Last active
August 1, 2023 05:58
-
-
Save timb-machine/ba98213151c72d9655290f6207665fe7 to your computer and use it in GitHub Desktop.
Revisions
-
timb-machine revised this gist
Aug 1, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -55,7 +55,7 @@ checks: glob: false permissions: "-o+w" permission: true hash: false contents: false stderr: false encode: "" -
Jul 30, 2023 . 1 changed file with 93 additions and 109 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,109 +1,93 @@ platformtags: - "linux" checks: - type: "Informational" checks: - name: "Platform" exec: - command: "uname" stderr: true encode: "" - type: "File System" checks: - name: "Partitions" exec: - command: "mount" - name: "Important files" file: - name: "/etc/shadow" glob: false permission: true hash: false contents: true stderr: true encode: "" - name: "/Users/*/.ssh/id_*sa" glob: true permission: true hash: true contents: false stderr: false encode: "" directory: - path: "/etc/init.d" glob: false permission: true hash: false contents: true stderr: true encode: "" - path: "/Users/*/.ssh" glob: true permission: true hash: true contents: true stderr: true encode: "base64" search: - path: "/Users/*/.ssh/" glob: true hash: false contents: true stderr: false encode: "" - path: "/opt" glob: false permissions: "-o+w" permission: true /ash: false contents: false stderr: false encode: "" - path: "/var/www" glob: false mask: ".htpasswd*" hash: true permission: true contents: true stderr: false encode: "" - path: "/" glob: false permissions: "-u+s" permission: true hash: false contents: true stderr: true encode: "base64" - path: "/" glob: false user: "" permission: true hash: false contents: false stderr: false encode: "" - path: "/" glob: false group: "" permission: true hash: false contents: false stderr: false encode: "" -
Jul 30, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -77,7 +77,7 @@ permission: true hash: false contents: true stderr: true encode: "base64" platformtags: - "solaris" -
Jul 30, 2023 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -49,7 +49,7 @@ - "aix" search: - path: "/opt" permissions: "-o+w" permission: true hash: false contents: false @@ -73,7 +73,7 @@ - "aix" - path: "/" glob: false permissions: "-u+s" permission: true hash: false contents: true -
Jul 30, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -73,7 +73,7 @@ - "aix" - path: "/" glob: false permissions: "+u+s" permission: true hash: false contents: true -
Jul 30, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -47,7 +47,7 @@ - "solaris" - "linux" - "aix" search: - path: "/opt" permissions: "+o+w" permission: true -
Jul 30, 2023 . 1 changed file with 37 additions and 13 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -2,9 +2,9 @@ tags: - "informational" exec: - command: "uname" stderr: true encode: "" file: - name: "/etc/shadow" glob: false @@ -16,7 +16,7 @@ platformtags: - "solaris" - "linux" - name: "/Users/*/.ssh/id_*sa" glob: true permission: true hash: true @@ -29,20 +29,20 @@ - "aix" directory: - path: "/etc/init.d" glob: false permission: true contents: true stderr: true encode: "" platformtags: - "solaris" - "linux" - path: "/Users/*/.ssh" glob: true permission: true contents: true stderr: true encode: "base64" platformtags: - "solaris" - "linux" @@ -60,25 +60,49 @@ - "linux" - "aix" - path: "/var/www" glob: true mask: ".htpasswd*" hash: true permission: true contents: true stderr: false encode: "" platformtags: - "solaris" - "linux" - "aix" - path: "/" glob: false permissions: "u+s" permission: true hash: false contents: true stderr: false encode: "base64" platformtags: - "solaris" - "linux" - "aix" - path: "/" glob: false user: "" permission: true hash: false contents: false stderr: false encode: "" platformtags: - "solaris" - "linux" - "aix" - path: "/" glob: false group: "" permission: true hash: false contents: false stderr: false encode: "" platformtags: - "solaris" - "linux" -
