v0.3.3

Debian Benchmarking Complete

README.md

@@ -1,7 +1,7 @@
 # SeBAz
 ## Tool to check compliance with CIS Benchmarks
 
-Current version SeBAz v0.2.4
+Current version [SeBAz v0.3.3](https://github.com/Deepak710/SeBAz/releases "SeBAz releases")
 
 Made by [Deepak](https://t.me/AzorAhoy "Telegram")
 
@@ -24,6 +24,11 @@ And if you are the **system administrator** in your organization, then this tool
 * Generate report(s) from the modified spreadsheets
 * Logs of all the commands performed by the tool
 
+## Download
+
+* [SeBAz](https://github.com/Deepak710/SeBAz/releases/download/v0.3.3/SeBAz-amd64 "SeBAz-amd64") - For 64-bit systems
+* [SeBAz](https://github.com/Deepak710/SeBAz/releases/download/v0.3.3/SeBAz-i386 "SeBAz-i386") - For 32-bit systems
+
 ## How to use
 
 Check out the [wiki](https://github.com/Deepak710/SeBAz/wiki#how-to-use-sebaz "How to use") page for comprehensive instructions

linux/SeBAz.py

@@ -76,9 +76,9 @@
     bold(yellow('chek')) + u':{count_2:{len_total}d} ' + \
     u'[{elapsed}<{eta}, {rate:.1f}{unit_pad}{unit}/s]'
 passd = manager.counter(total=length, unit='tests',
-                        color='bright_white', bar_format=bar_format)
-faild = passd.add_subcounter('bright_white')
-check = passd.add_subcounter('bright_white')
+                        color='white', bar_format=bar_format)
+faild = passd.add_subcounter('white')
+check = passd.add_subcounter('white')
 
 # SeBAz.log file
 log_file = path.dirname(path.abspath(__file__)) + '/' + \

linux/modules/reportGenerator.py

@@ -263,7 +263,7 @@ def makeIndex(pdf, SeBAz_contents):
         # result
         pdf.drawCentredString(A4[0]*17/20, line, SeBAz_contents[row][2])
         line += 20
-        if line > 770:
+        if line > 770 and ((row + 1) != (len(SeBAz_contents)-24)):
             line = 100
             pdf.restoreState()
             pdf.showPage()

linux/scripts/deb/6_2_10.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
+    if [ ! -d "$dir" ]; then
+        echo "The home directory ($dir) of user $user does not exist."
+    else
+        for file in $dir/.[A-Za-z0-9]*; do
+            if [ ! -h "$file" -a -f "$file" ]; then
+                fileperm=`ls -ld $file | cut -f1 -d" "`
+                if [ `echo $fileperm | cut -c6`  != "-" ]; then
+                    echo "Group Write permission set on file $file"
+                fi
+                if [ `echo $fileperm | cut -c9`  != "-" ]; then
+                    echo "Other Write permission set on file $file"
+                fi
+            fi
+        done
+    fi
+done

linux/scripts/deb/6_2_11.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
+    if [ ! -d "$dir" ]; then
+        echo "The home directory ($dir) of user $user does not exist."
+    else
+        if [ ! -h "$dir/.forward" -a -f "$dir/.forward" ]; then
+            echo ".forward file $dir/.forward exists"
+        fi
+    fi
+done

linux/scripts/deb/6_2_12.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
+    if [ ! -d "$dir" ]; then
+        echo "The home directory ($dir) of user $user does not exist."
+    else
+        if [ ! -h "$dir/.netrc" -a -f "$dir/.netrc" ]; then
+            echo ".netrc file $dir/.netrc exists"
+        fi
+    fi
+done

linux/scripts/deb/6_2_13.sh

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
+    if [ ! -d "$dir" ]; then
+        echo "The home directory ($dir) of user $user does not exist."
+    else
+        for file in $dir/.netrc; do
+            if [ ! -h "$file" -a -f "$file" ]; then
+                fileperm=`ls -ld $file | cut -f1 -d" "`
+                if [ `echo $fileperm | cut -c5`  != "-" ]; then
+                    echo "Group Read set on $file"
+                fi
+                if [ `echo $fileperm | cut -c6`  != "-" ]; then
+                    echo "Group Write set on $file"
+                fi
+                if [ `echo $fileperm | cut -c7`  != "-" ]; then
+                    echo "Group Execute set on $file"
+                fi
+                if [ `echo $fileperm | cut -c8`  != "-" ]; then
+                    echo "Other Read set on $file"
+                fi
+                if [ `echo $fileperm | cut -c9`  != "-" ]; then
+                    echo "Other Write set on $file"
+                fi
+                if [ `echo $fileperm | cut -c10`  != "-" ]; then
+                    echo "Other Execute set on $file"
+                fi
+            fi
+        done
+    fi
+done

linux/scripts/deb/6_2_14.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
+    if [ ! -d "$dir" ]; then
+        echo "The home directory ($dir) of user $user does not exist."
+    else
+        for file in $dir/.rhosts; do
+            if [ ! -h "$file" -a -f "$file" ]; then
+                echo ".rhosts file in $dir"
+            fi
+        done
+    fi
+done

