git.infertux.com sysechk / v0.1
v0.1

Tree @v0.1 (Download .tar.gz)

        _           _             _
       / /\        / /\         /\ \
      / /  \      / /  \       /  \ \
     / / /\ \__  / / /\ \__   / /\ \ \
    / / /\ \___\/ / /\ \___\ / / /\ \ \
    \ \ \ \/___/\ \ \ \/___// / /  \ \_\
     \ \ \       \ \ \     / / /    \/_/
 _    \ \ \  _    \ \ \   / / /
/_/\__/ / / /_/\__/ / /  / / /________
\ \/___/ /  \ \/___/ /  / / /_________\
 \_____\/    \_____\/   \/____________/


System Security Checker is a bundle of small shell scripts to test your computer
security (released under AGPL).

All scripts run in read-only mode and will never modify any file on your system.
They rather print actions that should be done to improve system security.
You always have the last word (see Disclaimer bellow).

Test scripts come from various sources:
  - Common Configuration Enumeration (CCE™)
    all files named CCE-<ID>.sh (<ID> is the official CCE's ID)
    <https://cce.mitre.org/lists/cce_list.html>

  - Guide to the Secure Configuration of Red Hat Enterprise Linux 5
    all files named NSA-<ID>.sh (<ID> is the section number in the PDF bellow)
    <https://www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf>

  - other common best practices from here and there (custom tests)
    all files named SSC-<ID>.sh (<ID> is an incremental counter)

WARNING: This is a beta release still under active development!


 _
/   _  ._ _  ._   _. _|_ o |_  o | o _|_
\_ (_) | | | |_) (_|  |_ | |_) | | |  |_ \/
-------------|---------------------------/-

The primarily targeted OS are Fedora, CentOS & Debian.
Other distributions might have fewer tests.
Since CentOS is fully compatible, RHEL should be too (not tested tough).
Tests should be applicable to all variants (Desktop & Server) of each OS.


 _                                                       /(        )`
| \ o  _  _ |  _. o ._ _   _  ._                         \ \___   / |
|_/ | _> (_ | (_| | | | | (/_ |                          /- _  `-/  '
--------------------------------                        (/\/ \ \   /\
                                                        / /   | `    \
Do not attempt to implement any of the                  O O   ) /    |
recommendations without first testing in                `-^--'`<     '
a non-production environment.                          (_.)  _  )   /
                                                        `.___/`    /
This software containing recommended                      `-----' /
security settings. It is not meant to        <----.     __ / __   \
replace well-structured policy or sound      <----|====O)))==) \) /====
judgment. Furthermore this software does     <----'    `--' `.__,' \
not address site-specific configuration                   |        |
concerns.                                                  \       /
                                                      ______( (_  / \______
                                                    ,'  ,-----'   |        \
| |  _  _.  _   _                                   `--{__________)        \/
|_| _> (_| (_| (/_
------------_|----

# Clone the last version of SSC.
git clone https://github.com/infertux/sysechk.git
cd sysechk

# Or if you have already cloned it before, update it.
cd sysechk
git pull

# As a security tool, SSC does not feel comfortable when it has too much
# permissions and because Git does not keep file permissions, you have to run
# this little script after the git clone/pull.
./tools/fix_perms.sh

# Now, check if your system has all required tools (sed, grep, awk, etc.).
# It will print only "Done." if all dependencies are satisfied.
./tools/check_env.sh

# Finally, run all tests (it may take a while).
./run_tests.sh

# You can also run each test individually.
./tests/<test>.sh


 _
|_)      _   _
|_) |_| (_| _>
---------_|---

Writing test scripts is probably the most boring part of this application but
it is also a challenging one to write quick and pretty shell scripts.
Every script does one test but does it well (UNIX way ;)).

I am not a Bash guru! There are probably bugs or optimizations that can be done
in test scripts. Any patches are welcome! :)