diff --git a/cfg/1.1.0/6.2.10.sh b/cfg/1.1.0/6.2.10.sh deleted file mode 100644 index 71cceea..0000000 --- a/cfg/1.1.0/6.2.10.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - for file in $dir/.[A-Za-z0-9]*; do - if [ ! -h "$file" -a -f "$file" ]; then - fileperm=`ls -ld $file | cut -f1 -d" "` - if [ `echo $fileperm | cut -c6` != "-" ]; then - echo "Group Write permission set on file $file" - fi - if [ `echo $fileperm | cut -c9` != "-" ]; then - echo "Other Write permission set on file $file" - fi - fi - done - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.11.sh b/cfg/1.1.0/6.2.11.sh deleted file mode 100644 index 883e790..0000000 --- a/cfg/1.1.0/6.2.11.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then - echo ".forward file $dir/.forward exists" - fi - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.12.sh b/cfg/1.1.0/6.2.12.sh deleted file mode 100644 index 61147d7..0000000 --- a/cfg/1.1.0/6.2.12.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash - -cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then - echo ".netrc file $dir/.netrc exists" - fi - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.13.sh b/cfg/1.1.0/6.2.13.sh deleted file mode 100644 index 44af2f4..0000000 --- a/cfg/1.1.0/6.2.13.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/bash - -cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - for file in $dir/.netrc; do - if [ ! -h "$file" -a -f "$file" ]; then - fileperm=`ls -ld $file | cut -f1 -d" "` - if [ `echo $fileperm | cut -c5` != "-" ]; then - echo "Group Read set on $file" - fi - if [ `echo $fileperm | cut -c6` != "-" ]; then - echo "Group Write set on $file" - fi - if [ `echo $fileperm | cut -c7` != "-" ]; then - echo "Group Execute set on $file" - fi - if [ `echo $fileperm | cut -c8` != "-" ]; then - echo "Other Read set on $file" - fi - if [ `echo $fileperm | cut -c9` != "-" ]; then - echo "Other Write set on $file" - fi - if [ `echo $fileperm | cut -c10` != "-" ]; then - echo "Other Execute set on $file" - fi - fi - done - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.14.sh b/cfg/1.1.0/6.2.14.sh deleted file mode 100644 index 2ad7f97..0000000 --- a/cfg/1.1.0/6.2.14.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - for file in $dir/.rhosts; do - if [ ! -h "$file" -a -f "$file" ]; then - echo ".rhosts file in $dir" - fi - done - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.15.sh b/cfg/1.1.0/6.2.15.sh deleted file mode 100644 index c6790e8..0000000 --- a/cfg/1.1.0/6.2.15.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do - grep -q -P "^.*?:[^:]*:$i:" /etc/group - if [ $? -ne 0 ]; then - echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group" - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.16.sh b/cfg/1.1.0/6.2.16.sh deleted file mode 100644 index 9e4d47a..0000000 --- a/cfg/1.1.0/6.2.16.sh +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/bash - -cat /etc/passwd | cut -f3 -d":" | sort -n | uniq -c | while read x ; do - [ -z "${x}" ] && break set - $x - if [ $1 -gt 1 ]; then - users=`awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs` - echo "Duplicate UID ($2): ${users}" - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.17.sh b/cfg/1.1.0/6.2.17.sh deleted file mode 100644 index 060d055..0000000 --- a/cfg/1.1.0/6.2.17.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -cat /etc/group | cut -f3 -d":" | sort -n | uniq -c | while read x ; do - [ -z "${x}" ] && break - set - $x - if [ $1 -gt 1 ]; then - groups=`awk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs` - echo "Duplicate GID ($2): ${groups}" - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.18.sh b/cfg/1.1.0/6.2.18.sh deleted file mode 100644 index 332dcf6..0000000 --- a/cfg/1.1.0/6.2.18.