Hello everyone,
I hope you are all well for this corona time.
Let me get to the point right away.
For the topic of my dissertation I took OPENSCAP and for the goal of my
work I set to security scan and secure Fedora 31 as much as possible.
I used a Standard System Security Profile for Fedora (80). scanned the
system and got results that were bad. I scanned with Scap Workbench
After that, I decided to make my own Bash script that will solve all these
security vulnerabilities. I finally succeeded after several months !! I
compared my script to yours which was offered as a solution in remediation
role and mine gives much better results, have 8 times less lines of code,
and is much easier to understand.
Attached is the listed bash script called Final.sh
I would love if it is possible for you to let me know if you can check it
out and give your opinion and maybe even include it in the Open Scap, and
give some confirmation of what was done.
Your opinion means a lot to me.
Thank You,
Leon Imsirovic
Software Enginner in ATOS
PS: I didn’t know who to send these results to so I decided here.
#Set Default firewalld Zone for Incoming Packets
echo -e "1. Set Default firewalld Zone for Incoming Packets \n##############################################"
sudo sed -i 's/.*DefaultZone.*/DefaultZone=drop/g' /etc/firewalld/firewalld.conf
echo 'DefaultZone is changed drop'
echo -e "##############################################\n"
# Verify firewalld Enabled
echo -e "2. Verify firewalld Enabled \n##############################################"
serv=firewalld.service
STATUS=$(systemctl show -p ActiveState --value firewalld.service )
if [ $STATUS = 'active' ]
then
echo "$serv is running fine!!!"
else
echo "$serv is down/dead"
service $serv start
echo "$serv service is UP now!!!"
fi
echo -e "##############################################\n"
#Disable Kernel Support for USB via Bootloader Configuration
echo -e "3. Disable Kernel Support for USB via Bootloader Configuration \n##############################################"
if ! rpm -q --quiet "grubby" ; then
dnf install -y "grubby"
fi
# Correct the form of default kernel command line in /etc/default/grub
if ! grep -q ^GRUB_CMDLINE_LINUX=\".*nousb.*\" /etc/default/grub;
then
# Edit configuration setting
# Append 'nousb' argument to /etc/default/grub (if not present yet)
sed -i "s/\(GRUB_CMDLINE_LINUX=\)\"\(.*\)\"/\1\"\2 nousb\"/" /etc/default/grub
# Edit runtime setting
# Correct the form of kernel command line for each installed kernel in the bootloader
/sbin/grubby --update-kernel=ALL --args="nousb"
fi
echo 'Kernel Support for USB Disabled'
echo -e "##############################################\n"
echo -e "4. Verify that System Executables Have Root Ownership \n##############################################"
find -L /bin \! -user root -exec chown root {} \;
find -L /sbin \! -user root -exec chown root {} \;
find -L /usr/bin \! -user root -exec chown root {} \;
find -L /usr/libexec/ \! -user root -exec chown root {} \;
find -L /usr/local/bin \! -user root -exec chown root {} \;
find -L /usr/local/sbin \! -user root -exec chown root {} \;
find -L /usr/sbin \! -user root -exec chown root {} \;
echo 'System Executables Have Root Ownership'
echo -e "##############################################\n"
#Verify that Shared Library Files Have Root Ownership
echo -e "5. Verify that Shared Library Files Have Root Ownership \n##############################################"
find -L /lib \! -user root -exec chown root {} \;
find -L /lib64 \! -user root -exec chown root {} \;
find -L /usr/lib \! -user root -exec chown root {} \;
find -L /usr/lib64 \! -user root -exec chown root {} \;
echo 'Shared Library Files Have Root Ownership'
echo -e "##############################################\n"
#Verify that Shared Library Files Have Restrictive Permissions
echo -e "6. Verify that Shared Library Files Have Restrictive Permissions \n##############################################"
find -L /lib -perm /022 -type f -exec chmod go-w {} \;
find -L /lib64 -perm /022 -type f -exec chmod go-w {} \;
find -L /usr/lib -perm /022 -type f -exec chmod go-w {} \;
find -L /usr/lib64 -perm /022 -type f -exec chmod go-w {} \;
find -L /lib -perm /022 -type d -exec chmod go-w {} \;
find -L /lib64 -perm /022 -type d -exec chmod go-w {} \;
find -L /usr/lib -perm /022 -type d -exec chmod go-w {} \;
