def check_audit_service_enabled(): config = '4.1.2 Ensure auditd service is enabled (Scored)' command = 'systemctl is-enabled auditd' output = 'enabled' source.output_isEqualTo_terminal_output(config, command, output)
def check_noConfined_deamons_exist(): config = '1.6.1.6 Ensure no unconfined daemons exist (Scored)' command = 'ps -eZ | egrep "initrc" | egrep -vw ' + '"tr|ps|egrep|bash|awk" | ' + "tr ':' ' ' | awk '{print $NF }'" output = '' source.output_isEqualTo_terminal_output(config, command, output)
def check_sticky_bit_worldRw_directories(): conf = '1.1.21 Ensure sticky bit is set on all world-writable directories (Scored)' cmd = "sudo df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d" output = '' source.output_isEqualTo_terminal_output(conf, cmd, output)
def check_message_of_the_day_configured(): config = '1.7.1.1 Ensure message of the day is configured properly (Scored)' command = "egrep '(\\v|\\r|\\m|\\s)' /etc/motd" output = '' source.output_isEqualTo_terminal_output(config, command, output)
def check_remotelogin_warningBanner_configured(): config = '1.7.1.3 Ensure remote login warning banner is configured properly (Not Scored)' command = "egrep '(\\v|\\r|\\m|\\s)' /etc/issue.net" output = '' source.output_isEqualTo_terminal_output(config, command, output)
def check_x_window_system_not_installed(): config = '2.2.2 Ensure X Window System is not installed (Scored)' command = 'rpm -qa xorg-x11*' output = '' source.output_isEqualTo_terminal_output(config, command, output)