2014-08-26 17:33:55 +02:00
#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
2016-03-13 16:00:39 +01:00
# Copyright 2007-2013, Michael Boelen
2021-01-07 15:22:19 +01:00
# Copyright 2007-2021, CISOfy
2014-08-26 17:33:55 +02:00
#
2016-03-13 16:00:39 +01:00
# Website : https://cisofy.com
# Blog : http://linux-audit.com
# GitHub : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
2014-08-26 17:33:55 +02:00
#
#################################################################################
#
# Operating System detection
#
#################################################################################
#
# Check operating system
2016-05-03 12:40:05 +02:00
case $(uname) in
2014-08-26 17:33:55 +02:00
# IBM AIX
AIX)
2016-09-27 11:20:35 +02:00
OS="AIX"
OS_NAME="AIX"
OS_VERSION=$(oslevel)
OS_FULLNAME="AIX ${OS_VERSION}"
CPU=$(uname -p)
HARDWARE=$(uname -M)
FIND_BINARIES="whereis -b"
SYSCTL_READKEY=""
2014-08-26 17:33:55 +02:00
;;
2016-09-27 11:20:35 +02:00
# Mac OS X and macOS
2014-08-26 17:33:55 +02:00
Darwin)
2016-11-05 11:53:22 +01:00
OS="macOS"
2016-09-27 11:20:35 +02:00
if [ -x /usr/bin/sw_vers ]; then
OS_NAME=$(/usr/bin/sw_vers -productName)
OS_VERSION=$(/usr/bin/sw_vers -productVersion)
2016-10-15 11:27:04 +02:00
OS_VERSION_NAME="unknown"
2016-10-26 12:19:01 +02:00
OS_FULLNAME="macOS (unknown version)"
2016-10-15 10:43:45 +02:00
case ${OS_VERSION} in
2017-08-19 10:53:25 +02:00
10.0 | 10.0.[0-9]*) OS_FULLNAME="Mac OS X 10.0 (Cheetah)" ;;
10.1 | 10.1.[0-9]*) OS_FULLNAME="Mac OS X 10.1 (Puma)" ;;
10.2 | 10.2.[0-9]*) OS_FULLNAME="Mac OS X 10.2 (Jaguar)" ;;
10.3 | 10.3.[0-9]*) OS_FULLNAME="Mac OS X 10.3 (Panther)" ;;
10.4 | 10.4.[0-9]*) OS_FULLNAME="Mac OS X 10.4 (Tiger)" ;;
10.5 | 10.5.[0-9]*) OS_FULLNAME="Mac OS X 10.5 (Leopard)" ;;
10.6 | 10.6.[0-9]*) OS_FULLNAME="Mac OS X 10.6 (Snow Leopard)" ;;
2017-04-30 17:59:35 +02:00
10.7 | 10.7.[0-9]*) OS_FULLNAME="Mac OS X 10.7 (Lion)" ;;
10.8 | 10.8.[0-9]*) OS_FULLNAME="Mac OS X 10.8 (Mountain Lion)" ;;
2016-11-05 11:53:22 +01:00
10.9 | 10.9.[0-9]*) OS_FULLNAME="Mac OS X 10.9 (Mavericks)" ;;
2016-10-26 12:19:01 +02:00
10.10 | 10.10.[0-9]*) OS_FULLNAME="Mac OS X 10.10 (Yosemite)" ;;
10.11 | 10.11.[0-9]*) OS_FULLNAME="Mac OS X 10.11 (El Capitan)" ;;
2016-11-05 11:53:22 +01:00
10.12 | 10.12.[0-9]*) OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;;
2017-07-01 10:29:05 +02:00
10.13 | 10.13.[0-9]*) OS_FULLNAME="macOS High Sierra (${OS_VERSION})" ;;
2018-12-13 12:12:26 +01:00
10.14 | 10.14.[0-9]*) OS_FULLNAME="macOS Mojave (${OS_VERSION})" ;;
2020-03-01 00:31:52 +01:00
10.15 | 10.15.[0-9]*) OS_FULLNAME="macOS Catalina (${OS_VERSION})" ;;
2020-06-22 20:44:58 +02:00
11.0 | 11.0[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;;
2016-10-15 11:27:04 +02:00
*) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;;
2016-10-15 10:43:45 +02:00
esac
2014-08-26 17:33:55 +02:00
else
2016-09-27 11:20:35 +02:00
# Fall back to a fairly safe name
2016-10-15 10:43:45 +02:00
OS_NAME="macOS"
2016-11-05 11:53:22 +01:00
# uname -s -r shows Darwin 16.1.0
2016-09-27 11:20:35 +02:00
OS_FULLNAME=$(uname -s -r)
2016-11-05 11:53:22 +01:00
# shows 16.1.0 for Darwin's version, not macOS's
2016-09-27 11:20:35 +02:00
OS_VERSION=$(uname -r)
fi
HARDWARE=$(uname -m)
HOMEDIRS="/Users"
FIND_BINARIES="whereis"
OS_KERNELVERSION=$(uname -r)
SYSCTL_READKEY=""
2014-08-26 17:33:55 +02:00
;;
# DragonFly BSD
DragonFly)
2016-09-27 11:20:35 +02:00
OS="DragonFly"
OS_NAME="DragonFly BSD"
OS_FULLNAME=$(uname -s -r)
OS_VERSION=$(uname -r)
HARDWARE=$(uname -m)
HOMEDIRS="/home /root"
FIND_BINARIES="whereis -q -a -b"
OS_KERNELVERSION=$(uname -i)
SYSCTL_READKEY="sysctl -n"
2014-08-26 17:33:55 +02:00
;;
# FreeBSD
FreeBSD)
2016-09-27 11:20:35 +02:00
OS="FreeBSD"
OS_NAME="FreeBSD"
OS_FULLNAME=$(uname -s -r)
OS_VERSION=$(uname -r)
HARDWARE=$(uname -m)
HOMEDIRS="/home /root"
FIND_BINARIES="whereis -q -a -b"
OS_KERNELVERSION=$(uname -i)
SYSCTL_READKEY="sysctl -n"
# TrueOS
if [ -f /etc/defaults/trueos ]; then
OS_NAME="TrueOS"
LogText "Result: found TrueOS file, system is completely based on FreeBSD though. Only adjusting OS name."
