Hoplite Final Project Report
Lizzy Hamaoka, Reese Pearsall, Kyle Webster Spring Semester 2020
1 Introduction
We propose creating an automated reporting system that will generate re- ports based on pass or fail tests. Reports will be generated based upon the defined criteria of the Security Technical Implementation Guides (STIGs) that will serve as a guideline for compliance. The system will generate reports for Hoplite’s customers’ security systems for third party auditors, the managers of Hoplite’s customers, as well as Hoplite Industries. The format of the report will be split into sections that include: the STIG id and respective severity level followed by the control, description, criteria of the specified STIG, and lastly the output. Hoplite’s primary requirements for this project are that the system is de- ployable on Windows and Linux systems with a focus on Linux, customers can adjust the scripts for local customization, and that the product can be run ef- ficiently to allow being scalable to large systems. The software requirements involve utilizing python scripts, bash scripts, SQL databases, and other third party software that utilizes approved licenses. There is a large market for the application being built outside of the Department of Defense and the product will potentially be shipped within the next 12 months.
1 Elizabeth Hamaoka 503.267.5664 | [email protected]
EDUCATION Bachelor of Science in Computer Science (Interdisciplinary Option) (GPA: 3.71) Minor in Computer Engineering Montana State University | Bozeman, MT Graduation: May 2020
EXPERIENCE Cyber Technical Intern | Northrop Grumman Corporation | Cincinnati, OH May 2019– August 2019 • Participated in a weeklong Cyber Academy class • Worked with a team to research and develop new cyber capabilities • Created desired effects by modifying the hex structures of a binary file format • Documented and presented findings to employees in an oral presentation • Obtained a TS security clearance
Undergraduate Course Assistant | Montana State University 2019 • Teaching assistant for Web Design • Lead two-hour lab sessions to assist students in implementing the HTML and CSS basics that they learn in class • Hold weekly office hours and help with grading of labs and finals
LEADERSHIP EXPERIENCE Volunteer | Expanding Your Horizons Group Leader April 2018 & March 2019 • Co-led a group of 15 middle school girls around Montana State University to hands-on STEM activities like creating an electric motor and extracting DNA from a cows thymus gland • Promoted early exposure to the STEM related fields in young women • Led group discussions about STEM
Volunteer | Expanding Your Horizons Planning Committee 2018-2020 • Attended monthly meetings to help organize Expanding Your Horizons 2019 and 2020 • Actively recruited both faculty and student volunteers • Made executive decisions about materials and activities
SKILLS AND STRENGTHS Languages: (Working Knowledge) Java, C, Python, Kotlin, Go, VHDL, HTML/CSS, JavaScript Operating Systems: Mac OSX, Windows OS, Linux
Focused, attentive to details, hard-working, and reliable. Dedicated team player and goal driven. Resilient to find solutions. Strong desire to learn and contribute to the success of organizations.
CLUBS AND ACTIVITIES Association for Women in Computing | Montana State University Fall 2018 - Present
Grace Hopper Celebration of Women in Computing September 2018 • 2019 Grace Hopper Scholar
AIChE Chem-E-Car Club Present Reese Pearsall Bozeman, Montana • (406)672-3268 • [email protected] • https://reesep.github.io
Summary
Hard working and motivated student working towards degree in computer science. Interested in the field of cybersecurity, cybercrime, and cyberlaw. Knowledgeable in numerous programming languages. Planning on pursuing a career in undergraduate education after graduate school.
Education Montana State University Bozeman- (Expected Graduation Summer 2020)
• Expected Degree: Bachelor of Science - Computer Science Sociology (minor) • Current GPA: 3.7
Technical Skills
• Programming Languages: Python, Java, Go, C, C#, C++, SQL, HTML/CSS • Operating Systems: Linux and Windows • Development Tools: Basic Linux tools, NetBeans, Microsoft Visual Studios, Eclipse, Git, Mercurial
Work Experience
United States Air Force May 2019 – August 2019 Software Engineering Intern – Hill Air Force, Utah • Worked together with a development team to create an updated and modernized calibration software that tests the working condition of a (unclassified) mobile ground radar system. • Gained experience working in a DevOps and Agile environment. • Work included software testing and implantation of new software features using a variety of technical resources and libraries. • Obtained a security clearance to gain the ability to work on various Air Force technologies.
TechLink February 2019 - Present Software Engineering Intern – Bozeman, Montana • Member of the TechLink Software Engineering and Analysis Laboratory (TSEAL). • Develop automated testing solutions for Department of Defense enterprise software. • Gain experience using a wide variety of testing tools and libraries, including Selenium, basic Visual Studios testing tools, SpecFlow, and creating step definitions with Gherkin/C#.
Montana State University - Gianforte School of Computing Undergraduate Teaching Assistant – Bozeman, Montana August 2018 – Present CSCI 107 – Joy and Beauty of Computing (Spring 2020) CSCI 127 – Joy and Beauty of Data (Fall 2018, Spring 2019, Fall 2019) CSCI 491 – Programming in Go (study abroad course in Berlin, Germany – Summer 2021) • Assist undergraduate students with understanding topics taught in lecture through weekly help sessions and one-on-one support. • Responsible for grading the work of 30+ undergraduate students and holding a weekly lab section. • Provide operational and additional grading support for lead instructor. • Recipient of the Outstanding Undergraduate Course Assistant Award (2019)
KYLE WEBSTER (406) 581-4798 || [email protected] Github: https://github.com/KyleWebster1 LinkedIn: https://www.linkedin.com/in/kylewebster1234/
EDUCATION Montana State University/Bozeman: 3.74 GPA Expected May 2020 Senior pursuing Bachelor of Science in Computer Science with a Minor in Mathematics • Current Coursework: Networking, Advanced Algorithm Topics, Applied Text Mining, Machine Learning: Soft Computing, and Database Systems • Related Coursework: Software Engineering, Computer Security, Computer Science Theory, Systems Administration, Linear Algebra, Intro to Differential Equations, Concepts of Programming Languages, Web Design, Statistics for Scientists and Engineers, and Multidisciplinary Engineering
WORK EXPERIENCE Montana State University Auxiliary Services/ Resnet Help Desk Technician August 2016-Present • Provide Information Technology support for all students living on MSU campus and Auxiliary Services staff members. • Provide in person, email, phone, and on-site support for clients • Service various types of personal devices such as mobile phones, laptops, printers, desktops, work stations, lab computers, and access points. Gianforte School of Computing/ Undergraduate Teacher’s Assistant January 2018-December 2018 • Graded students of CSCI 107 homework assignment and exams • Communicated information and answered questions of students of CSCI 107 • Assisted the Gianforte School of Computing Student Success Center to answer questions for students in CSCI 107, CSCI 127, CSCI 132, and CSCI 232 • Assisted the Professor of CSCI 107 with debugging and creating instructions for software installation Gardiner Chamber of Commerce/Visitor Information Specialist Summer 2018 • Communicated information and promoted local businesses to individuals representing variety of ages, countries, and interests through personal interaction and social media • Organized inventory of brochures and other literature
LEADERSHIP EXPERIENCE Multidisciplinary Engineering/Project Leader January 2019-Present • Manage a team of 4 engineers to design and construct an RC car utilizing project management software such as Unified Modeling Language, Gantt Project, and Trello. Technical Skills • Certifications: Apple iOS Certification, Apple Software Certification, Apple Hardware Certification • Languages: Java, Python, Ruby, C, Prolog, Unified Modeling Language, ML, Swift, HTML, CSS, R, Bash, and LaTex • Operating Systems: MacOS, iOS, Windows, CentOS, Debian • Program Proficiency: StarUML, GanttProject, XCode, IntelliJ, Atom, PyCharm, RStudio, MacOS Terminal, Trello, and Microsoft Office Suites
SKILLS • Gained written and verbal and written communication skills as Visitor Information Specialist, ResNet Technician, Undergraduate Teacher’s Assistant as well as classes such as Intermediate Technical Writing and Computer Science Theory • Experienced working on teams, delegating tasks, and resolving conflicts • Proficient in project management utilizing Agile and Waterfall methodologies • Proficient problem solver utilizing mathematical models 2 Background 2.1 Research Auditors and company executives will use these reports in order to ensure that companies are following all of the correct security standards and compli- ances. Auditors are specifically interested in looking at outcome of the report and if the company passed or failed the tests. This helps ensure that there are no security vulnerabilities and all company regulations are being followed. Cur- rently, each STIG is checked, and subsequent reports are done, manually. After discussing with Hoplite, we have learned that the auditors do not have a history of other companies implementing an automated compliance reporting algorithm. There is a large market for this software and creating an automated system for generating these reports will make the process of auditing and monitoring more efficient. We will be utilizing various books as reference guides for the following tech- nologies: REST API [1], SQL[2], Bash[3], and Sed and Awk[4]. Each book is from the series O’Reilly Cookbooks. We will be utilizing online documentation for each programming languages as required.
3 Work Schedule 3.1 Responsibilities A large portion of the code in the project are the bash scripts for each Red Hat STIG. We were each assigned a portion of the STIGs to work on. Beyond the STIGs, we had three distinct sections of the project: the front end web page, the back end services/database, and the interface system to connect those two together. Lizzy handled most of the front end development. Kyle worked on back end and also implemented the database. Reese implemented the interface to connect the back end and front end as well as developed some back end functionality. We used the project management software, Kanbanize, to distribute and document the work that we are going to do, the work that we are doing, and the work that has been done.
