From db419495bf8daa3bc996aeb3992e0b2ae65649a4 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Sat, 24 Sep 2016 14:49:14 +0200 Subject: Added support for arch-audit tooling --- include/binaries | 4 ++++ include/tests_ports_packages | 40 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) diff --git a/include/binaries b/include/binaries index 86037242..de9a67ec 100644 --- a/include/binaries +++ b/include/binaries @@ -83,6 +83,10 @@ afick.pl) AFICKFOUND=1; AFICKBINARY=${BINARY}; LogText " Found known binary: afick (file integrity checker) - ${BINARY}" ;; aide) AIDEFOUND=1; AIDEBINARY=${BINARY}; LogText " Found known binary: aide (file integrity checker) - ${BINARY}" ;; apache2) if [ -f ${BINARY} ]; then HTTPDFOUND=1; HTTPDBINARY=${BINARY}; LogText " Found known binary: apache2 (web server) - ${BINARY}"; fi ;; + arch-audit) + ARCH_AUDIT_BINARY="${BINARY}" + LogText " Found known binary: arch-audit (auditing utility to test for vulnerable packages) - ${BINARY}" + ;; auditd) AUDITDFOUND=1; AUDITDBINARY=${BINARY}; LogText " Found known binary: auditd (audit framework) - ${BINARY}" ;; awk) if [ -f ${BINARY} ]; then AWKFOUND=1; AWKBINARY=${BINARY}; LogText " Found known binary: awk (string tool) - ${BINARY}"; fi ;; dig) DIGFOUND=1; DIGBINARY=${BINARY}; LogText " Found known binary: dig (nameservice tool) - ${BINARY}" ;; diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 596e38f3..9cb9a3fc 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -276,6 +276,46 @@ fi # ################################################################################# +# + # Test : PKGS-7320 + # Description : Check available of arch-audit + if [ "${OSNAME}" = "Arch Linux" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux"; fi + Register --test-no PKGS-7320 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking for arch-audit tooling" + if [ ${SKIPTEST} -eq 0 ]; then + if [ -z "${ARCH_AUDIT_BINARY}" ]; then + LogText "Result: no arch-audit binary found" + AddHP 1 2 + ReportSuggestion "${TEST_NO}" "Consider installing arch-audit to determine vulnerable packages" "arch-audit" "text:Install arch-audit" + else + LogText "Result: arch-audit binary found (${ARCH_AUDIT_BINARY})" + AddHP 3 3 + fi + fi +# +################################################################################# +# + # Test : PKGS-7322 + # Description : Discover vulnerable packages with arch-audit + if [ ! -z "${ARCH_AUDIT_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="arch-audit not found"; fi + Register --test-no PKGS-7322 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Discover vulnerable packages with arch-audit" + if [ ${SKIPTEST} -eq 0 ]; then + LogText "Test: checking arch-audit output for vulnerable packages" + FIND=$(${ARCH_AUDIT_BINARY} | sed 's/\.\..*$//' | sed 's/, //g' | sed 's/\(\["\|"\]\)//g' | sed 's/""/,/g' | awk '{ if($1=="Package") { print $2"|"$6"|"}}' | awk -F'|' 'NF>1{a[$1] = a[$1]","$2}END{for(i in a){print i""a[i]}}' | sed 's/,/|cve=/' | sort | grep --color=auto "^[a-z]\+") + if [ -z "${FIND}" ]; then + LogText "Result: no vulnerable packages found with arch-audit" + AddHP 10 10 + else + LogText "Result: found one or more vulnerable packages" + for ITEM in ${FIND}; do + LogText "Found line: ${ITEM}" + Report "vulnerable_package[]=${ITEM}" + AddHP 1 2 + done + ReportWarning "${TEST_NO}" "Vulnerable packages found" "arch-audit" "text:Check output of arch-audit" + fi + fi +# +################################################################################# # # Test : PKGS-7328 # Description : Check installed packages with Zypper -- cgit v1.2.3