Split Template App Security into 2 independent templates: Iptables, Fail2Ban
Move userparameter selinux-enable, from security.conf into selinux.conf Move userparameters from security.conf into iptables.conf and linux.conf Added squid.conf file and Template App Squid
This commit is contained in:
parent
5b30b27592
commit
1f672d0312
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,370 +0,0 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<zabbix_export>
|
|
||||||
<version>3.0</version>
|
|
||||||
<date>2016-05-02T08:53:53Z</date>
|
|
||||||
<groups>
|
|
||||||
<group>
|
|
||||||
<name>Zabbix Templates</name>
|
|
||||||
</group>
|
|
||||||
</groups>
|
|
||||||
<templates>
|
|
||||||
<template>
|
|
||||||
<template>Template Security</template>
|
|
||||||
<name>Template Security</name>
|
|
||||||
<description/>
|
|
||||||
<groups>
|
|
||||||
<group>
|
|
||||||
<name>Zabbix Templates</name>
|
|
||||||
</group>
|
|
||||||
</groups>
|
|
||||||
<applications>
|
|
||||||
<application>
|
|
||||||
<name>Security</name>
|
|
||||||
</application>
|
|
||||||
</applications>
|
|
||||||
<items>
|
|
||||||
<item>
|
|
||||||
<name>Fail2ban is enabled in autostart</name>
|
|
||||||
<type>0</type>
|
|
||||||
<snmp_community/>
|
|
||||||
<multiplier>0</multiplier>
|
|
||||||
<snmp_oid/>
|
|
||||||
<key>chkconfig[fail2ban]</key>
|
|
||||||
<delay>1800</delay>
|
|
||||||
<history>30</history>
|
|
||||||
<trends>365</trends>
|
|
||||||
<status>0</status>
|
|
||||||
<value_type>3</value_type>
|
|
||||||
<allowed_hosts/>
|
|
||||||
<units/>
|
|
||||||
<delta>0</delta>
|
|
||||||
<snmpv3_contextname/>
|
|
||||||
<snmpv3_securityname/>
|
|
||||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
|
||||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
|
||||||
<snmpv3_authpassphrase/>
|
|
||||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
|
||||||
<snmpv3_privpassphrase/>
|
|
||||||
<formula>1</formula>
|
|
||||||
<delay_flex/>
|
|
||||||
<params/>
|
|
||||||
<ipmi_sensor/>
|
|
||||||
<data_type>3</data_type>
|
|
||||||
<authtype>0</authtype>
|
|
||||||
<username/>
|
|
||||||
<password/>
|
|
||||||
<publickey/>
|
|
||||||
<privatekey/>
|
|
||||||
<port/>
|
|
||||||
<description/>
|
|
||||||
<inventory_link>0</inventory_link>
|
|
||||||
<applications>
|
|
||||||
<application>
|
|
||||||
<name>Security</name>
|
|
||||||
</application>
|
|
||||||
</applications>
|
|
||||||
<valuemap/>
|
|
||||||
<logtimefmt/>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<name>iptables is enabled in autostart</name>
|
|
||||||
<type>0</type>
|
|
||||||
<snmp_community/>
|
|
||||||
<multiplier>0</multiplier>
|
|
||||||
<snmp_oid/>
|
|
||||||
<key>chkconfig[iptables]</key>
|
|
||||||
<delay>1800</delay>
|
|
||||||
<history>30</history>
|
|
||||||
<trends>365</trends>
|
|
||||||
<status>0</status>
|
|
||||||
<value_type>3</value_type>
|
|
||||||
<allowed_hosts/>
|
|
||||||
<units/>
|
|
||||||
<delta>0</delta>
|
|
||||||
<snmpv3_contextname/>
|
|
||||||
<snmpv3_securityname/>
|
|
||||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
|
||||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
|
||||||
<snmpv3_authpassphrase/>
|
|
||||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
|
||||||
<snmpv3_privpassphrase/>
|
|
||||||
<formula>1</formula>
|
|
||||||
<delay_flex/>
|
|
||||||
<params/>
|
|
||||||
<ipmi_sensor/>
|
|
||||||
<data_type>3</data_type>
|
|
||||||
<authtype>0</authtype>
|
|
||||||
<username/>
|
|
||||||
<password/>
|
|
||||||
<publickey/>
|
|
||||||
<privatekey/>
|
|
