You cannot see this page without javascript.

메뉴 건너뛰기

WHKorea

국정원기반 서버 취약점 점검 스크립트 -Linux

 

아래 스크립트는 필자가 만든 스크립트입니다.

국정원이나 산자부 보안점검 대비 OS를 체크하기 위한 스크립트로

매우 주관적으로 만든 것이니 참고만 하시기 바랍니다.

 

 

 

#!/bin/sh
# NISK(National Intelligence Service Korea) Base Security Check Script for KookJung
# Edit by Guppy in 2020
# for Linux

LANG=C
DATE=`date +%Y%m%d%H%M`
#DAY=`date +%D`
DAY=`date +%m/%d/%Y`
LOGFILE=`hostname`_$DATE.txt
Kernel=`uname -r | awk '{ print substr($0,1,6);}'`

OS=`uname -s`
VER=`uname -r`
CURR="Linux"

if [ $OS != $CURR ] ; then
 echo " This Version OS is Not RUN !! "
 exit
fi

#echo $DATE > $LOGFILE
echo $DAY > $LOGFILE
echo $Kernel >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "#######OTP Setting check  ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo >> $LOGFILE
grep /etc/pam_radius_auth.conf /etc/pam.d/su >> $LOGFILE 2>&1
echo >> $LOGFILE
grep /etc/pam_radius_auth.conf /etc/pam.d/sshd >> $LOGFILE 2>&1
echo >> $LOGFILE
cat /etc/pam_radius_auth.conf >> $LOGFILE 2>&1
echo >> $LOGFILE
grep -v ^# /etc/ssh/sshd_config | grep PAM >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################" >> $LOGFILE
echo "#######ftp, telnet check  ##################" >> $LOGFILE
echo "############################################" >> $LOGFILE
echo "##Process Check" >>$LOGFILE
ps -ef | grep ftp | grep -v grep >> $LOGFILE
echo >> $LOGFILE
echo "##xinetd daemon Check" >>$LOGFILE
grep ftp /etc/xinetd.d/* >> $LOGFILE 2>&1
echo >> $LOGFILE
grep telnet /etc/xinetd.d/* >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "##xferlog Check" >>$LOGFILE
tail -n 20 /var/log/xferlog >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
 systemctl list-unit-files | grep ftp >> $LOGFILE 2>&1
 echo >> $LOGFILE
 systemctl list-unit-files | grep telnet >> $LOGFILE 2>&1
fi


echo "############################################">> $LOGFILE
echo "####### ssh port 2222    ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##Port Check" >>$LOGFILE
grep Port /etc/ssh/sshd_config >> $LOGFILE
echo "##PermitRootLogin no Check" >>$LOGFILE
grep PermitRootLogin /etc/ssh/sshd_config >> $LOGFILE
echo >> $LOGFILE
echo "##2222 port Check" >>$LOGFILE
netstat -na | grep 2222 >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/securetty ] ; then
        if [ `grep pts /etc/securetty  | wc -l` -eq 0 ] ; then
                echo "##/etc/securetty set ok " >> $LOGFILE
                else
                echo "tty1" >> /etc/securetty
                echo "##/etc/securetty reconfigure require " >> $LOGFILE
        fi
        else
        touch /etc/securetty >>$LOGFILE
        cat "tty1" > /etc/securetty
        echo "##/etc/securetty create and reconfigure ok " >> $LOGFILE
fi
echo ""  >> $LOGFILE
echo ""  >> $LOGFILE

