국정원,산자부 서버 취약점 점검 스크립트 - Linux - 2021
아래 스크립트는 필자가 만든 스크립트입니다.
국정원이나 산자부 보안점검 대비 OS를 체크하기 위한 스크립트로
매우 주관적으로 만든 것이니 참고만 하시기 바랍니다.
첨부 되어 있습니다.
다운 받은뒤 .txt 확장자를 빼고 실행하면 됩니다.
Linux_2021.sh
#!/bin/sh
# NISK(National Intelligence Service Korea) Base Security Check Script for KookJung
# Edit by Guppy in 2021
# for Linux
LANG=C
DATE=`date +%Y%m%d%H%M`
DAY=`date +%m/%d/%Y`
LOGFILE=`hostname`_$DATE.txt
Kernel=`uname -r | awk '{ print substr($0,1,6);}'`
# Kernel Version Sample
# RHEL 2.1 = 2.4.9-
# RHEL 3.X = 2.4.21
# RHEL 4.X = 2.6.9-
# RHEL 5.X = 2.6.18
# RHEL 6.X = 2.6.32
# RHEL 7.X = 3.10.0
# RHEL 8.X = 4.18.0
# SUSE 11.X = 4.4.16
OS=`uname -s`
VER=`uname -r`
CURR="Linux"
if [ $OS != $CURR ] ; then
echo " This Version OS is Not RUN !! "
exit
fi
echo $DAY > $LOGFILE
echo $Kernel >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "#######OTP Setting check ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo >> $LOGFILE
grep /etc/pam_radius_auth.conf /etc/pam.d/su >> $LOGFILE 2>&1
echo >> $LOGFILE
grep /etc/pam_radius_auth.conf /etc/pam.d/sshd >> $LOGFILE 2>&1
echo >> $LOGFILE
cat /etc/pam_radius_auth.conf >> $LOGFILE 2>&1
echo >> $LOGFILE
grep -v ^# /etc/ssh/sshd_config | grep PAM >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################" >> $LOGFILE
echo "#######ftp , 텔넷 check ##################" >> $LOGFILE
echo "############################################" >> $LOGFILE
echo "##Process Check" >>$LOGFILE
ps -ef | grep ftp | grep -v grep >> $LOGFILE
echo >> $LOGFILE
echo "##xinetd daemon Check" >>$LOGFILE
grep ftp /etc/xinetd.d/* >> $LOGFILE 2>&1
echo >> $LOGFILE
grep te*net /etc/xinetd.d/* >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
echo "##xferlog Check" >>$LOGFILE
tail -n 20 /var/log/xferlog >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
systemctl list-unit-files | grep ftp >> $LOGFILE 2>&1
echo >> $LOGFILE
systemctl list-unit-files | grep te*net >> $LOGFILE 2>&1
fi
echo "############################################">> $LOGFILE
echo "####### ssh port 49110 ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##Port Check" >>$LOGFILE
grep Port /etc/ssh/sshd_config >> $LOGFILE
echo "##PermitRootLogin no Check" >>$LOGFILE
grep PermitRootLogin /etc/ssh/sshd_config >> $LOGFILE
echo >> $LOGFILE
echo "##49110 port Check" >>$LOGFILE
netstat -na | grep 49110 >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/securetty ] ; then
if [ `grep pts /etc/securetty | wc -l` -eq 0 ] ; then
echo "##/etc/securetty set ok " >> $LOGFILE
else
echo "##/etc/securetty pts delete configure require " >> $LOGFILE
fi
else
# touch /etc/securetty >>$LOGFILE
# cat "tty1" > /etc/securetty
echo "##/etc/securetty create and reconfigure require " >> $LOGFILE
fi
echo "" >> $LOGFILE
echo "" >> $LOGFILE
if [ `grep "PermitRootLogin" /etc/ssh/sshd_config | grep -v \# | grep no | wc -l` -eq 1 ]
then
echo "##sshd_config PermitRootLogin no set ok" >> $LOGFILE
else
echo "PermitRootLogin no" >> /etc/ssh/sshd_config
if [ -f /etc/init.d/sshd ] ; then
/etc/init.d/sshd restart >> $LOGFILE 2>&1
else
systemctl restart sshd >> $LOGFILE 2>&1
fi
echo "##sshd_config PermitRootLogin no set reconfigured" >> $LOGFILE
fi
echo "" >> $LOGFILE
echo "" >> $LOGFILE
echo "############################################">> $LOGFILE
echo "####### ntp check ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##crontab Check" >>$LOGFILE
crontab -l | grep ntp >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "##ntp log Check" >>$LOGFILE
tail -n 20 /tmp/zws/ntpdate.log >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "####### ACL check ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##allow Check" >>$LOGFILE
cat /etc/hosts.allow | grep -v ^# | grep -v ^$ >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##deny Check" >>$LOGFILE
cat /etc/hosts.deny | grep -v ^# | grep -v ^$ >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/hosts.allow ]
