You cannot see this page without javascript.

메뉴 건너뛰기

WHKorea

국정원,산자부 서버 취약점 점검 스크립트 - Linux  - 2021

 

아래 스크립트는 필자가 만든 스크립트입니다.

국정원이나 산자부 보안점검 대비 OS를 체크하기 위한 스크립트로

매우 주관적으로 만든 것이니 참고만 하시기 바랍니다.

 

첨부 되어 있습니다.

 

다운 받은뒤 .txt 확장자를 빼고 실행하면 됩니다.

Linux_2021.sh

 

#!/bin/sh
# NISK(National Intelligence Service Korea) Base Security Check Script for KookJung
# Edit by Guppy in 2021
# for Linux

LANG=C
DATE=`date +%Y%m%d%H%M`
DAY=`date +%m/%d/%Y`
LOGFILE=`hostname`_$DATE.txt
Kernel=`uname -r | awk '{ print substr($0,1,6);}'`
# Kernel Version Sample
# RHEL 2.1 = 2.4.9-
# RHEL 3.X = 2.4.21
# RHEL 4.X = 2.6.9-
# RHEL 5.X = 2.6.18
# RHEL 6.X = 2.6.32
# RHEL 7.X = 3.10.0
# RHEL 8.X = 4.18.0
# SUSE 11.X = 4.4.16

OS=`uname -s`
VER=`uname -r`
CURR="Linux"

if [ $OS != $CURR ] ; then
 echo " This Version OS is Not RUN !! "
 exit
fi

echo $DAY > $LOGFILE
echo $Kernel >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################">> $LOGFILE
echo "#######OTP Setting check         ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo >> $LOGFILE
grep /etc/pam_radius_auth.conf /etc/pam.d/su >> $LOGFILE 2>&1
echo >> $LOGFILE
grep /etc/pam_radius_auth.conf /etc/pam.d/sshd >> $LOGFILE 2>&1
echo >> $LOGFILE
cat /etc/pam_radius_auth.conf >> $LOGFILE 2>&1
echo >> $LOGFILE
grep -v ^# /etc/ssh/sshd_config | grep PAM >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "############################################" >> $LOGFILE
echo "#######ftp , 텔넷  check           ##################" >> $LOGFILE
echo "############################################" >> $LOGFILE
echo "##Process Check" >>$LOGFILE
ps -ef | grep ftp | grep -v grep >> $LOGFILE
echo >> $LOGFILE
echo "##xinetd daemon Check" >>$LOGFILE
grep ftp /etc/xinetd.d/* >> $LOGFILE 2>&1
echo >> $LOGFILE
grep te*net /etc/xinetd.d/* >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
echo "##xferlog Check" >>$LOGFILE
tail -n 20 /var/log/xferlog >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
 systemctl list-unit-files | grep ftp >> $LOGFILE 2>&1
 echo >> $LOGFILE
            systemctl list-unit-files | grep te*net >> $LOGFILE 2>&1
fi


echo "############################################">> $LOGFILE
echo "####### ssh port 49110            ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##Port Check" >>$LOGFILE
grep Port /etc/ssh/sshd_config >> $LOGFILE
echo "##PermitRootLogin no Check" >>$LOGFILE
grep PermitRootLogin /etc/ssh/sshd_config >> $LOGFILE
echo >> $LOGFILE
echo "##49110 port Check" >>$LOGFILE
netstat -na | grep 49110 >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/securetty ] ; then
        if [ `grep pts /etc/securetty  | wc -l` -eq 0 ] ; then
                echo "##/etc/securetty set ok " >> $LOGFILE
                else
                echo "##/etc/securetty pts delete configure require " >> $LOGFILE
        fi
        else
#        touch /etc/securetty >>$LOGFILE
#        cat "tty1" > /etc/securetty
        echo "##/etc/securetty create and reconfigure require " >> $LOGFILE
fi
echo ""  >> $LOGFILE
echo ""  >> $LOGFILE

if [ `grep "PermitRootLogin" /etc/ssh/sshd_config | grep -v \# | grep no | wc -l`  -eq 1 ]
        then
        echo "##sshd_config PermitRootLogin no set ok" >> $LOGFILE
        else
        echo "PermitRootLogin no" >> /etc/ssh/sshd_config
        if [ -f /etc/init.d/sshd ] ; then
         /etc/init.d/sshd restart >> $LOGFILE 2>&1
 else
 systemctl restart sshd >> $LOGFILE 2>&1
        fi
        echo "##sshd_config PermitRootLogin no set reconfigured" >> $LOGFILE
fi
echo ""  >> $LOGFILE
echo ""  >> $LOGFILE
echo "############################################">> $LOGFILE
echo "#######          ntp check         ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##crontab Check" >>$LOGFILE
crontab -l | grep ntp >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "##ntp log Check" >>$LOGFILE
tail -n 20 /tmp/zws/ntpdate.log >> $LOGFILE 2>&1
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "#######          ACL check         ##################">> $LOGFILE
echo "############################################">> $LOGFILE
echo "##allow Check" >>$LOGFILE
cat /etc/hosts.allow | grep -v ^# | grep -v ^$ >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##deny Check" >>$LOGFILE
cat /etc/hosts.deny  | grep -v ^# | grep -v ^$ >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/hosts.allow ]
        then
                if [ `ls -alL /etc/hosts.allow | grep "...-.--.--.*.*" | wc -l` -eq 1 ]
                then
                 echo "##/etc/hosts.allow perm ok " >> $LOGFILE
                else
                 echo "##/etc/hosts.allow perm reset " >> $LOGFILE
                 chmod 644 /etc/hosts.allow >> $LOGFILE
                fi
                if [ `ls -ld /etc/hosts.allow | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/hosts.allow root ok " >> $LOGFILE
                else
                 echo "##/etc/hosts.allow root reset " >> $LOGFILE
                 chown root /etc/hosts.allow >> $LOGFILE
                fi
        else
                echo "##/etc/hosts.allow NOT Found" >> $LOGFILE
fi
echo >> $LOGFILE

