lynis/include/osdetection

795 lines
35 KiB
Plaintext
Raw Normal View History

2014-08-26 17:33:55 +02:00
#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
2016-03-13 16:00:39 +01:00
# Copyright 2007-2013, Michael Boelen
2021-01-07 15:22:19 +01:00
# Copyright 2007-2021, CISOfy
2014-08-26 17:33:55 +02:00
#
2016-03-13 16:00:39 +01:00
# Website : https://cisofy.com
# Blog : http://linux-audit.com
# GitHub : https://github.com/CISOfy/lynis
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
2014-08-26 17:33:55 +02:00
#
#################################################################################
#
# Operating System detection
#
#################################################################################
#
# Check operating system
2016-05-03 12:40:05 +02:00
case $(uname) in
2014-08-26 17:33:55 +02:00
# IBM AIX
AIX)
OS="AIX"
OS_NAME="AIX"
OS_VERSION=$(oslevel)
OS_FULLNAME="AIX ${OS_VERSION}"
CPU=$(uname -p)
HARDWARE=$(uname -M)
FIND_BINARIES="whereis -b"
SYSCTL_READKEY=""
2014-08-26 17:33:55 +02:00
;;
# Mac OS X and macOS
2014-08-26 17:33:55 +02:00
Darwin)
OS="macOS"
if [ -x /usr/bin/sw_vers ]; then
OS_NAME=$(/usr/bin/sw_vers -productName)
OS_VERSION=$(/usr/bin/sw_vers -productVersion)
2016-10-15 11:27:04 +02:00
OS_VERSION_NAME="unknown"
2016-10-26 12:19:01 +02:00
OS_FULLNAME="macOS (unknown version)"
2016-10-15 10:43:45 +02:00
case ${OS_VERSION} in
10.0 | 10.0.[0-9]*) OS_FULLNAME="Mac OS X 10.0 (Cheetah)" ;;
10.1 | 10.1.[0-9]*) OS_FULLNAME="Mac OS X 10.1 (Puma)" ;;
10.2 | 10.2.[0-9]*) OS_FULLNAME="Mac OS X 10.2 (Jaguar)" ;;
10.3 | 10.3.[0-9]*) OS_FULLNAME="Mac OS X 10.3 (Panther)" ;;
10.4 | 10.4.[0-9]*) OS_FULLNAME="Mac OS X 10.4 (Tiger)" ;;
10.5 | 10.5.[0-9]*) OS_FULLNAME="Mac OS X 10.5 (Leopard)" ;;
10.6 | 10.6.[0-9]*) OS_FULLNAME="Mac OS X 10.6 (Snow Leopard)" ;;
10.7 | 10.7.[0-9]*) OS_FULLNAME="Mac OS X 10.7 (Lion)" ;;
10.8 | 10.8.[0-9]*) OS_FULLNAME="Mac OS X 10.8 (Mountain Lion)" ;;
10.9 | 10.9.[0-9]*) OS_FULLNAME="Mac OS X 10.9 (Mavericks)" ;;
2016-10-26 12:19:01 +02:00
10.10 | 10.10.[0-9]*) OS_FULLNAME="Mac OS X 10.10 (Yosemite)" ;;
10.11 | 10.11.[0-9]*) OS_FULLNAME="Mac OS X 10.11 (El Capitan)" ;;
10.12 | 10.12.[0-9]*) OS_FULLNAME="macOS Sierra (${OS_VERSION})" ;;
10.13 | 10.13.[0-9]*) OS_FULLNAME="macOS High Sierra (${OS_VERSION})" ;;
2018-12-13 12:12:26 +01:00
10.14 | 10.14.[0-9]*) OS_FULLNAME="macOS Mojave (${OS_VERSION})" ;;
2020-03-01 00:31:52 +01:00
10.15 | 10.15.[0-9]*) OS_FULLNAME="macOS Catalina (${OS_VERSION})" ;;
2020-06-22 20:44:58 +02:00
11.0 | 11.0[0-9]*) OS_FULLNAME="macOS Big Sur (${OS_VERSION})" ;;
2016-10-15 11:27:04 +02:00
*) echo "Unknown macOS version. Do you know what version it is? Create an issue at ${PROGRAM_SOURCE}" ;;
2016-10-15 10:43:45 +02:00
esac
2014-08-26 17:33:55 +02:00
else
# Fall back to a fairly safe name
2016-10-15 10:43:45 +02:00
OS_NAME="macOS"
# uname -s -r shows Darwin 16.1.0
OS_FULLNAME=$(uname -s -r)
# shows 16.1.0 for Darwin's version, not macOS's
OS_VERSION=$(uname -r)
fi
HARDWARE=$(uname -m)
HOMEDIRS="/Users"
FIND_BINARIES="whereis"
OS_KERNELVERSION=$(uname -r)
SYSCTL_READKEY=""
2014-08-26 17:33:55 +02:00
;;
# DragonFly BSD
DragonFly)
OS="DragonFly"
OS_NAME="DragonFly BSD"
OS_FULLNAME=$(uname -s -r)
OS_VERSION=$(uname -r)
HARDWARE=$(uname -m)
HOMEDIRS="/home /root"
FIND_BINARIES="whereis -q -a -b"
OS_KERNELVERSION=$(uname -i)
SYSCTL_READKEY="sysctl -n"
2014-08-26 17:33:55 +02:00
;;
# FreeBSD
FreeBSD)
OS="FreeBSD"
OS_NAME="FreeBSD"
OS_FULLNAME=$(uname -s -r)
OS_VERSION=$(uname -r)
HARDWARE=$(uname -m)
HOMEDIRS="/home /root"
FIND_BINARIES="whereis -q -a -b"
OS_KERNELVERSION=$(uname -i)
SYSCTL_READKEY="sysctl -n"
# TrueOS
if [ -f /etc/defaults/trueos ]; then
OS_NAME="TrueOS"
LogText "Result: found TrueOS file, system is completely based on FreeBSD though. Only adjusting OS name."
