From 4237982908fd4dad6b806503d6da5c4499791f6b Mon Sep 17 00:00:00 2001 From: Un1q32 Date: Mon, 6 Jan 2025 12:22:28 -0500 Subject: [PATCH 1/3] Use proper shebang and use $HOSTNAME environment variable --- vps-audit.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vps-audit.sh b/vps-audit.sh index c26f139..9a89daf 100755 --- a/vps-audit.sh +++ b/vps-audit.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash # Colors for output GREEN='\033[0;32m' @@ -43,7 +43,7 @@ print_header "System Information" # Get system information OS_INFO=$(cat /etc/os-release | grep PRETTY_NAME | cut -d'"' -f2) KERNEL_VERSION=$(uname -r) -HOSTNAME=$(hostname) +HOSTNAME=$HOSTNAME UPTIME=$(uptime -p) UPTIME_SINCE=$(uptime -s) CPU_INFO=$(lscpu | grep "Model name" | cut -d':' -f2 | xargs) From 6fe37f6b3092c245d163b9d6ad6a9072a481c5eb Mon Sep 17 00:00:00 2001 From: Un1q32 Date: Mon, 6 Jan 2025 17:29:03 +0000 Subject: [PATCH 2/3] remove useless uses of cat and wc --- vps-audit.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vps-audit.sh b/vps-audit.sh index 9a89daf..6d7ba09 100755 --- a/vps-audit.sh +++ b/vps-audit.sh @@ -41,7 +41,7 @@ echo "================================" >> "$REPORT_FILE" print_header "System Information" # Get system information -OS_INFO=$(cat /etc/os-release | grep PRETTY_NAME | cut -d'"' -f2) +OS_INFO=$(grep PRETTY_NAME /etc/os-release | cut -d'"' -f2) KERNEL_VERSION=$(uname -r) HOSTNAME=$HOSTNAME UPTIME=$(uptime -p) @@ -225,7 +225,7 @@ case "$IPS_INSTALLED$IPS_ACTIVE" in esac # Check failed login attempts -FAILED_LOGINS=$(grep "Failed password" /var/log/auth.log 2>/dev/null | wc -l) +FAILED_LOGINS=$(grep -c "Failed password" /var/log/auth.log 2>/dev/null || echo 0) if [ "$FAILED_LOGINS" -lt 10 ]; then check_security "Failed Logins" "PASS" "Only $FAILED_LOGINS failed login attempts detected - this is within normal range" elif [ "$FAILED_LOGINS" -lt 50 ]; then @@ -245,7 +245,7 @@ else check_security "System Updates" "FAIL" "$UPDATES security updates available - system is vulnerable to known exploits" fi # Check running services -SERVICES=$(systemctl list-units --type=service --state=running | grep "loaded active running" | wc -l) +SERVICES=$(systemctl list-units --type=service --state=running | grep -c "loaded active running") if [ "$SERVICES" -lt 20 ]; then check_security "Running Services" "PASS" "Running minimal services ($SERVICES) - good for security" elif [ "$SERVICES" -lt 40 ]; then @@ -364,7 +364,7 @@ echo "================================" >> "$REPORT_FILE" echo "System Information Summary:" >> "$REPORT_FILE" echo "Hostname: $(hostname)" >> "$REPORT_FILE" echo "Kernel: $(uname -r)" >> "$REPORT_FILE" -echo "OS: $(cat /etc/os-release | grep PRETTY_NAME | cut -d'"' -f2)" >> "$REPORT_FILE" +echo "OS: $(grep PRETTY_NAME /etc/os-release | cut -d'"' -f2)" >> "$REPORT_FILE" echo "CPU Cores: $(nproc)" >> "$REPORT_FILE" echo "Total Memory: $(free -h | awk '/^Mem:/ {print $2}')" >> "$REPORT_FILE" echo "Total Disk Space: $(df -h / | awk 'NR==2 {print $2}')" >> "$REPORT_FILE" From 9feedffd14ad07466e224f4dc68b3fc1273df3d8 Mon Sep 17 00:00:00 2001 From: Israel Abebe Date: Fri, 10 Jan 2025 23:19:54 +0300 Subject: [PATCH 3/3] Update vps-audit.sh --- vps-audit.sh | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/vps-audit.sh b/vps-audit.sh index 6d7ba09..f0bdf7e 100755 --- a/vps-audit.sh +++ b/vps-audit.sh @@ -225,7 +225,20 @@ case "$IPS_INSTALLED$IPS_ACTIVE" in esac # Check failed login attempts -FAILED_LOGINS=$(grep -c "Failed password" /var/log/auth.log 2>/dev/null || echo 0) +LOG_FILE="/var/log/auth.log" + +if [ -f "$LOG_FILE" ]; then + FAILED_LOGINS=$(grep -c "Failed password" "$LOG_FILE" 2>/dev/null || echo 0) +else + FAILED_LOGINS=0 + echo "Warning: Log file $LOG_FILE not found or unreadable. Assuming 0 failed login attempts." +fi + +# Ensure FAILED_LOGINS is numeric and strip whitespace +FAILED_LOGINS=$(echo "$FAILED_LOGINS" | tr -d '[:space:]') +# Remove leading zeros (if any) +FAILED_LOGINS=$((10#$FAILED_LOGINS)) # Use arithmetic evaluation to ensure it's numeric and format correctly. + if [ "$FAILED_LOGINS" -lt 10 ]; then check_security "Failed Logins" "PASS" "Only $FAILED_LOGINS failed login attempts detected - this is within normal range" elif [ "$FAILED_LOGINS" -lt 50 ]; then