From 3a0c4a969e556b40304cc057a1450dd504c22d11 Mon Sep 17 00:00:00 2001 From: qinzhiben Date: Thu, 17 Aug 2023 17:32:26 +0800 Subject: [PATCH 1/6] Add management detection and hardening scripts for bin and adm users --- .../1.54-lock-the-bin-and-adm-users.md | 36 +++++++++++++++++++ .../1.54-lock-the-bin-and-adm-users.sh | 2 ++ .../1.54-lock-the-bin-and-adm-users.sh | 9 +++++ 3 files changed, 47 insertions(+) create mode 100644 benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md create mode 100644 remediation-kits/access-and-control/1.54-lock-the-bin-and-adm-users.sh create mode 100644 scanners/access-and-control/1.54-lock-the-bin-and-adm-users.sh diff --git a/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md b/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md new file mode 100644 index 0000000..036c285 --- /dev/null +++ b/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md @@ -0,0 +1,36 @@ +# 1.49 锁定或删除shutdown、halt用户 + +## 安全等级 + +- Level 1 + +## 描述 + +锁定bin、adm用户,避免特定的权限和任务被强制关闭。 + +## 修复建议 + +锁定或删除bin、adm用户。 + +执行以下命令,锁定bin、adm用户 + +```bash +usermod -L bin +usermod -L adm +``` + +## 扫描检测 + +执行以下命令,验证bin、adm用户是否被锁定: + +```bash +# passwd -S bin | grep -E "bin\s+LK" +bin LK 2022-02-12 0 99999 7 -1 (更改当前使用的认证方案。) + +# passwd -S adm | grep -E "adm\s+LK" +adm LK 2022-02-12 0 99999 7 -1 (更改当前使用的认证方案。) +``` + +如输出结果符合预期,则视为通过此项检查。 + +## 参考 \ No newline at end of file diff --git a/remediation-kits/access-and-control/1.54-lock-the-bin-and-adm-users.sh b/remediation-kits/access-and-control/1.54-lock-the-bin-and-adm-users.sh new file mode 100644 index 0000000..3ef8c55 --- /dev/null +++ b/remediation-kits/access-and-control/1.54-lock-the-bin-and-adm-users.sh @@ -0,0 +1,2 @@ +usermod -L bin +usermod -L adm \ No newline at end of file diff --git a/scanners/access-and-control/1.54-lock-the-bin-and-adm-users.sh b/scanners/access-and-control/1.54-lock-the-bin-and-adm-users.sh new file mode 100644 index 0000000..71fc6e0 --- /dev/null +++ b/scanners/access-and-control/1.54-lock-the-bin-and-adm-users.sh @@ -0,0 +1,9 @@ +result=false + +passwd -S bin | grep -Eq "bin\s+LK" && passwd -S adm | grep -Eq "adm\s+LK" && result=true + +if [ "$result" = true ]; then + echo "pass" +else + echo "fail" +fi \ No newline at end of file -- Gitee From feff55b3ad24e385d78b6cf4bc1508f6ed2c8edb Mon Sep 17 00:00:00 2001 From: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> Date: Fri, 18 Aug 2023 02:08:30 +0000 Subject: [PATCH 2/6] update benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md. Signed-off-by: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> --- .../access-and-control/1.54-lock-the-bin-and-adm-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md b/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md index 036c285..a22792c 100644 --- a/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md +++ b/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md @@ -1,4 +1,4 @@ -# 1.49 锁定或删除shutdown、halt用户 +# 1.49 锁定或删除bin、adm用户 ## 安全等级 -- Gitee From cb92ea7dda3ac298a70fc0f55c7b28a0c2d6e215 Mon Sep 17 00:00:00 2001 From: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> Date: Fri, 18 Aug 2023 02:11:03 +0000 Subject: [PATCH 3/6] update benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md. Signed-off-by: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> --- .../access-and-control/1.54-lock-the-bin-and-adm-users.