diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2021-04-15 09:35:31 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-15 09:35:31 +0300 |
commit | f41a2ead38cd7dd1f14fedcf4405da61adf37f88 (patch) | |
tree | 16ae3c3c5f41c7965ce706a3fb8866c3900c9bd1 | |
parent | 032ba73987300e17f32301224375aefd1a93bfd4 (diff) | |
parent | 95d2ae0deee7b262efe121efafd33a63f451c1a0 (diff) |
Merge pull request #1130 from ocafebabe/cmd_support
Initial draft for Cmd support
-rw-r--r-- | include/binaries | 1 | ||||
-rw-r--r-- | include/consts | 1 | ||||
-rw-r--r-- | include/tests_accounting | 56 |
3 files changed, 58 insertions, 0 deletions
diff --git a/include/binaries b/include/binaries index 7d6d38c8..95182a2f 100644 --- a/include/binaries +++ b/include/binaries @@ -152,6 +152,7 @@ clang) CLANGBINARY=${BINARY}; COMPILER_INSTALLED=1; LogText " Found known binary: clang (compiler) - ${BINARY}" ;; cfagent) CFAGENTBINARY="${BINARY}"; FILE_INT_TOOL_FOUND=1; LogText " Found known binary: cfengine agent (configuration tool) - ${BINARY}" ;; chkrootkit) CHKROOTKITBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; LogText " Found known binary: chkrootkit (malware scanner) - ${BINARY}" ;; + cmd_daemon) CMDBINARY=${BINARY}; LogText " Found known binary: cmd (audit framework) - ${BINARY}" ;; comm) COMMBINARY="${BINARY}"; LogText " Found known binary: comm (file compare) - ${BINARY}" ;; cryptsetup) CRYPTSETUPBINARY="${BINARY}"; LogText " Found known binary: cryptsetup (block device encryption) - ${BINARY}" ;; csum) CSUMBINARY="${BINARY}"; LogText " Found known binary: csum (hashing tool on AIX) - ${BINARY}" ;; diff --git a/include/consts b/include/consts index 513515cd..fedc7bd7 100644 --- a/include/consts +++ b/include/consts @@ -70,6 +70,7 @@ ETC_PATHS="/etc /usr/local/etc" CLAMCONF_BINARY="" CLAMSCANBINARY="" CLANGBINARY="" + CMDBINARY="" COLORS=1 COMPLIANCE_ENABLE_CIS=0 COMPLIANCE_ENABLE_HIPAA=0 diff --git a/include/tests_accounting b/include/tests_accounting index 666576fb..6954b63f 100644 --- a/include/tests_accounting +++ b/include/tests_accounting @@ -24,7 +24,10 @@ # AUDITD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/audit" AUDITD_CONF_FILE="" + CMD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/cmd" + CMD_CONF_FILE="" LINUX_AUDITD_RUNNING=0 + LINUX_CMD_RUNNING=0 AUDIT_DAEMON_RUNNING=0 SOLARIS_AUDITD_RUNNING=0 # @@ -415,6 +418,59 @@ # ################################################################################# # + # Test : ACCT-9670 + # Description : Check cmd status + if [ -n "${CMDBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no ACCT-9670 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for cmd" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: Check cmd status" + if IsRunning "cmd_daemon"; then + LogText "Result: cmd running" + Display --indent 2 --text "- Checking cmd" --result "${STATUS_ENABLED}" --color GREEN + LINUX_CMD_RUNNING=1 + AUDIT_DAEMON_RUNNING=1 + Report "audit_trail_tool[]=cmd" + Report "linux_cmd_running=1" + AddHP 4 4 + else + LogText "Result: cmd not active" + Display --indent 2 --text "- Checking cmd" --result "${STATUS_NOT_FOUND}" --color WHITE + if [ ! "${VMTYPE}" = "openvz" ]; then + ReportSuggestion "${TEST_NO}" "Install cmd to collect audit information" + fi + AddHP 0 1 + Report "linux_cmd_running=0" + fi + fi +# +################################################################################# +# + # Test : ACCT-9672 + # Description : Check cmd configuration file + if [ -n "${CMDBINARY}" -a ${LINUX_CMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no ACCT-9672 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for cmd configuration file" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: Checking cmd configuration file" + for DIR in ${CMD_CONF_LOCS}; do + if [ -f ${DIR}/config.ini ]; then + CMD_CONF_FILE="${DIR}/config.ini" + LogText "Result: Found ${DIR}/config.ini" + else + LogText "Result: ${DIR}/config.ini not found" + fi + done + # Check if we discovered the configuration file. It should be there is the binaries are available and process is running + if [ -n "${CMD_CONF_FILE}" ]; then + Display --indent 4 --text "- Checking cmd configuration file" --result "${STATUS_OK}" --color GREEN + else + LogText "Result: could not find cmd configuration file" + Display --indent 4 --text "- Checking cmd configuration file" --result "${STATUS_FOUND}" --color RED + ReportSuggestion "${TEST_NO}" "Determine the location of cmd configuration file" + fi + fi +# +################################################################################# +# Report "audit_daemon_running=${AUDIT_DAEMON_RUNNING}" # ################################################################################# |