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -cat /etc/passwd | cut -f1 -d":" | sort -n | uniq -c | while read x ; do - [ -z "${x}" ] && break - set - $x - if [ $1 -gt 1 ]; then - uids=`awk -F: '($1 == n) { print $3 }' n=$2 /etc/passwd | xargs` - echo "Duplicate User Name ($2): ${uids}" - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.19.sh b/cfg/1.1.0/6.2.19.sh deleted file mode 100644 index 6a0260f..0000000 --- a/cfg/1.1.0/6.2.19.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -cat /etc/group | cut -f1 -d":" | sort -n | uniq -c | while read x ; do - [ -z "${x}" ] && break - set - $x - if [ $1 -gt 1 ]; then - gids=`gawk -F: '($1 == n) { print $3 }' n=$2 /etc/group | xargs` - echo "Duplicate Group Name ($2): ${gids}" - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.6.sh b/cfg/1.1.0/6.2.6.sh deleted file mode 100644 index 68f5338..0000000 --- a/cfg/1.1.0/6.2.6.sh +++ /dev/null @@ -1,34 +0,0 @@ -#!/bin/bash -if [ "`echo $PATH | grep ::`" != "" ]; then - echo "Empty Directory in PATH (::)" -fi - -if [ "`echo $PATH | grep :$`" != "" ]; then - echo "Trailing : in PATH" -fi - -p=`echo $PATH | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g'` -set -- $p -while [ "$1" != "" ]; do - if [ "$1" = "." ]; then - echo "PATH contains ." - shift - continue - fi - if [ -d $1 ]; then - dirperm=`ls -ldH $1 | cut -f1 -d" "` - if [ `echo $dirperm | cut -c6` != "-" ]; then - echo "Group Write permission set on directory $1" - fi - if [ `echo $dirperm | cut -c9` != "-" ]; then - echo "Other Write permission set on directory $1" - fi - dirown=`ls -ldH $1 | awk '{print $3}'` - if [ "$dirown" != "root" ] ; then - echo $1 is not owned by root - fi - else - echo $1 is not a directory - fi - shift -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.7.sh b/cfg/1.1.0/6.2.7.sh deleted file mode 100644 index fcfc4f4..0000000 --- a/cfg/1.1.0/6.2.7.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 !="/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/6.2.8.sh b/cfg/1.1.0/6.2.8.sh deleted file mode 100644 index 36f39d9..0000000 --- a/cfg/1.1.0/6.2.8.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != -"/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user -dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - dirperm=`ls -ld $dir | cut -f1 -d" "` - if [ `echo $dirperm | cut -c6` != "-" ]; then - echo "Group Write permission set on the home directory ($dir) of user $user" - fi - if [ `echo $dirperm | cut -c8` != "-" ]; then - echo "Other Read permission set on the home directory ($dir) of user $user" - fi - if [ `echo $dirperm | cut -c9` != "-" ]; then - echo "Other Write permission set on the home directory ($dir) of user $user" - fi - if [ `echo $dirperm | cut -c10` != "-" ]; then - echo "Other Execute permission set on the home directory ($dir) of user $user" - fi - fi -done - \ No newline at end of file diff --git a/cfg/1.1.0/6.2.9.sh b/cfg/1.1.0/6.2.9.sh deleted file mode 100644 index 221c44a..0000000 --- a/cfg/1.1.0/6.2.9.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - owner=$(stat -L -c "%U" "$dir") - if [ "$owner" != "$user" ]; then - echo "The home directory ($dir) of user $user is owned by $owner." - fi - fi -done \ No newline at end of file diff --git a/cfg/1.1.0/definitions.yaml b/cfg/1.1.0/definitions.yaml index fcecf2c..19c3892 100644 --- a/cfg/1.1.0/definitions.yaml +++ b/cfg/1.1.0/definitions.yaml @@ -8419,7 +8419,40 @@ groups: - id: 6.2.6 description: "Ensure root PATH Integrity" - audit: "./6.2.6.sh" + audit: | + #!/bin/bash + if [ "$(echo "$PATH" | grep ::)" != "" ]; then + echo "Empty Directory in PATH (::)" + fi + + if [ "$(echo "$PATH" | grep :$)" != "" ]; then + echo "Trailing : in PATH" + fi + + p=$(echo "$PATH" | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g') + set -- $p + while [ "$1" != "" ]; do + if [ "$1" = "." ]; then + shift + continue + fi + if [ -d "$1" ]; then + dirperm=$(ls -ldH "$1" | cut -f1 -d" ") + if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then + echo "Group Write permission set on directory $1" + fi + if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then + echo "Other Write permission set on directory $1" + fi + dirown=$(ls -ldH "$1" | awk '{print $3}') + if [ "$dirown" != "root" ] ; then + echo "$1 is not owned by root" + fi + else + echo "$1 is not a directory" + fi + shift + done tests: test_items: - flag: "" @@ -8434,7 +8467,14 @@ groups: - id: 6.2.7 description: "Ensure all users' home directories exist" - audit: "./6.2.7.sh" + audit: | + #!