示例#1
0
文件: cis6.py 项目: Nemie/syco
#
print_header("6.1.6 Set User/Group Owner and Permission on /etc/cron.daily (Scored)")
check_equal('stat -c "%a %u %g" /etc/cron.daily | egrep "600 0 0"', "600 0 0")

#
print_header("6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly (Scored)")
check_equal('stat -c "%a %u %g" /etc/cron.weekly | egrep "600 0 0"', "600 0 0")

#
print_header("6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly (Scored)")
check_equal('stat -c "%a %u %g" /etc/cron.monthly | egrep "600 0 0"', "600 0 0")

#
print_header("6.1.9 Set User/Group Owner and Permission on /etc/cron.d (Scored)")
check_equal('stat -c "%a %u %g" /etc/cron.d | egrep "700 0 0"', "700 0 0")
check_empty('stat -c "%a %u %g" /etc/cron.d/* | egrep -v "600 0 0"')

#
print_header("6.1.10 Restrict at Daemon (Scored)")
check_equal('ls /etc/at.deny', "ls: cannot access /etc/at.deny: No such file or directory")
check_equal('stat -c "%a %u %g" /etc/at.allow | egrep "600 0 0"', "600 0 0")

#
print_header("6.1.11 Restrict at/cron to Authorized Users (Scored)")
check_equal('ls /etc/cron.deny', "ls: cannot access /etc/cron.deny: No such file or directory")
check_equal('stat -c "%a %u %g" /etc/cron.allow | egrep "600 0 0"', "600 0 0")

#
print_header("6.2 Configure SSH")

#
示例#2
0
#
print_header(
    "6.1.7 Set User/Group Owner and Permission on /etc/cron.weekly (Scored)")
check_equal('stat -c "%a %u %g" /etc/cron.weekly | egrep "600 0 0"', "600 0 0")

#
print_header(
    "6.1.8 Set User/Group Owner and Permission on /etc/cron.monthly (Scored)")
check_equal('stat -c "%a %u %g" /etc/cron.monthly | egrep "600 0 0"',
            "600 0 0")

#
print_header(
    "6.1.9 Set User/Group Owner and Permission on /etc/cron.d (Scored)")
check_equal('stat -c "%a %u %g" /etc/cron.d | egrep "700 0 0"', "700 0 0")
check_empty('stat -c "%a %u %g" /etc/cron.d/* | egrep -v "600 0 0"')

#
print_header("6.1.10 Restrict at Daemon (Scored)")
check_equal('ls /etc/at.deny',
            "ls: cannot access /etc/at.deny: No such file or directory")
check_equal('stat -c "%a %u %g" /etc/at.allow | egrep "600 0 0"', "600 0 0")

#
print_header("6.1.11 Restrict at/cron to Authorized Users (Scored)")
check_equal('ls /etc/cron.deny',
            "ls: cannot access /etc/cron.deny: No such file or directory")
check_equal('stat -c "%a %u %g" /etc/cron.allow | egrep "600 0 0"', "600 0 0")

#
print_header("6.2 Configure SSH")
示例#3
0
文件: cis7.py 项目: Nemie/syco
#
print_header("7. User Accounts and Environment")

#
print_header("7.1 Set Shadow Password Suite Parameters (/etc/login.defs)")

#
print_header("7.1.1 Set Password Expiration Days (Scored)")
check_equal(
    "grep ^PASS_MAX_DAYS /etc/login.defs",
    "PASS_MAX_DAYS\t90"
)

check_empty(
    'awk -F: \'($3 > 0) {print $1}\' /etc/passwd | xargs -I {} ' +
    'chage --list {}|' +
    'grep "^Maximum number of days between password change"|'+
    'grep -v ": 99$"'
)