then
if [ `ls -alL /etc/hosts.allow | grep "...-.--.--.*.*" | wc -l` -eq 1 ]
then
echo "##/etc/hosts.allow perm ok " >> $LOGFILE
else
echo "##/etc/hosts.allow perm reset " >> $LOGFILE
chmod 644 /etc/hosts.allow >> $LOGFILE
fi
if [ `ls -ld /etc/hosts.allow | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/hosts.allow root ok " >> $LOGFILE
else
echo "##/etc/hosts.allow root reset " >> $LOGFILE
chown root /etc/hosts.allow >> $LOGFILE
fi
else
echo "##/etc/hosts.allow NOT Found" >> $LOGFILE
fi
echo >> $LOGFILE
if [ -f /etc/hosts.deny ]
then
if [ `ls -alL /etc/hosts.deny | grep "...-.--.--.*.*" | wc -l` -eq 1 ]
then
echo "##/etc/hosts.deny perm ok " >> $LOGFILE
else
echo "##/etc/hosts.deny perm reset " >> $LOGFILE
chmod 644 /etc/hosts.deny >> $LOGFILE
fi
if [ `ls -ld /etc/hosts.deny | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/hosts.deny root ok " >> $LOGFILE
else
echo "##/etc/hosts.deny root reset " >> $LOGFILE
chown root /etc/hosts.deny >> $LOGFILE
fi
else
echo "##/etc/hosts.deny NOT Found" >> $LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "1. #######UID, GID 0-99 ##################">> $LOGFILE
echo " 사용자 계정 UDI,GID 값이 정상 할당 되었는가? ">> $LOGFILE
echo " #####################################################">> $LOGFILE
cat /etc/passwd >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##passwd Check" >>$LOGFILE
cat /etc/passwd | grep ~2019 >> $LOGFILE
echo >> $LOGFILE
cat /etc/passwd | grep ~2020 >> $LOGFILE
echo >> $LOGFILE
echo "####### group check ##################">> $LOGFILE
echo "##group id 100 Check" >>$LOGFILE
cat /etc/group | grep ^user >> $LOGFILE
echo >> $LOGFILE
echo "##delete group Check" >>$LOGFILE
Def_group="tty uucp smbnull tftp"
for check in $Def_group
do
if [ `cat /etc/group | grep -v /sbin/nologin | grep -v /bin/false | grep ^$check: | awk -F: '{print $1}' | wc -l ` -gt 0 ]
then
echo "## Default group exist : $check" >> $LOGFILE
groupdel $check >> $LOGFILE
echo "## group $check delete " >> $LOGFILE
fi
done
echo >> $LOGFILE
echo "##users 20 Check" >>$LOGFILE
cat /etc/passwd | grep :20:>> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "2. #######UID, GID 0 -> Only root #########################">> $LOGFILE
echo " root 계정 외에 UID GID 가 0인 계정이 없는가? ">> $LOGFILE
echo " #####################################################">> $LOGFILE
cat /etc/passwd | grep :0: >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "3. ####### Default ID Delete ###############################">> $LOGFILE
echo " 디폴트 시스템 계정을 제거 하였는가? ">> $LOGFILE
echo " #####################################################">> $LOGFILE
echo " ##Default ID check ################################">> $LOGFILE
Def_ID="adm lp uucp nuucp sync shutdown halt news operator games gopher nfsnobody squid hpdb smbnull iwww owww tftp ftp anonymouse"
for check in $Def_ID
do
if [ `cat /etc/passwd | grep ^$check: | awk -F: '{print $1}' | wc -l ` -gt 0 ]
then
echo "## Default ID exist : $check" >> $LOGFILE
userdel $check >> $LOGFILE 2>&1
echo "##user $check delete " >> $LOGFILE
fi
done
echo >> $LOGFILE
echo "##test id Check" >>$LOGFILE
cat /etc/passwd | grep test >> $LOGFILE
cat /etc/passwd | grep ^dev >> $LOGFILE
echo >> $LOGFILE
Def_nologin="mysql ssh"
for check in $Def_nologin
do
if [ `cat /etc/passwd | grep -v /sbin/nologin | grep -v /bin/false | grep ^$check: | awk -F: '{print $1}' | wc -l ` -gt 0 ]
then
echo "## Default user login exist : $check" >> $LOGFILE
usermod -s /bin/false $check >> $LOGFILE 2>&1
echo "##user $check nologin configured" >> $LOGFILE
fi
done
echo "##Shell nologin, false Check" >>$LOGFILE
cat /etc/passwd | grep -v /sbin/nologin | grep -v /bin/false | grep -v ndkdn | grep -v nddev | grep -v bonsa >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "4. ####### login fail 5 count #########################">> $LOGFILE
echo " 로그인 실패 횟수를 제한하였는가? ">> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "##/etc/pam.d Check" >>$LOGFILE
