aix:scripts_audit_aix
Auditing script for AIX
hard_chk.sh
#!/bin/sh
#---------------------------------------------------------------------------#
# Copyright 2010 Ansil Hameed #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
# the Free Software Foundation, either version 3 of the License, or #
# (at your option) any later version. #
# #
# This program is distributed in the hope that it will be useful, #
# but WITHOUT ANY WARRANTY; without even the implied warranty of #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
# GNU General Public License for more details. #
# #
# You should have received a copy of the GNU General Public License #
# along with this program. If not, see <http://www.gnu.org/licenses/>. #
#---------------------------------------------------------------------------#
#=================================================================#
# CHECK SECURITY POLICY FOR AIX 5300-10-01 #
# () #
# Date :- 25-September-2010 #
#=================================================================#
VERSION="1.0.0b"
TMP_FILE_INDEX=$$
HTML_FILE_REM="/tmp/hard_html_remarks.html"
export auth_val="FALSE"
#==========================================#
# Clean up procedure for unexpected exit #
#==========================================#
main_exit()
{
stty echo
clear
read opt?"Do you really want to exit..?[y/n]:- "
if [ "${opt}" == "y" -a ! -z "${opt}" ]
then
rm -f /tmp/etc_security_user_${TMP_FILE_INDEX}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_8
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_25
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_30
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_31
exit
else
if [ "${auth_val}" == "TRUE" ]
then
main_page
else
main_login
fi
fi
}
#======================================#
# Clean up procedure for normal exit #
#======================================#
norm_exit()
{
rm -f /tmp/etc_security_user_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}
}
#==========================================================================#
# All Policy Rules Messages in 'tbl_auth()' Function #
# This frame work will allow you to add more rules easly #
#==========================================================================#
tbl_auth()
{
trap 'main_exit' 1 2 3 15
case ${1} in
1) echo "+---------------------------------------------+"
echo "| AIX_01 Remote Login By Unauthenicated users |"
echo "+---------------------------------------------+"
;;
2) echo "+------------------------------+"
echo "| AIX_02 Users with FTP Access |"
echo "+------------------------------+"
;;
3) echo "+--------------------------+"
echo "| AIX_03 XDMCP port status |"
echo "+--------------------------+"
;;
4) echo "+-------------------------------------------------+"
echo "| AIX_04 Session timeout for unattended terminals |"
echo "+-------------------------------------------------+"
;;
5) echo "+--------------------------+"
echo "| AIX_05 Remote root login |"
echo "+--------------------------+"
;;
6) echo "+-------------------------------+"
echo "| AIX_06 Non essential accounts |"
echo "+-------------------------------+"
;;
7) echo "+---------------------------------------------+"
echo "| AIX_07 Password and account policy settings |"
echo "+---------------------------------------------+"
;;
8) echo "+---------------------------------------+"
echo "| AIX_08 Accounts with empty passwords |"
echo "+---------------------------------------+"
;;
9) echo "+-------------------------------+"
echo "| AIX_09 Accounts with root UID |"
echo "+-------------------------------+"
;;
10) echo "+---------------------------+"
echo "| AIX_10 System UMASK value |"
echo "+---------------------------+"
;;
11) echo "+----------------------+"
echo "| AIX_11 Login Banners |"
echo "+----------------------+"
;;
12) echo "+------------------------------+"
echo "| AIX_12 SNMP Service settings |"
echo "+------------------------------+"
;;
13) echo "+--------------------------------------------+"
echo "| AIX_13 Password and Group file permissions |"
echo "+--------------------------------------------+"
;;
14) echo "+--------------------------------------------+"
echo "| AIX_14 Sticky bit on world writable dirs |"
echo "+--------------------------------------------+"
;;
15) echo "+---------------------------------------------+"
echo "| AIX_15 Unauthorized SUID system executables |"
echo "+---------------------------------------------+"
;;
16) echo "+---------------------------------------------+"
echo "| AIX_16 Unauthorized SGID system executables |"
echo "+---------------------------------------------+"
;;
17) echo "+---------------------------------------------+"
echo "| AIX_17 Unowned files and Directories |"
echo "+---------------------------------------------+"
;;
18) echo "+----------------------------------------+"
echo "| AIX_18 CRON and AT permission |"
echo "+----------------------------------------+"
;;
19) echo "+---------------------------------------------+"
echo "| AIX_19 Insecure permission on crontab files |"
echo "+---------------------------------------------+"
;;
20) echo "+--------------------------------------------------+"
echo "| AIX_20 Permission on network configuration files |"
echo "+--------------------------------------------------+"
;;
21) echo "+--------------------------------------------+"
echo "| AIX_21 Permission on user home directories |"
echo "+--------------------------------------------+"
;;
22) echo "+--------------------------------+"
echo "| AIX_22 Permission on log files |"
echo "+--------------------------------+"
;;
23) echo "+--------------------------------+"
echo "| AIX_23 Message send to syslog |"
echo "+--------------------------------+"
;;
24) echo "+-------------------------------------+"
echo "| AIX_24 Remote logging using syslog |"
echo "+-------------------------------------+"
;;
25) echo "+------------------------------+"
echo "| AIX_25 Kernel level auditing |"
echo "+------------------------------+"
;;
26) echo "+-------------------------------+"
echo "| AIX_26 Non essential services |"
echo "+-------------------------------+"
;;
27) echo "+--------------------------------+"
echo "| AIX_27 Network TCP/IP settings |"
echo "+--------------------------------+"
;;
28) echo "+---------------------------+"
echo "| AIX_28 Core dump settings |"
echo "+---------------------------+"
;;
29) echo "+------------------------------------------------+"
echo "| AIX_29 NFS client requests to privileged ports |"
echo "+------------------------------------------------+"
;;
30) echo "+--------------------+"
echo "| AIX_30 Patch level |"
echo "+--------------------+"
;;
31) echo "+------------------------------------------------+"
echo "| AIX_31 Weak file system security configuration |"
echo "+------------------------------------------------+"
;;
*) echo "No Mesage"
;;
esac
}
#==========================================================================#
# Main Menu Page #
#==========================================================================#
main_page()
{
#------------------------------------------------------#
# Main Menu . #
# Created using "tput cup" and "echo escape" codes #
#------------------------------------------------------#
trap 'main_exit' 1 2 3 15
trap 'norm_exit' 0
clear
tput cup 4 14
echo "\033[44m SBI DWP Policy Scanner Version 1.0 \033[0m"
tput cup 5 14
echo "\033[44m \033[0m\033[45m Enter your option \033[44m \033[0m"
tput cup 6 14
echo "\033[44m \033[0m1.Scan All policies \033[44m \033[0m"
tput cup 7 14
echo "\033[44m \033[0m2.Scan policies using index number \033[44m \033[0m"
tput cup 8 14
echo "\033[44m \033[0m3.Generate Report (html) \033[44m \033[0m"
tput cup 9 14
echo "\033[44m \033[0m4.Exit \033[44m \033[0m"
tput cup 10 14
echo "\033[44m \033[0m \033[44m \033[0m"
tput cup 11 14
echo "\033[44m ANSILh[at]gmail[dot]com \033[0m"
tput cup 12 14
#-----------------------------------------------------#
# Here the scipt reads your options #
#-----------------------------------------------------#
read opt?"Enter your option:-"
case ${opt} in
1)
echo "Scan all"
scan_all
;;
2)
echo "Scan with index"
scan_index
;;
3)
#echo "Exit"
clear
html_report_gen
;;
4)
#echo "Exit"
clear
exit 0
;;
*)
echo "Invalid option"
main_page
;;
esac
}
#==========================================================================#
# All Policy Rules are Categerized Here #
#==========================================================================#
scan_all()
{
trap 'main_exit' 1 2 3 15
clear
tput cup 4 14
echo "\033[44m Select Section \033[0m"
tput cup 5 14
echo "\033[44m \033[0m \033[44m \033[0m"
tput cup 6 14
echo "\033[44m \033[0m1.System Access,Authentication And Authorization \033[44m \033[0m"
tput cup 7 14
echo "\033[44m \033[0m2.File And Directory Permission \033[44m \033[0m"
tput cup 8 14
echo "\033[44m \033[0m3.Logs and Audit Trails \033[44m \033[0m"
tput cup 9 14
echo "\033[44m \033[0m4.Network and Service settings \033[44m \033[0m"
tput cup 10 14
echo "\033[44m \033[0m5.Patch and other settings \033[44m \033[0m"
tput cup 11 14
echo "\033[44m \033[0m6.Back \033[44m \033[0m"
tput cup 12 14
echo "\033[44m \033[0m7.Exit \033[44m \033[0m"
tput cup 13 14
echo "\033[44m \033[0m \033[44m \033[0m"
tput cup 14 14
echo "\033[44m \033[0m"
tput cup 15 14
read opt?"Enter your option:-"
if [ -z "${opt}" ]
then
scan_all
fi
if [ ${opt} -eq 1 ]
then
#------------------------------------------------------------#
# System Access,Authentication And Authorization #
#------------------------------------------------------------#
tbl_auth_1
tbl_auth_2
tbl_auth_3
tbl_auth_4
tbl_auth_5
tbl_auth_6
tbl_auth_7
tbl_auth_8
tbl_auth_9
tbl_auth_10
tbl_auth_11
tbl_auth_12
echo "Press any key to continue..."
read
scan_all
elif [ ${opt} -eq 2 ]
then
#------------------------------------------------------------#
# File And Directory Permissions #
#------------------------------------------------------------#
tbl_auth_13
tbl_auth_14
tbl_auth_15
tbl_auth_16
tbl_auth_17
tbl_auth_18
tbl_auth_19
tbl_auth_20
tbl_auth_21
tbl_auth_22
echo "Press any key to continue..."