#
print_header("7.1.2 Set Password Change Minimum Number of Days (Scored)")
check_equal(
    "grep ^PASS_MIN_DAYS /etc/login.defs",
    "PASS_MIN_DAYS\t7"
)

check_empty(
    'awk -F: \'($3 > 0) {print $1}\' /etc/passwd | xargs -I {} ' +
    'chage --list {}|' +
    'grep "^Miniumum number of days between password change"|'+
    'grep -v ": 7$"'
示例#4
0
文件: cis3.py 项目: ysoldak/syco
#     "id:3:initdefault"
# )
# Syco hardened servers use this.
check_equal('grep "^\~\~\:S\:wait\:\/sbin\/sulogin" /etc/inittab',
            "~~:S:wait:/sbin/sulogin")

result = x('yum grouplist "X Window System"')
max_lines = len(result)
assert_contains(result[max_lines - 3], "Available Groups:")
assert_contains(result[max_lines - 2], "  X Window System")
assert_contains(result[max_lines - 1], "Done")

#
print_header("3.3 Disable Avahi Server (Scored)")
check_equal("rpm -q avahi", "package avahi is not installed")
check_empty("chkconfig --list | grep avahi")

#
print_header("3.4 Disable Print Server - CUPS (Not Scored)")
check_equal("rpm -q cups", "package cups is not installed")
check_empty("chkconfig --list | grep cups")

#
print_header("3.5 Remove DHCP Server (Scored)")
check_equal("rpm -q dhcp", "package dhcp is not installed")
check_empty("chkconfig --list | grep dhcp")

#
print_header("3.6 Configure Network Time Protocol (NTP) (Scored)")
# Original CIS looks for
# restrict default kod nomodify notrap nopeer noquery
示例#5
0
check_equal("mount | grep /dev/shm | grep nodev", "nodev")

#
print_header("1.1.15 Add nosuid Option to /dev/shm Partition (Scored)")
check_equal("grep /dev/shm /etc/fstab | grep nosuid", "nosuid")
check_equal("mount | grep /dev/shm | grep nosuid", "nosuid")

#
print_header("1.1.16 Add noexec Option to /dev/shm Partition (Scored)")
check_equal("grep /dev/shm /etc/fstab | grep noexec", "noexec")
check_equal("mount | grep /dev/shm | grep noexec", "noexec")

#
print_header(
    "1.1.17 Set Sticky Bit on All World-Writable Directories (Scored)")
check_empty("find / -type d \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null")

#
print_header("1.1.18 Disable Mounting of cramfs Filesystems (Not Scored)")
check_equal("/sbin/modprobe -n -v cramfs", "install /bin/true")
check_empty("/sbin/lsmod | grep cramfs")

#
print_header("1.1.19 Disable Mounting of freevxfs Filesystems (Not Scored)")
check_equal("/sbin/modprobe -n -v freevxfs", "install /bin/true")
check_empty("/sbin/lsmod | grep freexvfs")

#
print_header("1.1.20 Disable Mounting of jffs2 Filesystems (Not Scored)")
check_equal("/sbin/modprobe -n -v jffs2", "install /bin/true")
check_empty("/sbin/lsmod | grep jffs2")
示例#6
0
文件: cis5.py 项目: ysoldak/syco
import config

#
print_header("5 Logging and Auditing")

#
print_header("5.1 Configure Syslog")

#
print_header("5.1.1 Install the rsyslog package (Scored)")
check_equal_re("rpm -q rsyslog", "rsyslog.*")

#
print_header("5.1.2 Activate the rsyslog Service (Scored)")
check_equal("rpm -q syslog", "package syslog is not installed")
check_empty("chkconfig --list | grep syslog")
check_equal_re("chkconfig --list rsyslog",
               "rsyslog.*0:off.*1:off.*2:on.*3:on.*4:on.*5:on.*6:off")

#
print_header("5.1.3 Configure /etc/rsyslog.conf (Not Scored)")
print_warning(
    "Manually review the contents of the /etc/rsyslog.conf file to ensure appropriate logging is set. "
)
view_output("ls -l /var/log/")

#
print_header("5.1.4 Create and Set Permissions on rsyslog Log Files (Scored)")
print_header(" TODO - Ensure that the log files are logging information")

#
示例#7
0
文件: cis9.py 项目: ysoldak/syco
#
print_header("9.1.7 Verify User/Group Ownership on /etc/shadow (Scored)")
check_equal('stat -c "%a %u %g" /etc/shadow | egrep "0 0 0"', "0 0 0")

