diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2017-04-30 18:59:35 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-04-30 18:59:35 +0300 |
| commit | 4ecb9d4d05124b813cd4d7ddcaf5671c2f4c4765 (patch) | |
| tree | 282f5a4e9e3530ada04d00bda3e8ac118cf70bbd /include/tests_banners | |
| parent | 5ccd0912cf74f5d3dd07e5ed5fe0e6a30571fbb5 (diff) | |
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests
Diffstat (limited to 'include/tests_banners')
| -rw-r--r-- | include/tests_banners | 192 |
1 files changed, 67 insertions, 125 deletions
diff --git a/include/tests_banners b/include/tests_banners index 24490572..1596bc43 100644 --- a/include/tests_banners +++ b/include/tests_banners @@ -26,7 +26,7 @@ # ################################################################################# # - BANNER_FILES="/etc/issue /etc/issue.net /etc/motd" + BANNER_FILES="${ROOTDIR}etc/issue ${ROOTDIR}etc/issue.net ${ROOTDIR}etc/motd" LEGAL_BANNER_STRINGS="audit access authori connect enforce evidence intrusion law legal monitor owner policy policies private prohibited record restricted secure subject terms this unauthorized" # ################################################################################# @@ -35,109 +35,51 @@ # Description : Check FreeBSD COPYRIGHT banner file Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --category security --description "Check COPYRIGHT banner file" if [ ${SKIPTEST} -eq 0 ]; then - LogText "Test: Testing existence /COPYRIGHT or /etc/COPYRIGHT" - if [ -f /COPYRIGHT ]; then - Display --indent 2 --text "- /COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN - if [ -s /COPYRIGHT ]; then - LogText "Result: /COPYRIGHT available and contains text" - else - LogText "Result: /COPYRIGHT available, but empty" + LogText "Test: Testing existence ${ROOTDIR}COPYRIGHT or ${ROOTDIR}etc/COPYRIGHT" + if [ -f ${ROOTDIR}COPYRIGHT ]; then + Display --indent 2 --text "- ${ROOTDIR}COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN + if [ -s ${ROOTDIR}COPYRIGHT ]; then + LogText "Result: ${ROOTDIR}COPYRIGHT available and contains text" + else + LogText "Result: ${ROOTDIR}COPYRIGHT available, but empty" fi - else - Display --indent 2 --text "- /COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE - LogText "Result: /COPYRIGHT not found" + else + Display --indent 2 --text "- ${ROOTDIR}COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE + LogText "Result: ${ROOTDIR}COPYRIGHT not found" fi - if [ -f /etc/COPYRIGHT ]; then - Display --indent 2 --text "- /etc/COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN - if [ -s /etc/COPYRIGHT ]; then - LogText "Result: /etc/COPYRIGHT available and contains text" - else - LogText "Result: /etc/COPYRIGHT available, but empty" + if [ -f ${ROOTDIR}etc/COPYRIGHT ]; then + Display --indent 2 --text "- ${ROOTDIR}etc/COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN + if [ -s ${ROOTDIR}etc/COPYRIGHT ]; then + LogText "Result: ${ROOTDIR}etc/COPYRIGHT available and contains text" + else + LogText "Result: ${ROOTDIR}etc/COPYRIGHT available, but empty" fi - else - Display --indent 2 --text "- /etc/COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE - LogText "Result: /etc/COPYRIGHT not found" + else + Display --indent 2 --text "- ${ROOTDIR}etc/COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE + LogText "Result: ${ROOTDIR}etc/COPYRIGHT not found" fi fi # ################################################################################# # - # Test : BANN-7119 - # Description : Check MOTD banner file - #Register --test-no BANN-7119 --weight L --network NO --category security --description "Check MOTD banner file" - #if [ ${SKIPTEST} -eq 0 ]; then - # LogText "Test: Testing existence /etc/motd" - # if [ -f /etc/motd ]; then - # LogText "Result: file /etc/motd exists" - # Display --indent 2 --text "- /etc/motd" --result "${STATUS_FOUND}" --color GREEN - # if [ ! -L /etc/motd ]; then - # if IsWorldWritable /etc/motd; then - # Display --indent 4 --text "- /etc/motd permissions" --result "${STATUS_WARNING}" --color RED - # LogText "Result: /etc/motd is world writable. Users can change this file!" - # ReportWarning ${TEST_NO} "/etc/motd is world writable" - # else - # Display --indent 4 --text "- /etc/motd permissions" --result "${STATUS_OK}" --color GREEN - # LogText "Result: /etc/motd is not world writable." - # fi - # else - # LogText "Result: file /etc/motd is symlink" - # fi - # else - # LogText "Result: File /etc/motd not found" - # Display --indent 2 --text "- /etc/motd" --result "${STATUS_NOT_FOUND}" --color WHITE - # fi - #fi -# -################################################################################# -# - # Test : BANN-7122 - # Description : Check motd file to see if it contains some form of message - # to discourage unauthorized users to leave the system alone - #if [ -f /etc/motd -a ! -L /etc/motd ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - #Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check /etc/motd banner file contents" - #if [ ${SKIPTEST} -eq 0 ]; then - # N=0 - # LogText "Test: Checking file /etc/motd contents for legal key words" - # for I in ${LEGAL_BANNER_STRINGS}; do - # FIND=$(${GREPBINARY} -i "${I}" /etc/motd) - # if [ ! "${FIND}" = "" ]; then - # LogText "Result: found string '${I}'" - # N=$((N + 1)) - # fi - # done - # # Check if we have 5 or more key words - # if [ ${N} -gt 4 ]; then - # LogText "Result: Found ${N} key words, to warn unauthorized users" - # Display --indent 4 --text "- /etc/motd contents" --result "${STATUS_OK}" --color GREEN - # AddHP 2 2 - # else - # LogText "Result: Found only ${N} key words, to warn unauthorized users and could be increased" - # Display --indent 4 --text "- /etc/motd contents" --result WEAK --color YELLOW - # ReportSuggestion ${TEST_NO} "Add legal banner to /etc/motd, to warn unauthorized users" - # AddHP 0 1 - # fi - #fi -# -################################################################################# -# # Test : BANN-7124 # Description : Check issue banner file Register --test-no BANN-7124 --weight L --network NO --category security --description "Check issue banner file" if [ ${SKIPTEST} -eq 0 ]; then - LogText "Test: Checking file /etc/issue" - if [ -f /etc/issue ]; then + LogText "Test: Checking file ${ROOTDIR}etc/issue" + if [ -f ${ROOTDIR}etc/issue ]; then # Check for symlink - if [ -L /etc/issue ]; then - LogText "Result: file /etc/issue exists (symlink)" - Display --indent 2 --text "- /etc/issue" --result SYMLINK --color GREEN - else - Display --indent 2 --text "- /etc/issue" --result "${STATUS_FOUND}" --color GREEN + if [ -L ${ROOTDIR}etc/issue ]; then + LogText "Result: file ${ROOTDIR}etc/issue exists (symlink)" + Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result SYMLINK --color GREEN + else + Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result "${STATUS_FOUND}" --color GREEN fi - else - LogText "Result: file /etc/issue does not exist" - Display --indent 2 --text "- /etc/issue" --result "${STATUS_NOT_FOUND}" --color WHITE - fi + else + LogText "Result: file ${ROOTDIR}etc/issue does not exist" + Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result "${STATUS_NOT_FOUND}" --color WHITE + fi fi # ################################################################################# @@ -145,26 +87,26 @@ # Test : BANN-7126 # Description : Check issue file to see if it contains some form of message # to discourage unauthorized users to leave the system alone - if [ -f /etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ -f ${ROOTDIR}etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue banner file contents" if [ ${SKIPTEST} -eq 0 ]; then - N=0 + COUNT=0 FILE="${ROOTDIR}etc/issue" LogText "Test: Checking file ${FILE} contents for legal key words" - for I in ${LEGAL_BANNER_STRINGS}; do - FIND=$(${GREPBINARY} -i "${I}" ${FILE}) - if [ ! -z "${FIND}" ]; then - LogText "Result: found string '${I}'" - N=$((N + 1)) + for ITEM in ${LEGAL_BANNER_STRINGS}; do + FIND=$(${GREPBINARY} -i "${ITEM}" ${FILE}) + if HasData "${FIND}"; then + LogText "Result: found string '${ITEM}'" + COUNT=$((COUNT + 