#!/bin/bash #####Color Definitions green='\e[1;32m' yellow='\e[1;33m' red='\e[1;31m' white='\e[1;37m' purple='\e[1;34m' ##### Source code if [ "$UID" != "0" ]; then echo -e "${red}Information: You must be Root to use this script.${white}" && exit fi echo "${yellow}Report generation in progress...${white}" ##### Shell Users echo -e "########################################\n#USERS" > /tmp/Report-Security.txt echo -e "\nShell Users Avalaible :\n\n$(grep -v -E "false|nologin|sync|null|:$|^#" /etc/passwd | sed "s/^/- /g" | cut -d":" -f 1,7)\n" >> /tmp/Report-Security.txt ##### Sudoers echo -e "\n########################################\n#SUDOERS\n" >> /tmp/Report-Security.txt if [ -e /etc/group ]; then SUDOERS="$(cat /etc/group | grep 'sudo' | cut -d: -f4 | tr "," "\n" | sed 's/^/ - /g')"; echo -e "\nSudoers :\n\n$SUDOERS\n" >> /tmp/Report-Security.txt else echo "/etc/group not exist." >> /tmp/Report-Security.txt fi ##### CRONTAB USERS echo -e "\n########################################\n#CRONTAB USERS\n" >> /tmp/Report-Security.txt for user in $(cut -f1 -d: /etc/passwd); do echo -e "\nUser: $user" >> /tmp/Report-Security.txt crontab -u "$user" -l &>> /tmp/Report-Security.txt done ##### SUBSHELL PROCESS echo -e "\n########################################\n#SUBSHELL PROCESS\n" >> /tmp/Report-Security.txt echo -e "\nSubshells process :\n" >> /tmp/Report-Security.txt if [ -f /etc/shells ] ; then while read -r LINE; do if [ "$LINE" != "#*" ]; then (ps aux 2>/dev/null | grep "$LINE" | grep -v "grep") >> /tmp/Report-Security.txt || (ps | grep "$LINE" | grep -v "grep") >> /tmp/Report-Security.txt fi done < /etc/shells else (ps aux 2>/dev/null | grep -E "/bin/bash|/bin/sh|/bin/rbash|/bin/dash|/bin/ksh|/bin/tcsh" | grep -v "grep") >> /tmp/Report-Security.txt || (ps | grep -E "/bin/bash|/bin/sh|/bin/rbash|/bin/dash|/bin/ksh|/bin/tcsh" | grep -v "grep") >> /tmp/Report-Security.txt fi ##### SERVICES RUNNING echo -e "\n########################################\n#SERVICES RUNNING\n" >> /tmp/Report-Security.txt echo -e "\nServices running :\n" >> /tmp/Report-Security.txt (systemctl list-units --type=service | grep 'active running' 2>/dev/null) >> /tmp/Report-Security.txt || (service --status-all 2>/dev/null | grep "[ + ]") >> /tmp/Report-Security.txt || (ls -F /etc/init.d/ | grep '*$' | sed "s/\*//g" | sed "s/^/\/etc\/init.d\//g" | sed "s/$/ status 2>\/dev\/null/g" |sh ) >> /tmp/Report-Security.txt ##### PORTS INFORMATIONS echo -e "\n########################################\n#PORTS INFORMATIONS\n" >> /tmp/Report-Security.txt echo -e "\n Ports informations :\n" >> /tmp/Report-Security.txt echo -e "\nListening TCP ports (IPV4) :\n\n$(netstat -an |grep tcp|grep LISTEN|grep -v tcp6|awk '{ print $4}'| cut -d: -f2|sed 's/^/ - /g')\n" >> /tmp/Report-Security.txt grep -E "^PermitRootLogin yes" /etc/ssh/sshd_config &>/dev/null; if [ $? = "0" ]; then echo "PermitRootLogin : [WARNING - PermitRootLogin yes]" >> /tmp/Report-Security.txt; fi grep -E "^PermitRootLogin no" /etc/ssh/sshd_config &>/dev/null; if [ $? = "0" ]; then echo "PermitRootLogin : [Good configuration - PermitRootLogin no]" >> /tmp/Report-Security.txt; fi grep -E "^PermitRootLogin" /etc/ssh/sshd_config &>/dev/null; if [ $? = "1" ]; then echo "PermitRootLogin : PermitRootLogin not present in config file ">> /tmp/Report-Security.txt; fi echo -e "\n SSH Connections established (passive and active) : Number of connections / By IP\n">> /tmp/Report-Security.txt #PORT 22 echo "Port 22 : " >> /tmp/Report-Security.txt netstat -an |grep tcp|grep -v tcp6| grep ':22'| grep -v LISTEN |awk '{ print $5}' | cut -d: -f1 |sort|uniq -c >> /tmp/Report-Security.txt ##### SENSITIVE DIRECTORIES echo -e "\n########################################\n#SENSITIVE DIRECTORIES\n\n" >> /tmp/Report-Security.txt find / -perm 1777 -type d -exec ls -lahR {} \; 2>/dev/null >> /tmp/Report-Security.txt ##### DIRECTORIES WITH DANGEROUS RIGHTS echo -e "\n########################################\n#DIRECTORIES WITH DANGEROUS RIGHTS (777)\n" >> /tmp/Report-Security.txt find / -type d -perm 777 2>/dev/null >> /tmp/Report-Security.txt ##### END echo "PRESS Q TO QUIT REPORT." >> /tmp/Report-Security.txt less /tmp/Report-Security.txt echo -e "${green}Report in /tmp/Report-Security.txt\n${white}"