3.2 Life Cycle Approach We used an agile development methodology to develop our software. With this methodology, we were able to have check ins with our stakeholders every two weeks. This allowed us to get constant feedback from our client to improve the quality of our software and ensure that Hoplite is satisfied with our product. There is no assigned leader in the agile methodology which allowed the team to manage ourselves with everyone having an equal say in how the product should be organized and structured. It also promoted each member to specialize in a given subject and allowed for an increase in independent progress. The
5 agile methodology also guaranteed that one person will not be able to control everything in the project and cause conflict within the group.
3.3 Milestones
Development (3).png
Figure 1: Gantt Chart for Hoplite Compliance Suite
We have all our milestones outlined in our Gantt chart (Figure 1). Aside from the minor tasks we will be completing throughout this project we have included our major milestones that include the development process and testing
6 phase, as well as our presentation and completion of our final documentation. We would like to begin our development process towards the end of this semester in order to give us enough time to implement and test our software, make necessary changes, and re-test in time for our final presentation.
4 Proposal Statement 4.1 Functional and Non-Functional Requirements
Figure 2: Functional and Non-Functional Requirements
4.2 Performance Requirements The only performance requirement is that the software must be scalable to larger systems and should not take a long time to generate the reports. Performing a full file system check will require significant time and resources. To accomplish this, time complexity as well as space complexity will be monitored to maximize the scalability. Due to the tools required and the memory requirement of some STIGs, a minimum of 2GB of RAM needs to be allocated for the process for each
7 server. Couchbase requires a minimum of 1GB of RAM the Linux Operating System utilizes approximately 700MB-800MB of RAM. Couchbase also requires a minimum CPU performance of 2 GHz for efficient data rebalancing between the clusters.
4.3 Interface Requirements The Graphical User Interface on the web server needs to be able to com- municate with the database and query out the correct information. The GUI also needs to have the option to determine who the report will be printed for (Auditor, Supervisor, System Administrator, etc).
4.4 Development Standards We will be utilizing the standard Python development standards as defined in the Python PEP 8 document, the standard PHP development standards as defined in the PHP coding standard document, the Couchbase Documentation guides, and the standard SQL development standards as defined in the SQL style guide [[5][6][7]][8]. Some of the examples of the features of each standard will be listed below. • Python – Utilize snake case for function and variable names. – Utilize camel case for class names and file names. – Utilize TAB for indentation. – Lines will be less then 80 characters long. • PHP – Lines will be less then 120 characters long. – Utilize 4 spaces for indentation. – Utilize camel case for function names. • SQL – Utilize the C ”\* and */” phrases to indicate beginning and end of comments. – Utilize consistent and descriptive identifier names. – Use names with less then 30 characters in length. • Couchbase – Utilize the same structure for all documents. – Utilize consistent and descriptive object key names. – Minimize the size of the queried document. – Minimize the size of the upserted document.
8 4.5 Tools With the multiple stages of this proposed project, we will be describing the tools required for each of the sections. The different sections are as follows: the main interface utilized by system administrators to begin the compliance reporting steps, configure the connected servers, as well as sending the reports to auditors, the database system, and the local agents that manage the plugins on local servers. Each of these systems will work together to generate the compliance report and send the information to the required personnel. For the main system, we utilized a GUnicorn server as a back end to the website to handle the communications and serve as a web server gateway inter- face. The website itself will utilizes PHP to overlay the HTML and CSS files. The required interfaces between each of the systems will be programmed using Python scripts. For the database server, we have to manage the inputs of several agents as well as handle files that can potentially be several gigabytes in size. Initially, we considered utilizing mySQL to manage the data, but due to the scale of some of the delivered files and data, we have decided utilizing a noSQL database system. Couchbase is a noSQL database system that utilizes an Apache 2.0 license. The noSQL database system will allow us to properly store the files generated from each report, as well as the support for Python and PHP. noSQL database systems typically are significantly slower then SQL database systems. Couchbase overcomes this issue by layering SQL styled support over top of it’s systems. For each of the servers that we will be reporting on, we will be utilizing an agent with plugins to generate the results. Each agent will be a Python script that can be configured with each of the file paths. The plugins will utilize either a Bash or PowerShell depending on if the operating system is a UNIX or Windows Server. The agent and the back end interface will communicate over TCP over IP. For the user information storage on the website, the efficiency and structure of a SQL database will be more beneficial to the user than utilizing the structure less Couchbase database. This also had the added benefit of minimizing network communication, reducing the risk of information being captured. For the report generation, we utilized the Free PDF Python library to format and create PDF Files. It is a library that compiles the objects that are generated efficiently and minimized the wait time for a report to be generated for a given set of IP addresses. The library is permissive, so it allowed us to make the modifications required to properly format a readable PDF file. A private Hoplite GitHub repository will be used for version control. For testing the software, virtual machines will be used to verify the validity of the software. For project management, a Kanbanize that is shared with both Hoplite and the Gianforte School of Computing will be used as a substitute for a Trello system. For all project documentations, we will be utilizing a standard LaTex file.
9 5 Methodology 5.1 Component Diagram
Figure 3: Component Diagram for Hoplite Compliance Suite
10 5.2 Component Diagram
Figure 4: Use Case Diagram for Hoplite Compliance Suite
11 5.3 UML Class Diagram
Figure 5: UML Class Diagram for Hoplite Compliance Suite
5.4 Design Pattern Implementation 5.4.1 Singleton Pattern The database class is designed to be a singleton class to prevent mem- ory leaks and database corruptions from multiple instances of database being created and multiple Couchbase connections being made. With the singleton method preventing concurrent calls interfering with the database class, it al- lowed us to improve the algorithm’s efficiency due to the reduced need for error correcting.
12 5.4.2 Strategy Pattern With the design of the system being separated into three subsystems, we are heavily reliant on the strategy pattern. The rectangles around each of the classes in Figure 5 represents a subsystem that is utilized in the strategy pattern. The website controller handles the user requests, modifications, and the calls for execution. The agent system handles the execution of the STIG checks and the uploading of the results to the database. This is beneficial for customers that will be performing multiple checks at any given time. Then the extract PDF subsystem benefits from the strategy pattern because the format can be modified based on the need separately from the other systems. It also can also be called at any given time to generate a report and not have to wait for a new check with every request for a new PDF file.
5.4.3 Observer Pattern Due to the requirement of external communications between the controlling server and the agent servers, the observer pattern was critical to the execution of the agents. The observer in our case is the GUnicorn library. GUnicorn monitors the TCP port 8000, and when a http message is sent to port 8000, GUnicorn activates the messenger to update the Flask Wrapper. In Figure 5, WSGI acts as the messenger that sends the notification of a received message to the Flask Wrapper instantiated as the Interface class. The Interface class then executes the generate report script and tells the WSGI messenger to send a return HTTP ACK message to the controller. Utilizing an observer pattern allows our system to be deployable between multiple servers and devices. It also allows for concurrent runs of the Agent system for as many subsystems as the user requires.
5.4.4 Iterator Pattern With the execution of the STIG scripts, we used an iterator pattern to minimize the impact we had on the memory. Multiple concurrent runs of the STIG scripts were not plausible due to the memory limitations and how the scripts varied widely in execution times. Using the iterator pattern reduced the computation demands that the system required which will allow the clients to be able to perform a check on a server without requiring a disruption of the server’s daily services.
13 5.5 Database Schema Diagram
Schema.png
Figure 6: Database Schema Diagram Modeling the Relationships in the Database
14 We will be layering a noSQL on top of the database described in Figure 5. Our report generation algorithms will be primarily querying the data from the test table. The database will be deployed on the client’s servers and will be communicating with the RestAPI system.
5.6 Design Trade-offs SQL database systems process the queries more efficiently and have a higher performance when parallel actions are run. noSQL database systems are more compatible with the integration of data with individual files. Since noSQL is not a relational database system, a standard relational diagram is incompatible with a noSQL database system. This downside of a noSQL database is one of the main reasons we have decided to implement a Couchbase database server. The server negates the performance downside of a noSQL database. While Couchbase allows for uploaded data to be structure less, we have decided to have a standard structure for all of the calculated STIGs. This reduces the robustness of the subsystems with modifications made to the database, but the standardization improves the readability and the efficiency of each of the systems. The Couchbase database server’s structure is a document manager, so we will still be able to develop a structure for the database. For each of the layers of the project, careful consideration for the benefits and weaknesses of each programming language has to be taken into considera- tion. For the main executable web page, we have to decide whether to utilize the PHP, Go, or Python programming languages in our product. We have decided to utilize PHP as the backbone of the web page due to it’s server side scripting and Go’s downside of requiring all libraries needing individual packages to be installed. Since this product is to be deployed for multiple systems and oper- ating systems, we want to minimize the number of files and packages that are required to be setup with each installation. Choosing PHP will decrease the ap- plications performance, but it will allow us to fulfill the requirements established for this project. For the rest of the project, we have opted to utilize Python 3.7 for the languages universality, ability to write with scripts, utilize wireless communication, as well as the ability to execute bash scripts. This means that all the customers utilizing this project will require Python 3.7 ; this is resolved by the requirements of previous products from Hoplite. Another requirement that we have to decide between is the communication over IP steps. We will have to have the option for a secure and insecure con- nection within the main application, which means that we will have SSH com- munications as an option. For unsecured communication, we have TCP and UDP as the main implementations. TCP will allow us to have more reliable communication, but is slower to execute. While UDP communication is faster, the loss in reliability of the communication may be a problem. Since most of our IP communication is transferring files that are sensitive to corruptions and require higher reliability, we will be accepting the slower speeds and utilizing a TCP connection for our scripts.