read
scan_all
elif [ ${opt} -eq 3 ]
then
#------------------------------------------------------------#
# Logs and Audit Trails #
#------------------------------------------------------------#
tbl_auth_23
tbl_auth_24
tbl_auth_25
echo "Press any key to continue..."
read
scan_all
elif [ ${opt} -eq 4 ]
then
#------------------------------------------------------------#
# Network and Service settings #
#------------------------------------------------------------#
tbl_auth_26
tbl_auth_27
tbl_auth_28
tbl_auth_29
echo "Press any key to continue..."
read
scan_all
elif [ ${opt} -eq 5 ]
then
#------------------------------------------------------------#
# Patch and other settings #
#------------------------------------------------------------#
tbl_auth_30
tbl_auth_31
echo "Press any key to continue..."
read
scan_all
elif [ ${opt} -eq 6 ]
then
main_page
elif [ ${opt} -eq 7 ]
then
#echo "exit"
clear
exit 0
else
scan_all
fi
}
#==========================================================================#
# Scan Policy By Index #
#==========================================================================#
scan_index()
{
trap 'main_exit' 1 2 3 15
clear
tput cup 4 14
echo "\033[44m Scan By Index \033[0m"
tput cup 5 14
echo "\033[44m \033[0mx - to exit \033[44m \033[0m"
tput cup 6 14
echo "\033[44m \033[0mb - to back \033[44m \033[0m"
tput cup 7 14
echo "\033[44m \033[0ml - to list index \033[44m \033[0m"
tput cup 8 14
echo "\033[44m \033[0m"
tput cup 9 14
read index_no?"Enter index number:-"
if [ -z "${index_no}" ]
then
scan_index
fi
case ${index_no} in
'x')
exit 0
;;
'b')
main_page
;;
'l')
list_index
;;
esac
if [ $index_no -ge 1 -a $index_no -le 31 ] 2>/dev/null
then
clear
tbl_auth_${index_no}
else
echo "Policy not exist...Type l for Policy Index"
fi
echo "Press any key to continue...."
read
scan_index
}
#==========================================================================#
# Main Entrance of The Program(Authentication) #
# The authentication has two parts #
# 1.If the user already authenticated and pressed ^c ,the user must get #
# the first 'after login' screen #
# 2.If the user has not authenticated and pressed ^c(AT LOGIN PROMPT) #
# the user must be challenged for authentication again #
#==========================================================================#
main_login()
{
trap 'main_exit' 1 2 3 15
clear
read usr_nm?"Enter user name :-"
stty -echo
read pass?"Enter password:-"
stty echo
if [ ! -z ${usr_nm} -a ! -z ${pass} ]
then
if [ "${usr_nm}" == "hardadmin" -a "${pass}" == "123pass" ]
then
# Call functions from here
echo "Login OK"
export auth_val="TRUE"
main_page
exit 0
else
echo "Invalid login credentials"
exit
fi
else
echo "Invalid login credentials"
exit
fi
}
#==========================================================================#
# List All Policy Rules #
#==========================================================================#
list_index()
{
trap 'main_exit' 1 2 3 15
clear
x=1;
while [ $x -ne 32 ]
do
tbl_auth ${x}
x=`expr $x + 1`
done
echo "Press any key to continue....."
read
scan_index
}
#==========================================================================#
index_1()
{
trap 'main_exit' 1 2 3 15
clear
echo "\033[35m===============================================\033[0m"
echo "\033[32mSYSTEM ACCESS, AUTHENTICATION AND AUTHORIZATION\033[0m"
echo "\033[35m===============================================\033[0m"
}
#==========================================================================#
tbl_auth_1()
{
#----------------------------------------------------------------#
# The function will check existance of #
# 1).rhost #
# 2).netrc #
# 3)hosts.equiv #
#----------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
p_stat="TRUE"
tbl_auth 1
if [ "${1}" == "html" ]
then
echo "<a name=p1></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
echo "<h5><u>AIX_01 Remote Login By Unauthenicated users</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
fi
if [ -f /.rhosts ]
then
echo "\033[31m* .rhosts file exists \033[0m"
if [ "${1}" == "html" ]
then
echo "The <b>.rhost</b> file exists.">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
p_stat="FALSE"
fi
else
echo "\033[32m* .rhosts file not exists \033[0m"
fi
if [ -f /.netrc ]
then
echo "\033[31m* .netrc file exists \033[0m"
if [ "${1}" == "html" ]
then
echo "The <b>.netrc</b> file exists.">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
p_stat="FALSE"
fi
else
echo "\033[32m* .netrc file not exists \033[0m"
fi
if [ -f /etc/hosts.equiv ]
then
echo "\033[31m* /etc/hosts.equiv file exists \033[0m"
if [ "${1}" == "html" ]
then
echo "The <b>/etc/hosts.equiv</b> file exists.">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
p_stat="FALSE"
fi
else
echo "\033[32m* /etc/hosts.equiv file not exists \033[0m"
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p1>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_1
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Remote Login By Unauthenicated users</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_2()
{
#----------------------------------------------------------------#
# Which users have FTP access #
# Any user with super user privileges must be denied for #
#----------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 2
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p2></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
echo "<h5><u>AIX_02 Users with FTP Access</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
fi
if [ -f /etc/ftpusers ]
then
# check for system usres with users in /etc/ftpusers
while read line
do
got_usr_flg=0
usr_id=`echo $line|awk -F ":" '{print $3}'`
if [ ${usr_id} == 0 ]
then
usr_id_chk=`echo $line |awk -F ":" '{print $1}'`
while read ftp_line
do
if [ ! -z "${ftp_line}" ]
then
if [ $ftp_line == $usr_id_chk ]
then
echo "* \033[32m$ftp_line is in /etc/ftpusers\033[0m"
got_usr_flg=1
fi
fi
done</etc/ftpusers
fi
if [ $got_usr_flg != 1 -a $usr_id == 0 ]
then
echo "\033[31m* $usr_id_chk not in /etc/ftpusers \033[0m"
echo "<b>${usr_id_chk}</b> not in <b>/etc/ftpusers</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
p_stat="FALSE"
fi
done </etc/passwd
else
echo "\033[31m /etc/ftpusers file not exists \033[0m"
echo "<b>/etc/ftpusers</b> file not exists">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
p_stat="FALSE"
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p2>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_2
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Users with FTP Access </td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${rm_msg}</td>" >>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_3()
{
#-----------------------------------------------#
# Disable XDMCP login #
#-----------------------------------------------#
trap 'main_exit' 1 2 3 15
p_stat="TRUE"
tbl_auth 3
if [ "${1}" == "html" ]
then
echo "<a name=p3></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
echo "<h5><u>AIX_03 XDMCP port status</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
fi
if [ -f /etc/dt/config/Xconfig ]
then
dt_val=`grep Dtlogin.requestPort /etc/dt/config/Xconfig|grep -v ^# |awk -F ":" '{print $2}'`
if [ $dt_val != 0 ]
then
echo "\033[31m* Dtlogin.requestPort in /etc/dt/config/Xconfig is not zero\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>Dtlogin.requestPort</b> in <b>/etc/dt/config/Xconfig</b> is not zero">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
p_stat="FALSE"
fi
else
echo "\033[32m* Dtlogin.requestPort in /etc/dt/config/Xconfig is zero\033[0m"
fi
else
echo "\033[31m* /etc/dt/config/Xconfig not exists \033[0m"
if [ "${1}" == "html" ]
then
echo "<b>/etc/dt/config/Xconfig</b> not exists">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p3>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_3
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>XDMCP port status</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_4()
{
#---------------------------------------------------------------#
# Session time out for un attented terminals #
# including X sessions #
#---------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 4
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p4></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
echo "<h5><u>AIX_04 Session timeout for unattended terminals</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
fi
tmout_var=`grep TMOUT= /etc/security/.profile`
if [ ! -z $tmout_var ]
then
tmout_pr=`echo $tmout_var |awk -F "=" '{print $2}'`
if [ $tmout_pr == 600 ]
then
echo "\033[32m* TMOUT value is 600\033[0m"
else
echo "\033[31m* TMOUT value is $tmout_pr \033[0m"
if [ "${1}" == "html" ]
then
echo "<b>TMOUT</b> value is <b>${tmout_pr}</b> .Need to set 600">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
p_stat="FALSE"
fi
fi
else
echo "\033[31m* TMOUT value is not set\033[0m"
if [ "${1}" == "html" ]
then
echo "TMOUT value is not set">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
p_stat="FALSE"
fi
fi
timeout_var=`grep TIMEOUT= /etc/security/.profile`
if [ ! -z $timeout_var ]
then
timeout_pr=`echo $timeout_var |awk -F "=" '{print $2}'`
if [ $timeout_pr == 600 ]
then
echo "\033[32m* TIMEOUT value is 600\033[0m"
else
echo "\033[31m* TIMEOUT value is $timeout_pr \033[0m"
if [ "${1}" == "html" ]
then
echo "TIMEOUT value is $timeout_pr Need to set 600">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
p_stat="FALSE"
fi
fi
else
echo "\033[31m* TIMEOUT value is not set\033[0m"
if [ "${1}" == "html" ]
then
echo "TIMEOUT value is not set">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
p_stat="FALSE"
fi
fi
dir_list=`ls -lrt /usr/dt/config/ |grep ^d |awk -F " " '{print $9}'`
for dir_nm in `echo $dir_list`
do
if [ -f /usr/dt/config/${dir_nm}/sys.resources ]
then
svr_tmout=`grep saverTimeout /usr/dt/config/${dir_nm}/sys.resources`
svr_tmout_val=`echo $svr_tmout |awk -F ":" '{print $2}'`
if [ $svr_tmout_val != 10 ]
then
echo "\033[31m* dtsession*saverTimeout value in /usr/dt/config/${dir_nm} is $svr_tmout_val \033[0m"
if [ "${1}" == "html" ]
then
echo "<b>dtsession*saverTimeout</b> value in <b>/usr/dt/config/${dir_nm}</b> is <b>${svr_tmout_val}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
p_stat="FALSE"
fi
else