grep pam_tally /etc/pam.d/system-auth >> $LOGFILE
ls -la /sbin/pam_tally* >> $LOGFILE 2>&1
ls -la /lib/security/pam_tally*.so >> $LOGFILE 2>&1
ls -la /lib64/security/pam_tally*.so >> $LOGFILE 2>&1
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "5. ####### hosts perm 644(444),root || 600 check #############">> $LOGFILE
echo " /etc/hosts 파일에 대하여 600 권한을 설정하였는가? ">> $LOGFILE
echo " #####################################################">> $LOGFILE
ls -la /etc/hosts >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/hosts ]
then
if [ `ls -alL /etc/hosts | grep "...-.--.--.*.*" | wc -l` -eq 1 ]
then
echo "##/etc/hosts perm ok " >> $LOGFILE
else
echo "##/etc/hosts perm reset " >> $LOGFILE
chmod 644 /etc/hosts >> $LOGFILE
fi
if [ `ls -ld /etc/hosts | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/hosts root ok " >> $LOGFILE
else
echo "##/etc/hosts root reset " >> $LOGFILE
chown root /etc/hosts >> $LOGFILE
fi
else
echo "##/etc/hosts NOT Found" >> $LOGFILE
fi
echo "####### syslog.conf 644(444),root ##################">> $LOGFILE
ls -la /etc/*syslog.conf>> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/syslog.conf ]
then
if [ `ls -alL /etc/syslog.conf | grep "...-.--.--" | wc -l` -eq 1 ]
then
echo "##/etc/syslog.conf perm ok" >> $LOGFILE
else
echo "##/etc/syslog.conf perm reset" >> $LOGFILE
chown 644 /etc/syslog.conf >> $LOGFILE
fi
if [ `ls -ld /etc/syslog.conf | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/syslog.conf root ok " >> $LOGFILE
else
echo "##/etc/syslog.conf root reset " >> $LOGFILE
chown root /etc/syslog.conf >> $LOGFILE
fi
else
echo "##/etc/syslog.conf Not Found" >> $LOGFILE
fi
if [ -f /etc/rsyslog.conf ]
then
if [ `ls -alL /etc/rsyslog.conf | grep "...-.--.--" | wc -l` -eq 1 ]
then
echo "##/etc/rsyslog.conf perm ok" >> $LOGFILE
else
echo "##/etc/rsyslog.conf perm reset" >> $LOGFILE
chown 644 /etc/rsyslog.conf >> $LOGFILE
fi
if [ `ls -ld /etc/rsyslog.conf | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/rsyslog.conf root ok " >> $LOGFILE
else
echo "##/etc/rsyslog.conf root reset " >> $LOGFILE
chown root /etc/rsyslog.conf >> $LOGFILE
fi
else
echo "##/etc/rsyslog.conf Not Found" >> $LOGFILE
fi
echo "####### services 644,root ##################">> $LOGFILE
ls -la /etc/services>> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/services ]
then
if [ `ls -alL /etc/services | grep "...-.--.--" | wc -l` -eq 1 ]
then
echo "##/etc/services perm ok" >> $LOGFILE
else
echo "##/etc/services perm reset" >> $LOGFILE
chown 644 /etc/services >> $LOGFILE
fi
if [ `ls -ld /etc/services | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/services root ok " >> $LOGFILE
else
echo "##/etc/services root reset " >> $LOGFILE
chown root /etc/services >> $LOGFILE
fi
else
echo "##/etc/services Not Found" >> $LOGFILE
fi
echo " #####################################################">> $LOGFILE
echo "6. ####### sulog , su 4750 , root.wheel 17번 last 참고 ##########">> $LOGFILE
echo " 관리자 계정에 대한 로그인 성공/실패 기록 설정을 하였는가? ">> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "##sulog check" >>$LOGFILE
grep sulog /etc/*syslog.conf >>$LOGFILE
CT=`grep sulog /etc/*syslog.conf | wc -l `
echo "">> $LOGFILE
if [ $CT -gt 1 ] ; then
tail -n 10 `grep sulog /etc/*syslog.conf | awk '{print $2}'` >>$LOGFILE 2>&1
fi
echo "##syslog.conf auth check" >>$LOGFILE
grep auth /etc/*syslog.conf >>$LOGFILE
if [ ! -d /var/log/sulogd ] ; then
mkdir -p /var/log/sulogd
touch /var/log/sulogd/sulog.log
echo "## /var/log/sulogd directory create" >>$LOGFILE
fi
if [ -f /etc/login.defs ]; then
if [ `grep SULOG /etc/login.defs | wc -l` -eq 0 ] ; then
echo "SULOG_FILE /var/log/sulogd/sulog.log" >> /etc/login.defs
fi
fi
if [ -f /etc/rsyslog.conf ]
then
if [ `cat /etc/rsyslog.conf | grep authpriv. | wc -l` -gt 0 ] ; then
echo "##syslog authpriv.notice setting ok " >>$LOGFILE
echo "" >>$LOGFILE
else