#
print_header("9.1.8 Verify User/Group Ownership on /etc/gshadow (Scored)")
check_equal('stat -c "%a %u %g" /etc/gshadow | egrep "0 0 0"', "0 0 0")

#
print_header("9.1.9 Verify User/Group Ownership on /etc/group (Scored)")
check_equal('stat -c "%a %u %g" /etc/group | egrep "644 0 0"', "644 0 0")

#
print_header("9.1.10 Find World Writable Files (Not Scored)")
check_empty(
    "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 -print"
)

#
print_header("9.1.11 Find Un-owned Files and Directories (Scored)")
check_empty(
    "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser -ls"
)

#
print_header("9.1.12 Find Un-grouped Files and Directories (Scored)")
check_empty(
    "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup -ls"
)

#
示例#8
0
文件: cis5.py 项目: Nemie/syco
print_header("5.1 Configure Syslog")

#
print_header("5.1.1 Install the rsyslog package (Scored)")
check_equal_re(
    "rpm -q rsyslog",
    "rsyslog.*"
)

#
print_header("5.1.2 Activate the rsyslog Service (Scored)")
check_equal(
    "rpm -q syslog",
    "package syslog is not installed"
)
check_empty("chkconfig --list | grep syslog")
check_equal_re(
    "chkconfig --list rsyslog",
    "rsyslog.*0:off.*1:off.*2:on.*3:on.*4:on.*5:on.*6:off"
)

#
print_header("5.1.3 Configure /etc/rsyslog.conf (Not Scored)")
print_warning("Manually review the contents of the /etc/rsyslog.conf file to ensure appropriate logging is set. ")
view_output("ls -l /var/log/")

#
print_header("5.1.4 Create and Set Permissions on rsyslog Log Files (Scored)")
print_header(" TODO - Ensure that the log files are logging information")

#
示例#9
0
    def one_player(self, board):
        """
		Play with the computer
		"""
        keyboardIndexMapping = constants.keyboardIndexMapping
        computerChar, playerChar, displayWinChance, whichPlayerFirst = utils.getSinglePlayerDetails(
        )

        if whichPlayerFirst == 1:
            utils.clearScreen()
            utils.display_board(board)
            while utils.check_win(board, computerChar, playerChar)[0] == 0:
                if utils.check_empty(board):
                    tut = [0, 0, 0, 0, 0, 0, 0, 0, 0]
                else:
                    tut = [
                        -i for i in self.minimax(board, playerChar,
                                                 computerChar, playerChar)
                    ]
                if displayWinChance == 1:
                    utils.clearScreen()
                    utils.display_tutorial_board(board, tut)
                index = int(input())
                if index > 9 or index < 1:
                    utils.clearScreen()
                    utils.display_board(board)
                    if displayWinChance == 1:
                        utils.clearScreen()
                        utils.display_tutorial_board(board, tut)
                    continue
                index = keyboardIndexMapping[index]
                # cant use already used index
                if board[index] != '-':
                    utils.clearScreen()
                    utils.display_board(board)
                    if displayWinChance == 1:
                        utils.clearScreen()
                        utils.display_tutorial_board(board, tut)
                    continue
                board[index] = playerChar
                utils.clearScreen()
                utils.display_board(board)
                if displayWinChance == 1:
                    utils.clearScreen()
                    utils.display_tutorial_board(board, tut)
                if utils.check_win(board, computerChar, playerChar)[0] != 0:
                    break
                ret = self.minimax(board, computerChar, computerChar,
                                   playerChar)
                # chose move for computer
                board[utils.the_move(board, ret)] = computerChar
                utils.clearScreen()
                utils.display_board(board)
            if utils.check_win(board, computerChar, playerChar)[0] == 1:
                print("You lost!!")
            else:
                print("It's a draw!")