echo "\033[32m* dtsession*saverTimeout value in /usr/dt/config/${dir_nm} is 10 \033[0m"
fi
lck_tmout=`grep lockTimeout /usr/dt/config/${dir_nm}/sys.resources`
lck_tmout_val=`echo $lck_tmout |awk -F ":" '{print $2}'`
if [ $lck_tmout_val != 10 ]
then
echo "\033[31m* dtsession*lockTimeout value in /usr/dt/config/${dir_nm} is $lck_tmout_val \033[0m"
if [ "${1}" == "html" ]
then
echo "<b>dtsession*lockTimeout</b> value in <b>/usr/dt/config/${dir_nm}</b> is <b>${lck_tmout_val}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
p_stat="FALSE"
fi
else
echo "\033[32m* dtsession*lockTimeout value in /usr/dt/config/${dir_nm} is 10 \033[0m"
fi
fi
done
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p4>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_4
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Session timeout for unattended terminals</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_5()
{
#--------------------------------------------------------------#
# Deny remote root login #
# Allow system group for su to root #
#--------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 5
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p5></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
echo "<h5><u>AIX_05 Remote root login</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
fi
root_login=`lsuser -f root|grep login= |head -n 1`
root_login_val=`echo $root_login|awk -F "=" '{print $2}'`
root_rlogin=`lsuser -f root|grep rlogin=`
root_rlogin_val=`echo $root_rlogin|awk -F "=" '{print $2}'`
root_su=`lsuser -f root |grep su=`
root_su_val=`echo $root_su| awk -F "=" '{print $2}'`
root_sugrp=`lsuser -f root |grep sugroups`
root_sugrp_val=`echo $root_sugrp | awk -F "=" '{print $2}'`
if [ $root_login_val == true ]
then
echo "\033[32m* root login is TRUE \033[0m"
else
echo "\033[31m* root login is $root_login_val \033[0m"
if [ "${1}" == "html" ]
then
echo "root login is <b>${root_login_val}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
p_stat="FALSE"
fi
fi
if [ $root_rlogin_val == false ]
then
echo "\033[32m* root rlogin is FALSE\033[0m"
else
echo "\033[31m* root rlogin is $root_rlogin_val\033[0m"
if [ "${1}" == "html" ]
then
echo "root <b>rlogin</b> is <b>${root_rlogin_val}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
p_stat="FALSE"
fi
fi
if [ $root_su_val == true ]
then
echo "\033[32m* root su is TRUE \033[0m"
else
echo "\033[31m* root su is $root_su_val \033[0m"
if [ "${1}" == "html" ]
then
echo "root <b>su</b> is <b>${root_su_val}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
p_stat="FALSE"
fi
fi
if [ $root_sugrp_val == 'system' ]
then
echo "\033[32m* root sugroup are system \033[0m"
else
echo "\033[31m* root sugroup are $root_sugrp_val \033[0m"
if [ "${1}" == "html" ]
then
echo "root sugroup are $root_sugrp_val">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p5>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_5 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Remote root login</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_6()
{
#-------------------------------------------------------------#
# Remove users having zero use #
#-------------------------------------------------------------#
#* This function need some tuning and will be done in next release*#
trap 'main_exit' 1 2 3 15
tbl_auth 6
if [ "${1}" == "html" ]
then
echo "<a name=p6></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<h5><u>AIX_06 Non essential accounts</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
fi
while read line
do
usr_nm=`echo $line | awk -F ":" '{print $1}'`
if [ $usr_nm == daemon ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user $usr_nm is $usr_nm_shell \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user <b>${usr_nm}</b> is <b>${usr_nm_shell}</b> ">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user $usr_nm is /dev/null\033[0m"
fi
fi
if [ $usr_nm == bin ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user $usr_nm is $usr_nm_shell \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user <b>${usr_nm}</b> is <b>${usr_nm_shell}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user $usr_nm is /dev/null\033[0m"
fi
fi
if [ $usr_nm == sys ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user $usr_nm is $usr_nm_shell \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user <b>${usr_nm}</b> is <b>${usr_nm_shell}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user $usr_nm is /dev/null\033[0m"
fi
fi
if [ $usr_nm == adm ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user $usr_nm is $usr_nm_shell \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user $usr_nm is $usr_nm_shell">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user $usr_nm is /dev/null\033[0m"
fi
fi
if [ $usr_nm == uucp ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user $usr_nm is $usr_nm_shell \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user $usr_nm is $usr_nm_shell">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user $usr_nm is /dev/null\033[0m"
fi
fi
if [ $usr_nm == nuucp ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user $usr_nm is $usr_nm_shell \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user <b>${usr_nm}</b> is <b>${usr_nm_shell}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user $usr_nm is /dev/null\033[0m"
fi
fi
if [ $usr_nm == printq ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user <b>${usr_nm}</b> is <b>${usr_nm_shell}</b> \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user <b>${usr_nm}</b> is <b>${usr_nm_shell}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user ${usr_nm} is /dev/null\033[0m"
fi
fi
if [ $usr_nm == guest ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user ${usr_nm} is ${usr_nm_shell} \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user <b>${usr_nm}</b> is <b>${usr_nm_shell}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user $usr_nm is /dev/null\033[0m"
fi
fi
if [ $usr_nm == nobody ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user $usr_nm is $usr_nm_shell \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user ${usr_nm} is ${usr_nm_shell}">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user $usr_nm is /dev/null\033[0m"
fi
fi
if [ $usr_nm == lpd ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user $usr_nm is $usr_nm_shell \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user <b>${usr_nm}</b> is <b>${usr_nm_shell}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user $usr_nm is /dev/null\033[0m"
fi
fi
if [ $usr_nm == sshd ]
then
usr_nm_shell=`echo $line | awk -F ":" '{print $7}'`
if [ ! -z $usr_nm_shell -a $usr_nm_shell != /dev/null ]
then
echo "\033[31m* The shell for user $usr_nm is $usr_nm_shell \033[0m"
if [ "${1}" == "html" ]
then
echo "The shell for user <b>${usr_nm}</b> is <b>${usr_nm_shell}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
p_stat="FALSE"
fi
else
echo "\033[32m* The shell for user $usr_nm is /dev/null\033[0m"
fi
fi
done</etc/passwd
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p6>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_6
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Non essential accounts</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_7()
{
#---------------------------------------------------------------#
# User password policy #
# The fuction contains three inner functions for evaluating #
# a)Default values #
# b)Current user values #
# c)Values according to policy #
#---------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 7
p_stat="TRUE"
#-----------------------------------#
# Change Values According To Policy #
#-----------------------------------#
pre_rules='mindiff=4 minage=1 maxage=13 minlen=8 minalpha=2 histexpire=26 maxrepeats=2 histsize=4 maxexpired=2 minother=2 pwdwarntime=14 dictionlist=/usr/share/dict/words loginretries=5'
if [ "${1}" == "html" ]
then
echo "<a name=p7></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<h5><u>AIX_07 Password and account policy settings</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
fi
sed -e '/^\*/d' -e '/^$/d' /etc/security/user >/tmp/etc_security_user_${TMP_FILE_INDEX}
default_values=""
scan_individual()
{
trap 'main_exit' 1 2 3 15
user_names_one="${1}"
user_pre_rules_att_found="NO"
user_fine="YES"
echo "Checking Password Policy for user ${user_names_one}"
echo "-------------------------------------------------"
for pre_rules_att in ${pre_rules}
do
user_pre_rules_att_found=NO
if [ -z "${user_attr_val}" ]
then
break
fi
for user_attr_val_att in ${user_attr_val}
do
user_pre_rule_var=`echo ${pre_rules_att} |awk -F "=" '{print $1}'`
user_pre_rule_val=`echo ${pre_rules_att} |awk -F "=" '{print $2}'`
user_default_var=`echo ${user_attr_val_att} |awk -F "=" '{print $1}'`
user_default_val=`echo ${user_attr_val_att} |awk -F "=" '{print $2}'`
if [ "${user_pre_rule_var}" == "${user_default_var}" ]
then
if [ ! -z "${user_default_val}" -a "${user_pre_rule_val}" == "${user_default_val}" ]
then
echo "\033[35m${user_pre_rule_var}\033[0m is \033[32mOK\033[0m"
else
echo "\033[35m${user_pre_rule_var}\033[0m is found in ${user_names_one} but value is \033[31mNOT OK\033[0m"
if [ "${2}" == "html" ]
then
echo "${user_pre_rule_var} is found in ${user_names_one} but value is NOT OK">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
p_stat="FALSE"
fi
user_fine="NO"
fi
user_pre_rules_att_found=YES
fi
done
if [ "${user_pre_rules_att_found}" == "NO" ]
then
# Check the user_pre_rule_var value is in default values
default_user_attr_found="NO"
for default_attr_val in ${default_values}
do
default_attr_val_var=`echo ${default_attr_val}|awk -F "=" '{print $1}'`
default_attr_val_val=`echo ${default_attr_val}|awk -F "=" '{print $2}'`
if [ "${default_attr_val_var}" == "${user_pre_rule_var}" ]
then
if [ "${default_attr_val_val}" == "${user_pre_rule_val}" ]
then
default_user_attr_found="OK"
elif [ "${default_attr_val_val}" != "${user_pre_rule_val}" ]
then
echo "Check default value for ${user_pre_rule_val}"
default_user_attr_found="OK"
user_fine="NO"
if [ "${1}" == "html" ]
then
echo "Check default value for ${user_pre_rule_val}">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
p_stat="FALSE"
fi
fi
fi
done
if [ "${default_user_attr_found}" == "NO" ]
then
