You cannot see this page without javascript.

메뉴 건너뛰기

WHKorea

국정원,산자부 서버 취약점 점검 스크립트 -HPUX  - 2021

 

아래 스크립트는 필자가 만든 스크립트입니다.

국정원이나 산자부 보안점검 대비 OS를 체크하기 위한 스크립트로

매우 주관적으로 만든 것이니 참고만 하시기 바랍니다.

 

첨부 되어 있습니다.

 

다운 받은뒤 .txt 확장자를 빼고 실행하면 됩니다.

HPUX_2021.sh

 

#!/sbin/sh
# NISK(National Intelligence Service Korea) Base Security Check Script
# Edit by Guppy in 2021

DATE=`date +%Y%m%d%H%M`
DAY=`date +%m/%d/%Y`
LOGFILE=`hostname`_$DATE.txt
OS=`uname -s`
VER=`uname -r`
CURR="HP-UX"

if [ $OS != $CURR ] ; then
 echo " This Version $OS is Not RUN !! "
 exit
fi

echo $DAY > $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "#####################################################">> $LOGFILE
echo "#######              OTP Config Check          ##################">> $LOGFILE
echo "#####################################################">> $LOGFILE
echo >> $LOGFILE
cat /etc/pam.conf | grep -v ^# | grep libpam_radius.so.1 >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/pam_radius_auth.conf ] ; then
 ls -la /etc/pam_radius_auth.conf 2>&1 >> $LOGFILE
 echo >> $LOGFILE
 cat /etc/pam_radius_auth.conf 2>&1 >> $LOGFILE
 echo >> $LOGFILE
fi
echo >> $LOGFILE

echo >> $LOGFILE
echo >> $LOGFILE


echo "#####################################################">> $LOGFILE
echo "#######      SecureShell port 49110            ##################">> $LOGFILE
echo "#####################################################">> $LOGFILE
echo "##Port Check" >>$LOGFILE
grep ^Port /opt/ssh/etc/sshd_config >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##49110 port Listen Check" >>$LOGFILE
netstat -na | grep 49110>> $LOGFILE
echo >> $LOGFILE


echo "#####################################################">> $LOGFILE
echo "#######                ntp check                  ##################">> $LOGFILE
echo "#####################################################">> $LOGFILE
echo "##crontab Check" >>$LOGFILE
crontab -l | grep ntp>> $LOGFILE
echo >> $LOGFILE
echo "##ntp log Check" >>$LOGFILE
tail -n 20 /tmp/zws/ntpdate.log >> $LOGFILE
echo >> $LOGFILE

echo "#####################################################">> $LOGFILE
echo "#######                ACL check                  ##################">> $LOGFILE
echo "#####################################################">> $LOGFILE
echo "##allow Check" >>$LOGFILE
cat /etc/hosts.allow | grep -v ^# | grep -v ^$>> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##deny Check" >>$LOGFILE
cat /etc/hosts.deny | grep -v ^#  | grep -v ^$>> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##inetd.sec Check" >>$LOGFILE
cat /var/adm/inetd.sec | grep -v ^#  | grep -v ^$>> $LOGFILE
echo >> $LOGFILE
#ipfstat -io>> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/hosts.allow ]
        then
                if [ `ls -alL /etc/hosts.allow | grep "...-.--.--.*.*" | wc -l` -eq 1 ]
                then
                 echo "##/etc/hosts.allow perm ok " >> $LOGFILE
                else
                 echo "##/etc/hosts.allow perm reset " >> $LOGFILE
                 chmod 644 /etc/hosts.allow >> $LOGFILE
                fi
                if [ `ls -ld /etc/hosts.allow | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/hosts.allow root ok " >> $LOGFILE
                else
                 echo "##/etc/hosts.allow root reset " >> $LOGFILE
                 chown root /etc/hosts.allow >> $LOGFILE
                fi
        else
                echo "##/etc/hosts.allow NOT Found" >> $LOGFILE
fi
echo >> $LOGFILE