fi
2014-08-26 17:33:55 +02:00
;;
# HP-UX
HP-UX)
2016-09-27 11:20:35 +02:00
OS="HP-UX"
OS_NAME="HP-UX"
OS_FULLNAME=$(uname -s -r)
OS_VERSION=$(uname -r)
HARDWARE=$(uname -m)
FIND_BINARIES="whereis -b"
SYSCTL_READKEY=""
2017-08-08 14:52:59 +02:00
LOGDIR="/var/adm/syslog"
2014-08-26 17:33:55 +02:00
;;
# Linux
Linux)
2016-09-27 11:20:35 +02:00
OS="Linux"
OS_NAME="Linux"
OS_FULLNAME=""
OS_VERSION=$(uname -r)
LINUX_VERSION=""
HARDWARE=$(uname -m)
HOMEDIRS="/home"
FIND_BINARIES="whereis -b"
OS_KERNELVERSION_FULL=$(uname -r)
OS_KERNELVERSION=$(echo ${OS_KERNELVERSION_FULL} | sed 's/-.*//')
if [ -e /dev/grsec ]; then GRSEC_FOUND=1; fi
2016-10-16 11:50:23 +02:00
# Generic
if [ -e /etc/os-release ]; then
2020-03-04 15:02:39 +01:00
OS_FULLNAME=$(awk -F= '/^PRETTY_NAME=/ {print substr($2,2,length($2)-2)}' /etc/os-release)
2018-10-23 12:16:36 +02:00
OS_ID=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2019-07-16 13:20:30 +02:00
if [ -n "${OS_ID}" ]; then
2016-10-16 11:57:19 +02:00
case ${OS_ID} in
2020-08-07 02:15:18 +02:00
"alpine")
LINUX_VERSION="Alpine Linux"
OS_NAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2019-08-13 22:00:30 +02:00
"amzn")
LINUX_VERSION="Amazon Linux"
OS_NAME="Amazon Linux"
2019-08-21 14:51:20 +02:00
OS_REDHAT_OR_CLONE=1
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2019-08-13 22:00:30 +02:00
;;
2016-11-08 19:53:11 +01:00
"arch")
LINUX_VERSION="Arch Linux"
OS_FULLNAME="Arch Linux"
2017-03-12 16:42:44 +01:00
OS_VERSION="Rolling release"
2016-11-08 19:53:11 +01:00
;;
2019-08-21 14:51:20 +02:00
"centos")
2019-08-22 14:20:30 +02:00
LINUX_VERSION="CentOS"
2019-08-21 14:51:20 +02:00
OS_NAME="CentOS Linux"
OS_REDHAT_OR_CLONE=1
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2019-08-04 19:18:16 +02:00
"clear-linux-os")
LINUX_VERSION="Clear Linux OS"
2019-08-21 14:51:20 +02:00
OS_NAME="Clear Linux OS"
OS_REDHAT_OR_CLONE=1
2019-08-04 19:18:16 +02:00
OS_VERSION="Rolling release"
;;
2020-10-02 10:57:58 +02:00
"cloudlinux")
LINUX_VERSION="CloudLinux"
OS_NAME="CloudLinux"
OS_REDHAT_OR_CLONE=1
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2016-10-16 11:57:19 +02:00
"coreos")
2016-10-16 11:50:23 +02:00
LINUX_VERSION="CoreOS"
OS_NAME="CoreOS Linux"
2019-08-21 14:51:20 +02:00
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2016-10-16 11:50:23 +02:00
;;
2019-09-03 10:06:26 +02:00
"debian")
LINUX_VERSION="Debian"
2020-03-04 15:09:10 +01:00
OS_NAME="Debian"
2019-09-03 10:06:26 +02:00
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2021-04-01 14:34:26 +02:00
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"devuan")
LINUX_VERSION="Devuan"
OS_NAME="Devuan"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2019-09-03 10:06:26 +02:00
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2020-03-04 15:09:10 +01:00
;;
2020-12-18 14:04:58 +01:00
"elementary")
LINUX_VERSION="elementary OS"
OS_NAME="elementary OS"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2020-11-23 22:45:58 +01:00
"endeavouros")
LINUX_VERSION="EndeavourOS"
OS_NAME="EndeavourOS"
OS_VERSION="Rolling release"
OS_VERSION_FULL="Rolling release"
;;
2020-03-04 15:09:10 +01:00
"fedora")
LINUX_VERSION="Fedora"
OS_NAME="Fedora Linux"
OS_REDHAT_OR_CLONE=1
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2019-09-03 10:06:26 +02:00
;;
2020-08-27 21:44:40 +02:00
"flatcar")
LINUX_VERSION="Flatcar"
LINUX_VERSION_LIKE="CoreOS"
OS_NAME="Flatcar Linux"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2021-03-14 12:43:41 +01:00
"garuda")
LINUX_VERSION="Garuda"
OS_FULLNAME="Garuda Linux"
OS_NAME="Garuda"
OS_VERSION="Rolling release"
;;
2020-06-02 14:09:49 +02:00
"gentoo")
LINUX_VERSION="Gentoo"
OS_NAME="Gentoo Linux"
OS_VERSION="Rolling release"
;;
2020-11-12 22:12:26 +01:00
"ipfire")
LINUX_VERSION="IPFire"
OS_NAME="IPFire"
OS_VERSION=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2020-06-19 11:10:22 +02:00
"kali")
LINUX_VERSION="Kali"
2020-08-15 17:21:13 +02:00
LINUX_VERSION_LIKE="Debian"
2020-06-19 11:10:22 +02:00
OS_NAME="Kali Linux"
OS_VERSION="Rolling release"
2020-03-03 20:56:33 +01:00
;;
2020-06-28 14:58:23 +02:00
"linuxmint")
LINUX_VERSION="Linux Mint"
2020-08-15 17:21:13 +02:00
LINUX_VERSION_LIKE="Ubuntu"
2020-06-28 14:58:23 +02:00
OS_NAME="Linux Mint"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2020-10-19 12:38:59 +02:00
"mageia")
LINUX_VERSION="Mageia"
OS_NAME="Mageia"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2017-03-12 19:27:04 +01:00
"manjaro")