/bin/bash + grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | + while read -r user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + fi + done tests: test_items: - flag: "" @@ -8448,7 +8488,28 @@ groups: - id: 6.2.8 description: "Ensure users' home directories permissions are 750 or more restrictive" - audit: "./6.2.8.sh" + audit: | + #!/bin/bash + grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | + while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + dirperm=$(ls -ld $dir | cut -f1 -d" ") + if [ $(echo $dirperm | cut -c6) != "-" ]; then + echo "Group Write permission set on the home directory ($dir) of user $user" + fi + if [ $(echo $dirperm | cut -c8) != "-" ]; then + echo "Other Read permission set on the home directory ($dir) of user $user" + fi + if [ $(echo $dirperm | cut -c9) != "-" ]; then + echo "Other Write permission set on the home directory ($dir) of user $user" + fi + if [ $(echo $dirperm | cut -c10) != "-" ]; then + echo "Other Execute permission set on the home directory ($dir) of user $user" + fi + fi + done tests: test_items: - flag: "" @@ -8462,7 +8523,18 @@ groups: - id: 6.2.9 description: "Ensure users own their home directories" - audit: "./6.2.9.sh" + audit: | + #!/bin/bash + grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + owner=$(stat -L -c "%U" "$dir") + if [ "$owner" != "$user" ]; then + echo "The home directory ($dir) of user $user is owned by $owner." + fi + fi + done tests: test_items: - flag: "" @@ -8477,7 +8549,25 @@ groups: - id: 6.2.10 description: "Ensure users' dot files are not group or world writable" - audit: "./6.2.10.sh" + audit: | + #!/bin/bash + grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + for file in $dir/.[A-Za-z0-9]*; do + if [ ! -h "$file" -a -f "$file" ]; then + fileperm=$(ls -ld $file | cut -f1 -d" ") + if [ $(echo $fileperm | cut -c6) != "-" ]; then + echo "Group Write permission set on file $file" + fi + if [ $(echo $fileperm | cut -c9) != "-" ]; then + echo "Other Write permission set on file $file" + fi + fi + done + fi + done tests: test_items: - flag: "" @@ -8491,7 +8581,17 @@ groups: - id: 6.2.11 description: "Ensure no users have .forward files" - audit: "./6.2.11.sh" + audit: | + #!/bin/bash + grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then + echo ".forward file $dir/.forward exists" + fi + fi + done tests: test_items: - flag: "" @@ -8506,7 +8606,17 @@ groups: - id: 6.2.12 description: "Ensure no users have .netrc files" - audit: "./6.2.12.sh" + audit: | + #!/bin/bash + grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then + echo ".netrc file $dir/.netrc exists" + fi + fi + done tests: test_items: - flag: "" @@ -8520,7 +8630,37 @@ groups: - id: 6.2.13 description: "Ensure users' .netrc Files are not group or world accessible" - audit: "./6.2.13.sh" + audit: | + #!/bin/bash + grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + for file in $dir/.netrc; do + if [ ! -h "$file" -a -f "$file" ]; then + fileperm=$(ls -ld $file | cut -f1 -d" ") + if [ $(echo $fileperm | cut -c5) != "-" ]; then + echo "Group Read set on $file" + fi + if [ $(echo $fileperm | cut -c6) != "-" ]; then + echo "Group Write set on $file" + fi + if [ $(echo $fileperm | cut -c7) != "-" ]; then + echo "Group Execute set on $file" + fi + if [ $(echo $fileperm | cut -c8) != "-" ]; then + echo "Other Read set on $file" + fi + if [ $(echo $fileperm | cut -c9) != "-" ]; then + echo "Other Write set on $file" + fi + if [ $(echo $fileperm | cut -c10) != "-" ]; then + echo "Other Execute set on $file" + fi + fi + done + fi + done tests: test_items: - flag: "" @@ -8534,7 +8674,19 @@ groups: - id: 6.2.14 description: "Ensure no users have .rhosts files" - audit: "./6.2.14.sh" + audit: | + #!