find -L /usr/lib64 -perm /022 -type d -exec chmod go-w {} \;
echo 'Shared Library Files Have Restrictive Permissions'
echo -e "##############################################\n"
#Verify that System Executables Have Restrictive Permissions
echo -e "7. Verify that System Executables Have Restrictive Permissions \n##############################################"
find -L /bin -perm /022 -type f -exec chmod go-w {} \;
find -L /sbin -perm /022 -type f -exec chmod go-w {} \;
find -L /usr/bin -perm /022 -type f -exec chmod go-w {} \;
find -L /usr/libexec -perm /022 -type f -exec chmod go-w {} \;
find -L /usr/local/bin -perm /022 -type f -exec chmod go-w {} \;
find -L /usr/local/sbin -perm /022 -type f -exec chmod go-w {} \;
find -L /usr/sbin -perm /022 -type f -exec chmod go-w {} \;
find -L /bin -perm /022 -type d -exec chmod go-w {} \;
find -L /sbin -perm /022 -type d -exec chmod go-w {} \;
find -L /usr/bin -perm /022 -type d -exec chmod go-w {} \;
find -L /usr/libexec -perm /022 -type d -exec chmod go-w {} \;
find -L /usr/local/bin -perm /022 -type d -exec chmod go-w {} \;
find -L /usr/local/sbin -perm /022 -type d -exec chmod go-w {} \;
find -L /usr/sbin -perm /022 -type d -exec chmod go-w {} \;
echo 'System Executables Have Restrictive Permissions'
echo -e "##############################################\n"
#Ensure gpgcheck Enabled for All dnf Package Repositories
echo -e "8. Verify that System Executables Have Restrictive Permissions \n##############################################"
find /etc/yum.repos.d/ -type f -exec sed 's/^gpgcheck=0$//g' {} \;
echo 'gpgcheck Enabled for All dnf Package Repositories'
echo -e "##############################################\n"
#Ensure gpgcheck Enabled In Main dnf Configuration
echo -e "9. Ensure gpgcheck Enabled In Main dnf Configuration \n##############################################"
sudo sed -i 's/^.*gpgcheck=.*/gpgcheck=1/g' /etc/dnf/dnf.conf
echo 'gpgcheck Enabled In Main dnf Configuration'
echo -e "##############################################\n"
#Disable Prelinking
echo -e "10. Disable Prelinking \n##############################################"
sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink
echo 'Prelinking Disabled'
echo -e "##############################################\n"
#Build and Test AIDE Database
echo -e "11. Build and Test AIDE Database \n##############################################"
if ! rpm -q --quiet "aide" ; then
dnf install -y "aide"
fi
/usr/sbin/aide --init
/bin/cp -p /var/lib/aide/aide.db.new.gz /var/lib/aide/aide.db.gz
echo 'AIDE Database is Tested'
echo -e "##############################################\n"
#Verify and Correct File Permissions with RPM
echo -e "12. Verify and Correct File Permissions with RPM \n##############################################"
declare -A NEEDTOCORRECT
readarray -t DIFFERENTFROMEXPECTED < <(rpm -Va --nofiledigest | awk '{ if (substr($0,2,1)=="M") print $NF }')
for i in "${DIFFERENTFROMEXPECTED[@]}"
do
PACKRPM=$(rpm -qf "$i")
NEEDTOCORRECT["$PACKRPM"]=1
done
for PACKRPM in "${!NEEDTOCORRECT[@]}"
do
rpm --setperms "${PACKRPM}"
done
echo 'File Permissions with RPM are Corrected'
echo -e "#############################################################\n"
#Verify File Hashes with RPM
echo -e "13. Verify File Hashes with RPM \n##############################################"
rpm -Va | grep '^..5'
echo -e '-list which files on the system have hashes that \ndiffer from what is expected by the RPM'
echo -e '-if scan result is pass dont dont do nothing!! \nelse you need to reinstall packages which package owns the file'
echo -e "#############################################################\n"
#Configure SSH to use System Crypto Policy
echo -e "14. Configure SSH to use System Crypto Policy \n##############################################"
sudo sed -i 's/CRYPTO_POLICY=/#CRYPTO_POLICY=/g' /etc/sysconfig/sshd
echo 'Crypto Policies settings are configured correctly'
echo -e "#############################################################\n"
#Configure System Cryptography Policy
echo -e "15. Configure SSH to use System Crypto Policy \n##############################################"
sudo update-crypto-policies --set DEFAULT
echo -e "#############################################################\n"
#Configure Libreswan to use System Crypto Policy
