Added check_CVE-2022-40674 and check_CVE-2023-32233 to the configurat…

…ion.

Updated docs and bumped version to 2.1.20.

CHANGES

@@ -1,3 +1,6 @@
+* Tue Dec 05 2023 Jakub Havrila <havrila@cesnet.cz> - 2.1.20-0
+- Added mitigation checks for CVE-2022-40674 and CVE-2023-32233
+
 * Mon Nov 20 2023 Jakub Havrila <havrila@cesnet.cz> - 2.1.19-0
 - Pakiti: Use new pakiti-client version from cvmfs or use default client.
 

README.md

@@ -27,6 +27,8 @@ Worker Nodes via a grid job that is submitted to each ARC CE, CREAM CE and HTCon
   * check_CVE-2022-25235
   * check_CVE-2022-25236
   * check_CVE-2022-2588
+  * check_CVE-2022-40674
+  * check_CVE-2023-32233
   * dcache-perms
   * libkeyutils
 

grid-monitoring-probes-eu.egi.sec.spec

@@ -5,7 +5,7 @@
 
 Summary: Security monitoring probes based on EGI CSIRT requirements
 Name: grid-monitoring-probes-eu.egi.sec
-Version: 2.1.19
+Version: 2.1.20
 Release: 0%{?dist}
 
 License: ASL 2.0
@@ -70,6 +70,10 @@ pattern libkeyutils.so* that doesn't belong to an installed RPM package
 - Check if mitigation for CVE-2021-4034 has been applied
 * WN-check_CVE-2022-2588
 - Check if mitigation for CVE-2022-2588 has been applied
+* WN-check_CVE-2022-40674
+- Check if mitigation for CVE-2022-40674 has been applied
+* WN-check_CVE-2023-32233
+- Check if mitigation for CVE-2023-32233 has been applied
 %prep
 %setup -q
 
@@ -121,6 +125,9 @@ cd -
 /usr/libexec/grid-monitoring/wnfm
 
 %changelog
+* Tue Dec 05 2023 Jakub Havrila <havrila@cesnet.cz> - 2.1.20-0
+- Added mitigation checks for CVE-2022-40674 and CVE-2023-32233
+
 * Mon Nov 20 2023 Jakub Havrila <havrila@cesnet.cz> - 2.1.19-0
 - Pakiti: Use new pakiti-client version from cvmfs or use default client.
 

src/ARC/50-secmon.ini

@@ -203,3 +203,21 @@ script_line = (env PATH=/bin:/usr/bin:/sbin:/usr/sbin:$PATH /bin/bash check_CVE-
     (read msg; sed -e 's/^/__log 20 /' -e '$s;^__log 20 \(.*\);\1 '"$msg;") \
     > check_CVE-2022-2588.out
 
+[arcce.CVE-2022-40674]
+jobplugin = scripted
+staged_inputs = file:%(config_dir)s/50-secmon.d/check_CVE-2022-40674
+output_file = check_CVE-2022-40674.out
+service_description = eu.egi.sec.WN-check_CVE-2022-40674%(service_suffix)s
+script_line = (env PATH=/bin:/usr/bin:/sbin:/usr/sbin:$PATH /bin/bash check_CVE-2022-40674 2>&1; retv=$? ; [ $retv -gt 3 ] && retv=3 ; echo __status $retv $(hostname):) | \
+    (read msg; sed -e 's/^/__log 20 /' -e '$s;^__log 20 \(.*\);\1 '"$msg;") \
+    > check_CVE-2022-40674.out
+
+[arcce.CVE-2023-32233]
+jobplugin = scripted
+staged_inputs = file:%(config_dir)s/50-secmon.d/check_CVE-2023-32233
+output_file = check_CVE-2023-32233.out
+service_description = eu.egi.sec.WN-check_CVE-2023-32233%(service_suffix)s
+script_line = (env PATH=/bin:/usr/bin:/sbin:/usr/sbin:$PATH /bin/bash check_CVE-2023-32233 2>&1; retv=$? ; [ $retv -gt 3 ] && retv=3 ; echo __status $retv $(hostname):) | \
+    (read msg; sed -e 's/^/__log 20 /' -e '$s;^__log 20 \(.*\);\1 '"$msg;") \
+    > check_CVE-2023-32233.out
+