/bin/bash + grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + for file in $dir/.rhosts; do + if [ ! -h "$file" -a -f "$file" ]; then + echo ".rhosts file in $dir" + fi + done + fi + done tests: test_items: - flag: "" @@ -8548,7 +8700,14 @@ groups: - id: 6.2.15 description: "Ensure all groups in /etc/passwd exist in /etc/group" - audit: "./6.2.15.sh" + audit: | + #!/bin/bash + for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do + grep -q -P "^.*?:[^:]*:$i:" /etc/group + if [ $? -ne 0 ]; then + echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group" + fi + done tests: test_items: - flag: "" @@ -8562,7 +8721,16 @@ groups: - id: 6.2.16 description: "Ensure no duplicate UIDs exist" - audit: "./6.2.16.sh" + audit: | + #!/bin/bash + cut -f3 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do + [ -z "$x" ] && break + set - $x + if [ $1 -gt 1 ]; then + users=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs) + echo "Duplicate UID ($2): $users" + fi + done tests: test_items: - flag: "" @@ -8576,7 +8744,16 @@ groups: - id: 6.2.17 description: "Ensure no duplicate GIDs exist" - audit: "./6.2.17.sh" + audit: | + #!/bin/bash + cut -f3 -d":" /etc/group | sort -n | uniq -c | while read x ; do + [ -z "$x" ] && break + set - $x + if [ $1 -gt 1 ]; then + groups=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs) + echo "Duplicate GID ($2): $groups" + fi + done tests: test_items: - flag: "" @@ -8590,7 +8767,16 @@ groups: - id: 6.2.18 description: "Ensure no duplicate user names exist" - audit: "./6.2.18.sh" + audit: | + #!/bin/bash + cut -f1 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do + [ -z "$x" ] && break + set - $x + if [ $1 -gt 1 ]; then + uids=$(awk -F: '($1 == n) { print $3 }' n=$2 /etc/passwd | xargs) + echo "Duplicate User Name ($2): $uids" + fi + done tests: test_items: - flag: "" @@ -8605,7 +8791,16 @@ groups: - id: 6.2.19 description: "Ensure no duplicate group names exist" - audit: "./6.2.19.sh" + audit: | + #!/bin/bash + cut -f1 -d":" /etc/group | sort -n | uniq -c | while read x ; do + [ -z "$x" ] && break + set - $x + if [ $1 -gt 1 ]; then + gids=$(gawk -F: '($1 == n) { print $3 }' n=$2 /etc/group | xargs) + echo "Duplicate Group Name ($2): $gids" + fi + done tests: test_items: - flag: "" diff --git a/cfg/2.0.0/6.2.10.sh b/cfg/2.0.0/6.2.10.sh deleted file mode 100644 index 25f0578..0000000 --- a/cfg/2.0.0/6.2.10.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which -nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user -dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - for file in $dir/.[A-Za-z0-9]*; do - if [ ! -h "$file" -a -f "$file" ]; then - fileperm=$(ls -ld $file | cut -f1 -d" ") - if [ $(echo $fileperm | cut -c6) != "-" ]; then - echo "Group Write permission set on file $file" - fi - if [ $(echo $fileperm | cut -c9) != "-" ]; then - echo "Other Write permission set on file $file" - fi - fi - done - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.11.sh b/cfg/2.0.0/6.2.11.sh deleted file mode 100644 index cf173fe..0000000 --- a/cfg/2.0.0/6.2.11.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != -"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while -read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then - echo ".forward file $dir/.forward exists" - fi - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.12.sh b/cfg/2.0.0/6.2.12.sh deleted file mode 100644 index bc442e1..0000000 --- a/cfg/2.0.0/6.2.12.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != -"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while -read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then - echo ".netrc file $dir/.netrc exists" - fi - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.13.sh b/cfg/2.0.0/6.2.13.sh deleted file mode 100644 index a4deb90..0000000 --- a/cfg/2.0.0/6.2.13.