From d2ab36f8007f83bdeceb1e4743cffcb47a25e1b3 Mon Sep 17 00:00:00 2001 From: yoavrotems Date: Tue, 21 May 2019 14:40:16 +0300 Subject: [PATCH 1/3] Update definitions.yaml Has a problem with the pipelines in the audit command. Solved with script 1.1.25.sh file --- cfg/1.1.0/definitions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cfg/1.1.0/definitions.yaml b/cfg/1.1.0/definitions.yaml index cdc1369..fcc7389 100644 --- a/cfg/1.1.0/definitions.yaml +++ b/cfg/1.1.0/definitions.yaml @@ -564,7 +564,7 @@ groups: - id: 1.1.25 description: "Ensure sticky bit is set on all world-writable directories" - audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \\( -perm -0002 -a ! -perm -1000 \\) 2>/dev/null" + audit: "./1.1.25.sh" tests: test_items: - flag: "" From 0a50f06540cc27dcd33cf97405f1cf6ca1f79faf Mon Sep 17 00:00:00 2001 From: yoavrotems Date: Tue, 21 May 2019 14:42:57 +0300 Subject: [PATCH 2/3] Create 1.1.25.sh Made for test 1.1.25 --- cfg/1.1.0/1.1.25.sh | 1 + 1 file changed, 1 insertion(+) create mode 100644 cfg/1.1.0/1.1.25.sh diff --git a/cfg/1.1.0/1.1.25.sh b/cfg/1.1.0/1.1.25.sh new file mode 100644 index 0000000..5b3fd58 --- /dev/null +++ b/cfg/1.1.0/1.1.25.sh @@ -0,0 +1 @@ +df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type d \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null From 23dc330bc17c818966f3099e8f564a3ec1dbb912 Mon Sep 17 00:00:00 2001 From: yoavrotems Date: Sun, 26 May 2019 15:07:06 +0300 Subject: [PATCH 3/3] Add limit to specific tests output - in order to be more efficient 6.1.10 6.1.11 6.1.12 6.1.13 6.1.14 and test 1.1.25 been changed in the script 1.1.25.sh --- cfg/1.1.0/definitions.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cfg/1.1.0/definitions.yaml b/cfg/1.1.0/definitions.yaml index fcc7389..daf06e5 100644 --- a/cfg/1.1.0/definitions.yaml +++ b/cfg/1.1.0/definitions.yaml @@ -7820,7 +7820,7 @@ groups: - id: 6.1.10.a description: "Ensure no world writable files exist" - audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002" + audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -0002 | head -n 100" tests: test_items: - flag: "" @@ -7842,7 +7842,7 @@ groups: - id: 6.1.11.a description: "Ensure no unowned files or directories exist" - audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser" + audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nouser | head -n 100" tests: test_items: - flag: "" @@ -7864,7 +7864,7 @@ groups: - id: 6.1.12.a description: "Ensure no ungrouped files or directories exist" - audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup" + audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -nogroup | head -n 100" tests: test_items: - flag: "" @@ -7886,7 +7886,7 @@ groups: - id: 6.1.13.a description: "Audit SUID executables" - audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000" + audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -4000 | head -n 100" type: manual tests: test_items: @@ -7909,7 +7909,7 @@ groups: - id: 6.1.14.a description: "Audit SGID executables" - audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000" + audit: "df --local -P | awk {'if (NR!=1) print $6'} | xargs -I '{}' find '{}' -xdev -type f -perm -2000 | head -n 100" type: manual tests: test_items: