update

2024-01-04 16:14:35 +09:00
parent afa5bad4fa
commit d3dd88c7ff
2 changed files with 92 additions and 92 deletions
--- a/roles/security_check/files/rocky.sh
+++ b/roles/security_check/files/rocky.sh
@@ -1,6 +1,6 @@
 #!/bin/bash

-resultfile="/tmp/$(hostname).txt"
+resultfile="Results_$(date '+%F_%H:%M:%S').txt"

 U_01() {
 	echo ""  >> $resultfile 2>&1
@@ -13,7 +13,7 @@ U_01() {
 			telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#telnet_port[@]}; i++))
 			do
-				netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telnet_port[$i]} " | wc -l`
+				netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telnet_port[$i]} " | wc -l`
 				if [ $netstat_telnet_count -gt 0 ]; then
 					if [ -f /etc/pam.d/login ]; then
 						pam_securetty_so_count=`grep -vE '^#|^\s#' /etc/pam.d/login | grep -i 'pam_securetty.so' | wc -l`
@@ -86,7 +86,7 @@ U_01() {
 			ssh_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ssh" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#ssh_port[@]}; i++))
 			do
-				netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ssh_port[$i]} " | wc -l`
+				netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ssh_port[$i]} " | wc -l`
 				if [ $netstat_sshd_enable_count -gt 0 ]; then
 					if [ ${#sshd_config_file[@]} -eq 0 ]; then
 						echo "※ U-01 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
@@ -115,7 +115,7 @@ U_01() {
 				ssh_port=(`grep -vE '^#|^\s#' ${sshd_config_file[$i]} | grep -i 'port'  | awk '{print $2}'`)
 				for ((j=0; j<${#ssh_port[@]}; j++))
 				do
-					netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ssh_port[$j]} " | wc -l`
+					netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ssh_port[$j]} " | wc -l`
 					if [ $netstat_sshd_enable_count -gt 0 ]; then
 						for ((k=0; k<${#sshd_config_file[@]}; k++))
 						do
@@ -1179,7 +1179,7 @@ U_19() {
 			finger_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="finger" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#finger_port[@]}; i++))
 			do
-				netstat_finger_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${finger_port[$i]} " | wc -l`
+				netstat_finger_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${finger_port[$i]} " | wc -l`
 				if [ $netstat_finger_count -gt 0 ]; then
 					echo "※ U-19 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
 					echo " finger 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -1566,7 +1566,7 @@ U_30() {
 			smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#smtp_port[@]}; i++))
 			do
-				netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l`
+				netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
 				if [ $netstat_smtp_count -gt 0 ]; then
 					rpm_smtp_version=`rpm -qa 2>/dev/null | grep 'sendmail' | awk -F 'sendmail-' '{print $2}'`
 					dnf_smtp_version=`dnf list installed sendmail 2>/dev/null | grep -v 'Installed Packages' | awk '{print $2}'`
@@ -1603,7 +1603,7 @@ U_31() {
 			smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#smtp_port[@]}; i++))
 			do
-				netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l`
+				netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
 				if [ $netstat_smtp_count -gt 0 ]; then
 					sendmailcf_exists_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
 					if [ $sendmailcf_exists_count -gt 0 ]; then
@@ -1656,7 +1656,7 @@ U_32() {
 			smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#smtp_port[@]}; i++))
 			do
-				netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l`
+				netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
 				if [ $netstat_smtp_count -gt 0 ]; then
 					sendmailcf_exists_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
 					if [ $sendmailcf_exists_count -gt 0 ]; then
@@ -2850,7 +2850,7 @@ U_60() {
 			telent_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#telent_port[@]}; i++))
 			do
-				netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telent_port[$i]} " | wc -l`
+				netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telent_port[$i]} " | wc -l`
 				if [ $netstat_telnet_count -gt 0 ]; then
 					echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
 					echo " Telnet 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -2863,7 +2863,7 @@ U_60() {
 			ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#ftp_port[@]}; i++))
 			do
-				netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l`
+				netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
 				if [ $netstat_ftp_count -gt 0 ]; then
 					echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
 					echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -2883,7 +2883,7 @@ U_60() {
 					telent_port=(`grep -vE '^#|^\s#' ${vsftpdconf_files[$i]} | grep 'listen_port' | awk -F = '{gsub(" ", "", $0); print $2}'`)
 					for ((j=0; j<${#telent_port[@]}; j++))
 					do
-						if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telent_port[$j]} " | wc -l` -gt 0 ]; then
+						if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telent_port[$j]} " | wc -l` -gt 0 ]; then
 							echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
 							echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
 							return 0
@@ -2903,7 +2903,7 @@ U_60() {
 					telent_port=(`grep -vE '^#|^\s#' ${proftpdconf_files[$i]} | grep 'Port' | awk '{print $2}'`)
 					for ((j=0; j<${#telent_port[@]}; j++))
 					do
-						if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telent_port[$j]} " | wc -l` -gt 0 ]; then