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != -"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while -read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - for file in $dir/.netrc; do - if [ ! -h "$file" -a -f "$file" ]; then - fileperm=$(ls -ld $file | cut -f1 -d" ") - if [ $(echo $fileperm | cut -c5) != "-" ]; then - echo "Group Read set on $file" - fi - if [ $(echo $fileperm | cut -c6) != "-" ]; then - echo "Group Write set on $file" - fi - if [ $(echo $fileperm | cut -c7) != "-" ]; then - echo "Group Execute set on $file" - fi - if [ $(echo $fileperm | cut -c8) != "-" ]; then - echo "Other Read set on $file" - fi - if [ $(echo $fileperm | cut -c9) != "-" ]; then - echo "Other Write set on $file" - fi - if [ $(echo $fileperm | cut -c10) != "-" ]; then - echo "Other Execute set on $file" - fi - fi - done - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.14.sh b/cfg/2.0.0/6.2.14.sh deleted file mode 100644 index e8cd2b7..0000000 --- a/cfg/2.0.0/6.2.14.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != -"'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while -read user dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - for file in $dir/.rhosts; do - if [ ! -h "$file" -a -f "$file" ]; then - echo ".rhosts file in $dir" - fi - done - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.15.sh b/cfg/2.0.0/6.2.15.sh deleted file mode 100644 index fca4d49..0000000 --- a/cfg/2.0.0/6.2.15.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do - grep -q -P "^.*?:[^:]*:$i:" /etc/group - if [ $? -ne 0 ]; then - echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group" - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.16.sh b/cfg/2.0.0/6.2.16.sh deleted file mode 100644 index fec549a..0000000 --- a/cfg/2.0.0/6.2.16.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -cut -f3 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do - [ -z "$x" ] && break - set - $x - if [ $1 -gt 1 ]; then - users=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs) - echo "Duplicate UID ($2): $users" - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.17.sh b/cfg/2.0.0/6.2.17.sh deleted file mode 100644 index 1fb4a37..0000000 --- a/cfg/2.0.0/6.2.17.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -cut -f3 -d":" /etc/group | sort -n | uniq -c | while read x ; do - [ -z "$x" ] && break - set - $x - if [ $1 -gt 1 ]; then - groups=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs) - echo "Duplicate GID ($2): $groups" - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.18.sh b/cfg/2.0.0/6.2.18.sh deleted file mode 100644 index 8f7c09e..0000000 --- a/cfg/2.0.0/6.2.18.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -cut -f1 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do - [ -z "$x" ] && break - set - $x - if [ $1 -gt 1 ]; then - uids=$(awk -F: '($1 == n) { print $3 }' n=$2 /etc/passwd | xargs) - echo "Duplicate User Name ($2): $uids" - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.19.sh b/cfg/2.0.0/6.2.19.sh deleted file mode 100644 index f2b926f..0000000 --- a/cfg/2.0.0/6.2.19.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -cut -f1 -d":" /etc/group | sort -n | uniq -c | while read x ; do - [ -z "$x" ] && break - set - $x - if [ $1 -gt 1 ]; then - gids=$(gawk -F: '($1 == n) { print $3 }' n=$2 /etc/group | xargs) - echo "Duplicate Group Name ($2): $gids" - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.6.sh b/cfg/2.0.0/6.2.6.sh deleted file mode 100644 index e3fd2ba..0000000 --- a/cfg/2.0.0/6.2.6.