Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_tooling
diff options
context:
space:
mode:
authorMichael Boelen <michael.boelen@cisofy.com>2016-07-30 13:06:30 +0300
committerMichael Boelen <michael.boelen@cisofy.com>2016-07-30 13:06:30 +0300
commitf1dc6be5bfea3bb3bb5608741b131d89db65d02f (patch)
treec1eedb9e0d9efb9eca8931642d2f97eb5c74890f /include/tests_tooling
parent8a95b49913f8d4a1b54ab71023be0e03c0ff5b3f (diff)
Start of refactor fail2ban tests and splitting them into different test areas
Diffstat (limited to 'include/tests_tooling')
-rw-r--r--include/tests_tooling192
1 files changed, 108 insertions, 84 deletions
diff --git a/include/tests_tooling b/include/tests_tooling
index cdce5e6e..eb5c54c7 100644
--- a/include/tests_tooling
+++ b/include/tests_tooling
@@ -30,6 +30,7 @@
FAIL2BAN_FOUND=0
FAIL2BAN_EMAIL=0
FAIL2BAN_SILENT=0
+ PERFORM_FAIL2BAN_TESTS=0
#
#################################################################################
#
@@ -181,102 +182,125 @@
# Continue if tooling is available and configuration file found
if [ ${FAIL2BAN_FOUND} -eq 1 -a ! "${FAIL2BAN_CONFIG}" = "" ]; then
-
- LogText "Result: found configuration file (${FAIL2BAN_CONFIG})"
-
- # Check email alert configuration
- LogText "Test: checking for email actions within ${FAIL2BAN_CONFIG}"
-
- FIND=`egrep "^action = \%\(action_m.*\)s" ${FAIL2BAN_CONFIG}`
- FIND2=`egrep "^action = \%\(action_\)s" ${FAIL2BAN_CONFIG}`
-
- if [ ! "${FIND}" = "" ]; then
- FAIL2BAN_EMAIL=1
- LogText "Result: found at least one jail which sends an email alert"
- fi
-
- if [ ! "${FIND2}" = "" ]; then
- FAIL2BAN_SILENT=1
- LogText "Result: found at least one jail which does NOT send an email alert"
- fi
-
- if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
- LogText "No registered actions found in ${FAIL2BAN_CONFIG}"
- Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color RED
- ReportWarning "${TEST_NO}" "M" "${FAIL2BAN_CONFIG}" "There are no actions configured for Fail2ban."
- AddHP 0 3
- fi
-
- if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
- LogText "All actions in ${FAIL2BAN_CONFIG} are configured to send email alerts"
- Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_OK}" --color GREEN
- AddHP 3 3
- fi
-
- if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
- LogText "Some actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
- Display --indent 4 --text "- Checking Fail2ban actions" --result PARTIAL --color YELLOW
- ReportSuggestion "${TEST_NO}" "Some Fail2ban jails are configured with non-notified actions. Consider changing these to emailed alerts."
- AddHP 2 3
- fi
-
- if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
- LogText "None of the actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
- Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color YELLOW
- ReportSuggestion "${TEST_NO}" "None of the Fail2ban jails are configured to send email notifications. Consider changing these to emailed alerts."
- AddHP 1 3
- fi
-
- # Check at least one enabled jail
- LogText "Checking for enabled jails within ${FAIL2BAN_CONFIG}"
-
- FIND=`egrep "^enabled\s*=\s*true" ${FAIL2BAN_CONFIG}`
- if [ ! "${FIND}" = "" ]; then
- LogText "Result: found at least one enabled jail"
- Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_ENABLED}" --color GREEN
- AddHP 3 3
- else
- LogText "Result: Fail2ban installed but completely disabled"
- Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_DISABLED}" --color RED
- AddHP 0 3
- ReportWarning "${TEST_NO}" "M" "All jails in Fail2ban are disabled" "${FAIL2BAN_CONFIG}"
- fi
-
- # Confirm at least one iptables chain for fail2ban
-
- LogText "Checking for fail2ban iptables chains"
-
- if [ ! "${IPTABLESBINARY}" = "" ]; then
- CHECK_CHAINS=`${IPTABLESBINARY} -L 2>&1 | grep fail2ban`
- if [ ! "${CHECK_CHAINS}" = "" ]; then
- LogText "Result: found at least one iptables chain for fail2ban"
- Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_OK}" --color GREEN
- else
- LogText "Result: Fail2ban installed but iptables chain not present - fail2ban will not work"
- Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED
- AddHP 0 3
- ReportSuggestion "${TEST_NO}" "M" "Check config to see why iptables does not have a fail2ban chain" "${FAIL2BAN_CONFIG}"
- fi
- else
- Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED
- ReportSuggestion "${TEST_NO}" "H" "iptables doesn't seem to be installed; Fail2ban will not work. Remove Fail2ban or install iptables" "${FAIL2BAN_CONFIG}"
- fi
+ Report "fail2ban_config=${FAIL2BAN_CONFIG}"
+ FAIL2BANCLIENT=$(which fail2ban-client 2> /dev/null)
+ if [ ! -z "${FAIL2BANCLIENT}" ]; then PERFORM_FAIL2BAN_TESTS=1; fi
+ fi
+ fi
+#
+#################################################################################
+#
+ # Test : TOOL-5104
+ # Description : Check for Fail2ban enabled tests
+ if [ ${PERFORM_FAIL2BAN_TESTS} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+ Register --test-no TOOL-5104 --weight L --network NO --preqs-met ${PREQS_MET} --category security --description "Enabled tests in Fail2ban"
+ if [ ${SKIPTEST} -eq 0 ]; then
+ FIND=$(${FAIL2BANCLIENT} -d | tr -d '[]' | tr -d "'" | awk -F, '{ if ($1=="add") { print $2 }}' | tr -d ' ')
+ if [ ! "${FIND}" = "" ]; then
+ for F2BSERVICE in ${FIND}; do
+ LogText "Result: service '${F2BSERVICE}' enabled"
+ Report "fail2ban_enabled_service[]=${F2BSERVICE}"
+ done
+ LogText "Result: found at least one enabled jail"
+ Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_ENABLED}" --color GREEN
+ AddHP 3 3
+ else
+ LogText "Result: Fail2ban installed but completely disabled"
+ Display --indent 4 --text "- Checking Fail2ban jails" --result "${STATUS_DISABLED}" --color RED
+ AddHP 0 5
+ ReportWarning "${TEST_NO}" "All jails in Fail2ban are disabled" "${FAIL2BAN_CONFIG}"
fi
fi
#
#################################################################################
#
+ # These tests are temporarily disabled to split them up in different areas to check
+ #
+ # LogText "Result: found configuration file (${FAIL2BAN_CONFIG})"
+ #
+ # # Check email alert configuration
+ # LogText "Test: checking for email actions within ${FAIL2BAN_CONFIG}"
+ #
+ # FIND=`egrep "^action = \%\(action_m.*\)s" ${FAIL2BAN_CONFIG}`
+ # FIND2=`egrep "^action = \%\(action_\)s" ${FAIL2BAN_CONFIG}`
+ #
+ # if [ ! "${FIND}" = "" ]; then
+ # FAIL2BAN_EMAIL=1
+ # LogText "Result: found at least one jail which sends an email alert"
+ # fi
+ #
+ # if [ ! "${FIND2}" = "" ]; then
+ # FAIL2BAN_SILENT=1
+ # LogText "Result: found at least one jail which does NOT send an email alert"
+ # fi
+ #
+ # if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
+ # LogText "No registered actions found in ${FAIL2BAN_CONFIG}"
+ # Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color RED
+ # ReportWarning "${TEST_NO}" "${FAIL2BAN_CONFIG}" "There are no actions configured for Fail2ban."