if [ `grep "PermitRootLogin" /etc/ssh/sshd_config | grep -v \# | grep no | wc -l`  -eq 1 ]
        then
        echo "##sshd_config PermitRootLogin no set ok" >> $LOGFILE
        else
        echo "PermitRootLogin no" >> /etc/ssh/sshd_config
        if [ -f /etc/init.d/sshd ] ; then
         /etc/init.d/sshd restart >> $LOGFILE 2>&1
 else
 systemctl restart sshd >> $LOGFILE 2>&1
        fi
        echo "##sshd_config PermitRootLogin no set reconfigured" >> $LOGFILE
fi
echo ""  >> $LOGFILE
echo ""  >> $LOGFILE
echo "############################################">> $LOGFILE
echo "####### ntp check         ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##crontab Check" >>$LOGFILE
crontab -l | grep ntp >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "##ntp log Check" >>$LOGFILE
tail -n 20 /tmp/zws/ntpdate.log >> $LOGFILE 2>&1
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "####### ACL check         ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##allow Check" >>$LOGFILE
cat /etc/hosts.allow | grep -v ^# | grep -v ^$ >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##deny Check" >>$LOGFILE
cat /etc/hosts.deny  | grep -v ^# | grep -v ^$ >> $LOGFILE
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "#######UID, GID 0-99      ##################">> $LOGFILE
echo "############################################">> $LOGFILE
cat /etc/passwd | head -n 30 >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##passwd Check" >>$LOGFILE
cat /etc/passwd | grep ~2018 >> $LOGFILE
echo >> $LOGFILE
cat /etc/passwd | grep ~2017 >> $LOGFILE
echo >> $LOGFILE

echo "####### group check       ##################">> $LOGFILE
echo "##group id 100 Check" >>$LOGFILE
cat /etc/group | grep ^user >> $LOGFILE
echo >> $LOGFILE
echo "##delete group Check" >>$LOGFILE
Def_group="tty uucp smbnull tftp"
for check in $Def_group
do
        if [ `cat /etc/group | grep -v /sbin/nologin | grep -v /bin/false | grep ^$check: | awk -F: '{print $1}' | wc -l ` -gt 0 ]
        then
        echo "## Default group exist : $check" >> $LOGFILE
        groupdel $check >> $LOGFILE
        echo "##group $check delete " >> $LOGFILE
        fi
done
echo >> $LOGFILE
echo "##users 20 Check" >>$LOGFILE
cat /etc/passwd | grep :20:>> $LOGFILE
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "#######UID, GID 0         ##################">> $LOGFILE
echo "############################################">> $LOGFILE
cat /etc/passwd | grep :0: >> $LOGFILE
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "#######Default ID check   ##################">> $LOGFILE
echo "############################################">> $LOGFILE
Def_ID="adm lp uucp nuucp sync shutdown halt news operator games gopher nfsnobody squid hpdb smbnull iwww owww tftp"

for check in $Def_ID
do
        if [ `cat /etc/passwd  | grep ^$check: | awk -F: '{print $1}' | wc -l ` -gt 0 ]
        then
        echo "## Default ID exist : $check" >> $LOGFILE
        userdel $check >> $LOGFILE 2>&1
        echo "##user $check delete " >> $LOGFILE
        fi
done

echo >> $LOGFILE
Def_nologin="mysql ssh"
for check in $Def_nologin
do
        if [ `cat /etc/passwd | grep -v /sbin/nologin | grep -v /bin/false | grep ^$check: | awk -F: '{print $1}'  | wc -l ` -gt 0 ]
        then
        echo "## Default user login exist : $check" >> $LOGFILE
        usermod -s /bin/false $check >> $LOGFILE 2>&1
        echo "##user  $check nologin configured" >> $LOGFILE
        fi
done
echo "##Shell nologin, false Check" >>$LOGFILE
cat /etc/passwd | grep -v /sbin/nologin | grep -v /bin/false | grep -v userid | grep -v userdev | grep -v usermaster >> $LOGFILE
echo >> $LOGFILE
echo "##test id Check" >>$LOGFILE
cat /etc/passwd | grep test >> $LOGFILE
echo >> $LOGFILE


