Merge pull request #23 from aquasecurity/new-cis-version

Add new linux-benchmark version 2.0.0

cfg/2.0.0/6.2.10.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which 
+nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user 
+dir; do 
+	if [ ! -d "$dir" ]; then 
+		echo "The home directory ($dir) of user $user does not exist." 
+	else 
+		for file in $dir/.[A-Za-z0-9]*; do 
+			if [ ! -h "$file" -a -f "$file" ]; then 
+				fileperm=$(ls -ld $file | cut -f1 -d" ") 
+					if [ $(echo $fileperm | cut -c6) != "-" ]; then 
+						echo "Group Write permission set on file $file" 
+					fi 
+					if [ $(echo $fileperm | cut -c9) != "-" ]; then 
+						echo "Other Write permission set on file $file" 
+				fi 
+			fi 
+		done 
+	fi 
+done

cfg/2.0.0/6.2.11.sh

@@ -0,0 +1,13 @@
+#!/bin/bash 
+
+grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != 
+"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while 
+read user dir; do 
+	if [ ! -d "$dir" ]; then 
+		echo "The home directory ($dir) of user $user does not exist." 
+	else 
+		if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then 
+			echo ".forward file $dir/.forward exists"
+		fi 
+	fi 
+done

cfg/2.0.0/6.2.12.sh

@@ -0,0 +1,13 @@
+#!/bin/bash 
+
+grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != 
+"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while 
+read user dir; do 
+	if [ ! -d "$dir" ]; then 
+		echo "The home directory ($dir) of user $user does not exist." 
+	else 
+		if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then 
+			echo ".netrc file $dir/.netrc exists"
+		fi 
+	fi 
+done

cfg/2.0.0/6.2.13.sh

@@ -0,0 +1,33 @@
+#!/bin/bash 
+
+grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != 
+"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while 
+read user dir; do 
+	if [ ! -d "$dir" ]; then 
+		echo "The home directory ($dir) of user $user does not exist." 
+	else 
+		for file in $dir/.netrc; do 
+			if [ ! -h "$file" -a -f "$file" ]; then 
+				fileperm=$(ls -ld $file | cut -f1 -d" ") 
+				if [ $(echo $fileperm | cut -c5) != "-" ]; then 
+					echo "Group Read set on $file" 
+				fi 
+				if [ $(echo $fileperm | cut -c6) != "-" ]; then 
+					echo "Group Write set on $file" 
+				fi 
+				if [ $(echo $fileperm | cut -c7) != "-" ]; then 
+					echo "Group Execute set on $file" 
+				fi 
+				if [ $(echo $fileperm | cut -c8) != "-" ]; then 
+					echo "Other Read set on $file" 
+				fi 
+				if [ $(echo $fileperm | cut -c9) != "-" ]; then 
+					echo "Other Write set on $file" 
+				fi 
+				if [ $(echo $fileperm | cut -c10) != "-" ]; then 
+					echo "Other Execute set on $file"
+				fi
+			fi 
+		done 
+	fi 
+done

cfg/2.0.0/6.2.14.sh

@@ -0,0 +1,15 @@
+#!/bin/bash 
+
+grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != 
+"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while 
+read user dir; do 
+	if [ ! -d "$dir" ]; then 
+		echo "The home directory ($dir) of user $user does not exist." 
+	else 
+		for file in $dir/.rhosts; do 
+			if [ ! -h "$file" -a -f "$file" ]; then 
+				echo ".rhosts file in $dir"
+			fi 
+		done 
+	fi 
+done

cfg/2.0.0/6.2.15.sh

@@ -0,0 +1,8 @@
+#!/bin/bash 
+
+for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do 
+	grep -q -P "^.*?:[^:]*:$i:" /etc/group 
+	if [ $? -ne 0 ]; then 
+		echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group"
+	fi 
+done

cfg/2.0.0/6.2.16.sh

@@ -0,0 +1,10 @@
+#!/bin/bash 
+
+cut -f3 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do 
+	[ -z "$x" ] && break 
+	set - $x 
+	if [ $1 -gt 1 ]; then 
+		users=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs) 
+		echo "Duplicate UID ($2): $users"
+	fi 
+done

