增加 anolis23 系统环境下的默认通过项目合规检测工具配置文件（.config文件）

# 增加 anolis23 系统环境下的默认通过项目合规检测工具配置文件（.config文件）
## 环境-ISO镜像
![输入图片说明](https://foruda.gitee.com/images/1690874649226316132/7ef66a2b_10738817.png "屏幕截图")

## 初始状态执行level-4检测结果
- 执行步骤：
```shell
# pwd
/root/security-benchmark/tools/scanners
# ./run_Anolis_scanners.sh -c ./config/Anolis_security_benchmark_level4.config
```

- 结果截图：
![输入图片说明](https://foruda.gitee.com/images/1690874760362764741/652ffa56_10738817.png "屏幕截图")

- 结果详情：
```
[root@anolis scanners]# ./run_Anolis_scanners.sh -c ./config/Anolis_security_benchmark_level4.config 
configfile is: ./config/Anolis_security_benchmark_level4.config
1.1-ensure-cron-daemon-is-enabled.sh                                                      pass
1.2-ensure-permissions-on-etc-crontab-are-configured.sh                                   fail
1.3-ensure-permissions-on-etc-cron.hourly-are-configured.sh                               fail
1.4-ensure-permissions-on-etc-cron.daily-are-configured.sh                                fail
1.5-ensure-permissions-on-etc-cron.weekly-are-configured.sh                               fail
1.6-ensure-permissions-on-etc-cron.monthly-are-configured.sh                              fail
1.7-ensure-permissions-on-etc-cron.d-are-configured.sh                                    fail
1.8-ensure-at-cron-is-restricted-to-authorized-users.sh                                   fail
1.9-ensure-permissions-on-etc-ssh-sshd_config-are-configured.sh                           pass
1.10-ensure-ssh-access-is-limited.sh                                                      fail
1.11-ensure-permissions-on-ssh-private-host-key-files-are-configured.sh                   pass
1.12-ensure-permissions-on-ssh-public-host-key-files-are-configured.sh                    pass
1.13-ensure-ssh-loglevel-is-appropriate.sh                                                pass
1.14-ensure-ssh-maxauthtries-is-set-to-4-or-less.sh                                       fail
1.15-ensure-ssh-ignorerhosts-is-enabled.sh                                                pass
1.16-ensure-ssh-hostbasedauthentication-is-disabled.sh                                    pass
1.17-ensure-ssh-root-login-is-disabled.sh                                                 fail
1.18-ensure-ssh-permitemptypasswords-is-disabled.sh                                       pass
1.19-ensure-ssh-permituserenvironment-is-disabled.sh                                      pass
1.20-ensure-ssh-idle-timeout-interval-is-configured.sh                                    fail
1.21-ensure-ssh-logingracetime-is-set-to-one-minute-or-less.sh                            fail
1.22-ensure-ssh-warning-banner-is-configured.sh                                           fail
1.23-ensure-ssh-pam-is-enabled.sh                                                         fail
1.24-ensure-ssh-maxstartups-is-configured.sh                                              fail
1.25-ensure-ssh-maxsessions-is-set-to-10-or-less.sh                                       pass
1.26-ensure-system-wide-crypto-policy-is-not-over-ridden.sh                               pass
1.27-ensure-password-creation-requirements-are-configured.sh                              fail
1.28-ensure-lockout-for-failed-password-attempts-is-configured.sh                         fail
1.29-ensure-password-reuse-is-limited.sh                                                  fail
1.30-ensure-password-hashing-algorithm-is-sha-512.sh                                      fail
1.31-ensure-password-expiration-is-365-days-or-less.sh                                    fail
1.32-ensure-minimum-days-between-password-changes-is-7-or-more.sh                         fail
1.33-ensure-password-expiration-warning-days-is-7-or-more.sh                              pass
1.34-ensure-inactive-password-lock-is-30-days-or-less.sh                                  fail
1.35-ensure-all-users-last-password-change-date-is-in-the-past.sh                         pass
1.36-ensure-system-accounts-are-secured.sh                                                fail
1.37-ensure-default-user-shell-timeout-is-900-seconds-or-less.sh                          fail
1.38-ensure-default-group-for-the-root-account-is-gid-0.sh                                pass
1.39-ensure-default-user-umask-is-027-or-more-restrictive.sh                              fail
1.40-ensure-access-to-the-su-command-is-restricted.sh                                     fail
1.41-ensure-ssh-server-use-protocol_2.sh                                                  fail
1.42-ensure-that-the-password-expires-between-30-to-90-days.sh                            fail