fi
2014-08-26 17:33:55 +02:00
;;
# HP-UX
HP-UX)
OS="HP-UX"
OS_NAME="HP-UX"
OS_FULLNAME=$(uname -s -r)
OS_VERSION=$(uname -r)
HARDWARE=$(uname -m)
FIND_BINARIES="whereis -b"
SYSCTL_READKEY=""
LOGDIR="/var/adm/syslog"
2014-08-26 17:33:55 +02:00
;;
# Linux
Linux)
OS="Linux"
OS_NAME="Linux"
OS_FULLNAME=""
OS_VERSION=$(uname -r)
LINUX_VERSION=""
HARDWARE=$(uname -m)
HOMEDIRS="/home"
FIND_BINARIES="whereis -b"
OS_KERNELVERSION_FULL=$(uname -r)
OS_KERNELVERSION=$(echo ${OS_KERNELVERSION_FULL} | sed 's/-.*//')
if [ -e /dev/grsec ]; then GRSEC_FOUND=1; fi
2016-10-16 11:50:23 +02:00
# Generic
if [ -e /etc/os-release ]; then
2020-03-04 15:02:39 +01:00
OS_FULLNAME=$(awk -F= '/^PRETTY_NAME=/ {print substr($2,2,length($2)-2)}' /etc/os-release)
OS_ID=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2019-07-16 13:20:30 +02:00
if [ -n "${OS_ID}" ]; then
2016-10-16 11:57:19 +02:00
case ${OS_ID} in
2020-08-07 02:15:18 +02:00
"alpine")
LINUX_VERSION="Alpine Linux"
OS_NAME=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"amzn")
LINUX_VERSION="Amazon Linux"
OS_NAME="Amazon Linux"
OS_REDHAT_OR_CLONE=1
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"arch")
LINUX_VERSION="Arch Linux"
OS_FULLNAME="Arch Linux"
OS_VERSION="Rolling release"
;;
"centos")
LINUX_VERSION="CentOS"
OS_NAME="CentOS Linux"
OS_REDHAT_OR_CLONE=1
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2019-08-04 19:18:16 +02:00
"clear-linux-os")
LINUX_VERSION="Clear Linux OS"
OS_NAME="Clear Linux OS"
OS_REDHAT_OR_CLONE=1
2019-08-04 19:18:16 +02:00
OS_VERSION="Rolling release"
;;
2020-10-02 10:57:58 +02:00
"cloudlinux")
LINUX_VERSION="CloudLinux"
OS_NAME="CloudLinux"
OS_REDHAT_OR_CLONE=1
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2016-10-16 11:57:19 +02:00
"coreos")
2016-10-16 11:50:23 +02:00
LINUX_VERSION="CoreOS"
OS_NAME="CoreOS Linux"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2016-10-16 11:50:23 +02:00
;;
2019-09-03 10:06:26 +02:00
"debian")
LINUX_VERSION="Debian"
2020-03-04 15:09:10 +01:00
OS_NAME="Debian"
2019-09-03 10:06:26 +02:00
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2021-04-01 14:34:26 +02:00
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"devuan")
LINUX_VERSION="Devuan"
OS_NAME="Devuan"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2019-09-03 10:06:26 +02:00
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2020-03-04 15:09:10 +01:00
;;
2020-12-18 14:04:58 +01:00
"elementary")
LINUX_VERSION="elementary OS"
OS_NAME="elementary OS"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"endeavouros")
LINUX_VERSION="EndeavourOS"
OS_NAME="EndeavourOS"
OS_VERSION="Rolling release"
OS_VERSION_FULL="Rolling release"
;;
2020-03-04 15:09:10 +01:00
"fedora")
LINUX_VERSION="Fedora"
OS_NAME="Fedora Linux"
OS_REDHAT_OR_CLONE=1
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2019-09-03 10:06:26 +02:00
;;
"flatcar")
LINUX_VERSION="Flatcar"
LINUX_VERSION_LIKE="CoreOS"
OS_NAME="Flatcar Linux"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"garuda")
LINUX_VERSION="Garuda"
OS_FULLNAME="Garuda Linux"
OS_NAME="Garuda"
OS_VERSION="Rolling release"
;;
2020-06-02 14:09:49 +02:00
"gentoo")
LINUX_VERSION="Gentoo"
OS_NAME="Gentoo Linux"
OS_VERSION="Rolling release"
;;
"ipfire")
LINUX_VERSION="IPFire"
OS_NAME="IPFire"
OS_VERSION=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"kali")
LINUX_VERSION="Kali"
LINUX_VERSION_LIKE="Debian"
OS_NAME="Kali Linux"
OS_VERSION="Rolling release"
;;
"linuxmint")
LINUX_VERSION="Linux Mint"
LINUX_VERSION_LIKE="Ubuntu"
OS_NAME="Linux Mint"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"mageia")
LINUX_VERSION="Mageia"
OS_NAME="Mageia"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2017-03-12 19:27:04 +01:00
"manjaro")
LINUX_VERSION="Manjaro"
2017-03-12 19:27:04 +01:00
OS_FULLNAME="Manjaro Linux"
2019-09-03 10:06:26 +02:00
OS_NAME="Manjaro"
2017-03-12 19:27:04 +01:00
OS_VERSION="Rolling release"
;;
"nixos")
LINUX_VERSION="NixOS"
OS_NAME="NixOS"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2020-05-15 05:50:43 +02:00
"ol")
LINUX_VERSION="Oracle Linux"
OS_NAME="Oracle Linux"
OS_REDHAT_OR_CLONE=1
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"opensuse-tumbleweed")
LINUX_VERSION="openSUSE Tumbleweed"
# It's rolling release but has a snapshot version (the date of the snapshot)
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="openSUSE"
;;
"opensuse-leap")
LINUX_VERSION="openSUSE Leap"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="openSUSE"
;;
2020-12-26 15:36:36 +01:00
"parrot")
LINUX_VERSION="Parrot"
OS_NAME="Parrot GNU/Linux"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"pop")
LINUX_VERSION="Pop!_OS"
LINUX_VERSION_LIKE="Ubuntu"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="Pop!_OS"
;;
"pureos")
LINUX_VERSION="PureOS"
LINUX_VERSION_LIKE="Debian"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
2019-09-03 10:06:26 +02:00
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="PureOS"