if [ -f /etc/hosts.deny ]
        then
                if [ `ls -alL /etc/hosts.deny | grep "...-.--.--.*.*" | wc -l` -eq 1 ]
                then
                 echo "##/etc/hosts.deny perm ok " >> $LOGFILE
                else
                 echo "##/etc/hosts.deny perm reset " >> $LOGFILE
                 chmod 644 /etc/hosts.deny >> $LOGFILE
                fi
                if [ `ls -ld /etc/hosts.deny | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/hosts.deny root ok " >> $LOGFILE
                else
                 echo "##/etc/hosts.deny root reset " >> $LOGFILE
                 chown root /etc/hosts.deny >> $LOGFILE
                fi
        else
                echo "##/etc/hosts.deny NOT Found" >> $LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "   #####################################################">> $LOGFILE
echo "1. #######UID, GID 0-99             ##################">> $LOGFILE
echo "   사용자 계정 UDI,GID 값이 정상 할당 되었는가?                                ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
cat /etc/passwd  >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##passwd Check" >>$LOGFILE
cat /etc/passwd | grep ~2019 >> $LOGFILE
echo >> $LOGFILE
cat /etc/passwd | grep ~2020 >> $LOGFILE
echo >> $LOGFILE

echo "####### group check       ##################">> $LOGFILE
echo "##group id 100 Check" >>$LOGFILE
cat /etc/group | grep ^user >> $LOGFILE
echo >> $LOGFILE
echo "##delete group Check" >>$LOGFILE
Def_group="tty uucp smbnull tftp"
for check in $Def_group
do
        if [ `cat /etc/group | grep -v /sbin/nologin | grep -v /bin/false | grep ^$check: | awk -F: '{print $1}' | wc -l ` -gt 0 ]
        then
        echo "## Default group exist : $check" >> $LOGFILE
        groupdel $check >> $LOGFILE
        echo "## group $check delete " >> $LOGFILE
        fi
done
echo >> $LOGFILE
echo "##users 20 Check" >>$LOGFILE
cat /etc/passwd | grep :20:>> $LOGFILE
echo >> $LOGFILE

echo "   #####################################################">> $LOGFILE
echo "2. #######UID, GID 0   -> Only root   #########################">> $LOGFILE
echo "   root 계정 외에 UID GID 가 0인 계정이 없는가?                                ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
cat /etc/passwd | grep :0: >> $LOGFILE
echo >> $LOGFILE

echo "   #####################################################">> $LOGFILE
echo "3. ####### Default ID Delete   ###############################">> $LOGFILE
echo "   디폴트 시스템 계정을 제거 하였는가?                                ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "   ##Default ID check           ################################">> $LOGFILE
Def_ID="adm lp uucp nuucp sync shutdown halt news operator games gopher nfsnobody squid hpdb smbnull iwww owww tftp ftp anonymouse"

for check in $Def_ID
do
        if [ `cat /etc/passwd  | grep ^$check: | awk -F: '{print $1}' | wc -l ` -gt 0 ]
        then
        echo "## Default ID exist : $check" >> $LOGFILE
        userdel $check >> $LOGFILE 2>&1
        echo "##user $check delete " >> $LOGFILE
        fi
done
echo >> $LOGFILE
echo "##test id Check" >>$LOGFILE
cat /etc/passwd | grep test >> $LOGFILE
cat /etc/passwd | grep ^dev >> $LOGFILE

echo >> $LOGFILE
Def_nologin="mysql ssh"
for check in $Def_nologin
do
        if [ `cat /etc/passwd | grep -v /sbin/nologin | grep -v /bin/false | grep ^$check: | awk -F: '{print $1}'  | wc -l ` -gt 0 ]
        then
        echo "## Default user login exist : $check" >> $LOGFILE
        usermod -s /bin/false $check >> $LOGFILE 2>&1
        echo "##user  $check nologin configured" >> $LOGFILE
        fi
done
echo "##Shell nologin, false Check" >>$LOGFILE
cat /etc/passwd | grep -v /sbin/nologin | grep -v /bin/false | grep -v ndkdn | grep -v nddev | grep -v bonsa >> $LOGFILE
echo >> $LOGFILE

echo >> $LOGFILE


echo "   #####################################################">> $LOGFILE
echo "4. ####### login fail 5 count            #########################">> $LOGFILE
echo "   로그인 실패 횟수를 제한하였는가?                                ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "##/etc/pam.d  Check" >>$LOGFILE
grep pam_tally /etc/pam.d/system-auth >> $LOGFILE
ls -la /sbin/pam_tally* >> $LOGFILE 2>&1
ls -la /lib/security/pam_tally*.so >> $LOGFILE 2>&1
ls -la /lib64/security/pam_tally*.so >> $LOGFILE 2>&1
echo >> $LOGFILE

