Log file integrity monitoring tool, adding support for lfd (CSF) tool

author: mboelen <michael@cisofy.com> 2015-05-18 00:01:38 +0300
committer: mboelen <michael@cisofy.com> 2015-05-18 00:01:38 +0300
commit: 46f9a3dec8a6c6f5cd93ea79b95a208dabc61794 (patch)
tree: b2a692305dc21d2b7fb6c4d6ca490da691070429 /include/tests_file_integrity
parent: 283e198c231df3b6535414197ba1e592dba0a8e8 (diff)
1 files changed, 60 insertions, 5 deletions
diff --git a/include/tests_file_integrity b/include/tests_file_integrity
index d5d7ef1e..0fe987c5 100644
--- a/include/tests_file_integrity
+++ b/include/tests_file_integrity
@@ -14,6 +14,8 @@
 #
 #################################################################################
 #
+    CSF_CONFIG="/etc/csf/csf.conf"
+    FILE_INT_TOOL=""
     FILE_INT_TOOL_FOUND=0     # Boolean, file integrity tool found
 #
 #################################################################################
@@ -30,11 +32,11 @@
         logtext "Test: Checking AFICK binary"
         if [ ! "${AFICKBINARY}" = "" ]; then
             logtext "Result: AFICK is installed (${AFICKBINARY})"
+            FILE_INT_TOOL="afick"
             FILE_INT_TOOL_FOUND=1
             Display --indent 4 --text "- AFICK" --result FOUND --color GREEN
           else
             logtext "Result: AFICK is not installed"
-            Display --indent 4 --text "- AFICK" --result "NOT FOUND" --color WHITE
         fi
     fi
 #
@@ -47,11 +49,11 @@
         logtext "Test: Checking AIDE binary"
         if [ ! "${AIDEBINARY}" = "" ]; then
             logtext "Result: AIDE is installed (${AIDEBINARY})"
+            FILE_INT_TOOL="aide"
             FILE_INT_TOOL_FOUND=1
             Display --indent 4 --text "- AIDE" --result FOUND --color GREEN
           else
             logtext "Result: AIDE is not installed"
-            Display --indent 4 --text "- AIDE" --result "NOT FOUND" --color WHITE
         fi
     fi
 #
@@ -119,11 +121,11 @@
         logtext "Test: Checking Osiris binary"
         if [ ! "${OSIRISBINARY}" = "" ]; then
             logtext "Result: Osiris is installed (${OSIRISBINARY})"
+            FILE_INT_TOOL="osiris"
             FILE_INT_TOOL_FOUND=1
             Display --indent 4 --text "- Osiris" --result FOUND --color GREEN
           else
             logtext "Result: Osiris is not installed"
-            Display --indent 4 --text "- Osiris" --result "NOT FOUND" --color WHITE
         fi
     fi
 #
@@ -136,11 +138,11 @@
         logtext "Test: Checking Samhain binary"
         if [ ! "${SAMHAINBINARY}" = "" ]; then
             logtext "Result: Samhain is installed (${SAMHAINBINARY})"
+            FILE_INT_TOOL="samhain"
             FILE_INT_TOOL_FOUND=1
             Display --indent 4 --text "- Samhain" --result FOUND --color GREEN
           else
             logtext "Result: Samhain is not installed"
-            Display --indent 4 --text "- Samhain" --result "NOT FOUND" --color WHITE
         fi
     fi
 #
@@ -153,6 +155,7 @@
         logtext "Test: Checking Tripwire binary"
         if [ ! "${TRIPWIREBINARY}" = "" ]; then
             logtext "Result: Tripwire is installed (${TRIPWIREBINARY})"
+            FILE_INT_TOOL="tripwire"
             FILE_INT_TOOL_FOUND=1
             Display --indent 4 --text "- Tripwire" --result FOUND --color GREEN
           else
@@ -170,10 +173,13 @@
         logtext "Test: Checking if OSSEC syscheck daemon is running"
         IsRunning ossec-syscheckd
         if [ ${RUNNING} -eq 1 ]; then
+            logtext "Result: syscheck (OSSEC) installed"
+            FILE_INT_TOOL="ossec-syscheck"
             FILE_INT_TOOL_FOUND=1
             Display --indent 4 --text "- OSSEC (syscheck)" --result FOUND --color GREEN
           else
