Linux srv25.usacloudserver.us 5.14.0-570.39.1.el9_6.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Sep 4 05:08:52 EDT 2025 x86_64
LiteSpeed
Server IP : 23.137.84.82 & Your IP : 216.73.216.127
Domains :
Cant Read [ /etc/named.conf ]
User : epicgamerzoneco
Terminal
Auto Root
Create File
Create Folder
Localroot Suggester
Backdoor Destroyer
Readme
/
opt /
cpguard /
3rdparty /
lynis /
include /
Delete
Unzip
Name
Size
Permission
Date
Action
binaries
38.55
KB
-rw-r--r--
2025-04-01 06:33
consts
10.62
KB
-rw-r--r--
2025-04-01 06:33
data_upload
13.46
KB
-rw-r--r--
2025-04-01 06:33
functions
159.25
KB
-rw-r--r--
2025-04-01 06:33
helper_audit_dockerfile
7.81
KB
-rw-r--r--
2025-04-01 06:33
helper_configure
3.66
KB
-rw-r--r--
2025-04-01 06:33
helper_generate
7.38
KB
-rw-r--r--
2025-04-01 06:33
helper_show
22.29
KB
-rw-r--r--
2025-04-01 06:33
helper_system_remote_scan
3.54
KB
-rw-r--r--
2025-04-01 06:33
helper_update
3.58
KB
-rw-r--r--
2025-04-01 06:33
osdetection
44.8
KB
-rw-r--r--
2025-04-01 06:33
parameters
16.48
KB
-rw-r--r--
2025-04-01 06:33
profiles
26.89
KB
-rw-r--r--
2025-04-01 06:33
report
17.25
KB
-rw-r--r--
2025-04-01 06:33
tests_accounting
25.33
KB
-rw-r--r--
2025-04-01 06:33
tests_authentication
84.05
KB
-rw-r--r--
2025-04-01 06:33
tests_banners
8.36
KB
-rw-r--r--
2025-04-01 06:33
tests_boot_services
54.72
KB
-rw-r--r--
2025-04-01 06:33
tests_containers
11.17
KB
-rw-r--r--
2025-04-01 06:33
tests_crypto
19
KB
-rw-r--r--
2025-04-01 06:33
tests_custom.template
6.78
KB
-rw-r--r--
2025-04-01 06:33
tests_databases
24.28
KB
-rw-r--r--
2025-04-01 06:33
tests_dns
3.39
KB
-rw-r--r--
2025-04-01 06:33
tests_file_integrity
22.18
KB
-rw-r--r--
2025-04-01 06:33
tests_file_permissions
3.11
KB
-rw-r--r--
2025-04-01 06:33
tests_filesystems
49.8
KB
-rw-r--r--
2025-04-01 06:33
tests_firewalls
31.51
KB
-rw-r--r--
2025-04-01 06:33
tests_hardening
7.02
KB
-rw-r--r--
2025-04-01 06:33
tests_homedirs
9.17
KB
-rw-r--r--
2025-04-01 06:33
tests_insecure_services
26.88
KB
-rw-r--r--
2025-04-01 06:33
tests_kerberos
7.87
KB
-rw-r--r--
2025-04-01 06:33
tests_kernel
59.96
KB
-rw-r--r--
2025-04-01 06:33
tests_kernel_hardening
5.62
KB
-rw-r--r--
2025-04-01 06:33
tests_ldap
3.96
KB
-rw-r--r--
2025-04-01 06:33
tests_logging
32.93
KB
-rw-r--r--
2025-04-01 06:33
tests_mac_frameworks
14.71
KB
-rw-r--r--
2025-04-01 06:33
tests_mail_messaging
21.45
KB
-rw-r--r--
2025-04-01 06:33
tests_malware
20.56
KB
-rw-r--r--
2025-04-01 06:33
tests_memory_processes
7.16
KB
-rw-r--r--
2025-04-01 06:33
tests_nameservices
34.53
KB
-rw-r--r--
2025-04-01 06:33
tests_networking
40.73
KB
-rw-r--r--
2025-04-01 06:33
tests_php
29.07
KB
-rw-r--r--
2025-04-01 06:33
tests_ports_packages
81.71
KB
-rw-r--r--
2025-04-01 06:33
tests_printers_spoolers
13.86
KB
-rw-r--r--
2025-04-01 06:33
tests_scheduling
15.75
KB
-rw-r--r--
2025-04-01 06:33
tests_shells
13.32
KB
-rw-r--r--
2025-04-01 06:33
tests_snmp
4.17
KB
-rw-r--r--
2025-04-01 06:33
tests_squid
16.75
KB
-rw-r--r--
2025-04-01 06:33
tests_ssh
17.6
KB
-rw-r--r--
2025-04-01 06:33
tests_storage
3.59
KB
-rw-r--r--
2025-04-01 06:33
tests_storage_nfs
8.4
KB
-rw-r--r--
2025-04-01 06:33
tests_system_integrity
2.05
KB
-rw-r--r--
2025-04-01 06:33
tests_time
32.63
KB
-rw-r--r--
2025-04-01 06:33
tests_tooling
22.09
KB
-rw-r--r--
2025-04-01 06:33
tests_usb
21.05
KB
-rw-r--r--
2025-04-01 06:33
tests_virtualization
1.95
KB
-rw-r--r--
2025-04-01 06:33
tests_webservers
33.18
KB
-rw-r--r--
2025-04-01 06:33
tool_tips
2.15
KB
-rw-r--r--
2025-04-01 06:33
Save
Rename
