diff --git a/src/freedombone-tests b/src/freedombone-tests index 3ff7785a..5272fbf2 100755 --- a/src/freedombone-tests +++ b/src/freedombone-tests @@ -1031,12 +1031,21 @@ function test_stig { ##RHEL-06-000302 ##A file integrity tool must be used at least weekly to check for unauthorized file changes, particularly the addition of unauthorized system libraries or binaries, or for unauthorized modification to authorized system libraries or binaries. - bash $STIG_TESTS_DIR/check-aide-cron.sh > /dev/null 2>&1 & + bash $STIG_TESTS_DIR/check-tripwire-cron.sh > /dev/null 2>&1 & stig_spinner $! output "V-38695" $? ${SETLANG} ################ + ##RHEL-06-000018 + #For tripwire to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files. + + bash $STIG_TESTS_DIR/check-tripwire-baseline.sh > /dev/null 2>&1 & + + stig_spinner $! + output "V-51391" $? ${SETLANG} + ################ + ##RHEL-06-000308 ##Process core dumps must be disabled unless needed. diff --git a/tests/check-aide-baseline.sh b/tests/check-aide-baseline.sh deleted file mode 100644 index 45c36af4..00000000 --- a/tests/check-aide-baseline.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -#Tested on Aide 0.16a2-19-g16ed855 - -CHECKDATABASE=$(grep "database=" /etc/aide/aide.conf 2>/dev/null ) -if [ $? -eq 0 ];then - : -else - echo "couldn""'""t found aide.conf" - exit 1 -fi - -DATABASE=$(echo $CHECKDATABASE | awk -F ':' '{printf $2}' 2>/dev/null) - -if [ $? -eq 0 ];then - : -else - echo "couldn""'""t found database location at aide.conf" - exit 1 -fi - -if [ -f "$DATABASE" ];then - echo "There is a baseline for aide." - exit 0 -else - echo "Can""'""t find aide baseline" - exit 1 -fi diff --git a/tests/check-aide-cron.sh b/tests/check-aide-cron.sh deleted file mode 100644 index 73b76148..00000000 --- a/tests/check-aide-cron.sh +++ /dev/null @@ -1,5 +0,0 @@ -#1/bin/bash - -if [ $(grep aide /etc/crontab /etc/cron.*/* | wc -l) -ne 0 ];then - exit 1 -fi diff --git a/tests/check-tripwire-baseline.sh b/tests/check-tripwire-baseline.sh new file mode 100644 index 00000000..05f09ce0 --- /dev/null +++ b/tests/check-tripwire-baseline.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +if ! ls /var/lib/tripwire/*.twd 1> /dev/null 2>&1; then + exit 1 +fi diff --git a/tests/check-tripwire-cron.sh b/tests/check-tripwire-cron.sh new file mode 100644 index 00000000..eb17e22c --- /dev/null +++ b/tests/check-tripwire-cron.sh @@ -0,0 +1,5 @@ +#1/bin/bash + +if [ ! -f /etc/cron.daily/tripwire ];then + exit 1 +fi diff --git a/tests/output.sh b/tests/output.sh index 3f5ebe4d..78debf9b 100644 --- a/tests/output.sh +++ b/tests/output.sh @@ -259,7 +259,7 @@ an administrator.\n\n######################\n\n' >> $LOG log_msg $2 '必须创建文件完整性基线。' fi if [ $2 -ne 0 ];then - printf '\n######################\n\nSTIG-ID:RHEL-06-000018\n\nVulnerability Discussion: For AIDE to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.\n\nFix text: Run the following command to generate a new database:\n\n#aideinit\n\nBy default, the database will be written to the file "/var/lib/aide/aide.db.new.gz". Storing the database, the configuration file "/etc/aide.conf", and the binary "/usr/sbin/aide" (or hashes of these files), in a secure location (such as on read-only media) provides additional assurance about their integrity.\n\nThe newlygenerated database can be installed as follows:\n\n#cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db\n\nTo initiate a manual check, run the following command:\n\n#/usr/sbin/aide --check\n\nIf this check produces any unexpected output, investigate.\n\n######################\n\n' >> $LOG + printf '\n######################\n\nSTIG-ID:RHEL-06-000018\n\nVulnerability Discussion: For tripwire to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.\n\nFix text: Run "reset tripwire" from the administrator control panel.\n\n######################\n\n' >> $LOG fi ;; V-38491) if [ "$3" = "en" ]; then