initial upload
This commit is contained in:
commit
867ac1955d
10 changed files with 495 additions and 0 deletions
114
helmet.sh
Executable file
114
helmet.sh
Executable file
|
|
@ -0,0 +1,114 @@
|
|||
#!/usr/bin/env bash
|
||||
# Author: Oliver Ladner <oli@lugh.ch>
|
||||
# License: GPLv2
|
||||
#
|
||||
# This tool scans a Debian-based system for threats in programs,
|
||||
# configurations, permissions etc. and calculates a score to
|
||||
# compare different systems.
|
||||
#
|
||||
# This script runs noninteractive, so you can rely on these return
|
||||
# codes:
|
||||
# 0 script run ok, nothing serious found
|
||||
# 1 OS detection failed
|
||||
# 2 script run ok, critical stuff found
|
||||
#
|
||||
# Requirements:
|
||||
# -
|
||||
|
||||
H_VERSION="0.0.1"
|
||||
|
||||
showhelp() {
|
||||
cat << EOF
|
||||
Usage: $(basename $0) [OPTION]...
|
||||
|
||||
-h|--help This information
|
||||
-m|--no-md5 Don't check MD5 sums of packages
|
||||
-s|--no-ssh No SSH-related checks
|
||||
-v|--verbose Be verbose
|
||||
-V|--version Show version
|
||||
--force-debian If OS detection fails, assume Debian
|
||||
--force-ubuntu If OS detection fails, assume Ubuntu
|
||||
EOF
|
||||
}
|
||||
|
||||
# Argument handling
|
||||
while [ $# -gt 0 ]; do
|
||||
case $1 in
|
||||
-h|--help) showhelp; exit; shift 1 ;;
|
||||
-V|--version) echo $(basename $0) $H_VERSION; exit; shift 1 ;;
|
||||
-v|--verbose) verb=echo; shift 1 ;;
|
||||
-m|--no-md5) md5=false; shift 1 ;;
|
||||
-s|--no-ssh) ssh=false; shift 1 ;;
|
||||
*) showhelp; exit ;;
|
||||
esac
|
||||
done
|
||||
|
||||
DEBIANCODES=([3]=woody/sarge [4]=etch [5]=lenny [6]=squeeze [7]=wheezy)
|
||||
|
||||
# Debian is missing lsb_release command
|
||||
if [[ $(which lsb_release) ]]; then
|
||||
H_DISTRO=$(lsb_release -s -i)
|
||||
H_RELEASE=$(lsb_release -s -r)
|
||||
H_CODE=$(lsb_release -s -c)
|
||||
# FIXME probably a strange check for Debian
|
||||
elif [[ $(grep -c '^[[:digit:]]' /etc/debian_version) > 0 ]]; then
|
||||
H_DISTRO=$(awk -F': ' '/Vendor:/ {print $2}' /etc/dpkg/origins/debian)
|
||||
H_RELEASE=$(cat /etc/debian_version)
|
||||
H_CODE=${DEBIANCODES[$(echo $H_RELEASE | cut -b1)]}
|
||||
else
|
||||
echo "Not a Debian-based, please install the package lsb-release and send" .
|
||||
" the output of 'lsb_release -a' if available to info@lugh.ch."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
H_KERNEL=$(uname -r)
|
||||
H_ARCH=$(uname -m)
|
||||
|
||||
check_md5() {
|
||||
# http://kemovitra.blogspot.com/2010/07/checking-integrity-of-debianubuntu.html
|
||||
if [ $md5 ]; then
|
||||
MD5SUMS="not run"
|
||||
else
|
||||
if [ $H_DISTRO == "Debian" ]; then
|
||||
$verb "Copying all /var/lib/dpkg/info/*.md5sums to shared memory..."
|
||||
TEMPMD5=$(mktemp -t)
|
||||
cat /var/lib/dpkg/info/*.md5sums | sort > $TEMPMD5 && cd /
|
||||
$verb "Running md5sum, searching for 'FAILED' files..."
|
||||
MD5SUMS=$(md5sum -c $TEMPMD5 2>&1 | grep ': FAILED' | awk -F':' {'print "/"$1'} && rm $TEMPMD5)
|
||||
else
|
||||
MD5SUMS="Check not supported on $H_DISTRO"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
check_ssh() {
|
||||
if [[ $(grep -i -c 'PermitRootLogin.*yes' /etc/ssh/ss*conf*) > 0 ]]; then
|
||||
SSHD="Root login enabled!"
|
||||
else
|
||||
SSHD="root login disabled"
|
||||
fi
|
||||
}
|
||||
|
||||
check_md5
|
||||
check_ssh
|
||||
|
||||
# Output
|
||||
#-------
|
||||
column -t -s':' -c 80 << EOF
|
||||
Distribution:$H_DISTRO
|
||||
Release/Codename:$H_RELEASE ($H_CODE)
|
||||
Kernel/Architecture:$H_KERNEL ($H_ARCH)
|
||||
|
||||
# MD5 CHECK
|
||||
Packages with wrong MD5 hashes
|
||||
$MD5SUMS
|
||||
# SSH daemon settings
|
||||
$SSHD
|
||||
EOF
|
||||
|
||||
# /usr/bin/printf "\u00A9 2010 Oliver Ladner\n" #unicode ausgabe
|
||||
|
||||
# Define default return code
|
||||
exit 0
|
||||
|
||||
# vim: ts=3:sw=3
|
||||
Loading…
Add table
Add a link
Reference in a new issue