2019-08-22 14:20:30 +02:00
LINUX_VERSION="Manjaro"
2017-03-12 19:27:04 +01:00
OS_FULLNAME="Manjaro Linux"
2019-09-03 10:06:26 +02:00
OS_NAME="Manjaro"
2017-03-12 19:27:04 +01:00
OS_VERSION="Rolling release"
;;
2020-11-12 22:56:31 +01:00
"nixos")
LINUX_VERSION="NixOS"
OS_NAME="NixOS"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2020-05-15 05:50:43 +02:00
"ol")
LINUX_VERSION="Oracle Linux"
OS_NAME="Oracle Linux"
OS_REDHAT_OR_CLONE=1
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2018-09-06 07:47:38 +02:00
"opensuse-tumbleweed")
LINUX_VERSION="openSUSE Tumbleweed"
# It's rolling release but has a snapshot version (the date of the snapshot)
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="openSUSE"
;;
"opensuse-leap")
LINUX_VERSION="openSUSE Leap"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="openSUSE"
;;
2020-12-26 15:36:36 +01:00
"parrot")
LINUX_VERSION="Parrot"
OS_NAME="Parrot GNU/Linux"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2020-06-27 11:44:31 +02:00
"pop")
LINUX_VERSION="Pop!_OS"
2020-08-15 17:21:13 +02:00
LINUX_VERSION_LIKE="Ubuntu"
2020-06-27 11:44:31 +02:00
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="Pop!_OS"
;;
2020-06-19 11:10:22 +02:00
"pureos")
LINUX_VERSION="PureOS"
2020-08-15 17:21:13 +02:00
LINUX_VERSION_LIKE="Debian"
2019-08-22 14:20:30 +02:00
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2019-09-03 10:06:26 +02:00
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2020-06-19 11:10:22 +02:00
OS_NAME="PureOS"
2019-08-22 14:20:30 +02:00
;;
2019-10-20 20:21:54 +02:00
"raspbian")
LINUX_VERSION="Raspbian"
2020-08-15 17:21:13 +02:00
LINUX_VERSION_LIKE="Debian"
2019-10-20 20:21:54 +02:00
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="Raspbian"
;;
2019-08-22 14:20:30 +02:00
"rhel")
LINUX_VERSION="RHEL"
2020-10-17 13:26:11 +02:00
OS_NAME="RHEL"
2019-08-22 14:20:30 +02:00
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_FULLNAME="${OS_NAME} ${OS_VERSION_FULL}"
OS_REDHAT_OR_CLONE=1
;;
2020-10-17 13:23:08 +02:00
"rosa")
LINUX_VERSION="ROSA Linux"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="ROSA Linux"
;;
2019-10-08 19:19:30 +02:00
"slackware")
LINUX_VERSION="Slackware"
OS_NAME="Slackware Linux"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2020-10-20 13:06:40 +02:00
"sles")
LINUX_VERSION="SLES"
OS_NAME="openSUSE"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2020-06-19 11:10:22 +02:00
"ubuntu")
LINUX_VERSION="Ubuntu"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="Ubuntu"
;;
2020-10-20 11:49:05 +02:00
"void")
LINUX_VERSION="Void Linux"
OS_VERSION="Rolling release"
OS_NAME="Void Linux"
;;
2020-10-17 13:15:06 +02:00
"zorin")
LINUX_VERSION="Zorin OS"
OS_NAME="Zorin OS"
2020-10-08 22:06:35 +02:00
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2016-10-16 11:50:23 +02:00
*)
2020-12-26 15:37:46 +01:00
ReportException "OS Detection" "Unknown OS found in /etc/os-release - Please create an issue on GitHub and share the the contents (cat /etc/os-release): ${PROGRAM_SOURCE}"
2016-10-16 11:50:23 +02:00
;;
esac
fi
fi
2020-08-07 02:15:18 +02:00
# Alpine
if [ -e "/etc/alpine-release" ]; then LINUX_VERSION="Alpine Linux"; OS_VERSION=$(cat /etc/alpine-release); fi
2016-09-27 11:20:35 +02:00
# Amazon
2019-08-13 22:09:06 +02:00
if [ -z "${LINUX_VERSION}" -a -e "/etc/system-release" ]; then
FIND=$(grep "^Amazon" /etc/system-release)
if [ -n "${FIND}" ]; then
2016-09-27 11:20:35 +02:00
OS_REDHAT_OR_CLONE=1
OS_FULLNAME=$(grep "^Amazon" /etc/system-release)
OS_VERSION=$(grep "^Amazon" /etc/system-release | awk '{ if ($4=="release") { print $5 } }')
LINUX_VERSION="Amazon"
fi
fi
# Arch Linux
2016-11-08 19:53:11 +01:00
if [ -z "${OS_FULLNAME}" -a -e "/etc/arch-release" ]; then
2016-09-27 11:20:35 +02:00
OS_FULLNAME="Arch Linux"
OS_VERSION="Unknown"
LINUX_VERSION="Arch Linux"
fi
# Chakra Linux
if [ -e "/etc/chakra-release" ]; then
OS_FULLNAME=$(grep "^Chakra" /etc/chakra-release)
OS_VERSION=$(awk '/^Chakra/ { if ($3=="release") { print $4 }}' /etc/chakra-release)
LINUX_VERSION="Chakra Linux"
fi
# Cobalt
if [ -e "/etc/cobalt-release" ]; then OS_FULLNAME=$(cat /etc/cobalt-release); fi
2019-08-21 14:51:20 +02:00
2016-09-27 11:20:35 +02:00
# CPUBuilders Linux
if [ -e "/etc/cpub-release" ]; then OS_FULLNAME=$(cat /etc/cpub-release); fi
Test for LINUX_VERSION before setting it again
Before parsing /etc/debian-release and /etc/lsb-release,
it is now checked if the variable LINUX_VERSION is already set.