echo -e "16. Configure Libreswan to use System Crypto Policy \n##############################################"
if ! rpm -q --quiet "libreswan" ; then
dnf install -y "libreswan"
fi
sudo sed -i 's|.*include /etc/crypto-policies/back-ends/libreswan.config*|include /etc/crypto-policies/back-ends/libreswan.config|g' /etc/ipsec.conf
echo 'Libreswan Configured to use System Crypto Policy'
echo -e "#############################################################\n"
#Configure Kerberos to use System Crypto Policy
echo -e "17. Configure Kerberos to use System Crypto Policy \n##############################################"
ln -s /etc/crypto-policies/back-ends/krb5.config /etc/krb5.conf/
echo 'Kerberos Configured'
echo -e "#############################################################\n"
#Configure OpenSSL library to use System Crypto Policy
echo -e "18. Configure OpenSSL library to use System Crypto Policy \n##############################################"
SECTION='[ crypto_policy ]'
SECTION_REGEX='\[\s*crypto_policy\s*\]'
INCLUSION='.include /etc/crypto-policies/back-ends/openssl.config'
INCLUSION_REGEX='^\s*\.include\s*/etc/crypto-policies/back-ends/openssl.config$'
Path="/etc/pki/tls/openssl.cnf"
if test -f "$Path"; then
if ! grep -q "^\\s*$SECTION_REGEX" "$Path"; then
printf '\n%s\n\n%s' "$SECTION" "$INCLUSION" >> "$Path"
elif ! grep -q "^\\s*$INCLUSION_REGEX" "$Path"; then
sed -i "s|$SECTION_REGEX|&\\n\\n$INCLUSION\\n|" "$Path"
fi
else
echo "'$Path' in not found." >&2
fi
echo 'OpenSSL library Configured'
echo -e "#############################################################\n"
#Ensure PAM Displays Last Logon/Access Notification
echo -e "19. Ensure PAM Displays Last Logon/Access Notification \n##############################################"
if $(grep -q "^session.*pam_lastlog.so" /etc/pam.d/postlogin) ; then
sed -i --follow-symlinks "/pam_lastlog.so/d" /etc/pam.d/postlogin
fi
echo "session [default=1] pam_lastlog.so nowtmp showfailed" >> /etc/pam.d/postlogin
echo "session optional pam_lastlog.so silent noupdate showfailed" >> /etc/pam.d/postlogin
echo "PAM Displays Last Logon"
echo -e "##############################################\n"
#Prevent Login to Accounts With Empty Password
echo -e "20. Prevent Login to Accounts With Empty Password \n##############################################"
sudo sed -i 's/nullok//g' /etc/pam.d/system-auth
echo 'Login Prevented'
echo -e "##############################################\n"
#Verify No netrc Files Exist
echo -e "21. Verify No netrc Files Exist \n##############################################"
find /root /home/ -type f -name ".netrc" -exec rm -f {} \;
echo 'No netrc Files'
echo -e "##############################################\n"
#Verify All Account Password Hashes are Shadowed
echo -e "22. Verify All Account Password Hashes are Shadowed \n##############################################"
variable=$(awk -F: '{if ($2 != "x") print$2}' /etc/passwd)
echo "$variable"
for i in `echo "$variable"` ; do
sed -i "s/$i/x/g" /etc/passwd
done
echo 'Verified All Account Password Hashes and Shadowed'
echo -e "##############################################\n"
#All GIDs referenced in /etc/passwd must be defined in /etc/group
echo -e "23. All GIDs referenced in /etc/passwd must be defined in /etc/group \n##############################################"
if pwck -r | grep 'no group'
then
echo 'You must define All this GIDs'
else
echo 'All GIDs are fine'
fi
echo -e "##############################################\n"
#Ensure All Accounts on the System Have Unique Names
echo -e "24. All GIDs referenced in /etc/passwd must be defined in /etc/group \n##############################################"
variable=$(awk -F: '{count[$1]++; users[$1] = $1 " " users[$1]} END {for (i in count) {if (count[i] > 1) { print users[i] } } }' /etc/passwd)
if ! [ -z "$variable" ]
then
echo 'These names are not Unique change them!!!'
echo "$variable"
else
echo 'All Accounts on the System Have Unique Names'
fi
echo -e "##############################################\n"
#Verify Only Root Has UID 0
echo -e "25. Verify Only Root Has UID 0 \n##############################################"
STATUS=$(cat /etc/passwd | awk -F: '($3 == 0) { print $1 }')
if [ "$STATUS" = 'root' ]; then
echo 'Only root have UID 0'
else
echo 'you need to Remove any users other than root with UID 0 or assign them a new UID if appropriate.'