             Display --indent 4 --text "- OSSEC (syscheck)" --result "NOT FOUND" --color WHITE
+            logtext "Result: syscheck (OSSEC) not installed"
         fi
     fi
 #
@@ -187,11 +193,59 @@
         logtext "Test: Checking mtree binary"
         if [ ! "${MTREEBINARY}" = "" ]; then
             logtext "Result: mtree is installed (${MTREEBINARY})"
+            FILE_INT_TOOL="mtree"
             FILE_INT_TOOL_FOUND=1
             Display --indent 4 --text "- mtree" --result FOUND --color GREEN
           else
             logtext "Result: mtree is not installed"
-            Display --indent 4 --text "- mtree" --result "NOT FOUND" --color WHITE
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : FINT-4334
+    # Description : Check if LFD is used (part of CSF suite)
+    if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FINT-4334 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check lfd daemon status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        Display --indent 4 --text "- lfd (CSF)" --result FOUND --color GREEN
+        IsRunning 'lfd '
+        if [ ${RUNNING} -eq 1 ]; then
+            logtext "Result: lfd daemon is running (CSF)"
+            Display --indent 6 --text "- Daemon status" --result RUNNING --color GREEN
+            FILE_INT_TOOL="csf-lfd"
+            FILE_INT_TOOL_FOUND=1
+          else
+            Display --indent 6 --text "- Daemon status" --result "NOT RUNNING" --color YELLOW
+        fi
+    fi
+    # Test        : FINT-4336
+    # Description : Check if LFD is enabled (part of CSF suite)
+    if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no FINT-4336 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check lfd configuration status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        # LFD configuration parameters
+        ENABLED=`grep "^LF_DAEMON = \"1\"" ${CSF_CONFIG}`
+        if [ ! "${ENABLED}" = "" ]; then
+            logtext "Result: lfd service is configured to run"
+            Display --indent 6 --text "- Configuration status" --result ENABLED --color GREEN
+          else
+            logtext "Result: lfd service is configured NOT to run"
+            Display --indent 6 --text "- Configuration status" --result DISABLED --color YELLOW
+        fi
+        ENABLED=`grep "^LF_DIRWATCH =" ${CSF_CONFIG} | awk '{ print $3 }' | sed 's/\"//g'`
+        if [ ! "${ENABLED}" = "0" -a ! "${ENABLED}" = "" ]; then
+            logtext "Result: lfd directory watching is enabled (value: ${ENABLED})"
+            Display --indent 6 --text "- Temporary directory watches" --result ENABLED --color GREEN
+          else
+            logtext "Result: lfd directory watching is disabled"
+            Display --indent 6 --text "- Temporary directory watches" --result DISABLED --color YELLOW
+        fi
+        ENABLED=`grep "^LF_DIRWATCH_FILE =" ${CSF_CONFIG} | awk '{ print $3 }' | sed 's/\"//g'`
+        if [ ! "${ENABLED}" = "0" -a ! "${ENABLED}" = "" ]; then
+            Display --indent 6 --text "- Directory/File watches" --result ENABLED --color GREEN
+          else
+            Display --indent 6 --text "- Directory/File watches" --result DISABLED --color YELLOW
         fi
     fi
 #
@@ -217,6 +271,7 @@
 #################################################################################
 #
 
+report "file_integrity_tool=${FILE_INT_TOOL}"
 report "file_integrity_tool_installed=${FILE_INT_TOOL_FOUND}"
 wait_for_keypress
author	mboelen <michael@cisofy.com>	2015-05-18 00:01:38 +0300
committer	mboelen <michael@cisofy.com>	2015-05-18 00:01:38 +0300
commit	46f9a3dec8a6c6f5cd93ea79b95a208dabc61794 (patch)
tree	b2a692305dc21d2b7fb6c4d6ca490da691070429 /include/tests_file_integrity
parent	283e198c231df3b6535414197ba1e592dba0a8e8 (diff)