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -if [ "$(echo "$PATH" | grep ::)" != "" ]; then - echo "Empty Directory in PATH (::)" -fi - -if [ "$(echo "$PATH" | grep :$)" != "" ]; then - echo "Trailing : in PATH" -fi - -p=$(echo "$PATH" | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g') -set -- $p -while [ "$1" != "" ]; do - if [ "$1" = "." ]; then - shift - continue - fi - if [ -d "$1" ]; then - dirperm=$(ls -ldH "$1" | cut -f1 -d" ") - if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then - echo "Group Write permission set on directory $1" - fi - if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then - echo "Other Write permission set on directory $1" - fi dirown=$(ls -ldH "$1" | awk '{print $3}') - if [ "$dirown" != "root" ] ; then - echo "$1 is not owned by root" - fi - else - echo "$1 is not a directory" - fi - shift -done diff --git a/cfg/2.0.0/6.2.7.sh b/cfg/2.0.0/6.2.7.sh deleted file mode 100644 index 51b85c4..0000000 --- a/cfg/2.0.0/6.2.7.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which -nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read -r user -dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/6.2.8.sh b/cfg/2.0.0/6.2.8.sh deleted file mode 100644 index b58a266..0000000 --- a/cfg/2.0.0/6.2.8.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -grep -E -v '^$(halt|sync|shutdown)' /etc/passwd | awk -F: '$($7 != "'"$$(which -nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user -dir; do - if [ ! -d "$dir" ]; then - echo "The home directory $($dir) of user $user does not exist." - else - dirperm=$$(ls -ld $dir | cut -f1 -d" ") - if [ $(echo $dirperm | cut -c6) != "-" ]; then - echo "Group Write permission set on the home directory $($dir) of user $user" - fi - if [ $(echo $dirperm | cut -c8) != "-" ]; then - echo "Other Read permission set on the home directory $($dir) of user $user" - fi - if [ $(echo $dirperm | cut -c9) != "-" ]; then - echo "Other Write permission set on the home directory $($dir) of user $user" - fi - if [ $(echo $dirperm | cut -c10) != "-" ]; then - echo "Other Execute permission set on the home directory $($dir) of user $user" - fi - fi -done - \ No newline at end of file diff --git a/cfg/2.0.0/6.2.9.sh b/cfg/2.0.0/6.2.9.sh deleted file mode 100644 index 1d90e23..0000000 --- a/cfg/2.0.0/6.2.9.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which -nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user -dir; do - if [ ! -d "$dir" ]; then - echo "The home directory ($dir) of user $user does not exist." - else - owner=$(stat -L -c "%U" "$dir") - if [ "$owner" != "$user" ]; then - echo "The home directory ($dir) of user $user is owned by $owner." - fi - fi -done \ No newline at end of file diff --git a/cfg/2.0.0/definitions.yaml b/cfg/2.0.0/definitions.yaml index 2cff40b..4eb664a 100644 --- a/cfg/2.0.0/definitions.yaml +++ b/cfg/2.0.0/definitions.yaml @@ -2806,7 +2806,7 @@ groups: value: "(none)" set: true - flag: "Installed" - set: false + set: false remediation: | Remove the X Windows System packages using the appropriate package manager or manual installation: @@ -8136,7 +8136,15 @@ groups: scored: true - id: 5.4.1.5 description: "Ensure all users last password change date is in the past" - audit: "for usr in $(cut -d: -f1 /etc/shadow); do [[ $(chage --list $usr | grep '^Last password change' | cut -d: -f2) > $(date) ]] && echo \"$usr :$(chage --list $usr | grep '^Last password change' | cut -d: -f2)\"; done" + audit: | + #!/bin/bash + for usr in $(cut -d: -f1 /etc/shadow | sort -u ); do + p=$(chage --list $usr | grep '^Last password change' | cut -d: -f2) + today=$(date +'%b %d %Y') + if [ $(date --date="$p" +%s) -gt $(date --date="$today" +%s) ]; then + echo "$usr : $p" + fi + done tests: test_items: - flag: "" @@ -8772,7 +8780,40 @@ groups: - id: 6.2.6 description: "Ensure root PATH Integrity" - audit: "./cfg/2.0.0/6.2.6.sh" + audit: | + #!