echo "############################################">> $LOGFILE
echo "####### login fail count  ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##/etc/pam.d  Check" >>$LOGFILE
grep pam_tally /etc/pam.d/* >> $LOGFILE
ls -la /sbin/pam_tally* >> $LOGFILE 2>&1
ls -la /lib/security/pam_tally*.so >> $LOGFILE 2>&1
ls -la /lib64/security/pam_tally*.so >> $LOGFILE 2>&1
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "####### hosts file perm  644(444),root  ##################">> $LOGFILE
echo "############################################">> $LOGFILE
ls -la /etc/hosts >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/hosts ]
        then
                if [ `ls -alL /etc/hosts | grep "...-.--.--.*.*" | wc -l` -eq 1 ]
                then
                 echo "##/etc/hosts perm ok " >> $LOGFILE
                else
                 echo "##/etc/hosts perm reset " >> $LOGFILE
                 chmod 644 /etc/hosts >> $LOGFILE
                fi
                if [ `ls -ld /etc/hosts | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/hosts root ok " >> $LOGFILE
                else
                 echo "##/etc/hosts root reset " >> $LOGFILE
                 chown root /etc/hosts >> $LOGFILE
                fi
        else
                echo "##/etc/hosts NOT Found" >> $LOGFILE
fi

echo "####### syslog.conf 644(444),root   ##################">> $LOGFILE
ls -la /etc/*syslog.conf>> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/syslog.conf ]
        then
                if [ `ls -alL /etc/syslog.conf | grep "...-.--.--" | wc -l` -eq 1 ]
                then
                 echo "##/etc/syslog.conf perm ok" >> $LOGFILE
                else
                 echo "##/etc/syslog.conf perm reset" >> $LOGFILE
                 chown 644 /etc/syslog.conf >> $LOGFILE
                fi
                if [ `ls -ld /etc/syslog.conf | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/syslog.conf root ok " >> $LOGFILE
                else
                 echo "##/etc/syslog.conf root reset " >> $LOGFILE
                 chown root /etc/syslog.conf >> $LOGFILE
                fi

        else
                echo "##/etc/syslog.conf Not Found" >> $LOGFILE
fi

echo "####### services 644,root            ##################">> $LOGFILE
ls -la /etc/services>> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/services ]
        then
                if [ `ls -alL /etc/services | grep "...-.--.--" | wc -l` -eq 1 ]
                then
                 echo "##/etc/services perm ok" >> $LOGFILE
                else
                 echo "##/etc/services perm reset" >> $LOGFILE
                 chown 644 /etc/services >> $LOGFILE
                fi
                if [ `ls -ld /etc/services | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/services root ok " >> $LOGFILE
                else
                 echo "##/etc/services root reset " >> $LOGFILE
                 chown root /etc/services >> $LOGFILE
                fi
        else
                echo "##/etc/services Not Found" >> $LOGFILE
fi

echo "############################################">> $LOGFILE
echo "####### sulog   , su 4750  ,root.wheel    ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##sulog check" >>$LOGFILE
grep sulog /etc/*syslog.conf >>$LOGFILE
CT=`grep sulog /etc/*syslog.conf | wc -l `
echo "">> $LOGFILE
if [ $CT -gt 1 ] ; then
tail -n 10 `grep sulog /etc/*syslog.conf | awk '{print $2}'` >>$LOGFILE 2>&1
fi

echo "##syslog.conf auth check" >>$LOGFILE
grep auth /etc/*syslog.conf >>$LOGFILE
if [ ! -d /var/log/sulogd ] ; then
        mkdir -p /var/log/sulogd
        touch /var/log/sulogd/sulog.log
        echo "## /var/log/sulogd directory create" >>$LOGFILE
fi
if [ -f /etc/login.defs ]; then
        if [ `grep SULOG /etc/login.defs | wc -l` -eq 0 ] ; then
 echo "SULOG_FILE /var/log/sulogd/sulog.log" >> /etc/login.defs
        fi
fi

if [ -f /etc/rsyslog.conf ]
        then
        if [ `cat /etc/rsyslog.conf  | grep authpriv. | wc -l` -gt 0 ] ; then
                echo "##syslog authpriv.notice setting ok " >>$LOGFILE
                echo "" >>$LOGFILE
                else
                echo "##authpriv.notice syslog reconfigured " >>$LOGFILE
             echo "" >>$LOGFILE
                echo "authpriv.*   /var/log/sulogd/sulog.log " >> /etc/rsyslog.conf
                if [ $Kernel = "2.6.32" ] ; then
                        service rsyslog restart >>$LOGFILE 2>&1
             else
                        systemctl restart rsyslog.service>>$LOGFILE 2>&1

