stig test for tripwire database

This commit is contained in:
Bob Mottram 2017-07-15 11:10:40 +01:00
parent 054c452d71
commit 9741890691
4 changed files with 15 additions and 28 deletions

View File

@ -1037,6 +1037,15 @@ function test_stig {
output "V-38695" $? ${SETLANG} output "V-38695" $? ${SETLANG}
################ ################
##RHEL-06-000018
#For tripwire to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.
bash $STIG_TESTS_DIR/check-tripwire-baseline.sh > /dev/null 2>&1 &
stig_spinner $!
output "V-51391" $? ${SETLANG}
################
##RHEL-06-000308 ##RHEL-06-000308
##Process core dumps must be disabled unless needed. ##Process core dumps must be disabled unless needed.

View File

@ -1,27 +0,0 @@
#!/bin/bash
#Tested on Aide 0.16a2-19-g16ed855
CHECKDATABASE=$(grep "database=" /etc/aide/aide.conf 2>/dev/null )
if [ $? -eq 0 ];then
:
else
echo "couldn""'""t found aide.conf"
exit 1
fi
DATABASE=$(echo $CHECKDATABASE | awk -F ':' '{printf $2}' 2>/dev/null)
if [ $? -eq 0 ];then
:
else
echo "couldn""'""t found database location at aide.conf"
exit 1
fi
if [ -f "$DATABASE" ];then
echo "There is a baseline for aide."
exit 0
else
echo "Can""'""t find aide baseline"
exit 1
fi

View File

@ -0,0 +1,5 @@
#!/bin/bash
if ! ls /var/lib/tripwire/*.twd 1> /dev/null 2>&1; then
exit 1
fi

View File

@ -259,7 +259,7 @@ an administrator.\n\n######################\n\n' >> $LOG
log_msg $2 '必须创建文件完整性基线。' log_msg $2 '必须创建文件完整性基线。'
fi fi
if [ $2 -ne 0 ];then if [ $2 -ne 0 ];then
printf '\n######################\n\nSTIG-ID:RHEL-06-000018\n\nVulnerability Discussion: For AIDE to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.\n\nFix text: Run the following command to generate a new database:\n\n#aideinit\n\nBy default, the database will be written to the file "/var/lib/aide/aide.db.new.gz". Storing the database, the configuration file "/etc/aide.conf", and the binary "/usr/sbin/aide" (or hashes of these files), in a secure location (such as on read-only media) provides additional assurance about their integrity.\n\nThe newlygenerated database can be installed as follows:\n\n#cp /var/lib/aide/aide.db.new /var/lib/aide/aide.db\n\nTo initiate a manual check, run the following command:\n\n#/usr/sbin/aide --check\n\nIf this check produces any unexpected output, investigate.\n\n######################\n\n' >> $LOG printf '\n######################\n\nSTIG-ID:RHEL-06-000018\n\nVulnerability Discussion: For tripwire to be effective, an initial database of "known-good" information about files must be captured and it should be able to be verified against the installed files.\n\nFix text: Run "reset tripwire" from the administrator control panel.\n\n######################\n\n' >> $LOG
fi fi
;; ;;
V-38491) if [ "$3" = "en" ]; then V-38491) if [ "$3" = "en" ]; then