;;
2019-10-20 20:21:54 +02:00
"raspbian")
LINUX_VERSION="Raspbian"
LINUX_VERSION_LIKE="Debian"
2019-10-20 20:21:54 +02:00
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="Raspbian"
;;
"rhel")
LINUX_VERSION="RHEL"
2020-10-17 13:26:11 +02:00
OS_NAME="RHEL"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_FULLNAME="${OS_NAME} ${OS_VERSION_FULL}"
OS_REDHAT_OR_CLONE=1
;;
2020-10-17 13:23:08 +02:00
"rosa")
LINUX_VERSION="ROSA Linux"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="ROSA Linux"
;;
2019-10-08 19:19:30 +02:00
"slackware")
LINUX_VERSION="Slackware"
OS_NAME="Slackware Linux"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"sles")
LINUX_VERSION="SLES"
OS_NAME="openSUSE"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^PRETTY_NAME=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
"ubuntu")
LINUX_VERSION="Ubuntu"
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_NAME="Ubuntu"
;;
"void")
LINUX_VERSION="Void Linux"
OS_VERSION="Rolling release"
OS_NAME="Void Linux"
;;
2020-10-17 13:15:06 +02:00
"zorin")
LINUX_VERSION="Zorin OS"
OS_NAME="Zorin OS"
2020-10-08 22:06:35 +02:00
OS_VERSION=$(grep "^VERSION_ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION_FULL=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
;;
2016-10-16 11:50:23 +02:00
*)
ReportException "OS Detection" "Unknown OS found in /etc/os-release - Please create an issue on GitHub and share the the contents (cat /etc/os-release): ${PROGRAM_SOURCE}"
2016-10-16 11:50:23 +02:00
;;
esac
fi
fi
2020-08-07 02:15:18 +02:00
# Alpine
if [ -e "/etc/alpine-release" ]; then LINUX_VERSION="Alpine Linux"; OS_VERSION=$(cat /etc/alpine-release); fi
# Amazon
if [ -z "${LINUX_VERSION}" -a -e "/etc/system-release" ]; then
FIND=$(grep "^Amazon" /etc/system-release)
if [ -n "${FIND}" ]; then
OS_REDHAT_OR_CLONE=1
OS_FULLNAME=$(grep "^Amazon" /etc/system-release)
OS_VERSION=$(grep "^Amazon" /etc/system-release | awk '{ if ($4=="release") { print $5 } }')
LINUX_VERSION="Amazon"
fi
fi
# Arch Linux
if [ -z "${OS_FULLNAME}" -a -e "/etc/arch-release" ]; then
OS_FULLNAME="Arch Linux"
OS_VERSION="Unknown"
LINUX_VERSION="Arch Linux"
fi
# Chakra Linux
if [ -e "/etc/chakra-release" ]; then
OS_FULLNAME=$(grep "^Chakra" /etc/chakra-release)
OS_VERSION=$(awk '/^Chakra/ { if ($3=="release") { print $4 }}' /etc/chakra-release)
LINUX_VERSION="Chakra Linux"
fi
# Cobalt
if [ -e "/etc/cobalt-release" ]; then OS_FULLNAME=$(cat /etc/cobalt-release); fi
# CPUBuilders Linux
if [ -e "/etc/cpub-release" ]; then OS_FULLNAME=$(cat /etc/cpub-release); fi
Test for LINUX_VERSION before setting it again Before parsing /etc/debian-release and /etc/lsb-release, it is now checked if the variable LINUX_VERSION is already set. This fixes cisofy/lynis#1003, but has some side effects. This will affects Ubuntu and Debian based distributions, like: - Pop!_OS (Ubuntu based) - Kali (Debian Based) - Raspbian - ... Unfortunately this will likely skip/brake a few tests for those distributions, as they are not considered to be Ubuntu or Debian anymore. Linux Mint was already detected properly, but at least some tests already had support for them (will other tests for Ubuntu are skipped). Those are tests I identified that will be skipped incorrectly now: - BOOT-5180: Check for Linux boot services (Debian style) It was already skipped on Linux Mint. - KRNL-5622: Check default run level on Linux machines This will only be skipped if systemd is not installed. It is already skipped on Linux Mint in this case. - KRNL-5788: Checking availability new kernel (sic!) This was already skipped on Linux Mint. - PKGS-7388: Check security repository (...) It will now be skipped for all distributions that do use the Debian / Ubuntu security repositories but are not detected as such anymore (like Pop!_OS). It will now be correctly skipped on Raspbian. This test was already aware of Linux Mint. - PKGS-7390: Check Ubuntu database consitency I am not sure why this test is Ubuntu only, thus it already skipped on Debian and Mint. - PKGS-7394: Check Ubuntu upgradeable packages I am not sure why this is for Ubuntu only, too. I think this should be feature tested instead, as apt-show-versions can be installed on any Debian based distribution as well.. - PKGS-7366: Checking if debsecan is installed (...) While it may be correct to skip, debsecan remains usefull if package versions, patches and vulnerability fixes are very close on Debian itself. It is the correct behaviour to not do this test on Ubuntu and Ubuntu based distributions, as Canonical does not provide the required databases. - PKGS-7420: (Autoupdates) Linux Mint was already skipped on this test. I think this could be solved by introducing a variable like LINUX_VERSION_PARENT. On Linux Mint it would be set to Ubuntu, on e.g. Kali Linux the veriable has the value Debian. Tests can use this variable to check if it is broadly applicable, and then check if the specific distribution is excluded.