if [ -f /etc/hosts.deny ]
        then
                if [ `ls -alL /etc/hosts.deny | grep "...-.--.--.*.*" | wc -l` -eq 1 ]
                then
                 echo "##/etc/hosts.deny perm ok " >> $LOGFILE
                else
                 echo "##/etc/hosts.deny perm reset " >> $LOGFILE
                 chmod 644 /etc/hosts.deny >> $LOGFILE
                fi
                if [ `ls -ld /etc/hosts.deny | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/hosts.deny root ok " >> $LOGFILE
                else
                 echo "##/etc/hosts.deny root reset " >> $LOGFILE
                 chown root /etc/hosts.deny >> $LOGFILE
                fi
        else
                echo "##/etc/hosts.deny NOT Found" >> $LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "   #####################################################">> $LOGFILE
echo "1. #######UID, GID 0-99             ##################">> $LOGFILE
echo "   사용자 계정 UDI,GID 값이 정상 할당 되었는가?                                ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
cat /etc/passwd >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##passwd Check" >>$LOGFILE
cat /etc/passwd | grep ~2019>> $LOGFILE
cat /etc/passwd | grep ~2020>> $LOGFILE
echo >> $LOGFILE

echo "####### group check               ##################">> $LOGFILE
echo "##group id 1000 Check" >>$LOGFILE
cat /etc/group | grep ^user >> $LOGFILE
echo >> $LOGFILE
echo "##delete group Check" >>$LOGFILE
Def_group="tty uucp smbnull "
for check in $Def_group
do
        if [ `cat /etc/group | grep ^$check: | awk -F: '{print $1}' | wc -l ` -gt 0 ]
        then
        echo "## Default group exist : $check" >> $LOGFILE
        groupdel $check >> $LOGFILE
        echo "##group $check delete " >> $LOGFILE
        fi
done

echo >> $LOGFILE
echo "##group id 20 Check" >>$LOGFILE
cat /etc/passwd | grep :20:>> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "   #####################################################">> $LOGFILE
echo "2. #######UID, GID 0   -> Only root   #########################">> $LOGFILE
echo "   root 계정 외에 UID GID 가 0인 계정이 없는가?                                ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
cat /etc/passwd | grep :0:>> $LOGFILE
echo >> $LOGFILE

echo "   #####################################################">> $LOGFILE
echo "3. ####### Default ID Delete   ###############################">> $LOGFILE
echo "   디폴트 시스템 계정을 제거 하였는가?                                ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "   ##Default ID check           ################################">> $LOGFILE

Def_ID="adm lp uucp nuucp sync shutdown halt news operator games gopher nfsnobody squid hpdb smbnull iwww owww "
for check in $Def_ID
do
        if [ `cat /etc/passwd | grep ^$check: | awk -F: '{print $1}' | wc -l ` -gt 0 ]
        then
        echo "## Default ID exist : $check" >> $LOGFILE
        userdel $check >> $LOGFILE
        echo "##user $check delete " >> $LOGFILE
        fi
done

echo >> $LOGFILE
echo "##test id Check" >>$LOGFILE
cat /etc/passwd | grep test >> $LOGFILE
cat /etc/passwd | grep ^dev >> $LOGFILE
echo >> $LOGFILE

echo >> $LOGFILE
echo "##Shell nologin, false Check " >>$LOGFILE
cat /etc/passwd | grep -v /sbin/nologin | grep -v /bin/false | grep -v ndkdn | grep -v nddev | grep -v bonsa >> $LOGFILE
echo >> $LOGFILE

echo "##change /sbin/nologin" >>$LOGFILE
Def_nologin="opc_op cimsrvr sfmdb hpsmh"
for check in $Def_nologin
do
        if [ `cat /etc/passwd | grep -v /sbin/nologin | grep -v /bin/false | grep ^$check: | awk -F: '{print $1}'  | wc -l ` -gt 0 ]
        then
        echo "## Default user login exist : $check" >> $LOGFILE
        usermod -s /sbin/nologin $check >> $LOGFILE 2>&1
        echo "##user  $check nologin configured" >> $LOGFILE
        fi
done

echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "   #####################################################">> $LOGFILE
echo "4. ####### login fail 5 count            #########################">> $LOGFILE
echo "   로그인 실패 횟수를 제한하였는가?                                ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "##/etc/default/security Check" >>$LOGFILE
grep -v ^# /etc/default/security | grep -v ^$ | grep AUTH_MAXTRIES>> $LOGFILE
echo >> $LOGFILE
echo "##trustmode u_maxtries#5 Check" >>$LOGFILE
cat /tcb/files/auth/system/default | grep u_maxtries >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ -f /tcb/files/auth/system/default ] ; then
        grep -i u_maxtries /tcb/files/auth/system/default | awk -F: '{print $4}' >> $LOGFILE
        grep -i u_maxtries /tcb/files/auth/system/default | awk -F: '{print $5}' >> $LOGFILE
        else
        echo "## No Trusted Mode. ">> $LOGFILE
fi

echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "5. ####### hosts perm 644(444),root || 600 check      #############">> $LOGFILE
echo "   /etc/hosts 파일에 대하여 600 권한을 설정하였는가?                                ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
ls -la /etc/hosts>> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/hosts ]
        then
                if [ `ls -alL /etc/hosts | grep "...-.--.--.*.*" | wc -l` -eq 1 ]
                then
                 echo "##/etc/hosts perm ok " >> $LOGFILE
                else
                 echo "##/etc/hosts perm reset " >> $LOGFILE
                 chmod 644 /etc/hosts >> $LOGFILE
                fi
                if [ `ls -ld /etc/hosts | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/hosts root ok " >> $LOGFILE
                else
                 echo "##/etc/hosts root reset " >> $LOGFILE
                 chown root /etc/hosts >> $LOGFILE
                fi
        else
                echo "##/etc/hosts NOT Found" >> $LOGFILE
fi
echo >> $LOGFILE

 

echo "####### syslog.conf perm 644(444),root   ##################">> $LOGFILE
ls -la /etc/syslog.conf>> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/syslog.conf ]
        then
                if [ `ls -alL /etc/syslog.conf | grep "...-.--.--" | wc -l` -eq 1 ]
                then
                 echo "##/etc/syslog.conf perm ok" >> $LOGFILE
                else
                 echo "##/etc/syslog.conf perm reset" >> $LOGFILE
                 chown 644 /etc/syslog.conf >> $LOGFILE
                fi
                if [ `ls -ld /etc/syslog.conf | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/syslog.conf root ok " >> $LOGFILE
                else
                 echo "##/etc/syslog.conf root reset " >> $LOGFILE
                 chown root /etc/syslog.conf >> $LOGFILE
                fi

        else
                echo "##/etc/syslog.conf Not Found" >> $LOGFILE
fi
echo >> $LOGFILE


echo "####### services perm 644,root            ##################">> $LOGFILE
ls -la /etc/services>> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/services ]
        then
                if [ `ls -alL /etc/services | grep "...-.--.--" | wc -l` -eq 1 ]
                then
                 echo "##/etc/services perm ok" >> $LOGFILE
                else
                 echo "##/etc/services perm reset" >> $LOGFILE
                 chown 644 /etc/services >> $LOGFILE
                fi
                if [ `ls -ld /etc/services | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/services root ok " >> $LOGFILE
                else
                 echo "##/etc/services root reset " >> $LOGFILE
                 chown root /etc/services >> $LOGFILE
                fi
        else
                echo "##/etc/services Not Found" >> $LOGFILE
fi

echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "6. ####### sulog   , su 4750 , root.wheel    #####################">> $LOGFILE
echo "   관리자 계정에 대한 로그인 성공/실패 기록 설정을 하였는가?           ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "##sulog file 20 Line check" >>$LOGFILE
tail -n 30 /var/adm/sulog>> $LOGFILE
echo >> $LOGFILE
echo "##su perm " >>$LOGFILE
ls -la /usr/bin/su >> $LOGFILE
echo >> $LOGFILE
if [ -f /usr/bin/su ]
        then
                if [ `ls -alL /usr/bin/su | grep ".rwsr-x---.*root.*wheel*" | wc -l` -eq 1 ]
                then
                echo "##/usr/bin/su perm ok" >> $LOGFILE
                else
                echo "##/usr/bin/su perm reset" >> $LOGFILE
                chmod 4750 /usr/bin/su >> $LOGFILE
         chown root /usr/bin/su >> $LOGFILE
                chgrp wheel /usr/bin/su >> $LOGFILE
                fi

        else
                echo "##/usr/bin/su Not Found" >> $LOGFILE
fi
echo >> $LOGFILE

echo "##syslog.conf check" >>$LOGFILE
grep auth /etc/syslog.conf >> $LOGFILE 2>&1
echo >> $LOGFILE

#if [ `cat /etc/syslog.conf  | grep auth | wc -l` -gt 1 ] ; then
#       echo " syslog auth setting ok " >>$LOGFILE
#        echo "" >>$LOGFILE
#        cat /etc/syslog.conf  | grep auth >>$LOGFILE
#        else
#        if [ ! -d /var/log/sulog ] ; then
#        mkdir -p /var/log/sulog
#        echo "/var/log/sulog directory create" >>$LOGFILE
#        fi
#        echo "" >>$LOGFILE
#        echo "auth.notice   /var/log/sulog/syslog.log" >> /etc/syslog.conf
#        echo "" >>$LOGFILE
#        /sbin/init.d/syslogd stop >>$LOGFILE
#        /sbin/init.d/syslogd start >>$LOGFILE
#        echo " notice syslog reconfigured " >>$LOGFILE
#fi