1.43-ensure-that-the-minimum-password-change-between-7-to-14-days.sh                      fail
1.44-ensure-that-password-reuse-limit-is-between-5-and-25-times.sh                        fail
1.45-ensure-lockout-for-failed-password-attempts-is-configured.sh                         fail
1.46-ensure-default-user-shell-timeout-is-between-600-and-1800-seconds.sh                 fail
1.47-ensure-ssh-maxauthtries-is-set-to-between-3-and-5.sh                                 pass
1.49-lock-or-delete-the-shutdown-and-halt-users.sh                                        pass
1.50-ensure-ssh-x11-forwarding-is-disabled.sh                                             fail
1.51-ensure-mounting-of-udf-filesystems-is-disabled.sh                                    fail
1.52-ensure-mounting-of-cramfs-filesystems-is-disabled.sh                                 fail
1.53-ensure-mounting-of-squashfs-filesystems-is-disabled.sh                               fail
2.1-ensure-audit-log-files-are-not-read-or-write-accessible-by-unauthorized-users.sh      pass
2.2-ensure-only-authorized-users-own-audit-log-files.sh                                   pass
2.3-ensure-only-authorized-groups-ownership-of-audit-log-files.sh                         pass
2.4-ensure-the-audit-log-directory-is-0750-or-more-restrictive.sh                         pass
2.5-ensure-audit-configuration-files-are-0640-or-more-restrictive.sh                      pass
2.6-ensure-only-authorized-accounts-own-the-audit-configuration-files.sh                  pass
2.7-ensure-only-authorized-groups-own-the-audit-configuration-files.sh                    pass
2.8-ensure-audit-tools-are-mode-of-0755-or-more-restrictive.sh                            pass
2.9-ensure-audit-tools-are-owned-by-root.sh                                               pass
2.10-ensure-audit-tools-are-group-owned-by-root.sh                                        pass
2.11-ensure-cryptographic-mechanisms-are-used-to-protect-the-integrity-of-audit-tools.sh  fail
2.12-ensure-rsyslog-is-installed.sh                                                       pass
2.13-ensure-rsyslog-service-is-enabled.sh                                                 pass
2.14-ensure-rsyslog-default-file-permissions-configured.sh                                fail
2.15-ensure-rsyslog-is-configured-to-send-logs-to-a-remote-log-host.sh                    fail
2.16-ensure-journald-is-configured-to-send-logs-to-rsyslog.sh                             fail
2.17-ensure-journald-is-configured-to-compress-large-log-files.sh                         fail
2.18-ensure-journald-is-configured-to-write-logfiles-to-persistent-disk.sh                fail
2.19-ensure-audit-is-installed.sh                                                         pass
2.20-ensure-audit-service-is-enabled.sh                                                   fail
2.21-make-sure-to-collect-file-deletion-events-for-users.sh                               fail
2.22-ensure-that-changes-to-the-system-management-scope-sudoers-are-collected.sh          fail
2.23-ensure-that-events-that-modify-user-group-information-are-collected.sh               fail
2.24-ensure-successful-and-unsuccessful-attempts-to-use-the-chsh-command-are-recorded.sh  fail
2.25-ensure-audit-logs-are-not-automatically-deleted.sh                                   fail
2.26-ensure-the-running-and-on-disk-configuration-is-the-same.sh                          pass
3.1-disable-http-server.sh                                                                pass
3.2-disable-ftp-server.sh                                                                 pass
3.3-disable-dns-server.sh                                                                 pass
3.4-disable-nfs.sh                                                                        pass
3.5-disable-rpc.sh                                                                        pass
3.6-disable-ldap-server.sh                                                                pass
3.7-disable-dhcp-server.sh                                                                pass
3.8-disable-cups.sh                                                                       pass
3.9-disable-nis-server.sh                                                                 pass
3.10-disable-rsync-server.sh                                                              pass
3.11-disable-avahi-server.sh                                                              pass
3.12-disable-snmp-server.sh                                                               pass
