Script for full audit HW & SW for any linux device

audit.sh

@@ -0,0 +1,266 @@
+#!/bin/bash
+#########################################################################
+#                HW and SW inventory script for DEB/RHEL                #
+#                           Created by PM-DoIT                          #
+#                                   v 0.2                               #
+#########################################################################
+
+#----------------------------- VARIABLES -------------------------------#
+DMI=$(whereis dmidecode | awk '{print $2}')
+LSH=$(whereis lshw | awk '{print $2}')
+PCI=$(whereis lspci | awk '{print $2}')
+RPM=$(whereis rpm | awk '{print $2}')
+DPKG=$(whereis dpkg | awk '{print $2}')
+
+#------------------------------- TEMP ----------------------------------#
+LOG=/tmp/audit.log
+REP=/tmp/audit.rep
+SW=/tmp/audit.sw
+test -f $LOG && rm -rf $LOG 
+test -f $REP && rm -rf $REP
+test -f $SW && rm -rf $SW
+
+#------------------------------- AUDIT ---------------------------------#
+echo "=================================================="
+echo -e "         \e[1;32m*** AUDIT inventory by DoIT ***\e[0m"
+echo "=================================================="
+system(){
+echo -e '\E[33m'"HOSTNAME:" `hostname -s`
+echo "OS $(cat /etc/os-release | egrep -w NAME | sed 's/="/: /g' | sed 's/"//g')"
+echo "$(cat /etc/os-release | egrep -w VERSION | sed 's/="/: /g' | sed 's/"//g')"
+echo "KERNEL: $(uname -r)"
+echo "IP: $(hostname -I | awk '{print $1}')"
+echo -e "UPTIME: $(uptime -p)\e[0m"
+echo "=================================================="
+echo -e "               \e[1;36m*** DNS AUDIT ***\e[0m"
+echo "=================================================="
+cat /etc/resolv.conf | awk '{print $2}' | sort | uniq
+echo "=================================================="
+}
+hardware(){
+echo -e "               \e[1;36m*** CPU AUDIT ***\e[0m"
+echo "=================================================="
+echo "CORES: $(cat /proc/cpuinfo | grep processor | wc -l)"
+echo "LOAD:$(uptime | grep -o 'average.*' | cut -f2- -d:)"
+if [ -z $LSH ]; then
+  echo -e "\e[1;31m! lshw not installed\e[0m"
+else
+  $LSH -c cpu | egrep "product:|size:" | uniq | sed 's/^[ \t]*//'
+fi
+echo "=================================================="
+echo -e "               \e[1;36m*** RAM AUDIT ***\e[0m"
+echo "=================================================="
+if [ -z $DMI ]; then
+  echo -e "\e[1;31m! dmidecode not installed\e[0m"
+else
+  $DMI -t memory | egrep "Manufacturer|Part|Size|Speed" | \
+  egrep -v "Unknown|Not Installed|No Module Installed|Not Specified|Maximum|Supported|Connection" | \
+  sed 's/^[ \t]*//'
+fi
+echo -e "\e[1;35m- Memory Usage\e[0m"
+echo "--------------------------------------------------"
+free -h | grep -v + | awk '{print $1,$2,$3,$4}' | column -t
+echo "=================================================="
+echo -e "               \e[1;36m*** NET AUDIT ***\e[0m"
+echo "=================================================="
+if [ -z $LSH ]; then
+  echo -e "\e[1;31m! lshw not installed\e[0m"
+else
+  $LSH -c net | egrep "product:|size:"  | sed 's/^[ \t]*//'
+fi
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- Network interfaces\e[0m"
+echo "--------------------------------------------------"
+ip a | egrep -v "lo:|127.0" | egrep -w "mtu|inet" | awk '{print $2}' | sed 's/^[ \t]*//'
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- Network routes\e[0m"
+echo "--------------------------------------------------"
+route | sed 's/  */ /g;/^Kernel/d;/^Destination/d' | column -t
+echo "=================================================="
+echo -e "               \e[1;36m*** HDD AUDIT ***\e[0m"
