lynis/include/tests_banners

177 lines
8.3 KiB
Plaintext
Raw Normal View History

2014-08-26 17:33:55 +02:00
#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
2016-03-13 16:00:39 +01:00
# Copyright 2007-2013, Michael Boelen
# Copyright 2007-2019, CISOfy
2016-03-13 16:00:39 +01:00
#
# Website : https://cisofy.com
# Blog : http://linux-audit.com
# GitHub : https://github.com/CISOfy/lynis
2014-08-26 17:33:55 +02:00
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Banners and identification
#
#################################################################################
#
InsertSection "Banners and identification"
#
#################################################################################
#
BANNER_FILES="${ROOTDIR}etc/issue ${ROOTDIR}etc/issue.net ${ROOTDIR}etc/motd"
2017-09-12 15:23:37 +02:00
LEGAL_BANNER_STRINGS="audit access authori connect enforce evidence forbidden intrusion law legal monitor owner policy policies privacy private prohibited record restricted secure subject system terms unauthorized"
2014-08-26 17:33:55 +02:00
#
#################################################################################
#
# Test : BANN-7113
# Description : Check FreeBSD COPYRIGHT banner file
Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --category security --description "Check COPYRIGHT banner file"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Testing existence ${ROOTDIR}COPYRIGHT or ${ROOTDIR}etc/COPYRIGHT"
if [ -f ${ROOTDIR}COPYRIGHT ]; then
Display --indent 2 --text "- ${ROOTDIR}COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN
if [ -s ${ROOTDIR}COPYRIGHT ]; then
LogText "Result: ${ROOTDIR}COPYRIGHT available and contains text"
else
LogText "Result: ${ROOTDIR}COPYRIGHT available, but empty"
2014-08-26 17:33:55 +02:00
fi
else
Display --indent 2 --text "- ${ROOTDIR}COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE
LogText "Result: ${ROOTDIR}COPYRIGHT not found"
2014-08-26 17:33:55 +02:00
fi
if [ -f ${ROOTDIR}etc/COPYRIGHT ]; then
Display --indent 2 --text "- ${ROOTDIR}etc/COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN
if [ -s ${ROOTDIR}etc/COPYRIGHT ]; then
LogText "Result: ${ROOTDIR}etc/COPYRIGHT available and contains text"
else
LogText "Result: ${ROOTDIR}etc/COPYRIGHT available, but empty"
2014-08-26 17:33:55 +02:00
fi
else
Display --indent 2 --text "- ${ROOTDIR}etc/COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE
LogText "Result: ${ROOTDIR}etc/COPYRIGHT not found"
2014-08-26 17:33:55 +02:00
fi
fi
#
#################################################################################
#
# Test : BANN-7124
# Description : Check issue banner file
Register --test-no BANN-7124 --weight L --network NO --category security --description "Check issue banner file"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking file ${ROOTDIR}etc/issue"
if [ -f ${ROOTDIR}etc/issue ]; then
2014-09-15 12:01:09 +02:00
# Check for symlink
if [ -L ${ROOTDIR}etc/issue ]; then
LogText "Result: file ${ROOTDIR}etc/issue exists (symlink)"
Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result SYMLINK --color GREEN
else
Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result "${STATUS_FOUND}" --color GREEN
2014-09-15 12:01:09 +02:00
fi
else
LogText "Result: file ${ROOTDIR}etc/issue does not exist"
Display --indent 2 --text "- ${ROOTDIR}etc/issue" --result "${STATUS_NOT_FOUND}" --color WHITE
fi
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
# Test : BANN-7126
# Description : Check issue file to see if it contains some form of message
# to discourage unauthorized users to leave the system alone
if [ -f ${ROOTDIR}etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue banner file contents"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