echo "   #####################################################">> $LOGFILE
echo "5. ####### hosts perm 644(444),root || 600 check      #############">> $LOGFILE
echo "   /etc/hosts 파일에 대하여 600 권한을 설정하였는가?                                ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
ls -la /etc/hosts >> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/hosts ]
        then
                if [ `ls -alL /etc/hosts | grep "...-.--.--.*.*" | wc -l` -eq 1 ]
                then
                 echo "##/etc/hosts perm ok " >> $LOGFILE
                else
                 echo "##/etc/hosts perm reset " >> $LOGFILE
                 chmod 644 /etc/hosts >> $LOGFILE
                fi
                if [ `ls -ld /etc/hosts | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/hosts root ok " >> $LOGFILE
                else
                 echo "##/etc/hosts root reset " >> $LOGFILE
                 chown root /etc/hosts >> $LOGFILE
                fi
        else
                echo "##/etc/hosts NOT Found" >> $LOGFILE
fi

echo "####### syslog.conf 644(444),root   ##################">> $LOGFILE
ls -la /etc/*syslog.conf>> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/syslog.conf ]
        then
                if [ `ls -alL /etc/syslog.conf | grep "...-.--.--" | wc -l` -eq 1 ]
                then
                 echo "##/etc/syslog.conf perm ok" >> $LOGFILE
                else
                 echo "##/etc/syslog.conf perm reset" >> $LOGFILE
                 chown 644 /etc/syslog.conf >> $LOGFILE
                fi
                if [ `ls -ld /etc/syslog.conf | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/syslog.conf root ok " >> $LOGFILE
                else
                 echo "##/etc/syslog.conf root reset " >> $LOGFILE
                 chown root /etc/syslog.conf >> $LOGFILE
                fi

        else
                echo "##/etc/syslog.conf Not Found" >> $LOGFILE
fi
if [ -f /etc/rsyslog.conf ]
        then
                if [ `ls -alL /etc/rsyslog.conf | grep "...-.--.--" | wc -l` -eq 1 ]
                then
                 echo "##/etc/rsyslog.conf perm ok" >> $LOGFILE
                else
                 echo "##/etc/rsyslog.conf perm reset" >> $LOGFILE
                 chown 644 /etc/rsyslog.conf >> $LOGFILE
                fi
                if [ `ls -ld /etc/rsyslog.conf | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/rsyslog.conf root ok " >> $LOGFILE
                else
                 echo "##/etc/rsyslog.conf root reset " >> $LOGFILE
                 chown root /etc/rsyslog.conf >> $LOGFILE
                fi

        else
                echo "##/etc/rsyslog.conf Not Found" >> $LOGFILE
fi
echo "####### services 644,root            ##################">> $LOGFILE
ls -la /etc/services>> $LOGFILE
echo >> $LOGFILE
if [ -f /etc/services ]
        then
                if [ `ls -alL /etc/services | grep "...-.--.--" | wc -l` -eq 1 ]
                then
                 echo "##/etc/services perm ok" >> $LOGFILE
                else
                 echo "##/etc/services perm reset" >> $LOGFILE
                 chown 644 /etc/services >> $LOGFILE
                fi
                if [ `ls -ld /etc/services | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/services root ok " >> $LOGFILE
                else
                 echo "##/etc/services root reset " >> $LOGFILE
                 chown root /etc/services >> $LOGFILE
                fi
        else
                echo "##/etc/services Not Found" >> $LOGFILE
fi

echo "   #####################################################">> $LOGFILE
echo "6. ####### sulog   , su 4750 , root.wheel    17번 last 참고 ##########">> $LOGFILE
echo "   관리자 계정에 대한 로그인 성공/실패 기록 설정을 하였는가?           ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "##sulog check" >>$LOGFILE
grep sulog /etc/*syslog.conf >>$LOGFILE
CT=`grep sulog /etc/*syslog.conf | wc -l `
echo "">> $LOGFILE
if [ $CT -gt 1 ] ; then
tail -n 10 `grep sulog /etc/*syslog.conf | awk '{print $2}'` >>$LOGFILE 2>&1
fi

echo "##syslog.conf auth check" >>$LOGFILE
grep auth /etc/*syslog.conf >>$LOGFILE
if [ ! -d /var/log/sulogd ] ; then
        mkdir -p /var/log/sulogd
        touch /var/log/sulogd/sulog.log
        echo "## /var/log/sulogd directory create" >>$LOGFILE
fi
if [ -f /etc/login.defs ]; then
        if [ `grep SULOG /etc/login.defs | wc -l` -eq 0 ] ; then
 echo "SULOG_FILE /var/log/sulogd/sulog.log" >> /etc/login.defs
        fi
fi

if [ -f /etc/rsyslog.conf ]
        then
        if [ `cat /etc/rsyslog.conf  | grep authpriv. | wc -l` -gt 0 ] ; then
                echo "##syslog authpriv.notice setting ok " >>$LOGFILE
                echo "" >>$LOGFILE
                else
                echo "##authpriv.notice syslog reconfigured " >>$LOGFILE
             echo "" >>$LOGFILE
                echo "authpriv.*   /var/log/sulogd/sulog.log " >> /etc/rsyslog.conf
                if [ $Kernel = "2.6.32" ]  ; then
                        service rsyslog restart >>$LOGFILE 2>&1
             else
                        systemctl restart rsyslog.service>>$LOGFILE 2>&1

                fi
         fi
fi
if [ -f /etc/syslog.conf ]
        then
        if [ `cat /etc/syslog.conf  | grep auth. | wc -l` -gt 0 ] ; then
                echo " syslog auth.notice setting ok " >>$LOGFILE
                echo "" >>$LOGFILE
                else
                echo " auth.notice syslog reconfigured " >>$LOGFILE
             echo "" >>$LOGFILE
                echo "auth.*   /var/log/sulogd/sulog.log " >> /etc/syslog.conf
                service syslog restart >>$LOGFILE 2>&1
               
         fi
fi

echo >> $LOGFILE
if [ -f /usr/bin/su ]
        then
                ls -la /usr/bin/su  >> $LOGFILE
                if [ `ls -alL /usr/bin/su | grep ".rwsr-x---.*root.*wheel*" | wc -l` -eq 1 ]
                then
                echo "##/usr/bin/su perm ok" >> $LOGFILE
                else
                echo "##/usr/bin/su perm reset" >> $LOGFILE
                chmod 4750 /usr/bin/su >> $LOGFILE
     chown root /usr/bin/su >> $LOGFILE
                chgrp wheel /usr/bin/su >> $LOGFILE
                fi

fi
if [ -f /bin/su ]
        then
                ls -la /bin/su >> $LOGFILE
  if [ `ls -alL /bin/su | grep ".rwsr-x---.*root.*wheel*" | wc -l` -eq 1 ]
                then
                echo "##/bin/su perm ok" >> $LOGFILE
                else
                echo "##/bin/su perm reset" >> $LOGFILE
     chown root:wheel /bin/su >> $LOGFILE
                chmod 4750 /bin/su >> $LOGFILE
                fi

fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "7. #######  network daemon 644(555) g-w, o-w ##################">> $LOGFILE
echo "   네트워크 서비스 데몬 권한을 755 이하로 설정하였는가?           ">> $LOGFILE
echo "   #####################################################">> $LOGFILE
ls -la /usr/sbin/xinetd >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ -f /usr/sbin/xinetd ]
        then
                if [ `ls -alL /usr/sbin/xinetd |  grep ".....-..-." | wc -l` -eq 1 ]
                then
                 echo "##/usr/sbin/xinetd perm ok" >> $LOGFILE
                else
                 echo "##/usr/sbin/xinetd perm reset" >> $LOGFILE
                 chown 755 /usr/sbin/xinetd >> $LOGFILE
                fi
                if [ `ls -ld /usr/sbin/xinetd | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/usr/sbin/xinetd root ok " >> $LOGFILE
                else
                 echo "##/usr/sbin/xinetd root reset " >> $LOGFILE
                 chown root /usr/sbin/xinetd >> $LOGFILE
                fi
        else
                echo "##/usr/sbin/xinetd Not Found" >> $LOGFILE
fi

echo >> $LOGFILE
ls -la /etc/init.d/* >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
if [ `find /etc/init.d/ \( -perm -g+w -o -perm -o+w \) -type f  | wc -l` -eq 0 ]
        then
        echo "##Network Daemon Perm 755 ok " >> $LOGFILE
        else
        echo "##Network Daemon Perm reset  " >> $LOGFILE
        find /etc/init.d/ \( -perm -g+w -o -perm -o+w \) -type f -exec ls -la {} \;  >> $LOGFILE 2>&1
        find /etc/init.d/ \( -perm -g+w -o -perm -o+w \) -type f -exec chmod 644  {} \; >> $LOGFILE 2>&1
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "8. #######  Password  check (OTP config check 참고)) #############">> $LOGFILE
echo "   안전한 비밀번호 설정(9자리이상, 숫자, 영문자, 특수문자 혼용,정기적변경) 이 되었는가?">> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo >> $LOGFILE
grep -v ^# /etc/login.defs | grep -v ^$ |grep PASS >> $LOGFILE
echo >> $LOGFILE

if [ $Kernel = "2.6.32" ] || [ $Kernel = "2.6.18" ]; then
            echo "pam_cracklib.so setting is .. " >> $LOGFILE
 grep pam_cracklib.so /etc/pam.d/system-auth >> $LOGFILE 
 echo >> $LOGFILE
fi
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ]  ; then
 echo "pam_pwquality.so setting is .. " >> $LOGFILE
 grep pam_pwquality.so /etc/pam.d/system-auth >> $LOGFILE 
 echo >> $LOGFILE
 echo "pwquality.conf setting is .. " >> $LOGFILE
 cat /etc/security/pwquality.conf | grep -v ^#  >> $LOGFILE    
 echo >> $LOGFILE
fi

echo >> $LOGFILE
echo "   #####################################################">> $LOGFILE
echo "9., 10. #######  passwd 644,root shadow 400,root ##################">> $LOGFILE
echo "   패스워드 관리 시스템 파일의 소유자를 슈퍼관리자로 지정하였는가?">> $LOGFILE
echo "   패스워드 관리 시스템 파일은 슈퍼관리자만 수정 가능한가?">> $LOGFILE
echo "   #####################################################">> $LOGFILE
ls -la /etc/passwd >> $LOGFILE
if [ -f /etc/passwd ]
        then
                if [ `ls -alL /etc/passwd | grep "...-.--.--" | wc -l` -eq 1 ]
                then
                 echo "##/etc/passwd perm ok" >> $LOGFILE
                else
                 echo "##/etc/passwd perm reset" >> $LOGFILE
                 chown 644 /etc/passwd >> $LOGFILE
                fi
                if [ `ls -ld /etc/passwd | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/passwd root ok " >> $LOGFILE
                else
                 echo "##/etc/passwd root reset " >> $LOGFILE
                 chown root /etc/passwd >> $LOGFILE
                fi

        else
                echo "##/etc/passwd Not Found" >> $LOGFILE
fi
ls -la /etc/shadow >> $LOGFILE 2>&1
if [ -f /etc/shadow ]
        then
                if [ `ls -alL /etc/shadow | grep "..--------" | wc -l` -eq 1 ]
                then
                 echo "##/etc/shadow perm ok" >> $LOGFILE
                else
                 echo "##/etc/shadow perm reset" >> $LOGFILE
                 chown 400 /etc/shadow >> $LOGFILE
                fi
                if [ `ls -ld /etc/shadow | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/shadow root ok " >> $LOGFILE
                else
                 echo "##/etc/shadow root reset " >> $LOGFILE
                 chown root /etc/shadow >> $LOGFILE
                fi

        else
                echo "##/etc/shadow Not Found" >> $LOGFILE
fi
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "11. #######  remote shell check  / SSH port 설정 참고  ############">> $LOGFILE
echo "   원격 로그인 또는 원격 쉘 등이 사용 불가로 설정되었는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo "##xinetd.conf check" >>$LOGFILE
ls -la  /etc/xinetd.d/*login* >>$LOGFILE 2>&1
echo >> $LOGFILE
ls -la  /etc/xinetd.d/*rsh* >>$LOGFILE 2>&1
echo >> $LOGFILE
ls -la  /etc/xinetd.d/*rexec* >>$LOGFILE 2>&1
echo >> $LOGFILE
find /home -name .rhosts >>$LOGFILE 2>&1
echo >> $LOGFILE
HOMEDIRS=`cat /etc/passwd | awk -F":" 'length($6) > 0 {print $6}' | sort -u`
for dir in $HOMEDIRS
do

if [ -f $dir/.rhosts ]
        then
        ls -la $dir/.rhosts >> $LOGFILE
        echo "## Delete file $dir/.rhosts " >> $LOGFILE
        rm -rf $dir/.rhosts >> $LOGFILE
#       else
#       echo " .rhosts file not found "
fi
if [ -f $dir/.netrc ]
        then
        ls -la $dir/.netrc >> $LOGFILE
        echo "## Delete file $dir/.netrc " >> $LOGFILE
        rm -rf $dir/.netrc >> $LOGFILE
#       else
#       echo " .netrc file not found "
fi

done

echo "##hosts.equiv check" >>$LOGFILE
ls -la /etc/hosts.equiv >>$LOGFILE 2>&1
if [ -f /etc/hosts.equiv ]
then
                if [ `ls -alL /etc/hosts.equiv | grep ".r.-------.*root.*" | wc -l` -eq 1 ]
                        then
                                echo "##/etc/hosts.equiv perm ok" >> $LOGFILE
                        else
                                echo "##/etc/hosts.equiv perm reset" >> $LOGFILE
                                chown root:root /etc/hosts.equiv >> $LOGFILE
                                chmod 400 /etc/hosts.equiv >> $LOGFILE
                fi

else
        echo "##/etc/hosts.equiv file Not Found is ok" >> $LOGFILE
fi

echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo "12. ####### inetd 600,root  rpc stop      #######################">> $LOGFILE
echo "   불필요한 네트워크 서비스 제거 되었는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE

runlevel >> $LOGFILE
echo >> $LOGFILE

if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
 /bin/systemctl list-unit-files | grep -v disabled >>$LOGFILE 2>&1
 else
 LANG=C ; chkconfig --list | grep -v `runlevel | awk '{print $2}'`:off >> $LOGFILE 2>&1
fi

echo >> $LOGFILE
if [ -f /etc/xinetd.conf  ]
        then
        ls -la /etc/xinetd.conf  >> $LOGFILE
                if [ `ls -alL /etc/xinetd.conf  | grep "...-------" | wc -l` -eq 1 ]
                then
                 echo "##/etc/xinetd.conf  perm ok" >> $LOGFILE
                else
                 echo "##/etc/xinetd.conf  perm reset" >> $LOGFILE
                 chown 600 /etc/xinetd.conf  >> $LOGFILE
                fi
                if [ `ls -ld /etc/xinetd.conf  | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/xinetd.conf  root ok " >> $LOGFILE
                else
                 echo "##/etc/xinetd.conf  root reset " >> $LOGFILE
                 chown root /etc/xinetd.conf  >> $LOGFILE
                fi
     ls -la /etc/xinetd.d/* >> $LOGFILE
        else
                echo "##/etc/xinetd.conf  Not Found">> $LOGFILE
fi

