Browse Source

Merge branch 'stretch' of https://github.com/bashrc/freedombone

Bob Mottram 8 years ago
parent
commit
33fe2af78c

+ 10
- 1
src/freedombone-tests View File

@@ -1031,12 +1031,21 @@ function test_stig {
1031 1031
     ##RHEL-06-000302
1032 1032
     ##A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries.
1033 1033
 
1034
-    bash $STIG_TESTS_DIR/check-aide-cron.sh > /dev/null 2>&1 &
1034
+    bash $STIG_TESTS_DIR/check-tripwire-cron.sh > /dev/null 2>&1 &
1035 1035
 
1036 1036
     stig_spinner $!
1037 1037
     output "V-38695" $? ${SETLANG}
1038 1038
     ################
1039 1039
 
1040
+    ##RHEL-06-000018
1041
+    #For tripwire to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.
1042
+
1043
+    bash $STIG_TESTS_DIR/check-tripwire-baseline.sh > /dev/null 2>&1 &
1044
+
1045
+    stig_spinner $!
1046
+    output "V-51391" $? ${SETLANG}
1047
+    ################
1048
+
1040 1049
     ##RHEL-06-000308
1041 1050
     ##Process core dumps must be disabled unless needed.
1042 1051
 

+ 0
- 27
tests/check-aide-baseline.sh View File

@@ -1,27 +0,0 @@
1
-#!/bin/bash
2
-#Tested on Aide 0.16a2-19-g16ed855
3
-
4
-CHECKDATABASE=$(grep "database=" /etc/aide/aide.conf  2>/dev/null )
5
-if [ $? -eq 0 ];then
6
-        :
7
-else 
8
-        echo "couldn""'""t found aide.conf"
9
-        exit 1
10
-fi
11
-
12
-DATABASE=$(echo $CHECKDATABASE | awk -F ':' '{printf $2}' 2>/dev/null)
13
-
14
-if [ $? -eq 0 ];then
15
-        :
16
-else 
17
-        echo "couldn""'""t found database location at aide.conf"
18
-        exit 1
19
-fi
20
-
21
-if [ -f "$DATABASE" ];then
22
-        echo "There is a baseline for aide."
23
-	exit 0
24
-else
25
-        echo "Can""'""t find aide baseline"
26
-	exit 1
27
-fi

+ 0
- 5
tests/check-aide-cron.sh View File

@@ -1,5 +0,0 @@
1
-#1/bin/bash
2
-
3
-if [ $(grep aide /etc/crontab /etc/cron.*/* | wc -l) -ne 0 ];then
4
-        exit 1
5
-fi

+ 5
- 0
tests/check-tripwire-baseline.sh View File

@@ -0,0 +1,5 @@
1
+#!/bin/bash
2
+
3
+if ! ls /var/lib/tripwire/*.twd 1> /dev/null 2>&1; then
4
+    exit 1
5
+fi

+ 5
- 0
tests/check-tripwire-cron.sh View File

@@ -0,0 +1,5 @@
1
+#1/bin/bash
2
+
3
+if [ ! -f /etc/cron.daily/tripwire ];then
4
+        exit 1
5
+fi

+ 1
- 1
tests/output.sh View File

@@ -259,7 +259,7 @@ an administrator.\n\n######################\n\n' >> $LOG
259 259
                   log_msg $2 '必须创建文件完整性基线。'
260 260
               fi
261 261
               if [ $2 -ne 0 ];then
262
-                  printf '\n######################\n\nSTIG-ID:RHEL-06-000018\n\nVulnerability Discussion: For AIDE to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.\n\nFix text: Run the following command to generate a new database:\n\n#aideinit\n\nBy default, the database will be written to the file "/var/lib/aide/aide.db.new.gz". Storing the database, the configuration file "/etc/aide.conf", and the binary "/usr/sbin/aide" (or hashes of these files), in a secure location (such as on read-only media) provides additional assurance about their integrity.\n\nThe newlygenerated database can be installed as follows:\n\n#cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db\n\nTo initiate a manual check, run the following command:\n\n#/usr/sbin/aide --check\n\nIf this check produces any unexpected output, investigate.\n\n######################\n\n' >> $LOG
262
+                  printf '\n######################\n\nSTIG-ID:RHEL-06-000018\n\nVulnerability Discussion: For tripwire to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.\n\nFix text: Run "reset tripwire" from the administrator control panel.\n\n######################\n\n' >> $LOG
263 263
               fi
264 264
               ;;
265 265
     V-38491)  if [ "$3" = "en" ]; then