#!/bin/sh ################################################################################# # # Lynis # ------------------ # # Copyright (c) Michael Boelen, CISOfy, and many contributors. # # Website : https://cisofy.com/ # Blog : https://linux-audit.com/ # GitHub : https://github.com/CISOfy/lynis # # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are # welcome to redistribute it under the terms of the GNU General Public License. # See LICENSE file for usage of this software. # ################################################################################# # InsertSection "${SECTION_ACCOUNTING}" # ################################################################################# # AUDITD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/audit" AUDITD_CONF_FILE="" CMD_CONF_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/cmd" CMD_CONF_FILE="" LINUX_AUDITD_RUNNING=0 LINUX_CMD_RUNNING=0 AUDIT_DAEMON_RUNNING=0 SOLARIS_AUDITD_RUNNING=0 # ################################################################################# # # Test : ACCT-2754 # Description : Check availability FreeBSD accounting data Register --test-no ACCT-2754 --os FreeBSD --weight L --network NO --category security --description "Check for available FreeBSD accounting information" if [ ${SKIPTEST} -eq 0 ]; then if [ -f ${ROOTDIR}var/account/acct ]; then Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN LogText "Result: ${ROOTDIR}var/account/acct available" AddHP 3 3 else Display --indent 2 --text "- Checking accounting information" --result "${STATUS_NOT_FOUND}" --color YELLOW LogText "Result: No accounting information available" LogText "Remark: Possibly there is another location where the accounting data is stored" ReportSuggestion "${TEST_NO}" "Enable process accounting" AddHP 2 3 fi fi # ################################################################################# # # Test : ACCT-2760 # Description : Check availability OpenBSD accounting data Register --test-no ACCT-2760 --os OpenBSD --weight L --network NO --category security --description "Check for available OpenBSD accounting information" if [ ${SKIPTEST} -eq 0 ]; then if [ -f ${ROOTDIR}var/account/acct ]; then Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN LogText "Result: ${ROOTDIR}var/account/acct available" AddHP 3 3 else Display --indent 2 --text "- Checking accounting information" --result "${STATUS_NOT_FOUND}" --color YELLOW LogText "Result: No accounting information available" LogText "Remark: Possibly there is another location where the accounting data is stored" ReportSuggestion "${TEST_NO}" "Enable process accounting" AddHP 2 3 fi fi # ################################################################################# # # Test : ACCT-9622 # Description : Check availability Linux accounting data # Notes : /var/log/pacct (Slackware) Register --test-no ACCT-9622 --os Linux --weight L --network NO --category security --description "Check for available Linux accounting information" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Check accounting information" if [ -f ${ROOTDIR}var/account/pacct ]; then Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN LogText "Result: ${ROOTDIR}var/account/pacct available" AddHP 3 3 elif [ -f ${ROOTDIR}var/log/account/pacct ]; then Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN LogText "Result: ${ROOTDIR}var/log/account/pacct available" AddHP 3 3 elif [ -f ${ROOTDIR}var/log/pacct ]; then Display --indent 2 --text "- Checking accounting information" --result "${STATUS_OK}" --color GREEN LogText "Result: ${ROOTDIR}var/log/pacct available" AddHP 3 3 else Display --indent 2 --text "- Checking accounting information" --result "${STATUS_NOT_FOUND}" --color YELLOW LogText "Result: No accounting information available (${ROOTDIR}var/account/pacct, ${ROOTDIR}var/log/account/pacct nor ${ROOTDIR}var/log/pacct exist)" LogText "Remark: Possibly there is another location where the accounting data is stored" ReportSuggestion "${TEST_NO}" "Enable process accounting" AddHP 2 3 fi fi # ################################################################################# # # Test : ACCT-9626 # Description : Check sysstat accounting data Register --test-no ACCT-9626 --os Linux --weight L --network NO --category security --description "Check for sysstat accounting data" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check ${ROOTDIR}etc/default/sysstat presence" if [ -f ${ROOTDIR}etc/default/sysstat ]; then LogText "Result: ${ROOTDIR}etc/default/sysstat found" FIND=$(${GREPBINARY} "^ENABLED" ${ROOTDIR}etc/default/sysstat | ${GREPBINARY} -i true) if [ -n "${FIND}" ]; then LogText "Result: sysstat enabled via ${ROOTDIR}etc/default/sysstat" Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN else LogText "Result: sysstat disabled via ${ROOTDIR}etc/default/sysstat" Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE ReportSuggestion "${TEST_NO}" "Enable sysstat to collect accounting (disabled)" fi elif [ -f ${ROOTDIR}etc/cron.d/sysstat ]; then FIND=$(${GREPBINARY} -v '^[[:space:]]*\(#\|$\)' ${ROOTDIR}etc/cron.d/sysstat) if [ -n "${FIND}" ]; then LogText "Result: sysstat enabled via ${ROOTDIR}etc/cron.d/sysstat" Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN else LogText "Result: sysstat disabled via ${ROOTDIR}etc/cron.d/sysstat" Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE ReportSuggestion "${TEST_NO}" "Enable sysstat to collect accounting (cron disabled)" fi elif [ -f "${ROOTDIR}lib/systemd/system/sysstat.service" ] || [ -f "${ROOTDIR}etc/systemd/system/sysstat.service" ]; then LogText "Result: sysstat systemd unit found" if [ -L "${ROOTDIR}etc/systemd/system/multi-user.target.wants/sysstat.service" ]; then # Assuming -collect.timer and -summary.timer are enabled as well, # as they are usually in the install section. LogText "Result: sysstat enabled via systemd" Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_ENABLED}" --color GREEN else LogText "Result: sysstat disabled via systemd" Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_DISABLED}" --color WHITE fi else LogText "Result: sysstat not found via ${ROOTDIR}etc/default/sysstat or ${ROOTDIR}etc/cron.d/sysstat or as a systemd unit" Display --indent 2 --text "- Checking sysstat accounting data" --result "${STATUS_NOT_FOUND}" --color YELLOW ReportSuggestion "${TEST_NO}" "Enable sysstat to collect accounting (no results)" fi fi # ################################################################################# # # Test : ACCT-9628 # Description : Check auditd status if [ -n "${AUDITDBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9628 --os Linux --weight L --network NO --category security --description "Check for auditd" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Check auditd status" # Should not get kauditd if IsRunning "auditd"; then LogText "Result: auditd running" Display --indent 2 --text "- Checking auditd" --result "${STATUS_ENABLED}" --color GREEN LINUX_AUDITD_RUNNING=1 AUDIT_DAEMON_RUNNING=1 Report "audit_trail_tool[]=auditd" Report "linux_auditd_running=1" AddHP 4 4 else LogText "Result: auditd not active" Display --indent 2 --text "- Checking auditd" --result "${STATUS_NOT_FOUND}" --color WHITE if [ ! "${VMTYPE}" = "openvz" ]; then ReportSuggestion "${TEST_NO}" "Enable auditd to collect audit information" fi AddHP 0 1 Report "linux_auditd_running=0" fi fi # ################################################################################# # # Test : ACCT-9630 # Description : Check auditd rules if [ -n "${AUDITDBINARY}" -a -n "${AUDITCTLBINARY}" -a ${LINUX_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9630 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --root-only YES --category security --description "Check for auditd rules" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking auditd rules" FIND=$(${AUDITCTLBINARY} -l | ${GREPBINARY} -v "No rules") if [ -z "${FIND}" ]; then LogText "Result: auditd rules empty" Display --indent 4 --text "- Checking audit rules" --result "${STATUS_SUGGESTION}" --color YELLOW AddHP 0 2 ReportSuggestion "${TEST_NO}" "Audit daemon is enabled with an empty ruleset. Disable the daemon or define rules" else LogText "Result: found auditd rules" Display --indent 4 --text "- Checking audit rules" --result "${STATUS_OK}" --color GREEN # Log audit daemon rules FIND=$(${AUDITCTLBINARY} -l | ${SEDBINARY} 's/ /!space!/g') for RULE in ${FIND}; do RULE=$(echo ${RULE} | ${SEDBINARY} 's/!space!