 


echo >> $LOGFILE
if [ -f /etc/xinetd.conf  ] ; then
 echo "##xinetd.conf rpc config set check" >>$LOGFILE
 cat /etc/xinetd.conf | grep -v ^# | grep -v ^$>> $LOGFILE 2>&1
 echo >> $LOGFILE
fi
netstat -na | grep LISTEN | grep ":512 " >> $LOGFILE
netstat -na | grep LISTEN | grep ":513 " >> $LOGFILE
netstat -na | grep LISTEN | grep ":514 " >> $LOGFILE


echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo "13. #######    Ftp , 텔넷  check                         ################">> $LOGFILE
echo "   암호화 기능이 없는 프로토콜 사용 여부">> $LOGFILE
echo "   익명 FTP 사용을 제한 하였는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE

if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" || [ $Kernel = "4.18.0"  ] ; then
 /bin/systemctl list-unit-files | grep ftp  >>$LOGFILE 2>&1
 /bin/systemctl list-unit-files | grep te*net  >>$LOGFILE 2>&1
 else
 LANG=C ; chkconfig --list | grep ftp  >> $LOGFILE 2>&1
 LANG=C ; chkconfig --list | grep te*net  >> $LOGFILE 2>&1
fi


echo >> $LOGFILE
echo "##te*net Listen is .. " >> $LOGFILE
grep te*net /etc/init.d/* >> $LOGFILE 2>&1
netstat -na | grep ":23 " >> $LOGFILE
netstat -na | grep ":22 " >> $LOGFILE
netstat -na | grep ":49110 " >> $LOGFILE

echo >> $LOGFILE
echo "## ftp Listen is .. " >> $LOGFILE
ls /etc/init.d/*ftp* >> $LOGFILE 2>&1
netstat -na | grep ":29119 " >> $LOGFILE
netstat -na | grep ":21 " >> $LOGFILE
echo >> $LOGFILE

if [ -f /etc/vsftpd/vsftpd.conf ] ; then
 if [ `cat /etc/vsftpd/vsftpd.conf | grep -v ^\# | grep anonymous | egrep -v "no|NO"| wc -l ` -eq 0 ]
          then
          echo "## Anonymous FTP NO Setting" >> $LOGFILE
          else
                        mv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.org
          echo "## Setting File Moved " >> $LOGFILE
 fi
 else
 echo "## /etc/vsftpd/vsftpd.conf file Not Found " >> $LOGFILE
fi
grep ftp /etc/passwd >> $LOGFILE
grep anonymous /etc/passwd >> $LOGFILE


echo "    #####################################################">> $LOGFILE
echo "15. ####### find /home .netrc     /로는 시간 많이 걸림           #######">> $LOGFILE
echo "    자동으로 FTP에 로그인을 허용하는 .netrc 파일을 제거하였는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
find /home -name .netrc >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
LISTHOME=`cat /etc/passwd | awk -F: '{ print $6 }' | grep -v /home | grep /.`
for check in $LISTHOME
do
        if [ -d $check ]
            then
         find $check -name .netrc >>   $LOGFILE
        fi
done
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "16. ####### xinetd running (퍼미션은 12번 참고)  #################">> $LOGFILE
echo "    xinetd 가 불필요한 경우 비활성화 되어 있는?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
ps -ef | grep xinetd | grep -v grep >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
grep -v ^# /etc/xinetd.conf | grep -v ^$ >> $LOGFILE 2>&1
echo >> $LOGFILE
echo >> $LOGFILE
#if [ `grep -v ^# /etc/xinetd.conf | grep -v ^$ | wc -l`  -eq 0 ]
#        then
#        /etc/init.d/xinetd stop
#        echo "##xinetd is killed and OS reboot after is starting " >> $LOGFILE
#        else
#        echo "##xinetd running " >> $LOGFILE
#fi
echo >> $LOGFILE
echo >> $LOGFILE


echo "    #####################################################">> $LOGFILE
echo "17. ####### last  20  Line      , ACL check 참고  ##################">> $LOGFILE
echo "   지정된 IP외의 주소에서 FTP, 텔넷으로 접속한 이력이 없는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
last  | head -n 20 >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "18. ####### Cron 640,root                 ##################">> $LOGFILE
echo "   Cron 파일 소유자 및 권한 설정을 점검, 조치하였는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
#ls -laR /var/spool/cron >> $LOGFILE
echo >> $LOGFILE
#ls -la /etc/cron* >> $LOGFILE 2>&1
echo >> $LOGFILE
if [ -f /etc/cron.allow  ]
        then
  ls -la /etc/cron.allow >>$LOGFILE
                if [ `ls -alL /etc/cron.allow   | grep "...-.-----" | wc -l` -eq 1 ]
                then
                 echo "##/etc/cron.allow   perm ok" >>$LOGFILE
                else
                 echo "##/etc/cron.allow   perm reset" >>$LOGFILE
                 chown 640 /etc/cron.allow   >>$LOGFILE
                fi
                if [ `ls -ld /etc/cron.allow   | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/cron.allow   root ok " >>$LOGFILE
                else
                 echo "##/etc/cron.allow   root reset " >>$LOGFILE
                 chown root /etc/cron.allow   >>$LOGFILE
                fi