15 6 Expected Results
By the end of this project we expect to have a working reporting system for Linux that will have implementation capabilities in Windows. As well as being able to easily implement this system in Windows, it will be easily adjustable for all clients and their specific needs. All of the systems and operations will be easily maintainable for rapid deployment and configuration. We will also have the reports reformatted such that when they are generated they will be easily readable to all professionals that look at them.
16 Programs in the Python Language
File: database.py import socket from couchbase.cluster import Cluster from couchbase.cluster import PasswordAuthenticator import couchbase.subdocument as SD import os class Database: __instance = None def __init__(self, inFile): """ Uploads the data from report.txt to Couchbase database. Is a singleton class Inputs: inFile: The filepath to the txt file generated by generate_report.py Requirements: inFile is in same directory as database.py couchbase cluster setup on localhost report.txt has to be correctly formatted as setup in generate_report.py
""" if Database.__instance != None: raise Exception("This class is a singleton!") else: Database.__instance = self self.inFile = inFile cluster = Cluster('couchbase://localhost:8091') authenticator = PasswordAuthenticator('Admin', 'klr1234') cluster.authenticate(authenticator) self.cb = cluster.open_bucket('capstone') def process(self, hostname, ip_address): """ Inputs: hostname: String value for the name of the computer ip_address: IP address of the computer at a given hostname. All . values have to be removed for proper navagation The algorithm takes the given input file from init and uploads the data to the couchbase databse with format IPAddress: {hostname, stig_number: {stig_ID, severity rating, control, description, criteria, running script, result}} for each stig number """ result = [] getResult = False getRunning = False isOutput = False first = True file = open(self.inFile, "r") for line in file: if "STIG-NUMBER:" in line: if not first: stig_num = "BASH."+result[0].strip() self.cb.mutate_in(ip_address, SD.upsert(stig_num, {'stig_code': result[1],'severity':result[2], 'control': result[3], 'description': result[4], 'criteria': result[5], 'running': result[6], 'result': result[7]}, create_parents=True)) else: first = False result = [] result.append(line[13:]) elif "STIG-ID:" in line: result.append(line[9:]) elif "Severity:" in line: result.append(line[10:]) elif "Control:" in line: result.append(line[9:]) elif "Description: " in line: result.append(line[13:]) elif "Criteria:" in line: result.append(line[10:]) elif "Running:" in line: getRunning = True result.append("") continue elif "Result:" in line: getResult = True getRunning = False result.append("") continue elif getRunning: if not line.isspace(): result[-1]+= line elif getResult: if not line.isspace(): if line == "------\n": getResult = False else: result[-1]+= line + "\n" stig_num = "BASH."+result[0].strip() self.cb.mutate_in(ip_address, SD.upsert(stig_num, {'stig_code': result[1],'severity':result[2], 'control': result[3], 'description': result[4], 'criteria': result[5], 'running': result[6], 'result': result[7]}, create_parents=True)) def initialize(self, hostname, ip_address): """ Inputs: hostname: The string name of the system used ip_address: The IP address tied to the currrent hostname Verifies that the IP UID exists in the databse and is up to date
""" list_files = os.listdir('../../../../Desktop/compliance/finished_stigs') bash_files = [] for each_file in list_files: if ".sh" in each_file: bash_files.append(each_file[5:-3]) self.cb.upsert(ip_address, {'name': hostname,'ip': ip_address, 'stiglist': bash_files, 'BASH': {}}) def main(): hostname = socket.gethostname() s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.connect(("8.8.8.8", 80)) ip = s.getsockname()[0] s.close() test = Database("report.txt") test.initialize(hostname, ip.strip(".")) test.process(hostname, ip.strip(".")) if __name__ == "__main__": # execute only if run as a script main()
File: interface.py import socket import subprocess from flask import Flask app = Flask(__name__)
#Flask application that is run from the Gnicorn wsgi (wsgi.py) # executes the generate_report.py script
@app.route("/",methods=['POST','GET']) def main(): execute_script() return "
Report generation has been executed.
"#function that executes the generate report script # Popen will run the script and also send a response back to ensure # HTTP request doesn't time out will script is running def execute_script(): subprocess.Popen(["python3","generate_report.py"]) if __name__ == "__main__": app.run(host = "165.22.130.78")
File: generate_report.py import os import subprocess import argparse import database import socket class GenerateReport: def __init__(self): """ Generate report takes all bash files in ./finished_stigs and generates the data for the report that will be generated.
Requirements: BASH to have their bash script check in ./finished_stigs BASH have their description in ./STIG_TextFiles with the proper format database.py in same directory
""" print("Starting the analysis. This will take a while") self.db = database.Database("report.txt") self.hostname = socket.gethostname() s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s.connect(("8.8.8.8", 80)) self.ip = s.getsockname()[0] s.close() self.list_files = os.listdir('../../../../Desktop/compliance/finished_stigs') self.db.initialize(self.hostname, self.ip) for each_file in self.list_files: if ".sh" in each_file: self.execute(each_file) def execute(self, each_file): """ Inputs: each_file: The string value for each of the STIG Bash Files Executes the bash scripts and sends the output to the print functions Output: None Error: Throws error if there is an error running the result """ try: result = subprocess.run(["sh","finished_stigs/"+each_file],stdout=subprocess.PIPE, stderr=subprocess.PIPE) self.print_each_file(each_file, result) except Exception as inst: print("ERROR: " + str(inst)) def print_each_file(self, each_file, result): """ Inputs: each_file: The string value for each of the STIG Bash Files result: The subprocess object representation of the execution of the STIG bash file Collects the data for the STIG description from STIG_TextFiles and the output from the restuls to collect in result.txt and pass the information to the database upload. Output: None """ #Get text of the command(s) being exectuted myfile = open("report.txt", "w") bash_file_text = open("finished_stigs/" +each_file,"r") command = '' for each_line in bash_file_text: if each_line[0] != '#': command += each_line + "\n" bash_file_text.close()
#Extract description, criteria and details from .txt file file_name_as_txt = "STIG_TextFiles/" + each_file[:-3] + ".txt" txtfile = open(file_name_as_txt,"r") info_as_list = [] for each_line in txtfile: info_as_list.append(each_line) txtfile.close()
#Start writing information to file -> report.txt myfile.write("======\n") myfile.write("STIG-NUMBER: " + str(each_file[5:-3]) + "\n") myfile.write("======\n") #each part of the txt file for each_section in info_as_list: myfile.write(each_section + "\n") myfile.write("\n") del info_as_list #Write the bash script being executed myfile.write("Output:" + "\n") myfile.write("------" + "\n") myfile.write("Running: \n") myfile.write(command) try: #Write the result of the bash script myfile.write("Result:" + str(result.stdout.decode('utf-8')) + "\n"+str(result.stderr.decode('utf-8'))+"\n") myfile.write("------" + "\n") except: myfile.write("Result:" + str(result) + "\n") myfile.write("------" + "\n") myfile.close() del result #Outputs myfile contents to couchbase interface self.db.process(self.hostname, self.ip) def main(): gr = GenerateReport() if __name__ == "__main__": # execute only if run as a script main()
File: extractpdf.py import socket from couchbase.cluster import Cluster from couchbase.cluster import PasswordAuthenticator import couchbase.subdocument as SD import sys import csv import fpdf import os import re class PDF(fpdf.FPDF): """ Overrides the FPDF footer class (Which is empty) to add the page number in the page's footer """ def footer(self): "Adds a footer to each PDF Page for page numbers" self.set_y(-15) self.set_font('NotoSans', size=8) self.cell(0, 10, 'Page ' + str(self.page_no()), 0, 0, 'C') class Extract: def __init__(self): """ Reads in the data from the database for the requested IP's and writes a PDF document with it Requirements: Couchbase cluster setup for localhost Program is executed as a script with arguments: output_group, output_file, and the format requested as either 1 or 2 library fpdf is installed clusterList.csv is in the same directory as index.php or the directory is corrected in read_in and formatted as clustername, "IP's" fonts folder within the current directory must contain NotoSans-Regular font found at https://www.google.com/get/noto/ Output: A formatted PDF is generated as the specified output file """ fpdf.set_global("SYSTEM_TTFONTS", os.path.join(os.path.dirname(__file__),'fonts')) cluster = Cluster('couchbase://localhost') authenticator = PasswordAuthenticator('Admin', 'klr1234') cluster.authenticate(authenticator) self.cb = cluster.open_bucket('capstone') def read_in(self, group, output, format): """ Inputs: group: argv string of the group name output: argv string of the locaiton of the output pdf format: argv string of the format of the pdf Initializes the read in process and starts the file Output: A formatted PDF is generated at the output file location """ ip_list = [] with open("/var/www/html/clusterList.csv") as csv_file: for row in csv.reader(csv_file, delimiter=','): if row[0] == group: ip_list = row[1].split(',') pdf = PDF() pdf.add_font("NotoSans", style="", fname="NotoSans-Regular.ttf", uni=True) pdf.add_page() pdf.set_font("NotoSans", size = 15) for ip in ip_list: pdf.cell(200, 10, txt = "Computer at IP Address " + str(ip), ln = 1, align = 'C') self.pdf_from_database(ip, pdf, format) pdf.output(output) def pdf_from_database(self, ip, pdf, format): """ Inputs: ip: IP address to be looked up pdf: The fpdf PDF object format: argv string of the format of the pdf Takes a given IP address and generates a report using the data from the couchbase server Output: A formatted PDF is generated at the output file location """ stig_list = self.cb.lookup_in(ip, SD.get('stiglist'))[0] #format is based on stig number if format == "1": stig_list.sort(key = int) for stig in stig_list: try: self.readDB(ip, stig, pdf) pdf.add_page() except Exception as inst: print(stig, "is not in report yet") print(str(inst)) #Format order is severity of BASH elif format == "2": order = {'CAT I\n': [], 'CAT II\n': [], 'CAT III\n': []} for stig in stig_list: try: order[str(self.cb.lookup_in(ip, SD.get('BASH.' + str(stig)+'.severity'))[0])].append(stig) except: print(stig, "is not in report yet") for i in ['CAT I\n', 'CAT II\n', 'CAT III\n']: for stig in order[i]: try: self.readDB(ip, stig, pdf) pdf.add_page() except Exception as inst: print(stig, "is not in report yet") print(str(inst)) def readDB(self, ip, stig, pdf): """ Inputs: ip: IP address to be looked up stig: The stig which is getting the data retrieved from pdf: The fpdf PDF object Takes a given IP address and stig and exports the lookup information to the pdf """ pdf.multi_cell(0, 10, txt = "STIG ID: " + str(self.cb.lookup_in(ip, SD.get('BASH.'+str(stig)+'.stig_code'))[0]), border = "TLR") pdf.multi_cell(0, 10, txt = "Severity: " + str(self.cb.lookup_in(ip, SD.get('BASH.'+str(stig)+'.severity'))[0])+ "\n", border = "BLR") pdf.multi_cell(0, 10, txt = "Control: " + str(self.cb.lookup_in(ip, SD.get('BASH.'+str(stig)+'.control'))[0]) + "\n", border = "LR") pdf.multi_cell(0, 10, txt = "Description: " + str(self.cb.lookup_in(ip, SD.get('BASH.'+str(stig)+'.description'))[0])+ "\n", border = "LR") pdf.multi_cell(0, 10, txt = "Criteria: " + str(self.cb.lookup_in(ip, SD.get('BASH.'+str(stig)+'.criteria'))[0]), border = "LR") pdf.cell(0, 10, txt = "Output:", ln = 1, align = 'C', border = "TBLR") pdf.multi_cell(0, 10, txt = "Running:\n" + str(self.cb.lookup_in(ip, SD.get('BASH.'+str(stig)+'.running'))[0])+ "\n", border = "LR") pdf.multi_cell(0, 10, txt = "Results:\n " + re.sub(r'\n\s*\n', "\n", str(self.cb.lookup_in(ip, SD.get('BASH.'+str(stig)+'.result'))[0]).encode('latin-1', 'replace').decode('latin-1')), border = "BLR") def main(): hostname = socket.gethostname() ip = socket.gethostbyname(hostname) print(len(sys.argv)) if len(sys.argv) != 4: raise ValueError('Expected 3 arguments of format: "IP Group", "Output File", "PDF Format"') extract = Extract() for arg in sys.argv: print(arg) extract.read_in(sys.argv[1], sys.argv[2], sys.argv[3]) if __name__ == "__main__": # execute only if run as a script main()
File: wsgi.py from interface import app
#wsgi.py #Acts as a web server gateway interface #Runs the flask application (interface.py) when a request is sent to # Gunicorn server
# To boot up WSGI (Gunicorn) # gunicorn --bind 0.0.0.0:8000 wsgi:app if __name__ == "__main__": app.run() Programs in the PHP Language
File: index.php
File: main.php
Create Your Own Clusters
//if save cluster button is pressed if (isset($_POST['cluster-submit'])) { $cluster_name = $_POST['clusterName']; $ips = $_POST['ips']; // TODO: Figure out splitting on ',' and dealing with that array // error checking for saving clusters -- must have a name and at least 1 ip address ?> $error
"; } } ?>Choose Cluster to Generate Report On
Pick from an existing cluster: "; // lists the cluster names of all clusters in the csv file while (($data = fgetcsv($ourFileHandle, 10000, ",")) !== FALSE) { echo $data[0] . " " . ""; } // close the file fclose($ourFileHandle);
} } ?>
//get the name of the requested cluster $name_of_cluster = $_POST['choosenCluster'];
//Open up CSV file that contains cluster names and IPs // Pulls only the IPs of the selected cluster $myfile = fopen("clusterList.csv","r"); $ip_list = array(); if($myfile){ while (($line = fgets($myfile)) !== false){ $arr = explode(",",$line); if(strcmp($arr[0], $name_of_cluster) == 0){ $ip_list = array_slice($arr,1,sizeof($arr)); } } } else { print("Error accessing file"); } fclose($myfile);
//send POST request to each IP in the cluster foreach($ip_list as $ip){ $ip = trim($ip);
//create curl request and set some basic settings $curl = curl_init(); curl_setopt($curl,CURLOPT_URL,$ip.":8000"); curl_setopt($curl,CURLOPT_CONNECTTIMEOUT,10); curl_setopt($curl,CURLOPT_TIMEOUT,100);
curl_exec($curl); curl_close($curl); } //end of for each
} //end of button pressed ?>
Export to PDF
$error
"; } }//if there are no errors execute extractpdf.py if(!isset($error)) { $cmd = "python3 extractpdf.py"; $output = shell_exec("$cmd '".$pickedCluster."' '".$outputPath."' '".$orderedBy."'"); echo $output; }
} ?>
File: login.css body { margin: auto; width: 100%; text-align: center; /* padding-top: 20vh; */ } p { font-size: 15px; text-decoration: none; color: black; } div { display: block; }
#content { min-height: 200px; padding: 50px 50px; background-color: white; padding-bottom: 80px; /* display: block; margin-left: auto; margin-right: auto; border: 2px solid gray; padding: 8px; color: black; margin-top: 10px; font-size: 15px; width: 75%; */ }
.formcontainer { background: white; width: 350px; margin: auto; padding: 30px 0px 70px 0px; border: 2px solid black; }
.title { text-align: center; }
.login{ padding-left: 20px; width:250px; color:black; margin-top:10px; font-size:20px; text-align: center; }
.submit{ float:right; margin: 25px; font-size: 20px; }
File: main.css .container { display: inline-flex; flex-direction: row; flex-wrap: wrap; width: auto; height: 400px; margin-top: 10vh; justify-content: center; }
#first { border: 5px solid black; width: 30%; }
#second { border: 5px solid black; width: 30%; }
#third { border: 5px solid black; width: 30%; } button { border-radius: 5px; border: 1px solid black; } button:hover { background-color: #e7e7e7; }
File: header.php
'; if (isset($_POST['logout-submit'])) { // logout and return to index.php session_start(); session_unset(); session_destroy(); header("location: index.php"); } } // else if no one is currently logged on display the login form else { echo '
Your password has been reset
'; } } // // // if login button is pressed if (isset($_POST['login-submit'])) { // include database connection file require 'includes/dbh_inc.php'; // // // get username and password from form $mailuid = $_POST['mailuid']; $password = $_POST['password']; // // // if the button is pressed and one or both fields are empty if (empty($mailuid) || empty($password)) { header("location: index.php?error=emptyfields"); // // $error[] = 'Empty fields - Please enter username and password.'; exit(); } // // check database to see if there is a user that has the username or email that is being used to login else { $sql = "SELECT * FROM users WHERE uidUsers=? OR emailUsers=?;"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { header("location: index.php?error=sqlerror"); exit(); } // // get the pwd from the db and check if is matches the pwd that the user gave us when they tried to login else { mysqli_stmt_bind_param($stmt, "ss", $mailuid, $mailuid); mysqli_stmt_execute($stmt); $result = mysqli_stmt_get_result($stmt); if ($row = mysqli_fetch_assoc($result)) { $pwdCheck = password_verify($password, $row['pwdUsers']); // // wrong password if ($pwdCheck == false) { header("location: index.php?error=wrongpwd"); exit(); } // if passwords match login else if ($pwdCheck == true) { session_start(); $_SESSION['userId'] = $row['idUsers']; $_SESSION['userUid'] = $row['uidUsers']; // header("location: index.php"); // header("location: ../index.php?login=success"); exit(); } // // wrong pwd error else { header("location: index.php?error=wrongpwd"); exit(); } } // // no user error else { header("location: index.php?error=nouser"); exit(); } } } // } // // else just show home page // else { // // header("location: index.php"); // exit(); // } } ?>File: reset-password.php
An e-mail will be sent to you with instructions on how to reset your password.Reset Your Password
// link to send to the user by email
$url = "165.22.172.240/create-new-password.php?selector=" . $selector . "&validator=" . bin2hex($token); // add expiration date of 1hr later $expires = date("U") + 1800; // include database connection require 'includes/dbh_inc.php'; // get email from form $userEmail = $_POST['email']; // delete any existing entries of a token in the database $sql = "DELETE FROM pwdreset WHERE pwdResetEmail=?;"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { echo "There was an error 1: " . mysqli_error(); exit(); } else { mysqli_stmt_bind_param($stmt, "s", $userEmail); mysqli_stmt_execute($stmt); } // insert the token into the database $sql = "INSERT INTO pwdreset (pwdResetEmail, pwdResetSelector, pwdResetToken, pwdResetExpires) VALUES (?, ?, ?, ?);"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { echo "There was an error 2"; exit(); } else { // hash to protect sensitive data $hashedToken = password_hash($token, PASSWORD_DEFAULT); mysqli_stmt_bind_param($stmt, "ssss", $userEmail, $selector, $hashedToken, $expires); mysqli_stmt_execute($stmt); } mysqli_stmt_close($stmt); mysqli_close($connection); // sending actual emailUsers // send to email retrieved from form $to = $userEmail; // subject and message for the email to reset password $subject = 'Reset your password'; $message = '
We received a password reset request. The link to reset your password is below. If you did not make this request, please ignore this email
'; $message .= 'Here is your password reset link: '; $message .= ''.$url.'
