projects / ossec-hids.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
obrisane nepotrebne datoteke od zadnjeg builda
[ossec-hids.git] / debian / ossec-hids / var / ossec / etc / shared / system_audit_pw.txt
diff --git a/debian/ossec-hids/var/ossec/etc/shared/system_audit_pw.txt b/debian/ossec-hids/var/ossec/etc/shared/system_audit_pw.txt
deleted file mode 100644 (file)
index 77679c2..0000000
--- a/debian/ossec-hids/var/ossec/etc/shared/system_audit_pw.txt
+++ /dev/null
@@ -1,103 +0,0 @@
-# OSSEC Linux Audit - (C) 2018
-#
-# Released under the same license as OSSEC.
-# More details at the LICENSE file included with OSSEC or online
-# at: https://github.com/ossec/ossec-hids/blob/master/LICENSE
-#
-# [Application name] [any or all] [reference]
-# type:<entry name>;
-#
-# Type can be:
-#             - f (for file or directory)
-#             - p (process running)
-#             - d (any file inside the directory)
-#
-# Additional values:
-# For the registry , use "->" to look for a specific entry and another
-# "->" to look for the value.
-# For files, use "->" to look for a specific value in the file.
-#
-# Values can be preceeded by: =: (for equal) - default
-#                             r: (for ossec regexes)
-#                             >: (for strcmp greater)
-#                             <: (for strcmp  lower)
-# Multiple patterns can be specified by using " && " between them.
-# (All of them must match for it to return true).
-#
-# Checks for Password Security on Linux Systems
-#
-#1 Set Default Algorithm for Password Encryption to SHA256 or SHA 512
-[Password Hardening - 1: Set Default Algorithm for Password Encryption to SHA256 or SHA 512] [any] [https://security.stackexchange.com/questions/77349/how-can-i-find-out-the-password-hashing-schemes-used-by-the-specific-unix-accoun, https://docs.oracle.com/cd/E26505_01/html/E27224/secsystask-42.html]
-f:/etc/security/policy.conf -> !r:^# && r:^CRYPT_DEFAULT=1|^CRYPT_DEFAULT=2|^CRYPT_DEFAULT=2a|^CRYPT_DEFAULT=2x|^CRYPT_DEFAULT=2y|^CRYPT_DEFAULT=md5|^CRYPT_DEFAULT=__unix__;
-f:/etc/security/policy.conf -> !r:^CRYPT_DEFAULT=\d;
-f:/etc/login.defs -> !r:^# && r:^ENCRYPT_METHOD\s+MD5|^ENCRYPT_METHOD\s+DES;
-f:/etc/login.defs -> !r:^ENCRYPT_METHOD\s+SHA512|^ENCRYPT_METHOD\s+SHA256;
-f:/etc/pam.d/common-password -> !r:^# && r:password\.+pam_unix.so\.+md5|password\.+pam_unix.so\.+des;
-f:/etc/pam.d/common-password -> !r:^password\.+pam_unix.so\.+sha512|^password\.+pam_unix.so\.+sha256;
-f:/etc/pam.d/password-auth -> !r:^# && r:password\.+pam_unix.so\.+md5|password\.+pam_unix.so\.+des;
-f:/etc/pam.d/password-auth -> !r:^password\.+pam_unix.so\.+sha512|^password\.+pam_unix.so\.+sha256;
-f:/etc/pam.d/system-auth -> !r:^# && r:password\.+pam_unix.so\.+md5|password\.+pam_unix.so\.+des;
-f:/etc/pam.d/system-auth -> !r:^password\.+pam_unix.so\.+sha512|^password\.+pam_unix.so\.+sha256;
-f:/etc/pam.d/system-auth-ac -> !r:^# && r:password\.+pam_unix.so\.+md5|password\.+pam_unix.so\.+des;
