sa_8001/security_check
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
ByeonJungHun
2024-01-04 16:14:35 +09:00
parent afa5bad4fa
commit d3dd88c7ff
2 changed files with 92 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
roles/security_check/files/rocky.sh
View File

@@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
resultfile="/tmp/$(hostname).txt" resultfile="Results_$(date '+%F_%H:%M:%S').txt"
U_01() { U_01() {
echo "" >> $resultfile 2>&1 echo "" >> $resultfile 2>&1
@@ -13,7 +13,7 @@ U_01() {
telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#telnet_port[@]}; i++)) for ((i=0; i<${#telnet_port[@]}; i++))
do do
netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telnet_port[$i]} " | wc -l` netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telnet_port[$i]} " | wc -l`
if [ $netstat_telnet_count -gt 0 ]; then if [ $netstat_telnet_count -gt 0 ]; then
if [ -f /etc/pam.d/login ]; then if [ -f /etc/pam.d/login ]; then
pam_securetty_so_count=`grep -vE '^#|^\s#' /etc/pam.d/login | grep -i 'pam_securetty.so' | wc -l` pam_securetty_so_count=`grep -vE '^#|^\s#' /etc/pam.d/login | grep -i 'pam_securetty.so' | wc -l`
@@ -86,7 +86,7 @@ U_01() {
ssh_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ssh" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) ssh_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ssh" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#ssh_port[@]}; i++)) for ((i=0; i<${#ssh_port[@]}; i++))
do do
netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ssh_port[$i]} " | wc -l` netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ssh_port[$i]} " | wc -l`
if [ $netstat_sshd_enable_count -gt 0 ]; then if [ $netstat_sshd_enable_count -gt 0 ]; then
if [ ${#sshd_config_file[@]} -eq 0 ]; then if [ ${#sshd_config_file[@]} -eq 0 ]; then
echo "※ U-01 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-01 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
@@ -115,7 +115,7 @@ U_01() {
ssh_port=(`grep -vE '^#|^\s#' ${sshd_config_file[$i]} | grep -i 'port' | awk '{print $2}'`) ssh_port=(`grep -vE '^#|^\s#' ${sshd_config_file[$i]} | grep -i 'port' | awk '{print $2}'`)
for ((j=0; j<${#ssh_port[@]}; j++)) for ((j=0; j<${#ssh_port[@]}; j++))
do do
netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ssh_port[$j]} " | wc -l` netstat_sshd_enable_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ssh_port[$j]} " | wc -l`
if [ $netstat_sshd_enable_count -gt 0 ]; then if [ $netstat_sshd_enable_count -gt 0 ]; then
for ((k=0; k<${#sshd_config_file[@]}; k++)) for ((k=0; k<${#sshd_config_file[@]}; k++))
do do
@@ -1179,7 +1179,7 @@ U_19() {
finger_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="finger" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) finger_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="finger" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#finger_port[@]}; i++)) for ((i=0; i<${#finger_port[@]}; i++))
do do
netstat_finger_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${finger_port[$i]} " | wc -l` netstat_finger_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${finger_port[$i]} " | wc -l`
if [ $netstat_finger_count -gt 0 ]; then if [ $netstat_finger_count -gt 0 ]; then
echo "※ U-19 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-19 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " finger 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " finger 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -1566,7 +1566,7 @@ U_30() {
smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#smtp_port[@]}; i++)) for ((i=0; i<${#smtp_port[@]}; i++))
do do
netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l` netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
if [ $netstat_smtp_count -gt 0 ]; then if [ $netstat_smtp_count -gt 0 ]; then