echo "$STATUS"
fi
echo -e "##############################################\n"
#Restrict Serial Port Root Logins
#Direct root Logins Not Allowed
#Restrict Virtual Console Root Logins
echo -e "26. Restrict Serial Port Root Logins \n"
echo -e "27. Direct root Logins Not Allowed \n"
echo -e "28. Restrict Virtual Console Root Logins \n##############################################"
echo > /etc/securetty
echo "Serial Port Root Logins Restricted"
echo "Direct root Logins Not Allowed"
echo "Virtual Console Root Logins Restricted"
echo -e "##############################################\n"
#Set Password Warning Age
echo -e "29. Set Password Warning Age \n##############################################"
declare Pass_War_Age
Pass_War_Age="7"
grep -q ^PASS_WARN_AGE /etc/login.defs && \
sed -i "s/PASS_WARN_AGE.*/PASS_WARN_AGE\t$Pass_War_Age/g" /etc/login.defs
if ! [ $? -eq 0 ]
then
echo -e "PASS_WARN_AGE\t$Pass_War_Age" >> /etc/login.defs
fi
echo "Password Warning Age is now good"
echo -e "##############################################\n"
#Set Password Minimum Length in login.defs
echo -e "30. Set Password Minimum Length in login.defs \n##############################################"
declare Pass_Min_len
Pass_Min_len="12"
grep -q ^PASS_MIN_LEN /etc/login.defs && \
sed -i "s/PASS_MIN_LEN.*/PASS_MIN_LEN\t$Pass_Min_len/g" /etc/login.defs
if ! [ $? -eq 0 ]
then
echo -e "PASS_MIN_LEN\t$Pass_Min_len" >> /etc/login.defs
fi
echo "Password Minimum Length in login.defs is now good"
echo -e "##############################################\n"
#Set Password Minimum Age
echo -e "31. Set Password Minimum Age \n##############################################"
declare Pas_Min_Days
Pas_Min_Days="7"
grep -q ^PASS_MIN_DAYS /etc/login.defs && \
sed -i "s/PASS_MIN_DAYS.*/PASS_MIN_DAYS\t$Pas_Min_Days/g" /etc/login.defs
if ! [ $? -eq 0 ]
then
echo -e "PASS_MIN_DAYS\t$Pas_Min_Days" >> /etc/login.defs
fi
echo "Password Minimum Age is now good"
echo -e "##############################################\n"
#Set Password Maximum Age
echo -e "32. Set Password Maximum Age \n##############################################"
declare Pass_Max_Days
Pass_Max_Days="90"
grep -q ^PASS_MAX_DAYS /etc/login.defs && \
sed -i "s/PASS_MAX_DAYS.*/PASS_MAX_DAYS\t$Pass_Max_Days/g" /etc/login.defs
if ! [ $? -eq 0 ]
then
echo -e "PASS_MAX_DAYS\t$Pass_Max_Days" >> /etc/login.defs
fi
echo "Password Maximum Age is now good"
echo -e "##############################################\n"
#Ensure that Root's Path Does Not Include World or Group-Writable Directories
echo -e "33. Ensure that Root's Path Does Not Include World or Group-Writable Directories \n##############################################"
find /usr/bin /usr/sbin/ /sbin/ /bin/ /root/ -type d \( -perm -g+w -o -perm -o+w \) -exec chmod g-w {} \; -exec chmod o-w {} \;
echo "Root's Path Does Not Include World or Group-Writable Directories"
echo -e "##############################################\n"
#Enable auditd Service
echo -e "34. Enable auditd Service \n##############################################"
serv=auditd
sstat=$(pidof $serv | wc -l )
if [ $sstat -gt 0 ]
then
echo "$serv is running fine!!!"
else
echo "$serv is down/dead"
service $serv start
echo "$serv service is UP now!!!"
fi
echo -e "##############################################\n"
#Enable Auditing for Processes Which Start Prior to the Audit Daemon
echo -e "35. Enable Auditing for Processes Which Start Prior to the Audit Daemon \n##############################################"
grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit=1"
echo "Auditing for Processes Which Start Prior to the Audit Daemon Enabled"
echo -e "##############################################\n"
#Configure auditd Number of Logs Retained
echo -e "36. Configure auditd Number of Logs Retained \n##############################################"
if grep -q num_logs /etc/audit/auditd.conf; then
sudo sed -i 's/.*num_logs.*/num_logs = 5/g' /etc/audit/auditd.conf
else
echo "num_logs = 5" >> /etc/audit/auditd.conf
fi
echo "Auditd Number of Logs Retained Configured"
echo -e "##############################################\n"
#Configure auditd space_left Action on Low Disk Space
echo -e "37. Configure auditd space_left Action on Low Disk Space \n##############################################"
if grep -q "^space_left_action" /etc/audit/auditd.conf; then
sudo sed -i 's/^space_left_action.*/space_left_action = email/g' /etc/audit/auditd.conf
else
echo "space_left_action = email" >> /etc/audit/auditd.conf
fi
echo "Auditd space_left Action on Low Disk Space Configured"
echo -e "##############################################\n"
#Configure auditd max_log_file_action Upon Reaching Maximum Log Size
echo -e "38. Configure auditd max_log_file_action Upon Reaching Maximum Log Size \n##############################################"
if grep -q max_log_file_action /etc/audit/auditd.conf; then
sudo sed -i 's/.*max_log_file_action.*/max_log_file_action = rotate/g' /etc/audit/auditd.conf
else
echo "max_log_file_action = rotate" >> /etc/audit/auditd.conf
fi
echo "Auditd max_log_file_action Upon Reaching Maximum Log Size Configured"
echo -e "##############################################\n"
# Configure auditd admin_space_left Action on Low Disk Space
echo -e "39. Configure auditd admin_space_left Action on Low Disk Space \n##############################################"
if grep -q admin_space_left_action /etc/audit/auditd.conf; then
sudo sed -i 's/.*admin_space_left_action.*/admin_space_left_action = single/g' /etc/audit/auditd.conf
else
echo "admin_space_left_action = single" >> /etc/audit/auditd.conf
fi
echo "Auditd admin_space_left Action on Low Disk Space Configured"
echo -e "##############################################\n"
#Configure auditd to use audispd's syslog plugin
echo -e "40. Configure auditd to use audispd's syslog plugin \n##############################################"
if grep -q active /etc/audit/plugins.d/syslog.conf; then
sudo sed -i 's/.*active.*/active = yes/g' /etc/audit/plugins.d/syslog.conf
else
echo "active = yes" >> /etc/audit/plugins.d/syslog.conf
fi
sudo service auditd restart
echo "Auditd to use audispd's syslog plugin Configured"
echo -e "##############################################\n"
# Configure auditd Max Log File Size
echo -e "41. Configure auditd Max Log File Size \n##############################################"
if grep -q "\bmax_log_file\b" /etc/audit/auditd.conf; then
sudo sed -i 's/\b.*max_log_file\b.*/max_log_file = 6/g' /etc/audit/auditd.conf
else
echo "max_log_file = 6" >> /etc/audit/auditd.conf
fi
echo "Auditd Max Log File Size Configured"
echo -e "##############################################\n"
#Configure auditd mail_acct Action on Low Disk Space
echo -e "42. Configure auditd mail_acct Action on Low Disk Space \n##############################################"