        else
                echo "##/etc/cron.allow   Not Found" >>$LOGFILE
fi
if [ -f /etc/cron.deny  ]
        then
  ls -la /etc/cron.deny >>$LOGFILE
                if [ `ls -alL /etc/cron.deny  | grep "...-.-----" | wc -l` -eq 1 ]
                then
                 echo "##/etc/cron.deny  perm ok" >>$LOGFILE
                else
                 echo "##/etc/cron.deny  perm reset" >>$LOGFILE
                 chown 640 /etc/cron.deny  >>$LOGFILE
                fi
                if [ `ls -ld /etc/cron.deny  | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/cron.deny  root ok " >>$LOGFILE
                else
                 echo "##/etc/cron.deny  root reset " >>$LOGFILE
                 chown root /etc/cron.deny >>$LOGFILE
                fi

        else
                echo "##/etc/cron.deny  Not Found" >>$LOGFILE
fi

echo "    #####################################################">> $LOGFILE
echo "19. ####### Snmp                          #########################">> $LOGFILE
echo "   디폴트 SNMP 커뮤니티 스트링 값을 변경 제거 하였는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo "##Process check" >>$LOGFILE
ps -ef | grep snmp | grep -v grep >> $LOGFILE
echo >> $LOGFILE
echo "##start shell check" >>$LOGFILE
ls /etc/init.d/*snmp* >> $LOGFILE 2>&1
echo >> $LOGFILE

if [ -f /etc/snmp/snmpd.conf  ]
        then
        echo "##community check" >>$LOGFILE
        cat /etc/snmp/snmpd.conf | grep community-name: | grep -v ^#>> $LOGFILE
        mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.org
fi

echo >> $LOGFILE
echo "##Listen check" >>$LOGFILE
netstat -na | grep ":161 " >> $LOGFILE
echo >> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
 /bin/systemctl list-unit-files | grep snmp >>$LOGFILE 2>&1
 else
 LANG=C ; chkconfig --list | grep snmp >> $LOGFILE 2>&1
fi
echo >> $LOGFILE
echo >> $LOGFILE

echo "    #####################################################">> $LOGFILE
echo "20. ####### SecureShell version                   ##################">> $LOGFILE
echo "   최신 버전의 SSH 사용하는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo >> $LOGFILE
if [ $Kernel = "4.4.16" ] ; then
 rpm -qi openssh >> $LOGFILE 2>&1
 else
 rpm -qi openssh-server >> $LOGFILE 2>&1
fi
echo >> $LOGFILE
openssl version >> $LOGFILE 2>&1
echo >> $LOGFILE
ps -ef | grep ssh >> $LOGFILE 2>&1
echo >> $LOGFILE
ls -la /etc/hosts >> $LOGFILE 2>&1
echo >> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo "21. 22. ####### sysctl  check                    ##################">> $LOGFILE
echo "   IP 포워딩을 비활성화 하였는가?">> $LOGFILE
echo "   패킷 재전송 설정 비활성화 하였는가?">> $LOGFILE
echo "    #####################################################">> $LOGFILE
echo >> $LOGFILE
sysctl  net.ipv4.ip_forward >> $LOGFILE
if [ `sysctl  -n net.ipv4.ip_forward` -eq 0 ] ; then
 echo "## net.ipv4.ip_forward set ok "  >> $LOGFILE
 else
 echo 0 > /proc/sys/net/ipv4/ip_forward
 echo "## net.ipv4.ip_forward set configured "  >> $LOGFILE
fi
echo >> $LOGFILE
sysctl  net.ipv4.conf.default.accept_source_route >> $LOGFILE
if [ `sysctl  -n net.ipv4.conf.default.accept_source_route` -eq 0 ] ; then
 echo "## net.ipv4.conf.default.accept_source_route set ok "  >> $LOGFILE
 else
 echo 0 > /proc/sys/net/ipv4/conf/default/accept_source_route
 echo "## net.ipv4.conf.default.accept_source_route set configured "  >> $LOGFILE
fi
echo >> $LOGFILE
echo "## sysctl.conf show check " >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
if [ $Kernel = "3.10.0" ] || [ $Kernel = "4.4.16" ] ; then
 cat  /lib/sysctl.d/*.conf | grep -v ^# | grep -v ^$ >> $LOGFILE 2>&1
            cat  /etc/sysctl.d/*.conf | grep -v ^# | grep -v ^$ >> $LOGFILE 2>&1
 else
 cat /etc/sysctl.conf | grep -v ^# | grep -v ^$>> $LOGFILE 2>&1
fi
echo >> $LOGFILE
echo >> $LOGFILE


echo "############################################">> $LOGFILE
echo "#######       Etc System Check   ##################">> $LOGFILE
echo "############################################">> $LOGFILE

