This Branch provides the following -
System Audit ReportA script to provide a basic audit of the system. Can be run from crontab to provide a daily/weekly report as needed. Provides a basic snapshot of the server with the following information -
⭐ Current Users ⭐ Running Procs ⭐ Top 10 Memory Usage ⭐ Top 10 CPU Usage ⭐ Open Files
A script to provide a basic security report of the system. Can be run from crontab to provide daily/weekly report as needed. Provides a basic snapshot of the following information from the server -
⭐ failog report ⭐ No Owner Files ⭐ Set GID Files ⭐ Set UID Files ⭐ World Writeable Files ⭐ Open Ports ⭐ Current Services
To Use the Scripts
-
Upload them to the required server
-
Check you are happy with the settings by opening the script in an editor for example;
$ nano system_audit.sh -
Make the script executable with chmod
chmod u+xfor example;$ chmod u+x system_audit.sh
Caution
We do not encourage you to use this from a system directory or set it up for the 'root' user on your system Please ensure you consult the correct documents for operating system
-
Test the script by by running it for example;
$ ./system_audit.sh -
Ensure the report has been generated and address any errors/software not installed as required.
The script only have one configuration value, which is for the name/output file of the generated report.
REPORTNAME=
This is a list of the programs that are current ran by each script to generate the report.
system_security.sh
- faillog - faillog displays the contents of the failure log database (/var/log/faillog). It can also set the failure counters and limits. When faillog is run without arguments, it only displays the faillog records of the users who had a login failure.
- find - GNU find searches the directory tree rooted at each given starting-point by evaluating the given expression from left to right, according to the rules of precedence (see section OPERATORS), until the outcome is known (the left hand side is false for and operations, true for or), at which point find moves on to the next file name. If no starting-point is specified, `.' is assumed.
- awk - The awk utility shall execute programs written in the awk programming language, which is specialized for textual data manipulation. An awk program is a sequence of patterns and corresponding actions. When input is read that matches a pattern, the action associated with that pattern is carried out.
- systemctl - systemctl may be used to introspect and control the state of the "systemd" system and service manager. Please refer to systemd(1) for an introduction into the basic concepts and functionality this tool manages.
- ss - ss is used to dump socket statistics. It allows showing information similar to netstat. It can display more TCP and state information than other tools.
system_audit.sh
- w - w displays information about the users currently on the machine, and their processes. The header shows, in this order, the current time, how long the system has been running, how many users are currently logged on, and the system load averages for the past 1, 5, and 15 minutes.
- ps - ps displays information about a selection of the active processes. If you want a repetitive update of the selection and the displayed information, use top instead.
- lsof - lsof lists on its standard output file information about files opened by processes for the following UNIX dialects