if grep -q action_mail_acct /etc/audit/auditd.conf; then
sudo sed -i 's/.*action_mail_acct.*/action_mail_acct = root/g' /etc/audit/auditd.conf
else
echo "action_mail_acct = root" >> /etc/audit/auditd.conf
fi
echo "Auditd Number of Logs Retained Configured"
echo -e "##############################################\n"
#Ensure auditd Collects System Administrator Actions
echo -e "43. Ensure auditd Collects System Administrator Actions \n##############################################"
Files=$(find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/sudoers.d/ -p wa -k actions" {} \;)
Files1=$(find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/sudoers -p wa -k actions" {} \;)
Files2=$(find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/sudoers.d/ -p wa -k actions" {} \;)
Files3=$(find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/sudoers -p wa -k actions" {} \;)
for i in $Files;
do
echo "-w /etc/sudoers.d/ -p wa -k actions" >> $i;
done
for i in $Files1;
do
echo "-w /etc/sudoers -p wa -k actions" >> $i;
done
for i in $Files2;
do
echo "-w /etc/sudoers.d/ -p wa -k actions" >> $i;
done
for i in $Files3;
do
echo "-w /etc/sudoers -p wa -k actions" >> $i;
done
echo "Auditd Collects System Administrator Actions"
echo -e "##############################################\n"
#Record Events that Modify User/Group Information
echo -e "44. Record Events that Modify User/Group Information \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/group -p wa -k audit_rules_usergroup_modification" {} \; | while read line; do echo "-w /etc/group -p wa -k audit_rules_usergroup_modification" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/passwd -p wa -k audit_rules_usergroup_modification" {} \; | while read line; do echo "-w /etc/passwd -p wa -k audit_rules_usergroup_modification" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/gshadow -p wa -k audit_rules_usergroup_modification" {} \; | while read line; do echo "-w /etc/gshadow -p wa -k audit_rules_usergroup_modification" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/shadow -p wa -k audit_rules_usergroup_modification" {} \; | while read line; do echo "-w /etc/shadow -p wa -k audit_rules_usergroup_modification" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification" {} \; | while read line; do echo "-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/group -p wa -k audit_rules_usergroup_modification" {} \; | while read line; do echo "-w /etc/group -p wa -k audit_rules_usergroup_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/passwd -p wa -k audit_rules_usergroup_modification" {} \; | while read line; do echo "-w /etc/passwd -p wa -k audit_rules_usergroup_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/gshadow -p wa -k audit_rules_usergroup_modification" {} \; | while read line; do echo "-w /etc/gshadow -p wa -k audit_rules_usergroup_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/shadow -p wa -k audit_rules_usergroup_modification" {} \; | while read line; do echo "-w /etc/shadow -p wa -k audit_rules_usergroup_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification" {} \; | while read line; do echo "-w /etc/security/opasswd -p wa -k audit_rules_usergroup_modification" >> $line; done
echo "Events that Modify User/Group Information Recorded"
echo -e "##############################################\n"
#System Audit Logs Must Be Owned By Root
echo -e "45. System Audit Logs Must Be Owned By Root \n##############################################"
sudo chown root /var/log/audit
sudo chown root /var/log/audit/*
echo "System Audit Logs are Owned By Root"
echo -e "##############################################\n"
#Ensure auditd Collects Information on Exporting to Media (successful)
echo -e "46. Ensure auditd Collects Information on Exporting to Media (successful) \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=unset -F key=export" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=unset -F key=export" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=unset -F key=export" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=unset -F key=export" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=unset -F key=export" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S mount -F auid>=1000 -F auid!=unset -F key=export" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=unset -F key=export" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S mount -F auid>=1000 -F auid!=unset -F key=export" >> $line; done
echo "Auditd Collects Information on Exporting to Media (successful)"
echo -e "##############################################\n"
#Record Events that Modify the System's Mandatory Access Controls
echo -e "47. Record Events that Modify the System's Mandatory Access Controls \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/selinux/ -p wa -k MAC-policy" {} \; | while read line; do echo "-w /etc/selinux/ -p wa -k MAC-policy" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/selinux/ -p wa -k MAC-policy" {} \; | while read line; do echo "-w /etc/selinux/ -p wa -k MAC-policy" >> $line; done
echo "Events that Modify the System's Mandatory Access Controls Recorded"
echo -e "##############################################\n"
#Record Attempts to Alter Process and Session Initiation Information
echo -e "48. Record Attempts to Alter Process and Session Initiation Information \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /var/run/utmp -p wa -k session" {} \; | while read line; do echo "-w /var/run/utmp -p wa -k session" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /var/log/btmp -p wa -k session" {} \; | while read line; do echo "-w /var/log/btmp -p wa -k session" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /var/log/wtmp -p wa -k session" {} \; | while read line; do echo "-w /var/log/wtmp -p wa -k session" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /var/run/utmp -p wa -k session" {} \; | while read line; do echo "-w /var/run/utmp -p wa -k session" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /var/log/btmp -p wa -k session" {} \; | while read line; do echo "-w /var/log/btmp -p wa -k session" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /var/log/wtmp -p wa -k session" {} \; | while read line; do echo "-w /var/log/wtmp -p wa -k session" >> $line; done
echo "Attempts to Alter Process and Session Initiation Informatin Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Network Environment
