Linux Security Plugin

Dec 13, 2017 | Security monitoring

Tags: , ,

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Update in: 18 October 2023


:

Run several security checks in a Linux system and return modules for them:

  • SELinux status: Critical if you cannot execute the sestatus command or it is not enabled.
  • SSH root access status: Critical if it cannot read the /etc/ssh/sshd_config file or if it finds the PermitRootLogin parameter with a value other than no in it
  • SSH root keys status: Critical if you find public and/or private SSH keys within /root/.ssh and its subdirectories. Files whose content begins with —–BEGIN RSA PRIVATE KEY—– and ends with —–END RSA PRIVATE KEY—– are considered private keys. Files whose content contains ssh-rsa are considered public keys and are not known_hosts or authorized_keys files. The module description indicates the paths to the found keys.
  • Authorized ports status: Critical if any TCP port is found listening that is not in the checklist. The description indicates the unauthorized ports it detects.
  • Files check status: Critical if the MD5 of the files to be checked is modified compared to the previous execution (it is compared with a control file generated by the plugin) or if it is not able to read any of the files to be checked. The module description indicates the files that have changed and those that could not be checked.
  • Insecure passwords status: Critical if it finds any user inside /etc/shadow with a password from those indicated in the checklist or that the user itself is also the password. The module description indicates the users found.

Default checks:

  • Allowed ports:
    • 80
    • 22
  • Integrity files:
    • /etc/shadow
    • /etc/passwd
    • /etc/hosts
    • /etc/resolv.conf
    • /etc/ssh/sshd_config
    • /etc/rsyslog.conf
  • Insecure passwords: A list of 100 most commonly used passwords.

Usage:

pandora_security_check [-h,–help] [–check_selinux {0,1}] [–check_ssh_root_access {0,1}] [–check_ssh_root_keys {0,1}] [–check_ports {0,1}] [–check_files {0,1}] [–check_passwords {0,1}] [–include_defaults {0,1}] [–integrity_file <integrity_file>] [–conf <conf_file>]

Optional arguments:

-h, –help : Show the help message and exit
–check_selinux {0,1} : Enable/Disable check SElinux module
–check_ssh_root_access {0,1} : Enable/Disable check SSH root access module
–check_ssh_root_keys {0,1} : Enable/Disable check SSH root keys module
–check_ports {0,1} : Enable/Disable check ports module
–check_files {0,1} : Enable/Disable check files module
–check_passwords {0,1} : Enable/Disable check passwords module
–include_defaults {0,1} : Enable/Disable default plugin checks for ports, files and passwords
–integrity_file <integrity_file> : Path to integrity check file. Default: /tmp/cf4001640b5fbf3d52b515c7991f8b6e.integrity
–conf <conf_file> : Path to plugin configuration file. Available configuration blocks: [PORTS], [FILES] and [PASSWORDS]

Configuration file content example:

[PORTS]
3306
443
[FILES]
/etc/httpd/httpd.conf
/etc/my.cnf
[PASSWORDS]
pandora
PANDORA
P4nd0r4

Files:

pandora_security_check

(Visited 557 times, 4 visits today)

For correct visualization of the Pandora FMS library extension, you must have installed version NG 760 or superior

Got it!
X