Comprehensive Understanding of Linux Bash and Shell Scripting

In this script, we demonstrate a comprehensive understanding of Linux Bash scripting to perform system configuration and security checks. This script evaluates various aspects of a Linux system to ensure its security and compliance with best practices.

1. Functions for Success and Failure Messages

We define functions for displaying success and failure messages with appropriate colors, making the output easily readable and informative.

function SuccessMessage () {
    # Display success message in green
}

function FalseMessage () {
    # Display failure message in red
}

File and Command Checks

We use conditional statements and commands to check for specific conditions within files and the output of commands. Here are some notable examples:

FileContains and FileContainsNot

These functions check if a specified pattern exists or does not exist within a file, displaying appropriate messages.

FileContains "dpkg -l aide" "no packages" "1.3.1" "Ensure AIDE is installed"
FileContainsNot "dpkg -l prelink" "prelink" "1.5.3" "Ensure prelink is not installed"

CommandContains and CommandContainsNot

These functions execute commands and check if the output contains or does not contain a specific pattern.

CommandContains "systemctl is-enabled autofs" "disabled" "1.1.23" "Disable Automounting"
CommandContainsNot "dpkg -l xserver-xorg*" "no packages" "2.1.2" "Ensure X Window System is not installed"

3. System Configuration Checks

Ensuring the absence of unnecessary services:

CommandContainsNot "dpkg -l rsh-client" "no packages" "2.2.2" "Ensure rsh client is not installed"

Checking for required software packages:

CommandContains "dpkg -l auditd" "no packages" "4.1.1.1" "Ensure auditd is installed"```

Validating system log settings:

CommandContains "grep max_log_file_action /etc/audit/auditd.conf" "max_log_file_action = keep_logs" "4.1.2.2" "Ensure audit logs are not automatically deleted"

4. Security and Compliance Measures

The script covers a wide range of security and compliance measures, such as disabling unnecessary services, controlling USB storage, and ensuring the presence of required packages. It also checks for proper log management and configuration. These are also taken directly from CIS benchmarks and has direct use from real corporations and small businesses for people

5. Output Clarity

The script utilizes colorful output messages to clearly indicate whether a check passed or failed, making it easy for users to identify issues at a glance.

In summary, this script demonstrates a deep understanding of Linux Bash scripting, including functions, conditional statements, file manipulation, and command execution. It is a powerful tool for system administrators and security professionals to assess and maintain the security and compliance of Linux systems.

%%script bash

####### Format: Vuln name (V-4249) and then the actual vuln "Grub has a password"
function SuccessMessage () {
    echo -e "\e[92m[+]\e[39m Check for OS: Ubuntu 20 - \e[92m$1: $2"
}

function FalseMessage () {
    echo -e "\e[91m[-]\e[39m Check for OS: Ubuntu 20 - \e[91m$1: $2"
}

####### Format: file, pattern to look for in a file, vuln name, and then the acutal vuln
function FileContains () {
    if [ ! -f "$1" ]; then
        echo -e "\e[93m$3: $4. - $1 does not exist"
    else
        if grep -Fxq "$2" $1
        then
            # code if found
            SuccessMessage "$3" "$4"
        else
            # code if not found
            FalseMessage "$3" "$4"
        fi
    fi
    
}

function FileContainsNot () {
    if [ ! -f "$1" ]; then
        echo -e "\e[93m$3: $4. - $1 does not exist"
    else
        if grep -q $2 "$1"
        then
            # code if found
            FalseMessage "$3" "$4"
        else
            # code if not found
            SuccessMessage "$3" "$4"
        fi
    fi
    
}

function CommandContains() {
    if $1 | grep -q "$2"; then
        SuccessMessage "$3" "$4"
    else
        FalseMessage "$3" "$4"
    fi
}

function CommandContainsNot() {
    if $1 | grep -q "$2"; then
        FalseMessage "$3" "$4"
    else
        SuccessMessage "$3" "$4"
    fi
}