                fi
         fi
fi
if [ -f /etc/syslog.conf ]
        then
        if [ `cat /etc/syslog.conf  | grep auth. | wc -l` -gt 0 ] ; then
                echo " syslog auth.notice setting ok " >>$LOGFILE
                echo "" >>$LOGFILE
                else
                echo " auth.notice syslog reconfigured " >>$LOGFILE
             echo "" >>$LOGFILE
                echo "auth.*   /var/log/sulogd/sulog.log " >> /etc/syslog.conf
                service syslog restart >>$LOGFILE 2>&1
               
         fi
fi

echo >> $LOGFILE
if [ -f /usr/bin/su ]
        then
                ls -la /usr/bin/su  >> $LOGFILE
                if [ `ls -alL /usr/bin/su | grep ".rwsr-x---.*root.*wheel*" | wc -l` -eq 1 ]
                then
                echo "##/usr/bin/su perm ok" >> $LOGFILE
                else
                echo "##/usr/bin/su perm reset" >> $LOGFILE
                chmod 4750 /usr/bin/su >> $LOGFILE
     chown root /usr/bin/su >> $LOGFILE
                chgrp wheel /usr/bin/su >> $LOGFILE
                fi

fi
if [ -f /bin/su ]
        then
                ls -la /bin/su >> $LOGFILE
  if [ `ls -alL /bin/su | grep ".rwsr-x---.*root.*wheel*" | wc -l` -eq 1 ]
                then
                echo "##/bin/su perm ok" >> $LOGFILE
                else
                echo "##/bin/su perm reset" >> $LOGFILE
     chown root:wheel /bin/su >> $LOGFILE
                chmod 4750 /bin/su >> $LOGFILE
                fi

fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "#######  network daemon  644(555) g-w, o-w  ##################">> $LOGFILE
echo "############################################">> $LOGFILE
ls -la /etc/init.d/* >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ `find /etc/init.d/ \( -perm -g+w -o -perm -o+w \) -type f  | wc -l` -eq 0 ]
        then
        echo "##Network Daemon Perm 755 ok " >> $LOGFILE
        else
        echo "##Network Daemon Perm reset  " >> $LOGFILE
        find /etc/init.d/ \( -perm -g+w -o -perm -o+w \) -type f -exec ls -la {} \;  >> $LOGFILE 2>&1
        find /etc/init.d/ \( -perm -g+w -o -perm -o+w \) -type f -exec chmod 644  {} \; >> $LOGFILE 2>&1
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "#######  Password OTP or Not ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "#######  passwd 644,root shadow 400,root      ##################">> $LOGFILE
echo "############################################">> $LOGFILE
ls -la /etc/passwd >> $LOGFILE
if [ -f /etc/passwd ]
        then
                if [ `ls -alL /etc/passwd | grep "...-.--.--" | wc -l` -eq 1 ]
                then
                 echo "##/etc/passwd perm ok" >> $LOGFILE
                else
                 echo "##/etc/passwd perm reset" >> $LOGFILE
                 chown 644 /etc/passwd >> $LOGFILE
                fi
                if [ `ls -ld /etc/passwd | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/passwd root ok " >> $LOGFILE
                else
                 echo "##/etc/passwd root reset " >> $LOGFILE
                 chown root /etc/passwd >> $LOGFILE
                fi

        else
                echo "##/etc/passwd Not Found" >> $LOGFILE
fi
ls -la /etc/shadow >> $LOGFILE 2>&1
if [ -f /etc/shadow ]
        then
                if [ `ls -alL /etc/shadow | grep "..--------" | wc -l` -eq 1 ]
                then
                 echo "##/etc/shadow perm ok" >> $LOGFILE
                else
                 echo "##/etc/shadow perm reset" >> $LOGFILE
                 chown 400 /etc/shadow >> $LOGFILE
                fi
                if [ `ls -ld /etc/shadow | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/shadow root ok " >> $LOGFILE
                else
                 echo "##/etc/shadow root reset " >> $LOGFILE
                 chown root /etc/shadow >> $LOGFILE
                fi

