Permalink
Browse files

Added support for arch-audit tooling

  • Loading branch information...
mboelen committed Sep 24, 2016
1 parent 9d91f7d commit db419495bf8daa3bc996aeb3992e0b2ae65649a4
Showing with 44 additions and 0 deletions.
  1. +4 −0 include/binaries
  2. +40 −0 include/tests_ports_packages
View
@@ -83,6 +83,10 @@
afick.pl) AFICKFOUND=1; AFICKBINARY=${BINARY}; LogText " Found known binary: afick (file integrity checker) - ${BINARY}" ;;
aide) AIDEFOUND=1; AIDEBINARY=${BINARY}; LogText " Found known binary: aide (file integrity checker) - ${BINARY}" ;;
apache2) if [ -f ${BINARY} ]; then HTTPDFOUND=1; HTTPDBINARY=${BINARY}; LogText " Found known binary: apache2 (web server) - ${BINARY}"; fi ;;
+ arch-audit)
+ ARCH_AUDIT_BINARY="${BINARY}"
+ LogText " Found known binary: arch-audit (auditing utility to test for vulnerable packages) - ${BINARY}"
+ ;;
auditd) AUDITDFOUND=1; AUDITDBINARY=${BINARY}; LogText " Found known binary: auditd (audit framework) - ${BINARY}" ;;
awk) if [ -f ${BINARY} ]; then AWKFOUND=1; AWKBINARY=${BINARY}; LogText " Found known binary: awk (string tool) - ${BINARY}"; fi ;;
dig) DIGFOUND=1; DIGBINARY=${BINARY}; LogText " Found known binary: dig (nameservice tool) - ${BINARY}" ;;
@@ -276,6 +276,46 @@
fi
#
#################################################################################
+#
+ # Test : PKGS-7320
+ # Description : Check available of arch-audit
+ if [ "${OSNAME}" = "Arch Linux" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="Test only applies to Arch Linux"; fi
+ Register --test-no PKGS-7320 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Checking for arch-audit tooling"
+ if [ ${SKIPTEST} -eq 0 ]; then
+ if [ -z "${ARCH_AUDIT_BINARY}" ]; then
+ LogText "Result: no arch-audit binary found"
+ AddHP 1 2
+ ReportSuggestion "${TEST_NO}" "Consider installing arch-audit to determine vulnerable packages" "arch-audit" "text:Install arch-audit"
+ else
+ LogText "Result: arch-audit binary found (${ARCH_AUDIT_BINARY})"
+ AddHP 3 3
+ fi
+ fi
+#
+#################################################################################
+#
+ # Test : PKGS-7322
+ # Description : Discover vulnerable packages with arch-audit
+ if [ ! -z "${ARCH_AUDIT_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="arch-audit not found"; fi
+ Register --test-no PKGS-7322 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Discover vulnerable packages with arch-audit"
+ if [ ${SKIPTEST} -eq 0 ]; then
+ LogText "Test: checking arch-audit output for vulnerable packages"
+ FIND=$(${ARCH_AUDIT_BINARY} | sed 's/\.\..*$//' | sed 's/, //g' | sed 's/\(\["\|"\]\)//g' | sed 's/""/,/g' | awk '{ if($1=="Package") { print $2"|"$6"|"}}' | awk -F'|' 'NF>1{a[$1] = a[$1]","$2}END{for(i in a){print i""a[i]}}' | sed 's/,/|cve=/' | sort | grep --color=auto "^[a-z]\+")
+ if [ -z "${FIND}" ]; then
+ LogText "Result: no vulnerable packages found with arch-audit"
+ AddHP 10 10
+ else
+ LogText "Result: found one or more vulnerable packages"
+ for ITEM in ${FIND}; do
+ LogText "Found line: ${ITEM}"
+ Report "vulnerable_package[]=${ITEM}"
+ AddHP 1 2
+ done
+ ReportWarning "${TEST_NO}" "Vulnerable packages found" "arch-audit" "text:Check output of arch-audit"
+ fi
+ fi
+#
+#################################################################################
#
# Test : PKGS-7328
# Description : Check installed packages with Zypper

1 comment on commit db41949

@davidhartleyllc

This comment has been minimized.

Show comment
Hide comment

Great tool!

Please sign in to comment.