script for security audit on AIX
#!/usr/bin/ksh
dir="/tmp/hc_agent"
hostname=`hostname`
CFGOUT=${hostname}.healthcheck.out
do_lspath()
{
echo "\f\n\n MULTIPATH IO CAPABLE DEVICES (lspath -l <hdisk>)" >> $CFGOUT
for pv in `/usr/sbin/lspv | awk '{print $1}'`
do
lspath -l $pv >> $CFGOUT
done
echo "------------------------------------------------------\n" >> $CFGOUT
}
do_smtctl()
{
#SMT Enabled ?
echo "\n\nSIMULTANEOUS MULTITHREADING ENABLED (smtctl) " >> $CFGOUT
echo "------------------------------------\n" >> $CFGOUT
smtctl >> $CFGOUT
echo "------------------------------------\n" >> $CFGOUT
}
do_users()
{
# Check the password security info
echo "\n\nPASSWORD SECURITY INFORMATION" >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
lsuser -c -a histexpire histsize maxage maxexpired maxrepeats minage minalp
ha mindiff minlen minother pwdwarntime loginretries ALL | grep '#name' | head
-1 >> $CFGOUT
lsuser -c -a histexpire histsize maxage maxexpired maxrepeats minage minalp
ha mindiff minlen minother pwdwarntime loginretries ALL | grep -v '#name' >> $C
FGOUT
echo "-----------------------------\n" >> $CFGOUT
# user incosistency check
echo "\nUSER INCONSISTENCY INFORMATION" >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
usrck -n ALL >> $CFGOUT 2>&1
echo "-----------------------------\n" >> $CFGOUT
# group inconsistency check
echo "\nGROUP INCONSISTENCY INFORMATION" >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
grpck -n ALL >> $CFGOUT 2>&1
echo "-----------------------------\n" >> $CFGOUT
# correctness of local authentication information
echo "\n AUTHENTICATION INCONSISTENCY INFORMATION" >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
pwdck -n ALL >> $CFGOUT 2>&1
echo "-----------------------------\n" >> $CFGOUT
# echo security password
echo "PASSOWORD POLICTY (/etc/security/passwd)" >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
cat /etc/security/passwd | grep -v password >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
}
do_check_file()
{
# check the files exists
echo "\n CHECKING THE EXISTENCE OF SECURITY FILES" >> $CFGOUT
echo "-----------------------------------------" >> $CFGOUT
if [ -e /var/adm/wtmp ]
then
echo "/var/adm/wtmp" >> $CFGOUT
fi
if [ -e /var/adm/sulog ]
then
echo "/var/adm/sulog" >> $CFGOUT
fi
if [ -e /etc/security/failedlogin ]
then
echo "/etc/security/failedlogin" >> $CFGOUT
fi
echo "-----------------------------------------" >> $CFGOUT
}
do_osr_policy()
{
# osr policy at high level
echo "\n\n OSR POLICY HIGH LEVEL" >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
echo "ROOT FILE PERMISSIONS" >> $CFGOUT
echo "---------------------\n" >> $CFGOUT
ls -l / >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
echo "SECURITY FILE PERMISSIONS" >> $CFGOUT
ls -l /etc/security >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
echo " ROOT/.NETRC FILES" >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
ls -l ~root/.netrc >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
echo " ROOT/rhosts FILES " >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
ls -l ~root/.rhosts >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
}
do_lssrc_daemon()
{
#get the all daemon and status
echo "\n\n ALL DEAMON STATUS ( lssrc -a)" >> $CFGOUT
echo "-----------------------------------" >> $CFGOUT
lssrc -a >> $CFGOUT
echo "----------------------------\n" >> $CFGOUT
}
do_umask()
{
echo "\n\n UMASK VALUE( umask )" >> $CFGOUT
echo "-------------------------" >> $CFGOUT
umask >> $CFGOUT
echo "--------------------------" >> $CFGOUT
}
do_mksysb_exfile()
{
# mksysb exclude files
echo "MKSYSB EXCLUDE FILE LIST (/etc/exclude.rootvg)" >> $CFGOUT
echo "-------------------------" >> $CFGOUT