src/CREAM/probe_list

@@ -15,6 +15,8 @@ check_CVE-2021-4034
 check_CVE-2022-25235
 check_CVE-2022-25236
 check_CVE-2022-2588
+check_CVE-2022-40674
+check_CVE-2023-32233
 check_EGI-SVG-2016-5195
 check_EGI-SVG-2018-14213
 dcache-perms

src/CREAM/testjob.jdl

@@ -5,6 +5,6 @@ Executable = "testjob.sh";
 StdOutput = "std.out";
 StdError = "std.err";
 InputSandbox = {"/usr/libexec/grid-monitoring/probes/eu.egi.sec/CREAM/testjob.sh","/usr/libexec/grid-monitoring/probes/eu.egi.sec/CREAM/WN-probes.tar.gz","/usr/libexec/grid-monitoring/probes/eu.egi.sec/CREAM/probe_list"};
-OutputSandbox = {"std.out","std.err","CRL.out","CRL.res","FilePermVulns.out","FilePermVulns.res","Pakiti.out","Pakiti.res","Permissions.out","Permissions.res","RDSModuleCheck.out","RDSModuleCheck.res","Torque.out","Torque.res","check_CVE-2013-2094.out","check_CVE-2013-2094.res","check_CVE-2015-3245.out","check_CVE-2015-3245.res","check_CVE-2016-5195.out","check_CVE-2016-5195.res","check_EGI-SVG-2016-5195.out","check_EGI-SVG-2016-5195.res","check_EGI-SVG-2018-14213.out","check_EGI-SVG-2018-14213.res","dcache-perms.out","dcache-perms.res","libkeyutils.out","libkeyutils.res","check_CVE-2018-1111.out","check_CVE-2018-1111.res","check_CVE-2018-12021.out","check_CVE-2018-12021.res","check_CVE-2018-14634.out","check_CVE-2018-14634.res","check_CVE-2021-3156.out","check_CVE-2021-3156.res","check_CVE-2021-4034.out","check_CVE-2021-4034.res","check_CVE-2022-25235.out","check_CVE-2022-25235.res","check_CVE-2022-25236.out","check_CVE-2022-25236.res","check_CVE-2022-2588.out","check_CVE-2022-2588.res"};
+OutputSandbox = {"std.out","std.err","CRL.out","CRL.res","FilePermVulns.out","FilePermVulns.res","Pakiti.out","Pakiti.res","Permissions.out","Permissions.res","RDSModuleCheck.out","RDSModuleCheck.res","Torque.out","Torque.res","check_CVE-2013-2094.out","check_CVE-2013-2094.res","check_CVE-2015-3245.out","check_CVE-2015-3245.res","check_CVE-2016-5195.out","check_CVE-2016-5195.res","check_EGI-SVG-2016-5195.out","check_EGI-SVG-2016-5195.res","check_EGI-SVG-2018-14213.out","check_EGI-SVG-2018-14213.res","dcache-perms.out","dcache-perms.res","libkeyutils.out","libkeyutils.res","check_CVE-2018-1111.out","check_CVE-2018-1111.res","check_CVE-2018-12021.out","check_CVE-2018-12021.res","check_CVE-2018-14634.out","check_CVE-2018-14634.res","check_CVE-2021-3156.out","check_CVE-2021-3156.res","check_CVE-2021-4034.out","check_CVE-2021-4034.res","check_CVE-2022-25235.out","check_CVE-2022-25235.res","check_CVE-2022-25236.out","check_CVE-2022-25236.res","check_CVE-2022-2588.out","check_CVE-2022-2588.res","check_CVE-2022-40674.out","check_CVE-2022-40674.res","check_CVE-2023-32233.out,"check_CVE-2023-32233.res"};
 OutputSandboxBaseDestUri="gsiftp://localhost";
 ]

src/HTCondor/probe_list

@@ -15,6 +15,8 @@ check_CVE-2021-4034
 check_CVE-2022-25235
 check_CVE-2022-25236
 check_CVE-2022-2588
+check_CVE-2022-40674
+check_CVE-2023-32233
 check_EGI-SVG-2016-5195
 check_EGI-SVG-2018-14213
 dcache-perms