2014-08-26 17:33:55 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Lynis
|
|
|
|
# ------------------
|
|
|
|
#
|
|
|
|
# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
|
|
|
|
# Web site: http://www.rootkit.nl
|
|
|
|
#
|
|
|
|
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
|
|
|
|
# welcome to redistribute it under the terms of the GNU General Public License.
|
|
|
|
# See LICENSE file for usage of this software.
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Banners and identification
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
InsertSection "Banners and identification"
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
BANNER_FILES="/etc/issue /etc/issue.net /etc/motd"
|
|
|
|
LEGAL_BANNER_STRINGS="access authorized legal monitor owner policy policies private prohibited restricted this unauthorized"
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Test : BANN-7113
|
|
|
|
# Description : Check FreeBSD COPYRIGHT banner file
|
|
|
|
Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --description "Check COPYRIGHT banner file"
|
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
logtext "Test: Testing existence /COPYRIGHT or /etc/COPYRIGHT"
|
|
|
|
if [ -f /COPYRIGHT ]; then
|
|
|
|
Display --indent 2 --text "- /COPYRIGHT" --result FOUND --color GREEN
|
|
|
|
if [ -s /COPYRIGHT ]; then
|
|
|
|
logtext "Result: /COPYRIGHT available and contains text"
|
|
|
|
else
|
|
|
|
logtext "Result: /COPYRIGHT available, but empty"
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
Display --indent 2 --text "- /COPYRIGHT" --result "NOT FOUND" --color WHITE
|
|
|
|
logtext "Result: /COPYRIGHT not found"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -f /etc/COPYRIGHT ]; then
|
|
|
|
Display --indent 2 --text "- /etc/COPYRIGHT" --result FOUND --color GREEN
|
|
|
|
if [ -s /etc/COPYRIGHT ]; then
|
|
|
|
logtext "Result: /etc/COPYRIGHT available and contains text"
|
|
|
|
else
|
|
|
|
logtext "Result: /etc/COPYRIGHT available, but empty"
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
Display --indent 2 --text "- /etc/COPYRIGHT" --result "NOT FOUND" --color WHITE
|
|
|
|
logtext "Result: /etc/COPYRIGHT not found"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Test : BANN-7119
|
|
|
|
# Description : Check MOTD banner file
|
|
|
|
Register --test-no BANN-7119 --weight L --network NO --description "Check MOTD banner file"
|
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
logtext "Test: Testing existence /etc/motd"
|
|
|
|
if [ -f /etc/motd ]; then
|
|
|
|
logtext "Result: file /etc/motd exists"
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 2 --text "- /etc/motd" --result FOUND --color GREEN
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ ! -L /etc/motd ]; then
|
|
|
|
IsWorldWritable /etc/motd
|
|
|
|
if [ "${FileIsWorldWritable}" = "TRUE" ]; then
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 4 --text "- /etc/motd permissions" --result WARNING --color RED
|
2014-08-26 17:33:55 +02:00
|
|
|
logtext "Result: /etc/motd is world writable. Users can change this file!"
|
|
|
|
ReportWarning ${TEST_NO} "H" "/etc/motd is world writable"
|
|
|
|
else
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 4 --text "- /etc/motd permissions" --result OK --color GREEN
|
2014-08-26 17:33:55 +02:00
|
|
|
logtext "Result: /etc/motd is not world writable."
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
logtext "Result: file /etc/motd is symlink"
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
logtext "Result: File /etc/motd not found"
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 2 --text "- /etc/motd" --result "NOT FOUND" --color WHITE
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
fi
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Test : BANN-7122
|
|
|
|
# Description : Check motd file to see if it contains some form of message
|
|
|
|
# to discourage unauthorized users to leave the system alone
|
|
|
|
if [ -f /etc/motd -a ! -L /etc/motd ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
|
|
|
Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check /etc/motd banner file contents"
|
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
N=0
|
|
|
|
logtext "Test: Checking file /etc/motd contents for legal key words"
|
|
|
|
for I in ${LEGAL_BANNER_STRINGS}; do
|
|
|
|
FIND=`grep -i "${I}" /etc/motd`
|
|
|
|
if [ ! "${FIND}" = "" ]; then
|
|
|
|
logtext "Result: found string '${I}'"
|
|
|
|
N=`expr ${N} + 1`
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
# Check if we have 5 or more key words
|
|
|
|
if [ ${N} -gt 4 ]; then
|
|
|
|
logtext "Result: Found ${N} key words, to warn unauthorized users"
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 4 --text "- /etc/motd contents" --result OK --color GREEN
|
2014-08-26 17:33:55 +02:00
|
|
|
AddHP 2 2
|
|
|
|
else
|
|
|
|
logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 4 --text "- /etc/motd contents" --result WEAK --color YELLOW
|
2014-08-26 17:33:55 +02:00
|
|
|
ReportSuggestion ${TEST_NO} "Add legal banner to /etc/motd, to warn unauthorized users"
|
|
|
|
AddHP 0 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Test : BANN-7124
|
|
|
|
# Description : Check issue banner file
|
|
|
|
Register --test-no BANN-7124 --weight L --network NO --description "Check issue banner file"