        else
                echo "##/etc/shadow Not Found" >> $LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "#######  remote shell check#################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##xinetd.conf check" >>$LOGFILE
ls -la  /etc/xinetd.d/*login* >>$LOGFILE 2>&1
echo >> $LOGFILE
ls -la  /etc/xinetd.d/*rsh* >>$LOGFILE 2>&1
echo >> $LOGFILE
ls -la  /etc/xinetd.d/*rexec* >>$LOGFILE 2>&1
echo >> $LOGFILE
find /home -name .rhosts >>$LOGFILE 2>&1
echo >> $LOGFILE
HOMEDIRS=`cat /etc/passwd | awk -F":" 'length($6) > 0 {print $6}' | sort -u`
for dir in $HOMEDIRS
do

if [ -f $dir/.rhosts ]
        then
        ls -la $dir/.rhosts >> $LOGFILE
        echo "## Delete file $dir/.rhosts " >> $LOGFILE
        rm -rf $dir/.rhosts >> $LOGFILE
#       else
#       echo " .rhosts file not found "
fi
if [ -f $dir/.netrc ]
        then
        ls -la $dir/.netrc >> $LOGFILE
        echo "## Delete file $dir/.netrc " >> $LOGFILE
        rm -rf $dir/.netrc >> $LOGFILE
#       else
#       echo " .netrc file not found "
fi

done

echo "##hosts.equiv check" >>$LOGFILE
ls -la /etc/hosts.equiv >>$LOGFILE 2>&1
if [ -f /etc/hosts.equiv ]
then
                if [ `ls -alL /etc/hosts.equiv | grep ".r.-------.*root.*" | wc -l` -eq 1 ]
                        then
                                echo "##/etc/hosts.equiv perm ok" >> $LOGFILE
                        else
                                echo "##/etc/hosts.equiv perm reset" >> $LOGFILE
                                chown root:root /etc/hosts.equiv >> $LOGFILE
                                chmod 400 /etc/hosts.equiv >> $LOGFILE
                fi

else
        echo "##/etc/hosts.equiv file Not Found is ok" >> $LOGFILE
fi

echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "####### inetd   600,root  rpc stop          ##################">> $LOGFILE
echo "############################################">> $LOGFILE

runlevel >> $LOGFILE
echo >> $LOGFILE

if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
 /bin/systemctl list-unit-files | grep -v disabled >>$LOGFILE 2>&1
 else
 LANG=C ; chkconfig --list | grep -v `runlevel | awk '{print $2}'`:off >> $LOGFILE 2>&1
fi

echo >> $LOGFILE
if [ -f /etc/xinetd.conf  ]
        then
        ls -la /etc/xinetd.conf  >> $LOGFILE
                if [ `ls -alL /etc/xinetd.conf  | grep "...-------" | wc -l` -eq 1 ]
                then
                 echo "##/etc/xinetd.conf  perm ok" >> $LOGFILE
                else
                 echo "##/etc/xinetd.conf  perm reset" >> $LOGFILE
                 chown 600 /etc/xinetd.conf  >> $LOGFILE
                fi
                if [ `ls -ld /etc/xinetd.conf  | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/xinetd.conf  root ok " >> $LOGFILE
                else
                 echo "##/etc/xinetd.conf  root reset " >> $LOGFILE
                 chown root /etc/xinetd.conf  >> $LOGFILE
                fi
     ls -la /etc/xinetd.d/* >> $LOGFILE
        else
                echo "##/etc/xinetd.conf  Not Found">> $LOGFILE
fi