2020-08-07 23:38:10 +02:00
if [ -z "${LINUX_VERSION}" ] && [ -e "/etc/debian_version" ]; then
# Debian/Ubuntu (***) - Set first to Debian
OS_VERSION=$(cat /etc/debian_version)
OS_FULLNAME="Debian ${OS_VERSION}"
LINUX_VERSION="Debian"
Test for LINUX_VERSION before setting it again Before parsing /etc/debian-release and /etc/lsb-release, it is now checked if the variable LINUX_VERSION is already set. This fixes cisofy/lynis#1003, but has some side effects. This will affects Ubuntu and Debian based distributions, like: - Pop!_OS (Ubuntu based) - Kali (Debian Based) - Raspbian - ... Unfortunately this will likely skip/brake a few tests for those distributions, as they are not considered to be Ubuntu or Debian anymore. Linux Mint was already detected properly, but at least some tests already had support for them (will other tests for Ubuntu are skipped). Those are tests I identified that will be skipped incorrectly now: - BOOT-5180: Check for Linux boot services (Debian style) It was already skipped on Linux Mint. - KRNL-5622: Check default run level on Linux machines This will only be skipped if systemd is not installed. It is already skipped on Linux Mint in this case. - KRNL-5788: Checking availability new kernel (sic!) This was already skipped on Linux Mint. - PKGS-7388: Check security repository (...) It will now be skipped for all distributions that do use the Debian / Ubuntu security repositories but are not detected as such anymore (like Pop!_OS). It will now be correctly skipped on Raspbian. This test was already aware of Linux Mint. - PKGS-7390: Check Ubuntu database consitency I am not sure why this test is Ubuntu only, thus it already skipped on Debian and Mint. - PKGS-7394: Check Ubuntu upgradeable packages I am not sure why this is for Ubuntu only, too. I think this should be feature tested instead, as apt-show-versions can be installed on any Debian based distribution as well.. - PKGS-7366: Checking if debsecan is installed (...) While it may be correct to skip, debsecan remains usefull if package versions, patches and vulnerability fixes are very close on Debian itself. It is the correct behaviour to not do this test on Ubuntu and Ubuntu based distributions, as Canonical does not provide the required databases. - PKGS-7420: (Autoupdates) Linux Mint was already skipped on this test. I think this could be solved by introducing a variable like LINUX_VERSION_PARENT. On Linux Mint it would be set to Ubuntu, on e.g. Kali Linux the veriable has the value Debian. Tests can use this variable to check if it is broadly applicable, and then check if the specific distribution is excluded.