';// TODO: add actual email addresses for from and reply to headers $headers = "From capstone <>\r\n"; $headers .= "Reply-To: <>\r\n"; $headers .= "Content-type: test/html\r\n";
// send email mail($to, $subject, $message, $headers); header("location: reset-password.php?reset=success"); }
File: dbh_inc.php create it if (!mysqli_select_db($connection, $dbname)) { $sql = 'CREATE DATABASE loginsystem'; if (!mysqli_query($connection, $sql)) { echo "Error creating database: " . mysqli_error($connection); } } // mysqli_select_db($connection, $dbname);
// create table for user info $sql = "CREATE TABLE IF NOT EXISTS users ( idUsers INT(11) AUTO_INCREMENT PRIMARY KEY NOT NULL, uidUsers TINYTEXT NOT NULL, emailUsers TINYTEXT NOT NULL, pwdUsers LONGTEXT NOT NULL )"; if (!mysqli_query($connection, $sql)) { echo "Error creating table: " . mysqli_error($connection); } // create table for pwd reset info $sql = "CREATE TABLE IF NOT EXISTS pwdreset ( pwdResetId INT(11) AUTO_INCREMENT PRIMARY KEY NOT NULL, pwdResetEmail TEXT NOT NULL, pwdResetSelector TEXT NOT NULL, pwdResetToken LONGTEXT NOT NULL, pwdResetExpires TEXT NOT NULL )"; if (!mysqli_query($connection, $sql)) { echo "Error creating table: " . mysqli_error($connection); } ?>
File: signup.php Signup
Fill in all fields
Invalid username and e-mail
'; } // check for valid username else if ($_GET['error'] == 'invaliduid') { echo 'Invalid username
'; } // check for valid email else if ($_GET['error'] == 'invalidmail') { echo 'Invalid e-mail
'; } // check to make sure passwords match else if ($_GET['error'] == 'passwordcheck') { echo 'Your passwords do not match
'; } // check if username is unique else if ($_GET['error'] == 'usertaken') { echo 'Username is already taken
'; } } // check for successful signup else if ($_GET['signup'] == 'success') { echo 'Signup successful
'; } ?>// error handlers // check if there are empty fields if(empty($username) || empty($email) || empty($password) || empty($passwordRepeat)) { header("location: signup.php?error=emptyfields&uid=".$username."&mail=".$email); exit(); } // check for a valid email address and username else if(!filter_var($email, FILTER_VALIDATE_EMAIL) && !preg_match("/^[a-zA-Z0-9*$/]", $username)) { header("location: signup.php?error=invalidmail&uid="); exit(); } // check for a valid email address else if(!filter_var($email, FILTER_VALIDATE_EMAIL)) { header("location: signup.php?error=invalidmail&uid=".$username); exit(); } // check for valid username else if(!preg_match("/^[a-zA-Z0-9]*$/", $username)) { header("location: signup.php?error=invaliduid&mail=".$email); exit(); } // check to see if passwords match else if($password !== $passwordRepeat) { header("location: signup.php?error=passwordcheck&uid=".$username."&mail=".$email); exit(); } // check if username is already taken else { $sql = "SELECT uidUsers FROM users WHERE uidUsers=?"; $stmt = mysqli_stmt_init($connection); if(!mysqli_stmt_prepare($stmt, $sql)) { header("location: signup.php?error=sqlerror"); exit(); } else { mysqli_stmt_bind_param($stmt, "s", $username); mysqli_stmt_execute($stmt); mysqli_stmt_store_result($stmt); $resultCheck = mysqli_stmt_num_rows($stmt); if($resultCheck > 0) { header("location: signup.php?error=usertaken&mail=".$email); exit(); } // sql statement to insert new user into the database else { $sql = "INSERT INTO users (uidUsers, emailUsers, pwdUsers) VALUES (?, ?, ?)"; $stmt = mysqli_stmt_init($connection); if(!mysqli_stmt_prepare($stmt, $sql)) { header("location: signup.php?error=sqlerror"); exit(); } else { $hashedPwd = password_hash($password, PASSWORD_DEFAULT); mysqli_stmt_bind_param($stmt, "sss", $username, $email, $hashedPwd); mysqli_stmt_execute($stmt); header("location: signup.php?signup=success"); exit(); } } } } mysqli_stmt_close($stmt); mysqli_close($connection); } // else { // header("location: signup.php"); // exit(); // } ?>
File: create-new-password.php
// TODO: dont know if these will work // --> was going to send back to create-new-password.php but tokens aren't included // check to see if pwd or pwd repeat are empty if (empty($password) || empty($passwordRepeat)) { header("location: index.php?newpwd=empty"); // header("location: create-new-password.php?selector=" . $selector . "&validator=" . bin2hex($token). "newpwd=empty"); exit(); } // or if pwd and pwd repeat are not equal else if ($password !== $passwordRepeat) { header("location: index.php?newpwd=pwdnotsame"); exit(); } // create a date variable $currentDate = date("U"); // include database connection require 'includes/dbh_inc.php'; // select the actual token from our database $sql = "SELECT * FROM pwdreset WHERE pwdResetSelector=? AND pwdResetExpires>= ?"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { echo "There was an error"; exit(); } else { mysqli_stmt_bind_param($stmt, "ss", $selector, $currentDate); mysqli_stmt_execute($stmt); // grab the result $result = mysqli_stmt_get_result($stmt); // fetch the row -- should only have one token in db per user if (!$row = mysqli_fetch_assoc($result)) { echo "you need to resubmit your reset request"; exit(); } else { // if we get rows from the database we need to match the token thats inside // the database with the token we have from the form // convert to binary token $tokenBin = hex2bin($validator); // match token to the one in the database $tokenCheck = password_verify($tokenBin, $row['pwdResetToken']); // if token doesnt match print error message if ($tokenCheck == false) { echo "You need to resubmit your reset request"; exit(); } // if tokens match else if ($tokenCheck == true) { // start updating pwd in the database // grab email of the user $tokenEmail = $row['pwdResetEmail']; // select user from db where email = pwdResetEmail $sql = "SELECT * FROM users WHERE emailUsers=?;"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { echo "There was an error"; exit(); } else { mysqli_stmt_bind_param($stmt, "s", $tokenEmail); mysqli_stmt_execute($stmt); // grab the result $result = mysqli_stmt_get_result($stmt); if (!$row = mysqli_fetch_assoc($result)) { echo "There was an error"; exit(); } else { // update user information in the users table // updates the pwd $sql = "UPDATE users SET pwdUsers=? WHERE emailUsers=?"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { echo "There was an error"; exit(); } else { // hash the new pwd before entering it into the database $newPwdHash = password_hash($password, PASSWORD_DEFAULT); mysqli_stmt_bind_param($stmt, "ss", $newPwdHash, $tokenEmail); mysqli_stmt_execute($stmt); // delete the token now that the pwd was reset $sql = "DELETE FROM pwdreset WHERE pwdResetEmail=?;"; $stmt = mysqli_stmt_init($connection); if (!mysqli_stmt_prepare($stmt, $sql)) { echo "There was an error"; exit(); } else { mysqli_stmt_bind_param($stmt, "s", $tokenEmail); mysqli_stmt_execute($stmt); // return pwd updated success in the url header("location: header.php?newpwd=passwordupdated"); } } } } } } } } Programs in the BASH Language
File: stig-72059.sh #!/bin/bash cut -d: -f 1,3,6,7 /etc/passwd | egrep ":[1-4][0-9]{3}" | tr ":" "\t" grep /home /etc/fstab
File: stig-72119.sh #!/bin/bash grep -iw fremovexattr /etc/audit/audit.rules
File: stig-71989.sh #!/bin/bash getenforce
File: stig-71999.sh #!/bin/bash yum history list | more
File: stig-72109.sh #!/bin/bash grep -iw fchmodat /etc/audit/audit.rules