if [ -e /etc/exclude.rootvg ]
then
cat /etc/exclude.rootvg >> $CFGOUT
fi
echo "---------------------------" >> $CFGOUT
}
do_lppchk_check()
{
echo "\n\nFILE SET LEVEL CONSISTENCY (lppchk -vm3) " >> $CFGOUT
echo "---------------------------------" >> $CFGOUT
lppchk -vm3 >> $CFGOUT 2>&1
echo "---------------------------------" >> $CFGOUT
}
do_instifix_check()
{
echo "\n\n INSTIFIX MISSING UPGRADES (instfix -i ) " >> $CFGOUT
echo "--------------------------------" >> $CFGOUT
instfix -i | grep -i ml >> $CFGOUT
echo "--------------------------------" >> $CFGOUT
}
do_patch_mgmt()
{
echo "PATH MANAGEMENT ( emgr -l ) " >> $CFGOUT
echo "----------------------------" >> $CFGOUT
emgr -l >> $CFGOUT 2>&1
echo "----------------------------" >> $CFGOUT
}
do_odmget()
{
echo "\nCHECK ODM CURRUPTION ( odmget -CuDv )" >> $CFGOUT
echo "-----------------------------------" >> $CFGOUT
odmget CuDv >> $CFGOUT
echo "-----------------------------------" >> $CFGOUT
}
do_emc_storage_path()
{
# get the path details for EMC storage
echo "EMC PowerPath Details ( powermt display )" >> $CFGOUT
echo "-----------------------------------------" >> $CFGOUT
powermt display dev=all >> $CFGOUT
echo "-----------------------------------------" >> $CFGOUT
}
do_itm_process()
{
# Get ITM process details
echo "ITM PROCESS DETAILS (cinfo -r )" >> $CFGOUT
echo "-----------------------------------------" >> $CFGOUT
/opt/IBM/ITM/bin/cinfo -r >> $CFGOUT 2>&1
echo "-----------------------------------------" >> $CFGOUT
echo "\n\n RUNING PROCESS DETAILS " >> $CFGOUT
ps -ef | grep -i itm >> $CFGOUT
echo "-----------------------------------------" >> $CFGOUT
}
do_users
do_check_file
do_osr_policy
do_lssrc_daemon
do_umask
do_mksysb_exfile
do_lppchk_check
do_instifix_check
do_patch_mgmt
do_odmget
do_smtctl
do_lspath
do_itm_process
do_emc_storage_path
dir="/tmp/hc_agent"
hostname=`hostname`
CFGOUT=${hostname}.healthcheck.out
do_lspath()
{
echo "\f\n\n MULTIPATH IO CAPABLE DEVICES (lspath -l <hdisk>)" >> $CFGOUT
for pv in `/usr/sbin/lspv | awk '{print $1}'`
do
lspath -l $pv >> $CFGOUT
done
echo "------------------------------------------------------\n" >> $CFGOUT
}
do_smtctl()
{
#SMT Enabled ?
echo "\n\nSIMULTANEOUS MULTITHREADING ENABLED (smtctl) " >> $CFGOUT
echo "------------------------------------\n" >> $CFGOUT
smtctl >> $CFGOUT
echo "------------------------------------\n" >> $CFGOUT
}
do_users()
{
# Check the password security info
echo "\n\nPASSWORD SECURITY INFORMATION" >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
lsuser -c -a histexpire histsize maxage maxexpired maxrepeats minage minalp
ha mindiff minlen minother pwdwarntime loginretries ALL | grep '#name' | head
-1 >> $CFGOUT
lsuser -c -a histexpire histsize maxage maxexpired maxrepeats minage minalp
ha mindiff minlen minother pwdwarntime loginretries ALL | grep -v '#name' >> $C
FGOUT
echo "-----------------------------\n" >> $CFGOUT
# user incosistency check
echo "\nUSER INCONSISTENCY INFORMATION" >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
usrck -n ALL >> $CFGOUT 2>&1
echo "-----------------------------\n" >> $CFGOUT
# group inconsistency check
echo "\nGROUP INCONSISTENCY INFORMATION" >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
grpck -n ALL >> $CFGOUT 2>&1
echo "-----------------------------\n" >> $CFGOUT
# correctness of local authentication information
echo "\n AUTHENTICATION INCONSISTENCY INFORMATION" >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
pwdck -n ALL >> $CFGOUT 2>&1
echo "-----------------------------\n" >> $CFGOUT
# echo security password
echo "PASSOWORD POLICTY (/etc/security/passwd)" >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