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md b/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md index a22792c..f4fd8a5 100644 --- a/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md +++ b/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md @@ -25,10 +25,10 @@ usermod -L adm ```bash # passwd -S bin | grep -E "bin\s+LK" -bin LK 2022-02-12 0 99999 7 -1 (更改当前使用的认证方案。) +bin LK 2022-07-17 0 99999 7 -1 (Alternate authentication scheme in use.) # passwd -S adm | grep -E "adm\s+LK" -adm LK 2022-02-12 0 99999 7 -1 (更改当前使用的认证方案。) +adm LK 2022-02-12 0 99999 7 -1 (Alternate authentication scheme in use.) ``` 如输出结果符合预期,则视为通过此项检查。 -- Gitee From cdc67f8c4801beb105a51cea4752d875b729b5d3 Mon Sep 17 00:00:00 2001 From: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> Date: Fri, 18 Aug 2023 02:13:25 +0000 Subject: [PATCH 4/6] update docs/summary-of-rules.md. Signed-off-by: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> --- docs/summary-of-rules.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/summary-of-rules.md b/docs/summary-of-rules.md index 27891c3..1d3bc06 100644 --- a/docs/summary-of-rules.md +++ b/docs/summary-of-rules.md @@ -53,6 +53,7 @@ | 1.51 | 1.51-ensure-mounting-of-udf-filesystems-is-disabled.md | 1.51 确保udf文件系统的挂载被禁用 | benchmarks/access-and-control | 1 | | 1.52 | 1.52-ensure-mounting-of-cramfs-filesystems-is-disabled | 1.52 确保cramfs文件系统的挂载被禁用 | benchmarks/access-and-control | 1 | | 1.53 | 1.53-ensure-mounting-of-squashfs-filesystems-is-disabled | 1.53 确保squashfs文件系统的挂载被禁用 | benchmarks/access-and-control | 1 | +| 1.54 | 1.54-lock-the-bin-and-adm-users.md | 1.54 锁定bin、adm用户 | benchmarks/access-and-control | 1 | | 2.1 | 2.1-ensure-audit-log-files-are-not-read-or-write-accessible-by-unauthorized-users.md | 2.1 确保审计日志的文件权限被正确配置 | benchmarks/logging-and-auditing | 1 | | 2.2 | 2.2-ensure-only-authorized-users-own-audit-log-files.md | 2.2 确保审计日志文件的所有者为已授权用户 | benchmarks/logging-and-auditing | 1 | | 2.3 | 2.3-ensure-only-authorized-groups-ownership-of-audit-log-files.md | 2.3 确保审计日志文件的所属组为已授权的用户组 | benchmarks/logging-and-auditing | 1 | -- Gitee From b443aa24360942fde50aeae7655a7851267cef47 Mon Sep 17 00:00:00 2001 From: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> Date: Fri, 18 Aug 2023 02:16:43 +0000 Subject: [PATCH 5/6] update benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md. Signed-off-by: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> --- .../access-and-control/1.54-lock-the-bin-and-adm-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md b/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md index f4fd8a5..fc26626 100644 --- a/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md +++ b/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md @@ -25,7 +25,7 @@ usermod -L adm ```bash # passwd -S bin | grep -E "bin\s+LK" -bin LK 2022-07-17 0 99999 7 -1 (Alternate authentication scheme in use.) +bin LK 2022-07-12 0 99999 7 -1 (Alternate authentication scheme in use.) # passwd -S adm | grep -E "adm\s+LK" adm LK 2022-02-12 0 99999 7 -1 (Alternate authentication scheme in use.) -- Gitee From 09e04a79888bb7e1e52ce7ea5d50a4bc1e5ca21f Mon Sep 17 00:00:00 2001 From: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> Date: Fri, 18 Aug 2023 03:29:31 +0000 Subject: [PATCH 6/6] update benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md. Signed-off-by: qinzhiben <9528876+qinzhiben@user.noreply.gitee.com> --- .../access-and-control/1.54-lock-the-bin-and-adm-users.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md b/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md index fc26626..2ad9d95 100644 --- a/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md +++ b/benchmarks/access-and-control/1.54-lock-the-bin-and-adm-users.md @@ -1,4 +1,4 @@ -# 1.49 锁定或删除bin、adm用户 +# 1.54 锁定或删除bin、adm用户 ## 安全等级 -- Gitee