||||||
<port/>
|
|
||||||
<description/>
|
|
||||||
<inventory_link>0</inventory_link>
|
|
||||||
<applications>
|
|
||||||
<application>
|
|
||||||
<name>Security</name>
|
|
||||||
</application>
|
|
||||||
</applications>
|
|
||||||
<valuemap/>
|
|
||||||
<logtimefmt/>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<name>Firewall enabled</name>
|
|
||||||
<type>0</type>
|
|
||||||
<snmp_community/>
|
|
||||||
<multiplier>0</multiplier>
|
|
||||||
<snmp_oid/>
|
|
||||||
<key>firewall-enabled</key>
|
|
||||||
<delay>90</delay>
|
|
||||||
<history>30</history>
|
|
||||||
<trends>365</trends>
|
|
||||||
<status>0</status>
|
|
||||||
<value_type>3</value_type>
|
|
||||||
<allowed_hosts/>
|
|
||||||
<units/>
|
|
||||||
<delta>0</delta>
|
|
||||||
<snmpv3_contextname/>
|
|
||||||
<snmpv3_securityname/>
|
|
||||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
|
||||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
|
||||||
<snmpv3_authpassphrase/>
|
|
||||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
|
||||||
<snmpv3_privpassphrase/>
|
|
||||||
<formula>1</formula>
|
|
||||||
<delay_flex/>
|
|
||||||
<params/>
|
|
||||||
<ipmi_sensor/>
|
|
||||||
<data_type>3</data_type>
|
|
||||||
<authtype>0</authtype>
|
|
||||||
<username/>
|
|
||||||
<password/>
|
|
||||||
<publickey/>
|
|
||||||
<privatekey/>
|
|
||||||
<port/>
|
|
||||||
<description/>
|
|
||||||
<inventory_link>0</inventory_link>
|
|
||||||
<applications>
|
|
||||||
<application>
|
|
||||||
<name>Security</name>
|
|
||||||
</application>
|
|
||||||
</applications>
|
|
||||||
<valuemap>
|
|
||||||
<name>Service state</name>
|
|
||||||
</valuemap>
|
|
||||||
<logtimefmt/>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<name>Checksum of iptables policy</name>
|
|
||||||
<type>0</type>
|
|
||||||
<snmp_community/>
|
|
||||||
<multiplier>0</multiplier>
|
|
||||||
<snmp_oid/>
|
|
||||||
<key>firewall-md5</key>
|
|
||||||
<delay>1800</delay>
|
|
||||||
<history>30</history>
|
|
||||||
<trends>365</trends>
|
|
||||||
<status>0</status>
|
|
||||||
<value_type>3</value_type>
|
|
||||||
<allowed_hosts/>
|
|
||||||
<units/>
|
|
||||||
<delta>0</delta>
|
|
||||||
<snmpv3_contextname/>
|
|
||||||
<snmpv3_securityname/>
|
|
||||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
|
||||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
|
||||||
<snmpv3_authpassphrase/>
|
|
||||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
|
||||||
<snmpv3_privpassphrase/>
|
|
||||||
<formula>1</formula>
|
|
||||||
<delay_flex/>
|
|
||||||
<params/>
|
|
||||||
<ipmi_sensor/>
|
|
||||||
<data_type>0</data_type>
|
|
||||||
<authtype>0</authtype>
|
|
||||||
<username/>
|
|
||||||
<password/>
|
|
||||||
<publickey/>
|
|
||||||
<privatekey/>
|
|
||||||
<port/>
|
|
||||||
<description/>
|
|
||||||
<inventory_link>0</inventory_link>
|
|
||||||
<applications>
|
|
||||||
<application>
|
|
||||||
<name>Security</name>
|
|
||||||
</application>
|
|
||||||
</applications>
|
|
||||||
<valuemap/>
|
|
||||||
<logtimefmt/>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<name>Fail2Ban service is running</name>
|
|
||||||
<type>0</type>
|
|
||||||
<snmp_community/>
|
|
||||||
<multiplier>0</multiplier>
|
|
||||||
<snmp_oid/>
|
|
||||||
<key>proc.num[fail2ban-server]</key>
|
|
||||||
<delay>60</delay>
|
|
||||||
<history>30</history>
|
|
||||||
<trends>365</trends>
|
|
||||||
<status>0</status>
|
|
||||||
<value_type>3</value_type>
|
|
||||||
<allowed_hosts/>
|
|
||||||
<units/>
|
|
||||||
<delta>0</delta>
|
|
||||||