1)) fi done # Check if we have 5 or more key words - if [ ${N} -gt 4 ]; then - LogText "Result: Found ${N} key words (5 or more suggested), to warn unauthorized users" + if [ ${COUNT} -gt 4 ]; then + LogText "Result: Found ${COUNT} key words (5 or more suggested), to warn unauthorized users" Display --indent 4 --text "- ${FILE} contents" --result "${STATUS_OK}" --color GREEN AddHP 2 2 - else - LogText "Result: Found only ${N} key words (5 or more suggested), to warn unauthorized users and could be increased" + else + LogText "Result: Found only ${COUNT} key words (5 or more suggested), to warn unauthorized users and could be increased" Display --indent 4 --text "- ${FILE} contents" --result WEAK --color YELLOW ReportSuggestion ${TEST_NO} "Add a legal banner to ${FILE}, to warn unauthorized users" AddHP 0 1 @@ -178,19 +120,19 @@ # Description : Check issue.net banner file Register --test-no BANN-7128 --weight L --network NO --category security --description "Check issue.net banner file" if [ ${SKIPTEST} -eq 0 ]; then - LogText "Test: Checking file /etc/issue.net" - if [ -f /etc/issue.net ]; then + LogText "Test: Checking file ${ROOTDIR}etc/issue.net" + if [ -f ${ROOTDIR}etc/issue.net ]; then # Check for symlink - if [ -L /etc/issue.net ]; then - LogText "Result: file /etc/issue.net exists (symlink)" - Display --indent 2 --text "- /etc/issue.net" --result SYMLINK --color GREEN - else - LogText "Result: file /etc/issue.net exists" - Display --indent 2 --text "- /etc/issue.net" --result "${STATUS_FOUND}" --color GREEN + if [ -L ${ROOTDIR}etc/issue.net ]; then + LogText "Result: file ${ROOTDIR}etc/issue.net exists (symlink)" + Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result SYMLINK --color GREEN + else + LogText "Result: file ${ROOTDIR}etc/issue.net exists" + Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result "${STATUS_FOUND}" --color GREEN fi - else - LogText "Result: file /etc/issue.net does not exist" - Display --indent 2 --text "- /etc/issue.net" --result "${STATUS_NOT_FOUND}" --color WHITE + else + LogText "Result: file ${ROOTDIR}etc/issue.net does not exist" + Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result "${STATUS_NOT_FOUND}" --color WHITE fi fi # @@ -199,26 +141,26 @@ # Test : BANN-7130 # Description : Check issue.net file to see if it contains some form of message # to discourage unauthorized users to leave the system alone - if [ -f /etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ -f ${ROOTDIR}etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue.net banner file contents" if [ ${SKIPTEST} -eq 0 ]; then - N=0 - LogText "Test: Checking file /etc/issue.net contents for legal key words" - for I in ${LEGAL_BANNER_STRINGS}; do - FIND=$(${GREPBINARY} -i "${I}" /etc/issue.net) - if [ ! "${FIND}" = "" ]; then - LogText "Result: found string '${I}'" - N=$((N + 1)) + COUNT=0 + LogText "Test: Checking file ${ROOTDIR}etc/issue.net contents for legal key words" + for ITEM in ${LEGAL_BANNER_STRINGS}; do + FIND=$(${GREPBINARY} -i "${ITEM}" ${ROOTDIR}etc/issue.net) + if HasData "${FIND}"; then + LogText "Result: found string '${ITEM}'" + COUNT=$((COUNT + 1)) fi done # Check if we have 5 or more key words - if [ ${N} -gt 4 ]; then - LogText "Result: Found ${N} key words, to warn unauthorized users" - Display --indent 4 --text "- /etc/issue.net contents" --result "${STATUS_OK}" --color GREEN + if [ ${COUNT} -gt 4 ]; then + LogText "Result: Found ${COUNT} key words, to warn unauthorized users" + Display --indent 4 --text "- ${ROOTDIR}etc/issue.net contents" --result "${STATUS_OK}" --color GREEN AddHP 2 2 - else - LogText "Result: Found only ${N} key words, to warn unauthorized users and could be increased" - Display --indent 4 --text "- /etc/issue.net contents" --result WEAK --color YELLOW + else + LogText "Result: Found only ${COUNT} key words, to warn unauthorized users and could be increased" + Display --indent 4 --text "- ${ROOTDIR}etc/issue.net contents" --result WEAK --color YELLOW ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users" AddHP 0 1 fi |