echo "##last -R| head -n 30" >>$LOGFILE
last -R| head -n 30 >>$LOGFILE

echo "" >>$LOGFILE
echo "" >>$LOGFILE
echo "" >>$LOGFILE
echo "   #####################################################">> $LOGFILE
echo "7. #######  network daemon 644(555) g-w, o-w #################">> $LOGFILE
echo "   네트워크 서비스 데몬 권한을 755 이하로 설정하였는가?           ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo >> $LOGFILE
ls -la /sbin/init.d/*>> $LOGFILE
echo >> $LOGFILE
if [ `find /sbin/init.d/ \( -perm -g+w -o -perm -o+w \) -print | wc -l` -eq 0 ]
        then
        echo "##Network Daemon Perm 755 ok " >> $LOGFILE
        else
        echo "##Network Daemon Perm reset  " >> $LOGFILE
        find /sbin/init.d/ \( -perm -g+w -o -perm -o+w \) -print >> $LOGFILE
        find /sbin/init.d/ \( -perm -g+w -o -perm -o+w \) -exec  chmod 755 {} \; >> $LOGFILE
fi
echo "" >>$LOGFILE
ls -la /usr/sbin/inetd  >>$LOGFILE
if [ -f /usr/sbin/inetd ]
        then
                if [ `ls -alL /usr/sbin/inetd |  grep ".....-..-." | wc -l` -eq 1 ]
                then
                 echo "##/usr/sbin/inetd perm ok" >> $LOGFILE
                else
                 echo "##/usr/sbin/inetd perm reset" >> $LOGFILE
                 chown 755 /usr/sbin/inetd >> $LOGFILE
                fi
                if [ `ls -ld /usr/sbin/inetd | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/usr/sbin/inetd root ok " >> $LOGFILE
                else
                 echo "##/usr/sbin/inetd root reset " >> $LOGFILE
                 chown root /usr/sbin/inetd >> $LOGFILE
                fi
        else
                echo "##/usr/sbin/inetd Not Found" >> $LOGFILE
fi

echo "" >>$LOGFILE
echo "" >>$LOGFILE
echo "" >>$LOGFILE

 

echo "   #####################################################">> $LOGFILE
echo "8. #######  Password  check (OTP config check 참고)) #############">> $LOGFILE
echo "   안전한 비밀번호 설정(9자리이상, 숫자, 영문자, 특수문자 혼용,정기적변경) 이 되었는가?">> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo >> $LOGFILE

echo >> $LOGFILE
grep -v ^# /etc/default/security | grep -v ^$ | grep PASSWORD >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "   #####################################################">> $LOGFILE
echo "9., 10. #######  passwd 644,root shadow 400,root ###############">> $LOGFILE
echo "   패스워드 관리 시스템 파일의 소유자를 슈퍼관리자로 지정하였는가?">> $LOGFILE
echo "   패스워드 관리 시스템 파일은 슈퍼관리자만 수정 가능한가?">> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo >> $LOGFILE
ls -la /etc/passwd>> $LOGFILE
if [ -f /etc/passwd ]
        then
                if [ `ls -alL /etc/passwd | grep "...-.--.--" | wc -l` -eq 1 ]
                then
                 echo "##/etc/passwd perm ok" >> $LOGFILE
                else
                 echo "##/etc/passwd perm reset" >> $LOGFILE
                 chown 644 /etc/passwd >> $LOGFILE
                fi
                if [ `ls -ld /etc/passwd | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/passwd root ok " >> $LOGFILE
                else
                 echo "##/etc/passwd root reset " >> $LOGFILE
                 chown root /etc/passwd >> $LOGFILE
                fi

        else
                echo "##/etc/passwd Not Found" >> $LOGFILE
fi
echo >> $LOGFILE
ls -la /etc/shadow>> $LOGFILE 2>&1
if [ -f /etc/shadow ]
        then
                if [ `ls -alL /etc/shadow | grep "..--------" | wc -l` -eq 1 ]
                then
                 echo "##/etc/shadow perm ok" >> $LOGFILE
                else
                 echo "##/etc/shadow perm reset" >> $LOGFILE
                 chown 400 /etc/shadow >> $LOGFILE
                fi
                if [ `ls -ld /etc/shadow | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/shadow root ok " >> $LOGFILE
                else
                 echo "##/etc/shadow root reset " >> $LOGFILE
                 chown root /etc/shadow >> $LOGFILE
                fi

        else
                echo "##/etc/shadow Not Found" >> $LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo "##trustmode auth directory 400 check" >>$LOGFILE
ls -ld /tcb/files/auth >> $LOGFILE 2>&1
echo >> $LOGFILE