echo "The attribute ${user_pre_rule_var} is not found default"
echo "Add this value in default first"
user_fine="NO"
if [ "${1}" == "html" ]
then
echo "The attribute ${user_pre_rule_var} is not found default">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "Add this value in default first">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
p_stat="FALSE"
fi
fi
fi
done
if [ "${user_fine}" == "YES" ]
then
echo "\033[32mPolicy for user ${user_names_one} is fine\033[0m"
elif [ ${user_fine} == "NO" ]
then
echo "-------------------------------------------------"
echo "\033[31mReview password policy for user ${user_names_one}\033[0m"
fi
echo "-------------------------------------------------"
}
get_user_attr()
{
trap 'main_exit' 1 2 3 15
user_attr_val=""
# Check whether parameter passed is NULL or NOT
if [ -z ${1} ]
then
echo "Null value passed"
return 1
fi
if [ "${1}" == "default:" ]
then
return 1
fi
user_found=NULL
while read user_line
do
user_user_chk=`echo ${user_line} |grep :$`
if [ ! -z "${user_user_chk}" -a "${user_user_chk}" == "${1}" -a "${user_user_chk}" ]
then
user_found=OK
user_found_name=${user_user_chk}
elif [ ${user_found} == OK ]
then
if [ ! -z "${user_user_chk}" -a "${user_found_name}" != "${user_user_chk}" ]
then
break
fi
user_file_var=`echo ${user_line}|awk -F "=" '{print $1}`
user_file_var=`echo ${user_file_var}|sed -e 's/ *,/,/g' -e 's/, */,/g' -e 's/^ *//' -e 's/ *$//'`
user_file_val=`echo ${user_line}|awk -F "=" '{print $2}`
user_file_val=`echo ${user_file_val}|sed -e 's/ *,/,/g' -e 's/, */,/g' -e 's/^ *//' -e 's/ *$//'`
user_attr_val="${user_attr_val} ${user_file_var}=${user_file_val}"
fi
done</tmp/etc_security_user_${TMP_FILE_INDEX}
}
main()
{
trap 'main_exit' 1 2 3 15
if [ "${1}" != "user" ]
then
# Get All default values
echo "---------------------------------------------"
echo "Checking Values in /etc/security/user"
echo "---------------------------------------------"
echo "Checking DEFAULT values"
echo "---------------------------------------------"
fi
sed -e '/^\*/d' -e '/^$/d' /etc/security/user >/tmp/etc_security_user_${TMP_FILE_INDEX}
found_user=NULL
while read line
do
star_chk=`echo ${line} |grep -v ^*`
user_chk=`echo ${line} |grep :$`
if [ ! -z ${star_chk} ]
then
if [ ! -z ${user_chk} ]
then
if [ ${found_user} != "OK" -a ${user_chk} == "default:" ]
then
found_user=OK
else
break
fi
elif [ ! -z ${line} ]
then
if [ ${found_user} == "OK" ]
then
var_name=`echo $line|awk -F "=" '{print $1}`
var_name_trim=`echo $var_name|sed -e 's/ *,/,/g' -e 's/, */,/g' -e 's/^ *//' -e 's/ *$//'`
var_val=`echo $line|awk -F "=" '{print $2}`
var_val_trim=`echo $var_val|sed -e 's/ *,/,/g' -e 's/, */,/g' -e 's/^ *//' -e 's/ *$//'`
line="${var_name_trim}=${var_val_trim}"
default_values="${default_values} ${line}"
fi
fi
fi
done</tmp/etc_security_user_${TMP_FILE_INDEX}
pre_rules_att_found=NULL
if [ "${1}" != "user" ]
then
for pre_rules_att in ${pre_rules}
do
pre_rules_att_found=NO
for default_rules_att in ${default_values}
do
pre_rule_var=`echo $pre_rules_att |awk -F "=" '{print $1}'`
pre_rule_val=`echo $pre_rules_att |awk -F "=" '{print $2}'`
default_var=`echo $default_rules_att |awk -F "=" '{print $1}'`
default_val=`echo $default_rules_att|awk -F "=" '{print $2}'`
if [ ${pre_rule_var} == ${default_var} ]
then
if [ ${pre_rule_val} == ${default_val} ]
then
echo "\033[35m${pre_rule_var}\033[0m is \033[32mOK\033[0m"
else
echo "\033[35m${pre_rule_var}\033[0m is found in default but value is \033[31mNOT OK\033[0m"
if [ "${2}" == "html" ]
then
echo "${pre_rule_var} is found in default but value is NOT OK">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
p_stat="FALSE"
fi
fi
pre_rules_att_found=YES
fi
done
if [ ${pre_rules_att_found} == "NO" ]
then
echo "\033[35m${pre_rule_var}\033[0m is \033[31mNOT FOUND IN\033[0m \033[35mdefault\033[0m"
if [ "${2}" == "html" ]
then
echo "${pre_rule_var} is NOT FOUND IN default">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
p_stat="FALSE"
fi
fi
done
echo "---------------------------------------------"
fi
}
comp_user_attr()
{
trap 'main_exit' 1 2 3 15
user_names=`sed -n -e '/:$/p' /tmp/etc_security_user_${TMP_FILE_INDEX}`
for user_names_one in ${user_names}
do
if [ "${user_names_one}" == "default:" ]
then
continue
fi
get_user_attr ${user_names_one}
if [ "${1}" == "html" ]
then
scan_individual ${user_names_one} html
else
scan_individual ${user_names_one}
fi
done
}
if [ "${1}" == "html" ]
then
html_val="html"
fi
main user ${html_val}
comp_user_attr ${html_val}
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p7>"
stat_ln_e="</a>"
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Password and account policy settings</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_8()
{
#-------------------------------------------------------#
# Check any user have blank passwords/no passwor set #
#-------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 8
p_stat="TRUE"
echo "Reading /etc/security/passwd "
echo "============================="
echo "Password NOT set for below users"
if [ "${1}" == "html" ]
then
echo "<a name=p8></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<h5><u>AIX_08 Accounts with empty passwords</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
fi
while read line
do
var_1=`echo ${line}|grep -v ^*|grep :$`
if [ ! -z ${var_1} ]
then
usr_nm=`echo "${line}"|grep :$|awk -F ":" '{ print $1}'`
else
var_2=`echo "${line}"|grep -v ^*|awk -F "=" '{ print $1}'`
if [ ! -z $var_2]
then
var_3=`echo "${line}"|awk -F "=" '{ print $2}'`
var_3=`echo "${var_3}" | sed -e 's/ *,/,/g' -e 's/, */,/g' -e 's/^ *//' -e 's/ *$//'`
if [ ${var_2} == password ]
then
if [ -z "${var_3}" -o "${var_3}" == "*" ]
then
echo "\033[31m${usr_nm}\033[0m"
if [ "${1}" == "html" ]
then
echo "${usr_nm}">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
p_stat="FALSE"
fi
fi
fi
fi
fi
done </etc/security/passwd
echo " Reading /etc/passwd "
echo "============================="
echo "Password NOT set for below users"
while read line
do
pass_val=`echo "${line}" |awk -F ":" '{print $2}'`
if [ "${pass_val}" == "*" ]
then
usr_nm_1=`echo "${line}"|awk -F ":" '{print $1}'`
echo "\033[31m${usr_nm_1}\033[0m"
if [ "${1}" == "html" ]
then
echo "${usr_nm_1}">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
p_stat="FALSE"
fi
fi
done</etc/passwd
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p8>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_7
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Accounts with empty passwords</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_9()
{
#-----------------------------------------------------------------#
# Check for more than one super user #
#-----------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 9
p_stat="TRUE"
flg=0
if [ "${1}" == "html" ]
then
echo "<a name=p9></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9
echo "<h5><u>AIX_09 Accounts with root UID</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9
fi
while read line
do
uid_val=`echo "${line}"|awk -F ":" '{print $3}'`
uid_nm=`echo "${line}"|awk -F ":" '{print $1}'`
if [ ${uid_val} == 0 -a ${uid_nm} != root ]
then
echo "\033[32mUID is zero for ${uid_nm} \033[0m"
flg=1
if [ "${1}" == "html" ]
then
echo "<b>UID</b> is zero for <b>${uid_nm}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9
p_stat="FALSE"
fi
fi
done</etc/passwd
if [ ${flg} -eq 0 ]
then
echo "\033[32mNo Super user other than root\033[0m"
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p9>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_9
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Accounts with root UID</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_10()
{
#------------------------------------------------------------#
# Check for systems default UMASK value #
#------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
flg=0
tbl_auth 10
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p10></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10
echo "<h5><u>AIX_10 System UMASK value</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10
fi
cat /etc/security/user |grep -v ^* >/tmp/sec_usr_$$.log
while read line
do
var_1=`echo ${line}|grep :$`
if [ ! -z ${var_1} ]
then
usr_nm=`echo "${line}"|grep :$|awk -F ":" '{ print $1}'`
else
var_2=`echo "${line}"|awk -F "=" '{ print $1}'`
if [ ! -z $var_2]
then
var_3=`echo "${line}"|awk -F "=" '{ print $2}'`
var_3=`echo "${var_3}" | sed -e 's/ *,/,/g' -e 's/, */,/g' -e 's/^ *//' -e 's/ *$//'`
if [ ${var_2} == umask ]
then
if [ ${var_3} != 22 -a ${var_3} != 022 ]
then
echo "\033[31mUMASK not 022 for ${usr_nm}\033[0m"
flg=1
if [ "${1}" == "html" ]
then
echo "<b>UMASK</b> not <b>022</b> for <b>${usr_nm}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10
p_stat="FALSE"
fi
fi
fi
fi
fi
done </tmp/sec_usr_$$.log
if [ ${flg} -eq 0 ]
then
echo "\033[32mUMASK values are OK\033[0m"
fi
rm -f /tmp/sec_usr_$$.log
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p10>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_10
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>System UMASK value</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_11()
{
#-----------------------------------------------------------------#
# Check login banners #
# Here the script will check the below sentance #
# "This system is for the use of authorized users only." #
#-----------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 11
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p11></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11
echo "<h5><u>AIX_11 Login Banners</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11
fi
banner_org=`cat /etc/security/login.cfg|grep -v ^*|grep herald|grep "This system is for the use of authorized users only."`
if [ ! -z ${banner_org} ]
then
echo "\033[32m* Banner is OK\033[0m"
else
echo "\033[31m* Banner is NOT OK\033[0m"
if [ "${1}" == "html" ]
then
echo "Banner is NOT OK">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p11>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_11
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Login Banners</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_12()
{
#-------------------------------------------------------------#
# Check snmp service and its settings #
#-------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 12