<snmpv3_contextname/>
|
|
||||||
<snmpv3_securityname/>
|
|
||||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
|
||||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
|
||||||
<snmpv3_authpassphrase/>
|
|
||||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
|
||||||
<snmpv3_privpassphrase/>
|
|
||||||
<formula>1</formula>
|
|
||||||
<delay_flex/>
|
|
||||||
<params/>
|
|
||||||
<ipmi_sensor/>
|
|
||||||
<data_type>0</data_type>
|
|
||||||
<authtype>0</authtype>
|
|
||||||
<username/>
|
|
||||||
<password/>
|
|
||||||
<publickey/>
|
|
||||||
<privatekey/>
|
|
||||||
<port/>
|
|
||||||
<description/>
|
|
||||||
<inventory_link>0</inventory_link>
|
|
||||||
<applications>
|
|
||||||
<application>
|
|
||||||
<name>Security</name>
|
|
||||||
</application>
|
|
||||||
</applications>
|
|
||||||
<valuemap/>
|
|
||||||
<logtimefmt/>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<name>Users with UID 0</name>
|
|
||||||
<type>0</type>
|
|
||||||
<snmp_community/>
|
|
||||||
<multiplier>0</multiplier>
|
|
||||||
<snmp_oid/>
|
|
||||||
<key>root_users</key>
|
|
||||||
<delay>30</delay>
|
|
||||||
<history>90</history>
|
|
||||||
<trends>365</trends>
|
|
||||||
<status>0</status>
|
|
||||||
<value_type>3</value_type>
|
|
||||||
<allowed_hosts/>
|
|
||||||
<units/>
|
|
||||||
<delta>0</delta>
|
|
||||||
<snmpv3_contextname/>
|
|
||||||
<snmpv3_securityname/>
|
|
||||||
<snmpv3_securitylevel>0</snmpv3_securitylevel>
|
|
||||||
<snmpv3_authprotocol>0</snmpv3_authprotocol>
|
|
||||||
<snmpv3_authpassphrase/>
|
|
||||||
<snmpv3_privprotocol>0</snmpv3_privprotocol>
|
|
||||||
<snmpv3_privpassphrase/>
|
|
||||||
<formula>1</formula>
|
|
||||||
<delay_flex/>
|
|
||||||
<params/>
|
|
||||||
<ipmi_sensor/>
|
|
||||||
<data_type>0</data_type>
|
|
||||||
<authtype>0</authtype>
|
|
||||||
<username/>
|
|
||||||
<password/>
|
|
||||||
<publickey/>
|
|
||||||
<privatekey/>
|
|
||||||
<port/>
|
|
||||||
<description/>
|
|
||||||
<inventory_link>0</inventory_link>
|
|
||||||
<applications>
|
|
||||||
<application>
|
|
||||||
<name>Security</name>
|
|
||||||
</application>
|
|
||||||
</applications>
|
|
||||||
<valuemap/>
|
|
||||||
<logtimefmt/>
|
|
||||||
</item>
|
|
||||||
</items>
|
|
||||||
<discovery_rules/>
|
|
||||||
<macros/>
|
|
||||||
<templates/>
|
|
||||||
<screens/>
|
|
||||||
</template>
|
|
||||||
</templates>
|
|
||||||
<triggers>
|
|
||||||
<trigger>
|
|
||||||
<expression>{Template Security:chkconfig[fail2ban].last(0)}=0</expression>
|
|
||||||
<name>Fail2ban is not enabled in autostart</name>
|
|
||||||
<url/>
|
|
||||||
<status>0</status>
|
|
||||||
<priority>2</priority>
|
|
||||||
<description/>
|
|
||||||
<type>0</type>
|
|
||||||
<dependencies/>
|
|
||||||
</trigger>
|
|
||||||
<trigger>
|
|
||||||
<expression>{Template Security:proc.num[fail2ban-server].sum(#3)}=0</expression>
|
|
||||||
<name>Fail2Ban service is down</name>
|
|
||||||
<url/>
|
|
||||||
<status>0</status>
|
|
||||||
<priority>3</priority>
|
|
||||||
<description/>
|
|
||||||
<type>0</type>
|
|
||||||
<dependencies/>
|
|
||||||
</trigger>
|
|
||||||
<trigger>
|
|
||||||
<expression>{Template Security:firewall-enabled.last(0)}=0</expression>
|
|
||||||
<name>Firewall is disabled</name>
|
|
||||||
<url/>
|
|
||||||
<status>0</status>
|
|
||||||
<priority>3</priority>
|
|
||||||
<description/>
|
|
||||||
<type>0</type>
|
|
||||||
<dependencies/>
|
|
||||||
</trigger>
|
|
||||||
<trigger>
|
|
||||||
<expression>{Template Security:firewall-md5.diff(0)}<>0</expression>
|
|
||||||