echo "#######  trustmode  root check                 ##################">> $LOGFILE
ls -la /tcb/files/auth/r/root>> $LOGFILE 2>&1
cat /tcb/files/auth/r/root>> $LOGFILE 2>&1
/usr/lbin/getprdef -r>> $LOGFILE 2>&1
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "11. #######  remote shell check            #######################">> $LOGFILE
echo "   원격 로그인 또는 원격 쉘 등이 사용 불가로 설정되었는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo >> $LOGFILE
echo "##inetd.conf # check" >>$LOGFILE
grep rlogind /etc/inetd.conf>> $LOGFILE
echo >> $LOGFILE
echo "##hosts.equiv exist check" >>$LOGFILE
ls -la /etc/hosts.equiv >> $LOGFILE 2>&1
if [ -f /etc/hosts.equiv ]
then
                if [ `ls -alL /etc/hosts.equiv | grep ".r.-------.*root.*" | wc -l` -eq 1 ]
                        then
                                echo "##/etc/hosts.equiv perm ok" >> $LOGFILE
                        else
                                echo "##/etc/hosts.equiv perm reset" >> $LOGFILE
                                chown root:root /etc/hosts.equiv >> $LOGFILE
                                chmod 400 /etc/hosts.equiv >> $LOGFILE
                fi

else
        echo "##/etc/hosts.equiv file Not Found is ok" >> $LOGFILE
fi
echo >> $LOGFILE

echo "##/home at .rhosts exist check" >>$LOGFILE
ls -la /home/*/.rhosts >> $LOGFILE 2>&1

HOMEDIRS=`cat /etc/passwd | awk -F":" 'length($6) > 0 {print $6}' | sort -u`
for dir in $HOMEDIRS
do

if [ -f $dir/.rhosts ]
        then
        ls -la $dir/.rhosts >> $LOGFILE
        echo "## Delete file $dir/.rhosts " >> $LOGFILE
        rm -rf $dir/.rhosts >> $LOGFILE
#       else
#       echo " .rhosts file not found "
fi
if [ -f $dir/.netrc ]
        then
        ls -la $dir/.netrc >> $LOGFILE
        echo "## Delete file $dir/.netrc " >> $LOGFILE
        rm -rf $dir/.netrc >> $LOGFILE
#       else
#       echo " .netrc file not found "
fi

done

echo >> $LOGFILE
echo "##remshd # check" >>$LOGFILE
grep remshd /etc/inetd.conf>> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo >> $LOGFILE
echo "##PermitRootLogin no Check" >>$LOGFILE
grep PermitRootLogin /opt/ssh/etc/sshd_config >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/securetty ] ; then
        if [ `grep console /etc/securetty  | wc -l` -eq 1 ] ; then
                echo "##/etc/securetty set ok " >> $LOGFILE
                else
                #echo "console" >> /etc/securetty >>$LOGFILE
                echo "console" > /etc/securetty
                echo "##/etc/securetty reconfigure ok " >> $LOGFILE
        fi
        else
        touch /etc/securetty >>$LOGFILE
        cat "console" > /etc/securetty >>$LOGFILE
        echo "##/etc/securetty create and reconfigure ok " >> $LOGFILE
fi
echo ""  >> $LOGFILE
echo ""  >> $LOGFILE

#if [ `grep "PermitRootLogin" /opt/ssh/etc/sshd_config | grep -v \# | grep no | wc -l`  -eq 1 ]
#        then
#        echo "##sshd_config PermitRootLogin no set ok" >> $LOGFILE
#        else
#        echo "PermitRootLogin no" >> /opt/ssh/etc/sshd_config
#        /sbin/init.d/secsh stop >> $LOGFILE
#        /sbin/init.d/secsh start >> $LOGFILE
#        echo "##sshd_config PermitRootLogin no set reconfigured" >> $LOGFILE
#fi
echo ""  >> $LOGFILE
echo ""  >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "12. ####### inetd 600,root  rpc stop      #######################">> $LOGFILE
echo "   불필요한 네트워크 서비스 제거 되었는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo >> $LOGFILE
ls -la /etc/inetd.conf >> $LOGFILE
if [ -f /etc/inetd.conf  ]
        then
                if [ `ls -alL /etc/inetd.conf  | grep "...-------" | wc -l` -eq 1 ]
                then
                 echo "##/etc/inetd.conf  perm ok" >> $LOGFILE
                else
                 echo "##/etc/inetd.conf  perm reset" >> $LOGFILE
                 chown 600 /etc/inetd.conf  >> $LOGFILE
                fi
                if [ `ls -ld /etc/inetd.conf  | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/inetd.conf  root ok " >> $LOGFILE
                else
                 echo "##/etc/inetd.conf  root reset " >> $LOGFILE
                 chown root /etc/inetd.conf  >> $LOGFILE
                fi

