Open-AudIT
https://www.open-audit.org/phpBB3/

Current Linux audit script
https://www.open-audit.org/phpBB3/viewtopic.php?f=20&t=5794
Page 4 of 4

Author:  ihashacks [ Tue Apr 23, 2013 3:28 pm ]
Post subject:  Re: Current Linux audit script

It looks like CentOS <6 has a directory in /sys/class/net/ for each device instead of a symlink as in Ubuntu and CentOS 6. That explains why you're having to add extra cuts in there. I'll review what you've posted as workarounds and see if that will work or if maybe I should make the Network section a little more elegant in the first place (so that adding extra cuts and whatnot might not be needed).

Author:  RedDevils [ Wed Apr 24, 2013 12:20 am ]
Post subject:  Re: Current Linux audit script

Yes, I just banged out a fresh 5.9 with none of our mods to the os and had the same issues.

/bin/cat: /sys/class/net/55 eth0/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
/bin/cat: /sys/class/net/55 eth0/operstate: No such file or directory
Device "55 eth0" does not exist.
Device "55 eth0" does not exist.
/bin/cat: /sys/class/net/55 sit0/address: No such file or directory
lspci: -s: Invalid slot number
lspci: -s: Invalid slot number
Cannot get device settings: No such device
Cannot get wake-on-lan settings: No such device
Cannot get message level: No such device
Cannot get link status: No such device
/bin/cat: /sys/class/net/55 sit0/operstate: No such file or directory
Device "55 sit0" does not exist.
Device "55 sit0" does not exist.

I wouldn't go off my work. It looks like the script can't get the line it needs "slotnumber/interface". With my edits, the only thing i accomplished was to get it to return "interface". This does nothing for the script at all. LOL I have found where I could get the "slot number" and "interface" on different lines. I don't know if that is worth anything or not? But I would believe this would disrupt the flow of a single unified "linux" audit script.

Author:  kieronrob [ Sat May 25, 2013 4:22 am ]
Post subject:  Re: Current Linux audit script

I get the following error on my Ubuntu 13.04 (x64) Desktop and an Ubuntu 10.04 (x32) server:

audit_linux.sh: 151: audit_linux.sh: Syntax error: "(" unexpected

I am running the script as root: sh audit_linux.sh

Any ideas?

Author:  ihashacks [ Sat May 25, 2013 7:34 am ]
Post subject:  Re: Current Linux audit script

[quote="kieronrob"]I get the following error on my Ubuntu 13.04 (x64) Desktop and an Ubuntu 10.04 (x32) server:

audit_linux.sh: 151: audit_linux.sh: Syntax error: "(" unexpected

I am running the script as root: sh audit_linux.sh

Any ideas?

In Ubuntu (and possibly others), sh is a symbolic link to "dash" which is a stripped down shell used often in startup scripts. If the audit script is marked as executable then you should be able to run ./audit_linux.sh instead of "sh audit_linux.sh." Alternatively you could run "bash audit_linux.sh."

Author:  kieronrob [ Mon May 27, 2013 7:48 pm ]
Post subject:  Re: Current Linux audit script

Thank you, it now works!

Page 4 of 4 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/