File: stig-72049.sh #!/bin/bash grep -i umask /home/*/.*
File: stig-72129.sh #!/bin/bash grep -iw open_by_handle_at /etc/audit/audit.rules
File: stig-72069.sh #!/bin/bash yum list installed aide find / -name aide.conf
File: stig-78995.sh #!/bin/bash grep system-db /etc/dconf/profile/user grep -i lock-enabled /etc/dconf/db/local.d/locks/* File: stig-72079.sh #!/bin/bash systemctl is-active auditd.service
File: stig-72139.sh #!/bin/bash grep -i /usr/bin/chcon /etc/audit/audit.rules
File: stig-72179.sh #!/bin/bash grep -iw /usr/libexec/openssh/ssh-keysign /etc/audit/audit.rules
File: stig-72039.sh #!/bin/bash find /dev -context *:device_t:* \( -type c -o -type b \) -printf "%p %Z\n" find /dev -context *:unlabeled_t:* \( -type c -o -type b \) -printf "%p %Z\n"
File: stig-73177.sh #!/bin/bash nmcli device
File: stig-79001.sh #!/bin/bash grep -iw finit_module /etc/audit/audit.rules
File: stig-73167.sh #!/bin/bash grep /etc/gshadow /etc/audit/audit.rules
File: stig-72029.sh #!/bin/bash cut -d: -f 1,4,6 /etc/passwd | egrep ":[1-4][0-9]{3}" grep 1000 /etc/group ls -al /home/*/.[^.]* | more
File: stig-72009.sh #!/bin/bash find / -fstype xfs -nogroup
File: stig-72149.sh #!/bin/bash grep -i /usr/bin/passwd /etc/audit/audit.rules File: stig-72289.sh #!/bin/bash grep 'net.ipv4.conf.default.accept_redirects' /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep 'net.ipv4.conf.default.accept_redirects'
File: stig-73173.sh #!/bin/bash grep /etc/security/opasswd /etc/audit/audit.rules
File: stig-71899.sh #!/bin/bash grep -i idle-activation-enabled /etc/dconf/db/local.d/*
File: stig-73163.sh #!/bin/bash grep -i network_failure_action /etc/audisp/audisp-remote.conf
File: stig-73157.sh #!/bin/bash grep system-db /etc/dconf/profile/user grep -i idle-delay /etc/dconf/db/local.d/locks/*
File: stig-72299.sh #!/bin/bash yum list installed vsftpd
File: stig-72159.sh #!/bin/bash grep -iw /usr/bin/su /etc/audit/audit.rules
File: stig-72019.sh #!/bin/bash ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)
File: stig-71983.sh #!/bin/bash grep -r usb-storage /etc/modprobe.d/* | grep -i "/bin/true" | grep -v "^#" grep usb-storage /etc/modprobe.d/* | grep -i "blacklist" | grep -v "^#"
File: stig-71861.sh #!/bin/bash grep banner-message-text /etc/dconf/db/local.d/* File: stig-71921.sh #!/bin/bash grep -i encrypt /etc/login.defs
File: stig-71915.sh #!/bin/bash grep maxrepeat /etc/security/pwquality.conf
File: stig-71855.sh #!/bin/bash rpm -Va | grep '^..5'
File: stig-72053.sh #!/bin/bash ls -al /etc/cron.allow
File: stig-72113.sh #!/bin/bash grep -iw fsetxattr /etc/audit/audit.rules
File: stig-72185.sh #!/bin/bash grep -iw "/usr/sbin/pam_timestamp_check" /etc/audit/audit.rules
File: stig-72245.sh #!/bin/bash grep -i printlastlog /etc/ssh/sshd_config
File: stig-72305.sh #!/bin/bash yum list installed tftp-server grep server_args /etc/xinetd.d/tftp
File: stig-72127.sh #!/bin/bash grep -iw openat /etc/audit/audit.rules
File: stig-72067.sh #!/bin/bash yum list installed dracut-fips grep fips /boot/grub2/grub.cfg cat /proc/sys/crypto/fips_enabled File: stig-72077.sh #!/bin/bash yum list installed telnet-server
File: stig-72137.sh #!/bin/bash grep -i /usr/sbin/setsebool /etc/audit/audit.rules
File: stig-72315.sh #!/bin/bash systemctl status firewalld firewall-cmd --get-default-zone firewall-cmd --list-all --zone=public ls -al /etc/hosts.allow ls -al /etc/hosts.deny
File: stig-72255.sh #!/bin/bash find /etc/ssh -name '*.pub' -exec ls -lL {} \;
File: stig-72103.sh #!/bin/bash grep -iw fchownat /etc/audit/audit.rules
File: stig-72043.sh #!/bin/bash more /etc/fstab
File: stig-77825.sh #!/bin/bash grep kernel.randomize_va_space /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep kernel.randomize_va_space
File: stig-72261.sh #!/bin/bash grep -i kerberosauth /etc/ssh/sshd_config
File: stig-81011.sh #!/bin/bash cat /etc/fstab | grep /dev/shm | grep nosuid mount | grep "/dev/shm" | grep nosuid
File: stig-71905.sh #!/bin/bash grep lcredit /etc/security/pwquality.conf
File: stig-71931.sh #!/bin/bash awk -F: '$5 > 60 {print $1 " " $5}' /etc/shadow
File: stig-71993.sh #!/bin/bash systemctl status ctrl.alt.del.target
File: stig-71911.sh #!/bin/bash grep difok /etc/security/pwquality.conf
File: stig-71987.sh #!/bin/bash grep -i clean_requirements_on_remove /etc/yum.conf
File: stig-71925.sh #!/bin/bash grep -i pass_min_days /etc/login.defs
File: stig-72241.sh #!/bin/bash grep -i clientalivecount /etc/ssh/sshd_config
File: stig-72301.sh #!/bin/bash yum list installed tftp-server
File: stig-72123.sh #!/bin/bash grep -iw creat /etc/audit/audit.rules
File: stig-72063.sh #!/bin/bash grep /var/log/audit /etc/fstab mount | grep "/var/log/audit"
File: stig-81005.sh #!/bin/bash grep -iw grub2_password /boot/grub2/user.cfg grep -iw "superusers" /boot/grub2/grub.cfg
File: stig-72275.sh #!/bin/bash grep pam_lastlog /etc/pam.d/postlogin
File: stig-72057.sh #!/bin/bash systemctl status kdump.service
File: stig-72117.sh #!/bin/bash grep -iw removexattr /etc/audit/audit.rules
File: stig-72107.sh #!/bin/bash grep -iw fchmod /etc/audit/audit.rules
File: stig-72047.sh #!/bin/bash find / -xdev -perm -002 -type d -fstype xfs -exec ls -lLd {} \;
File: stig-77821.sh #!/bin/bash grep -r dccp /etc/modprobe.d/* | grep -i "/bin/true" | grep -v "^#" grep -i dccp /etc/modprobe.d/* | grep -i "blacklist" | grep -v "^#"
File: stig-72265.sh #!/bin/bash grep -i usepriv /etc/ssh/sshd_config
File: stig-81015.sh #!/bin/bash grep "active" /etc/audisp/plugins.d/au-remote.conf
File: stig-72073.sh #!/bin/bash yum list installed aide find / -name aide.conf
File: stig-72133.sh #!/bin/bash grep -iw ftruncate /etc/audit/audit.rules File: stig-72191.sh #!/bin/bash grep -iw kmod /etc/audit/audit.rules
File: stig-72311.sh #!/bin/bash cat /etc/fstab | grep nfs
File: stig-81021.sh #!/bin/bash grep "name_format" /etc/audisp/audispd.conf
File: stig-72251.sh #!/bin/bash cat /etc/redhat-release grep -i protocol /etc/ssh/sshd_config
File: stig-71935.sh #!/bin/bash grep minlen /etc/security/pwquality.conf
File: stig-71997.sh #!/bin/bash cat /etc/redhat-release
File: stig-71901.sh #!/bin/bash grep -i lock-delay /etc/dconf/db/local.d/*
File: stig-71941.sh #!/bin/bash grep -i inactive /etc/default/useradd
File: stig-71897.sh #!/bin/bash yum list installed screen yum list installed tmux
File: stig-71975.sh #!/bin/bash yum list installed aide ls -al /etc/cron.* | grep aide grep aide /etc/crontab /var/spool/cron/root more /etc/cron.daily/aide
File: stig-72091.sh #!/bin/bash grep -i space_left_action /etc/audit/auditd.conf
File: stig-72211.sh #!/bin/bash grep imtcp /etc/rsyslog.conf grep imudp /etc/rsyslog.conf grep imrelp /etc/rsyslog.conf
File: stig-72173.sh #!/bin/bash grep -iw "/usr/bin/umount" /etc/audit/audit.rules
File: stig-72033.sh #!/bin/bash ls -al /home/*/.[^.]* | more
File: stig-72225.sh #!/bin/bash grep -i banner /etc/ssh/sshd_config
File: stig-72287.sh #!/bin/bash grep net.ipv4.icmp_echo_ignore_broadcasts /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep net.ipv4.icmp_echo_ignore_broadcasts
File: stig-72007.sh #!/bin/bash find / -fstype xfs -nouser
File: stig-72147.sh #!/bin/bash grep -i /var/log/lastlog /etc/audit/audit.rules
File: stig-72157.sh #!/bin/bash grep -i /usr/sbin/userhelper /etc/audit/audit.rules
File: stig-72017.sh #!/bin/bash ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6)
File: stig-72297.sh #!/bin/bash yum list installed postfix postconf -n smtpd_client_restrictions
