In nowdays, it’s really important for every engineers to keep their infrastructure secure for protecting the business and to avoid to be hacked. For system engineers, we have differents tools for doing an audit of their system. You have CIS, which give some best practices for Linux and Windows systems, or Lynis.
These tools are powerful and useful, but, they do not matches my need. So, I created a specific project for auditing a Linux system. This project audit the system based on CIS best practice and with my professional experiences.
The project is available on gitlab: check_sys.
List of plugins
The project use differents plugins for auditing the system:
- sysctl
- postfix
- apache
- local acocunt
- grub
Setup your environment
For using the project, you should create a virtualenv:
virtualenv checksys
source checksys/bin/activate
Configuration file
Before to execute the audit, you can specify a config file with the paramter (--config), but it’s not mandatory. If the config file is not specified, the script will generate a default configuration. This file must be have the prefix .yaml and you can have an example of the structure of this file:
# Audit system
system:
exclude_plugins:
- ""
postfix:
postfix_file: "/etc/postfix/master.cf"
sysctl:
sysctl_file: "/etc/sysctl.conf"
apache:
apache_directory: "/etc/apache2/"
You can exclude some plugins. If you want to exclude a plugin, you must specify in exclude_plugins directive each plugins.
Auditing the system
For auditing the system, you must specify the parameter --audit with take one argument: system. The script audit the system and after that, that will generate an HTML report:
python3 main.py --audit system
Auditing the system...
Running test for sysctl
Running test for postfix
Running test for Apache
Running test for Local account
Running test for Grub
End of the audit. Generating the report
The report is generated at this location: reports/reports_pc-geoffrey_2023-09-18.html
You can now open the reports. For each plugins, the script identify if we find a vulnerability and give how to remmediate it:
Ansible
I made this ansible task for deploying and executing the project:
---
- name: "Create venv"
command:
cmd: "virtualenv {{ venvs }} -p python3.8"
creates: "{{ venvs }}"
- name: "Copy the project to the remote"
copy:
src: ~/projects/check_sec_sys/
dest: "{{ path_project }}"
owner: ansible
group: ansible
- name: "Install requirements"
pip:
requirements="{{ path_project }}/requirements.txt"
virtualenv="{{ venvs }}"
- name: "Auditing the system"
command: "{{ venvs }}/bin/python3 {{ path_project }}/main.py -a system"
- name: "Get the report"
fetch:
src: "{{ path_project }}/reports/reports_{{ ansible_hostname|lower }}_{{ ansible_date_time.date }}.html"
dest: /tmp/
And you have the main.yml file which contains all variables used in this task:
---
venvs: "~/venvs/check_sec_sys"
path_project: "/home/ansible/projects/check_sec_sys"
In this ansible file, I use an ansible user who have some sudoers permission.
Improving the project
I try to improve the project for having a better audit on the system, but, if you have any ideas, please, let me know and I can update the project. Thanks.