3.13-disable-http-proxy-server.sh                                                         pass
3.14-disable-samba.sh                                                                     pass
3.15-disable-imap-and-pop3-server.sh                                                      pass
3.16-disable-smtp-protocol.sh                                                             pass
3.17-disable-or-uninstall-the-telnet.sh                                                   pass
3.18-uninstall-the-avahi-server.sh                                                        pass
3.19-uninstall-the-kexec-tools.sh                                                         fail
3.20-uninstall-the-firstboot.sh                                                           pass
3.21-uninstall-the-wpa_supplicant.sh                                                      pass
3.22-ensure-NIS-Client-is-not-installed.sh                                                pass
3.23-disable-rsh.sh                                                                       pass
3.24-disable-ntalk.sh                                                                     pass
3.25-ensure-xinetd-is-not-installed.sh                                                    pass
3.26-disable-usb-storage.sh                                                               fail
3.27-ensure-time-synchronization-is-installed.sh                                          pass
3.28-disable-automounting.sh                                                              pass
4.1-ensure-message-of-the-day-is-configured-properly.sh                                   pass
4.2-ensure-local-login-warning-banner-is-configured-properly.sh                           fail
4.3-ensure-remote-login-warning-banner-is-configured-properly.sh                          fail
4.4-ensure-permissions-on-etc-motd-are-configured.sh                                      pass
4.5-ensure-permissions-on-etc-issue-are-configured.sh                                     pass
4.6-ensure-permissions-on-etc-issue.net-are-configured.sh                                 pass
4.7-ensure-gpgcheck-is-globally-activated.sh                                              pass
4.8-ensure-aide-is-installed.sh                                                           fail
4.9-ensure-filesystem-integrity-is-regularly-checked.sh                                   fail
4.10-ensure-bootloader-password-is-set.sh                                                 fail
4.11-ensure-permissions-on-bootloader-config-are-configured.sh                            fail
4.12-ensure-authentication-required-for-single-user-mode.sh                               pass
4.13-ensure-core-dumps-are-restricted.sh                                                  fail
4.14-ensure-address-space-layout-randomization-(ASLR)-is-enabled.sh                       fail
4.15-ensure-system-wide-crypto-policy-is-not-legacy.sh                                    pass
4.16-ensure-sticky-bit-is-set-on-all-world-writable-directories.sh                        pass
4.17-ensure-permissions-on-etc-passwd-are-configured.sh                                   pass
4.18-ensure-permissions-on-etc-shadow-are-configured.sh                                   pass
4.19-ensure-permissions-on-etc-group-are-configured.sh                                    pass
4.20-ensure-permissions-on-etc-gshadow-are-configured.sh                                  pass
4.21-ensure-permissions-on-etc-passwd--are-configured.sh                                  pass
4.22-ensure-permissions-on-etc-shadow--are-configured.sh                                  pass
4.23-ensure-permissions-on-etc-group--are-configured.sh                                   pass
4.24-ensure-permissions-on-etc-gshadow--are-configured.sh                                 pass
4.25-ensure-no-world-writable-files-exist.sh                                              pass
4.26-ensure-no-unowned-files-or-directories-exist.sh                                      pass
4.27-ensure-no-ungrouped-files-or-directories-exist.sh                                    pass
4.28-ensure-no-password-fields-are-not-empty.sh                                           pass
4.29-ensure-root-path-integrity.sh                                                        fail
4.30-ensure-root-is-the-only-uid-0-account.sh                                             pass
4.31-ensure-users-home-directories-permissions-are-750-or-more-restrictive.sh             pass
4.32-ensure-users-own-their-home-directories.sh                                           pass
