├── README.md └── CentOS.sh /README.md: -------------------------------------------------------------------------------- 1 | # CentOS Audit Bash Script for CIS 2 | 3 | 4 | #!/bin/bash 5 | CentOS 7 Audit Script 6 | Developed and Modified By Shravan Kumar for the official purpose only 7 | This configuration review script is developed according specific needs. 8 | Last Update Data : 26 July, 2016 9 | 10 | #Use following command to run this scipt 11 | `chmod +x CentOS_audit.sh` 12 | 13 | `./CentOS_audit.sh` 14 | -------------------------------------------------------------------------------- /CentOS.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #CentOS 7 Audit Script 3 | #Developed and Modified By Shravan Kumar for the official purpose only 4 | #This configuration review script is developed according specific needs. 5 | #Last Update Data : 26 July, 2016 6 | # Use following command to run this scipt 7 | # chmod +x CentOS_audit.sh 8 | # ./CentOS_audit.sh 9 | 10 | 11 | 12 | echo "SecureLayer7 CentOS Audit Started" 13 | echo "==================================================================================" 14 | echo ">>>>> 1 Install Updates, Patches and Additional Security Software <<<<< " 15 | echo " *************** 1.1 Filesystem Configuration *****************" 16 | echo "1.1.1 Create Separate Partition for /tmp" 17 | grep "[[:space:]]/tmp[[:space:]]" /etc/fstab 18 | 19 | 20 | echo "==================================================================================" 21 | echo "1.1.2 Set nodev option for /tmp Partition" 22 | grep "[[:space:]]/tmp[[:space:]]" /etc/fstab | grep nodev 23 | mount | grep "[[:space:]]/tmp[[:space:]]" | grep nodev 24 | 25 | 26 | echo "==================================================================================" 27 | echo "1.1.3 Set nosuid option for /tmp Partition" 28 | grep "[[:space:]]/tmp[[:space:]]" /etc/fstab | grep nosuid 29 | mount | grep "[[:space:]]/tmp[[:space:]]" | grep nosuid 30 | 31 | 32 | echo "==================================================================================" 33 | echo "1.1.4 Set noexec option for /tmp Partition" 34 | grep "[[:space:]]/tmp[[:space:]]" /etc/fstab | grep noexec 35 | mount | grep "[[:space:]]/tmp[[:space:]]" | grep noexec 36 | 37 | 38 | echo "==================================================================================" 39 | echo "1.1.5 Create Separate Partition for /var" 40 | grep "[[:space:]]/var[[:space:]]" /etc/fstab 41 | 42 | 43 | echo "==================================================================================" 44 | echo "1.1.6 Bind Mount the /var/tmp directory to /tmp" 45 | grep -e "^/tmp[[:space:]]" /etc/fstab | grep /var/tmp 46 | mount | grep -e "^/tmp[[:space:]]" | grep /var/tmp 47 | 48 | 49 | echo "==================================================================================" 50 | echo "1.1.7 Create Separate Partition for /var/log" 51 | grep "[[:space:]]/var/log[[:space:]]" /etc/fstab 52 | 53 | echo "==================================================================================" 54 | echo "1.1.8 Create Separate Partition for /var/log/audit" 55 | grep "[[:space:]]/var/log/audit[[:space:]]" /etc/fstab 56 | 57 | 58 | echo "==================================================================================" 59 | echo "1.1.9 Create Separate Partition for /home" 60 | grep "[[:space:]]/home[[:space:]]" /etc/fstab 61 | 62 | 63 | 64 | echo "==================================================================================" 65 | echo "1.1.10 Add nodev Option to /home" 66 | grep "[[:space:]]/home[[:space:]]" /etc/fstab 67 | mount | grep /home 68 | 69 | echo "==================================================================================" 70 | echo "1.1.11 Add nodev Option to Removable Media Partitions" 71 | echo "grep /etc/fstab" 72 | echo "work on it " 73 | 74 | 75 | echo "==================================================================================" 76 | echo "1.1.12 Add noexec Option to Removable Media Partitions" 77 | echo "grep /etc/fstab" 78 | echo "work on it " 79 | 80 | echo "==================================================================================" 81 | echo "1.1.13 Add nosuid Option to Removable Media Partitions" 82 | echo "grep /etc/fstab" 83 | echo "work on it " 84 | 85 | 86 | echo "==================================================================================" 87 | echo "1.1.14 Add nodev Option to /dev/shm Partition" 88 | grep /dev/shm /etc/fstab | grep nodev 89 | mount | grep /dev/shm | grep nodev 90 | 91 | echo "==================================================================================" 92 | echo "1.1.15 Add nosuid Option to /dev/shm Partition" 93 | grep /dev/shm /etc/fstab | grep nosuid 94 | mount | grep /dev/shm | grep nosuid 95 | 96 | echo "==================================================================================" 97 | echo "1.1.16 Add noexec Option to /dev/shm Partition" 98 | grep /dev/shm /etc/fstab | grep noexec 99 | mount | grep /dev/shm | grep noexec 100 | 101 | echo "==================================================================================" 102 | echo "1.1.17 Set Sticky Bit on All World-Writable Directories" 103 | df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null 104 | 105 | echo "==================================================================================" 106 | echo "1.1.18 Disable Mounting of cramfs Filesystems" 107 | /sbin/modprobe -n -v cramfs 108 | /sbin/lsmod | grep cramfs 109 | 110 | 111 | echo "==================================================================================" 112 | echo "1.1.19 Disable Mounting of freevxfs Filesystems" 113 | /sbin/modprobe -n -v freevxfs 114 | /sbin/lsmod | grep freevxfs 115 | 116 | 117 | echo "==================================================================================" 118 | echo "1.1.20 Disable Mounting of jffs2 Filesystems" 119 | /sbin/modprobe -n -v jffs2 120 | /sbin/lsmod | grep jffs2 121 | 122 | 123 | echo "==================================================================================" 124 | echo "1.1.21 Disable Mounting of hfs Filesystems" 125 | /sbin/modprobe -n -v hfs 126 | /sbin/lsmod | grep hfs 127 | 128 | echo "==================================================================================" 129 | echo "1.1.22 Disable Mounting of hfsplus Filesystems" 130 | /sbin/modprobe -n -v hfsplus 131 | /sbin/lsmod | grep hfsplus 132 | 133 | echo "==================================================================================" 134 | echo "1.1.23 Disable Mounting of squashfs Filesystems" 135 | /sbin/modprobe -n -v squashfs 136 | /sbin/lsmod | grep squashfs 137 | 138 | echo "==================================================================================" 139 | echo "1.1.24 Disable Mounting of udf Filesystems" 140 | /sbin/modprobe -n -v udf 141 | /sbin/lsmod | grep udf 142 | 143 | 144 | echo "==================================================================================" 145 | echo " *************** 1.2 Configure Software Updates *****************" 146 | echo "1.2.1 Verify CentOS GPG Key is Installed" 147 | rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey 148 | 149 | 150 | echo "==================================================================================" 151 | echo "1.2.2 Verify that gpgcheck is Globally Activated" 152 | grep gpgcheck /etc/yum.conf 153 | 154 | echo "==================================================================================" 155 | echo "1.2.3 Obtain Software Package Updates with yum" 156 | yum check-update 157 | 158 | echo "==================================================================================" 159 | echo "1.2.4 Verify Package Integrity Using RPM" 160 | rpm -qVa | awk '$2 != "c" { print $0}' 161 | 162 | 163 | 164 | echo "==================================================================================" 165 | echo " *************** 1.3 Advanced Intrusion Detection Environment *****************" 166 | echo "1.3.1 Install AIDE" 167 | rpm -q aide 168 | 169 | 170 | echo "==================================================================================" 171 | echo "1.3.2 Implement Periodic Execution of File Integrity" 172 | crontab -u root -l | grep aide 173 | 174 | 175 | echo "==================================================================================" 176 | echo " *************** 1.4 Configure SELinux *****************" 177 | echo "1.4.1 Ensure SELinux is not disabled in /boot/grub2/grub.cfg" 178 | grep selinux=0 /boot/grub2/grub.cfg 179 | grep enforcing=0 /boot/grub2/grub.cfg 180 | 181 | 182 | 183 | echo "==================================================================================" 184 | echo "1.4.2 Set the SELinux State" 185 | grep SELINUX=enforcing /etc/selinux/config 186 | /usr/sbin/sestatus 187 | 188 | echo "==================================================================================" 189 | echo "1.4.3 Set the SELinux Policy" 190 | grep SELINUXTYPE=targeted /etc/selinux/config 191 | /usr/sbin/sestatus 192 | 193 | echo "==================================================================================" 194 | echo "1.4.4 Remove SETroubleshoot" 195 | rpm -q setroubleshoot 196 | 197 | 198 | 199 | echo "==================================================================================" 200 | echo "1.4.5 Remove MCS Translation Service (mcstrans)" 201 | rpm -q mcstrans 202 | 203 | 204 | echo "==================================================================================" 205 | echo "1.4.6 Check for Unconfined Daemons" 206 | ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ' | awk '{print $NF }' 207 | 208 | 209 | 210 | echo "==================================================================================" 211 | echo " *************** 1.5 Secure Boot Settings *****************" 212 | 213 | echo "1.5.1 Set User/Group Owner on /boot/grub2/grub.cfg" 214 | stat -L -c "%u %g" /boot/grub2/grub.cfg | egrep "0 0" 215 | 216 | echo "==================================================================================" 217 | echo "1.5.2 Set Permissions on /boot/grub2/grub.cfg" 218 | stat -L -c "%a" /boot/grub2/grub.cfg | egrep ".00" 219 | 220 | 221 | echo "==================================================================================" 222 | echo "1.5.3 Set Boot Loader Password" 223 | grep "^set superusers" /boot/grub2/grub.cfg 224 | grep "^password" /boot/grub2/grub.cfg 225 | 226 | 227 | echo "==================================================================================" 228 | echo " *************** 1.6 Additional Process Hardening *****************" 229 | 230 | echo "1.6.1 Restrict Core Dumps" 231 | grep "hard core" /etc/security/limits.conf 232 | /sbin/sysctl fs.suid_dumpable 233 | 234 | 235 | 236 | echo "==================================================================================" 237 | echo "1.6.2 Enable Randomized Virtual Memory Region Placement" 238 | /sbin/sysctl kernel.randomize_va_space 239 | 240 | 241 | echo "==================================================================================" 242 | echo " *************** 1.7 Use the Latest OS Release *****************" 243 | uname -r 244 | cat /etc/centos-release 245 | 246 | 247 | echo "==================================================================================" 248 | echo ">>>>> 2 OS Services <<<<< " 249 | echo " *************** 2.1 Remove Legacy Services *****************" 250 | 251 | echo "2.1.1 Remove telnet-server" 252 | rpm -q telnet-server 253 | 254 | echo "==================================================================================" 255 | 256 | echo "2.1.2 Remove telnet Clients" 257 | rpm -q telnet 258 | 259 | echo "==================================================================================" 260 | echo "2.1.3 Remove rsh-server" 261 | rpm -q rsh-server 262 | 263 | echo "==================================================================================" 264 | echo "2.1.4 Remove rsh" 265 | rpm -q rsh 266 | 267 | echo "==================================================================================" 268 | echo "2.1.5 Remove NIS Client" 269 | rpm -q ypbind 270 | 271 | echo "==================================================================================" 272 | echo "2.1.6 Remove NIS Server" 273 | rpm -q ypserv 274 | 275 | echo "==================================================================================" 276 | echo "2.1.7 Remove tftp" 277 | rpm -q tftp 278 | 279 | echo "==================================================================================" 280 | echo "2.1.8 Remove tftp-server" 281 | rpm -q tftp-server 282 | 283 | echo "==================================================================================" 284 | echo "2.1.9 Remove talk" 285 | rpm -q talk 286 | 287 | echo "==================================================================================" 288 | echo "2.1.10 Remove talk-server" 289 | rpm -q talk-server 290 | 291 | echo "==================================================================================" 292 | echo "2.1.11 Remove xinetd" 293 | rpm -q xinetd 294 | 295 | echo "==================================================================================" 296 | echo "2.1.12 Disable chargen-dgram" 297 | chkconfig --list chargen-dgram 298 | 299 | echo "==================================================================================" 300 | echo "2.1.13 Disable chargen-stream" 301 | chkconfig --list chargen-stream 302 | 303 | echo "==================================================================================" 