<name>iptables has been changed</name>
|
|
||||||
<url/>
|
|
||||||
<status>0</status>
|
|
||||||
<priority>1</priority>
|
|
||||||
<description/>
|
|
||||||
<type>0</type>
|
|
||||||
<dependencies/>
|
|
||||||
</trigger>
|
|
||||||
<trigger>
|
|
||||||
<expression>{Template Security:chkconfig[iptables].last(0)}=0</expression>
|
|
||||||
<name>iptables is not enabled in autostart</name>
|
|
||||||
<url/>
|
|
||||||
<status>0</status>
|
|
||||||
<priority>2</priority>
|
|
||||||
<description/>
|
|
||||||
<type>0</type>
|
|
||||||
<dependencies/>
|
|
||||||
</trigger>
|
|
||||||
<trigger>
|
|
||||||
<expression>{Template Security:root_users.change()}>1</expression>
|
|
||||||
<name>Users with UID 0</name>
|
|
||||||
<url/>
|
|
||||||
<status>0</status>
|
|
||||||
<priority>4</priority>
|
|
||||||
<description>trigger checks the system, if there are more users with the UID 0 than 1</description>
|
|
||||||
<type>0</type>
|
|
||||||
<dependencies/>
|
|
||||||
</trigger>
|
|
||||||
</triggers>
|
|
||||||
<value_maps>
|
|
||||||
<value_map>
|
|
||||||
<name>Service state</name>
|
|
||||||
<mappings>
|
|
||||||
<mapping>
|
|
||||||
<value>0</value>
|
|
||||||
<newvalue>Down</newvalue>
|
|
||||||
</mapping>
|
|
||||||
<mapping>
|
|
||||||
<value>1</value>
|
|
||||||
<newvalue>Up</newvalue>
|
|
||||||
</mapping>
|
|
||||||
</mappings>
|
|
||||||
</value_map>
|
|
||||||
</value_maps>
|
|
||||||
</zabbix_export>
|
|
@ -1,5 +1,7 @@
|
|||||||
UserParameter=nfs[*], df | grep -cw $1
|
UserParameter=nfs[*],df | grep -cw $1
|
||||||
UserParameter=mount[*], df | grep -c $1
|
UserParameter=mount[*],df | grep -c $1
|
||||||
|
UserParameter=mount2[*],mount | grep -c '$1'
|
||||||
|
UserParameter=stat[*],sudo stat -c "%$2" $1
|
||||||
UserParameter=mdstat,egrep -ce "F|_" /proc/mdstat
|
UserParameter=mdstat,egrep -ce "F|_" /proc/mdstat
|
||||||
UserParameter=netstat[*], ss -nat | grep -c $1
|
UserParameter=netstat[*], ss -nat | grep -c $1
|
||||||
UserParameter=chkconfig[*], chkconfig --list | grep "$1" | cut -d ":" -f 5 | grep -c on
|
UserParameter=chkconfig[*], chkconfig --list | grep "$1" | cut -d ":" -f 5 | grep -c on
|
||||||
@ -12,4 +14,9 @@ UserParameter=sockstat.tcp.mem,cat /proc/net/sockstat|grep TCP|cut -d' ' -f 11
|
|||||||
UserParameter=sockstat.udp.inuse,cat /proc/net/sockstat|grep UDP:|cut -d' ' -f 3
|
UserParameter=sockstat.udp.inuse,cat /proc/net/sockstat|grep UDP:|cut -d' ' -f 3
|
||||||
UserParameter=sockstat.udp.mem,cat /proc/net/sockstat|grep UDP:|cut -d' ' -f 5
|
UserParameter=sockstat.udp.mem,cat /proc/net/sockstat|grep UDP:|cut -d' ' -f 5
|
||||||
UserParameter=check_chmod[*], stat --format '%a' $1
|
UserParameter=check_chmod[*], stat --format '%a' $1
|
||||||
UserParameter=os-full, cat /etc/issue | head -1
|
UserParameter=os-full, cat /etc/issue | head -1
|
||||||
|
UserParameter=swap_enabled, /etc/zabbix/bin/swap_enabled.sh
|
||||||
|
UserParameter=check_md5sum[*],sudo /usr/bin/md5sum $1 | cut -d' ' -f 1
|
||||||
|
UserParameter=backup_dir_discovery, /etc/zabbix/bin/backup_dir_discovery.sh
|
||||||
|
UserParameter=du[*],sudo /usr/bin/du -sb $1 | cut -f 1
|
||||||
|
UserParameter=root_users, getent passwd | egrep -c ':0+:[0-9]+:'
|
@ -1,3 +0,0 @@
|
|||||||
UserParameter=selinux-enabled, [ "$(getenforce)" = "Enforcing" ] && echo 1 || echo 0
|
|
||||||
UserParameter=firewall-enabled, sudo /sbin/iptables -L INPUT -n | grep -ci 'tcp dpts:10050'
|
|
||||||
UserParameter=firewall-md5, sudo /sbin/iptables -L INPUT -n | cksum | cut -d " " -f 1
|
|
Loading…
Reference in New Issue
Block a user