#!/bin/bash #set -o xtrace #This script is for grading your system. Please do NOT alter it, as it #will put your results in a standard format to make it easy for me to #grade. echo "This is the Fall 2017 version for CIS126DL using Centos 7.6" echo "This is your final system grading script. It is quite simplistic, " echo "but do NOT alter it, as I will expect things to come out in a " echo "particular order, and if they do not, I will not grade your output" echo "nor will I give you any credit for it." echo "Now, before you continue, you must make sure that all your" echo "assignments are DONE as well as the following" echo "If you shut down sendmail, turn it back on!" echo "ALSO, your NETWORK MUST BE UP TO CONTINUE" echo "Your writediary program should be in the bin directory of your user" echo "ie: /home/username/bin/writediary" echo "You can check the gradefile that is created as /root/graderesultsspring2017" echo "if it looks good" echo "Then copy /root/graderesultsfall2017 to your users directory" echo "Use chown username:username to set the group and ownership" echo "use canvas to attach this file to the appropriate dropbox" #as chkrootkit site seems to be hacked, we will use the one from epel #set this directory to where YOUR chkrootkit install is located #DO NOT put a / on the end of the path #chkrootdir=/home/philw/chkrootkit-0.49 echo "Are you ready to continue? type y or n " read choice if [ $choice = n ]; then echo "Please get everything ready and try again" exit 1; else echo "Let's get going then" fi echo "A gradefile will be created in the /root directory called" file=~/graderesultsfall2017 echo $file echo "This is regardless of where you RUN the gradescript itself" #This line sets the date and wipes the gradefile clean date > $file echo "What is your name?" read student echo "STUDENT NAME" >> $file echo "$student" >> $file echo "what is your username? (not root):" read homedirname echo "Fall 2017 Gradescript for CIS126DL" >> $file echo "Stops at portSentry, newuser script, if required, MUST be emailed seperately" >> $file echo "************************************************" >> $file echo "Do you have any special notes, such as using a laptop/virtual box?" echo "Please type out a short sentence explaining or just type NA" echo "SPECIAL NOTES" >> $file read specialnotes echo "$specialnotes" >> $file echo "***********************************************" >> $file date >> $file echo "Are they in run level 3 multi-user.target?" >> $file systemctl get-default >> $file echo "****************************************************" >> $file echo "Get a log of commits for git" >> $file echo "*****************************************************" >> $file cd /etc echo ".gitignore file" >> $file cat /etc/.gitignore >> $file echo "**********************************************" >> $file echo "Rough log of git stuff" >> $file git log >> $file echo "***************************************************" >> $file echo "***************************************************" >> $file echo "Checking on bare git repo set up in /root" >> $file ls -l /root/etc.gitrepo >> $file echo "Checking on postcommit hooks in /etc " >> $file cat /etc/.git/hooks/post-commit >> $file echo "***************************************************" >> $file echo "***************************************************" >> $file echo "Grading Pico Extra Credit assignment" echo "******************************************************" >> $file echo ' PICO ASSIGNEMENT (5pts Extra Credit) ' >> $file echo >> $file if [ -a /usr/bin/pico.orig ]; then echo "Good, pico.orig exists, continuing" ls -l /usr/bin/pico* >>$file cat /usr/bin/pico >> $file fi echo "******************************************************" >> $file echo "********************************************" >> $file echo "Checking desktop switch to KDE via .xinitrc file " >> $file cat /home/$homedirname/.xinitrc >> $file echo "Or via the /etc/sysconfig/desktop file " >> $file cat /etc/sysconfig/desktop >> $file echo "*********************************************" >> $file echo 'PRINTER CONFIGURATION (10pts total)' >> $file cat /etc/cups/printers.conf >> $file echo "Done grading Printer configuration" echo >> $file echo "*****************************************************" >> $file echo "Checking to see if runlevel 3 is properly set up" echo "Check to see that httpd is in runlevel 3" >> $file echo "And check that bluetooth is not is in runlevel 3" >> $file echo " 15 pts for this section" >> $file systemctl get-default >> $file systemctl status httpd >> $file echo "****" >> $file systemctl status bluetooth >> $file echo "********" >> $file #echo 'is there a file in /var/ftp/pub? (5pts)' >> $file #ls /var/ftp/pub >> $file #echo "Is there a file in /var/www/html" >> $file #ls /var/www/html >> $file echo "*****************************************************" >> $file echo >> $file echo "CHECK resolv.conf" >> $file cat /etc/resolv.conf >> $file echo >> $file date >> $file echo >> $file echo "****************************************************" >> $file echo "Checking group, skel and user files" >> $file echo 'GROUP FILE (worth 5/40 pts)' >> $file echo "The adm, account and backup groups hould have users in the password" >> $file cat /etc/group >> $file echo "Look for those group numbers in /etc/password" >> $file cat /etc/passwd >> $file echo >> $file echo '*****CHECKING THE VARIOUS SKEL DIRECTORIES!