Initial draft for Cmd support

author: Christian Bourque <christian.bourque@gmail.com> 2021-04-02 03:37:29 +0300
committer: Christian Bourque <christian.bourque@gmail.com> 2021-04-02 03:37:29 +0300
commit: 7b632bdbfae3d4cb4656066c2ec06e0873c19e26 (patch)
tree: 9714e894011823a70116c478c2503428010ce653
parent: 21219c91eb08ad224853dd60d3b95e0b8d344141 (diff)
3 files changed, 58 insertions, 0 deletions
diff --git a/include/binaries b/include/binaries
index 7d6d38c8..95182a2f 100644
--- a/include/binaries
+++ b/include/binaries
@@ -152,6 +152,7 @@
                             clang)                  CLANGBINARY=${BINARY};             COMPILER_INSTALLED=1;  LogText "  Found known binary: clang (compiler) - ${BINARY}" ;;
                             cfagent)                CFAGENTBINARY="${BINARY}";         FILE_INT_TOOL_FOUND=1;                 LogText "  Found known binary: cfengine agent (configuration tool) - ${BINARY}" ;;
                             chkrootkit)             CHKROOTKITBINARY="${BINARY}";      MALWARE_SCANNER_INSTALLED=1;           LogText "  Found known binary: chkrootkit (malware scanner) - ${BINARY}" ;;
+                            cmd_daemon)             CMDBINARY=${BINARY};               LogText "  Found known binary: cmd (audit framework) - ${BINARY}" ;;
                             comm)                   COMMBINARY="${BINARY}";            LogText "  Found known binary: comm (file compare) - ${BINARY}" ;;
                             cryptsetup)             CRYPTSETUPBINARY="${BINARY}";      LogText "  Found known binary: cryptsetup (block device encryption) - ${BINARY}" ;;
                             csum)                   CSUMBINARY="${BINARY}";            LogText "  Found known binary: csum (hashing tool on AIX) - ${BINARY}" ;;
diff --git a/include/consts b/include/consts
index 513515cd..fedc7bd7 100644
--- a/include/consts
+++ b/include/consts
@@ -70,6 +70,7 @@ ETC_PATHS="/etc /usr/local/etc"
     CLAMCONF_BINARY=""
     CLAMSCANBINARY=""
     CLANGBINARY=""
+    CMDBINARY=""
     COLORS=1
     COMPLIANCE_ENABLE_CIS=0
     COMPLIANCE_ENABLE_HIPAA=0
diff --git a/include/tests_accounting b/include/tests_accounting
index 666576fb..9ae07e32 100644
--- a/include/tests_accounting
+++ b/include/tests_accounting
@@ -24,7 +24,10 @@
 #
     AUDITD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/audit"
     AUDITD_CONF_FILE=""
+    CMD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/cmd"
+    CMD_CONF_FILE=""
     LINUX_AUDITD_RUNNING=0
+    LINUX_CMD_RUNNING=0
     AUDIT_DAEMON_RUNNING=0
     SOLARIS_AUDITD_RUNNING=0
 #
@@ -415,6 +418,59 @@
 #
 #################################################################################
 #
+    # Test        : ACCT-9670
+    # Description : Check cmd status
+    if [ -n "${CMDBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9670 --os Linux --weight L --network NO --category security --description "Check for cmd"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        LogText "Test: Check cmd status"
+        if IsRunning "cmd_daemon"; then
+            LogText "Result: cmd running"
+            Display --indent 2 --text "- Checking cmd" --result "${STATUS_ENABLED}" --color GREEN
+            LINUX_CMD_RUNNING=1
+            AUDIT_DAEMON_RUNNING=1
+            Report "audit_trail_tool[]=cmd"
+            Report "linux_cmd_running=1"
+            AddHP 4 4
+        else
+            LogText "Result: cmd not active"
+            Display --indent 2 --text "- Checking cmd" --result "${STATUS_NOT_FOUND}" --color WHITE
+            if [ ! "${VMTYPE}" = "openvz" ]; then
+                ReportSuggestion "${TEST_NO}" "Install cmd to collect audit information"
+            fi
+            AddHP 0 1
+            Report "linux_cmd_running=0"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : ACCT-9672
+    # Description : Check cmd configuration file
+    if [ -n "${CMDBINARY}" -a ${LINUX_CMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no ACCT-9672 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for cmd configuration file"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        LogText "Test: Checking cmd configuration file"
+        for DIR in ${CMD_CONF_LOCS}; do
+            if [ -f ${DIR}/config.ini ]; then
+                CMD_CONF_FILE="${DIR}/config.ini"
+                LogText "Result: Found ${DIR}/config.ini"
+            else
+                LogText "Result: ${DIR}/config.ini not found"
+            fi
+        done
+        # Check if we discovered the configuration file. It should be there is the binaries are available and process is running
+        if [ -n "${CMD_CONF_FILE}" ]; then
+            Display --indent 4 --text "- Checking cmd configuration file" --result "${STATUS_OK}" --color GREEN
+        else
+            LogText "Result: could not find cmd configuration file"
+            Display --indent 4 --text "- Checking cmd configuration file" --result "${STATUS_FOUND}" --color RED
+            ReportSuggestion "${TEST_NO}" "Determine the location of cmd configuration file"
+        fi
+    fi
+#
+#################################################################################
+#
     Report "audit_daemon_running=${AUDIT_DAEMON_RUNNING}"
 #
 #################################################################################
author	Christian Bourque <christian.bourque@gmail.com>	2021-04-02 03:37:29 +0300
committer	Christian Bourque <christian.bourque@gmail.com>	2021-04-02 03:37:29 +0300
commit	7b632bdbfae3d4cb4656066c2ec06e0873c19e26 (patch)
tree	9714e894011823a70116c478c2503428010ce653
parent	21219c91eb08ad224853dd60d3b95e0b8d344141 (diff)