        if whichPlayerFirst == 2:
            while utils.check_win(board, computerChar, playerChar)[0] == 0:
                if utils.check_empty(board):
                    board[random.randrange(0, 9)] = computerChar
                else:
                    ret = self.minimax(board, computerChar, computerChar,
                                       playerChar)
                    # chose move for computer
                    board[utils.the_move(board, ret)] = computerChar
                utils.clearScreen()
                utils.display_board(board)
                if utils.check_win(board, computerChar, playerChar)[0] != 0:
                    break
                # index already used can't be reused
                flag = 0
                while flag == 0:
                    tut = [
                        -i for i in self.minimax(board, playerChar,
                                                 computerChar, playerChar)
                    ]
                    utils.clearScreen()
                    utils.display_board(board)
                    if displayWinChance == 1:
                        utils.clearScreen()
                        utils.display_tutorial_board(board, tut)
                    index = int(input())
                    if index > 9 or index < 1:
                        utils.clearScreen()
                        utils.display_board(board)
                        if displayWinChance == 1:
                            utils.clearScreen()
                            utils.display_tutorial_board(board, tut)
                        continue
                    index = keyboardIndexMapping[index]
                    if board[index] == '-':
                        flag = 1
                        board[index] = playerChar
                        utils.clearScreen()
                        utils.display_board(board)
                        if displayWinChance == 1:
                            utils.clearScreen()
                            utils.display_tutorial_board(board, tut)
                    else:
                        utils.clearScreen()
                        utils.display_board(board)
                        if displayWinChance == 1:
                            utils.clearScreen()
                            utils.display_tutorial_board(board, tut)

            if utils.check_win(board, computerChar, playerChar)[0] == 1:
                print("You lost!!")
            else:
                print("It's a draw!")
示例#10
0
文件: cis4.py 项目: Nemie/syco
#
print_header("4.5.5 Verify Permissions on /etc/hosts.deny (Scored)")
check_equal(
    'stat -c "%a" /etc/hosts.deny | egrep "644"',
    "644"
)

#
print_header("4.6 Uncommon Network Protocols")

#
print_header("4.6.1 Disable DCCP (Not Scored)")
check_equal('grep "install dccp /bin/true" /etc/modprobe.d/*', 'install dccp /bin/true')
check_equal("/sbin/modprobe -n -v dccp", "install /bin/true")
check_empty("/sbin/lsmod | grep dccp")

#
print_header("4.6.2 Disable SCTP (Not Scored)")
check_equal('grep "install sctp /bin/true" /etc/modprobe.d/*', 'install sctp /bin/true')
check_equals(
    '/sbin/modprobe -n -v sctp',
    (
        None,
        None,
        "install /bin/true"
    )
)
check_empty("/sbin/lsmod | grep sctp")

#
示例#11
0
文件: cis4.py 项目: ysoldak/syco
print_header("4.5.4 Create /etc/hosts.deny (Not Scored)")
check_equal('grep "ALL: ALL" /etc/hosts.deny', "ALL: ALL")

#
print_header("4.5.5 Verify Permissions on /etc/hosts.deny (Scored)")
check_equal('stat -c "%a" /etc/hosts.deny | egrep "644"', "644")

#
print_header("4.6 Uncommon Network Protocols")

#
print_header("4.6.1 Disable DCCP (Not Scored)")
check_equal('grep "install dccp /bin/true" /etc/modprobe.d/*',
            'install dccp /bin/true')
check_equal("/sbin/modprobe -n -v dccp", "install /bin/true")
check_empty("/sbin/lsmod | grep dccp")

#
print_header("4.6.2 Disable SCTP (Not Scored)")
check_equal('grep "install sctp /bin/true" /etc/modprobe.d/*',
            'install sctp /bin/true')
check_equals('/sbin/modprobe -n -v sctp', (None, None, "install /bin/true"))
check_empty("/sbin/lsmod | grep sctp")

#
print_header("4.6.3 Disable RDS (Not Scored)")
check_equal('grep "install rds /bin/true" /etc/modprobe.d/*',
            'install rds /bin/true')
check_equal("/sbin/modprobe -n -v rds", "install /bin/true")
check_empty("/sbin/lsmod | grep rds")
示例#12
0
文件: cis3.py 项目: Nemie/syco
    "~~:S:wait:/sbin/sulogin"
)

result = x('yum grouplist "X Window System"')
max_lines = len(result)
assert_contains(result[max_lines-3], "Available Groups:")
assert_contains(result[max_lines-2], "  X Window System")
assert_contains(result[max_lines-1], "Done")