        else
                echo "##/etc/inetd.conf  Not Found">> $LOGFILE
fi
echo >> $LOGFILE
echo "##inetd.conf rpc config set check" >>$LOGFILE
cat /etc/inetd.conf | grep -v ^# | grep -v ^$>> $LOGFILE
echo >> $LOGFILE
echo "##rpcinfo check" >>$LOGFILE
rpcinfo -p 127.0.0.1 >> $LOGFILE 2>&1
echo >> $LOGFILE
netstat -na | grep LISTEN | grep ".512 " >> $LOGFILE
netstat -na | grep LISTEN | grep ".513 " >> $LOGFILE
netstat -na | grep LISTEN | grep ".514 " >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "13. #######    Ftp , 텔넷  check                         ################">> $LOGFILE
echo "   암호화 기능이 없는 프로토콜 사용 여부">> $LOGFILE
echo "   익명 FTP 사용을 제한 하였는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo >> $LOGFILE

netstat -na | grep ".23 " >> $LOGFILE
echo >> $LOGFILE
netstat -na | grep ".22 ">> $LOGFILE
echo >> $LOGFILE
netstat -na | grep ".49110 " >> $LOGFILE

echo >> $LOGFILE

echo >> $LOGFILE

netstat -na | grep ".29119 " >> $LOGFILE
echo >> $LOGFILE
netstat -na | grep ".21 ">> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo >> $LOGFILE
echo >> $LOGFILE
grep ftp /etc/inetd.conf | grep -v ^# >> $LOGFILE
echo >> $LOGFILE
ps -ef | grep ftp >> $LOGFILE
echo >> $LOGFILE
grep ftp /etc/passwd >> $LOGFILE  ##HIWARE run check
echo >> $LOGFILE
grep anonymous /etc/passwd >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE


echo "    #####################################################">> $LOGFILE
echo "15. ####### find /home .netrc     /로는 시간 많이 걸림           #######">> $LOGFILE
echo "   자동으로 FTP에 로그인을 허용하는 .netrc 파일을 제거하였는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
find /home -name .netrc>> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
LISTHOME=`cat /etc/passwd | awk -F: '{ print $6 }' | grep -v /home | grep /.`
for check in $LISTHOME
do
        if [ -d $check ]
            then
         find $check -name .netrc >>   $LOGFILE
        fi
done
echo >> $LOGFILE
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "16. ####### inetd running (퍼미션은 12번 참고)  #################">> $LOGFILE
echo "   inetd/xinetd 가 불필요한 경우 비활성화 되어 있는?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
ps -ef | grep inetd | grep -v grep >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
grep -v ^# /etc/inetd.conf | grep -v ^$ >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
if [ `grep -v ^# /etc/inetd.conf | grep -v ^$ | wc -l`  -eq 0 ]
        then
        inetd -k
        echo "##inetd is killed and OS reboot after is starting " >> $LOGFILE
        else
        echo "##inetd running " >> $LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "17. ####### last  20  Line      , ACL check 참고  ##################">> $LOGFILE
echo "   지정된 IP외의 주소에서 FTP, 텔넷으로 접속한 이력이 없는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
last -R | head -n 20>> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "18. ####### Cron 640,root                 ##################">> $LOGFILE
echo "   Cron 파일 소유자 및 권한 설정을 점검, 조치하였는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
#ls -laR /var/spool/cron>> $LOGFILE
echo >> $LOGFILE
ls -la /var/adm/cron/*.allow>> $LOGFILE 2>&1
echo >> $LOGFILE
ls -la /var/adm/cron/*.deny>> $LOGFILE 2>&1
echo >> $LOGFILE
cat /var/adm/cron/*.allow>> $LOGFILE 2>&1
echo >> $LOGFILE
cat /var/adm/cron/*.deny>> $LOGFILE 2>&1
echo >> $LOGFILE
if [ -f /var/adm/cron/cron.allow  ]
        then
                if [ `ls -alL /var/adm/cron/cron.allow  | grep "...-.-----" | wc -l` -eq 1 ]
                then
                 echo "##/var/adm/cron/cron.allow  perm ok" >>$LOGFILE
                else
                 echo "##/var/adm/cron/cron.allow  perm reset" >>$LOGFILE
                 chmod 640 /var/adm/cron/cron.allow  >>$LOGFILE
                fi
                if [ `ls -ld /var/adm/cron/cron.allow  | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/var/adm/cron/cron.allow  root ok " >>$LOGFILE
                else
                 echo "##/var/adm/cron/cron.allow  root reset " >>$LOGFILE
                 chown root:root /var/adm/cron/cron.allow  >>$LOGFILE
                fi

