diff options
author | Suryakanth Sekar <suryakanth.sekar@linux.intel.com> | 2019-11-15 14:46:28 +0300 |
---|---|---|
committer | Wang, Kuiying <kuiying.wang@intel.com> | 2020-01-11 14:31:35 +0300 |
commit | 65d4fafd39553243d83834a87ce2806059c837b0 (patch) | |
tree | 0331155cdea5252bbd45edfb2b37e3bb3be560be /security-manager/src/security-manager.hpp | |
parent | 6d93fe942fe3df101a644ffa39e1e4feab4382e7 (diff) | |
download | provingground-65d4fafd39553243d83834a87ce2806059c837b0.tar.xz |
Add Security Manager - ASD/User security Event
Daemon for below functionalities
1. To start the AtScaleDebug service when remote debug on
jumper & special user status and enabled.
2. To stop the AtScaleDebug service when remote debug jumper
disabled and disabled the special user status.
3. Log the corresponding AtScaleDebug Events
4. Check for user security breach and log the user security event.
Tested:
Detecting Remote Debug jumper - enabled or disabled
Enable the ASD/Disable the ASD based on jumper and spl user password
Corresponding the ASD security Event should be logged
Check for unsupported shell- user security event:
Change shell parameter for enabled user by
usermod --shell=/bin/csh <enabled username>
"SecurityUserUnsupportedShellEnabled" Event should be logged
Check for unsupported shell removed - user security event:
change shell parameter for enabled user by
usermod --shell=/bin/sh <enabled username>
"SecurityUserUnsupportedShellRemoved" Event should be logged
Check for Weak Password hashing algorithm Event:
change the password hashing algorithm by
edit file : /etc/pam.d/common-password -->sha512 to md5
set new password for any user.
"SecurityUserWeakHashAlgoEnabled" Event should be logged
similar change from md5 to sha512 in /etc/pam.d/common-password file
Set new password for any user.
"SecurityUserStrongHashAlgoRestored" Event should be logged
If root user is enabled
"SecurityUserRootEnabled" Event should be logged
If root user is disabled
"SecurityUserRootDisabled" Event should be logged
Change-Id: I88f8614df31df3f35e7d08d2e84aeef7a39edea4
Signed-off-by: Suryakanth Sekar <suryakanth.sekar@linux.intel.com>
Diffstat (limited to 'security-manager/src/security-manager.hpp')
-rw-r--r-- | security-manager/src/security-manager.hpp | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/security-manager/src/security-manager.hpp b/security-manager/src/security-manager.hpp new file mode 100644 index 0000000..b3380e6 --- /dev/null +++ b/security-manager/src/security-manager.hpp @@ -0,0 +1,37 @@ +/* +// Copyright (c) 2019 Intel Corporation +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +*/ + +namespace security_manager +{ + +struct UserAssertedEventRecord +{ + bool rootEnabledEvent; + bool unSupportedShellEvent; + bool uidZeroAssignedEvent; + bool weakHashAlgorithmEvent; +}; + +enum class PasswordHashAlgorithm : unsigned char +{ + hashAlgoMD5 = 1, + hashAlgoBlowFish = 2, + hashAlgoEksblowfish = 3, + hashAlgoNT = 4, + hashAlgoMax +}; + +} // namespace security_manager |