sa_8001/security_check
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

README.md Update

Browse Source
This commit is contained in:
ByeonJungHun
2024-01-04 14:12:42 +09:00
parent 280b29cfe1
commit a935339d2f
4 changed files with 114 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@@ -1,5 +1,2 @@
|이름|상태 요약|상세 보기| | 이름 | IP | 상태 요약 | 상세 보기 |
|---|---|---| | --- | --- | --- | --- |
|cmoa-jaeger-master|취약|http://10.10.43.42:8080/cmoa-jaeger-master.txt|
|cmoa-master-1|취약|http://10.10.43.42:8080/cmoa-master-1.txt|
|cmoa-worker1-1|취약|http://10.10.43.42:8080/cmoa-worker1-1.txt|

178
roles/security_check/files/ubuntu.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
resultfile="/tmp/$(hostname).txt" resultfile="Results_$(date '+%F_%H:%M:%S').txt"
U_01() { U_01() {
echo "" >> $resultfile 2>&1 echo "" >> $resultfile 2>&1
@@ -13,7 +13,7 @@ U_01() {
telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#telnet_port[@]}; i++)) for ((i=0; i<${#telnet_port[@]}; i++))
do do
netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telnet_port[$i]} " | wc -l` netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telnet_port[$i]} " | wc -l`
if [ $netstat_telnet_count -gt 0 ]; then if [ $netstat_telnet_count -gt 0 ]; then
if [ -f /etc/pam.d/login ]; then if [ -f /etc/pam.d/login ]; then
pam_securetty_so_count=`grep -vE '^#|^\s#' /etc/pam.d/login | grep -i 'pam_securetty.so' | wc -l` pam_securetty_so_count=`grep -vE '^#|^\s#' /etc/pam.d/login | grep -i 'pam_securetty.so' | wc -l`
@@ -86,7 +86,7 @@ U_01() {
ssh_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ssh" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) ssh_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ssh" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#ssh_port[@]}; i++)) for ((i=0; i<${#ssh_port[@]}; i++))
do do
netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ssh_port[$i]} " | wc -l` netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ssh_port[$i]} " | wc -l`
if [ $netstat_sshd_enable_count -gt 0 ]; then if [ $netstat_sshd_enable_count -gt 0 ]; then
if [ ${#sshd_config_file[@]} -eq 0 ]; then if [ ${#sshd_config_file[@]} -eq 0 ]; then
echo "※ U-01 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-01 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
@@ -115,7 +115,7 @@ U_01() {
ssh_port=(`grep -vE '^#|^\s#' ${sshd_config_file[$i]} | grep -i 'port' | awk '{print $2}'`) ssh_port=(`grep -vE '^#|^\s#' ${sshd_config_file[$i]} | grep -i 'port' | awk '{print $2}'`)
for ((j=0; j<${#ssh_port[@]}; j++)) for ((j=0; j<${#ssh_port[@]}; j++))
do do
netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ssh_port[$j]} " | wc -l` netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ssh_port[$j]} " | wc -l`
if [ $netstat_sshd_enable_count -gt 0 ]; then if [ $netstat_sshd_enable_count -gt 0 ]; then
for ((k=0; k<${#sshd_config_file[@]}; k++)) for ((k=0; k<${#sshd_config_file[@]}; k++))
do do
@@ -1179,7 +1179,7 @@ U_19() {
finger_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="finger" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) finger_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="finger" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#finger_port[@]}; i++)) for ((i=0; i<${#finger_port[@]}; i++))
do do
netstat_finger_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${finger_port[$i]} " | wc -l` netstat_finger_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${finger_port[$i]} " | wc -l`
if [ $netstat_finger_count -gt 0 ]; then if [ $netstat_finger_count -gt 0 ]; then
echo "※ U-19 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-19 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " finger 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " finger 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -1566,7 +1566,7 @@ U_30() {
smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#smtp_port[@]}; i++)) for ((i=0; i<${#smtp_port[@]}; i++))
do do
netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l` netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
if [ $netstat_smtp_count -gt 0 ]; then if [ $netstat_smtp_count -gt 0 ]; then
dpkg_sendmail_version=`dpkg -s sendmail 2>/dev/null | grep -i 'version' | awk '{print $2}' | cut -d : -f 2` dpkg_sendmail_version=`dpkg -s sendmail 2>/dev/null | grep -i 'version' | awk '{print $2}' | cut -d : -f 2`
if [[ $dpkg_sendmail_version != 8.17.1* ]]; then if [[ $dpkg_sendmail_version != 8.17.1* ]]; then
@@ -1601,7 +1601,7 @@ U_31() {
smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#smtp_port[@]}; i++)) for ((i=0; i<${#smtp_port[@]}; i++))
do do
netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l` netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
if [ $netstat_smtp_count -gt 0 ]; then if [ $netstat_smtp_count -gt 0 ]; then
sendmailcf_exists_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l` sendmailcf_exists_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
if [ $sendmailcf_exists_count -gt 0 ]; then if [ $sendmailcf_exists_count -gt 0 ]; then
@@ -1654,7 +1654,7 @@ U_32() {
smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#smtp_port[@]}; i++)) for ((i=0; i<${#smtp_port[@]}; i++))
do do
netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l` netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
if [ $netstat_smtp_count -gt 0 ]; then if [ $netstat_smtp_count -gt 0 ]; then
sendmailcf_exists_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l` sendmailcf_exists_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
if [ $sendmailcf_exists_count -gt 0 ]; then if [ $sendmailcf_exists_count -gt 0 ]; then
@@ -2785,7 +2785,7 @@ U_60() {
telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#telnet_port[@]}; i++)) for ((i=0; i<${#telnet_port[@]}; i++))
do do
netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telnet_port[$i]} " | wc -l` netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telnet_port[$i]} " | wc -l`
if [ $netstat_telnet_count -gt 0 ]; then if [ $netstat_telnet_count -gt 0 ]; then
echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " Telnet 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " Telnet 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -2798,7 +2798,7 @@ U_60() {
ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#ftp_port[@]}; i++)) for ((i=0; i<${#ftp_port[@]}; i++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -2818,7 +2818,7 @@ U_60() {
telnet_port=(`grep -vE '^#|^\s#' ${vsftpdconf_files[$i]} | grep 'listen_port' | awk -F = '{gsub(" ", "", $0); print $2}'`) telnet_port=(`grep -vE '^#|^\s#' ${vsftpdconf_files[$i]} | grep 'listen_port' | awk -F = '{gsub(" ", "", $0); print $2}'`)
for ((j=0; j<${#telnet_port[@]}; j++)) for ((j=0; j<${#telnet_port[@]}; j++))
do do
if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telnet_port[$j]} " | wc -l` -gt 0 ]; then if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telnet_port[$j]} " | wc -l` -gt 0 ]; then
echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
return 0 return 0
@@ -2838,7 +2838,7 @@ U_60() {
telnet_port=(`grep -vE '^#|^\s#' ${proftpdconf_files[$i]} | grep 'Port' | awk '{print $2}'`) telnet_port=(`grep -vE '^#|^\s#' ${proftpdconf_files[$i]} | grep 'Port' | awk '{print $2}'`)
for ((j=0; j<${#telnet_port[@]}; j++)) for ((j=0; j<${#telnet_port[@]}; j++))
do do
if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telnet_port[$j]} " | wc -l` -gt 0 ]; then if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telnet_port[$j]} " | wc -l` -gt 0 ]; then
echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
return 0 return 0
@@ -2870,7 +2870,7 @@ U_60() {
ssh_port=(`grep -vE '^#|^\s#' ${sshdconfig_files[$i]} | grep -i 'Port' | awk '{print $2}'`) ssh_port=(`grep -vE '^#|^\s#' ${sshdconfig_files[$i]} | grep -i 'Port' | awk '{print $2}'`)
for ((j=0; j<${#ssh_port[@]}; j++)) for ((j=0; j<${#ssh_port[@]}; j++))
do do
netstat_ssh_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ssh_port[$j]} " | wc -l` netstat_ssh_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ssh_port[$j]} " | wc -l`
if [ $netstat_ssh_count -eq 0 ]; then if [ $netstat_ssh_count -eq 0 ]; then
echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " SSH 서비스가 비활성화 상태입니다." >> $resultfile 2>&1 echo " SSH 서비스가 비활성화 상태입니다." >> $resultfile 2>&1
@@ -2909,7 +2909,7 @@ U_61() {
ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#ftp_port[@]}; i++)) for ((i=0; i<${#ftp_port[@]}; i++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -2929,7 +2929,7 @@ U_61() {
ftp_port=(`grep -vE '^#|^\s#' ${vsftpdconf_files[$i]} | grep 'listen_port' | awk -F = '{gsub(" ", "", $0); print $2}'`) ftp_port=(`grep -vE '^#|^\s#' ${vsftpdconf_files[$i]} | grep 'listen_port' | awk -F = '{gsub(" ", "", $0); print $2}'`)
for ((j=0; j<${#ftp_port[@]}; j++)) for ((j=0; j<${#ftp_port[@]}; j++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$j]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$j]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -2951,7 +2951,7 @@ U_61() {
ftp_port=(`grep -vE '^#|^\s#' ${proftpdconf_files[$i]} | grep 'Port' | awk '{print $2}'`) ftp_port=(`grep -vE '^#|^\s#' ${proftpdconf_files[$i]} | grep 'Port' | awk '{print $2}'`)
