From 665454b3a28c4c2af30023b2e3e8631762027a86 Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 23 Apr 2024 16:11:01 +0100 Subject: [PATCH 1/2] updated script to latest Signed-off-by: Mark Bolwell --- run_audit.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/run_audit.sh b/run_audit.sh index 786486e..909c66b 100755 --- a/run_audit.sh +++ b/run_audit.sh @@ -15,18 +15,20 @@ # linting (thanks to @cf-sewe) # Oracle included by default if RHEL family # benchmark vars moved +# December 2023 Added goss version and testing +# April 2024 Updating of OS discovery to work for all supported OSs # Variables in upper case tend to be able to be adjusted # lower case variables are discovered or built from other variables # Goss benchmark variables (these should not need changing unless new release) -BENCHMARK=STIG # Benchmark Name aligns to the audit +BENCHMARK=STIG # Benchmark Name aligns to the audit BENCHMARK_VER=v3r14 BENCHMARK_OS=RHEL7 # Goss host Variables AUDIT_BIN="${AUDIT_BIN:-/usr/local/bin/goss}" # location of the goss executable -AUDIT_BIN_MIN_VER="0.3.21" +AUDIT_BIN_MIN_VER="0.4.4" AUDIT_FILE="${AUDIT_FILE:-goss.yml}" # the default goss file used by the audit provided by the audit configuration AUDIT_CONTENT_LOCATION="${AUDIT_CONTENT_LOCATION:-/opt}" # Location of the audit configuration file as available to the OS @@ -80,10 +82,12 @@ fi # Discover OS version aligning with audit # Define os_vendor variable -if [ "$(grep -Ec "rhel|oracle" /etc/os-release)" != 0 ]; then +if [ "$(uname -a | grep -cw amzn)" -ge 1 ]; then + os_vendor="AMAZON" +elif [ "$(grep -Ec "rhel|oracle" /etc/os-release)" != 0 ]; then os_vendor="RHEL" else - os_vendor="$(hostnamectl | grep Oper | cut -d : -f2 | awk '{print $1}' | tr '[:lower:]' '[:upper:]' )" + os_vendor="$(hostnamectl | grep Oper | cut -d : -f2 | awk '{print tolower($1)}')" fi os_maj_ver="$(grep -w VERSION_ID= /etc/os-release | awk -F\" '{print $2}' | cut -d '.' -f1)" @@ -135,7 +139,7 @@ else fi ## Set the AUDIT json string -audit_json_vars='{"benchmark_type":'"$BENCHMARK"'","benchmark_os":"'"$BENCHMARK_OS"'","benchmark_version":"'"$BENCHMARK_VER"'","machine_uuid":"'"$host_machine_uuid"'","epoch":"'"$host_epoch"'","os_locale":"'"$host_os_locale"'","os_release":"'"$host_os_version"'","os_distribution":"'"$host_os_name"'","os_hostname":"'"$host_os_hostname"'","auto_group":"'"$host_auto_group"'","system_type":"'"$host_system_type"'"}' +audit_json_vars='{"benchmark_type":"'"$BENCHMARK"'","benchmark_os":"'"$BENCHMARK_OS"'","benchmark_version":"'"$BENCHMARK_VER"'","machine_uuid":"'"$host_machine_uuid"'","epoch":"'"$host_epoch"'","os_locale":"'"$host_os_locale"'","os_release":"'"$host_os_version"'","os_distribution":"'"$host_os_name"'","os_hostname":"'"$host_os_hostname"'","auto_group":"'"$host_auto_group"'","system_type":"'"$host_system_type"'"}' ## Run pre checks From d697fbfe82384ea8bee64060454eb2fb70ed503e Mon Sep 17 00:00:00 2001 From: Mark Bolwell Date: Tue, 23 Apr 2024 16:12:31 +0100 Subject: [PATCH 2/2] updated script to latest Signed-off-by: Mark Bolwell --- run_audit.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run_audit.sh b/run_audit.sh index 909c66b..1103263 100755 --- a/run_audit.sh +++ b/run_audit.sh @@ -28,7 +28,7 @@ BENCHMARK_OS=RHEL7 # Goss host Variables AUDIT_BIN="${AUDIT_BIN:-/usr/local/bin/goss}" # location of the goss executable -AUDIT_BIN_MIN_VER="0.4.4" +AUDIT_BIN_MIN_VER="0.3.21" AUDIT_FILE="${AUDIT_FILE:-goss.yml}" # the default goss file used by the audit provided by the audit configuration AUDIT_CONTENT_LOCATION="${AUDIT_CONTENT_LOCATION:-/opt}" # Location of the audit configuration file as available to the OS