2020-08-07 23:38:10 +02:00
# /etc/lsb-release does not exist on Debian
if [ -e /etc/lsb-release ]; then
OS_VERSION=$(cat /etc/debian_version)
FIND=$(grep "^DISTRIB_ID=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g')
if [ "${FIND}" = "Ubuntu" ]; then
OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2)
OS_FULLNAME="Ubuntu ${OS_VERSION}"
LINUX_VERSION="Ubuntu"
elif [ "${FIND}" = "elementary OS" ]; then
LINUX_VERSION="elementary OS"
LINUX_VERSION_LIKE="Ubuntu"
Test for LINUX_VERSION before setting it again Before parsing /etc/debian-release and /etc/lsb-release, it is now checked if the variable LINUX_VERSION is already set. This fixes cisofy/lynis#1003, but has some side effects. This will affects Ubuntu and Debian based distributions, like: - Pop!_OS (Ubuntu based) - Kali (Debian Based) - Raspbian - ... Unfortunately this will likely skip/brake a few tests for those distributions, as they are not considered to be Ubuntu or Debian anymore. Linux Mint was already detected properly, but at least some tests already had support for them (will other tests for Ubuntu are skipped). Those are tests I identified that will be skipped incorrectly now: - BOOT-5180: Check for Linux boot services (Debian style) It was already skipped on Linux Mint. - KRNL-5622: Check default run level on Linux machines This will only be skipped if systemd is not installed. It is already skipped on Linux Mint in this case. - KRNL-5788: Checking availability new kernel (sic!) This was already skipped on Linux Mint. - PKGS-7388: Check security repository (...) It will now be skipped for all distributions that do use the Debian / Ubuntu security repositories but are not detected as such anymore (like Pop!_OS). It will now be correctly skipped on Raspbian. This test was already aware of Linux Mint. - PKGS-7390: Check Ubuntu database consitency I am not sure why this test is Ubuntu only, thus it already skipped on Debian and Mint. - PKGS-7394: Check Ubuntu upgradeable packages I am not sure why this is for Ubuntu only, too. I think this should be feature tested instead, as apt-show-versions can be installed on any Debian based distribution as well.. - PKGS-7366: Checking if debsecan is installed (...) While it may be correct to skip, debsecan remains usefull if package versions, patches and vulnerability fixes are very close on Debian itself. It is the correct behaviour to not do this test on Ubuntu and Ubuntu based distributions, as Canonical does not provide the required databases. - PKGS-7420: (Autoupdates) Linux Mint was already skipped on this test. I think this could be solved by introducing a variable like LINUX_VERSION_PARENT. On Linux Mint it would be set to Ubuntu, on e.g. Kali Linux the veriable has the value Debian. Tests can use this variable to check if it is broadly applicable, and then check if the specific distribution is excluded.
2020-08-07 23:38:10 +02:00
OS_VERSION=$(grep "^DISTRIB_RELEASE=" /etc/lsb-release | cut -d '=' -f2)
OS_FULLNAME=$(grep "^DISTRIB_DESCRIPTION=" /etc/lsb-release | cut -d '=' -f2 | sed 's/"//g')
else
# Catch all, in case it's unclear what specific release this is.
OS_FULLNAME="Debian ${OS_VERSION}"
LINUX_VERSION="Debian"
fi
# Ubuntu test (optional) $(grep "[Uu]buntu" /proc/version)
2014-08-26 17:33:55 +02:00
fi
fi
2017-08-19 10:50:53 +02:00
# Override for Linux Mint, as that is initially detected as Debian or Ubuntu
if [ -x /usr/bin/lsb_release ]; then
FIND=$(lsb_release --id | awk -F: '{ print $2 }' | awk '{ print $1 }')
2017-08-19 10:50:53 +02:00
if [ "${FIND}" = "LinuxMint" ]; then
LINUX_VERSION="Linux Mint"
# LMDE (Linux Mint Debian Edition) should be detected as Debian
LINUX_VERSION_LIKE="Ubuntu"
2017-08-19 10:50:53 +02:00
OS_VERSION=$(lsb_release --release | awk '{ print $2 }')
OS_FULLNAME="Linux Mint ${OS_VERSION}"
fi
fi
# E-smith
if [ -e "/etc/e-smith-release" ]; then OS_FULLNAME=$(cat /etc/e-smith-release); fi
# Gentoo
if [ -e "/etc/gentoo-release" ]; then LINUX_VERSION="Gentoo"; OS_FULLNAME=$(cat /etc/gentoo-release); fi
# Red Hat and others
if [ -z "${LINUX_VERSION}" -a -e "/etc/redhat-release" ]; then
2014-08-26 17:33:55 +02:00
OS_REDHAT_OR_CLONE=1
# CentOS
if grep "CentOS" /etc/redhat-release; then
2016-05-03 12:40:05 +02:00
OS_FULLNAME=$(grep "CentOS" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
LINUX_VERSION="CentOS"
OS_VERSION="${OS_FULLNAME}"
fi
# ClearOS
2016-05-03 12:40:05 +02:00
FIND=$(grep "ClearOS" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-05-03 12:40:05 +02:00
