CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update features check

Browse Source 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
This commit is contained in:
reyesj2
2024-01-18 16:06:53 -05:00
parent 65d46ea27d
commit caf4036dbf
1 changed files with 33 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
salt/common/tools/sbin/so-common-status-check
View File

@@ -38,27 +38,22 @@ def check_needs_restarted():
f.write(val) f.write(val)
def check_for_fips(): def check_for_fips():
os = __grains__['os'] fips = 0
fips = False
# Only checking fully supported OS
if os == 'OEL':
try: try:
result = subprocess.run(['fips-mode-setup', '--is-enabled'], check=True, stdout=subprocess.PIPE) result = subprocess.run(['fips-mode-setup', '--is-enabled'], check=True, stdout=subprocess.PIPE)
fips = result.returncode == 0 fips = int(result.returncode == 0)
except FileNotFoundError: except FileNotFoundError:
with open('/proc/sys/crypto/fips_enabled', 'r') as f: with open('/proc/sys/crypto/fips_enabled', 'r') as f:
contents = f.read() contents = f.read()
if '1' in contents: if '1' in contents:
fips = True fips = 1
else: else:
fips = False fips = 0
return fips with open('/opt/so/log/sostatus/fips_enabled', 'w') as f:
f.write(str(fips))
def check_for_luks(): def check_for_luks():
os = __grains__['os'] luks = 0
luks = False
# Only checking fully supported OS
if os == 'OEL':
result = subprocess.run(['lsblk', '-p', '-J'], check=True, stdout=subprocess.PIPE) result = subprocess.run(['lsblk', '-p', '-J'], check=True, stdout=subprocess.PIPE)
data = json.loads(result.stdout) data = json.loads(result.stdout)
for device in data['blockdevices']: for device in data['blockdevices']:
@@ -67,20 +62,15 @@ def check_for_luks():
if 'children' in gc: if 'children' in gc:
try: try:
result = subprocess.run(['cryptsetup', 'isLuks', gc['name']], check=True, stdout=subprocess.PIPE) result = subprocess.run(['cryptsetup', 'isLuks', gc['name']], check=True, stdout=subprocess.PIPE)
luks = result.returncode == 0 luks = int(result.returncode == 0)
except FileNotFoundError: except FileNotFoundError:
for ggc in gc['children']: for ggc in gc['children']:
if 'crypt' in ggc['type']: if 'crypt' in ggc['type']:
luks = True luks = 1
if luks: if luks:
break break
return luks with open('/opt/so/log/sostatus/luks_enabled', 'w') as f:
f.write(str(luks))
def check_features():
fips = check_for_fips()
luks = check_for_luks()
with open('/opt/so/log/sostatus/features-check.log', 'w') as f:
f.write("featuresdetected fips={},luks={}".format(fips,luks))
def fail(msg): def fail(msg):
print(msg, file=sys.stderr) print(msg, file=sys.stderr)
@@ -92,7 +82,8 @@ def main():
fail("This program must be run as root") fail("This program must be run as root")
check_needs_restarted() check_needs_restarted()
check_features() check_for_fips()
check_for_luks()
if __name__ == "__main__": if __name__ == "__main__":
main() main()