 


echo >> $LOGFILE
if [ -f /etc/xinetd.conf  ] ; then
 echo "##xinetd.conf rpc config set check" >>$LOGFILE
 cat /etc/xinetd.conf | grep -v ^# | grep -v ^$>> $LOGFILE
 echo >> $LOGFILE
fi
netstat -na | grep LISTEN | grep ":512 " >> $LOGFILE
netstat -na | grep LISTEN | grep ":513 " >> $LOGFILE
netstat -na | grep LISTEN | grep ":514 " >> $LOGFILE


echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "####### ftp, telnet check ##################" >> $LOGFILE
echo "############################################">> $LOGFILE

systemctl 2>&1 | grep ftp>> $LOGFILE
systemctl 2>&1 | grep telnet>> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
 /bin/systemctl list-unit-files | grep telnet  >>$LOGFILE 2>&1
 else
 LANG=C ; chkconfig --list | grep telnet  >> $LOGFILE 2>&1
fi

grep telnet /etc/init.d/* >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "##telnet Listen is .. " >> $LOGFILE
netstat -na | grep ":23 " >> $LOGFILE
netstat -na | grep ":22 " >> $LOGFILE
netstat -na | grep ":2222 " >> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ]  ; then
 /bin/systemctl list-unit-files | grep ftp  >>$LOGFILE 2>&1
 else
 LANG=C ; chkconfig --list | grep ftp  >> $LOGFILE 2>&1
fi

ls /etc/init.d/*ftp* >> $LOGFILE 2>&1
echo "## ftp Listen is .. " >> $LOGFILE
netstat -na | grep ":3333 " >> $LOGFILE
netstat -na | grep ":21 " >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/vsftpd/vsftpd.conf ] ; then
 if [ `cat /etc/vsftpd/vsftpd.conf | grep -v ^\# | grep anonymous | egrep -v "no|NO"| wc -l ` -eq 0 ]
          then
          echo "## Anonymous FTP NO Setting" >> $LOGFILE
          else
          echo "## Setting require Anonymous FTP Delete at /etc/vsftpd/vsftpd.conf " >> $LOGFILE
 fi
 else
 echo "## /etc/vsftpd/vsftpd.conf file Not Found " >> $LOGFILE
fi

echo "############################################">> $LOGFILE
echo "####### .netrc            ##################">> $LOGFILE
echo "############################################">> $LOGFILE
find /home -name .netrc >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "####### last              ##################">> $LOGFILE
echo "############################################">> $LOGFILE
last  | head -n 20 >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "####### Cron   640,root  g-x, o-x, o-r ##################">> $LOGFILE
echo "############################################">> $LOGFILE
#ls -laR /var/spool/cron >> $LOGFILE
echo >> $LOGFILE
ls -la /etc/cron* >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ -f /etc/cron.allow  ]
        then
  ls -la /etc/cron.allow >>$LOGFILE
                if [ `ls -alL /etc/cron.allow   | grep "...-.-----" | wc -l` -eq 1 ]
                then
                 echo "##/etc/cron.allow   perm ok" >>$LOGFILE
                else
                 echo "##/etc/cron.allow   perm reset" >>$LOGFILE
                 chown 640 /etc/cron.allow   >>$LOGFILE
                fi
                if [ `ls -ld /etc/cron.allow   | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/cron.allow   root ok " >>$LOGFILE
                else
                 echo "##/etc/cron.allow   root reset " >>$LOGFILE
                 chown root /etc/cron.allow   >>$LOGFILE
                fi

        else
                echo "##/etc/cron.allow   Not Found" >>$LOGFILE
fi
if [ -f /etc/cron.deny  ]
        then
  ls -la /etc/cron.deny >>$LOGFILE
                if [ `ls -alL /etc/cron.deny  | grep "...-.-----" | wc -l` -eq 1 ]
                then
                 echo "##/etc/cron.deny  perm ok" >>$LOGFILE
                else
                 echo "##/etc/cron.deny  perm reset" >>$LOGFILE
                 chown 640 /etc/cron.deny  >>$LOGFILE
                fi
                if [ `ls -ld /etc/cron.deny  | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/cron.deny  root ok " >>$LOGFILE
                else
                 echo "##/etc/cron.deny  root reset " >>$LOGFILE
                 chown root /etc/cron.deny >>$LOGFILE
                fi