OS_FULLNAME=$(grep "ClearOS" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
LINUX_VERSION="ClearOS"
OS_VERSION="${OS_FULLNAME}"
fi
# Fedora
2016-05-03 12:40:05 +02:00
FIND=$(grep "Fedora" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-05-03 12:40:05 +02:00
OS_FULLNAME=$(grep "Fedora" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
OS_VERSION="${OS_FULLNAME}"
LINUX_VERSION="Fedora"
fi
# Oracle Enterprise Linux
2016-05-03 12:40:05 +02:00
FIND=$(grep "Enterprise Linux Enterprise Linux Server" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-07-31 21:04:07 +02:00
LINUX_VERSION="Oracle Enterprise Linux"
OS_FULLNAME=$(grep "Enterprise Linux" /etc/redhat-release)
OS_VERSION="${OS_FULLNAME}"
2014-08-26 17:33:55 +02:00
fi
# Oracle Enterprise Linux
if [ -e /etc/oracle-release ]; then
2016-05-03 12:40:05 +02:00
FIND=$(grep "Oracle Linux Server" /etc/oracle-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-07-31 21:04:07 +02:00
LINUX_VERSION="Oracle Enterprise Linux"
OS_FULLNAME=$(grep "Oracle Linux" /etc/oracle-release)
OS_VERSION="${OS_FULLNAME}"
2014-08-26 17:33:55 +02:00
fi
fi
# Oracle VM Server
if [ -e /etc/ovs-release ]; then
2016-05-03 12:40:05 +02:00
FIND=$(grep "Oracle VM" /etc/ovs-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2016-07-31 21:04:07 +02:00
LINUX_VERSION="Oracle VM Server"
OS_FULLNAME=$(grep "Oracle VM" /etc/ovs-release)
OS_VERSION="${OS_FULLNAME}"
2014-08-26 17:33:55 +02:00
fi
fi
# Scientific
2016-05-03 12:40:05 +02:00
FIND=$(grep "Scientific" /etc/redhat-release)
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
OS_FULLNAME=$(grep "^Scientific" /etc/redhat-release)
2016-05-03 12:40:05 +02:00
OS_VERSION=$(grep "^Scientific" /etc/redhat-release | awk '{ if ($3=="release") { print $4 } }')
2014-08-26 17:33:55 +02:00
LINUX_VERSION="Scientific"
fi
if [ -z "${LINUX_VERSION}" ]; then
# Red Hat
FIND=$(grep "Red Hat" /etc/redhat-release)
if [ ! "${FIND}" = "" ]; then
OS_FULLNAME=$(grep "Red Hat" /etc/redhat-release)
OS_VERSION="${OS_FULLNAME}"
LINUX_VERSION="Red Hat"
fi
fi
fi
# PCLinuxOS
if [ -f /etc/pclinuxos-release ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
FIND=$(grep "^PCLinuxOS" /etc/pclinuxos-release)
if [ ! "${FIND}" = "" ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
OS_FULLNAME="PCLinuxOS Linux"
LINUX_VERSION="PCLinuxOS"
OS_VERSION=$(grep "^PCLinuxOS" /etc/pclinuxos-release | awk '{ if ($2=="release") { print $3 } }')
fi
fi
# Sabayon Linux
if [ -f /etc/sabayon-edition ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
FIND=$(grep "Sabayon Linux" /etc/sabayon-edition)
if [ ! "${FIND}" = "" ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
OS_FULLNAME="Sabayon Linux"
LINUX_VERSION="Sabayon"
OS_VERSION=$(awk '{ print $3 }' /etc/sabayon-edition)
fi
fi
if [ -f /etc/SLOX-release ]; then
OS_FULLNAME=$(grep "SuSE Linux" /etc/SLOX-release)
LINUX_VERSION="SuSE"
fi
# Slackware
if [ -f /etc/slackware-version ]; then
LINUX_VERSION="Slackware"
OS_VERSION=$(grep "^Slackware" /etc/slackware-version | awk '{ if ($1=="Slackware") { print $2 } }')
OS_FULLNAME="Slackware Linux ${OS_VERSION}"
fi
# SuSE
if [ -e "/etc/SuSE-release" ]; then
OS_VERSION=$(head -n 1 /etc/SuSE-release)
LINUX_VERSION="SuSE"
fi
# Turbo Linux
if [ -e "/etc/turbolinux-release" ]; then OS_FULLNAME=$(cat /etc/turbolinux-release); fi
2014-08-26 17:33:55 +02:00
# YellowDog
if [ -e "/etc/yellowdog-release" ]; then OS_FULLNAME=$(cat /etc/yellowdog-release); fi
# VMware
if [ -e "/etc/vmware-release" ]; then
OS_FULLNAME=$(cat /etc/vmware-release)
OS_VERSION=$(uname -r)
IS_VMWARE_ESXI=$(vmware -vl | grep VMware ESXi)
if [ ! "${IS_VMWARE_ESXI}" = "" ]; then
OS_FULLNAME="VMware ESXi ${OS_VERSION}"
fi
fi
# ===================================================================
# Set OS name to the discovered Linux version
if [ ! "${LINUX_VERSION}" = "" -a "${OS_NAME}" = "Linux" ]; then
OS_NAME="${LINUX_VERSION}"
fi
# If Linux version (full name) is unknown, use uname value
if [ "${OS_FULLNAME}" = "" ]; then OS_FULLNAME=$(uname -s -r); fi
SYSCTL_READKEY="sysctl -n"
2014-08-26 17:33:55 +02:00
;;
# NetBSD
NetBSD)
OS="NetBSD"
OS_NAME="NetBSD"
OS_FULLNAME=$(uname -s -r)
OS_KERNELVERSION=$(uname -v)
OS_VERSION=$(uname -r)
HARDWARE=$(uname -m)
FIND_BINARIES="whereis"
SYSCTL_READKEY=""
2014-08-26 17:33:55 +02:00
;;
# OpenBSD
OpenBSD)
OS="OpenBSD"
OS_NAME="OpenBSD"
OS_FULLNAME=$(uname -s -r)
OS_KERNELVERSION=$(uname -v)
OS_VERSION=$(uname -r)
HARDWARE=$(uname -m)
FIND_BINARIES="whereis"
SYSCTL_READKEY=""
2014-08-26 17:33:55 +02:00
;;