echo "##authpriv.notice syslog reconfigured " >>$LOGFILE
echo "" >>$LOGFILE
echo "authpriv.* /var/log/sulogd/sulog.log " >> /etc/rsyslog.conf
if [ $Kernel = "2.6.32" ] ; then
service rsyslog restart >>$LOGFILE 2>&1
else
systemctl restart rsyslog.service>>$LOGFILE 2>&1
fi
fi
fi
if [ -f /etc/syslog.conf ]
then
if [ `cat /etc/syslog.conf | grep auth. | wc -l` -gt 0 ] ; then
echo " syslog auth.notice setting ok " >>$LOGFILE
echo "" >>$LOGFILE
else
echo " auth.notice syslog reconfigured " >>$LOGFILE
echo "" >>$LOGFILE
echo "auth.* /var/log/sulogd/sulog.log " >> /etc/syslog.conf
service syslog restart >>$LOGFILE 2>&1
fi
fi
echo >> $LOGFILE
if [ -f /usr/bin/su ]
then
ls -la /usr/bin/su >> $LOGFILE
if [ `ls -alL /usr/bin/su | grep ".rwsr-x---.*root.*wheel*" | wc -l` -eq 1 ]
then
echo "##/usr/bin/su perm ok" >> $LOGFILE
else
echo "##/usr/bin/su perm reset" >> $LOGFILE
chmod 4750 /usr/bin/su >> $LOGFILE
chown root /usr/bin/su >> $LOGFILE
chgrp wheel /usr/bin/su >> $LOGFILE
fi
fi
if [ -f /bin/su ]
then
ls -la /bin/su >> $LOGFILE
if [ `ls -alL /bin/su | grep ".rwsr-x---.*root.*wheel*" | wc -l` -eq 1 ]
then
echo "##/bin/su perm ok" >> $LOGFILE
else
echo "##/bin/su perm reset" >> $LOGFILE
chown root:wheel /bin/su >> $LOGFILE
chmod 4750 /bin/su >> $LOGFILE
fi
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "7. ####### network daemon 644(555) g-w, o-w ##################">> $LOGFILE
echo " 네트워크 서비스 데몬 권한을 755 이하로 설정하였는가? ">> $LOGFILE
echo " #####################################################">> $LOGFILE
ls -la /usr/sbin/xinetd >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ -f /usr/sbin/xinetd ]
then
if [ `ls -alL /usr/sbin/xinetd | grep ".....-..-." | wc -l` -eq 1 ]
then
echo "##/usr/sbin/xinetd perm ok" >> $LOGFILE
else
echo "##/usr/sbin/xinetd perm reset" >> $LOGFILE
chown 755 /usr/sbin/xinetd >> $LOGFILE
fi
if [ `ls -ld /usr/sbin/xinetd | awk '{ print $3 }' ` = "root" ]
then
echo "##/usr/sbin/xinetd root ok " >> $LOGFILE
else
echo "##/usr/sbin/xinetd root reset " >> $LOGFILE
chown root /usr/sbin/xinetd >> $LOGFILE
fi
else
echo "##/usr/sbin/xinetd Not Found" >> $LOGFILE
fi
echo >> $LOGFILE
ls -la /etc/init.d/* >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
if [ `find /etc/init.d/ \( -perm -g+w -o -perm -o+w \) -type f | wc -l` -eq 0 ]
then
echo "##Network Daemon Perm 755 ok " >> $LOGFILE
else
echo "##Network Daemon Perm reset " >> $LOGFILE
find /etc/init.d/ \( -perm -g+w -o -perm -o+w \) -type f -exec ls -la {} \; >> $LOGFILE 2>&1
find /etc/init.d/ \( -perm -g+w -o -perm -o+w \) -type f -exec chmod 644 {} \; >> $LOGFILE 2>&1
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "8. ####### Password check (OTP config check 참고)) #############">> $LOGFILE
echo " 안전한 비밀번호 설정(9자리이상, 숫자, 영문자, 특수문자 혼용,정기적변경) 이 되었는가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
echo >> $LOGFILE
grep -v ^# /etc/login.defs | grep -v ^$ |grep PASS >> $LOGFILE
echo >> $LOGFILE
if [ $Kernel = "2.6.32" ] || [ $Kernel = "2.6.18" ]; then
echo "pam_cracklib.so setting is .. " >> $LOGFILE
grep pam_cracklib.so /etc/pam.d/system-auth >> $LOGFILE
echo >> $LOGFILE
fi
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
echo "pam_pwquality.so setting is .. " >> $LOGFILE
grep pam_pwquality.so /etc/pam.d/system-auth >> $LOGFILE
echo >> $LOGFILE
echo "pwquality.conf setting is .. " >> $LOGFILE
cat /etc/security/pwquality.conf | grep -v ^# >> $LOGFILE
echo >> $LOGFILE
fi
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "9., 10. ####### passwd 644,root shadow 400,root ##################">> $LOGFILE
echo " 패스워드 관리 시스템 파일의 소유자를 슈퍼관리자로 지정하였는가?">> $LOGFILE
echo " 패스워드 관리 시스템 파일은 슈퍼관리자만 수정 가능한가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
ls -la /etc/passwd >> $LOGFILE
if [ -f /etc/passwd ]
then
if [ `ls -alL /etc/passwd | grep "...-.--.--" | wc -l` -eq 1 ]
then
echo "##/etc/passwd perm ok" >> $LOGFILE
else
echo "##/etc/passwd perm reset" >> $LOGFILE