echo -e "49. Record Events that Modify the System's Network Environment \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification" {} \; | while read line; do echo "-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/hosts -p wa -k audit_rules_networkconfig_modification" {} \; | while read line; do echo "-w /etc/hosts -p wa -k audit_rules_networkconfig_modification" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification" {} \; | while read line; do echo "-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/issue -p wa -k audit_rules_networkconfig_modification" {} \; | while read line; do echo "-w /etc/issue -p wa -k audit_rules_networkconfig_modification" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification" {} \; | while read line; do echo "-w /etc/sysconfig/network -p wa -k audit_rules_networkconfig_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/hosts -p wa -k audit_rules_networkconfig_modification" {} \; | while read line; do echo "-w /etc/hosts -p wa -k audit_rules_networkconfig_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification" {} \; | while read line; do echo "-w /etc/issue.net -p wa -k audit_rules_networkconfig_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/issue -p wa -k audit_rules_networkconfig_modification" {} \; | while read line; do echo "-w /etc/issue -p wa -k audit_rules_networkconfig_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S sethostname,setdomainname -F key=audit_rules_networkconfig_modification" >> $line; done
echo "Events that Modify the System's Network Environment Recorded"
echo -e "##############################################\n"
#Make the auditd Configuration Immutable
echo -e "50. Make the auditd Configuration Immutable \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-e 2" {} \; | while read line; do echo "-e 2" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-e 2" {} \; | while read line; do echo "-e 2" >> $line; done
echo "Auditd Configuration Immutable"
echo -e "##############################################\n"
#Ensure auditd Collects Information on Kernel Module Loading and Unloading
echo -e "51. Ensure auditd Collects Information on Kernel Module Loading and Unloading \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S init_module,finit_module,delete_module -F key=modules" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S init_module,finit_module,delete_module -F key=modules" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S init_module,finit_module,delete_module -F key=modules" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S init_module,finit_module,delete_module -F key=modules" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S init_module,finit_module,delete_module -F key=modules" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S init_module,finit_module,delete_module -F key=modules" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S init_module,finit_module,delete_module -F key=modules" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S init_module,finit_module,delete_module -F key=modules" >> $line; done
echo "Auditd Collects Information on Kernel Module Loading and Unloading"
echo -e "##############################################\n"
#Ensure auditd Collects File Deletion Events by User
echo -e "52. Ensure auditd Collects File Deletion Events by User \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S rmdir,unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=unset -F key=delete" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S rmdir,unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=unset -F key=delete" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S rmdir,unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=unset -F key=delete" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S rmdir,unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=unset -F key=delete" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S rmdir,unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=unset -F key=delete" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S rmdir,unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=unset -F key=delete" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S rmdir,unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=unset -F key=delete" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S rmdir,unlink,unlinkat,rename,renameat -F auid>=1000 -F auid!=unset -F key=delete" >> $line; done
echo "Auditd Collects File Deletion Events by User"
echo -e "##############################################\n"
#Ensure auditd Collects Information on the Use of Privileged Commands
echo -e "53. Ensure auditd Collects Information on the Use of Privileged Commands \n##############################################"
file=$(sudo find / -xdev -type f -perm -4000 -o -type f -perm -2000 2>/dev/null)
for i in $file
do
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F path=$i -F perm=x -F auid>=1000 -F auid!=unset -k privileged" {} \; | while read line; do echo "-a always,exit -F path=$i -F perm=x -F auid>=1000 -F auid!=unset -k privileged" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F path=$i -F perm=x -F auid>=1000 -F auid!=unset -k privileged" {} \; | while read line; do echo "-a always,exit -F path=$i -F perm=x -F auid>=1000 -F auid!=unset -k privileged" >> $line; done
done
echo "Auditd Collects Information on the Use of Privileged Commands"
echo -e "##############################################\n"
#Record Attempts to Alter Logon and Logout Events
echo -e "54. Record Attempts to Alter Logon and Logout Events \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /var/log/tallylog -p wa -k logins" {} \; | while read line; do echo "-w /var/log/tallylog -p wa -k logins" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /var/run/faillock -p wa -k logins" {} \; | while read line; do echo "-w /var/run/faillock -p wa -k logins" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /var/log/lastlog -p wa -k logins" {} \; | while read line; do echo "-w /var/log/lastlog -p wa -k logins" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /var/log/tallylog -p wa -k logins" {} \; | while read line; do echo "-w /var/log/tallylog -p wa -k logins" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /var/run/faillock -p wa -k logins" {} \; | while read line; do echo "-w /var/run/faillock -p wa -k logins" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /var/log/lastlog -p wa -k logins" {} \; | while read line; do echo "-w /var/log/lastlog -p wa -k logins" >> $line; done
echo "Attempts to Alter Logon and Logout Events Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - fsetxattr
echo -e "55. Record Events that Modify the System's Discretionary Access Controls - fsetxattr \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - fsetxattr Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - lremovexattr
