diff options
| author | (╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW <mostafa.hussein91@gmail.com> | 2017-07-10 16:23:32 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-07-10 16:23:32 +0300 |
| commit | 3b66a22f39f2b45dcaba33f87ef56d99cd30f521 (patch) | |
| tree | 13dc39351dbcba3757edee8ed7b5e7313560e938 | |
| parent | 3a6fa0bb6b2671c36cbf00b2e416a9d360f4a104 (diff) | |
Firewall check updates (#414)
* Check if CSF is running
* Check for APF presence
| -rw-r--r-- | db/tests.db | 1 | ||||
| -rw-r--r-- | include/tests_firewalls | 43 |
2 files changed, 44 insertions, 0 deletions
diff --git a/db/tests.db b/db/tests.db index 58c76345..fd41f429 100644 --- a/db/tests.db +++ b/db/tests.db @@ -135,6 +135,7 @@ FIRE-4538:test:security:firewalls:Linux:Check nftables basic configuration: FIRE-4540:test:security:firewalls:Linux:Test for empty nftables configuration: FIRE-4586:test:security:firewalls::Check firewall logging: FIRE-4590:test:security:firewalls::Check firewall status: +FIRE-4594:test:security:firewalls::Check for APF presence: HOME-9302:test:security:homedirs::Create list with home directories: HOME-9310:test:security:homedirs::Checking for suspicious shell history files: HOME-9350:test:security:homedirs::Collecting information from home directories: diff --git a/include/tests_firewalls b/include/tests_firewalls index aa5d5fe6..b4ea4f05 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -321,6 +321,13 @@ else Display --indent 4 --text "- Check if CSF testing mode is disabled" --result "${STATUS_WARNING}" --color RED fi + + LogText "Test: check if CSF is running" + if [ ! -f /etc/csf/csf.disable ]; then + Display --indent 4 --text "- Check if CSF is running" --result "${STATUS_OK}" --color GREEN + else + Display --indent 4 --text "- Check if CSF is running" --result "${STATUS_WARNING}" --color RED + fi else LogText "Result: ${FILE} does NOT exist" fi @@ -513,6 +520,42 @@ # ################################################################################# # + # Test : FIRE-4594 + # Description : Check for APF (Advanced Policy Firewall) + Register --test-no FIRE-4592 --weight L --network NO --category security --description "Check for APF presence" + if [ ! -z "${IPTABLESBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ${SKIPTEST} -eq 0 ]; then + FILE="/etc/apf/conf.apf" + LogText "Test: check ${FILE}" + if [ -f ${FILE} ]; then + LogText "Result: ${FILE} exists" + FIREWALL_ACTIVE=1 + FIREWALL_SOFTWARE="apf" + Report "firewall_software[]=apf" + Display --indent 2 --text "- Checking APF status (configuration file)" --result "${STATUS_FOUND}" --color GREEN + + LogText "Test: check if APF testing mode is disabled" + FIND=$(${GREPBINARY} -P "^DEVEL_MODE(\s|=)" ${FILE} | ${CUTBINARY} -d= -f2 | ${XARGSBINARY}) + if [ "${FIND}" = "0" ]; then + Display --indent 4 --text "- Check if APF testing mode is disabled" --result "${STATUS_OK}" --color GREEN + else + Display --indent 4 --text "- Check if APF testing mode is disabled" --result "${STATUS_WARNING}" --color RED + fi + + LogText "Test: check if APF is running" + FIND=$(${IPTABLESBINARY} -L -n | ${GREPBINARY} -iom1 sanity | ${WCBINARY} -l) + if [ "${FIND}" = "1" ]; then + Display --indent 4 --text "- Check if APF is running" --result "${STATUS_OK}" --color GREEN + else + Display --indent 4 --text "- Check if APF is running" --result "${STATUS_WARNING}" --color RED + fi + else + LogText "Result: ${FILE} does NOT exist" + fi + fi +# +################################################################################# +# # Report firewall installed for now, if we found one active. Next step would be determining binaries first and apply additional checks. Report "firewall_active=${FIREWALL_ACTIVE}" |