chown 644 /etc/passwd >> $LOGFILE
fi
if [ `ls -ld /etc/passwd | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/passwd root ok " >> $LOGFILE
else
echo "##/etc/passwd root reset " >> $LOGFILE
chown root /etc/passwd >> $LOGFILE
fi
else
echo "##/etc/passwd Not Found" >> $LOGFILE
fi
ls -la /etc/shadow >> $LOGFILE 2>&1
if [ -f /etc/shadow ]
then
if [ `ls -alL /etc/shadow | grep "..--------" | wc -l` -eq 1 ]
then
echo "##/etc/shadow perm ok" >> $LOGFILE
else
echo "##/etc/shadow perm reset" >> $LOGFILE
chown 400 /etc/shadow >> $LOGFILE
fi
if [ `ls -ld /etc/shadow | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/shadow root ok " >> $LOGFILE
else
echo "##/etc/shadow root reset " >> $LOGFILE
chown root /etc/shadow >> $LOGFILE
fi
else
echo "##/etc/shadow Not Found" >> $LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "11. ####### remote shell check / SSH port 설정 참고 ############">> $LOGFILE
echo " 원격 로그인 또는 원격 쉘 등이 사용 불가로 설정되었는가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "##xinetd.conf check" >>$LOGFILE
ls -la /etc/xinetd.d/*login* >>$LOGFILE 2>&1
echo >> $LOGFILE
ls -la /etc/xinetd.d/*rsh* >>$LOGFILE 2>&1
echo >> $LOGFILE
ls -la /etc/xinetd.d/*rexec* >>$LOGFILE 2>&1
echo >> $LOGFILE
find /home -name .rhosts >>$LOGFILE 2>&1
echo >> $LOGFILE
HOMEDIRS=`cat /etc/passwd | awk -F":" 'length($6) > 0 {print $6}' | sort -u`
for dir in $HOMEDIRS
do
if [ -f $dir/.rhosts ]
then
ls -la $dir/.rhosts >> $LOGFILE
echo "## Delete file $dir/.rhosts " >> $LOGFILE
rm -rf $dir/.rhosts >> $LOGFILE
# else
# echo " .rhosts file not found "
fi
if [ -f $dir/.netrc ]
then
ls -la $dir/.netrc >> $LOGFILE
echo "## Delete file $dir/.netrc " >> $LOGFILE
rm -rf $dir/.netrc >> $LOGFILE
# else
# echo " .netrc file not found "
fi
done
echo "##hosts.equiv check" >>$LOGFILE
ls -la /etc/hosts.equiv >>$LOGFILE 2>&1
if [ -f /etc/hosts.equiv ]
then
if [ `ls -alL /etc/hosts.equiv | grep ".r.-------.*root.*" | wc -l` -eq 1 ]
then
echo "##/etc/hosts.equiv perm ok" >> $LOGFILE
else
echo "##/etc/hosts.equiv perm reset" >> $LOGFILE
chown root:root /etc/hosts.equiv >> $LOGFILE
chmod 400 /etc/hosts.equiv >> $LOGFILE
fi
else
echo "##/etc/hosts.equiv file Not Found is ok" >> $LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "12. ####### inetd 600,root rpc stop #######################">> $LOGFILE
echo " 불필요한 네트워크 서비스 제거 되었는가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
runlevel >> $LOGFILE
echo >> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
/bin/systemctl list-unit-files | grep -v disabled >>$LOGFILE 2>&1
else
LANG=C ; chkconfig --list | grep -v `runlevel | awk '{print $2}'`:off >> $LOGFILE 2>&1
fi
echo >> $LOGFILE
if [ -f /etc/xinetd.conf ]
then
ls -la /etc/xinetd.conf >> $LOGFILE
if [ `ls -alL /etc/xinetd.conf | grep "...-------" | wc -l` -eq 1 ]
then
echo "##/etc/xinetd.conf perm ok" >> $LOGFILE
else
echo "##/etc/xinetd.conf perm reset" >> $LOGFILE
chown 600 /etc/xinetd.conf >> $LOGFILE
fi
if [ `ls -ld /etc/xinetd.conf | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/xinetd.conf root ok " >> $LOGFILE
else
echo "##/etc/xinetd.conf root reset " >> $LOGFILE
chown root /etc/xinetd.conf >> $LOGFILE
fi
ls -la /etc/xinetd.d/* >> $LOGFILE
else
echo "##/etc/xinetd.conf Not Found">> $LOGFILE
fi
echo >> $LOGFILE
if [ -f /etc/xinetd.conf ] ; then
echo "##xinetd.conf rpc config set check" >>$LOGFILE
cat /etc/xinetd.conf | grep -v ^# | grep -v ^$>> $LOGFILE 2>&1
echo >> $LOGFILE
fi
netstat -na | grep LISTEN | grep ":512 " >> $LOGFILE
netstat -na | grep LISTEN | grep ":513 " >> $LOGFILE
netstat -na | grep LISTEN | grep ":514 " >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "13. ####### Ftp , 텔넷 check ################">> $LOGFILE
echo " 암호화 기능이 없는 프로토콜 사용 여부">> $LOGFILE
echo " 익명 FTP 사용을 제한 하였는가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" || [ $Kernel = "4.18.0" ] ; then
/bin/systemctl list-unit-files | grep ftp >>$LOGFILE 2>&1
