CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
97e2721754da836aab4e774784a33cc99750a16f
securityonion/salt/common/tools/sbin/so-common-status-check
reyesj2 07602076f1 Update telegraf script 
Signed-off-by: reyesj2 <94730068+reyesj2@users.noreply.github.com>
2024-01-18 16:48:16 -05:00

93 lines
2.9 KiB
Python
Raw Blame History

#!/usr/bin/env python3
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
import sys
import subprocess
import os
import json
sys.path.append('/opt/saltstack/salt/lib/python3.10/site-packages/')
import salt.config
import salt.loader
__opts__ = salt.config.minion_config('/etc/salt/minion')
__grains__ = salt.loader.grains(__opts__)
def check_needs_restarted():
osfam = __grains__['os_family']
val = '0'
outfile = "/opt/so/log/sostatus/needs_restarted"
if osfam == 'Debian':
if os.path.exists('/var/run/reboot-required'):
val = '1'
elif osfam == 'RedHat':
cmd = 'needs-restarting -r > /dev/null 2>&1'
try:
needs_restarting = subprocess.check_call(cmd, shell=True)
except subprocess.CalledProcessError:
val = '1'
else:
fail("Unsupported OS")
with open(outfile, 'w') as f:
f.write(val)
def check_for_fips():
fips = 0
try:
result = subprocess.run(['fips-mode-setup', '--is-enabled'], check=True, stdout=subprocess.PIPE)
fips = int(result.returncode == 0)
except FileNotFoundError:
with open('/proc/sys/crypto/fips_enabled', 'r') as f:
contents = f.read()
if '1' in contents:
fips = 1
else:
fips = 0
with open('/opt/so/log/sostatus/fips_enabled', 'w') as f:
f.write(str(fips))
def check_for_luks():
luks = 0
result = subprocess.run(['lsblk', '-p', '-J'], check=True, stdout=subprocess.PIPE)
data = json.loads(result.stdout)
for device in data['blockdevices']:
if 'children' in device:
for gc in device['children']:
if 'children' in gc:
try:
result = subprocess.run(['cryptsetup', 'isLuks', gc['name']], check=True, stdout=subprocess.PIPE)
luks = int(result.returncode == 0)
except FileNotFoundError:
for ggc in gc['children']:
if 'crypt' in ggc['type']:
luks = 1
if luks:
break
with open('/opt/so/log/sostatus/luks_enabled', 'w') as f:
f.write(str(luks))
def fail(msg):
print(msg, file=sys.stderr)
sys.exit(1)
def main():
proc = subprocess.run(['id', '-u'], stdout=subprocess.PIPE, encoding="utf-8")
if proc.stdout.strip() != "0":
fail("This program must be run as root")
# Ensure that umask is 0022 so that files created by this script have rw-r-r permissions
org_umask = os.umask(0o022)
check_needs_restarted()
check_for_fips()
check_for_luks()
# Restore umask to whatever value was set before this script was run. STIG sets to 0077 rw---
os.umask(org_umask)
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink