diff options
-rw-r--r-- | CHANGELOG.md | 1 | ||||
-rw-r--r-- | db/tests.db | 1 | ||||
-rw-r--r-- | include/tests_tooling | 27 |
3 files changed, 29 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 69123178..8f930e8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ ### Added - AUTH-9284 - Scan for locked user accounts in /etc/passwd +- TOOL-5130 - Check for active Suricata daemon - Detection of Flatcar, Mageia, ROSA Linux, SLES (extended), Void Linux, Zorin OS - Alpine, macOS and Mageia EOL dates diff --git a/db/tests.db b/db/tests.db index 6efe1a1a..6513bb0b 100644 --- a/db/tests.db +++ b/db/tests.db @@ -426,6 +426,7 @@ TOOL-5102:test:security:tooling::Check for presence of Fail2ban: TOOL-5104:test:security:tooling::Enabled tests for Fail2ban: TOOL-5120:test:security:tooling::Presence of Snort IDS: TOOL-5122:test:security:tooling::Snort IDS configuration file: +TOOL-5130:test:security:tooling::Check for active Suricata daemon: TOOL-5160:test:security:tooling::Check for active OSSEC daemon: TOOL-5190:test:security:tooling::Check presence of available IDS/IPS tooling: USB-1000:test:security:storage:Linux:Check if USB storage is disabled: diff --git a/include/tests_tooling b/include/tests_tooling index 26870934..15475c61 100644 --- a/include/tests_tooling +++ b/include/tests_tooling @@ -373,6 +373,33 @@ # ################################################################################# # + # Test : TOOL-5130 + # Description : Check for Suricata + Register --test-no TOOL-5130 --weight L --network NO --category security --description "Check for active Suricata daemon" + if [ ${SKIPTEST} -eq 0 ]; then + # Suricata presence + if [ -n "${SURICATABINARY}" ]; then + Report "ids_ips_tooling[]=suricata" + LogText "Result: Suricata is installed (${SURICATABINARY})" + # Suricata status + # Suricata sets its process name to Suricata-Main on Linux, but this might differ on other platforms, + # so fall back to checking the full commandline instead if the first test fails + if IsRunning "Suricata-Main" || IsRunning --full "${SURICATABINARY} "; then + # Only satisfy test TOOL-5190 if Suricata is actually running + IDS_IPS_TOOL_FOUND=1 + LogText "Result: Suricata daemon is active" + Display --indent 2 --text "- Checking Suricata status" --result "${STATUS_RUNNING}" --color GREEN + else + LogText "Result: Suricata daemon not active" + Display --indent 2 --text "- Checking Suricata status" --result "${STATUS_NOT_RUNNING}" --color YELLOW + fi + else + LogText "Result: Suricata not installed (suricata not found)" + fi + fi +# +################################################################################# +# # Test : TOOL-5160 # Description : Check for OSSEC Register --test-no TOOL-5126 --weight L --network NO --category security --description "Check for active OSSEC daemon" |