/bin/systemctl list-unit-files | grep te*net >>$LOGFILE 2>&1
else
LANG=C ; chkconfig --list | grep ftp >> $LOGFILE 2>&1
LANG=C ; chkconfig --list | grep te*net >> $LOGFILE 2>&1
fi
echo >> $LOGFILE
echo "##te*net Listen is .. " >> $LOGFILE
grep te*net /etc/init.d/* >> $LOGFILE 2>&1
netstat -na | grep ":23 " >> $LOGFILE
netstat -na | grep ":22 " >> $LOGFILE
netstat -na | grep ":49110 " >> $LOGFILE
echo >> $LOGFILE
echo "## ftp Listen is .. " >> $LOGFILE
ls /etc/init.d/*ftp* >> $LOGFILE 2>&1
netstat -na | grep ":29119 " >> $LOGFILE
netstat -na | grep ":21 " >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/vsftpd/vsftpd.conf ] ; then
if [ `cat /etc/vsftpd/vsftpd.conf | grep -v ^\# | grep anonymous | egrep -v "no|NO"| wc -l ` -eq 0 ]
then
echo "## Anonymous FTP NO Setting" >> $LOGFILE
else
mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org
echo "## Setting File Moved " >> $LOGFILE
fi
else
echo "## /etc/vsftpd/vsftpd.conf file Not Found " >> $LOGFILE
fi
grep ftp /etc/passwd >> $LOGFILE
grep anonymous /etc/passwd >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "15. ####### find /home .netrc /로는 시간 많이 걸림 #######">> $LOGFILE
echo " 자동으로 FTP에 로그인을 허용하는 .netrc 파일을 제거하였는가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
find /home -name .netrc >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
LISTHOME=`cat /etc/passwd | awk -F: '{ print $6 }' | grep -v /home | grep /.`
for check in $LISTHOME
do
if [ -d $check ]
then
find $check -name .netrc >> $LOGFILE
fi
done
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "16. ####### xinetd running (퍼미션은 12번 참고) #################">> $LOGFILE
echo " xinetd 가 불필요한 경우 비활성화 되어 있는?">> $LOGFILE
echo " #####################################################">> $LOGFILE
ps -ef | grep xinetd | grep -v grep >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
grep -v ^# /etc/xinetd.conf | grep -v ^$ >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
#if [ `grep -v ^# /etc/xinetd.conf | grep -v ^$ | wc -l` -eq 0 ]
# then
# /etc/init.d/xinetd stop
# echo "##xinetd is killed and OS reboot after is starting " >> $LOGFILE
# else
# echo "##xinetd running " >> $LOGFILE
#fi
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "17. ####### last 20 Line , ACL check 참고 ##################">> $LOGFILE
echo " 지정된 IP외의 주소에서 FTP, 텔넷으로 접속한 이력이 없는가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
last | head -n 20 >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "18. ####### Cron 640,root ##################">> $LOGFILE
echo " Cron 파일 소유자 및 권한 설정을 점검, 조치하였는가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
#ls -laR /var/spool/cron >> $LOGFILE
echo >> $LOGFILE
#ls -la /etc/cron* >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ -f /etc/cron.allow ]
then
ls -la /etc/cron.allow >>$LOGFILE
if [ `ls -alL /etc/cron.allow | grep "...-.-----" | wc -l` -eq 1 ]
then
echo "##/etc/cron.allow perm ok" >>$LOGFILE
else
echo "##/etc/cron.allow perm reset" >>$LOGFILE
chown 640 /etc/cron.allow >>$LOGFILE
fi
if [ `ls -ld /etc/cron.allow | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/cron.allow root ok " >>$LOGFILE
else
echo "##/etc/cron.allow root reset " >>$LOGFILE
chown root /etc/cron.allow >>$LOGFILE
fi
else
echo "##/etc/cron.allow Not Found" >>$LOGFILE
fi
if [ -f /etc/cron.deny ]
then
ls -la /etc/cron.deny >>$LOGFILE
if [ `ls -alL /etc/cron.deny | grep "...-.-----" | wc -l` -eq 1 ]
then
echo "##/etc/cron.deny perm ok" >>$LOGFILE
else
echo "##/etc/cron.deny perm reset" >>$LOGFILE
chown 640 /etc/cron.deny >>$LOGFILE
fi
if [ `ls -ld /etc/cron.deny | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/cron.deny root ok " >>$LOGFILE
else
echo "##/etc/cron.deny root reset " >>$LOGFILE
chown root /etc/cron.deny >>$LOGFILE
fi
else
echo "##/etc/cron.deny Not Found" >>$LOGFILE
fi
echo " #####################################################">> $LOGFILE