304 | echo "2.1.14 Disable daytime-dgram" 305 | chkconfig --list daytime-dgram 306 | 307 | echo "==================================================================================" 308 | echo "2.1.15 Disable daytime-stream" 309 | chkconfig --list daytime-stream 310 | 311 | echo "==================================================================================" 312 | echo "2.1.16 Disable echo-dgram" 313 | chkconfig --list echo-stream 314 | 315 | echo "==================================================================================" 316 | echo "2.1.18 Disable tcpmux-server" 317 | chkconfig --list tcpmux-server 318 | 319 | echo "==================================================================================" 320 | echo ">>>>> 3 Special Purpose Services <<<<< " 321 | 322 | 323 | echo "3.1 Set Daemon umask" 324 | grep umask /etc/sysconfig/init 325 | 326 | echo "==================================================================================" 327 | echo "3.2 Remove the X Window System" 328 | ls -l /etc/systemd/system/default.target | grep graphical.target 329 | rpm -q xorg-x11-server-common 330 | 331 | echo "==================================================================================" 332 | echo "3.3 Disable Avahi Server" 333 | systemctl is-enabled avahi-daemon 334 | 335 | echo "==================================================================================" 336 | echo "3.4 Disable Print Server - CUPS" 337 | systemctl is-enabled cups 338 | 339 | echo "==================================================================================" 340 | echo "3.5 Remove DHCP Server" 341 | rpm -q dhcp 342 | 343 | 344 | echo "==================================================================================" 345 | echo "3.6 Configure Network Time Protocol (NTP)" 346 | grep "restrict default" /etc/ntp.conf 347 | grep "restrict -6 default" /etc/ntp.conf 348 | grep "^server" /etc/ntp.conf 349 | grep "ntp:ntp" /etc/sysconfig/ntpd 350 | 351 | 352 | echo "==================================================================================" 353 | echo "3.7 Remove LDAP" 354 | rpm -q openldap-servers 355 | rpm -q openldap-clients 356 | 357 | 358 | echo "==================================================================================" 359 | echo "3.8 Disable NFS and RPC" 360 | systemctl is-enabled nfslock 361 | systemctl is-enabled rpcgssd 362 | systemctl is-enabled rpcbind 363 | systemctl is-enabled rpcidmapd 364 | systemctl is-enabled rpcsvcgssd 365 | 366 | echo "==================================================================================" 367 | echo "3.9 Remove DNS Server" 368 | rpm -q bind 369 | 370 | echo "==================================================================================" 371 | echo "3.10 Remove FTP Server" 372 | rpm -q vsftpd 373 | 374 | 375 | echo "==================================================================================" 376 | echo "3.11 Remove HTTP Server" 377 | rpm -q httpd 378 | 379 | 380 | echo "==================================================================================" 381 | echo "3.12 Remove Dovecot" 382 | rpm -q dovecot 383 | 384 | 385 | echo "==================================================================================" 386 | echo "3.13 Remove Samba" 387 | rpm -q samba 388 | 389 | echo "==================================================================================" 390 | echo "3.14 Remove HTTP Proxy Server" 391 | rpm -q squid 392 | 393 | echo "==================================================================================" 394 | echo "3.15 Remove SNMP Server" 395 | rpm -q net-snmp 396 | 397 | echo "==================================================================================" 398 | echo "3.16 Configure Mail Transfer Agent for Local-Only Mode" 399 | netstat -an | grep LIST | grep ":25[[:space:]]" 400 | 401 | 402 | echo "==================================================================================" 403 | echo ">>>>> 4 Network Configuration and Firewalls <<<<< " 404 | echo " *************** 4.1 Modify Network Parameters *****************" 405 | 406 | echo "==================================================================================" 407 | echo "4.1.1 Disable IP Forwarding" 408 | /sbin/sysctl net.ipv4.ip_forward 409 | 410 | echo "==================================================================================" 411 | echo "4.1.2 Disable Send Packet Redirects" 412 | /sbin/sysctl net.ipv4.conf.all.send_redirects 413 | /sbin/sysctl net.ipv4.conf.default.send_redirects 414 | 415 | echo "==================================================================================" 416 | 417 | echo " *************** 4.2 Modify Network Parameters *****************" 418 | 419 | echo "4.2.1 Disable Source Routed Packet Acceptance" 420 | /sbin/sysctl net.ipv4.conf.all.accept_source_route 421 | /sbin/sysctl net.ipv4.conf.default.accept_source_route 422 | 423 | echo "==================================================================================" 424 | 425 | echo "4.2.2 Disable ICMP Redirect Acceptance" 426 | /sbin/sysctl net.ipv4.conf.all.accept_redirects 427 | /sbin/sysctl net.ipv4.conf.default.accept_redirects 428 | 429 | echo "==================================================================================" 430 | echo "4.2.3 Disable Secure ICMP Redirect Acceptance" 431 | /sbin/sysctl net.ipv4.conf.all.secure_redirects 432 | /sbin/sysctl net.ipv4.conf.default.secure_redirects 433 | 434 | echo "==================================================================================" 435 | echo "4.2.4 Log Suspicious Packets" 436 | /sbin/sysctl net.ipv4.conf.all.log_martians 437 | /sbin/sysctl net.ipv4.conf.default.log_martians 438 | 439 | echo "==================================================================================" 440 | 441 | echo "4.2.5 Enable Ignore Broadcast Requests" 442 | /sbin/sysctl net.ipv4.icmp_echo_ignore_broadcasts 443 | 444 | echo "==================================================================================" 445 | echo "4.2.6 Enable Bad Error Message Protection" 446 | /sbin/sysctl net.ipv4.icmp_ignore_bogus_error_responses 447 | 448 | echo "==================================================================================" 449 | echo "4.2.7 Enable RFC-recommended Source Route Validation" 450 | /sbin/sysctl net.ipv4.conf.all.rp_filter 451 | /sbin/sysctl net.ipv4.conf.default.rp_filter 452 | 453 | echo "==================================================================================" 454 | echo "4.2.8 Enable TCP SYN Cookies" 455 | /sbin/sysctl net.ipv4.tcp_syncookies 456 | 457 | echo "==================================================================================" 458 | 459 | echo " *************** 4.3 Wireless Networking *****************" 460 | echo "4.3.1 Deactivate Wireless Interfaces" 461 | ip link show 462 | 463 | echo "==================================================================================" 464 | echo " *************** 4.4 IPv6 *****************" 465 | echo "---> 4.4.1 Configure IPv6 <---" 466 | echo "4.4.1.1 Disable IPv6 Router Advertisements" 467 | /sbin/sysctl net.ipv6.conf.all.accept_ra 468 | /sbin/sysctl net.ipv6.conf.default.accept_ra 469 | 470 | echo "==================================================================================" 471 | 472 | echo "4.4.1.2 Disable IPv6 Redirect Acceptance" 473 | /sbin/sysctl net.ipv6.conf.all.accept_redirects 474 | /sbin/sysctl net.ipv6.conf.default.accept_redirects 475 | 476 | echo "==================================================================================" 477 | echo "---> 4.4.2 Disable IPv6 <---" 478 | grep net.ipv6.conf.all.disable_ipv6 /etc/sysctl.conf 479 | /sbin/sysctl net.ipv6.conf.all.disable_ipv6 480 | 481 | echo "==================================================================================" 482 | echo " *************** 4.5 Install TCP Wrappers *****************" 483 | 484 | echo "4.5.1 Install TCP Wrappers" 485 | yum list tcp_wrappers 486 | 487 | echo "==================================================================================" 488 | echo "4.5.2 Create /etc/hosts.allow" 489 | cat /etc/hosts.allow 490 | 491 | echo "==================================================================================" 492 | echo "4.5.3 Verify Permissions on /etc/hosts.allow" 493 | /bin/ls -l /etc/hosts.allow 494 | 495 | echo "==================================================================================" 496 | echo "4.5.4 Create /etc/hosts.deny" 497 | grep "ALL: ALL" /etc/hosts.deny 498 | 499 | echo "==================================================================================" 500 | echo "4.5.5 Verify Permissions on /etc/hosts.deny" 501 | /bin/ls -l /etc/hosts.deny 502 | 503 | echo "==================================================================================" 504 | 505 | echo " *************** 4.6 Uncommon Network Protocols *****************" 506 | 507 | echo "4.6.1 Disable DCCP" 508 | grep "install dccp /bin/true" /etc/modprobe.d/CIS.conf 509 | 510 | echo "==================================================================================" 511 | echo "4.6.2 Disable SCTP" 512 | grep "install sctp /bin/true" /etc/modprobe.d/CIS.conf 513 | 514 | echo "==================================================================================" 515 | echo "4.6.3 Disable RDS" 516 | grep "install rds /bin/true" /etc/modprobe.d/CIS.conf 517 | 518 | echo "==================================================================================" 519 | echo "4.6.4 Disable TIPC" 520 | grep "install tipc /bin/true" /etc/modprobe.d/CIS.conf 521 | 522 | echo "==================================================================================" 523 | 524 | 525 | echo " *************** 4.7 Enable firewalld *****************" 526 | systemctl is-enabled firewalld 527 | 528 | echo "==================================================================================" 529 | echo ">>>>> 5 Logging and Auditing <<<<< " 530 | echo " *************** 5.1 Configure rsyslog *****************" 531 | 532 | echo "==================================================================================" 533 | echo "5.1.1 Install the rsyslog package" 534 | rpm -q rsyslog 535 | 536 | echo "==================================================================================" 537 | echo "5.1.2 Activate the rsyslog Service" 538 | systemctl is-enabled rsyslog 539 | 540 | echo "==================================================================================" 541 | echo "5.1.3 Configure /etc/rsyslog.conf" 542 | ls -l /var/log/ 543 | 544 | echo "==================================================================================" 545 | echo "5.1.4 Create and Set Permissions on rsyslog Log Files" 546 | echo "For each listed in the /etc/rsyslog.conf file, perform the following command and verify that the : is root:root and the permissions are 0600 (for sites that have not implemented a secure group) and root:securegrp with permissions of 0640 \nls -l " 547 | echo "Work on it" 548 | 549 | echo "==================================================================================" 550 | 551 | echo "5.1.5 Configure rsyslog to Send Logs to a Remote Log Host" 552 | grep "^*.*[^I][^I]*@" /etc/rsyslog.conf 553 | 554 | echo "==================================================================================" 555 | echo "5.1.6 Accept Remote rsyslog Messages Only on Designated Log Hosts" 556 | grep '$ModLoad imtcp.so' /etc/rsyslog.conf 557 | grep '$InputTCPServerRun' /etc/rsyslog.conf 558 | 559 | echo "==================================================================================" 560 | 561 | 562 | echo " *************** 5.2 Configure System Accounting *****************" 563 | 564 | echo "---> 5.2.1 Configure Data Retention <---" 565 | echo "5.2.1.1 Configure Audit Log Storage Size" 566 | grep max_log_file /etc/audit/auditd.conf 567 | 568 | echo "==================================================================================" 569 | echo "5.2.1.2 Disable System on Audit Log Full" 570 | grep space_left_action /etc/audit/auditd.conf 571 | grep action_mail_acct /etc/audit/auditd.conf 572 | grep admin_space_left_action /etc/audit/auditd.conf 573 | 574 | echo "==================================================================================" 575 | echo "5.2.1.3 Keep All Auditing Information" 576 | grep max_log_file_action /etc/audit/auditd.conf 577 | 578 | echo "==================================================================================" 579 | echo "5.2.2 Enable auditd Service" 580 | systemctl is-enabled auditd 581 | 582 | echo "==================================================================================" 583 | echo "5.2.3 Enable Auditing for Processes That Start Prior to auditd" 584 | grep "linux" /boot/grub2/grub.cfg 585 | 586 | echo "==================================================================================" 587 | echo "5.2.4 Record Events That Modify Date and Time Information" 588 | grep time-change /etc/audit/audit.rules 589 | 590 | echo "==================================================================================" 591 | echo "5.2.5 Record Events That Modify User/Group Information" 592 | grep identity /etc/audit/audit.rules 593 | 594 | echo "==================================================================================" 595 | echo "5.2.6 Record Events That Modify the System's Network Environment" 596 | grep system-locale /etc/audit/audit.rules 597 | 598 | echo "==================================================================================" 599 | echo "5.2.7 Record Events That Modify the System's Mandatory Access Controls" 600 | grep MAC-policy /etc/audit/audit.rules 601 | 602 | echo "==================================================================================" 603 | echo "5.2.8 Collect Login and Logout Events" 604 | grep logins /etc/audit/audit.rules 605 | 606 | echo "==================================================================================" 607 | echo "5.2.9 Collect Session Initiation Information" 608 | grep session /etc/audit/audit.rules 609 | 610 | echo "==================================================================================" 611 | echo "5.2.10 Collect Discretionary Access Control Permission Modification Events" 612 | grep perm_mod /etc/audit/audit.rules 613 | 614 | echo "==================================================================================" 615 | echo "5.2.11 Collect Unsuccessful Unauthorized Access Attempts to Files" 616 | grep access /etc/audit/audit.rules 617 | 618 | echo "==================================================================================" 619 | echo "5.2.12 Collect Use of Privileged Commands" 620 | find PART -xdev \( -perm -4000 -o -perm -2000 \) -type f | awk '{print "-a always,exit -F path=" $1 " -F perm=x -F auid>=1000 -F auid!=4294967295 -k privileged" }' 621 | 622 | echo "==================================================================================" 623 | echo "5.2.13 Collect Successful File System Mounts" 624 | grep mounts /etc/audit/audit.rules 625 | 626 | echo "==================================================================================" 627 | echo "5.2.14 Collect File Deletion Events by User" 628 | grep delete /etc/audit/audit.rules 629 | 630 | echo "==================================================================================" 631 | echo "5.2.15 Collect Changes to System Administration Scope" 632 | grep scope /etc/audit/audit.rules 633 | 634 | echo "==================================================================================" 635 | echo "5.2.16 Collect System Administrator Actions (sudolog)" 636 | grep actions /etc/audit/audit.rules 637 | 638 | echo "==================================================================================" 639 | echo "5.2.17 Collect Kernel Module Loading and Unloading" 640 | grep modules /etc/audit/audit.rules 641 | 642 | echo "==================================================================================" 643 | echo "5.2.18 Make the Audit Configuration Immutable" 644 | grep "^-e 2" /etc/audit/audit.rules 645 | 646 | echo "==================================================================================" 647 | echo "*************** 5.3 Configure logrotate *****************" 648 | grep '{' /etc/logrotate.d/syslog 649 | 650 | echo "==================================================================================" 651 | 652 | echo ">>>>> 6 System Access, Authentication and Authorization <<<<< " 653 | echo "*************** 6.1 Configure cron and anacron *****************" 654 | 655 | echo "6.1.1 Enable anacron Daemon" 656 | rpm -q cronie-anacron 657 | 658 | echo "==================================================================================" 659 | echo "6.1.2 Enable crond Daemon" 660 | systemctl is-enabled crond 661 | 662 | echo "==================================================================================" 663 | echo "6.1.3 Set User/Group Owner and Permission on /etc/anacrontab" 664 | stat -L -c "%a %u %g" /etc/anacrontab | egrep ".00 0 0" 665 | 666 | echo "==================================================================================" 667 | echo "6.1.4 Set User/Group Owner and Permission on /etc/crontab" 668 | stat -L -c "%a %u %g" /etc/crontab | egrep ".00 0 0" 669 | 670 | echo "==================================================================================" 671 | echo "6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly" 672 | stat -L -c "%a %u %g" /etc/cron.hourly | egrep ".00 0 0" 673 | 674 | echo "==================================================================================" 675 | echo "6.1.6 Set User/Group Owner and Permission on /etc/cron.daily" 676 | stat -L -c "%a %u %g" /etc/cron.daily | egrep ".00 0 0" 677 | 678 | echo "==================================================================================" 679 | echo "6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly" 680 | stat -L -c "%a %u %g" /etc/cron.weekly | egrep ".00 0 0" 681 | 682 | echo "==================================================================================" 683 | echo "6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly" 684 | stat -L -c "%a %u %g" /etc/cron.monthly | egrep ".00 0 0" 685 | 686 | echo "==================================================================================" 687 | echo "6.1.9 Set User/Group Owner and Permission on /etc/cron.d" 688 | stat -L -c "%a %u %g" /etc/cron.d | egrep ".00 0 0" 689 | 690 | echo "==================================================================================" 691 | echo "6.1.10 Restrict at Daemon" 692 | stat -L /etc/at.deny > /dev/null 693 | stat -L -c "%a %u %g" /etc/at.allow | egrep ".00 0 0" 694 | 695 | echo "==================================================================================" 696 | echo "6.1.11 Restrict at/cron to Authorized Users" 697 | ls -l /etc/cron.deny 698 | ls -l /etc/at.deny 699 | ls -l /etc/cron.allow 700 | ls -l /etc/at.allow 701 | 702 | echo "==================================================================================" 703 | echo "*************** 6.2 Configure SSH *****************" 704 | echo "6.2.1 Set SSH Protocol to 2" 705 | grep "^Protocol" /etc/ssh/sshd_config 706 | 707 | echo "==================================================================================" 708 | echo "6.2.2 Set LogLevel to INFO" 709 | grep "^LogLevel" /etc/ssh/sshd_config 710 | 711 | echo "==================================================================================" 712 | echo "6.2.3 Set Permissions on /etc/ssh/sshd_config" 713 | /bin/ls -l /etc/ssh/sshd_config 714 | 715 | echo "==================================================================================" 716 | echo "6.2.4 Disable SSH X11 Forwarding" 717 | grep "^X11Forwarding" /etc/ssh/sshd_config 718 | 719 | echo "==================================================================================" 720 | echo "6.2.5 Set SSH MaxAuthTries to 4 or Less" 721 | grep "^MaxAuthTries" /etc/ssh/sshd_config 722 | 723 | echo "==================================================================================" 724 | echo "6.2.6 Set SSH IgnoreRhosts to Yes" 725 | grep "^HostbasedAuthentication" /etc/ssh/sshd_config 