|
|
@@ -16,7 +16,7 @@ DPKG=$(whereis dpkg | awk '{print $2}')
|
|
|
LOG=/tmp/audit.log
|
|
|
REP=/tmp/audit.rep
|
|
|
SW=/tmp/audit.sw
|
|
|
-test -f $LOG && rm -rf $LOG
|
|
|
+test -f $LOG && rm -rf $LOG
|
|
|
test -f $REP && rm -rf $REP
|
|
|
test -f $SW && rm -rf $SW
|
|
|
|
|
|
@@ -98,27 +98,27 @@ echo "=================================================="
|
|
|
echo -e "\e[1;35m- MODEL\e[0m"
|
|
|
echo "--------------------------------------------------"
|
|
|
if [ -z $DMI ]; then
|
|
|
- echo -e "\e[1;31m! [dmidecode] not installed\e[0m"
|
|
|
+ echo -e "\e[1;31m! [dmidecode] not installed\e[0m"
|
|
|
else
|
|
|
- CDM=$($DMI -t baseboard | egrep "Manufacturer|Product" | sed 's/^[ \t]*//' | head -1 | awk '{print $1}')
|
|
|
- if [ ! -z $CDM ]; then
|
|
|
- $DMI -t baseboard | egrep "Manufacturer|Product" | sed 's/^[ \t]*//'
|
|
|
- else
|
|
|
- echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
- fi
|
|
|
+ CDM=$($DMI -t baseboard | egrep "Manufacturer|Product" | sed 's/^[ \t]*//' | head -1 | awk '{print $1}')
|
|
|
+ if [ ! -z $CDM ]; then
|
|
|
+ $DMI -t baseboard | egrep "Manufacturer|Product" | sed 's/^[ \t]*//'
|
|
|
+ else
|
|
|
+ echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
+ fi
|
|
|
fi
|
|
|
echo "--------------------------------------------------"
|
|
|
echo -e "\e[1;35m- ONBOARD DEVICE\e[0m"
|
|
|
echo "--------------------------------------------------"
|
|
|
if [ -z $DMI ]; then
|
|
|
- echo -e "\e[1;31m! dmidecode not installed\e[0m"
|
|
|
+ echo -e "\e[1;31m! dmidecode not installed\e[0m"
|
|
|
else
|
|
|
- CDM=$($DMI -t baseboard | grep Reference | sed 's/^[ \t]*//' | head -1 | awk '{print $1}')
|
|
|
- if [ ! -z $CDM ]; then
|
|
|
- $DMI -t baseboard | grep Reference | sed 's/^[ \t]*//'
|
|
|
- else
|
|
|
- echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
- fi
|
|
|
+ CDM=$($DMI -t baseboard | grep Reference | sed 's/^[ \t]*//' | head -1 | awk '{print $1}')
|
|
|
+ if [ ! -z $CDM ]; then
|
|
|
+ $DMI -t baseboard | grep Reference | sed 's/^[ \t]*//'
|
|
|
+ else
|
|
|
+ echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
+ fi
|
|
|
fi
|
|
|
echo "--------------------------------------------------"
|
|
|
echo -e "\e[1;35m- PCI DEVICE\e[0m"
|
|
|
@@ -133,7 +133,7 @@ echo "--------------------------------------------------"
|
|
|
echo -e "\e[1;35m- USB DEVICE\e[0m"
|
|
|
echo "--------------------------------------------------"
|
|
|
lsusb | cut -d" " -f7- | sort
|
|
|
-echo ""
|
|
|
+echo ""
|
|
|
usb-devices | grep Product | sort
|
|
|
}
|
|
|
authentification(){
|
|
|
@@ -143,25 +143,25 @@ echo "=================================================="
|
|
|
echo -e "\e[1;35m- SSSD Configuration\e[0m"
|
|
|
echo "--------------------------------------------------"
|
|
|
if [ -f /etc/sssd/sssd.conf ]; then
|
|
|
- egrep -i "id_provider|auth_provider|ldap_uri|krb5_server" /etc/sssd/sssd.conf
|
|
|
+ egrep -i "id_provider|auth_provider|ldap_uri|krb5_server" /etc/sssd/sssd.conf
|
|
|
else
|
|
|
- echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
+ echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
fi
|
|
|
echo "--------------------------------------------------"
|
|
|
echo -e "\e[1;35m- KERBEROS Configuration\e[0m"
|
|
|
echo "--------------------------------------------------"
|
|
|
if [ -f /etc/krb5.conf ]; then
|
|
|
- grep -E "default_realm|kdc" /etc/krb5.conf
|
|
|
+ grep -E "default_realm|kdc" /etc/krb5.conf
|
|
|
else
|
|
|
- echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
+ echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
fi
|
|
|
echo "--------------------------------------------------"
|
|
|
echo -e "\e[1;35m- LDAP Configuration\e[0m"
|
|
|
echo "--------------------------------------------------"
|
|
|
if [ -f /etc/sssd/sssd.conf ]; then
|
|
|
- egrep -i "id_provider|auth_provider|ldap_uri" /etc/sssd/sssd.conf
|
|
|
+ egrep -i "id_provider|auth_provider|ldap_uri" /etc/sssd/sssd.conf
|
|
|
else
|
|
|
- echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
+ echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
fi
|
|
|
echo "--------------------------------------------------"
|
|
|
echo -e "\e[1;35m- NSSWITCH (identity source)\e[0m"
|
|
|
@@ -181,10 +181,10 @@ echo "--------------------------------------------------"
|
|
|
AK1=$(find /home -name authorized keys 2>/dev/null | wc -l)
|
|
|
AK2=$(find /root -name authorized keys 2>/dev/null | wc -l)
|
|
|
if [ "$AK1" -eq "1" ] || [ "$AK2" -eq "1" ]; then
|
|
|
- find /home -name authorized keys 2>/dev/null
|
|
|
- find /root -name authorized keys 2>/dev/null
|
|
|
+ find /home -name authorized keys 2>/dev/null
|
|
|
+ find /root -name authorized keys 2>/dev/null
|
|
|
else
|
|
|
- echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
+ echo -e "\e[1;37m- NOT present\e[0m"
|
|
|
fi
|
|
|
}
|
|
|
users(){
|
|
|
@@ -242,6 +242,8 @@ else
|
|
|
$DPKG -l | awk '{print $2}' | sort >> $SW
|
|
|
echo -e "\e[1;32m- Exporting SW[DEB] to => [$SW]\e[0m"
|
|
|
fi
|
|
|
+}
|
|
|
+summary(){
|
|
|
echo "=================================================="
|
|
|
echo -e " \e[1;36m*** LOG AUDIT ***\e[0m"
|
|
|
echo "=================================================="
|
|
|
@@ -250,17 +252,16 @@ echo "=================================================="
|
|
|
find /var/log/ -type f | grep -Ev "(\.gz$|\.zip$|\.tar$|packages\/|scripts\/)" | sort > $LOG
|
|
|
echo -e " \e[1;36m*** FINAL REPORT ***\e[0m"
|
|
|
echo "=================================================="
|
|
|
-echo -e "\e[1;32m- Exporting REPORT to => [$REP]\e[0m"
|
|
|
-echo "=================================================="
|
|
|
}
|
|
|
|
|
|
#----------------------------- CORE-CODE -------------------------------#
|
|
|
Color_Off='\033[0m'
|
|
|
clear
|
|
|
echo -e "\e[1;32m***** Started analyzing host [`hostname -s`] *****\e[0m"
|
|
|
-system
|
|
|
-hardware
|
|
|
+system
|
|
|
+hardware
|
|
|
authentification
|
|
|
-users
|
|
|
+users
|
|
|
cronusr
|
|
|
-software
|
|
|
+software
|
|
|
+summary
|