-f:/etc/pam.d/system-auth-ac -> !r:^password\.+pam_unix.so\.+sha512|^password\.+pam_unix.so\.+sha256;
-#
-#
-#2 Passwords in /etc/shadow not hashed with SHA-256 or SHA-512
-[Password Hardening - 2: Not all Passwords in /etc/shadow are hashed with SHA-256 or SHA-512] [any] [https://linux-audit.com/password-security-with-linux-etc-shadow-file/, https://docs.oracle.com/cd/E19253-01/816-4557/concept-23/index.html]
-f:/etc/shadow -> !r:^# && !r:^\w+:NP:\d+:\d*:\d*:\d*:\d*:\d*:\d*$ && r:^\w+:\w\.*:\d+:\d*:\d*:\d*:\d*:\d*:\d*$;
-f:/etc/shadow -> !r:^# && r:\w+:\$1\$\.+;
-f:/etc/shadow -> !r:^# && r:\w+:\$2\$\.+;
-f:/etc/shadow -> !r:^# && r:\w+:\$2a\$\.+;
-f:/etc/shadow -> !r:^# && r:\w+:\$2x\$\.+;
-f:/etc/shadow -> !r:^# && r:\w+:\$2y\$\.+;
-f:/etc/shadow -> !r:^# && r:\w+:\$md5\$\.+;
-f:/etc/shadow -> !r:^# && r:\w+:\$__unix__\$\.+;
-#
-#
-#3 Set Password Creation Requirement Parameters
-[Password Hardening - 3: Set Password Creation Requirement Parameters] [any] [https://linux-audit.com/configure-the-minimum-password-length-on-linux-systems/, https://workbench.cisecurity.org]
-f:/etc/pam.d/common-password -> !r:^password\s*\t*requisite\s*\t*pam_cracklib.so\.+try_first_pass|^password\s*\t*requisite\s*\t*pam_pwquality.so\.+try_first_pass|^password\s*\t*required\s*\t*pam_cracklib.so\.+try_first_pass|^password\s*\t*required\s*\t*pam_pwquality.so\.+try_first_pass;
-f:/etc/pam.d/common-password -> !r:^password\s*\t*requisite\s*\t*pam_cracklib.so\.+retry=\d+|^password\s*\t*requisite\s*\t*pam_pwquality.so\.+retry=\d+|^password\s*\t*required\s*\t*pam_cracklib.so\.+retry=\d+|^password\s*\t*required\s*\t*pam_pwquality.so\.+retry=\d+;
-f:/etc/pam.d/password-auth -> !r:^password\s*\t*requisite\s*\t*pam_cracklib.so\.+try_first_pass|^password\s*\t*requisite\s*\t*pam_pwquality.so\.+try_first_pass|^password\s*\t*required\s*\t*pam_cracklib.so\.+try_first_pass|^password\s*\t*required\s*\t*pam_pwquality.so\.+try_first_pass;
-f:/etc/pam.d/password-auth -> !r:^password\s*\t*requisite\s*\t*pam_cracklib.so\.+retry=\d+|^password\s*\t*requisite\s*\t*pam_pwquality.so\.+retry=\d+|^password\s*\t*required\s*\t*pam_cracklib.so\.+retry=\d+|^password\s*\t*required\s*\t*pam_pwquality.so\.+retry=\d+;
-f:/etc/pam.d/system-auth -> !r:^password\s*\t*requisite\s*\t*pam_cracklib.so\.+try_first_pass|^password\s*\t*requisite\s*\t*pam_pwquality.so\.+try_first_pass|^password\s*\t*required\s*\t*pam_cracklib.so\.+try_first_pass|^password\s*\t*required\s*\t*pam_pwquality.so\.+try_first_pass;
-f:/etc/pam.d/system-auth -> !r:^password\s*\t*requisite\s*\t*pam_cracklib.so\.+retry=\d+|^password\s*\t*requisite\s*\t*pam_pwquality.so\.+retry=\d+|^password\s*\t*required\s*\t*pam_cracklib.so\.+retry=\d+|^password\s*\t*required\s*\t*pam_pwquality.so\.+retry=\d+;
-f:/etc/pam.d/system-auth-ac -> !r:^password\s*\t*requisite\s*\t*pam_cracklib.so\.+try_first_pass|^password\s*\t*requisite\s*\t*pam_pwquality.so\.+try_first_pass|^password\s*\t*required\s*\t*pam_cracklib.so\.+try_first_pass|^password\s*\t*required\s*\t*pam_pwquality.so\.+try_first_pass;