4.33-ensure-users-dot-files-are-not-group-or-world-writable.sh                            pass
4.34-ensure-no-users-have-.forward-files.sh                                               pass
4.35-ensure-no-users-have-.netrc-files.sh                                                 pass
4.36-ensure-users-.netrc-files-are-not-group-or-world-accessible.sh                       pass
4.37-ensure-no-users-have-.rhosts-files.sh                                                pass
4.38-ensure-all-groups-in-etc-passwd-exist-in-etc-group.sh                                pass
4.39-ensure-no-duplicate-uids-exist.sh                                                    pass
4.40-ensure-no-duplicate-gids-exist.sh                                                    pass
4.41-ensure-no-duplicate-user-names-exist.sh                                              pass
4.42-ensure-no-duplicate-group-names-exist.sh                                             pass
4.43-ensure-all-users-home-directories-exist.sh                                           pass
4.44-ensure-sctp-is-disabled.sh                                                           fail
4.45-ensure-dccp-is-disabled.sh                                                           fail
4.46-ensure-wireless-interfaces-are-disabled.sh                                           fail
4.47-ensure-ip-forwarding-is-disabled.sh                                                  pass
4.48-ensure-packet-redirect-sending-is-disabled.sh                                        fail
4.49-ensure-source-routed-packets-are-not-accepted.sh                                     fail
4.50-ensure-icmp-redirects-are-not-accepted.sh                                            fail
4.51-ensure-secure-icmp-redirects-are-not-accepted.sh                                     fail
4.52-ensure-suspicious-packets-are-logged.sh                                              fail
4.53-ensure-broadcast-icmp-requests-are-ignored.sh                                        pass
4.54-ensure-bogus-icmp-responses-are-ignored.sh                                           pass
4.55-ensure-reverse-path-filtering-is-enabled.sh                                          fail
4.56-ensure-tcp-syn-cookies-is-enabled.sh                                                 pass
4.57-ensure-ipv6-router-advertisements-are-not-accepted.sh                                fail
4.58-ensure-a-firewall-package-is-installed.sh                                            pass
4.59-ensure-firewalld-service-is-enabled-and-running.sh                                   pass
4.60-ensure-iptables-is-not-enabled.sh                                                    pass
4.61-ensure-nftables-is-not-enabled.sh                                                    pass
4.62-ensure-nftables-service-is-enabled.sh                                                fail
4.63-ensure-iptables-packages-are-installed.sh                                            fail
4.64-ensure-nftables-is-not-installed.sh                                                  fail
4.65-ensure-firewalld-is-not-installed-or-stopped-and-masked.sh                           fail
4.66-ensure-system-histsize-as-100-or-other.sh                                            fail
4.67-ensure-system-histfilesize-100.sh                                                    fail
4.68-ensure-permissions-TMP-is-correct.sh                                                 pass
4.69-ensure-permissions-on-ssh-priv-and-pub-key-are-right.sh                              fail
4.70-ensure-xdmcp-is-not-enabled.sh                                                       pass
4.71-ensure-nosuid-option-set-on-var-partition-Automated.sh                               fail
5.1-ensure-selinux-is-installed.sh                                                        fail
5.2-ensure-selinux-policy-is-configured.sh                                                fail
5.3-ensure-the-selinux-mode-is-enabled.sh                                                 pass
5.4-ensure-the-selinux-mode-is-enforcing.sh                                               fail
5.5-ensure-no-unconfined-services-exist.sh                                                pass
5.9-ensure-setroubleshoot-is-not-installed.sh                                             pass
Level：configfile is: ./config/Anolis_security_benchmark_level4.config
类型	得分	占比
pass：	103	56.3%
fail：	80	43.7%
总检查项目：	183
本次得分：	56.3
Log is saved in: /root/security-benchmark/tools/scanners/log/scanners2023_08_01_049229372.log
```

anolis/security-benchmark

内容风险标识

评论 (0)

anolis/security-benchmark .gitee-modal { width: 500px !important; }

内容风险标识