This fixes cisofy/lynis#1003, but has some side effects.
This will affects Ubuntu and Debian based distributions, like:
- Pop!_OS (Ubuntu based)
- Kali (Debian Based)
- Raspbian
- ...
Unfortunately this will likely skip/brake a few tests for those
distributions, as they are not considered to be Ubuntu or Debian
anymore. Linux Mint was already detected properly, but at least some
tests already had support for them (will other tests for Ubuntu are
skipped).
Those are tests I identified that will be skipped incorrectly now:
- BOOT-5180: Check for Linux boot services (Debian style)
It was already skipped on Linux Mint.
- KRNL-5622: Check default run level on Linux machines
This will only be skipped if systemd is not installed. It is
already skipped on Linux Mint in this case.
- KRNL-5788: Checking availability new kernel (sic!)
This was already skipped on Linux Mint.
- PKGS-7388: Check security repository (...)
It will now be skipped for all distributions that do use the
Debian / Ubuntu security repositories but are not detected as such
anymore (like Pop!_OS). It will now be correctly skipped on
Raspbian. This test was already aware of Linux Mint.
- PKGS-7390: Check Ubuntu database consitency
I am not sure why this test is Ubuntu only, thus it already
skipped on Debian and Mint.
- PKGS-7394: Check Ubuntu upgradeable packages
I am not sure why this is for Ubuntu only, too.
I think this should be feature tested instead, as
apt-show-versions can be installed on any Debian based
distribution as well..
- PKGS-7366: Checking if debsecan is installed (...)
While it may be correct to skip, debsecan remains usefull if
package versions, patches and vulnerability fixes are very close
on Debian itself.
It is the correct behaviour to not do this test on Ubuntu and
Ubuntu based distributions, as Canonical does not provide the
required databases.
- PKGS-7420: (Autoupdates)
Linux Mint was already skipped on this test.
I think this could be solved by introducing a variable like
LINUX_VERSION_PARENT. On Linux Mint it would be set to Ubuntu, on e.g.
Kali Linux the veriable has the value Debian. Tests can use this variable
to check if it is broadly applicable, and then check if the specific
distribution is excluded.
2020-08-07 23:38:10 +02:00
if [ -z "${LINUX_VERSION}" ] && [ -e "/etc/debian_version" ]; then
# Debian/Ubuntu (***) - Set first to Debian
2016-09-27 11:20:35 +02:00
OS_VERSION=$(cat /etc/debian_version)
OS_FULLNAME="Debian ${OS_VERSION}"
LINUX_VERSION="Debian"
Test for LINUX_VERSION before setting it again
Before parsing /etc/debian-release and /etc/lsb-release,
it is now checked if the variable LINUX_VERSION is already set.
This fixes cisofy/lynis#1003, but has some side effects.
This will affects Ubuntu and Debian based distributions, like:
- Pop!_OS (Ubuntu based)
- Kali (Debian Based)
- Raspbian
- ...
Unfortunately this will likely skip/brake a few tests for those
distributions, as they are not considered to be Ubuntu or Debian
anymore. Linux Mint was already detected properly, but at least some
tests already had support for them (will other tests for Ubuntu are
skipped).
Those are tests I identified that will be skipped incorrectly now:
- BOOT-5180: Check for Linux boot services (Debian style)
It was already skipped on Linux Mint.
- KRNL-5622: Check default run level on Linux machines
This will only be skipped if systemd is not installed. It is
already skipped on Linux Mint in this case.
- KRNL-5788: Checking availability new kernel (sic!)
This was already skipped on Linux Mint.
- PKGS-7388: Check security repository (...)
It will now be skipped for all distributions that do use the
Debian / Ubuntu security repositories but are not detected as such
anymore (like Pop!_OS). It will now be correctly skipped on
Raspbian. This test was already aware of Linux Mint.
- PKGS-7390: Check Ubuntu database consitency
I am not sure why this test is Ubuntu only, thus it already
skipped on Debian and Mint.
- PKGS-7394: Check Ubuntu upgradeable packages
I am not sure why this is for Ubuntu only, too.
I think this should be feature tested instead, as
apt-show-versions can be installed on any Debian based
distribution as well..
- PKGS-7366: Checking if debsecan is installed (...)
While it may be correct to skip, debsecan remains usefull if
package versions, patches and vulnerability fixes are very close
on Debian itself.
It is the correct behaviour to not do this test on Ubuntu and
Ubuntu based distributions, as Canonical does not provide the
required databases.
- PKGS-7420: (Autoupdates)
Linux Mint was already skipped on this test.
