#!/bin/bash ######################################################################### # HW and SW inventory script for DEB/RHEL # # Created by PM-DoIT # # v 0.2 # ######################################################################### #----------------------------- VARIABLES -------------------------------# DMI=$(whereis dmidecode | awk '{print $2}') LSH=$(whereis lshw | awk '{print $2}') PCI=$(whereis lspci | awk '{print $2}') RPM=$(whereis rpm | awk '{print $2}') DPKG=$(whereis dpkg | awk '{print $2}') #------------------------------- TEMP ----------------------------------# LOG=/tmp/audit.log REP=/tmp/audit.rep SW=/tmp/audit.sw test -f $LOG && rm -rf $LOG test -f $REP && rm -rf $REP test -f $SW && rm -rf $SW #------------------------------- AUDIT ---------------------------------# echo "==================================================" echo -e " \e[1;32m*** AUDIT inventory by DoIT ***\e[0m" echo "==================================================" system(){ echo -e '\E[33m'"HOSTNAME:" `hostname -s` echo "OS $(cat /etc/os-release | egrep -w NAME | sed 's/="/: /g' | sed 's/"//g')" echo "$(cat /etc/os-release | egrep -w VERSION | sed 's/="/: /g' | sed 's/"//g')" echo "KERNEL: $(uname -r)" echo "IP: $(hostname -I | awk '{print $1}')" echo -e "UPTIME: $(uptime -p)\e[0m" echo "==================================================" echo -e " \e[1;36m*** DNS AUDIT ***\e[0m" echo "==================================================" cat /etc/resolv.conf | awk '{print $2}' | sort | uniq echo "==================================================" } hardware(){ echo -e " \e[1;36m*** CPU AUDIT ***\e[0m" echo "==================================================" echo "CORES: $(cat /proc/cpuinfo | grep processor | wc -l)" echo "LOAD:$(uptime | grep -o 'average.*' | cut -f2- -d:)" if [ -z $LSH ]; then echo -e "\e[1;31m! lshw not installed\e[0m" else $LSH -c cpu | egrep "product:|size:" | uniq | sed 's/^[ \t]*//' fi echo "==================================================" echo -e " \e[1;36m*** RAM AUDIT ***\e[0m" echo "==================================================" if [ -z $DMI ]; then echo -e "\e[1;31m! dmidecode not installed\e[0m" else $DMI -t memory | egrep "Manufacturer|Part|Size|Speed" | \ egrep -v "Unknown|Not Installed|No Module Installed|Not Specified|Maximum|Supported|Connection" | \ sed 's/^[ \t]*//' fi echo -e "\e[1;35m- Memory Usage\e[0m" echo "--------------------------------------------------" free -h | grep -v + | awk '{print $1,$2,$3,$4}' | column -t echo "==================================================" echo -e " \e[1;36m*** NET AUDIT ***\e[0m" echo "==================================================" if [ -z $LSH ]; then echo -e "\e[1;31m! lshw not installed\e[0m" else $LSH -c net | egrep "product:|size:" | sed 's/^[ \t]*//' fi echo "--------------------------------------------------" echo -e "\e[1;35m- Network interfaces\e[0m" echo "--------------------------------------------------" ip a | egrep -v "lo:|127.0" | egrep -w "mtu|inet" | awk '{print $2}' | sed 's/^[ \t]*//' echo "--------------------------------------------------" echo -e "\e[1;35m- Network routes\e[0m" echo "--------------------------------------------------" route | sed 's/ */ /g;/^Kernel/d;/^Destination/d' | column -t echo "==================================================" echo -e " \e[1;36m*** HDD AUDIT ***\e[0m" echo "==================================================" if [ -z $LSH ]; then echo -e "\e[1;31m! lshw not installed\e[0m" else $LSH -short -C disk fi echo "--------------------------------------------------" echo -e "\e[1;35m- Locations\e[0m" echo "--------------------------------------------------" lsblk -o "NAME,SIZE,FSTYPE,MOUNTPOINT" echo "--------------------------------------------------" echo -e "\e[1;35m- Partitions\e[0m" echo "--------------------------------------------------" df -l -P -T -B GB | grep -v tmp echo "==================================================" echo -e " \e[1;36m*** BOARD INFO ***\e[0m" echo "==================================================" echo -e "\e[1;35m- MODEL\e[0m" echo "--------------------------------------------------" if [ -z $DMI ]; then echo -e "\e[1;31m! [dmidecode] not installed\e[0m" else CDM=$($DMI -t baseboard | egrep "Manufacturer|Product" | sed 's/^[ \t]*//' | head -1 | awk '{print $1}') if [ ! -z $CDM ]; then $DMI -t baseboard | egrep "Manufacturer|Product" | sed 's/^[ \t]*//' else echo -e "\e[1;37m- NOT present\e[0m" fi fi echo "--------------------------------------------------" echo -e "\e[1;35m- ONBOARD DEVICE\e[0m" echo "--------------------------------------------------" if [ -z $DMI ]; then echo -e "\e[1;31m! dmidecode not installed\e[0m" else CDM=$($DMI -t baseboard | grep Reference | sed 's/^[ \t]*//' | head -1 | awk '{print $1}') if [ ! -z $CDM ]; then $DMI -t baseboard | grep Reference | sed 's/^[ \t]*//' else echo -e "\e[1;37m- NOT present\e[0m" fi fi echo "--------------------------------------------------" echo -e "\e[1;35m- PCI DEVICE\e[0m" echo "--------------------------------------------------" if [ -z $PCI ]; then echo -e "\e[1;31m! lspci not installed\e[0m" else $PCI -vm | grep Device: | grep -v 0[0-9] | grep -v "Device " fi echo "--------------------------------------------------" echo -e "\e[1;35m- USB DEVICE\e[0m" echo "--------------------------------------------------" lsusb | cut -d" " -f7- | sort echo "" usb-devices | grep Product | sort } authentification(){ echo "==================================================" echo -e " \e[1;36m*** AUTHENTIFICATION ***\e[0m" echo "==================================================" echo -e "\e[1;35m- SSSD Configuration\e[0m" echo "--------------------------------------------------" if [ -f /etc/sssd/sssd.conf ]; then egrep -i "id_provider|auth_provider|ldap_uri|krb5_server" /etc/sssd/sssd.conf else echo -e "\e[1;37m- NOT present\e[0m" fi echo "--------------------------------------------------" echo -e "\e[1;35m- KERBEROS Configuration\e[0m" echo "--------------------------------------------------" if [ -f /etc/krb5.conf ]; then grep -E "default_realm|kdc" /etc/krb5.conf else echo -e "\e[1;37m- NOT present\e[0m" fi echo "--------------------------------------------------" echo -e "\e[1;35m- LDAP Configuration\e[0m" echo "--------------------------------------------------" if [ -f /etc/sssd/sssd.conf ]; then egrep -i "id_provider|auth_provider|ldap_uri" /etc/sssd/sssd.conf else echo -e "\e[1;37m- NOT present\e[0m" fi echo "--------------------------------------------------" echo -e "\e[1;35m- NSSWITCH (identity source)\e[0m" echo "--------------------------------------------------" grep -E "passwd|group|shadow" /etc/nsswitch.conf 2>/dev/null echo "--------------------------------------------------" echo -e "\e[1;35m- SSH (effective configuration)\e[0m" echo "--------------------------------------------------" sshd -T 2>/dev/null | egrep -i "pam|kbd|permitrootlogin" echo "--------------------------------------------------" echo -e "\e[1;35m- PASSWORD POLICY\e[0m" echo "--------------------------------------------------" cat /etc/login.defs | grep -E "PASS_MAX_DAYS|PASS_MIN_DAYS|PASS_WARN_AGE" | grep -v "^#" echo "--------------------------------------------------" echo -e "\e[1;35m- CHECK (authorized keys)\e[0m" echo "--------------------------------------------------" AK1=$(find /home -name authorized keys 2>/dev/null | wc -l) AK2=$(find /root -name authorized keys 2>/dev/null | wc -l) if [ "$AK1" -eq "1" ] || [ "$AK2" -eq "1" ]; then find /home -name authorized keys 2>/dev/null find /root -name authorized keys 2>/dev/null else echo -e "\e[1;37m- NOT present\e[0m" fi } users(){ echo "==================================================" echo -e " \e[1;36m*** USERS AUDIT ***\e[0m" echo "==================================================" echo -e "\e[1;35m- USERS LDAP\e[0m" echo "--------------------------------------------------" getent passwd |awk -F : '$3 >= 1000 && $3 < 65534' | sort echo "--------------------------------------------------" echo -e "\e[1;35m- USERS all\e[0m" echo "--------------------------------------------------" awk -F: '($3<1000){print $1}' /etc/passwd | sort | grep -v "^_" echo "--------------------------------------------------" echo -e "\e[1;35m- USERS (with bash)\e[0m" echo "--------------------------------------------------" egrep 'bash' /etc/passwd | cut -d: -f1 | sort echo "--------------------------------------------------" echo -e "\e[1;35m- USERS (with home folder)\e[0m" echo "--------------------------------------------------" grep '/home/' /etc/passwd | cut -d: -f1 | sort echo "--------------------------------------------------" echo -e "\e[1;35m- USERS (with password)\e[0m" echo "--------------------------------------------------" awk -F: '$2 != "*" && $2 !~ /^!/ {print $1}' /etc/shadow | sort } cronusr(){ echo "==================================================" echo -e " \e[1;36m*** CRON AUDIT ***\e[0m" echo "==================================================" awk '$1 ~ /([0-9]+|\*)/{print $0}' /etc/crontab | sed 's/&&/AND/g;s/||/OR/g' | nl | sed 's/^[ \t]*//' echo "--------------------------------------------------" echo -e "\e[1;35m- CRONTAB users\e[0m" echo "--------------------------------------------------" for i in $(awk -F: '{print $1}' /etc/passwd | sort | grep -v "^_"); do crontab -u $i -l | awk '$1 ~ /([0-9]+|\*)/{print $0}' | sed 's/&&/AND/g;s/||/OR/g' | nl done } software(){ echo "==================================================" echo -e " \e[1;36m*** SW AUDIT ***\e[0m" echo "==================================================" rm -rf $SW if [ -z $RPM ]; then echo -e "\e[1;31m! yum manager [RPM] not installed\e[0m" else $RPM -qa | sort >> $SW echo -e "\e[1;32m- Exporting SW[RPM] to => [$SW]\e[0m" fi if [ -z $DPKG ]; then echo -e "\e[1;31m! apt-get manager [DEB] not installed\e[0m" else $DPKG -l | awk '{print $2}' | sort >> $SW echo -e "\e[1;32m- Exporting SW[DEB] to => [$SW]\e[0m" fi echo "==================================================" echo -e " \e[1;36m*** LOG AUDIT ***\e[0m" echo "==================================================" echo -e "\e[1;32m- Exporting LOGs to => [$LOG]\e[0m" echo "==================================================" find /var/log/ -type f | grep -Ev "(\.gz$|\.zip$|\.tar$|packages\/|scripts\/)" | sort > $LOG echo -e " \e[1;36m*** FINAL REPORT ***\e[0m" echo "==================================================" echo -e "\e[1;32m- Exporting REPORT to => [$REP]\e[0m" echo "==================================================" } #----------------------------- CORE-CODE -------------------------------# Color_Off='\033[0m' clear echo -e "\e[1;32m***** Started analyzing host [`hostname -s`] *****\e[0m" system hardware authentification users cronusr software