Added support for arch-audit tooling

author: Michael Boelen <michael.boelen@cisofy.com> 2016-09-24 15:49:14 +0300
committer: Michael Boelen <michael.boelen@cisofy.com> 2016-09-24 15:49:14 +0300
commit: db419495bf8daa3bc996aeb3992e0b2ae65649a4 (patch)
tree: ad83c0a09fafee5df02c79f423acc87b1e6983ff
parent: 9d91f7dac7e3ab9199bff8907154632b795c1c83 (diff)
2 files changed, 44 insertions, 0 deletions
diff --git a/include/binaries b/include/binaries
index 86037242..de9a67ec 100644
--- a/include/binaries
+++ b/include/binaries
@@ -83,6 +83,10 @@
                             afick.pl)               AFICKFOUND=1;          AFICKBINARY=${BINARY};                                                         LogText "  Found known binary: afick (file integrity checker) - ${BINARY}"                                ;;
                             aide)                   AIDEFOUND=1;           AIDEBINARY=${BINARY};                                                          LogText "  Found known binary: aide (file integrity checker) - ${BINARY}"                                 ;;
                             apache2)                if [ -f ${BINARY} ]; then HTTPDFOUND=1;          HTTPDBINARY=${BINARY};                               LogText "  Found known binary: apache2 (web server) - ${BINARY}";                                      fi ;;
+                            arch-audit)
+                                                    ARCH_AUDIT_BINARY="${BINARY}"
+                                                    LogText "  Found known binary: arch-audit (auditing utility to test for vulnerable packages) - ${BINARY}"
+                            ;;
                             auditd)                 AUDITDFOUND=1;         AUDITDBINARY=${BINARY};                                                        LogText "  Found known binary: auditd (audit framework) - ${BINARY}"                                      ;;
                             awk)                    if [ -f ${BINARY} ]; then AWKFOUND=1;                          AWKBINARY=${BINARY};                   LogText "  Found known binary: awk (string tool) - ${BINARY}";                                         fi ;;
                             dig)                    DIGFOUND=1;            DIGBINARY=${BINARY};                                                           LogText "  Found known binary: dig (nameservice tool) - ${BINARY}"                                        ;;
diff --git a/include/tests_ports_packages b/include/tests_ports_packages
index 596e38f3..9cb9a3fc 100644
--- a/include/tests_ports_packages
+++ b/include/tests_ports_packages
@@ -277,6 +277,46 @@
 #
 #################################################################################
 #
+    # Test        : PKGS-7320
+    # Description : Check available of arch-audit
+    if [ "${OSNAME}" = "Arch Linux" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux"; fi
+    Register --test-no PKGS-7320 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking for arch-audit tooling"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -z "${ARCH_AUDIT_BINARY}" ]; then
+            LogText "Result: no arch-audit binary found"
+            AddHP 1 2
+            ReportSuggestion "${TEST_NO}" "Consider installing arch-audit to determine vulnerable packages" "arch-audit" "text:Install arch-audit"
+        else
+            LogText "Result: arch-audit binary found (${ARCH_AUDIT_BINARY})"
+            AddHP 3 3
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : PKGS-7322
+    # Description : Discover vulnerable packages with arch-audit
+    if [ ! -z "${ARCH_AUDIT_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="arch-audit not found"; fi
+    Register --test-no PKGS-7322 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Discover vulnerable packages with arch-audit"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        LogText "Test: checking arch-audit output for vulnerable packages"
+        FIND=$(${ARCH_AUDIT_BINARY} | sed 's/\.\..*$//' | sed 's/, //g' | sed 's/\(\["\|"\]\)//g' | sed 's/""/,/g' | awk '{ if($1=="Package") { print $2"|"$6"|"}}' | awk -F'|' 'NF>1{a[$1] = a[$1]","$2}END{for(i in a){print i""a[i]}}' | sed 's/,/|cve=/' | sort | grep --color=auto "^[a-z]\+")
+        if [ -z "${FIND}" ]; then
+            LogText "Result: no vulnerable packages found with arch-audit"
+            AddHP 10 10
+        else
+            LogText "Result: found one or more vulnerable packages"
+            for ITEM in ${FIND}; do
+                LogText "Found line: ${ITEM}"
+                Report "vulnerable_package[]=${ITEM}"
+                AddHP 1 2
+            done
+            ReportWarning "${TEST_NO}" "Vulnerable packages found" "arch-audit" "text:Check output of arch-audit"
+        fi
+    fi
+#
+#################################################################################
+#
     # Test        : PKGS-7328
     # Description : Check installed packages with Zypper
     if [ ! "${ZYPPERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
author	Michael Boelen <michael.boelen@cisofy.com>	2016-09-24 15:49:14 +0300
committer	Michael Boelen <michael.boelen@cisofy.com>	2016-09-24 15:49:14 +0300
commit	db419495bf8daa3bc996aeb3992e0b2ae65649a4 (patch)
tree	ad83c0a09fafee5df02c79f423acc87b1e6983ff
parent	9d91f7dac7e3ab9199bff8907154632b795c1c83 (diff)