I think this could be solved by introducing a variable like
LINUX_VERSION_PARENT. On Linux Mint it would be set to Ubuntu, on e.g.
Kali Linux the veriable has the value Debian. Tests can use this variable
to check if it is broadly applicable, and then check if the specific
distribution is excluded.
2020-08-07 23:38:10 +02:00
# /etc/lsb-release does not exist on Debian
if [ -e /etc/lsb-release ]; then
OS_VERSION=$(cat /etc/debian_version)
FIND=$(grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g')
if [ "${FIND}" = "Ubuntu" ]; then
OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2)
OS_FULLNAME="Ubuntu ${OS_VERSION}"
LINUX_VERSION="Ubuntu"
elif [ "${FIND}" = "elementary OS" ]; then
LINUX_VERSION="elementary OS"
2020-08-15 17:21:13 +02:00
LINUX_VERSION_LIKE="Ubuntu"
Test for LINUX_VERSION before setting it again
Before parsing /etc/debian-release and /etc/lsb-release,
it is now checked if the variable LINUX_VERSION is already set.
This fixes cisofy/lynis#1003, but has some side effects.
This will affects Ubuntu and Debian based distributions, like:
- Pop!_OS (Ubuntu based)
- Kali (Debian Based)
- Raspbian
- ...
Unfortunately this will likely skip/brake a few tests for those
distributions, as they are not considered to be Ubuntu or Debian
anymore. Linux Mint was already detected properly, but at least some
tests already had support for them (will other tests for Ubuntu are
skipped).
Those are tests I identified that will be skipped incorrectly now:
- BOOT-5180: Check for Linux boot services (Debian style)
It was already skipped on Linux Mint.
- KRNL-5622: Check default run level on Linux machines
This will only be skipped if systemd is not installed. It is
already skipped on Linux Mint in this case.
- KRNL-5788: Checking availability new kernel (sic!)
This was already skipped on Linux Mint.
- PKGS-7388: Check security repository (...)
It will now be skipped for all distributions that do use the
Debian / Ubuntu security repositories but are not detected as such
anymore (like Pop!_OS). It will now be correctly skipped on
Raspbian. This test was already aware of Linux Mint.
- PKGS-7390: Check Ubuntu database consitency
I am not sure why this test is Ubuntu only, thus it already
skipped on Debian and Mint.
- PKGS-7394: Check Ubuntu upgradeable packages
I am not sure why this is for Ubuntu only, too.
I think this should be feature tested instead, as
apt-show-versions can be installed on any Debian based
distribution as well..
- PKGS-7366: Checking if debsecan is installed (...)
While it may be correct to skip, debsecan remains usefull if
package versions, patches and vulnerability fixes are very close
on Debian itself.
It is the correct behaviour to not do this test on Ubuntu and
Ubuntu based distributions, as Canonical does not provide the
required databases.
- PKGS-7420: (Autoupdates)
Linux Mint was already skipped on this test.
I think this could be solved by introducing a variable like
LINUX_VERSION_PARENT. On Linux Mint it would be set to Ubuntu, on e.g.
Kali Linux the veriable has the value Debian. Tests can use this variable
to check if it is broadly applicable, and then check if the specific
distribution is excluded.
2020-08-07 23:38:10 +02:00
OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2)
OS_FULLNAME=$(grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g')
else
# Catch all, in case it's unclear what specific release this is.
OS_FULLNAME="Debian ${OS_VERSION}"
LINUX_VERSION="Debian"
fi
# Ubuntu test (optional) $(grep "[Uu]buntu" /proc/version)
2014-08-26 17:33:55 +02:00
fi
2016-09-27 11:20:35 +02:00
fi
2017-08-19 10:50:53 +02:00
# Override for Linux Mint, as that is initially detected as Debian or Ubuntu
if [ -x /usr/bin/lsb_release ]; then
2017-08-31 17:04:17 +02:00
FIND=$(lsb_release --id | awk -F: '{ print $2 }' | awk '{ print $1 }')
2017-08-19 10:50:53 +02:00
if [ "${FIND}" = "LinuxMint" ]; then
LINUX_VERSION="Linux Mint"
2020-08-15 17:21:13 +02:00
# LMDE (Linux Mint Debian Edition) should be detected as Debian
LINUX_VERSION_LIKE="Ubuntu"
2017-08-19 10:50:53 +02:00
OS_VERSION=$(lsb_release --release | awk '{ print $2 }')
OS_FULLNAME="Linux Mint ${OS_VERSION}"
fi
fi
2016-09-27 11:20:35 +02:00
# E-smith
if [ -e "/etc/e-smith-release" ]; then OS_FULLNAME=$(cat /etc/e-smith-release); fi
# Gentoo
if [ -e "/etc/gentoo-release" ]; then LINUX_VERSION="Gentoo"; OS_FULLNAME=$(cat /etc/gentoo-release); fi
# Red Hat and others
2019-08-21 14:51:20 +02:00
if [ -z "${LINUX_VERSION}" -a -e "/etc/redhat-release" ]; then
2014-08-26 17:33:55 +02:00
OS_REDHAT_OR_CLONE=1
# CentOS
2019-08-21 14:51:20 +02:00
if grep "CentOS" /etc/redhat-release; then
2016-05-03 12:40:05 +02:00
OS_FULLNAME=$(grep "CentOS" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
LINUX_VERSION="CentOS"
