diff options
author | mboelen <michael@cisofy.com> | 2015-05-18 00:01:38 +0300 |
---|---|---|
committer | mboelen <michael@cisofy.com> | 2015-05-18 00:01:38 +0300 |
commit | 46f9a3dec8a6c6f5cd93ea79b95a208dabc61794 (patch) | |
tree | b2a692305dc21d2b7fb6c4d6ca490da691070429 /include/tests_file_integrity | |
parent | 283e198c231df3b6535414197ba1e592dba0a8e8 (diff) |
Log file integrity monitoring tool, adding support for lfd (CSF) tool
Diffstat (limited to 'include/tests_file_integrity')
-rw-r--r-- | include/tests_file_integrity | 65 |
1 files changed, 60 insertions, 5 deletions
diff --git a/include/tests_file_integrity b/include/tests_file_integrity index d5d7ef1e..0fe987c5 100644 --- a/include/tests_file_integrity +++ b/include/tests_file_integrity @@ -14,6 +14,8 @@ # ################################################################################# # + CSF_CONFIG="/etc/csf/csf.conf" + FILE_INT_TOOL="" FILE_INT_TOOL_FOUND=0 # Boolean, file integrity tool found # ################################################################################# @@ -30,11 +32,11 @@ logtext "Test: Checking AFICK binary" if [ ! "${AFICKBINARY}" = "" ]; then logtext "Result: AFICK is installed (${AFICKBINARY})" + FILE_INT_TOOL="afick" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- AFICK" --result FOUND --color GREEN else logtext "Result: AFICK is not installed" - Display --indent 4 --text "- AFICK" --result "NOT FOUND" --color WHITE fi fi # @@ -47,11 +49,11 @@ logtext "Test: Checking AIDE binary" if [ ! "${AIDEBINARY}" = "" ]; then logtext "Result: AIDE is installed (${AIDEBINARY})" + FILE_INT_TOOL="aide" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- AIDE" --result FOUND --color GREEN else logtext "Result: AIDE is not installed" - Display --indent 4 --text "- AIDE" --result "NOT FOUND" --color WHITE fi fi # @@ -119,11 +121,11 @@ logtext "Test: Checking Osiris binary" if [ ! "${OSIRISBINARY}" = "" ]; then logtext "Result: Osiris is installed (${OSIRISBINARY})" + FILE_INT_TOOL="osiris" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- Osiris" --result FOUND --color GREEN else logtext "Result: Osiris is not installed" - Display --indent 4 --text "- Osiris" --result "NOT FOUND" --color WHITE fi fi # @@ -136,11 +138,11 @@ logtext "Test: Checking Samhain binary" if [ ! "${SAMHAINBINARY}" = "" ]; then logtext "Result: Samhain is installed (${SAMHAINBINARY})" + FILE_INT_TOOL="samhain" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- Samhain" --result FOUND --color GREEN else logtext "Result: Samhain is not installed" - Display --indent 4 --text "- Samhain" --result "NOT FOUND" --color WHITE fi fi # @@ -153,6 +155,7 @@ logtext "Test: Checking Tripwire binary" if [ ! "${TRIPWIREBINARY}" = "" ]; then logtext "Result: Tripwire is installed (${TRIPWIREBINARY})" + FILE_INT_TOOL="tripwire" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- Tripwire" --result FOUND --color GREEN else @@ -170,10 +173,13 @@ logtext "Test: Checking if OSSEC syscheck daemon is running" IsRunning ossec-syscheckd if [ ${RUNNING} -eq 1 ]; then + logtext "Result: syscheck (OSSEC) installed" + FILE_INT_TOOL="ossec-syscheck" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- OSSEC (syscheck)" --result FOUND --color GREEN else Display --indent 4 --text "- OSSEC (syscheck)" --result "NOT FOUND" --color WHITE + logtext "Result: syscheck (OSSEC) not installed" fi fi # @@ -187,11 +193,59 @@ logtext "Test: Checking mtree binary" if [ ! "${MTREEBINARY}" = "" ]; then logtext "Result: mtree is installed (${MTREEBINARY})" + FILE_INT_TOOL="mtree" FILE_INT_TOOL_FOUND=1 Display --indent 4 --text "- mtree" --result FOUND --color GREEN else logtext "Result: mtree is not installed" - Display --indent 4 --text "- mtree" --result "NOT FOUND" --color WHITE + fi + fi +# +################################################################################# +# + # Test : FINT-4334 + # Description : Check if LFD is used (part of CSF suite) + if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no FINT-4334 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check lfd daemon status" + if [ ${SKIPTEST} -eq 0 ]; then + Display --indent 4 --text "- lfd (CSF)" --result FOUND --color GREEN + IsRunning 'lfd ' + if [ ${RUNNING} -eq 1 ]; then + logtext "Result: lfd daemon is running (CSF)" + Display --indent 6 --text "- Daemon status" --result RUNNING --color GREEN + FILE_INT_TOOL="csf-lfd" + FILE_INT_TOOL_FOUND=1 + else + Display --indent 6 --text "- Daemon status" --result "NOT RUNNING" --color YELLOW + fi + fi + # Test : FINT-4336 + # Description : Check if LFD is enabled (part of CSF suite) + if [ -f ${CSF_CONFIG} ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no FINT-4336 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check lfd configuration status" + if [ ${SKIPTEST} -eq 0 ]; then + # LFD configuration parameters + ENABLED=`grep "^LF_DAEMON = \"1\"" ${CSF_CONFIG}` + if [ ! "${ENABLED}" = "" ]; then + logtext "Result: lfd service is configured to run" + Display --indent 6 --text "- Configuration status" --result ENABLED --color GREEN + else + logtext "Result: lfd service is configured NOT to run" + Display --indent 6 --text "- Configuration status" --result DISABLED --color YELLOW + fi + ENABLED=`grep "^LF_DIRWATCH =" ${CSF_CONFIG} | awk '{ print $3 }' | sed 's/\"//g'` + if [ ! "${ENABLED}" = "0" -a ! "${ENABLED}" = "" ]; then + logtext "Result: lfd directory watching is enabled (value: ${ENABLED})" + Display --indent 6 --text "- Temporary directory watches" --result ENABLED --color GREEN + else + logtext "Result: lfd directory watching is disabled" + Display --indent 6 --text "- Temporary directory watches" --result DISABLED --color YELLOW + fi + ENABLED=`grep "^LF_DIRWATCH_FILE =" ${CSF_CONFIG} | awk '{ print $3 }' | sed 's/\"//g'` + if [ ! "${ENABLED}" = "0" -a ! "${ENABLED}" = "" ]; then + Display --indent 6 --text "- Directory/File watches" --result ENABLED --color GREEN + else + Display --indent 6 --text "- Directory/File watches" --result DISABLED --color YELLOW fi fi # @@ -217,6 +271,7 @@ ################################################################################# # +report "file_integrity_tool=${FILE_INT_TOOL}" report "file_integrity_tool_installed=${FILE_INT_TOOL_FOUND}" wait_for_keypress |