726 | 727 | echo "==================================================================================" 728 | echo "6.2.7 Set SSH HostbasedAuthentication to No" 729 | grep "^HostbasedAuthentication" /etc/ssh/sshd_config 730 | 731 | echo "==================================================================================" 732 | echo "6.2.8 Disable SSH Root Login" 733 | grep "^PermitRootLogin" /etc/ssh/sshd_config 734 | 735 | echo "==================================================================================" 736 | echo "6.2.9 Set SSH PermitEmptyPasswords to No" 737 | grep "^PermitEmptyPasswords" /etc/ssh/sshd_config 738 | 739 | echo "==================================================================================" 740 | echo "6.2.10 Do Not Allow Users to Set Environment Options" 741 | grep PermitUserEnvironment /etc/ssh/sshd_config 742 | 743 | echo "==================================================================================" 744 | echo "6.2.11 Use Only Approved Cipher in Counter Mode" 745 | grep "Ciphers" /etc/ssh/sshd_config 746 | 747 | echo "==================================================================================" 748 | echo "6.2.12 Set Idle Timeout Interval for User Login" 749 | grep "^ClientAliveInterval" /etc/ssh/sshd_config 750 | grep "^ClientAliveCountMax" /etc/ssh/sshd_config 751 | 752 | echo "==================================================================================" 753 | echo "6.2.13 Limit Access via SSH" 754 | grep "^AllowUsers" /etc/ssh/sshd_config 755 | grep "^AllowGroups" /etc/ssh/sshd_config 756 | grep "^DenyUsers" /etc/ssh/sshd_config 757 | grep "^DenyGroups" /etc/ssh/sshd_config 758 | 759 | echo "==================================================================================" 760 | echo "6.2.14 Set SSH Banner" 761 | grep "^Banner" /etc/ssh/sshd_config 762 | 763 | echo "==================================================================================" 764 | echo "*************** 6.3 Configure PAM *****************" 765 | echo "6.3.1 Upgrade Password Hashing Algorithm to SHA-512" 766 | authconfig --test | grep hashing | grep sha512 767 | 768 | echo "==================================================================================" 769 | echo "6.3.2 Set Password Creation Requirement Parameters Using pam_pwquality" 770 | grep pam_pwquality.so /etc/pam.d/system-auth 771 | 772 | echo "==================================================================================" 773 | echo "6.3.3 Set Lockout for Failed Password Attempts" 774 | grep "pam_faillock" /etc/pam.d/password-auth 775 | grep "pam_unix.so" /etc/pam.d/password-auth | grep success=1 776 | grep "pam_faillock" /etc/pam.d/system-auth 777 | grep "pam_unix.so" /etc/pam.d/system-auth | grep success=1 778 | 779 | echo "==================================================================================" 780 | echo "6.3.4 Limit Password Reuse" 781 | grep "remember" /etc/pam.d/system-auth 782 | 783 | echo "==================================================================================" 784 | echo "*************** 6.4 Restrict root Login to System Console *****************" 785 | cat /etc/securetty 786 | 787 | echo "==================================================================================" 788 | echo "*************** 6.5 Restrict Access to the su Command *****************" 789 | grep pam_wheel.so /etc/pam.d/su 790 | grep wheel /etc/group 791 | 792 | echo "==================================================================================" 793 | 794 | 795 | echo ">>>>> 7 User Accounts and Environment <<<<< " 796 | echo "*************** 7.1 Set Shadow Password Suite Parameters *****************" 797 | 798 | 799 | 800 | echo "7.1.1 Set Password Expiration Days" 801 | grep PASS_MAX_DAYS /etc/login.defs 802 | echo "work on it chage --list " 803 | 804 | echo "==================================================================================" 805 | echo "7.1.2 Set Password Change Minimum Number of Days" 806 | grep PASS_MIN_DAYS /etc/login.defs 807 | echo "work on it chage --list " 808 | 809 | echo "==================================================================================" 810 | echo "7.1.3 Set Password Expiring Warning Days" 811 | grep PASS_WARN_AGE /etc/login.defs 812 | echo "work on it chage --list " 813 | 814 | echo "==================================================================================" 815 | echo "*************** 7.2 Disable System Accounts *****************" 816 | egrep -v "^\+" /etc/passwd | awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<1000 && $7!="/sbin/nologin") {print}' 817 | 818 | echo "==================================================================================" 819 | echo "*************** 7.3 Set Default Group for root Account *****************" 820 | grep "^root:" /etc/passwd | cut -f4 -d: 821 | 822 | echo "==================================================================================" 823 | echo "*************** 7.4 Set Default umask for Users *****************" 824 | grep "^umask 077" /etc/bashrc 825 | grep "^umask 077" /etc/profile.d/* 826 | 827 | echo "==================================================================================" 828 | echo "*************** 7.5 Lock Inactive User Accounts *****************" 829 | useradd -D | grep INACTIVE 830 | 831 | echo "==================================================================================" 832 | echo ">>>>> 8 Warning Banners <<<<< " 833 | 834 | 835 | echo "8.1 Set Warning Banner for Standard Login Services" 836 | /bin/ls -l /etc/motd 837 | ls /etc/issue 838 | ls /etc/issue.net 839 | 840 | echo "==================================================================================" 841 | echo "8.2 Remove OS Information from Login Warning Banners" 842 | egrep '(\\v|\\r|\\m|\\s)' /etc/issue 843 | egrep '(\\v|\\r|\\m|\\s)' /etc/motd 844 | egrep '(\\v|\\r|\\m|\\s)' /etc/issue.net 845 | 846 | echo "==================================================================================" 847 | echo "8.3 Set GNOME Warning Banner" 848 | echo "_______" 849 | 850 | echo "==================================================================================" 851 | echo ">>>>> 9 System Maintenance <<<<< " 852 | echo "*************** 9.1 Verify System File Permissions *****************" 853 | 854 | 855 | echo "9.1.1 Verify System File Permissions" 856 | rpm -V `rpm -qf /etc/passwd` 857 | 858 | echo "==================================================================================" 859 | echo "9.1.2 Verify Permissions on /etc/passwd" 860 | /bin/ls -l /etc/passwd 861 | 862 | echo "==================================================================================" 863 | echo "9.1.3 Verify Permissions on /etc/shadow" 864 | /bin/ls -l /etc/shadow 865 | 866 | echo "==================================================================================" 867 | echo "9.1.4 Verify Permissions on /etc/gshadow" 868 | /bin/ls -l /etc/gshadow 869 | 870 | echo "==================================================================================" 871 | echo "9.1.5 Verify Permissions on /etc/group" 872 | /bin/ls -l /etc/group 873 | 874 | echo "==================================================================================" 875 | echo "9.1.6 Verify User/Group Ownership on /etc/passwd" 876 | /bin/ls -l /etc/passwd 877 | 878 | echo "==================================================================================" 879 | echo "9.1.7 Verify User/Group Ownership on /etc/shadow" 880 | /bin/ls -l /etc/shadow 881 | 882 | echo "==================================================================================" 883 | echo "9.1.8 Verify User/Group Ownership on /etc/gshadow" 884 | /bin/ls -l /etc/gshadow 885 | 886 | echo "==================================================================================" 887 | echo "9.1.9 Verify User/Group Ownership on /etc/group" 888 | /bin/ls -l /etc/group 889 | 890 | echo "==================================================================================" 891 | echo "9.1.10 Find World Writable Files" 892 | df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 893 | 894 | echo "==================================================================================" 895 | echo "9.1.11 Find Un-owned Files and Directories" 896 | df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -ls 897 | 898 | echo "==================================================================================" 899 | echo "9.1.12 Find Un-grouped Files and Directories" 900 | df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -ls 901 | 902 | echo "==================================================================================" 903 | echo "9.1.13 Find SUID System Executables" 904 | df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000 -print 905 | 906 | echo "==================================================================================" 907 | echo "9.1.14 Find SGID System Executables" 908 | df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000 -print 909 | 910 | echo "==================================================================================" 911 | echo "*************** 9.2 Review User and Group Settings *****************" 912 | 913 | echo "9.2.1 Ensure Password Fields are Not Empty" 914 | /bin/cat /etc/shadow | /usr/bin/awk -F: '($2 == "" ) { print $1 " does not have a password "}' 915 | 916 | echo "==================================================================================" 917 | echo "9.2.2 Verify No Legacy "+" Entries Exist in /etc/passwd File" 918 | /bin/grep '^+:' /etc/passwd 919 | 920 | echo "==================================================================================" 921 | echo "9.2.3 Verify No Legacy "+" Entries Exist in /etc/shadow File" 922 | /bin/grep '^+:' /etc/shadow 923 | 924 | echo "==================================================================================" 925 | echo "9.2.4 Verify No Legacy "+" Entries Exist in /etc/group File" 926 | /bin/grep '^+:' /etc/group 927 | 928 | echo "==================================================================================" 929 | echo "9.2.5 Verify No UID 0 Accounts Exist Other Than root" 930 | /bin/cat /etc/passwd | /usr/bin/awk -F: '($3 == 0) { print $1 }' 931 | 932 | echo "==================================================================================" 933 | echo "9.2.6 Ensure root PATH Integrity" 934 | if [ "`echo $PATH | /bin/grep :: `" != "" ]; then 935 | echo "Empty Directory in PATH (::)" 936 | fi 937 | if [ "`echo $PATH | /bin/grep :$`" != "" ]; then 938 | echo "Trailing : in PATH" 939 | fi 940 | 941 | p=`echo $PATH | /bin/sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g'` 942 | set -- $p 943 | while [ "$1" != "" ]; do 944 | if [ "$1" = "." ]; then 945 | echo "PATH contains ." 946 | shift 947 | continue 948 | fi 949 | if [ -d $1 ]; then 950 | dirperm=`/bin/ls -ldH $1 | /bin/cut -f1 -d" "` 951 | if [ `echo $dirperm | /bin/cut -c6 ` != "-" ]; then 952 | echo "Group Write permission set on directory $1" 953 | fi 954 | if [ `echo $dirperm | /bin/cut -c9 ` != "-" ]; then 955 | echo "Other Write permission set on directory $1" 956 | fi 957 | dirown=`ls -ldH $1 | awk '{print $3}'` 958 | if [ "$dirown" != "root" ] ; then 959 | echo "$1 is not owned by root" 960 | fi 961 | else 962 | echo "$1 is not a directory" 963 | fi 964 | shift 965 | done 966 | 967 | echo "==================================================================================" 968 | 969 | echo "9.2.7 Check Permissions on User Home Directories" 970 | for dir in `/bin/cat /etc/passwd | /bin/egrep -v '(root|halt|sync|shutdown)' |/bin/awk -F: '($8 == "PS" && $7 != "/sbin/nologin") { print $6 }'`; do 971 | dirperm=`/bin/ls -ld $dir | /bin/cut -f1 -d" "` 972 | if [ `echo $dirperm | /bin/cut -c6 ` != "-" ]; then 973 | echo "Group Write permission set on directory $dir" 974 | fi 975 | if [ `echo $dirperm | /bin/cut -c8 ` != "-" ]; then 976 | echo "Other Read permission set on directory $dir" 977 | fi 978 | if [ `echo $dirperm | /bin/cut -c9 ` != "-" ]; then 979 | echo "Other Write permission set on directory $dir" 980 | fi 981 | if [ `echo $dirperm | /bin/cut -c10 ` != "-" ]; then 982 | echo "Other Execute permission set on directory $dir" 983 | fi 984 | done 985 | 986 | echo "==================================================================================" 987 | echo "9.2.8 Check User Dot File Permissions" 988 | for dir in `/bin/cat /etc/passwd | /bin/egrep -v '(root|sync|halt|shutdown)' | 989 | /bin/awk -F: '($7 != "/sbin/nologin") { print $6 }'`; do 990 | for file in $dir/.