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p12></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12
echo "<h5><u>AIX_12 SNMP Service settings</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12
fi
snmp_ena=`cat /etc/snmpd.conf|grep readWrite|grep ^community`
snmp_dis=`cat /etc/snmpd.conf|grep readWrite|grep ^#community`
if [ ! -z ${snmp_com} ]
then
echo "\033[31mSNMP Service enabled in config file with readWrite community\033[0m"
if [ "${1}" == "html" ]
then
echo "SNMP Service enabled in config file with <b>readWrite</b> community">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12
p_stat="FALSE"
fi
fi
if [ ! -z ${snmp_dis} ]
then
echo "\033[32mFollowing commented lines found in /etc/snmpd.conf"
cat /etc/snmpd.conf|grep readWrite|grep ^#community
echo "\033[0m"
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p12>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_12
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>SNMP Service settings</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
#***************************************************************************
# Second part starts *
#***************************************************************************
tbl_auth_13()
{
#-----------------------------------------------------------------#
# Only root user can make changes to password and group files #
#-----------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 13
per_val=`ls -lrt /etc/passwd|awk '{print $1}'`
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p13></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
echo "<h5><u>AIX_13 Password and Group file permissions</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
fi
if [ ${per_val} == '-rw-r--r--' ]
then
echo "\033[32mPassword file is Ok\033[0m"
else
echo "\033[31mPassword file Not OK\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>Password file(/etc/passwd)</b> Not OK" >>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
p_stat="FALSE"
fi
fi
per_val=`ls -lrt /etc/group|awk '{print $1}'`
if [ ${per_val} == '-rw-r--r--' ]
then
echo "\033[32mGroup file is Ok\033[0m"
else
echo "\033[31mGroup file is Not OK\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>Group file(/etc/group)</b> is Not OK" >>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
p_stat="FALSE"
fi
fi
per_val=`ls -ld /etc/security|awk '{print $1}'`
if [ ${per_val} == 'drwxr-x---' ]
then
echo "\033[32mSecurity directory is Ok\033[0m"
else
echo "\033[31mSecurity directory is Not OK\033[0m"
if [ "${1}" == "html" ]
then
echo "Security directory is Not OK" >>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p13>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_13
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Password and Group file permissions</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_14()
{
#------------------------------------------------------------------#
# No other user can delete any files in a world writable directory #
# that was owned by a different user #
#------------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 14
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p14></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14
echo "<h5><u>AIX_14 Sticky bit on world writable dirs</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14
fi
stk_bit=`ls -ld /tmp|awk '{print $1}'|grep t$`
if [ ! -z ${stk_bit} ]
then
echo "\033[32mSticky bit is enabled for /tmp\033[0m"
else
echo "\033[31mSticky bit is not enabled for /tmp\033[0m"
if [ "${1}" == "html" ]
then
echo "Sticky bit is not enabled for <b>/tmp</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p14>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_14
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Sticky bit on world writable dirs</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_15()
{
#--------------------------------------------------------------------#
# Find out which files have SUID permissions(Very important rule) #
#--------------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 15
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p15></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
echo "<h5><u>AIX_15 Unauthorized SUID system executables</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
fi
echo "The file list will be in /tmp/suid_harden_$$.log"
find / -type f \( -perm -04000 \) -exec ls {} \; >/tmp/suid_harden_$$.log
file_stat=`cat /tmp/suid_harden_$$.log`
if [ ! -z "${file_stat}" ]
then
if [ "${1}" == "html" ]
then
echo "<b>Some files have SUID attribute on</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
for file_nm_suid in `cat /tmp/suid_harden_$$.log`
do
proc_detect=`echo ${file_nm_suid}|grep ^/proc`
if [ -z "${proc_detect}" ]
then
echo "${file_nm_suid}">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
fi
done
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p15>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_15
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Unauthorized SUID system executables</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_16()
{
#--------------------------------------------------------------------#
# Find out which files have SGID permissions(Very important rule) #
#--------------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 16
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p16></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
echo "<h5><u>AIX_16 Unauthorized SGID system executables</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
fi
echo "The file list will be in /tmp/sgid_harden_$$.log"
find / -type f \( -perm -02000 \) -exec ls {} \; >/tmp/sgid_harden_$$.log
file_stat=`cat /tmp/sgid_harden_$$.log`
if [ ! -z "${file_stat}" ]
then
if [ "${1}" == "html" ]
then
echo "<b>Some Files Have SGID attribute ON</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
for file_nm_sgid in `cat /tmp/sgid_harden_$$.log`
do
proc_detect=`echo ${file_nm_sgid}|grep ^/proc`
if [ -z "${proc_detect}" ]
then
echo "${file_nm_sgid}">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
fi
done
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p16>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_16
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Unauthorized SGID system executables</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_17()
{
#--------------------------------------------------------------#
# Findout un-owned files and directories #
#--------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 17
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p17></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
echo "<h5><u>AIX_17 Unowned files and Directories</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
fi
echo "The file list will be in /tmp/noon_harden_$$.log"
find / -nouser -print >/tmp/noon_harden_$$.log
file_stat=`cat /tmp/noon_harden_$$.log`
if [ ! -z "${file_stat}" ]
then
if [ "${1}" == "html" ]
then
echo "<b>Some files have No Ownership</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
for file_nm_noon in `cat /tmp/noon_harden_$$.log`
do
proc_detect=`echo ${file_nm_noon}|grep ^/proc`
if [ -z "${proc_detect}" ]
then
echo "${file_nm_noon}">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
fi
done
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p17>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_17
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Unowned files and Directories</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_18()
{
#-------------------------------------------------------------------#
# Which user can create and modify CRON and AT jobs #
#-------------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 18
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p18></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
echo "<h5><u>AIX_18 CRON and AT permission</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
fi
if [ -f '/var/adm/cron/cron.deny' ]
then
echo "\033[31m/var/adm/cron/cron.deny file exists\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>/var/adm/cron/cron.deny</b> file not exists">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
p_stat="FALSE"
fi
else
echo "\033[32m/var/adm/cron/cron.deny file not exists\033[0m"
fi
if [ -f '/var/adm/cron/at.deny' ]
then
echo "\033[31m/var/adm/cron/at.deny file exists\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>/var/adm/cron/at.deny</b> file not exists">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
p_stat="FALSE"
fi
else
echo "\033[32m/var/adm/cron/at.deny file not exists\033[0m"
fi
echo "---------------------------------------"
if [ -f '/var/adm/cron/cron.allow' ]
then
echo "\033[32m/var/adm/cron/cron.allow file exists\033[0m"
cron_root=`cat /var/adm/cron/cron.allow`
if [ ! -z ${cron_root} -a ${cron_root} == 'root' ]
then
echo "\033[32mCRON allowed for root only\033[0m"
else
echo "\033[31mUnusual entry in /var/adm/cron/cron.allow\033[0m"
if [ "${1}" == "html" ]
then
echo "Unusual entry in <b>/var/adm/cron/cron.allow</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
p_stat="FALSE"
fi
fi
else
echo "\033[31m/var/adm/cron/cron.allow file not exists\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>/var/adm/cron/cron.allow</b> file not exists">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
p_stat="FALSE"
fi
fi
echo "---------------------------------------"
if [ -f '/var/adm/cron/at.allow' ]
then
echo "\033[32m/var/adm/cron/at.allow file exists\033[0m"
at_root=`cat /var/adm/cron/at.allow`
if [ ! -z ${at_root} -a ${at_root} == 'root' ]
then
echo "\033[32mAT allowed for root only\033[0m"
else
echo "\033[31mUnusual entry in /var/adm/cron/at.allow\033[0m"
if [ "${1}" == "html" ]
then
echo "Unusual entry in <b>/var/adm/cron/at.allow</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
p_stat="FALSE"
fi
fi
else
echo "\033[31m/var/adm/cron/at.allow file not exists\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>/var/adm/cron/at.allow</b> file not exists">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p18>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_18