cfg/2.0.0/6.2.17.sh

@@ -0,0 +1,10 @@
+#!/bin/bash 
+
+cut -f3 -d":" /etc/group | sort -n | uniq -c | while read x ; do 
+	[ -z "$x" ] && break 
+	set - $x 
+	if [ $1 -gt 1 ]; then 
+		groups=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs) 
+		echo "Duplicate GID ($2): $groups"
+	fi 
+done

cfg/2.0.0/6.2.18.sh

@@ -0,0 +1,10 @@
+#!/bin/bash 
+
+cut -f1 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do 
+	[ -z "$x" ] && break 
+	set - $x 
+	if [ $1 -gt 1 ]; then 
+		uids=$(awk -F: '($1 == n) { print $3 }' n=$2 /etc/passwd | xargs) 
+		echo "Duplicate User Name ($2): $uids"
+	fi 
+done

cfg/2.0.0/6.2.19.sh

@@ -0,0 +1,10 @@
+#!/bin/bash 
+
+cut -f1 -d":" /etc/group | sort -n | uniq -c | while read x ; do 
+	[ -z "$x" ] && break 
+	set - $x 
+	if [ $1 -gt 1 ]; then 
+		gids=$(gawk -F: '($1 == n) { print $3 }' n=$2 /etc/group | xargs) 
+		echo "Duplicate Group Name ($2): $gids" 
+	fi 
+done

cfg/2.0.0/6.2.6.sh

@@ -0,0 +1,32 @@
+#!/bin/bash 
+if [ "$(echo "$PATH" | grep ::)" != "" ]; then 
+	echo "Empty Directory in PATH (::)" 
+fi 
+
+if [ "$(echo "$PATH" | grep :$)" != "" ]; then 
+	echo "Trailing : in PATH" 
+fi 
+
+p=$(echo "$PATH" | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g') 
+set -- $p 
+while [ "$1" != "" ]; do 
+	if [ "$1" = "." ]; then 
+		shift 
+	continue 
+	fi 
+	if [ -d "$1" ]; then 
+		dirperm=$(ls -ldH "$1" | cut -f1 -d" ") 
+		if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then 
+			echo "Group Write permission set on directory $1" 
+		fi 
+		if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then 
+			echo "Other Write permission set on directory $1" 
+		fi dirown=$(ls -ldH "$1" | awk '{print $3}') 
+		if [ "$dirown" != "root" ] ; then 
+			echo "$1 is not owned by root" 
+		fi 
+	else 
+		echo "$1 is not a directory" 
+	fi 
+	shift 
+done

cfg/2.0.0/6.2.7.sh

@@ -0,0 +1,8 @@
+#!/bin/bash 
+grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which 
+nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read -r user 
+dir; do 
+	if [ ! -d "$dir" ]; then 
+		echo "The home directory ($dir) of user $user does not exist." 
+	fi 
+done

cfg/2.0.0/6.2.8.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+grep -E -v '^$(halt|sync|shutdown)' /etc/passwd | awk -F: '$($7 != "'"$$(which 
+nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user 
+dir; do
+	if [ ! -d "$dir" ]; then
+		echo "The home directory $($dir) of user $user does not exist."
+	else
+		dirperm=$$(ls -ld $dir | cut -f1 -d" ")
+		if [ $(echo $dirperm | cut -c6) != "-" ]; then
+			echo "Group Write permission set on the home directory $($dir) of user $user"
+		fi
+		if [ $(echo $dirperm | cut -c8) != "-" ]; then
+			echo "Other Read permission set on the home directory $($dir) of user $user"
+		fi
+		if [ $(echo $dirperm | cut -c9) != "-" ]; then
+			echo "Other Write permission set on the home directory $($dir) of user $user"
+		fi
+		if [ $(echo $dirperm | cut -c10) != "-" ]; then
+			echo "Other Execute permission set on the home directory $($dir) of user $user"
+		fi
+	fi
+done
+		

cfg/2.0.0/6.2.9.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which 
+nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user 
+dir; do 
+	if [ ! -d "$dir" ]; then 
+		echo "The home directory ($dir) of user $user does not exist." 
+	else 
+		owner=$(stat -L -c "%U" "$dir") 
+		if [ "$owner" != "$user" ]; then 
+			echo "The home directory ($dir) of user $user is owned by $owner."
+		fi 
+	fi 
+done