        else
                echo "##/etc/cron.deny  Not Found" >>$LOGFILE
fi

echo "############################################">> $LOGFILE
echo "####### Snmp              ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##Process check" >>$LOGFILE
ps -ef | grep snmp | grep -v grep >> $LOGFILE
echo >> $LOGFILE
echo "##start shell check" >>$LOGFILE
ls /etc/init.d/*snmp* >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "##community check" >>$LOGFILE
grep community /etc/snmp/snmpd.conf >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "##Listen check" >>$LOGFILE
netstat -na | grep ":161 " >> $LOGFILE
echo >> $LOGFILE
systemctl 2>&1 | grep snmp >> $LOGFILE
echo >> $LOGFILE
ls -la /etc/hosts >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "####### ssh version       ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo >> $LOGFILE
if [ $Kernel = "4.4.16" ] ; then
 rpm -qi openssh >> $LOGFILE 2>&1
 else
 rpm -qi openssh-server >> $LOGFILE 2>&1
fi
echo >> $LOGFILE
openssl version >> $LOGFILE 2>&1
echo >> $LOGFILE
ps -ef | grep ssh >> $LOGFILE 2>&1
echo >> $LOGFILE
ls -la /etc/hosts >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "####### sysctl check         ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo >> $LOGFILE
sysctl  net.ipv4.ip_forward >> $LOGFILE
if [ `sysctl  -n net.ipv4.ip_forward` -eq 0 ] ; then
 echo "## net.ipv4.ip_forward set ok "  >> $LOGFILE
 else
 echo 0 > /proc/sys/net/ipv4/ip_forward
 echo "## net.ipv4.ip_forward set configured "  >> $LOGFILE
fi
echo >> $LOGFILE
sysctl  net.ipv4.conf.default.accept_source_route >> $LOGFILE
if [ `sysctl  -n net.ipv4.conf.default.accept_source_route` -eq 0 ] ; then
 echo "## net.ipv4.conf.default.accept_source_route set ok "  >> $LOGFILE
 else
 echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route
 echo "## net.ipv4.conf.default.accept_source_route set configured "  >> $LOGFILE
fi
echo >> $LOGFILE
echo "## sysctl.conf show check " >> $LOGFILE
cat /etc/sysctl.conf | grep -v ^# | grep -v ^$>> $LOGFILE

echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE


echo "############################################">> $LOGFILE
echo "#######  Etc System Check   ##################">> $LOGFILE
echo "############################################">> $LOGFILE

echo >> $LOGFILE
echo >> $LOGFILE
echo "####### /home .profile perm g-w, o-w        ##################">> $LOGFILE
#ls -la /home/*/.profile >> $LOGFILE 2>&1
#ls -la /home/*/.bash_profile >> $LOGFILE 2>&1
#ls -la /home/*/.*rc >> $LOGFILE 2>&1
#ls -la /home/*/.login >> $LOGFILE 2>&1
echo >> $LOGFILE
find /home/*/ -name .profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \; >> $LOGFILE 2>&1
find /home/*/ -name .bash_profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \;>>$LOGFILE 2>&1
find /home/*/ -name .*rc \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \;>>$LOGFILE 2>&1
find /home/*/ -name .login \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \;>>$LOGFILE 2>&1
find /home/*/ -name .profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \; >> $LOGFILE 2>&1
find /home/*/ -name .bash_profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \;  >>$LOGFILE 2>&1
find /home/*/ -name .*rc \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \;  >>$LOGFILE 2>&1
find /home/*/ -name .login \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \; >>$LOGFILE 2>&1

echo "####### /home World Writable file  autorun chmod o-w ##################">> $LOGFILE
find /home \( -type f -o -type d \) -perm -2 -ls  >> $LOGFILE 2>&1
find /home -type f -perm -2 -exec chmod o-w {} \; >> $LOGFILE 2>&1
find /home -type d -perm 777 -exec chmod o-w {} \; >> $LOGFILE 2>&1
echo >> $LOGFILE