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>CRON and AT permission</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_19()
{
#-------------------------------------------------------------------#
# Check permissions of crontab files #
#-------------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p19></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
echo "<h5><u>AIX_19 Insecure permission on crontab files</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
fi
cron_own=`ls -l /var/spool/cron/crontabs|awk '{print $3}'|grep -v ^$|grep -v root`
if [ ! -z ${cron_own} ]
then
echo "\033[31mCheck ownership of files inside /var/spool/cron/crontabs\033[0m"
if [ "${1}" == "html" ]
then
echo "Check ownership of files inside <b>/var/spool/cron/crontabs</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
p_stat="FALSE"
fi
else
echo "\033[32mOwnership of files in /var/spool/cron/crontabs is root\033[0m"
fi
cron_perm=`ls -l /var/spool/cron/crontabs|awk '{print $1}'|grep -v "\-rwxrwx\-\-\-"|grep -v total`
if [ ! -z ${cron_perm} ]
then
echo "\033[31mCheck permission of files inside /var/spool/cron/crontabs\033[0m"
if [ "${1}" == "html" ]
then
echo "Check permission of files inside <b>/var/spool/cron/crontabs</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
p_stat="FALSE"
fi
else
echo "\033[32mPermissions of files in /var/spool/cron/crontabs is 770\033[0m"
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p2>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_19
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Insecure permission on crontab files</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${rm_msg}</td>" >>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_20()
{
#------------------------------------------------------------------#
# Check permission and ownership ofnetwork configuration files #
# a)rc.tcpip #
# b)rc.net #
#------------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 20
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p20></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
echo "<h5><u>AIX_20 Permission on network configuration files</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
fi
rc_tcpip=`ls -l /etc/rc.tcpip|awk '{print $3}'`
rc_net=`ls -l /etc/rc.net|awk '{print $3}'`
rc_tcpip_perm=`ls -l /etc/rc.tcpip|awk '{print $1}'`
rc_net_perm=`ls -l /etc/rc.net|awk '{print $1}'`
if [ ! -z ${rc_tcpip} -a ${rc_tcpip} != 'root' ]
then
echo "\033[31mCheck ownership of /etc/rc.tcpip\033[0m"
if [ "${1}" == "html" ]
then
echo "Check ownership of <b>/etc/rc.tcpip</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
p_stat="FALSE"
fi
else
echo "\033[32mOwnership of /etc/rc.tcpip is root\033[0m"
fi
if [ ! -z ${rc_net} -a ${rc_net} != 'root' ]
then
echo "\033[31mCheck ownership of /etc/rc.net\033[0m"
if [ "${1}" == "html" ]
then
echo "Check ownership of <b>/etc/rc.net</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
p_stat="FALSE"
fi
else
echo "\033[32mOwnership of /etc/rc.net is root\033[0m"
fi
if [ ${rc_tcpip_perm} != '-rwx------' ]
then
echo "\033[31mCheck permission of /etc/rc.tcpip\033[0m"
if [ "${1}" == "html" ]
then
echo "Check permission of <b>/etc/rc.tcpip</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
p_stat="FALSE"
fi
else
echo "\033[32mPermission of /etc/rc.tcpip is 700\033[0m"
fi
if [ ${rc_net_perm} != '-rwx------' ]
then
echo "\033[31mCheck permission of /etc/rc.net\033[0m"
if [ "${1}" == "html" ]
then
echo "Check permission of <b>/etc/rc.net</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
p_stat="FALSE"
fi
else
echo "\033[32mPermission of /etc/rc.net is 700\033[0m"
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p20>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_20
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Permission on network configuration files</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_21()
{
#-------------------------------------------------------------------#
# Check user home directory permissions #
# No user can enter into any other users home #
#-------------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 21
flg=0
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p21></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21
echo "<h5><u>AIX_21 Permission on user home directories</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21
fi
for x in `ls /home`;do
if [ -d /home/${x} -a ${x} != 'lost+found' ]
then
hom_dir=`ls -ld /home/$x |awk '{ print $1}'`
if [ $hom_dir == 'drwxr-x---' ]
then
echo "\033[32m/home/$x - 750\033[0m"
else
echo "\033[31mCheck permission of /home/$x\033[0m"
flg=1
if [ "${1}" == "html" ]
then
echo "Check permission of <b>/home/${x}</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21
p_stat="FALSE"
fi
fi
fi
done
if [ $flg -eq 0 ]
then
echo "\033[32mAll directories in /home are with permission 750\033[0m"
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p21>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_21
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Permission on user home directories</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_22()
{
#------------------------------------------------------------#
# Permission on log files #
# Only authorised user can view/modify logs #
# You can add more files in to list #
#------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 22
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p22></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
echo "<h5><u>AIX_22 Permission on log files</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
fi
#------------------------------------------------------------#
# Here you can add more files #
# MUST BE WHITE SPACE SEPARATED #
#------------------------------------------------------------#
files_list="/smit.log /var/adm/cron/log /var/tmp/dpid2.log /var/tmp/hostmidb.log /var/tmp/snmpd.log /var/ct/RMstart.log /var/adm/sulog /var/adm/authlog /var/adm/syslog"
for file_nm in `echo ${files_list}`;do
if [ -f ${file_nm} ]
then
ans=`ls -l ${file_nm}|awk '{print $1}'`
rw_val=`expr substr $ans 8 2`
if [ ${rw_val} == '--' ]
then
echo "\033[32mFile permission of $file_nm is OK\033[0m"
else
echo "\033[31mFile permission of $file_nm is NOT OK\033[0m"
if [ "${1}" == "html" ]
then
echo "File permission of <b>${file_nm}</b> is NOT OK">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
p_stat="FALSE"
fi
fi
else
echo "File ${file_nm} not exists"
if [ "${1}" == "html" ]
then
echo "File <b>${file_nm}</b> not exists">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
if [ "${p_stat}" != "FALSE" ]
then
p_stat="EXEPTION"
fi
fi
fi
done
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
fi
if [ "${p_stat}" == "FALSE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p22>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
elif [ "${p_stat}" == "EXEPTION" ]
then
html_stat="EXEPTION"
html_tr_cl="magenta"
rm_msg="Click Here For Details"
stat_ln="<a href=#p22>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_22
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Permission on log files</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_23()
{
#------------------------------------------------------------#
# Logging level of syslogd to write information on syslog #
#------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 23
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p23></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
echo "<h5><u>AIX_23 Message send to syslog</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
fi
if [ -f /var/adm/syslog ]
then
if [ `ls -l /var/adm/syslog |awk '{print $3"-"$4}'` != 'root-system' ]
then
echo "\033[31mOwnership of /var/adm/syslog is not ok\033[0m"
if [ "${1}" == "html" ]
then
echo "Ownership of <b>/var/adm/syslog</b> is not ok">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
p_stat="FALSE"
fi
else
echo "\033[32mOwnership of /var/adm/syslog is ok\033[0m"
fi
if [ `ls -l /var/adm/syslog |awk '{print $1}'` != '-rw-r-----' ]
then
echo "\033[31mPermission of /var/adm/syslog is not ok\033[0m"
if [ "${1}" == "html" ]
then
echo "Permission of <b>/var/adm/syslog</b> is not ok">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
p_stat="FALSE"
fi
else
echo "\033[32mPermission of /var/adm/syslog is ok\033[0m"
fi
fi
if [ -f /var/adm/authlog ]
then
if [ `ls -l /var/adm/authlog|awk '{print $1}'` != '-rw-------' ]
then
echo "\033[31mPermission of /var/adm/authlog is not ok\033[0m"
if [ "${1}" == "html" ]
then
echo "Permission of <b>/var/adm/authlog</b> is not ok">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
p_stat="FALSE"
fi
else
echo "\033[32mPermission of /var/adm/authlog is ok\033[0m"
fi
fi
auth_info=`cat /etc/syslog.conf|grep -v ^#|grep "*.info;auth.none"`
auth_info_v1=`echo ${auth_info}|awk '{print $1}'`
auth_info_v2=`echo ${auth_info}|awk '{print $2}'`
if [ ${auth_info_v1} == "*.info;auth.none" -a ${auth_info_v2} == "/var/adm/syslog" ]
then
echo "\033[32mLoging enabled for *.info;auth.none to /var/adm/syslog\033[0m"
else
echo "\033[31mLoging not enabled in /var/adm/syslog\033[0m"
if [ "${1}" == "html" ]
then
echo "Loging not enabled in <b>/var/adm/syslog</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
p_stat="FALSE"
fi
fi
auth_info=`cat /etc/syslog.conf|grep -v ^#|grep "auth.info"`
auth_info_v1=`echo ${auth_info}|awk '{print $1}'`
auth_info_v2=`echo ${auth_info}|awk '{print $2}'`
if [ ${auth_info_v1} == "auth.info" -a ${auth_info_v2} == "/var/adm/authlog" ]
then
echo "\033[32mLoging enabled for auth.info to /var/adm/authlog\033[0m"
else
echo "\033[31mLoging not enabled in /var/adm/authlog\033[0m"
if [ "${1}" == "html" ]
then
echo "Loging not enabled in <b>/var/adm/authlog</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p23>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_23
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Message send to syslog</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_24()
{
trap 'main_exit' 1 2 3 15
tbl_auth 24
echo "Not Implemented"
if [ "${1}" == "html" ]
then
echo "<a name=p24></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
echo "<h5><u>AIX_24 Remote logging using syslog</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
echo "Remote logging server must be configured before implemeting this policy">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