echo >> $LOGFILE
echo >> $LOGFILE
echo "####### /home .profile perm g-w, o-w        ##################">> $LOGFILE
#ls -la /home/*/.profile >> $LOGFILE 2>&1
#ls -la /home/*/.bash_profile >> $LOGFILE 2>&1
#ls -la /home/*/.*rc >> $LOGFILE 2>&1
#ls -la /home/*/.login >> $LOGFILE 2>&1
echo >> $LOGFILE
find /home/*/ -name .profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \; >> $LOGFILE 2>&1
find /home/*/ -name .bash_profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \;>>$LOGFILE 2>&1
find /home/*/ -name .*rc \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \;>>$LOGFILE 2>&1
find /home/*/ -name .login \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec ls -la {} \;>>$LOGFILE 2>&1
find /home/*/ -name .profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \; >> $LOGFILE 2>&1
find /home/*/ -name .bash_profile \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \;  >>$LOGFILE 2>&1
find /home/*/ -name .*rc \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \;  >>$LOGFILE 2>&1
find /home/*/ -name .login \( -perm -g+w -o -perm -o+w -o -perm -g+x -o -perm -o+x \) -type f -exec chmod 644 {} \; >>$LOGFILE 2>&1

echo "####### /home World Writable file  autorun chmod o-w ##################">> $LOGFILE
find /home \( -type f -o -type d \) -perm -2 -ls  >> $LOGFILE 2>&1
find /home -type f -perm -2 -exec chmod o-w {} \; >> $LOGFILE 2>&1
find /home -type d -perm 777 -exec chmod o-w {} \; >> $LOGFILE 2>&1
echo >> $LOGFILE

echo "####### Warm Message (/etc/motd)    ##################">> $LOGFILE
cat /etc/motd  >> $LOGFILE 2>&1
echo >> $LOGFILE

echo "####### automount stop                   ##################">> $LOGFILE
ps -ef | grep automount |grep -v grep >> $LOGFILE
echo >> $LOGFILE
if [ `ps  -ef | grep automount | grep -v grep | wc -l ` -gt 0 ] ; then
        /etc/init.d/autofs stop >> $LOGFILE 2>&1
        chkconfig --level 345 autofs off >> $LOGFILE 2>&1
        echo "## stoped autofs " >> $LOGFILE 2>&1
fi

 

echo "####### hosts.lpd 600,root                 ##################">> $LOGFILE
ls -la /etc/hosts.lpd>> $LOGFILE 2>&1
if [ -f /etc/hosts.lpd  ]
        then
                if [ `ls -alL /etc/hosts.lpd  | grep "...-------" | wc -l` -eq 1 ]
                then
                 echo "##/etc/hosts.lpd  perm ok"  >> $LOGFILE
                else
                 echo "##/etc/hosts.lpd  perm reset"  >> $LOGFILE
                 chown 600 /etc/hosts.lpd  >> $LOGFILE
                fi
                if [ `ls -ld /etc/hosts.lpd  | awk '{ print $3 }' ` = "root" ]
      then
                 echo "##/etc/hosts.lpd  root ok "  >> $LOGFILE
                else
                 echo "##/etc/hosts.lpd  root reset "  >> $LOGFILE
                 chown root /etc/hosts.lpd
                fi

        else
                echo "##/etc/hosts.lpd  Not Found"  >> $LOGFILE
fi

echo "####### TMOUT 600, umask (0)022     ##################">> $LOGFILE
echo "##/etc/profile check" >>$LOGFILE
echo >> $LOGFILE
echo "##TMOUT at profile" >>$LOGFILE
grep TMOUT /etc/profile>> $LOGFILE
echo >> $LOGFILE
echo "##UMASK at profile" >>$LOGFILE
grep UMASK /etc/profile>> $LOGFILE
echo >> $LOGFILE
echo "##umask config" >>$LOGFILE
grep umask /etc/profile>> $LOGFILE
echo "##umask setting">> $LOGFILE
umask >> $LOGFILE
if [ `umask` -eq  0022 ] ; then
        echo "## UMASK set ok " >> $LOGFILE
        else
        echo " umask 0022" >> /etc/profile
        echo "## UMASK 0022 Set" >> $LOGFILE
fi
echo >> $LOGFILE


echo "##/home at -nouser -o -nogroup check autorun chmod root, chgrp root" >>$LOGFILE
echo "" >>$LOGFILE
find /home \( -nouser -o -nogroup \) -exec ls -la {} \; >> $LOGFILE
find /home -nouser -exec chown root {} \; 2>&1  >> $LOGFILE
find /home -nogroup -exec chgrp root {} \; 2>&1 >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##/home at perm -04000 -o -perm -02000 check if exist delete file" >>$LOGFILE
find /home -user root -type f \( -perm -04000 -o -perm -02000 \) -exec ls -la {} \;  >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE
echo "##/dev device file  check if exist delete file" >> $LOGFILE
find /dev -type f -exec -ls -l {} \; 2> /dev/null >> $LOGFILE
echo >> $LOGFILE
echo >> $LOGFILE

echo "############################################">> $LOGFILE
echo "#######  system info  ##################">> $LOGFILE
echo "############################################">> $LOGFILE
netstat -natp >> $LOGFILE
echo >> $LOGFILE
netstat -naup >> $LOGFILE
echo >> $LOGFILE
ps -ef >> $LOGFILE
echo >> $LOGFILE
df -HT >> $LOGFILE
echo >> $LOGFILE
ifconfig >>  $LOGFILE
echo >> $LOGFILE
netstat -in >> $LOGFILE
echo >> $LOGFILE
netstat -rn >> $LOGFILE
echo >> $LOGFILE
free -m >> $LOGFILE
echo >> $LOGFILE
uname -a >> $LOGFILE
echo >> $LOGFILE


 

 

위로