echo -e "56. Record Events that Modify the System's Discretionary Access Controls - lremovexattr \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S lremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S lremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - lremovexattr Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - fremovexattr
echo -e "57. Record Events that Modify the System's Discretionary Access Controls - fremovexattr \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fremovexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - fremovexattr Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - chmod
echo -e "58. Record Events that Modify the System's Discretionary Access Controls - chmod \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S chmod -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S chmod -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S chmod -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S chmod -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S chmod -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - chmod Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - lchown
echo -e "59. Record Events that Modify the System's Discretionary Access Controls - lchown \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S lchown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S lchown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S lchown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S lchown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S lchown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - lchown Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - lsetxattr
echo -e "60. Record Events that Modify the System's Discretionary Access Controls - lsetxattr \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S lsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S lsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S lsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S lsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S lsetxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - lsetxattr Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - fchownat
echo -e "61. Record Events that Modify the System's Discretionary Access Controls - fchownat \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fchownat -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fchownat -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fchownat -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fchownat -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fchownat -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - fchownat Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - fchown
echo -e "62. Record Events that Modify the System's Discretionary Access Controls - fchown \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fchown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fchown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fchown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fchown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fchown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - fchown Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - removexattr
echo -e "63. Record Events that Modify the System's Discretionary Access Controls - removexattr \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S removexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S removexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S removexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S removexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S removexattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - removexattr Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - chown
echo -e "64. Record Events that Modify the System's Discretionary Access Controls - chown \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S chown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S chown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S chown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S chown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S chown -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - chown Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - fchmod
echo -e "65. Record Events that Modify the System's Discretionary Access Controls - fchmod \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fchmod -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fchmod -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fchmod -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fchmod -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fchmod -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - fchmod Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - setxattr
echo -e "66. Record Events that Modify the System's Discretionary Access Controls - setxattr \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S setxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S setxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S setxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S setxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S setxattr -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - setxattr Recorded"
echo -e "##############################################\n"
#Record Events that Modify the System's Discretionary Access Controls - fchmodat
echo -e "67. Record Events that Modify the System's Discretionary Access Controls - fchmodat \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fchmodat -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fchmodat -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S fchmodat -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S fchmodat -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=unset -F key=perm_mod" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S fchmodat -F auid>=1000 -F auid!=unset -F key=perm_mod" >> $line; done
echo "Events that Modify the System's Discretionary Access Controls - fchmodat Recorded"
echo -e "##############################################\n"
# Record Attempts to Alter the localtime File
echo -e "68. Record Attempts to Alter the localtime File \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-w /etc/localtime -p wa -k audit_time_rules" {} \; | while read line; do echo "-w /etc/localtime -p wa -k audit_time_rules" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-w /etc/localtime -p wa -k audit_time_rules" {} \; | while read line; do echo "-w /etc/localtime -p wa -k audit_time_rules" >> $line; done
echo "Attempts to Alter the localtime File Recorded"
echo -e "##############################################\n"
#Record attempts to alter time through adjtimex