Jul 30, 2023 . 1 changed file with 4 additions and 7 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ - name: "unix-audit DSL prototype" tags: - "informational" exec: @@ -7,20 +7,20 @@ encode: "" file: - name: "/etc/shadow" glob: false permission: true hash: false contents: true stderr: true encode: "" platformtags: - "solaris" - "linux" - name: "/home/*/.ssh/id_*sa" glob: true permission: true hash: true contents: false stderr: false encode: "" platformtags: @@ -53,7 +53,6 @@ permission: true hash: false contents: false stderr: false encode: "" platformtags: @@ -67,7 +66,6 @@ hash: true permission: true contents: false stderr: false encode: "" platformtags: @@ -79,7 +77,6 @@ permission: true hash: false contents: true stderr: false encode: "base64" platformtags: -
Jul 30, 2023 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ - name: "checkname" tags: - "informational" exec: -
Jul 29, 2023 . 1 changed file with 5 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,7 +1,10 @@ - name: <checkname> tags: - "informational" exec: - command: "echo command" stderr: true encode: "" file: - name: "/etc/shadow" permission: true @@ -44,7 +47,7 @@ - "solaris" - "linux" - "aix" find: - path: "/opt" permissions: "+o+w" permission: true -
Jul 29, 2023 . 1 changed file with 28 additions and 4 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,6 @@ - name: <checkname> tags: - "informational" command: "echo command" file: - name: "/etc/shadow" @@ -12,26 +10,40 @@ glob: false stderr: true encode: "" platformtags: - "solaris" - "linux" - name: "/home/*/.ssh/id_*sa" permission: true hash: false contents: false glob: true stderr: false encode: "" platformtags: - "solaris" - "linux" - "aix" directory: - path: "/etc/init.d" permission: true contents: true glob: false stderr: true encode: "" platformtags: - "solaris" - "linux" - path: "/home/*/.ssh" permission: true contents: true glob: true stderr: false encode: "" platformtags: - "solaris" - "linux" - "aix" search: - path: "/opt" permissions: "+o+w" @@ -41,6 +53,10 @@ glob: false stderr: false encode: "" platformtags: - "solaris" - "linux" - "aix" - path: "/var/www" mask: - name: ".htpasswd*" @@ -51,11 +67,19 @@ glob: false stderr: false encode: "" platformtags: - "solaris" - "linux" - "aix" - path: "/" permissions: "+u+s" permission: true hash: false contents: true glob: false stderr: false encode: "base64" platformtags: - "solaris" - "linux" - "aix" -
Jul 28, 2023 . 1 changed file with 22 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -10,32 +10,52 @@ hash: false contents: true glob: false stderr: true encode: "" - name: "/home/*/.ssh/id_*sa" permission: true hash: false contents: false glob: true stderr: false encode: "" directory: - path: "/etc/init.d" permission: true contents: true glob: false stderr: true encode: "" - path: "/home/*/.ssh" permission: true contents: true glob: true stderr: false encode: "" search: - path: "/opt" permissions: "+o+w" permission: true hash: false contents: false glob: false stderr: false encode: "" - path: "/var/www" mask: - name: ".htpasswd*" glob: true hash: true permission: true contents: false glob: false stderr: false encode: "" - path: "/" permissions: "+u+s" permission: true hash: false contents: true glob: false stderr: false encode: "base64" -
Jul 28, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,41 @@ - name: <checkname> tags: - solaris - aix - linux command: "echo command" file: - name: "/etc/shadow" permission: true hash: false contents: true glob: false - name: "/home/*/.ssh/id_*sa" permission: true hash: false contents: false glob: true directory: - path: "/etc/init.d" permission: true contents: true glob: false - path: "/home/*/.ssh" permission: true contents: true glob: true search: - path: "/opt" permissions: +o+w permission: true hash: false contents: false glob: false - path: "/var/www" mask: - name: ".htpasswd*" glob: true hash: true permission: true contents: false glob: false