diff options
author | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-30 13:06:30 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2016-07-30 13:06:30 +0300 |
commit | f1dc6be5bfea3bb3bb5608741b131d89db65d02f (patch) | |
tree | c1eedb9e0d9efb9eca8931642d2f97eb5c74890f /include/tests_tooling | |
parent | 8a95b49913f8d4a1b54ab71023be0e03c0ff5b3f (diff) |
Start of refactor fail2ban tests and splitting them into different test areas
Diffstat (limited to 'include/tests_tooling')
-rw-r--r-- | include/tests_tooling | 192 |
1 files changed, 108 insertions, 84 deletions
diff --git a/include/tests_tooling b/include/tests_tooling index cdce5e6e..eb5c54c7 100644 --- a/include/tests_tooling +++ b/include/tests_tooling @@ -30,6 +30,7 @@ FAIL2BAN_FOUND=0 FAIL2BAN_EMAIL=0 FAIL2BAN_SILENT=0 + PERFORM_FAIL2BAN_TESTS=0 # ################################################################################# # @@ -181,102 +182,125 @@ # Continue if tooling is available and configuration file found if [ ${FAIL2BAN_FOUND} -eq 1 -a ! "${FAIL2BAN_CONFIG}" = "" ]; then - - LogText "Result: found configuration file (${FAIL2BAN_CONFIG})" - - # Check email alert configuration - LogText "Test: checking for email actions within ${FAIL2BAN_CONFIG}" - - FIND=`egrep "^action = \%\(action_m.*\)s" ${FAIL2BAN_CONFIG}` - FIND2=`egrep "^action = \%\(action_\)s" ${FAIL2BAN_CONFIG}` - - if [ ! "${FIND}" = "" ]; then - FAIL2BAN_EMAIL=1 - LogText "Result: found at least one jail which sends an email alert" - fi - - if [ ! "${FIND2}" = "" ]; then - FAIL2BAN_SILENT=1 - LogText "Result: found at least one jail which does NOT send an email alert" - fi - - if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then - LogText "No registered actions found in ${FAIL2BAN_CONFIG}" - Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color RED - ReportWarning "${TEST_NO}" "M" "${FAIL2BAN_CONFIG}" "There are no actions configured for Fail2ban." - AddHP 0 3 - fi - - if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then - LogText "All actions in ${FAIL2BAN_CONFIG} are configured to send email alerts" - Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_OK}" --color GREEN - AddHP 3 3 - fi - - if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then - LogText "Some actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts" - Display --indent 4 --text "- Checking Fail2ban actions" --result PARTIAL --color YELLOW - ReportSuggestion "${TEST_NO}" "Some Fail2ban jails are configured with non-notified actions. Consider changing these to emailed alerts." - AddHP 2 3 - fi - - if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then - LogText "None of the actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts" - Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color YELLOW - ReportSuggestion "${TEST_NO}" "None of the Fail2ban jails are configured to send email notifications. Consider changing these to emailed alerts." - AddHP 1 3 - fi - - # Check at least one enabled jail - LogText "Checking for enabled jails within ${FAIL2BAN_CONFIG}" - - FIND=`egrep "^enabled\s*=\s*true" ${FAIL2BAN_CONFIG}` - if [ ! "${FIND}" = "" ]; then - LogText "Result: found at least one enabled jail" - Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_ENABLED}" --color GREEN - AddHP 3 3 - else - LogText "Result: Fail2ban installed but completely disabled" - Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_DISABLED}" --color RED - AddHP 0 3 - ReportWarning "${TEST_NO}" "M" "All jails in Fail2ban are disabled" "${FAIL2BAN_CONFIG}" - fi - - # Confirm at least one iptables chain for fail2ban - - LogText "Checking for fail2ban iptables chains" - - if [ ! "${IPTABLESBINARY}" = "" ]; then - CHECK_CHAINS=`${IPTABLESBINARY} -L 2>&1 | grep fail2ban` - if [ ! "${CHECK_CHAINS}" = "" ]; then - LogText "Result: found at least one iptables chain for fail2ban" - Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_OK}" --color GREEN - else - LogText "Result: Fail2ban installed but iptables chain not present - fail2ban will not work" - Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED - AddHP 0 3 - ReportSuggestion "${TEST_NO}" "M" "Check config to see why iptables does not have a fail2ban chain" "${FAIL2BAN_CONFIG}" - fi - else - Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED - ReportSuggestion "${TEST_NO}" "H" "iptables doesn't seem to be installed; Fail2ban will not work. Remove Fail2ban or install iptables" "${FAIL2BAN_CONFIG}" - fi + Report "fail2ban_config=${FAIL2BAN_CONFIG}" + FAIL2BANCLIENT=$(which fail2ban-client 2> /dev/null) + if [ ! -z "${FAIL2BANCLIENT}" ]; then PERFORM_FAIL2BAN_TESTS=1; fi + fi + fi +# +################################################################################# +# + # Test : TOOL-5104 + # Description : Check for Fail2ban enabled tests + if [ ${PERFORM_FAIL2BAN_TESTS} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no TOOL-5104 --weight L --network NO --preqs-met ${PREQS_MET} --category security --description "Enabled tests in Fail2ban" + if [ ${SKIPTEST} -eq 0 ]; then + FIND=$(${FAIL2BANCLIENT} -d | tr -d '[]' | tr -d "'" | awk -F, '{ if ($1=="add") { print $2 }}' | tr -d ' ') + if [ ! "${FIND}" = "" ]; then + for F2BSERVICE in ${FIND}; do + LogText "Result: service '${F2BSERVICE}' enabled" + Report "fail2ban_enabled_service[]=${F2BSERVICE}" + done + LogText "Result: found at least one enabled jail" + Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_ENABLED}" --color GREEN + AddHP 3 3 + else + LogText "Result: Fail2ban installed but completely disabled" + Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_DISABLED}" --color RED + AddHP 0 5 + ReportWarning "${TEST_NO}" "All jails in Fail2ban are disabled" "${FAIL2BAN_CONFIG}" fi fi # ################################################################################# # + # These tests are temporarily disabled to split them up in different areas to check + # + # LogText "Result: found configuration file (${FAIL2BAN_CONFIG})" + # + # # Check email alert configuration + # LogText "Test: checking for email actions within ${FAIL2BAN_CONFIG}" + # + # FIND=`egrep "^action = \%\(action_m.*\)s" ${FAIL2BAN_CONFIG}` + # FIND2=`egrep "^action = \%\(action_\)s" ${FAIL2BAN_CONFIG}` + # + # if [ ! "${FIND}" = "" ]; then + # FAIL2BAN_EMAIL=1 + # LogText "Result: found at least one jail which sends an email alert" + # fi + # + # if [ ! "${FIND2}" = "" ]; then + # FAIL2BAN_SILENT=1 + # LogText "Result: found at least one jail which does NOT send an email alert" + # fi + # + # if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then + # LogText "No registered actions found in ${FAIL2BAN_CONFIG}" + # Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color RED + # ReportWarning "${TEST_NO}" "${FAIL2BAN_CONFIG}" "There are no actions configured for Fail2ban." + # AddHP 0 3 + # fi + # + # if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then + # LogText "All actions in ${FAIL2BAN_CONFIG} are configured to send email alerts" + # Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_OK}" --color GREEN + # AddHP 3 3 + # fi + # + # if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then + # LogText "Some actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts" + # Display --indent 4 --text "- Checking Fail2ban actions" --result PARTIAL --color YELLOW + # ReportSuggestion "${TEST_NO}" "Some Fail2ban jails are configured with non-notified actions. Consider changing these to emailed alerts." + # AddHP 2 3 + # fi + # + # if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then + # LogText "None of the actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts" + # Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color YELLOW + # ReportSuggestion "${TEST_NO}" "None of the Fail2ban jails are configured to send email notifications. Consider changing these to emailed alerts." + # AddHP 1 3 + # fi + # + # # Check at least one enabled jail + # LogText "Checking for enabled jails within ${FAIL2BAN_CONFIG}" + # + # + # + # # Confirm at least one iptables chain for fail2ban + # + # LogText "Checking for fail2ban iptables chains" + # + # if [ ! "${IPTABLESBINARY}" = "" ]; then + # CHECK_CHAINS=`${IPTABLESBINARY} -L 2>&1 | grep fail2ban` + # if [ ! "${CHECK_CHAINS}" = "" ]; then + # LogText "Result: found at least one iptables chain for fail2ban" + # Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_OK}" --color GREEN + # else + # LogText "Result: Fail2ban installed but iptables chain not present - fail2ban will not work" + # Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED + # AddHP 0 3 + # ReportSuggestion "${TEST_NO}" "Check config to see why iptables does not have a fail2ban chain" "${FAIL2BAN_CONFIG}" + # fi + # else + # Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED + # ReportSuggestion "${TEST_NO}" "iptables doesn't seem to be installed; Fail2ban will not work. Remove Fail2ban or install iptables" "${FAIL2BAN_CONFIG}" + # fi + # fi + # fi +# +################################################################################# +# # Test : TOOL-5190 # Description : Check for an IDS/IPS tool - Register --test-no TOOL-5014 --weight L --network NO --category security --description "Check presence of IDS/IPS tool" + Register --test-no TOOL-5190 --weight L --network NO --category security --description "Check presence of IDS/IPS tool" if [ ${SKIPTEST} -eq 0 ]; then if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then - Display --indent 2 --text "- Checking for intrusion detection/prevention system" --result "${STATUS_FOUND}" --color GREEN + Display --indent 2 --text "- Checking for IDS/IPS tooling" --result "${STATUS_FOUND}" --color GREEN AddHP 2 2 else - Display --indent 2 --text "- Checking for intrusion detection/prevention system" --result "${STATUS_NONE}" --color YELLOW - #ReportSuggestion ${TEST_NO} "Ensure that automatic intrusion detection/prevention tools are installed" + Display --indent 2 --text "- Checking for IDS/IPS tooling" --result "${STATUS_NONE}" --color YELLOW + #ReportSuggestion ${TEST_NO} "Install and configure automated intrusion detection/prevention tools" AddHP 0 2 fi fi |