File: stig-73159.sh #!/bin/bash cat /etc/pam.d/system-auth | grep pam_pwquality
File: stig-72235.sh #!/bin/bash systemctl status sshd
File: stig-72023.sh #!/bin/bash ls -lLR /home/*
File: stig-72163.sh #!/bin/bash grep -i "/etc/sudoers" /etc/audit/audit.rules grep -i "/etc/sudoers.d/" /etc/audit/audit.rules
File: stig-72201.sh #!/bin/bash grep -iw renameat /etc/audit/audit.rules
File: stig-72081.sh #!/bin/bash auditctl -s | grep -i "fail"
File: stig-92251.sh #!/bin/bash grep net.ipv4.conf.all.rp_filter /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep net.ipv4.conf.all.rp_filter
File: stig-71965.sh #!/bin/bash authconfig --test | grep "pam_pkcs11 is enabled" authconfig --test | grep "smartcard removal action" authconfig --test | grep "smartcard module"
File: stig-71951.sh #!/bin/bash grep -i fail_delay /etc/login.defs
File: stig-71893.sh #!/bin/bash grep -i idle-delay /etc/dconf/db/local.d/*
File: stig-71971.sh #!/bin/bash semanage login -l | more
File: stig-71945.sh #!/bin/bash grep pam_faillock.so /etc/pam.d/password-auth grep pam_faillock.so /etc/pam.d/system-auth
File: stig-72221.sh #!/bin/bash grep -i ciphers /etc/ssh/sshd_config
File: stig-72003.sh #!/bin/bash pwck -r
File: stig-72283.sh #!/bin/bash grep net.ipv4.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep net.ipv4.conf.all.accept_source_route
File: stig-72095.sh #!/bin/bash grep -iw execve /etc/audit/audit.rules
File: stig-72177.sh #!/bin/bash grep -iw /usr/sbin/postqueue /etc/audit/audit.rules
File: stig-72037.sh #!/bin/bash find / -xdev -perm -002 -type f -exec ls -ld {} \; | more grep /home/*/.*
File: stig-72027.sh #!/bin/bash ls -lLR /home/*
File: stig-72167.sh #!/bin/bash grep -i /usr/bin/chsh /etc/audit/audit.rules
File: stig-72085.sh #!/bin/bash grep -i enable_krb5 /etc/audisp/audisp-remote.conf
File: stig-92255.sh #!/bin/bash rpm -qa | grep MFEhiplsm ps -ef | grep -i “hipclient” find / -name ps -ef | grep -i
File: stig-72205.sh #!/bin/bash grep -iw unlink /etc/audit/audit.rules
File: stig-72293.sh #!/bin/bash grep 'net.ipv4.conf.all.send_redirects' /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep 'net.ipv4.conf.all.send_redirects'
File: stig-72153.sh #!/bin/bash grep -i /usr/bin/gpasswd /etc/audit/audit.rules
File: stig-72013.sh #!/bin/bash grep -i create_home /etc/login.defs
File: stig-72231.sh #!/bin/bash systemctl status sssd.service grep -i "id_provider" /etc/sssd/sssd.conf grep -i tls_cacert /etc/sssd/sssd.conf
File: stig-71955.sh #!/bin/bash grep -i timedloginenable /etc/gdm/custom.conf
File: stig-71961.sh #!/bin/bash grep -i ^password_pbkdf2 /boot/grub2/grub.cfg
File: stig-71913.sh #!/bin/bash grep minclass /etc/security/pwquality.conf
File: stig-71927.sh #!/bin/bash awk -F: '$4 < 1 {print $1 " " $4}' /etc/shadow
File: stig-71985.sh #!/bin/bash systemctl status autofs
File: stig-72121.sh #!/bin/bash grep -iw lremovexattr /etc/audit/audit.rules
File: stig-72061.sh #!/bin/bash grep /var /etc/fstab
File: stig-72183.sh #!/bin/bash grep -iw /usr/bin/crontab /etc/audit/audit.rules
File: stig-72243.sh #!/bin/bash grep -i IgnoreRhosts /etc/ssh/sshd_config
File: stig-72303.sh #!/bin/bash grep -i x11forwarding /etc/ssh/sshd_config | grep -v "^#"
File: stig-72055.sh #!/bin/bash ls -al /etc/cron.allow
File: stig-72115.sh #!/bin/bash grep -iw lsetxattr /etc/audit/audit.rules
File: stig-81007.sh #!/bin/bash grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
File: stig-72277.sh #!/bin/bash find / -name '*.shosts'
File: stig-72267.sh #!/bin/bash grep -i compression /etc/ssh/sshd_config
File: stig-81017.sh #!/bin/bash cat /etc/audisp/plugins.d/au-remote.conf | grep -v "^#"
File: stig-72105.sh #!/bin/bash grep -iw chmod /etc/audit/audit.rules
File: stig-72045.sh #!/bin/bash more /etc/fstab | grep nfs mount | grep nfs | grep nosuid
File: stig-77823.sh #!/bin/bash grep -i execstart /usr/lib/systemd/system/rescue.service | grep -i sulogin
File: stig-72313.sh #!/bin/bash ls -al /etc/snmp/snmpd.conf grep public /etc/snmp/snmpd.conf grep private /etc/snmp/snmpd.conf
File: stig-72253.sh #!/bin/bash grep -i macs /etc/ssh/sshd_config
File: stig-72071.sh #!/bin/bash yum list installed aide find / -name aide.conf #Check the "aide.conf" file to determine if the "xattrs" rule has been added to the rule list being applied to the files and directories selection lists.
File: stig-72131.sh #!/bin/bash grep -iw truncate /etc/audit/audit.rules
File: stig-71995.sh #!/bin/bash grep -i umask /etc/login.defs
File: stig-71937.sh #!/bin/bash grep nullok /etc/pam.d/system-auth /etc/pam.d/password-auth
File: stig-71903.sh #!/bin/bash grep ucredit /etc/security/pwquality.conf
File: stig-71863.sh #!/bin/bash more /etc/issue
File: stig-71923.sh #!/bin/bash grep -i sha512 /etc/libuser.conf
File: stig-71917.sh #!/bin/bash grep maxclassrepeat /etc/security/pwquality.conf
File: stig-72051.sh #!/bin/bash grep cron /etc/rsyslog.conf /etc/rsyslog.d/*.conf
File: stig-72111.sh #!/bin/bash grep -iw setxattr /etc/audit/audit.rules File: stig-81003.sh #!/bin/bash cat /etc/pam.d/passwd | grep -i substack | grep -i system-auth
File: stig-72273.sh #!/bin/bash yum list installed firewalld systemctl status firewalld firewall-cmd --state
File: stig-72125.sh #!/bin/bash grep -iw open /etc/audit/audit.rules
File: stig-72065.sh #!/bin/bash systemctl is-enabled tmp.mount
File: stig-72247.sh #!/bin/bash grep -i permitrootlogin /etc/ssh/sshd_config
File: stig-72307.sh #!/bin/bash rpm -qa | grep xorg | grep server
File: stig-72187.sh #!/bin/bash grep -iw init_module /etc/audit/audit.rules
File: stig-72197.sh #!/bin/bash grep /etc/passwd /etc/audit/audit.rules
File: stig-72317.sh #!/bin/bash yum list installed libreswan systemctl status ipsec grep -iw conn /etc/ipsec.conf /etc/ipsec.d/*.conf
File: stig-72257.sh #!/bin/bash find / -name '*ssh_host*key' | xargs ls -lL File: stig-72075.sh #!/bin/bash find / -name grub.cfg grep -c menuentry /boot/grub2/grub.cfg grep 'set root' /boot/grub2/grub.cfg
File: stig-72135.sh #!/bin/bash grep -i /usr/sbin/semanage /etc/audit/audit.rules
File: stig-72263.sh #!/bin/bash grep -i strictmodes /etc/ssh/sshd_config
File: stig-81013.sh #!/bin/bash cat /etc/fstab | grep /dev/shm | grep noexec mount | grep "/dev/shm" | grep noexec
File: stig-78999.sh #!/bin/bash grep -iw create_module /etc/audit/audit.rules
File: stig-72101.sh #!/bin/bash grep -iw lchown /etc/audit/audit.rules
File: stig-72041.sh #!/bin/bash cut -d: -f 1,3,6 /etc/passwd | egrep ":[1-4][0-9]{3}" more /etc/fstab
File: stig-71907.sh #!/bin/bash grep dcredit /etc/security/pwquality.conf
File: stig-71991.sh #!/bin/bash sestatus
File: stig-71933.sh #!/bin/bash grep -i remember /etc/pam.d/system-auth /etc/pam.d/password-auth
File: stig-71973.sh #!/bin/bash yum list installed aide ls -al /etc/cron.* | grep aide grep aide /etc/crontab /var/spool/cron/root
File: stig-71891.sh #!/bin/bash grep -i lock-enabled /etc/dconf/db/local.d/*
File: stig-71947.sh #!/bin/bash grep -i nopasswd /etc/sudoers /etc/sudoers.d/*
File: stig-72281.sh #!/bin/bash grep hosts /etc/nsswitch.conf ls -al /etc/resolv.conf grep nameserver /etc/resolv.conf
File: stig-72001.sh #!/bin/bash more /etc/passwd
File: stig-72141.sh #!/bin/bash grep -iw /usr/sbin/setfiles /etc/audit/audit.rules
File: stig-72223.sh #!/bin/bash grep -i tmout /etc/profile.d/*
File: stig-72175.sh #!/bin/bash grep -iw /usr/sbin/postdrop /etc/audit/audit.rules
