2015-04-30 01:27:36 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
2016-03-13 16:00:39 +01:00
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Lynis
|
|
|
|
# ------------------
|
|
|
|
#
|
|
|
|
# Copyright 2007-2013, Michael Boelen
|
2019-01-31 14:47:35 +01:00
|
|
|
# Copyright 2007-2019, CISOfy
|
2016-03-13 16:00:39 +01:00
|
|
|
#
|
|
|
|
# Website : https://cisofy.com
|
|
|
|
# Blog : http://linux-audit.com
|
|
|
|
# GitHub : https://github.com/CISOfy/lynis
|
|
|
|
#
|
|
|
|
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
|
|
|
|
# welcome to redistribute it under the terms of the GNU General Public License.
|
|
|
|
# See LICENSE file for usage of this software.
|
|
|
|
#
|
2015-04-30 01:27:36 +02:00
|
|
|
######################################################################
|
|
|
|
#
|
|
|
|
# Helper program to support automatic updates of Lynis
|
|
|
|
#
|
|
|
|
######################################################################
|
|
|
|
#
|
|
|
|
# Options:
|
|
|
|
# ---------
|
|
|
|
# 1) lynis update info - Show version information (external)
|
|
|
|
#
|
|
|
|
# How to use:
|
|
|
|
# ------------
|
|
|
|
# Run option 1 to know about current and latest release information.
|
|
|
|
#
|
|
|
|
######################################################################
|
|
|
|
|
|
|
|
LOCAL_VERSION="-"
|
2016-10-28 11:47:31 +02:00
|
|
|
RUN_UPDATE_CHECK=1
|
2015-04-30 01:27:36 +02:00
|
|
|
SERVER_VERSION=""
|
|
|
|
PERFORM_UPGRADE=0
|
2016-05-14 17:42:51 +02:00
|
|
|
QUIET=0
|
2015-04-30 01:27:36 +02:00
|
|
|
|
A bunch of Solaris compatibility tweaks (#367)
* Work around Solaris' /bin/sh not being POSIX.
If /usr/xpg4/bin/sh is present, we are (definitely?) on Solaris or
a derivative, and /bin/sh cannot be trusted to support POSIX, but
/usr/xpg4/bin/sh can be. Exec it right away.
* Work around Solaris 'which' command oddity.
Solaris' (at least) 'which' command outputs not-found errors to STDOUT
instead of STDERR.
This makes "did we get any output from which" checks insufficient;
piping to grep -v the "no foo in ..." message should work.
Note that this patch set includes all such uses of which that I could
find, including ones that should never be reached on Solaris (i.e. only
executed on some other OS) just for consistency.
* Improved alternate-sh exec to avoid looping.
* Solaris' /usr/ucb/echo supports -n.
* Check for the best hash type that openssl supports.
When using openssl to generate hashes, do not assume it supports
sha256; try that, then sha1, then give up and use md5.
* Solaris does not support sed -i; use a tempfile.
* Use the full path for modinfo.
When running as non-root, /usr/sbin/ might not be in PATH.
include/tests_accounting already calls modinfo by full path, but
include/tests_kernel did not.
* Solaris find does not support -maxdepth.
This mirrors the logic already in tests_homedirs.
* Use PSBINARY instead of ps.
* Work around Solaris' date not supporting +%s.
Printing nawk's srand value is a bizarre but apparently once popular
workaround for there being no normal userland command to print
UNIX epoch seconds. A perl one-liner is the other common approach,
but nawk may be more reliably present on Solaris than perl.
* Revert to using sha1 for HOSTID.
* Whitespace cleanup for openssl hash tests.
2017-03-08 17:24:24 +01:00
|
|
|
WGET_EXISTS=$(which wget 2> /dev/null | grep -v "no [^ ]* in ")
|
|
|
|
CURL_EXISTS=$(which curl 2> /dev/null | grep -v "no [^ ]* in ")
|
|
|
|
FETCH_EXISTS=$(which fetch 2> /dev/null | grep -v "no [^ ]* in ")
|
2015-04-30 01:27:36 +02:00
|
|
|
|
|
|
|
# Update version
|
|
|
|
if [ "$1" = "release" ]; then
|
|
|
|
|
2017-03-01 15:27:02 +01:00
|
|
|
${ECHOCMD} "Deprecated: this function is no longer available. Use a package (https://packages.cisofy.com), or deploy via a custom package or script."