echo "####### Warm Message (/etc/motd)    ##################">> $LOGFILE
cat /etc/motd  >> $LOGFILE 2>&1
echo >> $LOGFILE

echo "####### automount stop                   ##################">> $LOGFILE
ps -ef | grep automount |grep -v grep >> $LOGFILE
echo >> $LOGFILE
if [ `ps  -ef | grep automount | grep -v grep | wc -l ` -gt 0 ] ; then
        /etc/init.d/autofs stop >> $LOGFILE 2>&1
        chkconfig --level 345 autofs off >> $LOGFILE 2>&1
        echo "## stoped autofs " >> $LOGFILE 2>&1
fi

 

echo "####### hosts.lpd 600,root                 ##################">> $LOGFILE
ls -la /etc/hosts.lpd>> $LOGFILE 2>&1
if [ -f /etc/hosts.lpd  ]
        then
                if [ `ls -alL /etc/hosts.lpd  | grep "...-------" | wc -l` -eq 1 ]
                then
                 echo "##/etc/hosts.lpd  perm ok"  >> $LOGFILE
                else
                 echo "##/etc/hosts.lpd  perm reset"  >> $LOGFILE
                 chown 600 /etc/hosts.lpd  >> $LOGFILE
                fi
                if [ `ls -ld /etc/hosts.lpd  | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/hosts.lpd  root ok "  >> $LOGFILE
                else
                 echo "##/etc/hosts.lpd  root reset "  >> $LOGFILE
                 chown root /etc/hosts.lpd
                fi

        else
                echo "##/etc/hosts.lpd  Not Found"  >> $LOGFILE
fi

echo "####### TMOUT 600, umask (0)022     ##################">> $LOGFILE
echo "##/etc/profile check" >>$LOGFILE
echo >> $LOGFILE
echo "##TMOUT at profile" >>$LOGFILE
grep TMOUT /etc/profile>> $LOGFILE
echo >> $LOGFILE
echo "##UMASK at profile" >>$LOGFILE
grep UMASK /etc/profile>> $LOGFILE
echo >> $LOGFILE
echo "##umask config" >>$LOGFILE
grep umask /etc/profile>> $LOGFILE
echo "##umask setting">> $LOGFILE
umask >> $LOGFILE
if [ `umask` -eq  0022 ] ; then
        echo "## UMASK set ok " >> $LOGFILE
        else
        echo " umask 0022" >> /etc/profile
        echo "## UMASK 0022 Set" >> $LOGFILE
fi
echo >> $LOGFILE


echo "##/home at -nouser -o -nogroup check autorun chmod root, chgrp root" >>$LOGFILE
echo "" >>$LOGFILE
find /home \( -nouser -o -nogroup \) -exec ls -la {} \; >> $LOGFILE
find /home -nouser -exec chown root {} \; 2>&1  >> $LOGFILE
find /home -nogroup -exec chgrp root {} \; 2>&1 >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##/home at perm -04000 -o -perm -02000 check if exist delete file" >>$LOGFILE
find /home -user root -type f \( -perm -04000 -o -perm -02000 \) -exec ls -la {} \;  >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##/dev device file  check if exist delete file" >> $LOGFILE
find /dev -type f -exec -ls -l {} \; 2> /dev/null >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "#######  system info  ##################">> $LOGFILE
echo "############################################">> $LOGFILE
netstat -natp >> $LOGFILE
echo >> $LOGFILE
netstat -naup >> $LOGFILE
echo >> $LOGFILE
ps -ef >> $LOGFILE
echo >> $LOGFILE
df -HT >> $LOGFILE
echo >> $LOGFILE
ifconfig >>  $LOGFILE
echo >> $LOGFILE
netstat -in >> $LOGFILE
echo >> $LOGFILE
netstat -rn >> $LOGFILE
echo >> $LOGFILE
free -m >> $LOGFILE
echo >> $LOGFILE
uname -a >> $LOGFILE
echo >> $LOGFILE


 

위로