diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2021-01-07 17:16:34 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-07 17:16:34 +0300 |
| commit | ab1111c0ed270f4f45bc5fd47ff994f8711eb69e (patch) | |
| tree | 3f311652d5d7d9343b61563096c5d781da9664e4 | |
| parent | 74fbc870b32ca7d138d4bc1adb4cc01beb9ce6b5 (diff) | |
| parent | de848cb76a1d336bf4b8f46da490fc8b8d14a66e (diff) | |
Merge pull request #905 from topimiettinen/check-non-native-binary-formats
Check for registered non-native binary formats
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | db/tests.db | 1 | ||||
| -rw-r--r-- | include/tests_hardening | 21 |
3 files changed, 23 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 3838658c..b16be447 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -150,6 +150,7 @@ Using the relevant options, the scan will change base on the intended goal. - New test: FINT-4316 - presence of AIDE database and size test - New test: FINT-4340 - check dm-integrity status (Linux) - New test: FINT-4341 - verify status of dm-verity (Linux) +- New test: HRDN-7231 - check for registered non-native binary formats - New test: INSE-8314 - test for NIS client - New test: INSE-8316 - test for NIS server - New test: NETW-2400 - test hostname for valid characters and length diff --git a/db/tests.db b/db/tests.db index f9f8a3f7..bb31972b 100644 --- a/db/tests.db +++ b/db/tests.db @@ -171,6 +171,7 @@ HOME-9350:test:security:homedirs::Collecting information from home directories: HRDN-7220:test:security:hardening::Check if one or more compilers are installed: HRDN-7222:test:security:hardening::Check compiler permissions: HRDN-7230:test:security:hardening::Check for malware scanner: +HRDN-7231:test:security:hardening:Linux:Check for registered non-native binary formats: HTTP-6622:test:security:webservers::Checking Apache presence: HTTP-6624:test:security:webservers::Testing main Apache configuration file: HTTP-6626:test:security:webservers::Testing other Apache configuration file: diff --git a/include/tests_hardening b/include/tests_hardening index 4feff7c6..16e13374 100644 --- a/include/tests_hardening +++ b/include/tests_hardening @@ -107,6 +107,27 @@ # ################################################################################# # + # Test : HRDN-7231 + # Description : Check for registered non-native binary formats + Register --test-no HRDN-7231 --os Linux --weight L --network NO --category security --description "Check for registered non-native binary formats" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: Check for registered non-native binary formats" + NFORMATS=0 + if [ -d /proc/sys/fs/binfmt_misc ]; then + NFORMATS=$(${FINDBINARY} /proc/sys/fs/binfmt_misc -type f -not -name register -not -name status | ${WCBINARY} --lines) + fi + if [ ${NFORMATS} -eq 0 ]; then + LogText "Result: no non-native binary formats found" + Display --indent 4 --text "- Non-native binary formats" --result "${STATUS_NOT_FOUND}" --color GREEN + else + FORMATS=$(${FINDBINARY} /proc/sys/fs/binfmt_misc -type f -not -name register -not -name status -printf '%f ') + LogText "Result: found ${NFORMATS} non-native binary formats registered: ${FORMATS}" + Display --indent 4 --text "- Non-native binary formats" --result "${STATUS_FOUND}" --color RED + fi + fi +# +################################################################################# +# # LogText "--------------------------------------------------------------------" # LogText "| System part | Preferred value | Actual value | Points |" # LogText "| [!] Compiler installed | 0 | [${COMPILER_INSTALLED}] | x |" |