+echo "=================================================="
+if [ -z $LSH ]; then
+  echo -e "\e[1;31m! lshw not installed\e[0m"
+else
+  $LSH -short -C disk
+fi
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- Locations\e[0m"
+echo "--------------------------------------------------"
+lsblk -o "NAME,SIZE,FSTYPE,MOUNTPOINT"
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- Partitions\e[0m"
+echo "--------------------------------------------------"
+df -l -P -T -B GB | grep -v tmp
+echo "=================================================="
+echo -e "              \e[1;36m*** BOARD INFO ***\e[0m"
+echo "=================================================="
+echo -e "\e[1;35m- MODEL\e[0m"
+echo "--------------------------------------------------"
+if [ -z $DMI ]; then
+	echo -e "\e[1;31m! [dmidecode] not installed\e[0m"
+else
+	CDM=$($DMI -t baseboard | egrep "Manufacturer|Product" | sed 's/^[ \t]*//' | head -1 | awk '{print $1}')
+	if [ ! -z $CDM ]; then
+		$DMI -t baseboard | egrep "Manufacturer|Product" | sed 's/^[ \t]*//'
+	else
+		echo -e "\e[1;37m- NOT present\e[0m"
+	fi
+fi
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- ONBOARD DEVICE\e[0m"
+echo "--------------------------------------------------"
+if [ -z $DMI ]; then
+	echo -e "\e[1;31m! dmidecode not installed\e[0m"
+else
+	CDM=$($DMI -t baseboard | grep Reference | sed 's/^[ \t]*//' | head -1 | awk '{print $1}')
+	if [ ! -z $CDM ]; then
+	$DMI -t baseboard | grep Reference | sed 's/^[ \t]*//'
+	else
+		echo -e "\e[1;37m- NOT present\e[0m"
+	fi
+fi
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- PCI DEVICE\e[0m"
+echo "--------------------------------------------------"
+if [ -z $PCI ];
+then
+  echo -e "\e[1;31m! lspci not installed\e[0m"
+else
+  $PCI -vm | grep Device: | grep -v 0[0-9] | grep -v "Device "
+fi
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- USB DEVICE\e[0m"
+echo "--------------------------------------------------"
+lsusb | cut -d" " -f7- | sort
+echo "" 
+usb-devices | grep Product | sort
+}
+authentification(){
+echo "=================================================="
+echo -e "             \e[1;36m*** AUTHENTIFICATION ***\e[0m"
+echo "=================================================="
+echo -e "\e[1;35m- SSSD Configuration\e[0m"
+echo "--------------------------------------------------"
+if [ -f /etc/sssd/sssd.conf ]; then
+	egrep -i "id_provider|auth_provider|ldap_uri|krb5_server" /etc/sssd/sssd.conf
+else
+	echo -e "\e[1;37m- NOT present\e[0m"
+fi
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- KERBEROS Configuration\e[0m"
+echo "--------------------------------------------------"
+if [ -f /etc/krb5.conf ]; then
+	grep -E "default_realm|kdc" /etc/krb5.conf
+else
+	echo -e "\e[1;37m- NOT present\e[0m"
+fi
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- LDAP Configuration\e[0m"
+echo "--------------------------------------------------"
+if [ -f /etc/sssd/sssd.conf ]; then
+	egrep -i "id_provider|auth_provider|ldap_uri" /etc/sssd/sssd.conf
+else
+	echo -e "\e[1;37m- NOT present\e[0m"
+fi
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- NSSWITCH (identity source)\e[0m"
+echo "--------------------------------------------------"
+grep -E "passwd|group|shadow" /etc/nsswitch.conf 2>/dev/null
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- SSH (effective configuration)\e[0m"
+echo "--------------------------------------------------"
+sshd -T 2>/dev/null | egrep -i "pam|kbd|permitrootlogin"
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- PASSWORD POLICY\e[0m"
+echo "--------------------------------------------------"
+cat /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_WARN_AGE" | grep -v "^#"