OS_VERSION="${OS_FULLNAME}"
fi
# ClearOS
2016-05-03 12:40:05 +02:00
FIND=$(grep "ClearOS" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-05-03 12:40:05 +02:00
OS_FULLNAME=$(grep "ClearOS" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
LINUX_VERSION="ClearOS"
OS_VERSION="${OS_FULLNAME}"
fi
# Fedora
2016-05-03 12:40:05 +02:00
FIND=$(grep "Fedora" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-05-03 12:40:05 +02:00
OS_FULLNAME=$(grep "Fedora" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
OS_VERSION="${OS_FULLNAME}"
LINUX_VERSION="Fedora"
fi
# Oracle Enterprise Linux
2016-05-03 12:40:05 +02:00
FIND=$(grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-07-31 21:04:07 +02:00
LINUX_VERSION="Oracle Enterprise Linux"
OS_FULLNAME=$(grep "Enterprise Linux" /etc/redhat-release)
OS_VERSION="${OS_FULLNAME}"
2014-08-26 17:33:55 +02:00
fi
# Oracle Enterprise Linux
if [ -e /etc/oracle-release ]; then
2016-05-03 12:40:05 +02:00
FIND=$(grep "Oracle Linux Server" /etc/oracle-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-07-31 21:04:07 +02:00
LINUX_VERSION="Oracle Enterprise Linux"
OS_FULLNAME=$(grep "Oracle Linux" /etc/oracle-release)
OS_VERSION="${OS_FULLNAME}"
2014-08-26 17:33:55 +02:00
fi
fi
# Oracle VM Server
if [ -e /etc/ovs-release ]; then
2016-05-03 12:40:05 +02:00
FIND=$(grep "Oracle VM" /etc/ovs-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-07-31 21:04:07 +02:00
LINUX_VERSION="Oracle VM Server"
OS_FULLNAME=$(grep "Oracle VM" /etc/ovs-release)
OS_VERSION="${OS_FULLNAME}"
2014-08-26 17:33:55 +02:00
fi
fi
# Scientific
2016-05-03 12:40:05 +02:00
FIND=$(grep "Scientific" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-09-27 11:20:35 +02:00
OS_FULLNAME=$(grep "^Scientific" /etc/redhat-release)
2016-05-03 12:40:05 +02:00
OS_VERSION=$(grep "^Scientific" /etc/redhat-release | awk '{ if ($3=="release") { print $4 } }')
2014-08-26 17:33:55 +02:00
LINUX_VERSION="Scientific"
fi
2016-09-27 11:20:35 +02:00
if [ -z "${LINUX_VERSION}" ]; then
# Red Hat
FIND=$(grep "Red Hat" /etc/redhat-release)
if [ ! "${FIND}" = "" ]; then
OS_FULLNAME=$(grep "Red Hat" /etc/redhat-release)
OS_VERSION="${OS_FULLNAME}"
LINUX_VERSION="Red Hat"
fi
fi
fi
# PCLinuxOS
if [ -f /etc/pclinuxos-release ]; then
2017-03-07 20:23:08 +01:00
FIND=$(grep "^PCLinuxOS" /etc/pclinuxos-release)
2016-09-27 11:20:35 +02:00
if [ ! "${FIND}" = "" ]; then
2017-03-07 20:23:08 +01:00
OS_FULLNAME="PCLinuxOS Linux"
LINUX_VERSION="PCLinuxOS"
OS_VERSION=$(grep "^PCLinuxOS" /etc/pclinuxos-release | awk '{ if ($2=="release") { print $3 } }')
2016-09-27 11:20:35 +02:00
fi
fi
# Sabayon Linux
if [ -f /etc/sabayon-edition ]; then
2017-03-07 20:23:08 +01:00
FIND=$(grep "Sabayon Linux" /etc/sabayon-edition)
2016-09-27 11:20:35 +02:00
if [ ! "${FIND}" = "" ]; then
2017-03-07 20:23:08 +01:00
OS_FULLNAME="Sabayon Linux"
LINUX_VERSION="Sabayon"
OS_VERSION=$(awk '{ print $3 }' /etc/sabayon-edition)
2016-09-27 11:20:35 +02:00
fi
fi
if [ -f /etc/SLOX-release ]; then
OS_FULLNAME=$(grep "SuSE Linux" /etc/SLOX-release)
LINUX_VERSION="SuSE"
fi
# Slackware
if [ -f /etc/slackware-version ]; then
LINUX_VERSION="Slackware"
OS_VERSION=$(grep "^Slackware" /etc/slackware-version | awk '{ if ($1=="Slackware") { print $2 } }')
OS_FULLNAME="Slackware Linux ${OS_VERSION}"
fi
# SuSE
if [ -e "/etc/SuSE-release" ]; then
OS_VERSION=$(head -n 1 /etc/SuSE-release)
LINUX_VERSION="SuSE"
fi
# Turbo Linux
if [ -e "/etc/turbolinux-release" ]; then OS_FULLNAME=$(cat /etc/turbolinux-release); fi
2014-08-26 17:33:55 +02:00
2016-09-27 11:20:35 +02:00
# YellowDog
if [ -e "/etc/yellowdog-release" ]; then OS_FULLNAME=$(cat /etc/yellowdog-release); fi
# VMware
if [ -e "/etc/vmware-release" ]; then
OS_FULLNAME=$(cat /etc/vmware-release)
OS_VERSION=$(uname -r)
IS_VMWARE_ESXI=$(vmware -vl | grep VMware ESXi)
if [ ! "${IS_VMWARE_ESXI}" = "" ]; then
OS_FULLNAME="VMware ESXi ${OS_VERSION}"
fi
fi
# ===================================================================
# Set OS name to the discovered Linux version
if [ ! "${LINUX_VERSION}" = "" -a "${OS_NAME}" = "Linux" ]; then
OS_NAME="${LINUX_VERSION}"
fi
# If Linux version (full name) is unknown, use uname value
if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=$(uname -s -r); fi
SYSCTL_READKEY="sysctl -n"
2014-08-26 17:33:55 +02:00
;;
# NetBSD
NetBSD)
2016-09-27 11:20:35 +02:00
OS="NetBSD"
OS_NAME="NetBSD"
OS_FULLNAME=$(uname -s -r)
OS_KERNELVERSION=$(uname -v)
OS_VERSION=$(uname -r)
HARDWARE=$(uname -m)
FIND_BINARIES="whereis"
SYSCTL_READKEY=""
2014-08-26 17:33:55 +02:00
;;
# OpenBSD
OpenBSD)
2016-09-27 11:20:35 +02:00
OS="OpenBSD"
OS_NAME="OpenBSD"
OS_FULLNAME=$(uname -s -r)
OS_KERNELVERSION=$(uname -v)
OS_VERSION=$(uname -r)
HARDWARE=$(uname -m)
FIND_BINARIES="whereis"
SYSCTL_READKEY=""
2014-08-26 17:33:55 +02:00
;;