/bin/bash + if [ "$(echo "$PATH" | grep ::)" != "" ]; then + echo "Empty Directory in PATH (::)" + fi + + if [ "$(echo "$PATH" | grep :$)" != "" ]; then + echo "Trailing : in PATH" + fi + + p=$(echo "$PATH" | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g') + set -- $p + while [ "$1" != "" ]; do + if [ "$1" = "." ]; then + shift + continue + fi + if [ -d "$1" ]; then + dirperm=$(ls -ldH "$1" | cut -f1 -d" ") + if [ "$(echo "$dirperm" | cut -c6)" != "-" ]; then + echo "Group Write permission set on directory $1" + fi + if [ "$(echo "$dirperm" | cut -c9)" != "-" ]; then + echo "Other Write permission set on directory $1" + fi + dirown=$(ls -ldH "$1" | awk '{print $3}') + if [ "$dirown" != "root" ] ; then + echo "$1 is not owned by root" + fi + else + echo "$1 is not a directory" + fi + shift + done tests: test_items: - flag: "" @@ -8787,7 +8828,14 @@ groups: - id: 6.2.7 description: "Ensure all users' home directories exist" - audit: "./cfg/2.0.0/6.2.7.sh" + audit: | + #!/bin/bash + grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | + while read -r user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + fi + done tests: test_items: - flag: "" @@ -8801,7 +8849,28 @@ groups: - id: 6.2.8 description: "Ensure users' home directories permissions are 750 or more restrictive" - audit: "./cfg/2.0.0/6.2.8.sh" + audit: | + #!/bin/bash + grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | + while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + dirperm=$(ls -ld $dir | cut -f1 -d" ") + if [ $(echo $dirperm | cut -c6) != "-" ]; then + echo "Group Write permission set on the home directory ($dir) of user $user" + fi + if [ $(echo $dirperm | cut -c8) != "-" ]; then + echo "Other Read permission set on the home directory ($dir) of user $user" + fi + if [ $(echo $dirperm | cut -c9) != "-" ]; then + echo "Other Write permission set on the home directory ($dir) of user $user" + fi + if [ $(echo $dirperm | cut -c10) != "-" ]; then + echo "Other Execute permission set on the home directory ($dir) of user $user" + fi + fi + done tests: test_items: - flag: "" @@ -8815,7 +8884,18 @@ groups: - id: 6.2.9 description: "Ensure users own their home directories" - audit: "./cfg/2.0.0/6.2.9.sh" + audit: | + #!/bin/bash + grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + owner=$(stat -L -c "%U" "$dir") + if [ "$owner" != "$user" ]; then + echo "The home directory ($dir) of user $user is owned by $owner." + fi + fi + done tests: test_items: - flag: "" @@ -8830,7 +8910,25 @@ groups: - id: 6.2.10 description: "Ensure users' dot files are not group or world writable" - audit: "./cfg/2.0.0/6.2.10.sh" + audit: | + #!/bin/bash + grep -E -v '^(halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + for file in $dir/.[A-Za-z0-9]*; do + if [ ! -h "$file" -a -f "$file" ]; then + fileperm=$(ls -ld $file | cut -f1 -d" ") + if [ $(echo $fileperm | cut -c6) != "-" ]; then + echo "Group Write permission set on file $file" + fi + if [ $(echo $fileperm | cut -c9) != "-" ]; then + echo "Other Write permission set on file $file" + fi + fi + done + fi + done tests: test_items: - flag: "" @@ -8844,7 +8942,17 @@ groups: - id: 6.2.11 description: "Ensure no users have .forward files" - audit: "./cfg/2.0.0/6.2.11.sh" + audit: | + #!/bin/bash + grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then + echo ".forward file $dir/.forward exists" + fi + fi + done tests: test_items: - flag: "" @@ -8859,7 +8967,17 @@ groups: - id: 6.2.12 description: "Ensure no users have .netrc files" - audit: "./cfg/2.0.0/6.2.12.sh" + audit: | + #!/bin/bash + grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then + echo ".netrc file $dir/.netrc exists" + fi + fi + done tests: test_items: - flag: "" @@ -8873,7 +8991,37 @@ groups: - id: 6.2.13 description: "Ensure users' .netrc Files are not group or world accessible" - audit: "./cfg/2.0.0/6.2.13.sh" + audit: | + #!