twb
/
neatoDeploy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
PHP Deployment Scripts
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
38 Commits
1 Branch
0 Tags
1.2 MiB
 
 
Tag: Branch: Tree: a6c5bb1cc5
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a6c5bb1cc5'
${ noResults }
neatoDeploy/deploy_files/deploy_security_audit.php

82 lines
2.9 KiB
Raw Blame History

<?php
Configure::set('display', true);
Configure::set('logfile', true);
$options = cGetOpt(["updates"]);
$updates = $options['updates'] ?? "no";
Configure::set('remove_users', [
'shutdown', 'halt', 'games', 'operator',
'ftp', 'news', 'gopher',
]);
forceRoot();
display(getTermColors("Deleteing unused user accounts", ['color'=>'blue']));
$remove_users = Configure::get('remove_users');
if (is_array($remove_users)) {
foreach($remove_users as $del_user) {
doCommand('userdel', $del_user);
}
}
display(getTermColors("Removing old un-needed programs", ['color'=>'blue']));
doCommand('purge', "xinetd nis yp-tools tftpd atftpd tftpd-hpa telnetd rsh-server rsh-redone-server");
if ($updates === "yes") {
display("Full updates and unattended-upgrades");
doCommand('full_update');
doCommand('install', "unattended-upgrades");
doCommand('systemctl', "unattended-upgrades", "start");
doCommand('systemctl', "unattended-upgrades", "enable");
}
display(getTermColors("List services", ['color'=>'blue']));
exec(neato::get_bin . 'systemctl list-unit-files --type=service', $output, $exit_code);
display($output);
unset($output);
display(getTermColors("Verify no Accounts have Empty passwords", ['color'=>'blue']));
exec(neato::get_bin . 'awk -F: \'($2 == "") {print}\' /etc/shadow', $output, $exit_code);
if (count($output) > 0) {
display(getTermColors($output, ['color'=>'red']));
} else {
display(getTermColors("All accounts have passwords.", ['color'=>'green']));
}
unset($output);
display(getTermColors("Make sure No Non-Root accounts have UID set to 0", ['color'=>'blue']));
exec(neato::get_bin . 'awk -F: \'($3 == "0") {print}\' /etc/passwd', $output, $exit_code);
if (count($output) > 1) {
display(getTermColors($output, ['color'=>'red']));
} else {
display(getTermColors("All accounts are normal.", ['color'=>'green']));
}
unset($output);
display(getTermColors("World Writable files", ['color'=>'blue']));
exec(neato::get_bin . 'find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print', $output, $exit_code);
if (count($output) > 0) {
display(getTermColors($output, ['color'=>'red']));
} else {
display(getTermColors("No world writable files exists.", ['color'=>'green']));
}
unset($output);
display(getTermColors("No-owner Files", ['color'=>'blue']));
exec(neato::get_bin . 'find / -xdev \( -nouser -o -nogroup \) -print', $output, $exit_code);
if (count($output) > 0) {
display(getTermColors($output, ['color'=>'red']));
} else {
display(getTermColors("All files have owner-ship.", ['color'=>'green']));
}
unset($output);
display(getTermColors("Unwanted SUID and SGID bins", ['color'=>'blue']));
exec(neato::get_bin . 'find / \( -perm -4000 -o -perm -2000 \) -print', $output, $exit_code);
if (count($output) > 0) {
display(getTermColors($output, ['color'=>'red']));
} else {
display(getTermColors("No sticky bits found.", ['color'=>'green']));
}
unset($output);