Closed 72nomada closed 1 year ago
Target version | Related issue | Related PR |
---|---|---|
4.4.0 | #3390 | https://github.com/wazuh/wazuh/pull/15051 |
Check ID | Check Name | Implemented | Ready for review | QA review |
---|---|---|---|---|
1.2 | Configure Software Updates | ā« | ||
1.2.1 | Ensure package manager repositories are configured (Manual) | š“ | Not implemented | |
1.2.2 | Ensure GPG keys are configured (Manual) | š“ | Not implemented | |
1.3 | Filesystem Integrity Checking | ā« | ||
1.3.1 | Ensure AIDE is installed (Automated) | š¢ | ||
1.3.2 | Ensure filesystem integrity is regularly checked (Automated) | š“ | Not implemented | |
1.4 | Secure Boot Settings | ā« | ||
1.4.1 | Ensure bootloader password is set (Automated) | š¢ | ||
1.4.2 | Ensure permissions on bootloader config are configured (Automated) | š¢ | ||
1.4.3 | Ensure authentication required for single user mode (Automated) | š¢ | ||
1.5 | Additional Process Hardening | ā« | ||
1.5.1 | Ensure address space layout randomization (ASLR) is enabled (Automated) | š“ | Not implemented | |
1.5.2 | Ensure prelink is not installed (Automated) | š¢ | ||
1.5.3 | Ensure Automatic Error Reporting is not enabled (Automated) | š¢ | ||
1.5.4 | Ensure core dumps are restricted (Automated) | š¢ | ||
1.6 | Mandatory Access Control | ā« | ||
1.6.1 | Configure AppArmor | ā« | ||
1.6.1.1 | Ensure AppArmor is installed (Automated) | š¢ | ||
1.6.1.2 | Ensure AppArmor is enabled in the bootloader configuration (Automated) | š¢ | ||
1.6.1.3 | Ensure all AppArmor Profiles are in enforce or complain mode (Automated) | š¢ | ||
1.6.1.4 | Ensure all AppArmor Profiles are enforcing (Automated) | š¢ | ||
1.7 | Command Line Warning Banners | ā« | ||
1.7.1 | Ensure message of the day is configured properly (Automated) | š¢ | ||
1.7.2 | Ensure local login warning banner is configured properly (Automated) | š¢ | ||
1.7.3 | Ensure remote login warning banner is configured properly (Automated) | š¢ | ||
1.7.4 | Ensure permissions on /etc/motd are configured (Automated) | š¢ | ||
1.7.5 | Ensure permissions on /etc/issue are configured (Automated) | š¢ | ||
1.7.6 | Ensure permissions on /etc/issue.net are configured (Automated) | š¢ |
Tester | PR commit |
---|---|
@Rebits | 399e401 |
OS | OS version | Deployment | Image/AMI |
---|---|---|---|
Ubuntu | 22 | EC2 | ami-003530de8839921c4 |
OS | Package |
---|---|
Ubuntu | Manager |
Solved syntax and rules Issues. please review faulted checks 1.3.1-1.6.1.2
Content checks are case-sensitive.
. However, this is not the case. :yellow_circle: Update 02/11/2022
No full manual testing was performed due to some of the errors specified in the first testing were not solved. If any of the proposed suggestions does not proceed, it requires validation for the developer, @fabamatic, and the @wazuh/qa. For more information review the Multiple checks from the previous testing were not fixed
check.
Sorry about previous request. Found errors should be fixed now
Sorry again, somehow commited wrong format in 1.5.4. Should be fixed now
š¢ | Solved |
All bugs encountered and reported have been solved in this development:
(1) Error in rules and checks š¢
Hello,
I think that rule 1.4.3 has wrong regexp:
f:/etc/shadow -> r:^root:\$\d+
it checks if the password hash starts with "$" and digit, but the password hash can also start with "$" and a letter:
Will review, will open issue in the wazuh/wazuh repo for better tracking.
Thanks.