[A-Za-z0-9]*; do 991 | if [ ! -h "$file" -a -f "$file" ]; then 992 | fileperm=`/bin/ls -ld $file | /bin/cut -f1 -d" "` 993 | if [ `echo $fileperm | /bin/cut -c6 ` != "-" ]; then 994 | echo "Group Write permission set on file $file" 995 | fi 996 | if [ `echo $fileperm | /bin/cut -c9 ` != "-" ]; then 997 | echo "Other Write permission set on file $file" 998 | fi 999 | fi 1000 | done 1001 | done 1002 | 1003 | echo "==================================================================================" 1004 | echo "9.2.9 Check Permissions on User .netrc Files" 1005 | 1006 | for dir in `/bin/cat /etc/passwd | /bin/egrep -v '(root|sync|halt|shutdown)' |/bin/awk -F: '($7 != "/sbin/nologin") { print $6 }'`; do 1007 | for file in $dir/.netrc; do 1008 | if [ ! -h "$file" -a -f "$file" ]; then 1009 | fileperm=`/bin/ls -ld $file | /bin/cut -f1 -d" "` 1010 | if [ `echo $fileperm | /bin/cut -c5 ` != "-" ] 1011 | then 1012 | echo "Group Read set on $file" 1013 | fi 1014 | if [ `echo $fileperm | /bin/cut -c6 ` != "-" ] 1015 | then 1016 | echo "Group Write set on $file" 1017 | fi 1018 | if [ `echo $fileperm | /bin/cut -c7 ` != "-" ] 1019 | then 1020 | echo "Group Execute set on $file" 1021 | fi 1022 | if [ `echo $fileperm | /bin/cut -c8 ` != "-" ] 1023 | then 1024 | echo "Other Read set on $file" 1025 | fi 1026 | if [ `echo $fileperm | /bin/cut -c9 ` != "-" ] 1027 | then 1028 | echo "Other Write set on $file" 1029 | fi 1030 | if [ `echo $fileperm | /bin/cut -c10 ` != "-" ] 1031 | then 1032 | echo "Other Execute set on $file" 1033 | fi 1034 | fi 1035 | done 1036 | done 1037 | 1038 | echo "==================================================================================" 1039 | echo "9.2.10 Check for Presence of User .rhosts Files" 1040 | 1041 | for dir in `/bin/cat /etc/passwd | /bin/egrep -v '(root|halt|sync|shutdown)' |/bin/awk -F: '($7 != "/sbin/nologin") { print $6 }'`; do 1042 | for file in $dir/.rhosts; do 1043 | if [ ! -h "$file" -a -f "$file" ]; then 1044 | echo ".rhosts file in $dir" 1045 | fi 1046 | done 1047 | done 1048 | 1049 | 1050 | 1051 | 1052 | echo "==================================================================================" 1053 | echo "9.2.11 Check Groups in /etc/passwd" 1054 | 1055 | for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do 1056 | grep -q -P "^.*?:x:$i:" /etc/group 1057 | if [ $? -ne 0 ]; then 1058 | echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group" 1059 | fi 1060 | done 1061 | 1062 | 1063 | 1064 | echo "==================================================================================" 1065 | echo "9.2.12 Check That Users Are Assigned Valid Home Directories" 1066 | cat /etc/passwd | awk -F: '{ print $1 " " $3 " " $6 }' | while read user uid dir; do 1067 | if [ $uid -ge 1000 -a ! -d "$dir" -a $user != "nfsnobody" ]; then 1068 | echo "The home directory ($dir) of user $user does not exist." 1069 | fi 1070 | done 1071 | 1072 | echo "==================================================================================" 1073 | echo "9.2.13 Check User Home Directory Ownership" 1074 | 1075 | cat /etc/passwd | awk -F: '{ print $1 " " $3 " " $6 }' | while read user uid dir; do 1076 | if [ $uid -ge 1000 -a -d "$dir" -a $user != "nfsnobody" ]; then 1077 | owner=$(stat -L -c "%U" "$dir") 1078 | if [ "$owner" != "$user" ]; then 1079 | echo "The home directory ($dir) of user $user is owned by $owner." 1080 | fi 1081 | fi 1082 | done 1083 | 1084 | 1085 | 1086 | echo "==================================================================================" 1087 | echo "9.2.14 Check for Duplicate UIDs" 1088 | 1089 | echo "The Output for the Audit of Control 9.2.14- Check for Duplicate UIDs is" 1090 | /bin/cat /etc/passwd | /bin/cut -f3 -d":" | /bin/sort -n | /usr/bin/uniq -c |while read x ; do [ -z "${x}" ] && break 1091 | set - $x 1092 | if [ $1 -gt 1 ]; then 1093 | users=`/bin/gawk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | /usr/bin/xargs` 1094 | echo "Duplicate UID ($2): ${users}" 1095 | fi 1096 | done 1097 | 1098 | 1099 | 1100 | 1101 | 1102 | echo "==================================================================================" 1103 | echo "9.2.15 Check for Duplicate GIDs" 1104 | 1105 | echo "The Output for the Audit of Control 9.2.15 - Check for Duplicate GIDs is" 1106 | /bin/cat /etc/group | /bin/cut -f3 -d":" | /bin/sort -n | /bin/uniq -c |while read x ; do [ -z "${x}" ] && break 1107 | set - $x 1108 | if [ $1 -gt 1 ]; then 1109 | grps=`/bin/gawk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs` 1110 | echo "Duplicate GID ($2): ${grps}" 1111 | fi 1112 | done 1113 | 1114 | 1115 | 1116 | 1117 | echo "==================================================================================" 1118 | echo "9.2.16 Check That Reserved UIDs Are Assigned to System Accounts" 1119 | 1120 | defUsers="root bin daemon adm lp sync shutdown halt mail news uucp operator games gopher ftp nobody nscd vcsa rpc mailnull smmsp pcap ntp dbus avahi sshd rpcuser nfsnobody haldaemon avahi-autoipd distcache apache oprofile webalizer dovecot squid named xfs gdm sabayon usbmuxd rtkit abrt saslauth pulse postfix tcpdump" 1121 | /bin/cat /etc/passwd |/bin/awk -F: '($3 < 1000) { print $1" "$3 }' | while read user uid; do found=0 1122 | for tUser in ${defUsers} 1123 | do 1124 | if [ ${user} = ${tUser} ]; then 1125 | found=1 1126 | fi 1127 | done 1128 | if [ $found -eq 0 ]; then 1129 | echo "User $user has a reserved UID ($uid)." 1130 | fi 1131 | done 1132 | 1133 | echo "==================================================================================" 1134 | echo "9.2.17 Check for Duplicate User Names" 1135 | echo "The Output for the Audit of Control 9.2.18 - Check for Duplicate User Names is" 1136 | cat /etc/passwd | cut -f1 -d":" | /bin/sort -n | /usr/bin/uniq -c |\ 1137 | while read x ; do 1138 | [ -z "${x}" ] && break 1139 | set - $x 1140 | if [ $1 -gt 1 ]; then 1141 | uids=`/bin/gawk -F: '($1 == n) { print $3 }' n=$2 \ 1142 | /etc/passwd | xargs` 1143 | echo "Duplicate User Name ($2): ${uids}" 1144 | fi 1145 | done 1146 | echo "==================================================================================" 1147 | echo "9.2.18 Check for Duplicate Group Names" 1148 | echo "The Output for the Audit of Control 9.2.19 - Check for Duplicate Group Names is" 1149 | cat /etc/group | cut -f1 -d":" | /bin/sort -n | /usr/bin/uniq -c |\ 1150 | while read x ; do 1151 | [ -z "${x}" ] && break 1152 | set - $x 1153 | if [ $1 -gt 1 ]; then 1154 | gids=`/bin/gawk -F: '($1 == n) { print $3 }' n=$2 \ 1155 | /etc/group | xargs` 1156 | echo "Duplicate Group Name ($2): ${gids}" 1157 | fi 1158 | done 1159 | 1160 | echo "==================================================================================" 1161 | echo "9.2.19 Check for Presence of User .netrc Files" 1162 | echo "----" 1163 | for dir in `/bin/cat /etc/passwd |\ 1164 | /bin/awk -F: '{ print $6 }'`; do 1165 | if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then 1166 | echo ".netrc file $dir/.netrc exists" 1167 | fi 1168 | done 1169 | 1170 | echo "==================================================================================" 1171 | echo "9.2.20 Check for Presence of User .forward Files" 1172 | echo "----" 1173 | for dir in `/bin/cat /etc/passwd |\ 1174 | /bin/awk -F: '{ print $6 }'`; do 1175 | if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then 1176 | echo ".forward file $dir/.forward exists" 1177 | fi 1178 | done 1179 | echo "==================================================================================" 1180 | echo "Auditing is Completed" 1181 | --------------------------------------------------------------------------------