-f:/etc/pam.d/system-auth-ac -> !r:^password\s*\t*requisite\s*\t*pam_cracklib.so\.+retry=\d+|^password\s*\t*requisite\s*\t*pam_pwquality.so\.+retry=\d+|^password\s*\t*required\s*\t*pam_cracklib.so\.+retry=\d+|^password\s*\t*required\s*\t*pam_pwquality.so\.+retry=\d+;
-f:/etc/pam.d/passwd -> !r:^password\s*\t*requisite\s*\t*pam_cracklib.so\.+try_first_pass|^password\s*\t*requisite\s*\t*pam_pwquality.so\.+try_first_pass|^password\s*\t*required\s*\t*pam_cracklib.so\.+try_first_pass|^password\s*\t*required\s*\t*pam_pwquality.so\.+try_first_pass|^@include\s+common-password;
-f:/etc/pam.d/passwd -> !r:^password\s*\t*requisite\s*\t*pam_cracklib.so\.+retry=\d+|^password\s*\t*requisite\s*\t*pam_pwquality.so\.+retry=\d+|^password\s*\t*required\s*\t*pam_cracklib.so\.+retry=\d+|^password\s*\t*required\s*\t*pam_pwquality.so\.+retry=\d+|^@include\s+common-password;
-f:/etc/pam.d/common-password -> r:pam_cracklib.so && !r:minlen=\d\d+;
-f:/etc/pam.d/password-auth -> r:pam_cracklib.so && !r:minlen=\d\d+;
-f:/etc/pam.d/system-auth -> r:pam_cracklib.so && !r:minlen=\d\d+;
-f:/etc/pam.d/passwd -> r:pam_cracklib.so && !r:minlen=\d\d+;
-f:/etc/security/pwquality.conf -> !r:^minlen=\d\d+;
-f:/etc/pam.d/common-password -> r:pam_cracklib.so && !r:dcredit=\p*\d+;
-f:/etc/pam.d/password-auth -> r:pam_cracklib.so && !r:dcredit=\p*\d+;
-f:/etc/pam.d/system-auth -> r:pam_cracklib.so && !r:dcredit=\p*\d+;
-f:/etc/pam.d/passwd -> r:pam_cracklib.so && !r:dcredit=\p*\d+;
-f:/etc/security/pwquality.conf -> !r:^dcredit=\p*\d+;
-f:/etc/pam.d/common-password -> r:pam_cracklib.so && !r:lcredit=\p*\d+;
-f:/etc/pam.d/password-auth -> r:pam_cracklib.so && !r:lcredit=\p*\d+;
-f:/etc/pam.d/system-auth -> r:pam_cracklib.so && !r:lcredit=\p*\d+;
-f:/etc/pam.d/passwd -> r:pam_cracklib.so && !r:lcredit=\p*\d+;
-f:/etc/security/pwquality.conf -> !r:^lcredit=\p*\d+;
-f:/etc/pam.d/common-password -> r:pam_cracklib.so && !r:ocredit=\p*\d+;
-f:/etc/pam.d/password-auth -> r:pam_cracklib.so && !r:ocredit=\p*\d+;
-f:/etc/pam.d/system-auth -> r:pam_cracklib.so && !r:ocredit=\p*\d+;
-f:/etc/pam.d/passwd -> r:pam_cracklib.so && !r:ocredit=\p*\d+;
-f:/etc/security/pwquality.conf -> !r:^ocredit=\p*\d+;
-f:/etc/pam.d/common-password -> r:pam_cracklib.so && !r:ucredit=\p*\d+;
-f:/etc/pam.d/password-auth -> r:pam_cracklib.so && !r:ucredit=\p*\d+;
-f:/etc/pam.d/system-auth -> r:pam_cracklib.so && !r:ucredit=\p*\d+;
-f:/etc/pam.d/passwd -> r:pam_cracklib.so && !r:ucredit=\p*\d+;
-f:/etc/security/pwquality.conf -> !r:^ucredit=\p*\d+;
-#
-#
-#4 Set default password expiration / aging parameters
-[Password Hardening - 4: Set password expiration / aging parameters] [any] [https://www.thegeekdiary.com/understanding-etclogin-defs-file, https://workbench.cisecurity.org/sections/26024/recommendations/63001]
-f:/etc/default/passwd -> !r:^MAXWEEKS=\d\d$;
-f:/etc/default/passwd -> !r:^MINWEEKS=\d;
-f:/etc/default/passwd -> !r:^WARNWEEKS=\d;
-f:/etc/login.defs -> !r:^PASS_MAX_DAYS\s*\t*\d\d$;
-f:/etc/login.defs -> !r:^PASS_MIN_DAYS\s*\t*\d;
-f:/etc/login.defs -> !r:^PASS_WARN_AGE\s*\t*\d;
ossec-hids