for ((j=0; j<${#ftp_port[@]}; j++)) for ((j=0; j<${#ftp_port[@]}; j++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$j]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$j]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -3056,7 +3056,7 @@ U_64() {
ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk -F " " 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk -F " " 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#ftp_port[@]}; i++)) for ((i=0; i<${#ftp_port[@]}; i++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
((ftp_running_count++)) ((ftp_running_count++))
for ((j=0; j<${#ftpusers_files[@]}; j++)) for ((j=0; j<${#ftpusers_files[@]}; j++))
@@ -3284,7 +3284,7 @@ U_68() {
telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#telnet_port[@]}; i++)) for ((i=0; i<${#telnet_port[@]}; i++))
do do
netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telnet_port[$i]} " | wc -l` netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telnet_port[$i]} " | wc -l`
if [ $netstat_telnet_count -gt 0 ]; then if [ $netstat_telnet_count -gt 0 ]; then
if [ -f /etc/issue.net ]; then if [ -f /etc/issue.net ]; then
if [ `grep -vE '^ *#|^$' /etc/issue.net | wc -l` -eq 0 ]; then if [ `grep -vE '^ *#|^$' /etc/issue.net | wc -l` -eq 0 ]; then
@@ -3321,7 +3321,7 @@ U_68() {
ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#ftp_port[@]}; i++)) for ((i=0; i<${#ftp_port[@]}; i++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
ftpdconf_file_exists_count=0 ftpdconf_file_exists_count=0
if [ -f /etc/vsftpd.conf ]; then if [ -f /etc/vsftpd.conf ]; then
@@ -3403,7 +3403,7 @@ U_68() {
smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#smtp_port[@]}; i++)) for ((i=0; i<${#smtp_port[@]}; i++))
do do
netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l` netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
if [ $netstat_smtp_count -gt 0 ]; then if [ $netstat_smtp_count -gt 0 ]; then
find_sendmailcf_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l` find_sendmailcf_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
if [ $find_sendmailcf_count -gt 0 ]; then if [ $find_sendmailcf_count -gt 0 ]; then
@@ -3509,7 +3509,7 @@ U_70() {
smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#smtp_port[@]}; i++)) for ((i=0; i<${#smtp_port[@]}; i++))
do do
netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l` netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
if [ $netstat_smtp_count -gt 0 ]; then if [ $netstat_smtp_count -gt 0 ]; then
find_sendmailcf_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l` find_sendmailcf_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
if [ $find_sendmailcf_count -gt 0 ]; then if [ $find_sendmailcf_count -gt 0 ]; then
@@ -3611,7 +3611,7 @@ echo "" > $resultfile 2>&1
echo " 점검일 : `date +'%F %H:%M:%S'`" >> $resultfile 2>&1 echo " 점검일 : `date +'%F %H:%M:%S'`" >> $resultfile 2>&1
echo "##############################################################################" >> $resultfile 2>&1 echo "##############################################################################" >> $resultfile 2>&1
echo "# #" >> $resultfile 2>&1 echo "# #" >> $resultfile 2>&1
echo "# Ubuntu vulnerability assessment results Version 1.1.1 #" >> $resultfile 2>&1 echo "# Ubuntu vulnerability assessment results Version 1.1.3 #" >> $resultfile 2>&1
echo "# Copyright (c) 2023 Kim Jei #" >> $resultfile 2>&1 echo "# Copyright (c) 2023 Kim Jei #" >> $resultfile 2>&1
echo "# #" >> $resultfile 2>&1 echo "# #" >> $resultfile 2>&1
echo "##############################################################################" >> $resultfile 2>&1 echo "##############################################################################" >> $resultfile 2>&1
@@ -3621,73 +3621,73 @@ U_02
U_03 U_03
U_04 U_04
U_05 U_05
U_06 #U_06
U_07 #U_07
U_08 #U_08
U_09 #U_09
U_10 #U_10
U_11 #U_11
U_12 #U_12
U_13 #U_13
U_14 #U_14
U_15 #U_15
U_16 #U_16
U_17 #U_17
U_18 #U_18
U_19 #U_19
U_20 #U_20
U_21 #U_21
U_22 #U_22
U_23 #U_23
U_24 #U_24
U_25 #U_25
U_26 #U_26
U_27 #U_27
U_28 #U_28
U_29 #U_29
U_30 #U_30
U_31 #U_31
U_32 #U_32
U_33 #U_33
U_34 #U_34
U_35 #U_35
U_36 #U_36
U_37 #U_37
U_38 #U_38
U_39 #U_39
U_40 #U_40
U_41 #U_41
U_42 #U_42
U_43 #U_43
U_44 #U_44
U_45 #U_45
U_46 #U_46
U_47 #U_47
U_48 #U_48
U_49 #U_49
U_50 #U_50
U_51 #U_51
U_52 #U_52
U_53 #U_53
U_54 #U_54
U_55 #U_55
U_56 #U_56
U_57 #U_57
U_58 #U_58
U_59 #U_59
U_60 #U_60
U_61 #U_61
U_62 #U_62
U_63 #U_63
U_64 #U_64
U_65 #U_65
U_66 #U_66
U_67 #U_67
U_68 #U_68
U_69 #U_69
U_70 #U_70
U_71 #U_71
U_72 #U_72
echo "" >> $resultfile 2>&1 echo "" >> $resultfile 2>&1
echo "================================ 진단 결과 요약 ================================" >> $resultfile 2>&1 echo "================================ 진단 결과 요약 ================================" >> $resultfile 2>&1