cat /etc/security/passwd | grep -v password >> $CFGOUT
echo "-----------------------------\n" >> $CFGOUT
}
do_check_file()
{
# check the files exists
echo "\n CHECKING THE EXISTENCE OF SECURITY FILES" >> $CFGOUT
echo "-----------------------------------------" >> $CFGOUT
if [ -e /var/adm/wtmp ]
then
echo "/var/adm/wtmp" >> $CFGOUT
fi
if [ -e /var/adm/sulog ]
then
echo "/var/adm/sulog" >> $CFGOUT
fi
if [ -e /etc/security/failedlogin ]
then
echo "/etc/security/failedlogin" >> $CFGOUT
fi
echo "-----------------------------------------" >> $CFGOUT
}
do_osr_policy()
{
# osr policy at high level
echo "\n\n OSR POLICY HIGH LEVEL" >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
echo "ROOT FILE PERMISSIONS" >> $CFGOUT
echo "---------------------\n" >> $CFGOUT
ls -l / >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
echo "SECURITY FILE PERMISSIONS" >> $CFGOUT
ls -l /etc/security >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
echo " ROOT/.NETRC FILES" >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
ls -l ~root/.netrc >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
echo " ROOT/rhosts FILES " >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
ls -l ~root/.rhosts >> $CFGOUT
echo "------------------------\n" >> $CFGOUT
}
do_lssrc_daemon()
{
#get the all daemon and status
echo "\n\n ALL DEAMON STATUS ( lssrc -a)" >> $CFGOUT
echo "-----------------------------------" >> $CFGOUT
lssrc -a >> $CFGOUT
echo "----------------------------\n" >> $CFGOUT
}
do_umask()
{
echo "\n\n UMASK VALUE( umask )" >> $CFGOUT
echo "-------------------------" >> $CFGOUT
umask >> $CFGOUT
echo "--------------------------" >> $CFGOUT
}
do_mksysb_exfile()
{
# mksysb exclude files
echo "MKSYSB EXCLUDE FILE LIST (/etc/exclude.rootvg)" >> $CFGOUT
echo "-------------------------" >> $CFGOUT
if [ -e /etc/exclude.rootvg ]
then
cat /etc/exclude.rootvg >> $CFGOUT
fi
echo "---------------------------" >> $CFGOUT
}
do_lppchk_check()
{
echo "\n\nFILE SET LEVEL CONSISTENCY (lppchk -vm3) " >> $CFGOUT
echo "---------------------------------" >> $CFGOUT
lppchk -vm3 >> $CFGOUT 2>&1
echo "---------------------------------" >> $CFGOUT
}
do_instifix_check()
{
echo "\n\n INSTIFIX MISSING UPGRADES (instfix -i ) " >> $CFGOUT
echo "--------------------------------" >> $CFGOUT
instfix -i | grep -i ml >> $CFGOUT
echo "--------------------------------" >> $CFGOUT
}
do_patch_mgmt()
{
echo "PATH MANAGEMENT ( emgr -l ) " >> $CFGOUT
echo "----------------------------" >> $CFGOUT
emgr -l >> $CFGOUT 2>&1
echo "----------------------------" >> $CFGOUT
}
do_odmget()
{
echo "\nCHECK ODM CURRUPTION ( odmget -CuDv )" >> $CFGOUT
echo "-----------------------------------" >> $CFGOUT
odmget CuDv >> $CFGOUT
echo "-----------------------------------" >> $CFGOUT
}
do_emc_storage_path()
{
# get the path details for EMC storage
echo "EMC PowerPath Details ( powermt display )" >> $CFGOUT
echo "-----------------------------------------" >> $CFGOUT
powermt display dev=all >> $CFGOUT
echo "-----------------------------------------" >> $CFGOUT
}
do_itm_process()
{
# Get ITM process details
echo "ITM PROCESS DETAILS (cinfo -r )" >> $CFGOUT
echo "-----------------------------------------" >> $CFGOUT
/opt/IBM/ITM/bin/cinfo -r >> $CFGOUT 2>&1
echo "-----------------------------------------" >> $CFGOUT
echo "\n\n RUNING PROCESS DETAILS " >> $CFGOUT
ps -ef | grep -i itm >> $CFGOUT
echo "-----------------------------------------" >> $CFGOUT
}
do_users
do_check_file
do_osr_policy
do_lssrc_daemon
do_umask
do_mksysb_exfile
do_lppchk_check
do_instifix_check
do_patch_mgmt
do_odmget
do_smtctl
do_lspath
do_itm_process
do_emc_storage_path
Comments
Post a Comment