-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAudit.sh
200 lines (189 loc) · 6.33 KB
/
Audit.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
#!/bin/bash
#author: salman sk
# Configuration file path
CONFIG_FILE="config.conf"
# Function to log output
log_output() {
echo "$1" | tee -a "$LOG_FILE"
}
if [ ! -f "$CONFIG_FILE" ]; then
echo "Configuration file not found. Exiting..."
exit 1
fi
source "$CONFIG_FILE"
# Clear the screen
tput clear
LOG_DIR="logs"
mkdir -p "$LOG_DIR"
LOG_FILE="$LOG_DIR/$(date '+%Y-%m-%d_%H-%M-%S')_LinuxAudit.log"
log_output "###############################################"
log_output "###############################################"
log_output
log_output "###############################################"
log_output "Welcome to security audit of your Linux machine:"
log_output "###############################################"
log_output
log_output "Script will automatically gather the required info:"
log_output "The checklist can help you in the process of hardening your system:"
log_output
sleep 3
log_output
log_output "OK... $HOSTNAME ...let's continue, please wait for it to finish:"
log_output
sleep 3
log_output
log_output "Script Starts ;)"
START=$(date +%s)
log_output
# Function to perform audit and write to file
perform_audit() {
log_output
log_output -e "\e[0;33m 1. Linux Kernel Information////// \e[0m"
log_output
uname -a | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 2. Current User and ID information////// \e[0m"
log_output
whoami | tee -a "$LOG_FILE"
log_output
id | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 3. Linux Distribution Information///// \e[0m"
log_output
cat /etc/redhat-release | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 4. List Current Logged In Users///// \e[0m"
log_output
w | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 5. $HOSTNAME Uptime Information///// \e[0m"
log_output
uptime | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 6. Running Services///// \e[0m"
log_output
systemctl list-units --type=service --state=running | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 7. Active Internet Connections and Open Ports///// \e[0m"
log_output
netstat -natp | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 8. Check Available Space///// \e[0m"
log_output
df -h | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 9. Check Memory///// \e[0m"
log_output
free -h | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 10. History (Commands)///// \e[0m"
log_output
history | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 11. Network Interfaces///// \e[0m"
log_output
ifconfig -a | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 12. IPtable Information///// \e[0m"
log_output
iptables -L -n -v | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 13. Check Running Processes///// \e[0m"
log_output
ps -a | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 14. Check SSH Configuration///// \e[0m"
log_output
cat /etc/ssh/sshd_config | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output -e "\e[0;33m 15. List All Packages Installed///// \e[0m"
log_output
yum list installed | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 16. Network Parameters///// \e[0m"
log_output
cat /etc/sysctl.conf | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 17. Password Policies///// \e[0m"
log_output
cat /etc/pam.d/system-auth | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 18. Check your Repository Configuration///// \e[0m"
log_output
cat /etc/yum.repos.d/* | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 19. Check for Broken Dependencies///// \e[0m"
log_output
yum check | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 20. MOTD Banner Message///// \e[0m"
log_output
cat /etc/motd | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 21. List User Names///// \e[0m"
log_output
cut -d: -f1 /etc/passwd | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 22. Check for Null Passwords///// \e[0m"
log_output
users="$(cut -d: -f 1 /etc/passwd)"
for x in $users
do
passwd -S $x |grep "NP" | tee -a "$LOG_FILE"
done
log_output
log_output "###############################################"
log_output
log_output -e "\e[0;33m 23. Display Password File///// \e[0m"
log_output
cat /etc/passwd | tee -a "$LOG_FILE"
log_output
log_output "###############################################"
END=$(date +%s)
DIFF=$(( $END - $START ))
log_output "It took $DIFF seconds"
}
# Perform the audit
perform_audit
log_output "Script completed successfully."