diff options
Diffstat (limited to 'include/tests_firewalls')
-rw-r--r-- | include/tests_firewalls | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/include/tests_firewalls b/include/tests_firewalls index c6fd5d0d..59cdcd84 100644 --- a/include/tests_firewalls +++ b/include/tests_firewalls @@ -38,7 +38,7 @@ # # Test : FIRE-4502 # Description : Check iptables kernel module - Register --test-no FIRE-4502 --os Linux --weight L --network NO --description "Check iptables kernel module" + Register --test-no FIRE-4502 --os Linux --weight L --network NO --category security --description "Check iptables kernel module" if [ ${SKIPTEST} -eq 0 ]; then FIND=`${LSMODBINARY} | awk '{ print $1 }' | grep "^ip*_tables"` if [ ! "${FIND}" = "" ]; then @@ -100,7 +100,7 @@ # Description : Check iptables chain policies # Notes : Suggestions are currently disabled, until related page and documentation is available if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FIRE-4508 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --description "Check used policies of iptables chains" + Register --test-no FIRE-4508 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check used policies of iptables chains" if [ ${SKIPTEST} -eq 0 ]; then Display --indent 4 --text "- Checking iptables policies of chains" --result "${STATUS_FOUND}" --color GREEN TABLES="filter" @@ -146,7 +146,7 @@ # Test : FIRE-4512 # Description : Check iptables for empty ruleset (should have at least 10 or more rules) if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --description "Check iptables for empty ruleset" + Register --test-no FIRE-4512 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check iptables for empty ruleset" if [ ${SKIPTEST} -eq 0 ]; then FIND=`${IPTABLESBINARY} --list --numeric 2> /dev/null | egrep -v "^(Chain|target|$)" | wc -l | tr -d ' '` if [ ! "${FIND}" = "" ]; then @@ -169,7 +169,7 @@ # Test : FIRE-4513 # Description : Check iptables for unused rules if [ ! "${IPTABLESBINARY}" = "" -a ${IPTABLES_ACTIVE} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FIRE-4513 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --description "Check iptables for unused rules" + Register --test-no FIRE-4513 --preqs-met ${PREQS_MET} --os Linux --weight L --network NO --root-only YES --category security --description "Check iptables for unused rules" if [ ${SKIPTEST} -eq 0 ]; then FIND=`${IPTABLESBINARY} --list --numeric --line-numbers --verbose | awk '{ if ($2=="0") print $1 }' | xargs` if [ "${FIND}" = "" ]; then @@ -191,7 +191,7 @@ # # Test : FIRE-4518 # Description : Checking status of pf firewall components - Register --test-no FIRE-4518 --weight L --network NO --description "Check pf firewall components" + Register --test-no FIRE-4518 --weight L --network NO --category security --description "Check pf firewall components" if [ ${SKIPTEST} -eq 0 ]; then PFFOUND=0; PFLOGDFOUND=0 @@ -258,7 +258,7 @@ # Test : FIRE-4520 # Description : Check pf configuration consistency if [ ${PFFOUND} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FIRE-4520 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check pf configuration consistency" + Register --test-no FIRE-4520 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check pf configuration consistency" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check /etc/pf.conf" # Test for warnings (-n don't load the rules) @@ -289,7 +289,7 @@ # # Test : FIRE-4524 # Description : Check for CSF (ConfigServer Security & Firewall) - Register --test-no FIRE-4524 --weight L --network NO --description "Check for CSF presence" + Register --test-no FIRE-4524 --weight L --network NO --category security --description "Check for CSF presence" if [ ${SKIPTEST} -eq 0 ]; then FILE="/etc/csf/csf.conf" LogText "Test: check ${FILE}" @@ -309,7 +309,7 @@ # Test : FIRE-4526 # Description : Check ipf (Solaris) if [ ! "${IPFBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FIRE-4526 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --description "Check ipf status" + Register --test-no FIRE-4526 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check ipf status" if [ ${SKIPTEST} -eq 0 ]; then FIND=`${IPFBINARY} -n -V | grep "^Running" | awk '{ print $2 }'` if [ "${FIND}" = "yes" ]; then @@ -328,7 +328,7 @@ # # Test : FIRE-4530 # Description : Check IPFW (FreeBSD) - Register --test-no FIRE-4530 --os FreeBSD --weight L --network NO --description "Check IPFW status" + Register --test-no FIRE-4530 --os FreeBSD --weight L --network NO --category security --description "Check IPFW status" if [ ${SKIPTEST} -eq 0 ]; then if [ ! "${SYSCTLBINARY}" = "" ]; then # For now, only check for IPv4. @@ -362,7 +362,7 @@ # Test : FIRE-4532 # Description : Check Application Firewall in Mac OS X if [ -x /usr/libexec/ApplicationFirewall/socketfilterfw ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --description "Check Mac OS X application firewall" + Register --test-no FIRE-4532 --weight L --os "MacOS" --preqs-met ${PREQS_MET} --network NO --category security --description "Check Mac OS X application firewall" if [ ${SKIPTEST} -eq 0 ]; then FIND=`/usr/libexec/ApplicationFirewall/socketfilterfw --getglobalstate 2> /dev/null | grep "Firewall is enabled"` if [ ! "${FIND}" = "" ]; then @@ -383,7 +383,7 @@ # Test : FIRE-4536 # Description : Check nftables kernel module if [ ! "${NFTBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FIRE-4536 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nftables status" + Register --test-no FIRE-4536 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nftables status" if [ ${SKIPTEST} -eq 0 ]; then FIND=`${LSMODBINARY} | awk '{ print $1 }' | grep "^nf*_tables"` if [ ! "${FIND}" = "" ]; then @@ -398,7 +398,7 @@ # Test : FIRE-4538 # Description : Check nftables configuration if [ ! "${NFTBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no FIRE-4538 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --description "Check nftables basic configuration" + Register --test-no FIRE-4538 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check nftables basic configuration" if [ ${SKIPTEST} -eq 0 ]; then # Retrieve nft version NFT_VERSION=`${NFTBINARY} --version 2> /dev/null | ${AWKBINARY} '{ if ($1=="nftables") { print $2 }}' | tr -d 'v'` @@ -419,7 +419,7 @@ # # Test : FIRE-4590 # Description : Check if at least one firewall if active - Register --test-no FIRE-4590 --weight L --network NO --description "Check firewall status" + Register --test-no FIRE-4590 --weight L --network NO --category security --description "Check firewall status" if [ ${SKIPTEST} -eq 0 ]; then if [ ${FIREWALL_ACTIVE} -eq 1 ]; then Display --indent 2 --text "- Checking host based firewall" --result "ACTIVE" --color GREEN |