(worth 20/40pts)' >> $file echo "hopefully you have used /etc/skel, /etc/adm and /etc/backup" echo "Checking /etc/skel:" >> $file ls -la /etc/skel >> $file echo "Checking /etc/adm:" >> $file ls -la /etc/adm >> $file echo "Checking /etc/backup:" >> $file ls -la /etc/backup >> $file echo >> $file echo "*****************" >> $file echo 'CHECKING /home for user setup. (worth 15/40pts)' >> $file ls -la /home/* | grep account >> $file ls -la /home/* | grep adm >> $file ls -la /home/* | grep backup >> $file echo 'Checking /opt for acctrecv setup' >> $file ls -la /opt/* >> $file echo >> $file echo "****************" >> $file echo "Checking the sudoers file " >> $file grep -i adm /etc/sudoers >> $file grep -i backup /etc/sudoers >> $file grep -i account /etc/sudoers >> $file echo "****************************************************" >> $file echo "CHECKING VARIOUS RPMS THEY HAD TO INSTALL" >> $file echo >> $file echo "Looking for etckeeper" >> $file rpm -qf /etc/etckeeper >> $file echo "Looking for jwhois" >> $file rpm -qf /usr/bin/whois >> $file echo "Looking for htop" >> $file rpm -qf /usr/bin/htop >> $file echo "Looking for keepassx2" >> $file rpm -qf /usr/bin/keepassx2 >> $file echo "Looking for Logwatch" >> $file rpm -qf /etc/logwatch/conf/logwatch.conf >> $file #echo "Checking Snort 10pts" >> $file #rpm -qf /etc/snort/snort.conf >> $file #ls /etc/snort/rules >> $file echo "***************************************************" >> $file #echo 'Checking chkrootkit installation (10pts)' >> $file #rpm -qf /usr/bin/chkrootkit >> $file echo "Looking for rkhunter installation" >> $file rpm -qf /usr/bin/rkhunter >> $file echo "Checking to see if they edited rkhunter.conf" >> $file grep ALLOW_SSH_ROOT_USER /etc/rkhunter.conf >> $file #echo "Checking for keepassx" >> $file #rpm -qf /usr/bin/keepassx >> $file echo "***************************************" >> $file echo "Checking to see if the repos are setup right (epel etc.) (15/20pts)" >> $file #cat /etc/yum.repos.d/* >> $file ls /etc/yum.repos.d/ >> $file rpm -qf /etc/yum.repos.d/epel.repo >> $file yum check-update updates=$? if [ $updates != 0 ]; then echo "There are still updates that should be installed!!" >> $file else echo 'All updates are installed via YUM (5/20pts) ' >> $file fi echo "***************************************" >> $file echo "checking kernel version" >> $file ls -l /boot >> $file echo "actual kernel running is: " >> $file uname -a >> $file echo "******************************************************" >> $file echo 'CHECKING PORTSENTRY SETUP (20pts)' >> $file grep iptable /usr/local/psionic/portsentry2/portsentry.conf >> $file echo "Checking portsentry.ignore" >> $file cat /usr/local/psionic/portsentry2/portsentry.ignore >> $file echo >> $file #echo "IS PORTSENTRY COMMENTED OUT IN RC.LOCAL?" >> $file #echo "And is the proc setting still in RC.LOCAL?" >> $file #cat /etc/rc.d/rc.local >> $file echo '********************************************' >> $file echo 'Checking to see if portsentry.service is set up right' >> $file ls -l /usr/lib/systemd/system/portsentry.service >> $file echo 'Looking at contents of portsentry.service' >> $file echo >> $file cat /usr/lib/systemd/system/portsentry.service >> $file echo "If systemctl enable did the right thing" >> $file echo "it is in multi-user.target.wants" >> $file cat /etc/systemd/system/multi-user.target.wants/portsentry.service >> $file echo >> $file echo "***********************************************" >> $file #echo "Making sure /tmp is noexec" >> $file #cat /etc/fstab >> $file echo "***********************************************" >> $file #echo 'Checking for SSHD configuration (5pts)' >> $file #grep "PermitRootLogin" /etc/ssh/sshd_config >> $file #grep "KeyRegenerationInterval" /etc/ssh/sshd_config >> $file #grep "ServerKeyBits" /etc/ssh/sshd_config >> $file #grep "AllowTcpForwarding" /etc/ssh/sshd_config >> $file #grep "X11Forwarding" /etc/ssh/sshd_config >> $file #echo "************************************************" >> $file echo 'The root crontab file contains (5pts)' >> $file #crontab -l >> $file cat /var/spool/cron/root >> $file date >> $file echo "******************************************************" >> $file echo "Checking that you used git clone to get the dotfiles" >> $file ls -l /home/$homedirname/dotfiles >> $file echo "Checking that you ran the scripts in dotfiles" >> $file ls -la /home/$homedirname/.vimrc >> $file ls -la /home/$homedirname/.config/kcminputrc >> $file echo "******************************************************" >> $file echo "CHECKING SCRIPTS" >> $file echo >> $file date >> $file echo 'Checking writediary (10pts)' >> $file ls -l /home/$homedirname/bin/writediary >> $file cat /home/$homedirname/bin/writediary >> $file #echo 'Checking script2' >> $file #ls -l /home/$homedirname/bin/script2 >> $file #cat /home/$homedirname/bin/script2 >> $file #echo >> $file echo "*************" >> $file echo >> $file echo >> $file echo "********************************************" >> $file date >> $file echo "done check $file" echo "Submit this to canvas from within your Virtual Box VM" echo "You will have to cp the file to your users home directory and" echo "then submit it via firefox to canvas"