rpm_smtp_version=`rpm -qa 2>/dev/null | grep 'sendmail' | awk -F 'sendmail-' '{print $2}'` rpm_smtp_version=`rpm -qa 2>/dev/null | grep 'sendmail' | awk -F 'sendmail-' '{print $2}'`
dnf_smtp_version=`dnf list installed sendmail 2>/dev/null | grep -v 'Installed Packages' | awk '{print $2}'` dnf_smtp_version=`dnf list installed sendmail 2>/dev/null | grep -v 'Installed Packages' | awk '{print $2}'`
@@ -1603,7 +1603,7 @@ U_31() {
smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#smtp_port[@]}; i++)) for ((i=0; i<${#smtp_port[@]}; i++))
do do
netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l` netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
if [ $netstat_smtp_count -gt 0 ]; then if [ $netstat_smtp_count -gt 0 ]; then
sendmailcf_exists_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l` sendmailcf_exists_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
if [ $sendmailcf_exists_count -gt 0 ]; then if [ $sendmailcf_exists_count -gt 0 ]; then
@@ -1656,7 +1656,7 @@ U_32() {
smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#smtp_port[@]}; i++)) for ((i=0; i<${#smtp_port[@]}; i++))
do do
netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l` netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
if [ $netstat_smtp_count -gt 0 ]; then if [ $netstat_smtp_count -gt 0 ]; then
sendmailcf_exists_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l` sendmailcf_exists_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
if [ $sendmailcf_exists_count -gt 0 ]; then if [ $sendmailcf_exists_count -gt 0 ]; then
@@ -2850,7 +2850,7 @@ U_60() {
telent_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) telent_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#telent_port[@]}; i++)) for ((i=0; i<${#telent_port[@]}; i++))
do do
netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telent_port[$i]} " | wc -l` netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telent_port[$i]} " | wc -l`
if [ $netstat_telnet_count -gt 0 ]; then if [ $netstat_telnet_count -gt 0 ]; then
echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " Telnet 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " Telnet 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -2863,7 +2863,7 @@ U_60() {
ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#ftp_port[@]}; i++)) for ((i=0; i<${#ftp_port[@]}; i++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -2883,7 +2883,7 @@ U_60() {
telent_port=(`grep -vE '^#|^\s#' ${vsftpdconf_files[$i]} | grep 'listen_port' | awk -F = '{gsub(" ", "", $0); print $2}'`) telent_port=(`grep -vE '^#|^\s#' ${vsftpdconf_files[$i]} | grep 'listen_port' | awk -F = '{gsub(" ", "", $0); print $2}'`)
for ((j=0; j<${#telent_port[@]}; j++)) for ((j=0; j<${#telent_port[@]}; j++))
do do
if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telent_port[$j]} " | wc -l` -gt 0 ]; then if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telent_port[$j]} " | wc -l` -gt 0 ]; then
echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
return 0 return 0
@@ -2903,7 +2903,7 @@ U_60() {
telent_port=(`grep -vE '^#|^\s#' ${proftpdconf_files[$i]} | grep 'Port' | awk '{print $2}'`) telent_port=(`grep -vE '^#|^\s#' ${proftpdconf_files[$i]} | grep 'Port' | awk '{print $2}'`)
for ((j=0; j<${#telent_port[@]}; j++)) for ((j=0; j<${#telent_port[@]}; j++))
do do
if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telent_port[$j]} " | wc -l` -gt 0 ]; then if [ `netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telent_port[$j]} " | wc -l` -gt 0 ]; then
echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
return 0 return 0
@@ -2935,7 +2935,7 @@ U_60() {
ssh_port=(`grep -vE '^#|^\s#' ${sshdconfig_files[$i]} | grep -i 'Port' | awk '{print $2}'`) ssh_port=(`grep -vE '^#|^\s#' ${sshdconfig_files[$i]} | grep -i 'Port' | awk '{print $2}'`)