2020-11-05 00:50:21 +01:00
# Solaris / OpenSolaris / Ilumos ...
2014-08-26 17:33:55 +02:00
SunOS)
2016-09-27 11:20:35 +02:00
OS="Solaris"
2020-11-05 00:50:21 +01:00
OS_KERNELVERSION=$(uname -v)
OPENSOLARIS=0
if [ -f /etc/os-release ]; then
OS_ID=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_FULLNAME=$(awk -F= '/^PRETTY_NAME=/ {print substr($2,2,length($2)-2)}' /etc/os-release)
case "${OS_ID}" in
"solaris")
OS_NAME="Oracle Solaris"
;;
"omnios")
OS_NAME="OmniOS"
OPENSOLARIS=1
;;
"tribblix")
OS_NAME="Tribblix"
OS_FULLNAME="Tribblix ${OS_VERSION}"
OPENSOLARIS=1
;;
"*")
ReportException "OS Detection" "Unknown OS found in /etc/os-release - Please create issue on GitHub project page: ${PROGRAM_SOURCE}"
;;
esac
elif [ "$(uname -o 2> /dev/null)" == "illumos" ]; then
OPENSOLARIS=1
# Solaris has a free form text file with release information
if grep "OpenIndiana" /etc/release > /dev/null; then
OS_NAME="OpenIndiana"
if grep "Hipster" /etc/release > /dev/null; then
OS_VERSION="$(tr ' ' '\n' < /etc/release | grep '[[:digit:]]\.[[:digit:]]')"
OS_FULLNAME="OpenIndiana Hipster $OS_VERSION"
else
OS_VERSION="Unknown"
OS_FULLNAME="OpenIndiana (unknown edition)"
fi
elif grep "OmniOS" /etc/release > /dev/null; then
OS_NAME="OmniOS"
OS_VERSION="$(tr ' ' '\n' < /etc/release | grep 'r[[:digit:]]')"
if grep "Community Edition" /etc/release > /dev/null; then
OS_FULLNAME="OmniOS Community Edition v11 $OS_VERSION"
fi
elif grep "SmartOS" /etc/release > /dev/null; then
OS_NAME="SmartOS"
OS_VERSION="-"
OS_FULLNAME="SmartOS"
else
OS_NAME="Unknown Illumos"
fi
elif grep "SchilliX" /etc/release > /dev/null; then
OS_NAME="SchilliX"
OS_FULLNAME="$(head -n 1 /etc/release | xargs)"
OS_VERSION="$(echo "$OS_FULLNAME" | cut -d '-' -f 2)"
OPENSOLARIS=1
elif head -n 1 < /etc/release | grep "Oracle Solaris" > /dev/null; then
OS_NAME="Oracle Solaris"
OS_FULLNAME="$(head -n 1 /etc/release | xargs)"
OS_VERSION="$(head -n 1 < /etc/release | xargs | cut -d ' ' -f 3)"
elif head -n 1 < /etc/release | xargs | grep "^Solaris " > /dev/null; then
OS_NAME="Sun Solaris"
# Example of /etc/release:
# Solaris 10 5/08
# ...
# Solaris 10 10/09 (Update 8)
# The first line does not contain the "Update" number,
# only if present.
if tail -1 < /etc/release | xargs | grep "^Solaris " > /dev/null; then
OS_FULLNAME=$(tail -1 < /etc/release | xargs)
else
OS_FULLNAME=$(head -1 < /etc/release | xargs)
fi
OS_VERSION=$(echo "$OS_FULLNAME" | cut -d ' ' -f 2,3)
else # Old behaviour
OS_NAME="Sun Solaris"
OS_FULLNAME=$(uname -s -r)
OS_VERSION=$(uname -r)
fi
2016-09-27 11:20:35 +02:00
HARDWARE=$(uname -m)
if [ -x /usr/bin/isainfo ]; then
# Returns 32, 64
OS_MODE=$(/usr/bin/isainfo -b)
fi
SYSCTL_READKEY=""
2014-08-26 17:33:55 +02:00
;;
2015-12-16 13:40:28 +01:00
# VMware products
VMkernel)
OS="VMware"
OS_FULLNAME=""
OS_VERSION=""
2016-05-03 12:40:05 +02:00
HARDWARE=$(uname -m)
2015-12-16 13:40:28 +01:00
if [ -e "/etc/vmware-release" ]; then
2016-05-03 12:40:05 +02:00
OS_FULLNAME=$(cat /etc/vmware-release)
OS_VERSION=$(uname -r)
2015-12-16 13:40:28 +01:00
fi
A bunch of Solaris compatibility tweaks (#367)
* Work around Solaris' /bin/sh not being POSIX.
If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be. Exec it right away.
* Work around Solaris 'which' command oddity.
Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.
This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.
Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.
* Improved alternate-sh exec to avoid looping.
* Solaris' /usr/ucb/echo supports -n.
