 additions & 0 deletions
20
ATAPAuditor/Helpers/ShellScripts/SLE_15/CIS-SEL15-6.2.6.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
#!/bin/bash | ||
grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do | ||
if [ ! -d "$dir" ]; then | ||
echo "The home directory ($dir) of user $user does not exist." | ||
else | ||
dirperm=$(ls -ld $dir | cut -f1 -d" ") | ||
if [ $(echo $dirperm | cut -c6) != "-" ]; then | ||
echo "Group Write permission set on the home directory ($dir) of user $user" | ||
fi | ||
if [ $(echo $dirperm | cut -c8) != "-" ]; then | ||
echo "Other Read permission set on the home directory ($dir) of user $user" | ||
fi | ||
if [ $(echo $dirperm | cut -c9) != "-" ]; then | ||
echo "Other Write permission set on the home directory ($dir) of user $user" | ||
fi | ||
if [ $(echo $dirperm | cut -c10) != "-" ]; then | ||
echo "Other Execute permission set on the home directory ($dir) of user $user" | ||
fi | ||
fi | ||
done |
11 changes: 11 additions & 0 deletions
11
ATAPAuditor/Helpers/ShellScripts/SLE_15/CIS-SEL15-6.2.7.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
#!/bin/bash | ||
grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do | ||
if [ ! -d "$dir" ]; then | ||
echo "The home directory ($dir) of user $user does not exist." | ||
else | ||
owner=$(stat -L -c "%U" "$dir") | ||
if [ "$owner" != "$user" ]; then | ||
echo "The home directory ($dir) of user $user is owned by $owner." | ||
fi | ||
fi | ||
done |
18 changes: 18 additions & 0 deletions
18
ATAPAuditor/Helpers/ShellScripts/SLE_15/CIS-SEL15-6.2.8.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
#!/bin/bash | ||
grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do | ||
if [ ! -d "$dir" ]; then | ||
echo "The home directory ($dir) of user $user does not exist." | ||
else | ||
for file in $dir/.[A-Za-z0-9]*; do | ||
if [ ! -h "$file" -a -f "$file" ]; then | ||
fileperm=$(ls -ld $file | cut -f1 -d" ") | ||
if [ $(echo $fileperm | cut -c6) != "-" ]; then | ||
echo "Group Write permission set on file $file" | ||
fi | ||
if [ $(echo $fileperm | cut -c9) != "-" ]; then | ||
echo "Other Write permission set on file $file" | ||
fi | ||
fi | ||
done | ||
fi | ||
done |
10 changes: 10 additions & 0 deletions
10
ATAPAuditor/Helpers/ShellScripts/SLE_15/CIS-SEL15-6.2.9.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
#!/bin/bash | ||
awk -F: '($1 !~ /^(root|halt|sync|shutdown)$/ && $7 != "'"$(which nologin)"'" && $7 != "/bin/false" && $7 != "/usr/bin/false") { print $1 " " $6 }' /etc/passwd | while read user dir; do | ||
if [ ! -d "$dir" ] ; then | ||
echo "The home directory ($dir) of user $user does not exist." | ||
else | ||
if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then | ||
echo ".forward file $dir/.forward exists" | ||
fi | ||
fi | ||
done |