echo "The policy checking is not yet implemented">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
echo "May be next time...">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
html_stat="EXCEPTION"
html_tr_cl="magenta"
rm_msg="Click Here For Details"
stat_ln="<a href=#p24>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_24
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Remote logging using syslog</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_25()
{
trap 'main_exit' 1 2 3 15
tbl_auth 25
echo "Not Implemented"
if [ "${1}" == "html" ]
then
echo "<a name=p25></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_25
echo "<h5><u>AIX_25 Kernel level auditing</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_25
echo "The policy checking is not yet implemented">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_25
echo "May be next time...">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_25
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_25
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_25
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_25
html_stat="EXCEPTION"
html_tr_cl="magenta"
rm_msg="Click Here For Details"
stat_ln="<a href=#p25>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_25 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_25
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Kernel level auditing</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_26()
{
#--------------------------------------------------------------------#
# No essential services #
# Be carefull while choosing services #
# May be one service depends on other #
# eg:- "nfs" depends on "portmap" #
#--------------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 26
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p26></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
echo "<h5><u>AIX_26 Non essential services</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
fi
echo "Checking /etc/inetd.conf"
#-------------------------------------------------------------------#
# Here you can add or remove services /etc/inetd.conf #
#-------------------------------------------------------------------#
sev_list='ftp telnet shell kshell login klogin exec echo discard chargen daytime time ttdbserver dtspc ntalk rstatd rusersd rwalld sprayd pcnfsd cmsd tftp rquotd'
file_srv_list=`cat /etc/inetd.conf |grep -v ^# |awk '{ print $1 }'`
for cmp_srv in $file_srv_list;do
flg=0
for cmp_srv_1 in $sev_list;do
if [ $cmp_srv_1 == $cmp_srv ]
then
echo "\033[31mService \033[35m$cmp_srv\033[31m is not disabled\033[0m"
flg=1
if [ "${1}" == "html" ]
then
echo "Service <b>${cmp_srv}</b> is not disabled in <b>/etc/inetd.conf</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
p_stat="FALSE"
fi
fi
done
done
echo "Checking /etc/rc.tcpip"
serv_nm_fl=`cat /etc/rc.tcpip |grep \$src_running\"$|grep ^start |awk '{print $2}'`
#-------------------------------------------------------------------#
# Here you can add or remove services /etc/rc.tcpip #
#-------------------------------------------------------------------#
serv_nm='sendmail routed gated named timed rwhod mrouted snmpd hostmibd dpid2 lpd portmap autoconf6'
for srv_nm_1 in $serv_nm_fl;do
for srv_nm_2 in $serv_nm;do
if [ `basename $srv_nm_1` == $srv_nm_2 ]
then
echo "\033[31mService \033[35m$srv_nm_2\033[31m is not disabled\033[0m"
if [ "${1}" == "html" ]
then
echo "Service <b>${srv_nm_2}</b> is not disabled in <b>/etc/rc.tcpip</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
p_stat="FALSE"
fi
fi
done
done
echo "Checking /etc/inittab"
x=`cat /etc/inittab|grep -v ^#|grep -v ^* |awk -F ":" '{print $1}'|grep -v ^$`
#-------------------------------------------------------------------#
# Here you can add or remove services in /etc/inittab #
#-------------------------------------------------------------------#
y='piobe writesrv i4ls httpdlite'
for init_srv in $x;do
for init_srv_l in $y;do
if [ $init_srv_l == $init_srv ]
then
echo "\033[31mSevice \033[35m$init_srv_l\033[31m not disabled\033[0m"
if [ "${1}" == "html" ]
then
echo "Sevice <b>${init_srv_l}</b> is not disabled in <b>/etc/inittab</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
p_stat="FALSE"
fi
fi
done
done
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p26>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_26
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Non essential services</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</td>" >>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_27()
{
#-----------------------------------------------------------------#
# Check network settings #
#-----------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 27
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p27></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27
echo "<h5><u>AIX_27 Network TCP/IP settings</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27
fi
x='bcastping=0 clean_partial_conns=1 directed_broadcast=0 icmpaddressmask=0 ipforwarding=0 ipignoreredirects=1 ipsendredirects=0 ip6srcrouteforward=0 ipsrcrouterecv=0 ipsrcroutesend=0 nonlocsrcroute=0 tcp_icmpsecure=1 ip_nfrag=200 tcp_pmtu_discover=0 tcp_tcpsecure=7 udp_pmtu_discover=0'
for list_1 in $x;do
cmp_var=`echo $list_1 |awk -F "=" '{print $1}'`
cmp_val=`echo $list_1 |awk -F "=" '{print $2}'`
org_val=`no -o $cmp_var`
org_val_ext=`echo $org_val|awk -F "=" '{print $2}'|sed -e 's/ *,/,/g' -e 's/, */,/g' -e 's/^ *//' -e 's/ *$//'`
if [ $org_val_ext == $cmp_val ]
then
echo "$cmp_var \033[32mis \033[0m$cmp_val"
else
echo "$cmp_var \033[31mis not \033[0m$cmp_val"
if [ "${1}" == "html" ]
then
echo "<b>$cmp_var</b> is not <b>$cmp_val</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27
p_stat="FALSE"
fi
fi
done
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p27>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_27
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Network TCP/IP settings</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</td>" >>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_28()
{
#-------------------------------------------------#
# core dump file size limits #
#-------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 28
p_stat="TRUE"
if [ "${1}" == "html" ]
then
echo "<a name=p28></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
echo "<h5><u>AIX_28 Core dump settings</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
fi
lmt=`cat /etc/security/limits |grep "core = 0"`
if [ ! -z $lmt ]
then
echo "core \033[32mvalue is ok in /etc/security/limits\033[0m"
else
echo "core \033[31mvalue is not ok in /etc/security/limits\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>core</b> value is not ok in <b>/etc/security/limits</b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
p_stat="FALSE"
fi
fi
lmt=`cat /etc/security/limits |grep "core_hard = 0"`
if [ ! -z $lmt ]
then
echo "core_hard \033[32mvalue is ok in /etc/security/limits\033[0m"
else
echo "core_hard \033[31mvalue is not ok in /etc/security/limits\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>core_hard</b> value is not ok in /etc/security/limits">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
p_stat="FALSE"
fi
fi
if [ `cat /etc/profile |grep -v ^# |grep -v ^*|grep -v ^$|grep ulimit|awk '{print $1$2$3}'` == 'ulimit-c0' ]
then
echo "ulimit \033[32mok in /etc/profile\033[0m"
else
echo "ulimit \033[31mnot ok in /etc/profile\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>ulimit</b> not ok in <b>/etc/profile<b>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
p_stat="FALSE"
fi
fi
if [ `lsattr -El sys0 -a fullcore|awk '{print $2}'` == 'false' ]
then
echo "\033[32mAttribute of \033[0mfullcore\033[32m in \033[0msys0\033[32m is ok\033[0m"
else
echo "\033[31mAttribute of \033[0mfullcore\033[31m in \033[0msys0\033[31m is not ok\033[0m"
if [ "${1}" == "html" ]
then
echo "Attribute of <b>fullcore</b> in sys0 is not ok">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p28>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_28
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Core dump settings</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_29()
{
#---------------------------------------------------#
# NFS tunables and settings #
#---------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 29
if [ "${1}" == "html" ]
then
echo "<a name=p29></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
echo "<h5><u>AIX_29 NFS client requests to privileged ports</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
fi
x=`nfso -o portcheck |awk '{print $3}'`
if [ $x == 1 ]
then
echo "portcheck \033[32mvalue in \033[0mnfso\033[32m is ok\033[0m"
else
echo "portcheck \033[31mvalue in \033[0mnfso\033[31m is not ok\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>portcheck</b> value in nfso is not ok">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
p_stat="FALSE"
fi
fi
x=`nfso -o nfs_use_reserved_ports |awk '{print $3}'`
if [ $x == 1 ]
then
echo "nfs_use_reserved_ports \033[32mvalue in \033[0mnfso\033[32m is ok\033[0m"
else
echo "nfs_use_reserved_ports \033[31mvalue in \033[0mnfso\033[31m is not ok\033[0m"
if [ "${1}" == "html" ]
then
echo "<b>nfs_use_reserved_ports</b> value in nfso is not ok">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
p_stat="FALSE"
fi
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
fi
if [ "${p_stat}" != "TRUE" ]
then
html_stat="ERROR"
html_tr_cl="red"
rm_msg="Click Here For Details"
stat_ln="<a href=#p29>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
else
html_stat="OK"
html_tr_cl="green"
rm_msg="Everything is Fine"
stat_ln=""
stat_ln_e=""
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_29
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>NFS client requests to privileged ports</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_30()
{
#-------------------------------------------------------#
# Recomented patch level - NOT IMPLEMENTED #
#-------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 30
echo "Not Implemented"
if [ "${1}" == "html" ]
then
echo "<a name=p30></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_30