|
2015-04-30 01:27:36 +02:00
|
|
|
|
|
|
|
# Update check
|
|
|
|
elif [ "$1" = "info" ]; then
|
|
|
|
|
|
|
|
# CV - Current Version
|
2017-03-06 08:41:21 +01:00
|
|
|
PROGRAM_AC=$(echo ${PROGRAM_VERSION} | awk '{ print $1 }' | sed 's/[.]//g')
|
2015-04-30 01:27:36 +02:00
|
|
|
PROGRAM_LV=0
|
|
|
|
|
|
|
|
CheckUpdates
|
|
|
|
|
|
|
|
# Reset everything if we can't determine our current version or the latest
|
|
|
|
# available version (due lack of internet connectivity for example)
|
|
|
|
if [ "${PROGRAM_AC}" = "" -o "${PROGRAM_LV}" = "" ]; then
|
|
|
|
# Set both to safe values
|
|
|
|
PROGRAM_AC=0; PROGRAM_LV=0
|
|
|
|
fi
|
|
|
|
|
2016-04-05 11:31:21 +02:00
|
|
|
echo ""; echo " == ${WHITE}${PROGRAM_NAME}${NORMAL} =="
|
2015-04-30 01:27:36 +02:00
|
|
|
echo ""
|
2016-10-28 11:47:31 +02:00
|
|
|
echo " Version : ${PROGRAM_VERSION}"
|
|
|
|
echo -n " Status : "
|
2015-04-30 01:27:36 +02:00
|
|
|
if [ ${PROGRAM_LV} -eq 0 ]; then
|
|
|
|
echo "${RED}Unknown${NORMAL}";
|
2017-04-30 17:59:35 +02:00
|
|
|
elif [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
|
2015-04-30 01:27:36 +02:00
|
|
|
echo "${YELLOW}Outdated${NORMAL}";
|
2016-10-28 11:47:31 +02:00
|
|
|
echo " Installed version : ${PROGRAM_AC}"
|
|
|
|
echo " Latest version : ${PROGRAM_LV}"
|
2017-04-30 17:59:35 +02:00
|
|
|
else
|
2015-04-30 01:27:36 +02:00
|
|
|
echo "${GREEN}Up-to-date${NORMAL}"
|
|
|
|
fi
|
2016-10-28 11:47:31 +02:00
|
|
|
echo " Release date : ${PROGRAM_RELEASE_DATE}"
|
2019-07-15 19:05:57 +02:00
|
|
|
echo " Project page : ${PROGRAM_WEBSITE}"
|
|
|
|
echo " Source code : ${PROGRAM_SOURCE}"
|
|
|
|
echo " Latest package : ${PROGRAM_PACKAGE}"
|
2015-04-30 01:27:36 +02:00
|
|
|
echo ""; echo ""
|
2016-04-05 11:31:21 +02:00
|
|
|
echo "${PROGRAM_COPYRIGHT}"
|
2015-04-30 01:27:36 +02:00
|
|
|
echo ""
|
|
|
|
|
2016-07-18 10:33:52 +02:00
|
|
|
# Check if there is an update, display status on screen and use exit code to tell status as well
|
|
|
|
elif [ "$1" = "check" ]; then
|
|
|
|
# CV - Current Version, LV - Latest Version
|
|
|
|
PROGRAM_CV=$(echo ${PROGRAM_VERSION} | awk '{ print $1 }' | sed 's/[.]//g')
|
|
|
|
PROGRAM_LV=0
|
|
|
|
CheckUpdates
|
|
|
|
if [ "${PROGRAM_CV}" = "" -o "${PROGRAM_LV}" = "" ]; then PROGRAM_AC=0; PROGRAM_LV=0; fi
|
|
|
|
if [ ${PROGRAM_LV} -eq 0 ]; then
|
|
|
|
echo "status=unknown";
|
|
|
|
ExitCustom 1
|
|
|
|
elif [ ${PROGRAM_LV} -gt ${PROGRAM_CV} ]; then
|
|
|
|
echo "status=outdated";
|
|
|
|
ExitCustom 1
|
|
|
|
else
|
|
|
|
echo "status=up-to-date"
|
|
|
|
ExitClean
|
|
|
|
fi
|
2015-04-30 01:27:36 +02:00
|
|
|
|
|
|
|
else
|
2016-07-18 10:33:52 +02:00
|
|
|
${ECHOCMD} "${RED}Error: ${WHITE}Unknown parameter $1.${NORMAL} Aborting.."
|
|
|
|
ExitFatal
|
2015-04-30 01:27:36 +02:00
|
|
|
fi
|
|
|
|
|
2016-07-18 10:33:52 +02:00
|
|
|
ExitClean
|
|
|
|
|
2016-05-14 17:42:51 +02:00
|
|
|
QUIET=1
|
2015-04-30 01:27:36 +02:00
|
|
|
|
|
|
|
# The End
|