echo "19. ####### Snmp #########################">> $LOGFILE
echo " 디폴트 SNMP 커뮤니티 스트링 값을 변경 제거 하였는가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "##Process check" >>$LOGFILE
ps -ef | grep snmp | grep -v grep >> $LOGFILE
echo >> $LOGFILE
echo "##start shell check" >>$LOGFILE
ls /etc/init.d/*snmp* >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ -f /etc/snmp/snmpd.conf ]
then
echo "##community check" >>$LOGFILE
cat /etc/snmp/snmpd.conf | grep community-name: | grep -v ^#>> $LOGFILE
mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
fi
echo >> $LOGFILE
echo "##Listen check" >>$LOGFILE
netstat -na | grep ":161 " >> $LOGFILE
echo >> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
/bin/systemctl list-unit-files | grep snmp >>$LOGFILE 2>&1
else
LANG=C ; chkconfig --list | grep snmp >> $LOGFILE 2>&1
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "20. ####### SecureShell version ##################">> $LOGFILE
echo " 최신 버전의 SSH 사용하는가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
echo >> $LOGFILE
if [ $Kernel = "4.4.16" ] ; then
rpm -qi openssh >> $LOGFILE 2>&1
else
rpm -qi openssh-server >> $LOGFILE 2>&1
fi
echo >> $LOGFILE
openssl version >> $LOGFILE 2>&1
echo >> $LOGFILE
ps -ef | grep ssh >> $LOGFILE 2>&1
echo >> $LOGFILE
ls -la /etc/hosts >> $LOGFILE 2>&1
echo >> $LOGFILE
echo " #####################################################">> $LOGFILE
echo "21. 22. ####### sysctl check ##################">> $LOGFILE
echo " IP 포워딩을 비활성화 하였는가?">> $LOGFILE
echo " 패킷 재전송 설정 비활성화 하였는가?">> $LOGFILE
echo " #####################################################">> $LOGFILE
echo >> $LOGFILE
sysctl net.ipv4.ip_forward >> $LOGFILE
if [ `sysctl -n net.ipv4.ip_forward` -eq 0 ] ; then
echo "## net.ipv4.ip_forward set ok " >> $LOGFILE
else
echo 0 > /proc/sys/net/ipv4/ip_forward
echo "## net.ipv4.ip_forward set configured " >> $LOGFILE
fi
echo >> $LOGFILE
sysctl net.ipv4.conf.default.accept_source_route >> $LOGFILE
if [ `sysctl -n net.ipv4.conf.default.accept_source_route` -eq 0 ] ; then
echo "## net.ipv4.conf.default.accept_source_route set ok " >> $LOGFILE
else
echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route
echo "## net.ipv4.conf.default.accept_source_route set configured " >> $LOGFILE
fi
echo >> $LOGFILE
echo "## sysctl.conf show check " >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
cat /lib/sysctl.d/*.conf | grep -v ^# | grep -v ^$ >> $LOGFILE 2>&1
cat /etc/sysctl.d/*.conf | grep -v ^# | grep -v ^$ >> $LOGFILE 2>&1
else
cat /etc/sysctl.conf | grep -v ^# | grep -v ^$>> $LOGFILE 2>&1
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "####### Etc System Check ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "####### /home .profile perm g-w, o-w ##################">> $LOGFILE
#ls -la /home/*/.profile >> $LOGFILE 2>&1
#ls -la /home/*/.bash_profile >> $LOGFILE 2>&1
#ls -la /home/*/.*rc >> $LOGFILE 2>&1
#ls -la /home/*/.login >> $LOGFILE 2>&1
echo >> $LOGFILE
find /home/*/ -name .profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \; >> $LOGFILE 2>&1
find /home/*/ -name .bash_profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \;>>$LOGFILE 2>&1
find /home/*/ -name .*rc \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \;>>$LOGFILE 2>&1
find /home/*/ -name .login \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \;>>$LOGFILE 2>&1
find /home/*/ -name .profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \; >> $LOGFILE 2>&1
find /home/*/ -name .bash_profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \; >>$LOGFILE 2>&1
find /home/*/ -name .*rc \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \; >>$LOGFILE 2>&1
find /home/*/ -name .login \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \; >>$LOGFILE 2>&1
echo "####### /home World Writable file autorun chmod o-w ##################">> $LOGFILE
find /home \( -type f -o -type d \) -perm -2 -ls >> $LOGFILE 2>&1