echo "<h5><u>AIX_30 Patch level</h5></u>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_30
echo "The policy checking is not yet implemented">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_30
echo "May be next time...">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_30
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_30
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_30
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_30
html_stat="EXCEPTION"
html_tr_cl="magenta"
rm_msg="Click Here For Details"
stat_ln="<a href=#p30>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_30 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_30
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Patch level</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
tbl_auth_31()
{
#-------------------------------------------------------------#
# Week file system configuration #
#-------------------------------------------------------------#
trap 'main_exit' 1 2 3 15
tbl_auth 31
echo "Not Implemented"
if [ "${1}" == "html" ]
then
echo "<a name=p31></a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_31
echo "<h5><u>AIX_31 Weak file system security configuration</u></h5>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_31
echo "The policy checking is not yet implemented">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_31
echo "May be next time...">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_31
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_31
fi
if [ "${1}" == "html" ]
then
echo "<a href=#top>Back to Top</a>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_31
echo "<br>">>${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_31
html_stat="EXCEPTION"
html_tr_cl="magenta"
rm_msg="Click Here For Details"
stat_ln="<a href=#p31>"
stat_ln_e="</a>"
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_31 >>${HTML_FILE_REM}_${TMP_FILE_INDEX}
rm -f ${HTML_FILE_REM}_${TMP_FILE_INDEX}_tbl_auth_31
fi
if [ "${1}" == "html" ]
then
echo "<tr>">>html_report.html
echo "<td>Weak file system security configuration</td><td bgcolor=${html_tr_cl}>${html_stat}</td><td>${stat_ln}${rm_msg}${stat_ln_e}</a></td>">>html_report.html
echo "</tr>">>html_report.html
fi
}
#==========================================================================#
#--------------------------------------------------------------------------#
# HTML Report Generaton Part
#--------------------------------------------------------------------------#
html_start()
{
echo "<html>">html_report.html
echo "<head></head>">>html_report.html
echo "<title></title>">>html_report.html
echo "<body>">>html_report.html
echo "<h4>Server Hardening Status Report</h4>">>html_report.html
echo "<hr>">>html_report.html
echo "<h4>Host Name \t :`hostname`</h4>">>html_report.html
# Get Ip address and provide the list
cnt=1
for ip_addr in `ifconfig -a|sed -n -e '/inet6/d' -e '/127.0.0.1/d' -e '/inet/p'|awk '{print $2}'`
do
echo "<h4>IP Address ${cnt} \t:${ip_addr}</h4>">>html_report.html
cnt=`expr ${cnt} + 1`
done
echo "<h4>Report Generation Date :`date +%d\/%m\/%y\ %I\:%M\:%S\ %p`</h4>">>html_report.html
echo "<hr>">>html_report.html
echo "<a href name=top></a>"
echo "<table border=5 >">>html_report.html
echo "<tr bgcolor=\"cyan\">">>html_report.html
echo "<td width=300 >Policy </td><td>Status</td><td width=100>Remarks</td>">>html_report.html
echo "</tr>">>html_report.html
}
#==========================================================================#
html_end()
{
echo "</body>">>html_report.html
echo "</html>">>html_report.html
}
#==========================================================================#
html_report_gen()
{
html_start
tbl_auth_1 html
tbl_auth_2 html
tbl_auth_3 html
tbl_auth_4 html
tbl_auth_5 html
tbl_auth_6 html
tbl_auth_7 html
tbl_auth_8 html
tbl_auth_9 html
tbl_auth_10 html
tbl_auth_11 html
tbl_auth_12 html
tbl_auth_13 html
tbl_auth_14 html
tbl_auth_15 html
tbl_auth_16 html
tbl_auth_17 html
tbl_auth_18 html
tbl_auth_19 html
tbl_auth_20 html
tbl_auth_21 html
tbl_auth_22 html
tbl_auth_23 html
tbl_auth_24 html
tbl_auth_25 html
tbl_auth_26 html
tbl_auth_27 html
tbl_auth_28 html
tbl_auth_29 html
tbl_auth_30 html
tbl_auth_31 html
echo "</table>">>html_report.html
cat ${HTML_FILE_REM}_${TMP_FILE_INDEX} >>html_report.html
html_end
read opt?"Press Any Key To Continue....."
main_page
}
#==========================================================================#
# Program Execution Starting Point......!!! #
#==========================================================================#
main_login
audit.pl
#!/usr/bin/perl
#S_PASSWD_READ cron root root OK 14 Aug 2012 09:30:00.725282 No associated roles
#
# audit object read event detected /etc/security/passwd
#
#MLS Data:
#
# Not supported
use strict;
use warnings;
use Time::Local;
use File::Copy;
use Getopt::Std;
my $version = 1.1;
my %options = (
r => "/audit/results/",
n => "AIX_AUDIT_",
l => "lastrecord.txt",
m => 30,
t => "/audit/trail",
v => 0,
h => 0
);
getopts('hvr:n:l:m:t:', \%options);
if ($options{v})
{
print "Script version: $version\n";
exit(1);
}
if ($options{h})
{
print <<"DONE";
Usage: $0 [all options are OPTIONAL] -r [dir] -n [name] -l [filepath] -v -h
-r Directory where results are to be stored
DEFAULT: /audit/results/
-n Name of processed audit files. Note that a timestamp will be appended to the file name after being processed.
DEFAULT: AIX_AUDIT_
-l Name of the last record file (to be placed in the directory specified in -r). This file contains timestamp
information of the last record processed on the previous execution of this script. This information is used
to ensure duplicate audit events are not generated. Note that if you rename this file and do not change this
parameter, then audit processing will begin from time zero, possibly duplicating all previous processed events.
DEFAULT: lastrecord.txt
-m Max number of audit files to keep on disk at a time. If there are more than the max after the script has finished,
then it will delete files (oldest files first) to get under the max. Setting the max number of audit files to zero
will perform no deletions. This means that deleting/pruning of audit files will have to be done manually. Note that
this script will only delete files that it has created, all audit events will still exist in the audit trail after
the script has performed any deletions.
DEFAULT: 30
-t Full path to the audit-trail file. This is defined in /etc/security/audit/config. You don't need to use this parameter
unless you have actually changed the trail location in the audit config file.
DEFAULT: /audit/trail
-v Displays the version of the script and exits.
-h Prints this usage information and exits.
DONE
exit(1);
}
my $mainDir = $options{r};
my $fileName = $options{n};
my $maxFiles = $options{m};
my $trail = $options{t};
# Append a '/' to the end of the path of necessary
if ($mainDir !~ m/.*?\/$/)
{
$mainDir = $mainDir."/";
}
# If our main directory doesn't exist, create it
if (! -e $mainDir)
{
mkdir($mainDir);
}
my $tmpFile = $mainDir."tmpResults.txt";
my $dumpFile = $mainDir.$fileName;
my $lastRecordFile = $mainDir.$options{l};
if (! -e $lastRecordFile)
{
open LASTRECORD, ">$lastRecordFile" or die $!;
print LASTRECORD "0";
}
my $counter = 0;
my $limit = 300;
# If this file exists then that means the auditting subsystem is currently working, ie
# it is in the process of creating a new trail file, so we shouldn't touch anything until
# it has finished.
while (-e "/var/log/eprise/working")
{
$counter++;
sleep(1);
if ($counter > 300)
{
print "Script timeout: Waited $limit seconds, but '/var/log/eprise/working' still exists!\n";
exit(1);
}
}
my $record = "";
my %monthMap = (
"Jan" => "0",
"Feb" => "1",
"Mar" => "2",
"Apr" => "3",
"May" => "4",
"Jun" => "5",
"Jul" => "6",
"Aug" => "7",
"Sep" => "8",
"Oct" => "9",
"Nov" => "10",
"Dec" => "11"
);
my $lastLine = `cat $lastRecordFile | head -n 1 2> /dev/null`;
my $lastTime = 0;
my $mil = 0;
# 1347784326 878440 - epoch time followed by microseconds
if ($lastLine =~ m/(\d{10}) (\d{6})/)
{
$lastTime = $1;
$mil = $2;
}
open OUTFILE, ">$tmpFile" or die $!;
my $writing = 0;
my $command = "auditpr -i $trail -h eclrRdi -v";
# Read the auditpr data straight from STDIN so we don't use more memory than required
open (DATA, "$command |");
while (my $line = <DATA>)
{
chomp($line);
if ($line =~ m/[a-zA-Z]+_[a-zA-Z]+\s+\S+\s+\S+\s+\S+\s+\S+\s+(\d{1,2})\s(\w{3})\s(\d{4})\s(\d{2}):(\d{2}):(\d{2})\.(\d{6})/)
{
if ($record ne "" && $writing)
{
print OUTFILE $record."\n";
}
my $currentTime = timelocal($6, $5, $4, $1, $monthMap{$2}, $3);
if (!$writing)
{
if ($currentTime > $lastTime)
{
$writing = 1;
$lastTime = $currentTime;
$mil = $7;
}
elsif ($currentTime == $lastTime)
{
# Extra comparison in microseconds to prevent event duplication
if ($7 > $mil)
{
$writing = 1;
$lastTime = $currentTime;
$mil = $7;
}
}
}
else
{
$lastTime = $currentTime;
$mil = $7;
}
if ($writing)
{
$record = $line;
}
}
else
{
if ($writing)
{
if ($line =~ m/\w+/)
{
$record = $record." ".$line
}
}
}
}
# The last record in the log file needs to be printed out as well
if ($record ne "")
{
print OUTFILE $record."\n";
}
#close FILE;
close OUTFILE;
# We're done writing the new audit file, so move it into it's permenant position
move($tmpFile, $dumpFile.$lastTime);
open LASTLINEFILEWRITE, ">$lastRecordFile" or die$!;
print LASTLINEFILEWRITE "$lastTime $mil\n";
close LASTLINEFILEWRITE;
# Remove files if necessary
my @currentFiles;
opendir ( DIR, $mainDir ) || die "Error opening directory $mainDir\n";
# Read the directory listing and grep the results for the $fileName
while(my $tempFile = readdir(DIR))
{
if ($tempFile =~ /$fileName/)
{
push (@currentFiles, $tempFile);
}
}
# Ensure the array is sorted by modified timestamp oldest to newest - should be a globally safe sorting method
@currentFiles = sort { -M "$mainDir/$b" <=> -M "$mainDir/$a" } (@currentFiles);
if ($maxFiles != 0)
{
while (scalar(@currentFiles) > $maxFiles)
{
if (!unlink($mainDir."/".$currentFiles[0]))
{
print "Error removing file [". $mainDir . "/" . $currentFiles[0] . "] - removing from list";
}
shift(@currentFiles);
}
}
aix/scripts_audit_aix.txt · Last modified: 2021/01/01 21:21 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