for ((j=0; j<${#ssh_port[@]}; j++)) for ((j=0; j<${#ssh_port[@]}; j++))
do do
netstat_ssh_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ssh_port[$j]} " | wc -l` netstat_ssh_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ssh_port[$j]} " | wc -l`
if [ $netstat_ssh_count -eq 0 ]; then if [ $netstat_ssh_count -eq 0 ]; then
echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-60 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " SSH 서비스가 비활성화 상태입니다." >> $resultfile 2>&1 echo " SSH 서비스가 비활성화 상태입니다." >> $resultfile 2>&1
@@ -2976,7 +2976,7 @@ U_61() {
ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#ftp_port[@]}; i++)) for ((i=0; i<${#ftp_port[@]}; i++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -2996,7 +2996,7 @@ U_61() {
ftp_port=(`grep -vE '^#|^\s#' ${vsftpdconf_files[$i]} | grep 'listen_port' | awk -F = '{gsub(" ", "", $0); print $2}'`) ftp_port=(`grep -vE '^#|^\s#' ${vsftpdconf_files[$i]} | grep 'listen_port' | awk -F = '{gsub(" ", "", $0); print $2}'`)
for ((j=0; j<${#ftp_port[@]}; j++)) for ((j=0; j<${#ftp_port[@]}; j++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$j]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$j]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -3018,7 +3018,7 @@ U_61() {
ftp_port=(`grep -vE '^#|^\s#' ${proftpdconf_files[$i]} | grep 'Port' | awk '{print $2}'`) ftp_port=(`grep -vE '^#|^\s#' ${proftpdconf_files[$i]} | grep 'Port' | awk '{print $2}'`)
for ((j=0; j<${#ftp_port[@]}; j++)) for ((j=0; j<${#ftp_port[@]}; j++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$j]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$j]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1 echo "※ U-61 결과 : 취약(Vulnerable)" >> $resultfile 2>&1
echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1 echo " ftp 서비스가 실행 중입니다." >> $resultfile 2>&1
@@ -3123,7 +3123,7 @@ U_64() {
ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk -F " " 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk -F " " 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#ftp_port[@]}; i++)) for ((i=0; i<${#ftp_port[@]}; i++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
((ftp_running_count++)) ((ftp_running_count++))
for ((j=0; j<${#ftpusers_files[@]}; j++)) for ((j=0; j<${#ftpusers_files[@]}; j++))
@@ -3351,7 +3351,7 @@ U_68() {
telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) telnet_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="telnet" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#telnet_port[@]}; i++)) for ((i=0; i<${#telnet_port[@]}; i++))
do do
netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${telnet_port[$i]} " | wc -l` netstat_telnet_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${telnet_port[$i]} " | wc -l`
if [ $netstat_telnet_count -gt 0 ]; then if [ $netstat_telnet_count -gt 0 ]; then
if [ -f /etc/issue.net ]; then if [ -f /etc/issue.net ]; then
if [ `grep -vE '^ *#|^$' /etc/issue.net | wc -l` -eq 0 ]; then if [ `grep -vE '^ *#|^$' /etc/issue.net | wc -l` -eq 0 ]; then
@@ -3388,7 +3388,7 @@ U_68() {
ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) ftp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="ftp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#ftp_port[@]}; i++)) for ((i=0; i<${#ftp_port[@]}; i++))
do do
netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${ftp_port[$i]} " | wc -l` netstat_ftp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${ftp_port[$i]} " | wc -l`
if [ $netstat_ftp_count -gt 0 ]; then if [ $netstat_ftp_count -gt 0 ]; then
ftpdconf_file_exists_count=0 ftpdconf_file_exists_count=0
if [ -f /etc/vsftpd.conf ]; then if [ -f /etc/vsftpd.conf ]; then
@@ -3470,7 +3470,7 @@ U_68() {
smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#smtp_port[@]}; i++)) for ((i=0; i<${#smtp_port[@]}; i++))
do do
netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l` netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
if [ $netstat_smtp_count -gt 0 ]; then if [ $netstat_smtp_count -gt 0 ]; then
find_sendmailcf_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l` find_sendmailcf_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
if [ $find_sendmailcf_count -gt 0 ]; then if [ $find_sendmailcf_count -gt 0 ]; then
@@ -3576,7 +3576,7 @@ U_70() {
smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`) smtp_port=(`grep -vE '^#|^\s#' /etc/services | awk 'tolower($1)=="smtp" {print $2}' | awk -F / 'tolower($2)=="tcp" {print $1}'`)
for ((i=0; i<${#smtp_port[@]}; i++)) for ((i=0; i<${#smtp_port[@]}; i++))
do do
netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep ":${smtp_port[$i]} " | wc -l` netstat_smtp_count=`netstat -nat 2>/dev/null | grep -w 'tcp' | grep -Ei 'listen|established|syn_sent|syn_received' | grep ":${smtp_port[$i]} " | wc -l`
if [ $netstat_smtp_count -gt 0 ]; then if [ $netstat_smtp_count -gt 0 ]; then
find_sendmailcf_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l` find_sendmailcf_count=`find / -name 'sendmail.cf' -type f 2>/dev/null | wc -l`
if [ $find_sendmailcf_count -gt 0 ]; then if [ $find_sendmailcf_count -gt 0 ]; then
@@ -3678,7 +3678,7 @@ echo "" > $resultfile 2>&1
echo " 점검일 : `date +'%F %H:%M:%S'`" >> $resultfile 2>&1 echo " 점검일 : `date +'%F %H:%M:%S'`" >> $resultfile 2>&1
echo "##############################################################################" >> $resultfile 2>&1 echo "##############################################################################" >> $resultfile 2>&1
echo "# #" >> $resultfile 2>&1 echo "# #" >> $resultfile 2>&1
echo "# Rocky vulnerability assessment results Version 1.1.1 #" >> $resultfile 2>&1 echo "# Rocky vulnerability assessment results Version 1.1.3 #" >> $resultfile 2>&1
echo "# Copyright (c) 2023 Kim Jei #" >> $resultfile 2>&1 echo "# Copyright (c) 2023 Kim Jei #" >> $resultfile 2>&1
echo "# #" >> $resultfile 2>&1 echo "# #" >> $resultfile 2>&1
echo "##############################################################################" >> $resultfile 2>&1 echo "##############################################################################" >> $resultfile 2>&1

140
roles/security_check/files/ubuntu.sh
View File

@@ -3616,78 +3616,78 @@ echo "# Copyright (c) 2023 Kim Jei
echo "# #" >> $resultfile 2>&1 echo "# #" >> $resultfile 2>&1
echo "##############################################################################" >> $resultfile 2>&1 echo "##############################################################################" >> $resultfile 2>&1
#U_01 U_01
#U_02 U_02
#U_03 U_03
U_04 U_04
U_05 U_05
#U_06 U_06
#U_07 U_07
#U_08 U_08
#U_09 U_09
#U_10 U_10
#U_11 U_11
#U_12 U_12
#U_13 U_13
#U_14 U_14
#U_15 U_15
#U_16 U_16
#U_17 U_17
#U_18 U_18
#U_19 U_19
#U_20 U_20
#U_21 U_21
#U_22 U_22
#U_23 U_23
#U_24 U_24
#U_25 U_25
#U_26 U_26
#U_27 U_27
#U_28 U_28
#U_29 U_29
#U_30 U_30
#U_31 U_31
#U_32 U_32
#U_33 U_33
#U_34 U_34
#U_35 U_35
#U_36 U_36
#U_37 U_37
#U_38 U_38
#U_39 U_39
#U_40 U_40
#U_41 U_41
#U_42 U_42
#U_43 U_43
#U_44 U_44
#U_45 U_45
#U_46 U_46
#U_47 U_47
#U_48 U_48
#U_49 U_49
#U_50 U_50
#U_51 U_51
#U_52 U_52
#U_53 U_53
#U_54 U_54
#U_55 U_55
#U_56 U_56
#U_57 U_57
#U_58 U_58
#U_59 U_59
#U_60 U_60
#U_61 U_61
#U_62 U_62
#U_63 U_63
#U_64 U_64
#U_65 U_65
#U_66 U_66
#U_67 U_67
#U_68 U_68
#U_69 U_69
#U_70 U_70
#U_71 U_71
#U_72 U_72
echo "" >> $resultfile 2>&1 echo "" >> $resultfile 2>&1
echo "================================ 진단 결과 요약 ================================" >> $resultfile 2>&1 echo "================================ 진단 결과 요약 ================================" >> $resultfile 2>&1