/ /g') LogText "Output: ${RULE}" done fi fi # ################################################################################# # # Test : ACCT-9632 # Description : Check auditd configuration file if [ -n "${AUDITDBINARY}" -a ${LINUX_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9632 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for auditd configuration file" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking auditd configuration file" for DIR in ${AUDITD_CONF_LOCS}; do if [ -f ${DIR}/auditd.conf ]; then AUDITD_CONF_FILE="${DIR}/auditd.conf" LogText "Result: Found ${DIR}/auditd.conf" else LogText "Result: ${DIR}/auditd.conf not found" fi done # Check if we discovered the configuration file. It should be there is the binaries are available and process is running if [ -n "${AUDITD_CONF_FILE}" ]; then Display --indent 4 --text "- Checking audit configuration file" --result "${STATUS_OK}" --color GREEN else LogText "Result: could not find auditd configuration file" Display --indent 4 --text "- Checking audit configuration file" --result "${STATUS_FOUND}" --color RED ReportSuggestion "${TEST_NO}" "Determine the location of auditd configuration file" fi fi # ################################################################################# # # Test : ACCT-9634 # Description : Check auditd log file if [ -n "${AUDITDBINARY}" -a ${LINUX_AUDITD_RUNNING} -eq 1 -a -n "${AUDITD_CONF_FILE}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9634 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for auditd log file" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking auditd log file" FIND=$(${GREPBINARY} "^log_file" ${AUDITD_CONF_FILE} | ${AWKBINARY} '{ if ($1=="log_file" && $2=="=") { print $3 } }') if [ -n "${FIND}" ]; then LogText "Result: log file is defined" LogText "Defined value: ${FIND}" if [ -f ${FIND} ]; then LogText "Result: log file ${FIND} exists on disk" Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_FOUND}" --color GREEN Report "logfile[]=${FIND}" else LogText "Result: can't find log file ${FIND} on disk" Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_SUGGESTION}" --color YELLOW ReportSuggestion "${TEST_NO}" "Check auditd log file location" fi else LogText "Result: no log file found" Display --indent 4 --text "- Checking auditd log file" --result "${STATUS_WARNING}" --color RED ReportWarning "${TEST_NO}" "Auditd log file is defined but can not be found on disk" fi fi # ################################################################################# # # Test : ACCT-9636 # Description : Check for Snoopy (wrapper for execve() and logger) Register --test-no ACCT-9636 --os Linux --weight L --network NO --category security --description "Check for Snoopy wrapper and logger" if [ ${SKIPTEST} -eq 0 ]; then FILE="${ROOTDIR}lib/snoopy.so" if [ -f ${FILE} ]; then LogText "Result: found ${FILE}" Display --indent 2 --text "- Checking Snoopy" --result "${STATUS_FOUND}" --color GREEN if [ -f ${ROOTDIR}etc/ld.so.preload ]; then LogText "Result: found ${ROOTDIR}etc/ld.so.preload, testing if snoopy.so is listed" FIND=$(${GREPBINARY} ${FILE} ${ROOTDIR}etc/ld.so.preload) if [ -n "${FIND}" ]; then LogText "Result: found snoopy in ld.so.preload" LogText "Output: ${FIND}" Display --indent 6 --text "- Library in ld.so.preload" --result "LOADED" --color GREEN Report "audit_trail_tool[]=snoopy" else Display --indent 6 --text "- Library in ld.so.preload" --result "${STATUS_NOT_FOUND}" --color YELLOW ReportSuggestion "${TEST_NO}" "Snoopy is installed but not loaded via ${ROOTDIR}etc/ld.so.preload" AddHP 3 3 fi else LogText "Result: ${ROOTDIR}etc/ld.so.preload does not exist" Display --indent 6 --text "- Library in ld.so.preload" --result "${STATUS_UNKNOWN}" --color PURPLE ReportException "${TEST_NO}:1" "Unsure how Snoopy might be loaded as ld.so.preload does not exist" fi fi fi # ################################################################################# # # Test : ACCT-9650 # Description : Check Solaris audit daemon presence Register --test-no ACCT-9650 --os Solaris --weight L --network NO --category security --description "Check Solaris audit daemon" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check if audit daemon is running" if IsRunning "auditd"; then LogText "Result: Solaris audit daemon is running" SOLARIS_AUDITD_RUNNING=1 AUDIT_DAEMON_RUNNING=1 Display --indent 2 --text "- Checking Solaris audit daemon status" --result "${STATUS_RUNNING}" --color GREEN else LogText "Result: Solaris audit daemon is not running" Display --indent 2 --text "- Checking Solaris audit daemon status" --result "${STATUS_NOT_RUNNING}" --color YELLOW fi fi # ################################################################################# # # Test : ACCT-9652 # Description : Check Solaris auditd service status if [ -x ${ROOTDIR}usr/bin/svcs -a ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9652 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check auditd SMF status" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check if auditd service is enabled and online" FIND=$(${ROOTDIR}usr/bin/svcs svc:/system/auditd:default | ${GREPBINARY} "^online") if [ -n "${FIND}" ]; then LogText "Result: auditd service is online" Display --indent 4 --text "- Checking Solaris audit daemon status" --result "${STATUS_ON}"LINE --color GREEN else Display --indent 4 --text "- Checking Solaris audit daemon status" --result "NOT ONLINE" --color YELLOW ReportSuggestion "${TEST_NO}" "Check status of audit daemon" fi fi # ################################################################################# # # Test : ACCT-9654 # Description : Check Solaris Basic Security Mode (BSM) in /etc/system if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9654 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check BSM auditing in ${ROOTDIR}etc/system" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check if BSM is enabled in ${ROOTDIR}etc/system" if [ -f ${ROOTDIR}etc/system ]; then FIND=$(${GREPBINARY} 'set c2audit:audit_load = 1' ${ROOTDIR}etc/system) if [ -n "${FIND}" ]; then LogText "Result: BSM is enabled in ${ROOTDIR}etc/system" Display --indent 4 --text "- Checking Solaris BSM (${ROOTDIR}etc/system)" --result "${STATUS_ENABLED}" --color GREEN else Display --indent 4 --text "- Checking Solaris BSM (${ROOTDIR}etc/system)" --result "${STATUS_NOT_FOUND}" --color YELLOW fi else LogText "Result: ${ROOTDIR}etc/system does not exist" fi fi # ################################################################################# # # Test : ACCT-9656 # Description : Check Solaris BSM (c2audit) module status # Notes : todo - replace direct binary call if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9656 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check BSM auditing in module list" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check if c2audit module is active" if [ -x ${ROOTDIR}usr/sbin/modinfo ]; then FIND=$(${ROOTDIR}usr/sbin/modinfo | ${GREPBINARY} c2audit) if [ -n "${FIND}" ]; then LogText "Result: c2audit found in modinfo output" Display --indent 4 --text "- Checking Solaris BSM (modules list)" --result "${STATUS_ENABLED}" --color GREEN else LogText "Result: c2audit not found in modinfo output" Display --indent 4 --text "- Checking Solaris BSM (modules list)" --result "${STATUS_NOT_FOUND}" --color YELLOW fi else LogText "Result: ${ROOTDIR}usr/sbin/modinfo does not exist, skipping test" fi fi # ################################################################################# # # Test : ACCT-9660 # Description : Check location for audit events if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9660 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check location of audit events" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: check ${ROOTDIR}etc/security/audit_control for event logging location" if [ -f ${ROOTDIR}etc/security/audit_control ]; then LogText "Result: file ${ROOTDIR}etc/security/audit_control found" FIND=$(${GREPBINARY} "^dir" ${ROOTDIR}etc/security/audit_control | ${AWKBINARY} -F: '{ print $2 }') if [ -n "${FIND}" ]; then LogText "Result: found location ${FIND}" LogText "Test: Checking if location is a valid directory" if [ -d ${FIND} ]; then LogText "Result: location ${FIND} is valid" Display --indent 4 --text "- Checking Solaris audit location" --result "${STATUS_FOUND}" --color GREEN else LogText "Result: location ${FIND} does not exist" Display --indent 4 --text "- Checking Solaris audit location" --result "${STATUS_NOT_FOUND}" --color YELLOW ReportSuggestion "${TEST_NO}" "Check if the Solaris audit directory is available" fi else LogText "Result: unknown event location" Display --indent 4 --text "- Checking Solaris audit location" --result "${STATUS_UNKNOWN}" --color YELLOW ReportSuggestion "${TEST_NO}" "Check if the Solaris audit directory is properly configured" fi else LogText "Result: could not find ${ROOTDIR}etc/security/audit_control" Display --indent 4 --text "- Checking Solaris audit location" --result "${STATUS_SKIPPED}" --color YELLOW fi fi # ################################################################################# # # Test : ACCT-9662 # Description : check auditstat if [ ${SOLARIS_AUDITD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9662 --os Solaris --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Solaris auditing stats" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Check auditing statistics" if [ -x ${ROOTDIR}usr/sbin/auditstat ]; then FIND=$(${ROOTDIR}usr/sbin/auditstat | ${TRBINARY} -s ' ' ',') for ITEM in ${FIND}; do LogText "Output: ${ITEM}" done Display --indent 4 --text "- Checking Solaris audit statistics" --result "${STATUS_DONE}" --color GREEN else LogText "Result: ${ROOTDIR}usr/sbin/auditstat not found, skipping test" Display --indent 4 --text "- Checking Solaris audit statistics" --result "${STATUS_SKIPPED}" --color YELLOW fi fi # ################################################################################# # # Test : ACCT-9670 # Description : Check cmd status if [ -n "${CMDBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9670 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for cmd" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Check cmd status" if IsRunning "cmd_daemon"; then LogText "Result: cmd running" Display --indent 2 --text "- Checking cmd" --result "${STATUS_ENABLED}" --color GREEN LINUX_CMD_RUNNING=1 AUDIT_DAEMON_RUNNING=1 Report "audit_trail_tool[]=cmd" Report "linux_cmd_running=1" AddHP 4 4 else LogText "Result: cmd not active" Display --indent 2 --text "- Checking cmd" --result "${STATUS_NOT_FOUND}" --color WHITE if [ ! "${VMTYPE}" = "openvz" ]; then ReportSuggestion "${TEST_NO}" "Install cmd to collect audit information" fi AddHP 0 1 Report "linux_cmd_running=0" fi fi # ################################################################################# # # Test : ACCT-9672 # Description : Check cmd configuration file if [ -n "${CMDBINARY}" -a ${LINUX_CMD_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no ACCT-9672 --os Linux --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for cmd configuration file" if [ ${SKIPTEST} -eq 0 ]; then LogText "Test: Checking cmd configuration file" for DIR in ${CMD_CONF_LOCS}; do if [ -f ${DIR}/config.ini ]; then CMD_CONF_FILE="${DIR}/config.ini" LogText "Result: Found ${DIR}/config.ini" else LogText "Result: ${DIR}/config.ini not found" fi done # Check if we discovered the configuration file. It should be there is the binaries are available and process is running if [ -n "${CMD_CONF_FILE}" ]; then Display --indent 4 --text "- Checking cmd configuration file" --result "${STATUS_OK}" --color GREEN else LogText "Result: could not find cmd configuration file" Display --indent 4 --text "- Checking cmd configuration file" --result "${STATUS_FOUND}" --color RED ReportSuggestion "${TEST_NO}" "Determine the location of cmd configuration file" fi fi # ################################################################################# # Report "audit_daemon_running=${AUDIT_DAEMON_RUNNING}" # ################################################################################# # WaitForKeyPress # EOF