        else
                echo "##/var/adm/cron/cron.allow  Not Found" >>$LOGFILE
fi
echo >> $LOGFILE
if [ -f /var/adm/cron/cron.deny  ]
        then
                if [ `ls -alL /var/adm/cron/cron.deny  | grep "...-.-----" | wc -l` -eq 1 ]
                then
                 echo "##/var/adm/cron/cron.deny  perm ok" >>$LOGFILE
                else
                 echo "##/var/adm/cron/cron.deny  perm reset" >>$LOGFILE
                 chown 640 /var/adm/cron/cron.deny  >>$LOGFILE
                fi
                if [ `ls -ld /var/adm/cron/cron.deny  | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/var/adm/cron/cron.deny  root ok " >>$LOGFILE
                else
                 echo "##/var/adm/cron/cron.deny  root reset " >>$LOGFILE
                 chown root /var/adm/cron/cron.deny >>$LOGFILE
                fi

        else
                echo "##/var/adm/cron/cron.deny  Not Found" >>$LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "19. ####### Snmp                          #########################">> $LOGFILE
echo "   디폴트 SNMP 커뮤니티 스트링 값을 변경 제거 하였는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo >> $LOGFILE
echo "##Process check" >>$LOGFILE
ps -ef | grep snmp | grep -v grep>> $LOGFILE
echo >> $LOGFILE
echo "##start shell check" >>$LOGFILE
cat /etc/rc.config.d/Snmp* |grep _START= | grep -v ^#>> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/SnmpAgent.d/snmpd.conf  ]
        then
        echo "##community check" >>$LOGFILE
        cat /etc/SnmpAgent.d/snmpd.conf | grep community-name: | grep -v ^#>> $LOGFILE
        mv /etc/SnmpAgent.d/snmpd.conf /etc/SnmpAgent.d/snmpd.conf.org
fi
echo "##Listen check" >>$LOGFILE
netstat -na | grep .161 >> $LOGFILE
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "20. ####### SecureShell version                   ##################">> $LOGFILE
echo "   최신 버전의 SSH 사용하는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo >> $LOGFILE

if [ $VER = B.11.31 ] ; then
        swlist SecureShell >> $LOGFILE
        swlist Secure_Shell >> $LOGFILE
fi
if [ $VER = B.11.23 ] ; then
        swlist T1471AA >> $LOGFILE
fi
if [ $VER = B.11.11 ] ; then
        swlist T1471AA >> $LOGFILE
fi

echo >> $LOGFILE
openssl version>> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
ls -la /etc/hosts>> $LOGFILE 2>&1

echo >> $LOGFILE


echo "    #####################################################">> $LOGFILE
echo "21. 22. #######        ndd check                    ##################">> $LOGFILE
echo "   IP 포워딩을 비활성화 하였는가?">> $LOGFILE
echo "   패킷 재전송 설정 비활성화 하였는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo "##ip_forwarding check" >>$LOGFILE
ndd -get /dev/ip ip_forwarding>> $LOGFILE
echo >> $LOGFILE
echo "##ip_forward_src_routed check" >>$LOGFILE
ndd -get /dev/ip ip_forward_src_routed>> $LOGFILE
echo >> $LOGFILE
echo "##ip_respond_to_echo_broadcast check" >>$LOGFILE
ndd -get /dev/ip ip_respond_to_echo_broadcast>> $LOGFILE
echo >> $LOGFILE
echo "##ip_forward_directed_broadcasts check" >>$LOGFILE
ndd -get /dev/ip ip_forward_directed_broadcasts>> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##nddconf all show check" >>$LOGFILE
cat /etc/rc.config.d/nddconf | grep -v ^# >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "####### etc1 system check  ##################">> $LOGFILE
echo "############################################">> $LOGFILE