#
print_header("3.3 Disable Avahi Server (Scored)")
check_equal(
    "rpm -q avahi",
    "package avahi is not installed"
)
check_empty("chkconfig --list | grep avahi")

#
print_header("3.4 Disable Print Server - CUPS (Not Scored)")
check_equal(
    "rpm -q cups",
    "package cups is not installed"
)
check_empty("chkconfig --list | grep cups")

#
print_header("3.5 Remove DHCP Server (Scored)")
check_equal(
    "rpm -q dhcp",
    "package dhcp is not installed"
)
示例#13
0
文件: cis1.py 项目: Nemie/syco
check_equal("grep /dev/shm /etc/fstab | grep nodev", "nodev")
check_equal("mount | grep /dev/shm | grep nodev", "nodev")

#
print_header("1.1.15 Add nosuid Option to /dev/shm Partition (Scored)")
check_equal("grep /dev/shm /etc/fstab | grep nosuid", "nosuid")
check_equal("mount | grep /dev/shm | grep nosuid", "nosuid")

#
print_header("1.1.16 Add noexec Option to /dev/shm Partition (Scored)")
check_equal("grep /dev/shm /etc/fstab | grep noexec", "noexec")
check_equal("mount | grep /dev/shm | grep noexec", "noexec")

#
print_header("1.1.17 Set Sticky Bit on All World-Writable Directories (Scored)")
check_empty("find / -type d \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null")

#
print_header("1.1.18 Disable Mounting of cramfs Filesystems (Not Scored)")
check_equal("/sbin/modprobe -n -v cramfs", "install /bin/true")
check_empty("/sbin/lsmod | grep cramfs")

#
print_header("1.1.19 Disable Mounting of freevxfs Filesystems (Not Scored)")
check_equal("/sbin/modprobe -n -v freevxfs", "install /bin/true")
check_empty("/sbin/lsmod | grep freexvfs")

#
print_header("1.1.20 Disable Mounting of jffs2 Filesystems (Not Scored)")
check_equal("/sbin/modprobe -n -v jffs2", "install /bin/true")
check_empty("/sbin/lsmod | grep jffs2")
示例#14
0
文件: cis8.py 项目: ysoldak/syco
__email__ = "*****@*****.**"
__credits__ = ["???"]
__license__ = "???"
__version__ = "1.0.0"
__status__ = "Production"


from utils import check_empty, check_equal, check_equal_re, check_equals, check_not_empty, check_return_code, print_header, view_output, print_warning, print_info
import app

#
print_header("8 Warning Banners")

#
print_header("8.1 Set Warning Banner for Standard Login Services (Scored)")
check_empty("diff %s/hardening/issue.net /etc/motd" % app.SYCO_VAR_PATH)
check_empty("diff %s/hardening/issue.net /etc/issue" % app.SYCO_VAR_PATH)
check_empty("diff %s/hardening/issue.net /etc/issue.net" % app.SYCO_VAR_PATH)

check_equal('stat -c "%a %u %g" /etc/motd | egrep "644 0 0"', "644 0 0")
check_equal('stat -c "%a %u %g" /etc/issue | egrep "644 0 0"', "644 0 0")
check_equal('stat -c "%a %u %g" /etc/issue.net | egrep "644 0 0"', "644 0 0")

#
print_header("8.2 Remove OS Information from Login Warning Banners (Scored)")
check_empty("egrep '(\\\\v|\\\\r|\\\\m|\\\\s)' /etc/issue")
check_empty("egrep '(\\\\v|\\\\r|\\\\m|\\\\s)' /etc/motd")
check_empty("egrep '(\\\\v|\\\\r|\\\\m|\\\\s)' /etc/issue.net")

#
print_header("8.3 Set GNOME Warning Banner (Not Scored)")