echo -e "69. Record attempts to alter time through adjtimex \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S adjtimex -F key=audit_time_rules" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S adjtimex -F key=audit_time_rules" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S adjtimex -F key=audit_time_rules" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S adjtimex -F key=audit_time_rules" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S adjtimex -F key=audit_time_rules" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S adjtimex -F key=audit_time_rules" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S adjtimex -F key=audit_time_rules" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S adjtimex -F key=audit_time_rules" >> $line; done
echo "Attempts to alter time through adjtimex Recorded"
echo -e "##############################################\n"
# Record attempts to alter time through settimeofday
echo -e "70. Record attempts to alter time through settimeofday \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S settimeofday -F key=audit_time_rules" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S settimeofday -F key=audit_time_rules" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S settimeofday -F key=audit_time_rules" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S settimeofday -F key=audit_time_rules" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S settimeofday -F key=audit_time_rules" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S settimeofday -F key=audit_time_rules" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S settimeofday -F key=audit_time_rules" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S settimeofday -F key=audit_time_rules" >> $line; done
echo "Attempts to alter time through settimeofday Recorded"
echo -e "##############################################\n"
#Record Attempts to Alter Time Through stime
echo -e "71. Record attempts to alter time through stime \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S stime -F key=audit_time_rules" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S stime -F key=audit_time_rules" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S stime -F key=audit_time_rules" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S stime -F key=audit_time_rules" >> $line; done
echo "Attempts to alter time through stime Recorded"
echo -e "##############################################\n"
#Record Attempts to Alter Time Through clock_settime
echo -e "72. Record attempts to alter time through stime \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change" >> $line; done
echo "Attempts to alter time through clock_settime Recorded"
echo -e "##############################################\n"
#Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)
echo -e "73. Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful) \n##############################################"
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=access" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=access" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=access" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=access" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=access" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=access" >> $line; done
find /etc/audit -maxdepth 1 -type f -name "audit.rules" -exec grep -Le "-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=access" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=access" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=access" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=access" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=access" {} \; | while read line; do echo "-a always,exit -F arch=b32 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=access" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=access" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EACCES -F auid>=1000 -F auid!=unset -F key=access" >> $line; done
find /etc/audit/rules.d/ -type f -name "*.rules" -exec grep -Le "-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=access" {} \; | while read line; do echo "-a always,exit -F arch=b64 -S creat,open,openat,open_by_handle_at,truncate,ftruncate -F exit=-EPERM -F auid>=1000 -F auid!=unset -F key=access" >> $line; done
echo "Auditd Collects Unauthorized Access Attempts to Files (unsuccessful)"
echo -e "##############################################\n"
# Enable the NTP Daemon
echo -e "74. Enable the NTP Daemon \n##############################################"
serv=chronyd
sstat=$(pidof $serv | wc -l )
if [ $sstat -gt 0 ]
then
echo "$serv is running fine!!!"
echo "NTP Daemon is enabled"
else
echo "$serv is down/dead"
service $serv start
echo "$serv service is UP now!!!"
echo "NTP Daemon is enabled"
fi
echo -e "##############################################\n"
#Specify a Remote NTP Server
echo -e "75. Specify a Remote NTP Server \n##############################################"
var_multiple_time_servers="0.rhel.pool.ntp.org,1.rhel.pool.ntp.org,2.rhel.pool.ntp.org,3.rhel.pool.ntp.org"
if ! `grep -q ^server /etc/chrony.conf` ; then
if ! `grep -q '#[[:space:]]*server' /etc/chrony.conf` ; then
for i in `echo "$var_multiple_time_servers" | tr ',' '\n'` ; do
echo -ne "\nserver $i iburst" >> /etc/chrony.conf
done
else
sed -i 's/#[ ]*server/server/g' /etc/chrony.conf
fi
fi
echo 'Remote NTP is specified'
echo -e "##############################################\n"
#Set SSH Idle Timeout Interval
echo -e "76. Set SSH Idle Timeout Interval \n##############################################"
sudo sed -i 's/.*ClientAliveInterval.*/ClientAliveInterval 300/g' /etc/ssh/sshd_config
echo 'ClientAliveInterval is changed to 300 (5min)'
echo -e "##############################################\n"
#Disable SSH Root Login
echo -e "77. Disable SSH Root Login \n##############################################"
sed -i '0,/PermitRootLogin/{s/.*PermitRootLogin.*/PermitRootLogin no/}' /etc/ssh/sshd_config
echo 'PermitRootLogin is changed to no'
echo -e "##############################################\n"
#Set SSH Client Alive Max Count
echo -e "78. Set SSH Client Alive Max Count \n##############################################"
sudo sed -i 's/.*ClientAliveCountMax.*/ClientAliveCountMax 0/g' /etc/ssh/sshd_config
echo 'ClientAliveCountMax is changed to 0'
echo -e "##############################################\n"
#Disable SSH Access via Empty Passwords
echo -e "79. Disable SSH Access via Empty Passwords \n##############################################"
sudo sed -i 's/.*PermitEmptyPasswords.*/PermitEmptyPasswords no/g' /etc/ssh/sshd_config
echo 'PermitEmptyPasswords is changed to no'
echo -e "##############################################\n"
_______________________________________________
Open-scap-list mailing list
Open-scap-list@redhat.com
https://listman.redhat.com/mailman/listinfo/open-scap-list
