-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstig_low.sh
72 lines (58 loc) · 2.53 KB
/
stig_low.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/bash
LOGFILE="stig.log"
# Function to log messages
log_message() {
echo "$1" >> "$LOGFILE"
}
# Ensure the script is run as root
if [ "$(id -u)" -ne 0 ]; then
echo "This script must be run as root. Exiting."
exit 1
fi
# Function to configure concurrent session limits
configure_concurrent_session_limits() {
local function_name="configure_concurrent_session_limits"
local vuln_id="V-261367"
local rule_id="SV-261367r996839"
local limits_conf_file="/etc/security/limits.conf"
local maxlogins_rule="* hard maxlogins 10"
if ! grep -q "^$maxlogins_rule$" "$limits_conf_file"; then
echo "$maxlogins_rule" >> "$limits_conf_file"
fi
if grep -q "^$maxlogins_rule$" "$limits_conf_file"; then
log_message "$function_name: Vuln_ID: $vuln_id Rule_ID: $rule_id Configured concurrent session limits successfully."
else
log_message "$function_name: Vuln_ID: $vuln_id Rule_ID: $rule_id Failed to configure concurrent session limits. This is a finding."
fi
}
# Function to verify the installation of the policycoreutils package
verify_policycoreutils_installed() {
local function_name="verify_policycoreutils_installed"
local vuln_id="V-261368"
local rule_id="SV-261368r996548"
if zypper search -i policycoreutils | grep -q "^i"; then
log_message "$function_name: Vuln_ID: $vuln_id Rule_ID: $rule_id Verified policycoreutils package is installed successfully."
else
log_message "$function_name: Vuln_ID: $vuln_id Rule_ID: $rule_id Policycoreutils package is not installed. This is a finding."
fi
}
# Function to configure audit event multiplexor to use Kerberos
configure_audisp_kerberos() {
local function_name="configure_audisp_kerberos"
local vuln_id="V-261421"
local rule_id="SV-261421r996672"
local audisp_remote_conf_file="/etc/audisp/audisp-remote.conf"
local krb5_rule="enable_krb5 = yes"
if ! grep -q "^$krb5_rule$" "$audisp_remote_conf_file"; then
sed -i '/\[remote\]/a enable_krb5 = yes' "$audisp_remote_conf_file"
fi
if grep -q "^$krb5_rule$" "$audisp_remote_conf_file"; then
log_message "$function_name: Vuln_ID: $vuln_id Rule_ID: $rule_id Configured audit event multiplexor to use Kerberos successfully."
else
log_message "$function_name: Vuln_ID: $vuln_id Rule_ID: $rule_id Failed to configure audit event multiplexor to use Kerberos. This is a finding."
fi
}
# Example usage of the functions
configure_concurrent_session_limits
verify_policycoreutils_installed
configure_audisp_kerberos