|
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
logtext "Test: Checking file /etc/issue"
|
|
|
|
if [ -f /etc/issue ]; then
|
2014-09-15 12:01:09 +02:00
|
|
|
# Check for symlink
|
|
|
|
if [ -L /etc/issue ]; then
|
|
|
|
logtext "Result: file /etc/issue exists (symlink)"
|
|
|
|
Display --indent 2 --text "- /etc/issue" --result SYMLINK --color GREEN
|
|
|
|
else
|
|
|
|
Display --indent 2 --text "- /etc/issue" --result FOUND --color GREEN
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
logtext "Result: file /etc/issue does not exist"
|
|
|
|
Display --indent 2 --text "- /etc/issue" --result "NOT FOUND" --color WHITE
|
|
|
|
fi
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Test : BANN-7126
|
|
|
|
# Description : Check issue file to see if it contains some form of message
|
|
|
|
# to discourage unauthorized users to leave the system alone
|
|
|
|
if [ -f /etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
|
|
|
Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue banner file contents"
|
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
N=0
|
|
|
|
logtext "Test: Checking file /etc/issue contents for legal key words"
|
|
|
|
for I in ${LEGAL_BANNER_STRINGS}; do
|
|
|
|
FIND=`grep -i "${I}" /etc/issue`
|
|
|
|
if [ ! "${FIND}" = "" ]; then
|
|
|
|
logtext "Result: found string '${I}'"
|
|
|
|
N=`expr ${N} + 1`
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
# Check if we have 5 or more key words
|
|
|
|
if [ ${N} -gt 4 ]; then
|
|
|
|
logtext "Result: Found ${N} key words (5 or more suggested), to warn unauthorized users"
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 4 --text "- /etc/issue contents" --result OK --color GREEN
|
2014-08-26 17:33:55 +02:00
|
|
|
AddHP 2 2
|
|
|
|
else
|
|
|
|
logtext "Result: Found only ${N} key words (5 or more suggested), to warn unauthorized users and could be increased"
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 4 --text "- /etc/issue contents" --result WEAK --color YELLOW
|
2014-08-26 17:33:55 +02:00
|
|
|
ReportSuggestion ${TEST_NO} "Add a legal banner to /etc/issue, to warn unauthorized users"
|
|
|
|
AddHP 0 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Test : BANN-7128
|
|
|
|
# Description : Check issue.net banner file
|
|
|
|
Register --test-no BANN-7128 --weight L --network NO --description "Check issue.net banner file"
|
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
logtext "Test: Checking file /etc/issue.net"
|
|
|
|
if [ -f /etc/issue.net ]; then
|
2014-09-15 12:01:09 +02:00
|
|
|
# Check for symlink
|
|
|
|
if [ -L /etc/issue.net ]; then
|
|
|
|
logtext "Result: file /etc/issue.net exists (symlink)"
|
|
|
|
Display --indent 2 --text "- /etc/issue.net" --result SYMLINK --color GREEN
|
|
|
|
else
|
|
|
|
logtext "Result: file /etc/issue.net exists"
|
|
|
|
Display --indent 2 --text "- /etc/issue.net" --result FOUND --color GREEN
|
|
|
|
fi
|
|
|
|
else
|
|
|
|
logtext "Result: file /etc/issue.net does not exist"
|
|
|
|
Display --indent 2 --text "- /etc/issue.net" --result "NOT FOUND" --color WHITE
|
|
|
|
fi
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Test : BANN-7130
|
|
|
|
# Description : Check issue.net file to see if it contains some form of message
|
|
|
|
# to discourage unauthorized users to leave the system alone
|
|
|
|
if [ -f /etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
|
|
|
Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --description "Check issue.net banner file contents"
|
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
N=0
|
|
|
|
logtext "Test: Checking file /etc/issue.net contents for legal key words"
|
|
|
|
for I in ${LEGAL_BANNER_STRINGS}; do
|
2014-09-15 12:01:09 +02:00
|
|
|
FIND=`grep -i "${I}" /etc/issue.net`
|
|
|
|
if [ ! "${FIND}" = "" ]; then
|
|
|
|
logtext "Result: found string '${I}'"
|
|
|
|
N=`expr ${N} + 1`
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
# Check if we have 5 or more key words
|
|
|
|
if [ ${N} -gt 4 ]; then
|
|
|
|
logtext "Result: Found ${N} key words, to warn unauthorized users"
|
|
|
|
Display --indent 4 --text "- /etc/issue.net contents" --result OK --color GREEN
|
|
|
|
AddHP 2 2
|
|
|
|
else
|
|
|
|
logtext "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
|
|
|
|
Display --indent 4 --text "- /etc/issue.net contents" --result WEAK --color YELLOW
|
|
|
|
ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users"
|
|
|
|
AddHP 0 1
|
|
|
|
fi
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# /etc/dt/config/*/Xresources
|
|
|
|
# /etc/default/telnetd (telnet without TCP wrappers)
|
|
|
|
# /etc/default/ftpd (ftp without TCP wrappers)
|
|
|
|
# /etc/ftpd/banner.msg (ftp without TCP wrappers on Solaris)
|
|
|
|
# /etc/ftpaccess (HP-UX)
|
|
|
|
# /etc/ftpmotd (AIX)
|
|
|
|
# /etc/ftpaccess.ctl (AIX)
|
|
|
|
# /etc/security/login.cfg (AIX)
|
|
|
|
# /etc/X11/xdm/Xresources
|
|
|
|
# /etc/X11/xdm/kdmrc
|
|
|
|
# /etc/X11/gdm/gdm
|
|
|
|
# /etc/vsftpd.conf
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
|
|
|
|
wait_for_keypress
|
|
|
|
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Notes:
|
|
|
|
# HPUX: /etc/copyright
|
|
|
|
#
|
|
|
|
#================================================================================
|
|
|
|
# Lynis - Copyright 2007-2014, Michael Boelen - www.rootkit.nl - The Netherlands
|