+						if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telent_port[$j]} " | wc -l` -gt 0 ]; then
 							echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
 							echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
 							return 0
@@ -2935,7 +2935,7 @@ U_60() {
 					ssh_port=(`grep -vE '^#|^\s#' ${sshdconfig_files[$i]} | grep -i 'Port' | awk '{print $2}'`)
 					for ((j=0; j<${#ssh_port[@]}; j++))
 					do
-						netstat_ssh_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ssh_port[$j]} " | wc -l`
+						netstat_ssh_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ssh_port[$j]} " | wc -l`
 						if [ $netstat_ssh_count -eq 0 ]; then
 							echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
 							echo " SSH 서비스가 비활성화 상태입니다." >> $resultfile 2>&1
@@ -2976,7 +2976,7 @@ U_61() {
 			ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#ftp_port[@]}; i++))
 			do
-				netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l`
+				netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
 				if [ $netstat_ftp_count -gt 0 ]; then
 					echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
 					echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -2996,7 +2996,7 @@ U_61() {
 					ftp_port=(`grep -vE '^#|^\s#' ${vsftpdconf_files[$i]} | grep 'listen_port' | awk -F = '{gsub(" ", "", $0); print $2}'`)
 					for ((j=0; j<${#ftp_port[@]}; j++))
 					do
-						netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$j]} " | wc -l`
+						netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$j]} " | wc -l`
 						if [ $netstat_ftp_count -gt 0 ]; then
 							echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
 							echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -3018,7 +3018,7 @@ U_61() {
 					ftp_port=(`grep -vE '^#|^\s#' ${proftpdconf_files[$i]} | grep 'Port' | awk '{print $2}'`)
 					for ((j=0; j<${#ftp_port[@]}; j++))
 					do
-						netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$j]} " | wc -l`
+						netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$j]} " | wc -l`
 						if [ $netstat_ftp_count -gt 0 ]; then
 							echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
 							echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -3123,7 +3123,7 @@ U_64() {
 			ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk -F " " 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#ftp_port[@]}; i++))
 			do
-				netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l`
+				netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
 				if [ $netstat_ftp_count -gt 0 ]; then
 					((ftp_running_count++))
 					for ((j=0; j<${#ftpusers_files[@]}; j++))
@@ -3351,7 +3351,7 @@ U_68() {
 			telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#telnet_port[@]}; i++))
 			do
-				netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telnet_port[$i]} " | wc -l`
+				netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telnet_port[$i]} " | wc -l`
 				if [ $netstat_telnet_count -gt 0 ]; then
 					if [ -f /etc/issue.net ]; then
 						if [ `grep -vE '^ *#|^$' /etc/issue.net | wc -l` -eq 0 ]; then
@@ -3388,7 +3388,7 @@ U_68() {
 			ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#ftp_port[@]}; i++))
 			do
-				netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l`
+				netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
 				if [ $netstat_ftp_count -gt 0 ]; then
 					ftpdconf_file_exists_count=0
 					if [ -f /etc/vsftpd.conf ]; then
@@ -3470,7 +3470,7 @@ U_68() {
 			smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#smtp_port[@]}; i++))
 			do
-				netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l`
+				netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
 				if [ $netstat_smtp_count -gt 0 ]; then
 					find_sendmailcf_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
 					if [ $find_sendmailcf_count -gt 0 ]; then
@@ -3576,7 +3576,7 @@ U_70() {
 			smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
 			for ((i=0; i<${#smtp_port[@]}; i++))
 			do
-				netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l`
+				netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
 				if [ $netstat_smtp_count -gt 0 ]; then
 					find_sendmailcf_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
 					if [ $find_sendmailcf_count -gt 0 ]; then
@@ -3678,7 +3678,7 @@ echo ""  > $resultfile 2>&1
 echo " 점검일 : `date +'%F %H:%M:%S'`"  >> $resultfile 2>&1
 echo "##############################################################################" >> $resultfile 2>&1
 echo "#                                                                            #" >> $resultfile 2>&1
-echo "#            Rocky vulnerability assessment results Version 1.1.1            #" >> $resultfile 2>&1
+echo "#            Rocky vulnerability assessment results Version 1.1.3            #" >> $resultfile 2>&1
 echo "#                         Copyright (c) 2023 Kim Jei                         #" >> $resultfile 2>&1
 echo "#                                                                            #" >> $resultfile 2>&1
 echo "##############################################################################" >> $resultfile 2>&1
--- a/roles/security_check/files/ubuntu.sh
+++ b/roles/security_check/files/ubuntu.sh
@@ -3616,78 +3616,78 @@ echo "#                         Copyright (c) 2023 Kim Jei
 echo "#                                                                            #" >> $resultfile 2>&1
 echo "##############################################################################" >> $resultfile 2>&1