* Check for the best hash type that openssl supports.
When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.
* Solaris does not support sed -i; use a tempfile.
* Use the full path for modinfo.
When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.
* Solaris find does not support -maxdepth.
This mirrors the logic already in tests_homedirs.
* Use PSBINARY instead of ps.
* Work around Solaris' date not supporting +%s.
Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds. A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.
* Revert to using sha1 for HOSTID.
* Whitespace cleanup for openssl hash tests.
2017-03-08 17:24:24 +01:00
HAS_VMWARE_UTIL=$(which vmware 2> /dev/null | grep -v "no [^ ]* in ")
2015-12-16 13:40:28 +01:00
if [ ! "${HAS_VMWARE_UTIL}" = "" ]; then
2016-05-03 12:40:05 +02:00
IS_VMWARE_ESXI=$(vmware -vl | grep VMware ESXi)
2015-12-16 13:40:28 +01:00
if [ ! "${IS_VMWARE_ESXI}" = "" ]; then
OS_NAME="VMware ESXi"
OS_FULLNAME="VMware ESXi ${OS_VERSION}"
fi
fi
;;
2014-08-26 17:33:55 +02:00
# Unknown or unsupported systems
*)
2016-09-27 11:20:35 +02:00
echo "[ ${WARNING}WARNING${NORMAL} ]"
echo "${WARNING}Error${NORMAL}: ${WHITE}Unknown OS found. No support available yet for this OS or platform...${NORMAL}"
echo "Please consult the README/documentation for more information."
exit 1
2014-08-26 17:33:55 +02:00
;;
esac
# Set correct echo binary and parameters after detecting operating system
2014-12-03 22:49:22 +01:00
ECHONB=""
2014-08-26 17:33:55 +02:00
case ${OS} in
2019-04-04 19:04:42 +02:00
"AIX") ECHOCMD="echo"; ECHONB="printf" ;;
2016-09-27 11:20:35 +02:00
"DragonFly"|"FreeBSD"|"NetBSD") ECHOCMD="echo -e"; ECHONB="echo -n" ;;
2016-11-05 11:53:22 +01:00
"macOS" | "Mac OS X") ECHOCMD="echo"; ECHONB="/bin/echo -n" ;;
A bunch of Solaris compatibility tweaks (#367)
* Work around Solaris' /bin/sh not being POSIX.
If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be. Exec it right away.
* Work around Solaris 'which' command oddity.
Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.
This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.
Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.
* Improved alternate-sh exec to avoid looping.
* Solaris' /usr/ucb/echo supports -n.
* Check for the best hash type that openssl supports.
When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.
* Solaris does not support sed -i; use a tempfile.
* Use the full path for modinfo.
When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.
* Solaris find does not support -maxdepth.
This mirrors the logic already in tests_homedirs.
* Use PSBINARY instead of ps.
* Work around Solaris' date not supporting +%s.
Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds. A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.
* Revert to using sha1 for HOSTID.
* Whitespace cleanup for openssl hash tests.
2017-03-08 17:24:24 +01:00
"Solaris") ECHOCMD="echo" ; test -f /usr/ucb/echo && ECHONB="/usr/ucb/echo -n" ;;
2016-09-27 11:20:35 +02:00
"Linux")
# Check if dash is used (Debian/Ubuntu)
DEFAULT_SHELL=$(ls -l /bin/sh | awk -F'>' '{print $2}')
case ${DEFAULT_SHELL} in
" dash") ECHOCMD="/bin/echo -e" ;;
*) ECHOCMD="echo -e" ;;
esac
;;
*) ECHOCMD="echo -e" ;;
2014-08-26 17:33:55 +02:00
esac
2015-10-14 16:49:57 +02:00
# Check if we have full featured commands, or are using BusyBox as a shell
if [ -x /bin/busybox ]; then
if [ -L /bin/ps ]; then
ShowSymlinkPath /bin/ps
if [ "${SYMLINK}" = "/bin/busybox" ]; then
SHELL_IS_BUSYBOX=1
fi
fi
fi
2018-09-19 13:28:46 +02:00
# Specific checks for hardware
# Detect if we are using a QNAP NAS
if [ -d /share/CACHEDEV1_DATA/.qpkg ]; then
QNAP_DEVICE=1
fi
2019-02-26 16:15:15 +01:00
# Check if this OS is end-of-life
EOL=255
EOL_DATE=""
2019-03-05 19:31:36 +01:00
EOL_TIMESTAMP=0
2019-07-16 13:20:30 +02:00
if [ -n "${OS_VERSION}" ]; then
2019-02-26 16:15:15 +01:00
if [ -f "${DBDIR}/software-eol.db" ]; then
FIND="${OS_FULLNAME}"
2019-03-05 19:31:36 +01:00
EOL_TIMESTAMP=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $4}}' ${DBDIR}/software-eol.db | head -n 1)
2019-07-16 13:20:30 +02:00
if [ -n "${EOL_TIMESTAMP}" ]; then
2019-03-05 19:31:36 +01:00
EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $3}}' ${DBDIR}/software-eol.db | head -n 1)
2020-03-19 21:41:35 +01:00
if [ -n "${EOL_DATE}" ]; then
NOW=$(date "+%s")
if [ -n "${NOW}" ]; then
if [ ${NOW} -gt ${EOL_TIMESTAMP} ]; then
EOL=1
else
EOL=0
fi
2019-02-26 16:15:15 +01:00
fi
2020-03-19 21:41:35 +01:00
else
EOL=0
2019-02-26 16:15:15 +01:00
fi
fi
fi
fi
2018-09-19 13:28:46 +02:00
2014-08-26 17:33:55 +02:00
#================================================================================
2016-05-03 12:40:05 +02:00
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com