/bin/bash + grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + for file in $dir/.netrc; do + if [ ! -h "$file" -a -f "$file" ]; then + fileperm=$(ls -ld $file | cut -f1 -d" ") + if [ $(echo $fileperm | cut -c5) != "-" ]; then + echo "Group Read set on $file" + fi + if [ $(echo $fileperm | cut -c6) != "-" ]; then + echo "Group Write set on $file" + fi + if [ $(echo $fileperm | cut -c7) != "-" ]; then + echo "Group Execute set on $file" + fi + if [ $(echo $fileperm | cut -c8) != "-" ]; then + echo "Other Read set on $file" + fi + if [ $(echo $fileperm | cut -c9) != "-" ]; then + echo "Other Write set on $file" + fi + if [ $(echo $fileperm | cut -c10) != "-" ]; then + echo "Other Execute set on $file" + fi + fi + done + fi + done tests: test_items: - flag: "" @@ -8887,7 +9035,20 @@ groups: - id: 6.2.14 description: "Ensure no users have .rhosts files" - audit: "./cfg/2.0.0/6.2.14.sh" + audit: | + #!/bin/bash + grep -E -v '^(root|halt|sync|shutdown)' /etc/passwd | awk -F: '($7 != "'"$(which nologin)"'" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do + if [ ! -d "$dir" ]; then + echo "The home directory ($dir) of user $user does not exist." + else + for file in $dir/.rhosts; do + if [ ! -h "$file" -a -f "$file" ]; then + echo ".rhosts file in $dir" + fi + done + fi + done + tests: test_items: - flag: "" @@ -8901,7 +9062,15 @@ groups: - id: 6.2.15 description: "Ensure all groups in /etc/passwd exist in /etc/group" - audit: "./cfg/2.0.0/6.2.15.sh" + audit: | + #!/bin/bash + for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do + grep -q -P "^.*?:[^:]*:$i:" /etc/group + if [ $? -ne 0 ]; then + echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group" + fi + done + tests: test_items: - flag: "" @@ -8915,7 +9084,16 @@ groups: - id: 6.2.16 description: "Ensure no duplicate UIDs exist" - audit: "./cfg/2.0.0/6.2.16.sh" + audit: | + #!/bin/bash + cut -f3 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do + [ -z "$x" ] && break + set - $x + if [ $1 -gt 1 ]; then + users=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs) + echo "Duplicate UID ($2): $users" + fi + done tests: test_items: - flag: "" @@ -8929,7 +9107,17 @@ groups: - id: 6.2.17 description: "Ensure no duplicate GIDs exist" - audit: "./cfg/2.0.0/6.2.17.sh" + audit: | + #!/bin/bash + cut -f3 -d":" /etc/group | sort -n | uniq -c | while read x ; do + [ -z "$x" ] && break + set - $x + if [ $1 -gt 1 ]; then + groups=$(awk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs) + echo "Duplicate GID ($2): $groups" + fi + done + tests: test_items: - flag: "" @@ -8943,7 +9131,16 @@ groups: - id: 6.2.18 description: "Ensure no duplicate user names exist" - audit: "./cfg/2.0.0/6.2.18.sh" + audit: | + #!/bin/bash + cut -f1 -d":" /etc/passwd | sort -n | uniq -c | while read x ; do + [ -z "$x" ] && break + set - $x + if [ $1 -gt 1 ]; then + uids=$(awk -F: '($1 == n) { print $3 }' n=$2 /etc/passwd | xargs) + echo "Duplicate User Name ($2): $uids" + fi + done tests: test_items: - flag: "" @@ -8958,7 +9155,16 @@ groups: - id: 6.2.19 description: "Ensure no duplicate group names exist" - audit: "./cfg/2.0.0/6.2.19.sh" + audit: | + #!/bin/bash + cut -f1 -d":" /etc/group | sort -n | uniq -c | while read x ; do + [ -z "$x" ] && break + set - $x + if [ $1 -gt 1 ]; then + gids=$(gawk -F: '($1 == n) { print $3 }' n=$2 /etc/group | xargs) + echo "Duplicate Group Name ($2): $gids" + fi + done tests: test_items: - flag: "" diff --git a/go.mod b/go.mod index 5badc37..f60165e 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/aquasecurity/linux-bench go 1.13 require ( - github.com/aquasecurity/bench-common v0.4.3 + github.com/aquasecurity/bench-common v0.4.4 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b github.com/spf13/cobra v1.1.1 github.com/spf13/viper v1.7.1 diff --git a/go.sum b/go.sum index a5a1249..34aa72b 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/aquasecurity/bench-common v0.4.3 h1:Cym3+jHYIyLPDzkjWojca5+RyjW2/3LAfq/BI6MsZU4= -github.com/aquasecurity/bench-common v0.4.3/go.mod h1:glope+l06WRCkeiKLcs0exibg3w0ZdXDpZJOSSuw+wg= +github.com/aquasecurity/bench-common v0.4.4 h1:gBs1ddFIviR5ZiNd02HkH+qwh5t2HbvJTK07N2Z5gaE= +github.com/aquasecurity/bench-common v0.4.4/go.mod h1:glope+l06WRCkeiKLcs0exibg3w0ZdXDpZJOSSuw+wg= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=