-#U_01
-#U_02
-#U_03
+U_01
+U_02
+U_03
 U_04
 U_05
-#U_06
-#U_07
-#U_08
-#U_09
-#U_10
-#U_11
-#U_12
-#U_13
-#U_14
-#U_15
-#U_16
-#U_17
-#U_18
-#U_19
-#U_20
-#U_21
-#U_22
-#U_23
-#U_24
-#U_25
-#U_26
-#U_27
-#U_28
-#U_29
-#U_30
-#U_31
-#U_32
-#U_33
-#U_34
-#U_35
-#U_36
-#U_37
-#U_38
-#U_39
-#U_40
-#U_41
-#U_42
-#U_43
-#U_44
-#U_45
-#U_46
-#U_47
-#U_48
-#U_49
-#U_50
-#U_51
-#U_52
-#U_53
-#U_54
-#U_55
-#U_56
-#U_57
-#U_58
-#U_59
-#U_60
-#U_61
-#U_62
-#U_63
-#U_64
-#U_65
-#U_66
-#U_67
-#U_68
-#U_69
-#U_70
-#U_71
-#U_72
+U_06
+U_07
+U_08
+U_09
+U_10
+U_11
+U_12
+U_13
+U_14
+U_15
+U_16
+U_17
+U_18
+U_19
+U_20
+U_21
+U_22
+U_23
+U_24
+U_25
+U_26
+U_27
+U_28
+U_29
+U_30
+U_31
+U_32
+U_33
+U_34
+U_35
+U_36
+U_37
+U_38
+U_39
+U_40
+U_41
+U_42
+U_43
+U_44
+U_45
+U_46
+U_47
+U_48
+U_49
+U_50
+U_51
+U_52
+U_53
+U_54
+U_55
+U_56
+U_57
+U_58
+U_59
+U_60
+U_61
+U_62
+U_63
+U_64
+U_65
+U_66
+U_67
+U_68
+U_69
+U_70
+U_71
+U_72

 echo ""  >> $resultfile 2>&1
 echo "================================ 진단 결과 요약 ================================" >> $resultfile 2>&1