# Solaris / OpenSolaris / Ilumos ...
2014-08-26 17:33:55 +02:00
SunOS)
OS="Solaris"
OS_KERNELVERSION=$(uname -v)
OPENSOLARIS=0
if [ -f /etc/os-release ]; then
OS_ID=$(grep "^ID=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_VERSION=$(grep "^VERSION=" /etc/os-release | awk -F= '{print $2}' | tr -d '"')
OS_FULLNAME=$(awk -F= '/^PRETTY_NAME=/ {print substr($2,2,length($2)-2)}' /etc/os-release)
case "${OS_ID}" in
"solaris")
OS_NAME="Oracle Solaris"
;;
"omnios")
OS_NAME="OmniOS"
OPENSOLARIS=1
;;
"tribblix")
OS_NAME="Tribblix"
OS_FULLNAME="Tribblix ${OS_VERSION}"
OPENSOLARIS=1
;;
"*")
ReportException "OS Detection" "Unknown OS found in /etc/os-release - Please create issue on GitHub project page: ${PROGRAM_SOURCE}"
;;
esac
elif [ "$(uname -o 2> /dev/null)" == "illumos" ]; then
OPENSOLARIS=1
# Solaris has a free form text file with release information
if grep "OpenIndiana" /etc/release > /dev/null; then
OS_NAME="OpenIndiana"
if grep "Hipster" /etc/release > /dev/null; then
OS_VERSION="$(tr ' ' '\n' < /etc/release | grep '[[:digit:]]\.[[:digit:]]')"
OS_FULLNAME="OpenIndiana Hipster $OS_VERSION"
else
OS_VERSION="Unknown"
OS_FULLNAME="OpenIndiana (unknown edition)"
fi
elif grep "OmniOS" /etc/release > /dev/null; then
OS_NAME="OmniOS"
OS_VERSION="$(tr ' ' '\n' < /etc/release | grep 'r[[:digit:]]')"
if grep "Community Edition" /etc/release > /dev/null; then
OS_FULLNAME="OmniOS Community Edition v11 $OS_VERSION"
fi
elif grep "SmartOS" /etc/release > /dev/null; then
OS_NAME="SmartOS"
OS_VERSION="-"
OS_FULLNAME="SmartOS"
else
OS_NAME="Unknown Illumos"
fi
elif grep "SchilliX" /etc/release > /dev/null; then
OS_NAME="SchilliX"
OS_FULLNAME="$(head -n 1 /etc/release | xargs)"
OS_VERSION="$(echo "$OS_FULLNAME" | cut -d '-' -f 2)"
OPENSOLARIS=1
elif head -n 1 < /etc/release | grep "Oracle Solaris" > /dev/null; then
OS_NAME="Oracle Solaris"
OS_FULLNAME="$(head -n 1 /etc/release | xargs)"
OS_VERSION="$(head -n 1 < /etc/release | xargs | cut -d ' ' -f 3)"
elif head -n 1 < /etc/release | xargs | grep "^Solaris " > /dev/null; then
OS_NAME="Sun Solaris"
# Example of /etc/release:
# Solaris 10 5/08
# ...
# Solaris 10 10/09 (Update 8)
# The first line does not contain the "Update" number,
# only if present.
if tail -1 < /etc/release | xargs | grep "^Solaris " > /dev/null; then
OS_FULLNAME=$(tail -1 < /etc/release | xargs)
else
OS_FULLNAME=$(head -1 < /etc/release | xargs)
fi
OS_VERSION=$(echo "$OS_FULLNAME" | cut -d ' ' -f 2,3)
else # Old behaviour
OS_NAME="Sun Solaris"
OS_FULLNAME=$(uname -s -r)
OS_VERSION=$(uname -r)
fi
HARDWARE=$(uname -m)
if [ -x /usr/bin/isainfo ]; then
# Returns 32, 64
OS_MODE=$(/usr/bin/isainfo -b)
fi
SYSCTL_READKEY=""
2014-08-26 17:33:55 +02:00
;;
2015-12-16 13:40:28 +01:00
# VMware products
VMkernel)
OS="VMware"
OS_FULLNAME=""
OS_VERSION=""
2016-05-03 12:40:05 +02:00
HARDWARE=$(uname -m)
2015-12-16 13:40:28 +01:00
if [ -e "/etc/vmware-release" ]; then
2016-05-03 12:40:05 +02:00
OS_FULLNAME=$(cat /etc/vmware-release)
OS_VERSION=$(uname -r)
2015-12-16 13:40:28 +01:00
fi
A bunch of Solaris compatibility tweaks (#367) * Work around Solaris' /bin/sh not being POSIX. If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or a derivative, and /bin/sh cannot be trusted to support POSIX, but /usr/xpg4/bin/sh can be. Exec it right away. * Work around Solaris 'which' command oddity. Solaris' (at least) 'which' command outputs not-found errors to STDOUT instead of STDERR. This makes "did we get any output from which" checks insufficient; piping to grep -v the "no foo in ..." message should work. Note that this patch set includes all such uses of which that I could find, including ones that should never be reached on Solaris (i.e. only executed on some other OS) just for consistency. * Improved alternate-sh exec to avoid looping. * Solaris' /usr/ucb/echo supports -n. * Check for the best hash type that openssl supports. When using openssl to generate hashes, do not assume it supports sha256; try that, then sha1, then give up and use md5. * Solaris does not support sed -i; use a tempfile. * Use the full path for modinfo. When running as non-root, /usr/sbin/ might not be in PATH. include/tests_accounting already calls modinfo by full path, but include/tests_kernel did not. * Solaris find does not support -maxdepth. This mirrors the logic already in tests_homedirs. * Use PSBINARY instead of ps. * Work around Solaris' date not supporting +%s. Printing nawk's srand value is a bizarre but apparently once popular workaround for there being no normal userland command to print UNIX epoch seconds. A perl one-liner is the other common approach, but nawk may be more reliably present on Solaris than perl. * Revert to using sha1 for HOSTID. * Whitespace cleanup for openssl hash tests.