+ # AddHP 0 3
+ # fi
+ #
+ # if [ ${FAIL2BAN_SILENT} -eq 0 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
+ # LogText "All actions in ${FAIL2BAN_CONFIG} are configured to send email alerts"
+ # Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_OK}" --color GREEN
+ # AddHP 3 3
+ # fi
+ #
+ # if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 1 ]; then
+ # LogText "Some actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
+ # Display --indent 4 --text "- Checking Fail2ban actions" --result PARTIAL --color YELLOW
+ # ReportSuggestion "${TEST_NO}" "Some Fail2ban jails are configured with non-notified actions. Consider changing these to emailed alerts."
+ # AddHP 2 3
+ # fi
+ #
+ # if [ ${FAIL2BAN_SILENT} -eq 1 ] && [ ${FAIL2BAN_EMAIL} -eq 0 ]; then
+ # LogText "None of the actions found in ${FAIL2BAN_CONFIG} are configured to send email alerts"
+ # Display --indent 4 --text "- Checking Fail2ban actions" --result "${STATUS_NONE}" --color YELLOW
+ # ReportSuggestion "${TEST_NO}" "None of the Fail2ban jails are configured to send email notifications. Consider changing these to emailed alerts."
+ # AddHP 1 3
+ # fi
+ #
+ # # Check at least one enabled jail
+ # LogText "Checking for enabled jails within ${FAIL2BAN_CONFIG}"
+ #
+ #
+ #
+ # # Confirm at least one iptables chain for fail2ban
+ #
+ # LogText "Checking for fail2ban iptables chains"
+ #
+ # if [ ! "${IPTABLESBINARY}" = "" ]; then
+ # CHECK_CHAINS=`${IPTABLESBINARY} -L 2>&1 | grep fail2ban`
+ # if [ ! "${CHECK_CHAINS}" = "" ]; then
+ # LogText "Result: found at least one iptables chain for fail2ban"
+ # Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_OK}" --color GREEN
+ # else
+ # LogText "Result: Fail2ban installed but iptables chain not present - fail2ban will not work"
+ # Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED
+ # AddHP 0 3
+ # ReportSuggestion "${TEST_NO}" "Check config to see why iptables does not have a fail2ban chain" "${FAIL2BAN_CONFIG}"
+ # fi
+ # else
+ # Display --indent 4 --text "- Checking for Fail2ban iptables chain" --result "${STATUS_WARNING}" --color RED
+ # ReportSuggestion "${TEST_NO}" "iptables doesn't seem to be installed; Fail2ban will not work. Remove Fail2ban or install iptables" "${FAIL2BAN_CONFIG}"
+ # fi
+ # fi
+ # fi
+#
+#################################################################################
+#
# Test : TOOL-5190
# Description : Check for an IDS/IPS tool
- Register --test-no TOOL-5014 --weight L --network NO --category security --description "Check presence of IDS/IPS tool"
+ Register --test-no TOOL-5190 --weight L --network NO --category security --description "Check presence of IDS/IPS tool"
if [ ${SKIPTEST} -eq 0 ]; then
if [ ${IDS_IPS_TOOL_FOUND} -eq 1 ]; then
- Display --indent 2 --text "- Checking for intrusion detection/prevention system" --result "${STATUS_FOUND}" --color GREEN
+ Display --indent 2 --text "- Checking for IDS/IPS tooling" --result "${STATUS_FOUND}" --color GREEN
AddHP 2 2
else
- Display --indent 2 --text "- Checking for intrusion detection/prevention system" --result "${STATUS_NONE}" --color YELLOW
- #ReportSuggestion ${TEST_NO} "Ensure that automatic intrusion detection/prevention tools are installed"
+ Display --indent 2 --text "- Checking for IDS/IPS tooling" --result "${STATUS_NONE}" --color YELLOW
+ #ReportSuggestion ${TEST_NO} "Install and configure automated intrusion detection/prevention tools"
AddHP 0 2
fi
fi
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 10:53:06 +0300