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- CHECK (authorized keys)\e[0m"
+echo "--------------------------------------------------"
+AK1=$(find /home -name authorized keys 2>/dev/null | wc -l)
+AK2=$(find /root -name authorized keys 2>/dev/null | wc -l)
+if [ "$AK1" -eq "1" ] || [ "$AK2" -eq "1" ]; then
+	find /home -name authorized keys 2>/dev/null
+	find /root -name authorized keys 2>/dev/null
+else
+	echo -e "\e[1;37m- NOT present\e[0m"
+fi
+}
+users(){
+echo "=================================================="
+echo -e "              \e[1;36m*** USERS AUDIT ***\e[0m"
+echo "=================================================="
+echo -e "\e[1;35m- USERS LDAP\e[0m"
+echo "--------------------------------------------------"
+getent passwd |awk -F : '$3 >= 1000 && $3 < 65534' | sort
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- USERS all\e[0m"
+echo "--------------------------------------------------"
+awk -F: '($3<1000){print $1}' /etc/passwd | sort | grep -v "^_"
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- USERS (with bash)\e[0m"
+echo "--------------------------------------------------"
+egrep 'bash' /etc/passwd | cut -d: -f1 | sort
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- USERS (with home folder)\e[0m"
+echo "--------------------------------------------------"
+grep '/home/' /etc/passwd | cut -d: -f1 | sort
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- USERS (with password)\e[0m"
+echo "--------------------------------------------------"
+awk -F: '$2 != "*" && $2 !~ /^!/ {print $1}' /etc/shadow | sort
+}
+cronusr(){
+echo "=================================================="
+echo -e "              \e[1;36m*** CRON AUDIT ***\e[0m"
+echo "=================================================="
+awk '$1 ~ /([0-9]+|\*)/{print $0}' /etc/crontab | sed 's/&&/AND/g;s/||/OR/g' | nl | sed 's/^[ \t]*//'
+echo "--------------------------------------------------"
+echo -e "\e[1;35m- CRONTAB users\e[0m"
+echo "--------------------------------------------------"
+for i in $(awk -F: '{print $1}' /etc/passwd | sort | grep -v "^_"); do
+crontab -u $i -l | awk '$1 ~ /([0-9]+|\*)/{print $0}' | sed 's/&&/AND/g;s/||/OR/g' | nl
+done
+}
+software(){
+echo "=================================================="
+echo -e "              \e[1;36m*** SW AUDIT ***\e[0m"
+echo "=================================================="
+rm -rf $SW
+if [ -z $RPM ];
+then
+  echo -e "\e[1;31m! yum manager [RPM] not installed\e[0m"
+else
+  $RPM -qa | sort >> $SW
+  echo -e "\e[1;32m- Exporting SW[RPM] to => [$SW]\e[0m"
+fi
+if [ -z $DPKG ];
+then
+  echo -e "\e[1;31m! apt-get manager [DEB] not installed\e[0m"
+else
+  $DPKG -l | awk '{print $2}' | sort >> $SW
+  echo -e "\e[1;32m- Exporting SW[DEB] to => [$SW]\e[0m"
+fi
+echo "=================================================="
+echo -e "              \e[1;36m*** LOG AUDIT ***\e[0m"
+echo "=================================================="
+echo -e "\e[1;32m- Exporting LOGs to => [$LOG]\e[0m"
+echo "=================================================="
+find /var/log/ -type f | grep -Ev "(\.gz$|\.zip$|\.tar$|packages\/|scripts\/)" | sort > $LOG
+echo -e "              \e[1;36m*** FINAL REPORT ***\e[0m"
+echo "=================================================="
+echo -e "\e[1;32m- Exporting REPORT to => [$REP]\e[0m"
+echo "=================================================="
+}
+
+#----------------------------- CORE-CODE -------------------------------#
+Color_Off='\033[0m'
+clear
+echo -e "\e[1;32m***** Started analyzing host [`hostname -s`] *****\e[0m"
+system 
+hardware      
+authentification
+users                    
+cronusr
+software