File: stig-72035.sh #!/bin/bash grep -i path /home/*/.*
File: stig-72097.sh #!/bin/bash grep -iw chown /etc/audit/audit.rules
File: stig-72217.sh #!/bin/bash grep "maxlogins" /etc/security/limits.conf
File: stig-72207.sh #!/bin/bash grep -iw unlinkat /etc/audit/audit.rules
File: stig-72087.sh #!/bin/bash grep -i disk_full_action /etc/audisp/audisp-remote.conf
File: stig-72165.sh #!/bin/bash grep -i /usr/bin/newgrp /etc/audit/audit.rules
File: stig-72233.sh #!/bin/bash yum list installed \*ssh\*
File: stig-72151.sh #!/bin/bash grep -iw /usr/sbin/unix_chkpwd /etc/audit/audit.rules
File: stig-72011.sh #!/bin/bash pwck -r cut -d: -f 1,3 /etc/passwd | egrep ":[1-4][0-9]{2}$|:[0-9]{1,2}$"
File: stig-72291.sh #!/bin/bash grep 'net.ipv4.conf.default.send_redirects' /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep 'net.ipv4.conf.default.send_redirects'
File: stig-71957.sh #!/bin/bash grep -i permituserenvironment /etc/ssh/sshd_config
File: stig-71963.sh #!/bin/bash grep -i password /boot/efi/EFI/redhat/grub.cfg File: stig-71943.sh #!/bin/bash grep pam_faillock.so /etc/pam.d/password-auth grep pam_faillock.so /etc/pam.d/system-auth
File: stig-71977.sh #!/bin/bash grep gpgcheck /etc/yum.conf
File: stig-72171.sh #!/bin/bash grep -iw "mount" /etc/audit/audit.rules
File: stig-72031.sh #!/bin/bash cut -d: -f 1,4,6 /etc/passwd | egrep ":[1-4][0-9]{3}" grep 1000 /etc/group ls -al /home/*/.[^.]* | more
File: stig-72213.sh #!/bin/bash echo "verify an anti-virus solution is installed on the system"
File: stig-72093.sh #!/bin/bash grep -i action_mail_acct /etc/audit/auditd.conf
File: stig-72005.sh #!/bin/bash awk -F: '$3 == 0 {print $1}' /etc/passwd
File: stig-72145.sh #!/bin/bash grep -i /var/run/faillock /etc/audit/audit.rules
File: stig-72285.sh #!/bin/bash grep net.ipv4.conf.default.accept_source_route /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep net.ipv4.conf.default.accept_source_route
File: stig-72227.sh #!/bin/bash systemctl status sssd.service grep -i "id_provider" /etc/sssd/sssd.conf grep -i "start_tls" /etc/sssd/sssd.conf
File: stig-72237.sh #!/bin/bash grep -iw clientaliveinterval /etc/ssh/sshd_config
File: stig-72295.sh #!/bin/bash ip link | grep -i promisc
File: stig-72155.sh #!/bin/bash grep -i /usr/bin/chage /etc/audit/audit.rules
File: stig-72015.sh #!/bin/bash cut -d: -f 1,3,6 /etc/passwd | egrep ":[1-4][0-9]{3}" pwck -r
File: stig-72083.sh #!/bin/bash grep -i remote_server /etc/audisp/audisp-remote.conf
File: stig-92253.sh #!/bin/bash grep net.ipv4.conf.default.rp_filter /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep net.ipv4.conf.default.rp_filter
File: stig-72203.sh #!/bin/bash grep -iw rmdir /etc/audit/audit.rules
File: stig-72021.sh #!/bin/bash ls -ld $(egrep ':[0-9]{4}' /etc/passwd | cut -d: -f6) grep users /etc/group
File: stig-72161.sh #!/bin/bash grep -iw /usr/bin/sudo /etc/audit/audit.rules File: stig-71967.sh #!/bin/bash yum list installed rsh-server
File: stig-71953.sh #!/bin/bash grep -i automaticloginenable /etc/gdm/custom.conf
File: stig-72189.sh #!/bin/bash grep -iw delete_module /etc/audit/audit.rules
File: stig-72249.sh #!/bin/bash grep -i IgnoreUserKnownHosts /etc/ssh/sshd_config
File: stig-72309.sh #!/bin/bash grep net.ipv4.ip_forward /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep net.ipv4.ip_forward
File: stig-71919.sh #!/bin/bash grep password /etc/pam.d/system-auth /etc/pam.d/password-auth
File: stig-71859.sh #!/bin/bash grep banner-message-enable /etc/dconf/db/local.d/*
File: stig-71849.sh #!/bin/bash for i in `rpm -Va | grep '^.M' | cut -d " " -f4,5`;do for j in `rpm -qf $i`;do rpm -ql $j --dump | cut -d " " -f1,5,6,7 | grep $i;done;done ls -la
File: stig-71909.sh #!/bin/bash grep ocredit /etc/security/pwquality.conf
File: stig-78997.sh #!/bin/bash grep system-db /etc/dconf/profile/user grep -i idle-activation-enabled /etc/dconf/db/local.d/locks/* File: stig-72319.sh #!/bin/bash grep net.ipv6.conf.all.accept_source_route /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep net.ipv6.conf.all.accept_source_route
File: stig-72259.sh #!/bin/bash grep -i gssapiauth /etc/ssh/sshd_config
File: stig-72199.sh #!/bin/bash grep -iw rename /etc/audit/audit.rules
File: stig-81009.sh #!/bin/bash cat /etc/fstab | grep /dev/shm | grep nodev mount | grep "/dev/shm" | grep nodev
File: stig-72279.sh #!/bin/bash find / -name shosts.equiv
File: stig-94843.sh #!/bin/bash grep logout /etc/dconf/local.d/*
File: stig-71929.sh #!/bin/bash grep -i pass_max_days /etc/login.defs
File: stig-71939.sh #!/bin/bash grep -i PermitEmptyPasswords /etc/ssh/sshd_config
File: stig-77819.sh #!/bin/bash grep system-db /etc/dconf/profile/user grep enable-smartcard-authentication /etc/dconf/db/local.d/*
File: stig-72269.sh #!/bin/bash ps -ef | grep ntp ps -ef | grep chronyd grep maxpoll /etc/ntp.conf grep -i "ntpd -q" /etc/cron.daily/* ls -al /etc/cron.* | grep ntp grep maxpoll /etc/chrony.conf
File: stig-81019.sh #!/bin/bash grep "overflow_action" /etc/audisp/audispd.conf
File: stig-72229.sh #!/bin/bash systemctl status sssd.service grep -i "id_provider" /etc/sssd/sssd.conf grep -i tls_reqcert /etc/sssd/sssd.conf
File: stig-73171.sh #!/bin/bash grep /etc/shadow /etc/audit/audit.rules
File: stig-71979.sh #!/bin/bash grep localpkg_gpgcheck /etc/yum.conf
File: stig-72427.sh #!/bin/bash grep services /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf
File: stig-71969.sh #!/bin/bash yum list installed ypserv
File: stig-73161.sh #!/bin/bash more /etc/fstab | grep nfs mount | grep nfs | grep noexec
File: stig-73155.sh #!/bin/bash grep system-db /etc/dconf/profile/user grep -i lock-delay /etc/dconf/db/local.d/locks/*
File: stig-72239.sh #!/bin/bash cat /etc/redhat-release grep RhostsRSAAuthentication /etc/ssh/sshd_config
File: stig-72219.sh #!/bin/bash firewall-cmd --list-all
File: stig-73175.sh #!/bin/bash grep 'net.ipv4.conf.all.accept_redirects' /etc/sysctl.conf /etc/sysctl.d/* /sbin/sysctl -a | grep 'net.ipv4.conf.all.accept_redirects'
File: stig-72099.sh #!/bin/bash grep -iw fchown /etc/audit/audit.rules
File: stig-71949.sh #!/bin/bash grep -i authenticate /etc/sudoers /etc/sudoers.d/*
File: stig-72417.sh #!/bin/bash yum list installed esc yum list installed pam_pkcs11
File: stig-72433.sh #!/bin/bash grep cert_policy /etc/pam_pkcs11/pam_pkcs11.conf | grep -v "^#"
File: stig-71959.sh #!/bin/bash grep -i hostbasedauthentication /etc/ssh/sshd_config
File: stig-72089.sh #!/bin/bash grep -iw log_file /etc/audit/auditd.conf df -h /var/log/audit/ du -sh grep -iw space_left /etc/audit/auditd.conf
File: stig-72209.sh #!/bin/bash grep @ /etc/rsyslog.conf /etc/rsyslog.d/*.conf
File: stig-73165.sh #!/bin/bash grep /etc/group /etc/audit/audit.rules References
[1] S. Allamaraju, RESTful Web Services Cookbook. O’Reilly Media, Inc., 2010. [2] A. Beaulieu, Learning SQL, Second Edition. O’Reilly Media, Inc., 2009. [3] J. V. Carl Albing and C. Newham, bash Cookbook. O’Reilly Media, Inc., 2007.
[4] D. Dougherty and A. Robbins, sed awk, Second Edition. O’Reilly Asso- ciates, Inc., 1997. [5] “Pep 8 - style guide for python code.” [6] “Psr-12: Coding style guide - php-fig.” Accessed from https://www.php- fig.org/psr/psr-12/. [7] S. Holywell, “Sql style guide by simon holywell,” Nov 2019. [8] “Couchbase documentation python 2.5 sdk.” Accessed from https://docs.couchbase.com/python-sdk/2.5/start-using-sdk.html.
67