Ejemplo n.º 1
0
Archivo: cis6.py Proyecto: Nemie/syco
from utils import check_empty, check_equal, check_equal_re, check_equals, check_not_empty, check_return_code, print_header, view_output, print_warning, print_info

#
print_header("6 System Access, Authentication and Authorization")

#
print_header("6.1 Configure cron and anacron")

#
print_header("6.1.1 Enable anacron Daemon (Scored)")
check_equal("rpm -q anacron", "package anacron is not installed")
print_info("Not installed syco servers.")

print_header("6.1.2 Enable crond Daemon (Scored)")
check_equal_re(
    "chkconfig --list crond",
    "crond.*0:off.*1:off.*2:on.*3:on.*4:on.*5:on.*6:off"
)

#
print_header("6.1.3 Set User/Group Owner and Permission on /etc/anacrontab (Scored)")
check_equal('stat -c "%a %u %g" /etc/anacrontab | egrep "600 0 0"', "600 0 0")

#
print_header("6.1.4 Set User/Group Owner and Permission on /etc/crontab (Scored)")
check_equal('stat -c "%a %u %g" /etc/crontab | egrep "600 0 0"', "600 0 0")

#
print_header("6.1.5 Set User/Group Owner and Permission on /etc/cron.hourly (Scored)")
check_equal('stat -c "%a %u %g" /etc/cron.hourly | egrep "600 0 0"', "600 0 0")

#
Ejemplo n.º 2
0
Archivo: cis5.py Proyecto: Nemie/syco
from utils import check_empty, check_equal, check_equal_re, check_equals, check_not_empty, check_return_code, print_header, view_output, print_warning, print_info

import config

#
print_header("5 Logging and Auditing")

#
print_header("5.1 Configure Syslog")

#
print_header("5.1.1 Install the rsyslog package (Scored)")
check_equal_re(
    "rpm -q rsyslog",
    "rsyslog.*"
)

#
print_header("5.1.2 Activate the rsyslog Service (Scored)")
check_equal(
    "rpm -q syslog",
    "package syslog is not installed"
)
check_empty("chkconfig --list | grep syslog")
check_equal_re(
    "chkconfig --list rsyslog",
    "rsyslog.*0:off.*1:off.*2:on.*3:on.*4:on.*5:on.*6:off"
)

#
Ejemplo n.º 3
0
Archivo: cis7.py Proyecto: Nemie/syco
    chage --list {}| \
    grep "^Number of days of warning before password expires"| \
    grep -v ": 7$"
""")

#
print_header("7.2 Disable System Accounts (Scored)")
check_empty("""
    awk -F: '($1!="root" && $1!="sync" && $1!="shutdown" && $1!="halt" && $3<500 && $7!="/sbin/nologin") {print}' /etc/passwd
""")

#
print_header("7.3 Set Default Group for root Account (Scored)")
check_equal(
    "grep ^root /etc/passwd | cut -f4 -d:",
    "0"
)

#
print_header("7.4 Set Default umask for Users (Scored)")
check_equal_re("grep 'umask 077' /etc/bashrc",    ".*umask 077.*")
check_equal_re("grep 'umask 077' /etc/profile",   ".*umask 077.*")
check_equal_re("grep 'umask 077' /etc/csh.cshrc", ".*umask 077.*")

#
print_header("7.5 Lock Inactive User Accounts (Scored)")
check_equal(
    "useradd -D | grep INACTIVE",
    "INACTIVE=35"
)
Ejemplo n.º 4
0
Archivo: cis4.py Proyecto: Nemie/syco
    "grep NETWORKING_IPV6 /etc/sysconfig/network",
    "NETWORKING_IPV6=no"
)

check_equal(
    "grep IPV6INIT /etc/sysconfig/network",
    "IPV6INIT=no"
)

#
print_header("4.5 Install TCP Wrappers")

#
print_header("4.5.1 Install TCP Wrappers (Not Scored)")
check_equal_re(
    "rpm -q tcp_wrappers",
    "tcp_wrappers-.*"
)

#
print_header("4.5.2 Create /etc/hosts.allow (Not Scored)")
print_warning("Check manually to verify hosts.")
view_output("cat /etc/hosts.allow")

#
print_header("4.5.3 Verify Permissions on /etc/hosts.allow (Scored)")
check_equal(
    'stat -c "%a" /etc/hosts.allow | egrep "644"',
    "644"
)

#