#!/bin/bash
#######################################################################
# Purpose : This script contains commands that will check various
# : settings on Solaris 10 systems.
# :
# : Kevin Waldron
# : Scott Everard
# Date : May 14, 2007
# Version : 1.00
# :
# Revision : 1.00.
# :
# Filename : seccheck_audits.sh
# :
# Location : CD-ROM
# :
#
###############################################################################
AWK="/usr/bin/awk"
ECHO="/bin/echo"
GREP="/usr/bin/grep"
ID="/usr/xpg4/bin/id"
LS="/bin/ls"
SED="/usr/bin/sed"
SVCADM="/usr/sbin/svcadm"
SVCCFG="/usr/sbin/svccfg"
SVCS="/usr/bin/svcs"
UNAME="/bin/uname"
WC="/bin/wc"
BOLD=`tput smso`
BOLDOFF=`tput rmso`
OS="unknown"
OS_VERSION="unknown"
SUCCESS=0
ERROR=1
function print_error {
${ECHO} "Error: $@" >&2
}
function print_warn {
${ECHO} "NOT OK: $@"
}
function print_info {
${ECHO} " INFO: $@"
}
function print_ok {
${ECHO} "OK: $@"
}
function print_banner {
${ECHO} "$BOLD[ $@ ]$BOLDOFF"
}
function print_divider {
${ECHO} "=========="
}
function check_os {
OPERATING_SYSTEM=$( ${UNAME} -s )
OS_REVISION=$( ${UNAME} -r )
case "${OPERATING_SYSTEM}" in
"SunOS") OS="Solaris"
case "${OS_REVISION}" in
"5.10") OS_VERSION="10" ;;
"5.9" ) OS_VERSION="9" ;;
"5.8" ) OS_VERSION="8" ;;
"5.7" ) OS_VERSION="7" ;;
* ) OS_VERSION="UNSUPPORTED" ;;
esac ;;
* ) OS="UNSUPPORTED" ;;
esac
if [ "${OS}" = "UNSUPPORTED" -o "${OS_VERSION}" = "UNSUPPORTED" ]; then
print_error "Sorry, ${OPERATING_SYSTEM} ${OS_REVISION} is not supported"
exit ${ERROR}
elif [ "${OS_VERSION}" -ne "10" ]; then # temporary....
print_error "Sorry, only Solaris 10 supported at present"
exit ${ERROR}
fi
}
function check_user {
MY_UID=$( ${ID} -u )
if [ "${MY_UID}" -ne "0" ]; then
print_error "This script must be executed as root"
exit ${ERROR}
fi
}
function check_auditd {
print_banner " Ensure that the audit daemon is running."
NOTAUDITING="TRUE"
if [ "`auditconfig -getcond | awk '{ print $4 }'`" = "auditing" ]
then
print_ok " Auditing is running."
NOTAUDITING="FALSE"
fi
if [ "${NOTAUDITING}" = "TRUE" ]
then
print_warn " Auditing is not running."
fi
}
#######################################################################
function check_audit_startup {
print_banner " Check audit daemon startup file configuration."
if [ "`auditconfig -getpolicy | grep 'audit policies' | cut -f4`" = "-cnt" ]
then
print_warn "Audit daemon is configured to drop records when resources are depleted."
else
print_ok "Audit daemon is properly configured to shutdown when resources are depleted."
fi
}
#######################################################################
function check_zone_audit {
print_banner " Check audit daemon startup file configuration."
if [ "`auditconfig -getpolicy | grep 'audit policies' | awk '{ print $4 }' | cut -d, -f2`" = "zonename" ]
then
print_ok "Audit daemon is configured to use zone names when audits come from a non-global zone."
else
print_warn "The audit daemon is not configured to use zone names for audits"
print_warn "originating in non-global zones. This could be very confusing"
print_warn "reviewing audits."
print_info " To fix: auditconfig -setpolicy +zonename"
fi
}
#######################################################################
check_os
check_user
print_divider
check_auditd
print_divider
check_audit_startup
print_divider
check_zone_audit