18
roles/security_check/tasks/create_readme.yml
View File

@@ -1,5 +1,5 @@
--- ---
- name: check status - name: check status [1]
shell: | shell: |
grep -H '☆ 취약 개수 = [1-9]' *.txt | cut -d: -f1 grep -H '☆ 취약 개수 = [1-9]' *.txt | cut -d: -f1
args: args:
@@ -7,8 +7,22 @@
register: check_status register: check_status
when: "'nas' in group_names" when: "'nas' in group_names"
- name: check status [2]
shell: |
grep -H '☆ 취약 개수 = [0]' *.txt | cut -d: -f1
args:
chdir: /volume1/platform/05_Security_check/
register: check_ok
when: "'nas' in group_names"
- debug: - debug:
msg: "취약점 {{ check_status.stdout_lines }} 발견" msg: "취약점 {{ item }} 발견"
loop: "{{ check_status.stdout_lines }}"
when: "'nas' in group_names"
- debug:
msg: "취약점 {{ item }} 양호"
loop: "{{ check_ok.stdout_lines }}"
when: "'nas' in group_names" when: "'nas' in group_names"
- name: Create README.md - name: Create README.md

11
roles/security_check/templates/README.md.j2
View File

@@ -1,5 +1,8 @@
|이름|상태 요약|상세 보기| | 이름 | IP | 상태 요약 | 상세 보기 |
|---|---|---| | --- | --- | --- | --- |
{% for filename in check_status.stdout_lines %} {% for vulnerable in check_status.stdout_lines %}
|{{ filename|splitext|first }}|취약|http://10.10.43.42:8080/{{ filename }}| | {{ vulnerable|splitext|first }} | {{ hostvars[vulnerable|splitext|first]['ansible_host'] }} | 취약 | http://10.10.43.42:8080/{{ vulnerable }} |
{% endfor %}
{% for good in check_ok.stdout_lines %}
| {{ good|splitext|first }} | {{ hostvars[vulnerable|splitext|first]['ansible_host'] }} | 양호 | http://10.10.43.42:8080/{{ good }} |
{% endfor %} {% endfor %}