2017-03-08 17:24:24 +01:00
HAS_VMWARE_UTIL=$(which vmware 2> /dev/null | grep -v "no [^ ]* in ")
2015-12-16 13:40:28 +01:00
if [ ! "${HAS_VMWARE_UTIL}" = "" ]; then
2016-05-03 12:40:05 +02:00
IS_VMWARE_ESXI=$(vmware -vl | grep VMware ESXi)
2015-12-16 13:40:28 +01:00
if [ ! "${IS_VMWARE_ESXI}" = "" ]; then
OS_NAME="VMware ESXi"
OS_FULLNAME="VMware ESXi ${OS_VERSION}"
fi
fi
;;
2014-08-26 17:33:55 +02:00
# Unknown or unsupported systems
*)
echo "[ ${WARNING}WARNING${NORMAL} ]"
echo "${WARNING}Error${NORMAL}: ${WHITE}Unknown OS found. No support available yet for this OS or platform...${NORMAL}"
echo "Please consult the README/documentation for more information."
exit 1
2014-08-26 17:33:55 +02:00
;;
esac
# Set correct echo binary and parameters after detecting operating system
ECHONB=""
2014-08-26 17:33:55 +02:00
case ${OS} in
2019-04-04 19:04:42 +02:00
"AIX") ECHOCMD="echo"; ECHONB="printf" ;;
"DragonFly"|"FreeBSD"|"NetBSD") ECHOCMD="echo -e"; ECHONB="echo -n" ;;
"macOS" | "Mac OS X") ECHOCMD="echo"; ECHONB="/bin/echo -n" ;;
A bunch of Solaris compatibility tweaks (#367) * Work around Solaris' /bin/sh not being POSIX. If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or a derivative, and /bin/sh cannot be trusted to support POSIX, but /usr/xpg4/bin/sh can be. Exec it right away. * Work around Solaris 'which' command oddity. Solaris' (at least) 'which' command outputs not-found errors to STDOUT instead of STDERR. This makes "did we get any output from which" checks insufficient; piping to grep -v the "no foo in ..." message should work. Note that this patch set includes all such uses of which that I could find, including ones that should never be reached on Solaris (i.e. only executed on some other OS) just for consistency. * Improved alternate-sh exec to avoid looping. * Solaris' /usr/ucb/echo supports -n. * Check for the best hash type that openssl supports. When using openssl to generate hashes, do not assume it supports sha256; try that, then sha1, then give up and use md5. * Solaris does not support sed -i; use a tempfile. * Use the full path for modinfo. When running as non-root, /usr/sbin/ might not be in PATH. include/tests_accounting already calls modinfo by full path, but include/tests_kernel did not. * Solaris find does not support -maxdepth. This mirrors the logic already in tests_homedirs. * Use PSBINARY instead of ps. * Work around Solaris' date not supporting +%s. Printing nawk's srand value is a bizarre but apparently once popular workaround for there being no normal userland command to print UNIX epoch seconds. A perl one-liner is the other common approach, but nawk may be more reliably present on Solaris than perl. * Revert to using sha1 for HOSTID. * Whitespace cleanup for openssl hash tests.
2017-03-08 17:24:24 +01:00
"Solaris") ECHOCMD="echo" ; test -f /usr/ucb/echo && ECHONB="/usr/ucb/echo -n" ;;
"Linux")
# Check if dash is used (Debian/Ubuntu)
DEFAULT_SHELL=$(ls -l /bin/sh | awk -F'>' '{print $2}')
case ${DEFAULT_SHELL} in
" dash") ECHOCMD="/bin/echo -e" ;;
*) ECHOCMD="echo -e" ;;
esac
;;
*) ECHOCMD="echo -e" ;;
2014-08-26 17:33:55 +02:00
esac
# Check if we have full featured commands, or are using BusyBox as a shell
if [ -x /bin/busybox ]; then
if [ -L /bin/ps ]; then
ShowSymlinkPath /bin/ps
if [ "${SYMLINK}" = "/bin/busybox" ]; then
SHELL_IS_BUSYBOX=1
fi
fi
fi
2018-09-19 13:28:46 +02:00
# Specific checks for hardware
# Detect if we are using a QNAP NAS
if [ -d /share/CACHEDEV1_DATA/.qpkg ]; then
QNAP_DEVICE=1
fi
# Check if this OS is end-of-life
EOL=255
EOL_DATE=""
2019-03-05 19:31:36 +01:00
EOL_TIMESTAMP=0
2019-07-16 13:20:30 +02:00
if [ -n "${OS_VERSION}" ]; then
if [ -f "${DBDIR}/software-eol.db" ]; then
FIND="${OS_FULLNAME}"
2019-03-05 19:31:36 +01:00
EOL_TIMESTAMP=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $4}}' ${DBDIR}/software-eol.db | head -n 1)
2019-07-16 13:20:30 +02:00
if [ -n "${EOL_TIMESTAMP}" ]; then
2019-03-05 19:31:36 +01:00
EOL_DATE=$(awk -v value="${FIND}" -F: '{if ($1=="os" && value ~ $2){print $3}}' ${DBDIR}/software-eol.db | head -n 1)
if [ -n "${EOL_DATE}" ]; then
NOW=$(date "+%s")
if [ -n "${NOW}" ]; then
if [ ${NOW} -gt ${EOL_TIMESTAMP} ]; then
EOL=1
else
EOL=0
fi
fi
else
EOL=0
fi
fi
fi
fi
2018-09-19 13:28:46 +02:00
2014-08-26 17:33:55 +02:00
#================================================================================
2016-05-03 12:40:05 +02:00
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com