echo "#######/home .profile perm g-w, o-w                 ##################">> $LOGFILE
echo >> $LOGFILE
find /home/*/ -name .profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -print >> $LOGFILE 2>&1
find /home/*/ -name .bash_profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -print >>$LOGFILE 2>&1
find /home/*/ -name .*rc \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -print >>$LOGFILE 2>&1
find /home/*/ -name .login \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -print >>$LOGFILE 2>&1
find /home/*/ -name .profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \; >> $LOGFILE 2>&1
find /home/*/ -name .bash_profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \;  >>$LOGFILE 2>&1
find /home/*/ -name .*rc \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \;  >>$LOGFILE 2>&1
find /home/*/ -name .login \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \; >>$LOGFILE 2>&1

echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "####### Warm Message (/etc/motd)    ##################">> $LOGFILE
cat /etc/motd  >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "####### automount stop                   ##################">> $LOGFILE
ps -ef | grep automount |grep -v grep >> $LOGFILE
echo >> $LOGFILE
grep AUTOFS= /etc/rc.config.d/nfsconf  >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "####### hosts.lpd 600,root                 ##################">> $LOGFILE
ls -la /etc/hosts.lpd>> $LOGFILE 2>&1
echo >> $LOGFILE
if [ -f /etc/hosts.lpd  ]
        then
                if [ `ls -alL /etc/hosts.lpd  | grep "...-------" | wc -l` -eq 1 ]
                then
                 echo "##/etc/hosts.lpd  perm ok"
                else
                 echo "##/etc/hosts.lpd  perm reset"
                 chown 600 /etc/hosts.lpd
                fi
                if [ `ls -ld /etc/hosts.lpd  | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/hosts.lpd  root ok "
                else
                 echo "##/etc/hosts.lpd  root reset "
                 chown root /etc/hosts.lpd
                fi

        else
                echo "##/etc/hosts.lpd  Not Found"   >>$LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "####### TMOUT 600, umask (0)022     ##################">> $LOGFILE
echo "##/etc/profile check" >>$LOGFILE
echo >> $LOGFILE
echo "##TMOUT at profile" >>$LOGFILE
grep TMOUT /etc/profile>> $LOGFILE
echo >> $LOGFILE
echo "##UMASK at profile" >>$LOGFILE
grep UMASK /etc/profile>> $LOGFILE
echo >> $LOGFILE
echo "##umask config" >>$LOGFILE
grep umask /etc/profile>> $LOGFILE
echo "##umask setting">> $LOGFILE
umask >> $LOGFILE
if [ `umask` -eq  022 ] ; then
        echo "## UMASK set ok " >> $LOGFILE
        else
        echo " umask 022" >> /etc/profile
        echo "UMASK=0022" >> /etc/default/security
        echo "## UMASK 0022 Set" >> $LOGFILE
fi


echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##/home at -nouser -o -nogroup check autorun chgrp user, chown root" >>$LOGFILE
#find /home \( -nouser -o -nogroup \) -xdev -exec ls -la {} \; 2> /dev/null >> $LOGFILE
#find /home \( -nouser -o -nogroup \) -xdev -exec chown root:root {} \; 2> /dev/null >> $LOGFILE
find /home -nouser -xdev -exec ls -la {} \; 2> /dev/null >> $LOGFILE
find /home -nouser -xdev -exec chown root {} \; 2> /dev/null >> $LOGFILE
find /home -nogroup -xdev -exec ls -la {} \; 2> /dev/null >> $LOGFILE
find /home -nogroup -xdev -exec chgrp user {} \; 2> /dev/null >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##/home at setuid , getgid check if exist require delete file" >>$LOGFILE
echo "##/home at perm -04000 -o -perm -02000 check" >>$LOGFILE
find /home -type f \( -perm -04000 -o -perm -02000 \) -exec ls -la {} \; 2> /dev/null >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "##/home at world write file check autorun chmod o-w" >>$LOGFILE
find /home -type f -perm 2 -exec ls -la {} \; 2> /dev/null >> $LOGFILE
find /home -type f -perm 2 -exec chmod o-w {} \; 2> /dev/null >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

find /home -type d -perm 777 -exec ls -la {} \; 2> /dev/null >> $LOGFILE
find /home -type d -perm 777 -exec chmod o-w {} \; 2> /dev/null >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##/dev at device file check if exist require delete file" >>$LOGFILE
find /dev -type -f -exec ls -la {} \; 2> /dev/null >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

 

echo "############################################">> $LOGFILE
echo "####### system info   ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##nwmgr " >>$LOGFILE
nwmgr >>  $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##netstat -in " >>$LOGFILE
netstat -in >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##netstat -rn " >>$LOGFILE
netstat -rn >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##bdf " >>$LOGFILE
bdf >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##netstat -na " >>$LOGFILE
netstat -na >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##ps -ef " >>$LOGFILE
ps -ef >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

 

 

위로