find /home -type f -perm -2 -exec chmod o-w {} \; >> $LOGFILE 2>&1
find /home -type d -perm 777 -exec chmod o-w {} \; >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "####### Warm Message (/etc/motd) ##################">> $LOGFILE
cat /etc/motd >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "####### automount stop ##################">> $LOGFILE
ps -ef | grep automount |grep -v grep >> $LOGFILE
echo >> $LOGFILE
if [ `ps -ef | grep automount | grep -v grep | wc -l ` -gt 0 ] ; then
/etc/init.d/autofs stop >> $LOGFILE 2>&1
chkconfig --level 345 autofs off >> $LOGFILE 2>&1
echo "## stoped autofs " >> $LOGFILE 2>&1
fi
echo "####### hosts.lpd 600,root ##################">> $LOGFILE
ls -la /etc/hosts.lpd>> $LOGFILE 2>&1
if [ -f /etc/hosts.lpd ]
then
if [ `ls -alL /etc/hosts.lpd | grep "...-------" | wc -l` -eq 1 ]
then
echo "##/etc/hosts.lpd perm ok" >> $LOGFILE
else
echo "##/etc/hosts.lpd perm reset" >> $LOGFILE
chown 600 /etc/hosts.lpd >> $LOGFILE
fi
if [ `ls -ld /etc/hosts.lpd | awk '{ print $3 }' ` = "root" ]
then
echo "##/etc/hosts.lpd root ok " >> $LOGFILE
else
echo "##/etc/hosts.lpd root reset " >> $LOGFILE
chown root /etc/hosts.lpd
fi
else
echo "##/etc/hosts.lpd Not Found" >> $LOGFILE
fi
echo "####### TMOUT 600, umask (0)022 ##################">> $LOGFILE
echo "##/etc/profile check" >>$LOGFILE
echo >> $LOGFILE
echo "##TMOUT at profile" >>$LOGFILE
grep TMOUT /etc/profile>> $LOGFILE
echo >> $LOGFILE
echo "##UMASK at profile" >>$LOGFILE
grep UMASK /etc/profile>> $LOGFILE
echo >> $LOGFILE
echo "##umask config" >>$LOGFILE
grep umask /etc/profile>> $LOGFILE
echo "##umask setting">> $LOGFILE
umask >> $LOGFILE
if [ `umask` -eq 0022 ] ; then
echo "## UMASK set ok " >> $LOGFILE
else
echo " umask 0022" >> /etc/profile
echo "## UMASK 0022 Set" >> $LOGFILE
fi
echo >> $LOGFILE
echo "##/home at -nouser -o -nogroup check autorun chmod root, chgrp root" >>$LOGFILE
echo "" >>$LOGFILE
find /home \( -nouser -o -nogroup \) -exec ls -la {} \; >> $LOGFILE
find /home -nouser -exec chown root {} \; 2>&1 >> $LOGFILE
find /home -nogroup -exec chgrp root {} \; 2>&1 >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##/home at perm -04000 -o -perm -02000 check if exist delete file" >>$LOGFILE
find /home -user root -type f \( -perm -04000 -o -perm -02000 \) -exec ls -la {} \; >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##/dev device file check if exist delete file" >> $LOGFILE
find /dev -type f -exec -ls -l {} \; 2> /dev/null >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "####### system info ##################">> $LOGFILE
echo "############################################">> $LOGFILE
netstat -natp >> $LOGFILE
echo >> $LOGFILE
netstat -naup >> $LOGFILE
echo >> $LOGFILE
ps -ef >> $LOGFILE
echo >> $LOGFILE
df -HT >> $LOGFILE
echo >> $LOGFILE
ifconfig >> $LOGFILE
echo >> $LOGFILE
netstat -in >> $LOGFILE
echo >> $LOGFILE
netstat -rn >> $LOGFILE
echo >> $LOGFILE
free -m >> $LOGFILE
echo >> $LOGFILE
uname -a >> $LOGFILE
echo >> $LOGFILE
댓글 0
| 번호 | 제목 | 날짜 | 조회 수 |
|---|---|---|---|
| 160 | weblogic wlst 기반 암호화파일 복호화 (AES) | 2021.04.05 | 3 |
| 159 | weblogic admin 패스워드 변경 방법 | 2021.04.05 | 4 |
| 158 | vi, vim ^M 제거 | 2021.04.01 | 4 |
| » |
국정원,산자부 서버 취약점 점검 스크립트 - Linux - 2021
  | 2021.04.01 | 16 |
| 156 |
국정원,산자부 서버 취약점 점검 스크립트 -HPUX - 2021
| 2021.04.01 | 7 |
| 155 |
국정원, 산자부 서버 취약점 점검 스크립트 -Windows - 2021
| 2021.04.01 | 15 |
| 154 | wmic useraccount list brief | 2021.03.31 | 3 |
| 153 |
Jeus7 Getting Start Guide
| 2021.03.08 | 14 |
| 152 | hp-ux glance Memory Sort | 2021.02.26 | 47 |
| 151 | 외부로 통신이 되지 않을 때 가지고 있는 CD-ROM으로 yum 사용하는 방법 | 2020.08.25 | 667 |
| 150 | 국정원기반 서버 취약점 점검 스크립트 -Windows | 2020.07.01 | 1381 |
| 149 | 국정원기반 서버 취약점 점검 스크립트 -Linux | 2020.07.01 | 1009 |
| 148 | 국정원기반 서버 취약점 점검 스크립트 -HPUX | 2020.07.01 | 201 |
| 147 | AIX 내부적인 Memory 관리 방법 | 2020.04.14 | 133 |
| 146 | AIX SYSTEM CHECK SCRIPT | 2020.04.10 | 2372 |