#CommandContains "journalctl 'protection: active'" "kernel: NX (Execute Disable) protection: active" "1.5.1" "Ensure XD/NX support is enabled"
CommandContains "systemctl is-enabled autofs" "disabled" "1.1.23" "Disable Automounting"
CommandContains "modprobe -n -v usb-storage" "install /bin/true" "1.1.24" "Disable USB Storage"
CommandContains "dpkg -l aide" "no packages" "1.3.1" "Ensure AIDE is installed"
CommandContains "dpkg -l aide-common" "no packages" "1.3.1" "Ensure aide-common is installed"
CommandContainsNot "dpkg -l prelink" "prelink" "1.5.3" "Ensure prelink is not installed"
CommandContains "dpkg -l apparmor" "no packages" "1.6.1.1" "Ensure AppArmor is installed"
CommandContainsNot "dpkg -l xserver-xorg*" "no packages" "2.1.2" "Ensure X Window System is not installed"
CommandContainsNot "dpkg -l avahi-daemon" "no packages" "2.1.3" "Ensure RPC is not installed"
CommandContainsNot "dpkg -l isc-dhcp-server" "no packages" "2.1.5" "Ensure DHCP Server is not installed"
CommandContainsNot "dpkg -l nfs-kernel-server" "no packages" "2.1.7" "Ensure NFS is not installed"
CommandContainsNot "dpkg -l nis" "no packages" "2.1.17" "Ensure NIS Server is not installed"
CommandContainsNot "dpkg -l rsh-client" "no packages" "2.2.2" "Ensure rsh client is not installed"
CommandContainsNot "dpkg -l talk" "no packages" "2.2.3" "Ensure talk client is not installed"
CommandContainsNot "dpkg -l ldap-clients" "no packages" "2.2.5" "Ensure LDAP client is not installed"
CommandContainsNot "dpkg -l rpcbind" "no packages" "2.2.6" "Ensure RPC is not installed"
CommandContainsNot "dpkg -l iptables-persistent" "no packages" "3.5.1.2" "Ensure iptables-persistent is not installed with ufw"
CommandContains "dpkg -l auditd" "no packages" "4.1.1.1" "Ensure auditd is installed"
CommandContains "dpkg -l audispd-plugins" "no packages" "4.1.1.1" "Ensure audispd-plugins is installed"
CommandContains "systemctl is-enabled auditd" "enabled" "4.1.1.2" "Ensure auditd service is enabled"
CommandContains "grep max_log_file_action /etc/audit/auditd.conf" "max_log_file_action = keep_logs" "4.1.2.2" "Ensure audit logs are not automatically deleted"
CommandContains "grep '^\s*[^#]' /etc/audit/rules.d/*.rulestail -1" "-e 2" "4.1.17" "Ensure the audit configuration is immutable"
CommandContainsNot "dpkg -l rsyslog" "no packages" "4.2.1.1" "Ensure rsyslog is installed"
CommandContains "grep -e ForwardToSyslog /etc/systemd/journald.conf" "ForwardToSyslog=yes" "4.2.2.1" "Ensure journald is configured to send logs to rsyslog"
CommandContains "grep -e Compress /etc/systemd/journald.conf" "Compress=yes" "4.2.2.2" "Ensure journald is configured to compress large log files"
CommandContains "grep -e Storage /etc/systemd/journald.conf" "Storage=persistent" "4.2.2.1" "Ensure journald is configured to write logfiles to persistent disk"
Failed to get unit file state for autofs.service: No such file or directory


[-] Check for OS: Ubuntu 20 - 1.1.23: Disable Automounting


modprobe: FATAL: Module usb-storage not found in directory /lib/modules/5.10.16.3-microsoft-standard-WSL2


[-] Check for OS: Ubuntu 20 - 1.1.24: Disable USB Storage


dpkg-query: no packages found matching aide


[-] Check for OS: Ubuntu 20 - 1.3.1: Ensure AIDE is installed


dpkg-query: no packages found matching aide-common


[-] Check for OS: Ubuntu 20 - 1.3.1: Ensure aide-common is installed


dpkg-query: no packages found matching prelink


[+] Check for OS: Ubuntu 20 - 1.5.3: Ensure prelink is not installed
[-] Check for OS: Ubuntu 20 - 1.6.1.1: Ensure AppArmor is installed


dpkg-query: no packages found matching xserver-xorg*


[+] Check for OS: Ubuntu 20 - 2.1.2: Ensure X Window System is not installed


dpkg-query: no packages found matching avahi-daemon


[+] Check for OS: Ubuntu 20 - 2.1.3: Ensure RPC is not installed


dpkg-query: no packages found matching isc-dhcp-server


[+] Check for OS: Ubuntu 20 - 2.1.5: Ensure DHCP Server is not installed
[+] Check for OS: Ubuntu 20 - 2.1.7: Ensure NFS is not installed
[+] Check for OS: Ubuntu 20 - 2.1.17: Ensure NIS Server is not installed
[+] Check for OS: Ubuntu 20 - 2.2.2: Ensure rsh client is not installed


dpkg-query: no packages found matching talk


[+] Check for OS: Ubuntu 20 - 2.2.3: Ensure talk client is not installed


dpkg-query: no packages found matching ldap-clients


[+] Check for OS: Ubuntu 20 - 2.2.5: Ensure LDAP client is not installed


dpkg-query: no packages found matching rpcbind


[+] Check for OS: Ubuntu 20 - 2.2.6: Ensure RPC is not installed


dpkg-query: no packages found matching iptables-persistent


[+] Check for OS: Ubuntu 20 - 3.5.1.2: Ensure iptables-persistent is not installed with ufw


dpkg-query: no packages found matching auditd


[-] Check for OS: Ubuntu 20 - 4.1.1.1: Ensure auditd is installed


dpkg-query: no packages found matching audispd-plugins


[-] Check for OS: Ubuntu 20 - 4.1.1.1: Ensure audispd-plugins is installed


Failed to get unit file state for auditd.service: No such file or directory


[-] Check for OS: Ubuntu 20 - 4.1.1.2: Ensure auditd service is enabled


grep: /etc/audit/auditd.conf: No such file or directory


[-] Check for OS: Ubuntu 20 - 4.1.2.2: Ensure audit logs are not automatically deleted


grep: /etc/audit/rules.d/*.rulestail: No such file or directory


[-] Check for OS: Ubuntu 20 - 4.1.17: Ensure the audit configuration is immutable
[+] Check for OS: Ubuntu 20 - 4.2.1.1: Ensure rsyslog is installed
[+] Check for OS: Ubuntu 20 - 4.2.2.1: Ensure journald is configured to send logs to rsyslog
[+] Check for OS: Ubuntu 20 - 4.2.2.2: Ensure journald is configured to compress large log files
[-] Check for OS: Ubuntu 20 - 4.2.2.1: Ensure journald is configured to write logfiles to persistent disk