linux/scripts/deb/6_2_16.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+cat /etc/passwd | cut -f3 -d":" | sort -n | uniq -c | while read x ; do
+    [ -z "${x}" ] && break
+    set - $x
+    if [ $1 -gt 1 ]; then
+        users=`awk -F: '($3 == n) { print $1 }' n=$2 /etc/passwd | xargs`
+        echo "Duplicate UID ($2): ${users}"
+    fi
+done

linux/scripts/deb/6_2_17.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+cat /etc/group | cut -f3 -d":" | sort -n | uniq -c | while read x ; do
+    [ -z "${x}" ] && break
+    set - $x
+    if [ $1 -gt 1 ]; then
+        groups=`awk -F: '($3 == n) { print $1 }' n=$2 /etc/group | xargs`
+        echo "Duplicate GID ($2): ${groups}"
+    fi
+done

linux/scripts/deb/6_2_18.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+cat /etc/passwd | cut -f1 -d":" | sort -n | uniq -c | while read x ; do
+    [ -z "${x}" ] && break
+    set - $x
+    if [ $1 -gt 1 ]; then
+        uids=`awk -F: '($1 == n) { print $3 }' n=$2 /etc/passwd | xargs`
+        echo "Duplicate User Name ($2): ${uids}"
+    fi
+done

linux/scripts/deb/6_2_19.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+cat /etc/group | cut -f1 -d":" | sort -n | uniq -c | while read x ; do
+    [ -z "${x}" ] && break
+    set - $x
+    if [ $1 -gt 1 ]; then
+        gids=`gawk -F: '($1 == n) { print $3 }' n=$2 /etc/group | xargs`
+        echo "Duplicate Group Name ($2): ${gids}"
+    fi
+done

linux/scripts/deb/6_2_6.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+if [ "`echo $PATH | grep :: `" != "" ]; then
+    echo "Empty Directory in PATH (::)"
+fi
+
+if [ "`echo $PATH | grep :$`"  != "" ]; then
+    echo "Trailing : in PATH"
+fi
+
+p=`echo $PATH | sed -e 's/::/:/' -e 's/:$//' -e 's/:/ /g'`
+set -- $p
+while [ "$1" != "" ]; do
+    if [ "$1" = "." ]; then
+        echo "PATH contains ."
+        shift
+        continue
+    fi
+    if [ -d $1 ]; then
+        dirperm=`ls -ldH $1 | cut -f1 -d" "`
+        if [ `echo $dirperm | cut -c6 ` != "-" ]; then
+            echo "Group Write permission set on directory $1"
+        fi
+        if [ `echo $dirperm | cut -c9 ` != "-" ]; then
+            echo "Other Write permission set on directory $1"
+        fi
+        dirown=`ls -ldH $1 | awk '{print $3}'`
+        if [ "$dirown" != "root" ] ; then
+            echo $1 is not owned by root
+        fi
+    else
+        echo $1 is not a directory
+    fi
+    shift
+done

linux/scripts/deb/6_2_7.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
+    if [ ! -d "$dir" ]; then
+        echo "The home directory ($dir) of user $user does not exist."
+    fi
+done

linux/scripts/deb/6_2_8.sh

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
+    if [ ! -d "$dir" ]; then
+        echo "The home directory ($dir) of user $user does not exist."
+    else
+        dirperm=`ls -ld $dir | cut -f1 -d" "`
+        if [ `echo $dirperm | cut -c6` != "-" ]; then
+            echo "Group Write permission set on the home directory ($dir) of user $user"
+        fi
+        if [ `echo $dirperm | cut -c8` != "-" ]; then
+            echo "Other Read permission set on the home directory ($dir) of user $user"
+        fi
+        if [ `echo $dirperm | cut -c9` != "-" ]; then
+            echo "Other Write permission set on the home directory ($dir) of user $user"
+        fi
+        if [ `echo $dirperm | cut -c10` != "-" ]; then
+            echo "Other Execute permission set on the home directory ($dir) of user $user"
+        fi
+    fi
+done

linux/scripts/deb/6_2_9.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+cat /etc/passwd | egrep -v '^(root|halt|sync|shutdown)' | awk -F: '($7 != "/usr/sbin/nologin" && $7 != "/bin/false") { print $1 " " $6 }' | while read user dir; do
+    if [ ! -d "$dir" ]; then
+        echo "The home directory ($dir) of user $user does not exist."
+    else
+        owner=$(stat -L -c "%U" "$dir")
+        if [ "$owner" != "$user" ]; then
+            echo "The home directory ($dir) of user $user is owned by $owner."
+        fi
+    fi
+done

linux/scripts/ind/6_2_15.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+for i in $(cut -s -d: -f4 /etc/passwd | sort -u ); do
+    grep -q -P "^.*?:[^:]*:$i:" /etc/group
+    if [ $? -ne 0 ]; then
+        echo "Group $i is referenced by /etc/passwd but does not exist in /etc/group"
+    fi
+done