COUNT=0
2017-01-28 15:47:47 +01:00
FILE="${ROOTDIR}etc/issue"
LogText "Test: Checking file ${FILE} contents for legal key words"
for ITEM in ${LEGAL_BANNER_STRINGS}; do
FIND=$(${GREPBINARY} -i "${ITEM}" ${FILE})
if HasData "${FIND}"; then
LogText "Result: found string '${ITEM}'"
COUNT=$((COUNT + 1))
2014-08-26 17:33:55 +02:00
fi
done
# Check if we have 5 or more key words
if [ ${COUNT} -gt 4 ]; then
LogText "Result: Found ${COUNT} key words (5 or more suggested), to warn unauthorized users"
2017-01-28 15:47:47 +01:00
Display --indent 4 --text "- ${FILE} contents" --result "${STATUS_OK}" --color GREEN
2014-08-26 17:33:55 +02:00
AddHP 2 2
else
LogText "Result: Found only ${COUNT} key words (5 or more suggested), to warn unauthorized users and could be increased"
2019-01-14 11:13:03 +01:00
Display --indent 4 --text "- ${FILE} contents" --result "${STATUS_WEAK}" --color YELLOW
2017-01-28 15:47:47 +01:00
ReportSuggestion ${TEST_NO} "Add a legal banner to ${FILE}, to warn unauthorized users"
2014-08-26 17:33:55 +02:00
AddHP 0 1
2017-01-28 15:47:47 +01:00
Report "weak_banner_file[]=${FILE}"
2014-08-26 17:33:55 +02:00
fi
fi
#
#################################################################################
#
# Test : BANN-7128
# Description : Check issue.net banner file
Register --test-no BANN-7128 --weight L --network NO --category security --description "Check issue.net banner file"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking file ${ROOTDIR}etc/issue.net"
if [ -f ${ROOTDIR}etc/issue.net ]; then
2014-09-15 12:01:09 +02:00
# Check for symlink
if [ -L ${ROOTDIR}etc/issue.net ]; then
LogText "Result: file ${ROOTDIR}etc/issue.net exists (symlink)"
Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result SYMLINK --color GREEN
else
LogText "Result: file ${ROOTDIR}etc/issue.net exists"
Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result "${STATUS_FOUND}" --color GREEN
2014-09-15 12:01:09 +02:00
fi
else
LogText "Result: file ${ROOTDIR}etc/issue.net does not exist"
Display --indent 2 --text "- ${ROOTDIR}etc/issue.net" --result "${STATUS_NOT_FOUND}" --color WHITE
2014-09-15 12:01:09 +02:00
fi
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
# Test : BANN-7130
# Description : Check issue.net file to see if it contains some form of message
# to discourage unauthorized users to leave the system alone
if [ -f ${ROOTDIR}etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue.net banner file contents"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
COUNT=0
LogText "Test: Checking file ${ROOTDIR}etc/issue.net contents for legal key words"
for ITEM in ${LEGAL_BANNER_STRINGS}; do
FIND=$(${GREPBINARY} -i "${ITEM}" ${ROOTDIR}etc/issue.net)
if HasData "${FIND}"; then
LogText "Result: found string '${ITEM}'"
COUNT=$((COUNT + 1))
2014-09-15 12:01:09 +02:00
fi
done
# Check if we have 5 or more key words
if [ ${COUNT} -gt 4 ]; then
LogText "Result: Found ${COUNT} key words, to warn unauthorized users"
Display --indent 4 --text "- ${ROOTDIR}etc/issue.net contents" --result "${STATUS_OK}" --color GREEN
2014-09-15 12:01:09 +02:00
AddHP 2 2
else
LogText "Result: Found only ${COUNT} key words, to warn unauthorized users and could be increased"
2019-01-14 11:13:03 +01:00
Display --indent 4 --text "- ${ROOTDIR}etc/issue.net contents" --result "${STATUS_WEAK}" --color YELLOW
2014-09-15 12:01:09 +02:00
ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users"
AddHP 0 1
fi
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
WaitForKeyPress
2014-08-26 17:33:55 +02:00
#
#================================================================================
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com