lynis/include/profiles

213 lines
7.0 KiB
Plaintext
Raw Normal View History

2014-08-26 17:33:55 +02:00
#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
2015-07-22 17:37:39 +02:00
# Copyright 2007-2015, Michael Boelen, CISOfy (michael.boelen@cisofy.com)
# Web site: https://cisofy.com
2014-08-26 17:33:55 +02:00
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Read profile/template
#
#################################################################################
#
Display --indent 2 --text "- Checking profile file (${PROFILE})..."
logtext "Reading profile/configuration ${PROFILE}"
FIND=`cat ${PROFILE} | grep '^config:' | sed 's/ /!space!/g'`
for I in ${FIND}; do
OPTION=`echo ${I} | cut -d ':' -f2`
2015-07-22 17:37:39 +02:00
VALUE=`echo ${I} | cut -d ':' -f3 | sed 's/!space!/ /g'`
2014-08-26 17:33:55 +02:00
logtext "Profile option set: ${OPTION} (with value ${VALUE})"
case ${OPTION} in
# Maximum number of WAITing connections
connections_max_wait_state)
OPTIONS_CONN_MAX_WAIT_STATE="${VALUE}"
;;
# Append something to URL for control information
control_url_append)
CONTROL_URL_APPEND="${VALUE}"
;;
# Prepend an URL before control information link
control_url_prepend)
CONTROL_URL_PREPEND="${VALUE}"
;;
# Append something to URL for control information (only applies to CUST-*)
custom_url_append)
CUSTOM_URL_APPEND="${VALUE}"
;;
# Prepend an URL before control information link (only applies to CUST-*)
custom_url_prepend)
CUSTOM_URL_PREPEND="${VALUE}"
2014-08-26 17:33:55 +02:00
;;
# Do not check security repository in sources.list (Debian/Ubuntu)
debian_skip_security_repository)
OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY="${VALUE}"
;;
debug)
if [ "${VALUE}" = "yes" -o "${VALUE}" = "true" ]; then
DEBUG=1
fi
;;
# Skip FreeBSD port audit
freebsd_skip_portaudit)
logtext "Option set: Skip FreeBSD portaudit"
OPTION_FREEBSD_SKIP_PORTAUDIT="${VALUE}"
;;
# Lynis Enterprise: group name
group)
GROUP_NAME="${VALUE}"
;;
# Lynis Enterprise license key
license_key)
LICENSE_KEY="${VALUE}"
2014-10-30 13:05:06 +01:00
report "license_key=${LICENSE_KEY}"
2014-08-26 17:33:55 +02:00
;;
# Do (not) log tests if they have an different operating system
log_tests_incorrect_os)
logtext "Option set: No logging for incorrect OS"
if [ "${VALUE}" = "no" ]; then LOG_INCORRECT_OS=0; else LOG_INCORRECT_OS=1; fi
;;
# What type of machine we are scanning (eg. desktop, server, server with storage)
machine_role)
MACHINE_ROLE="${VALUE}"
;;
# Define if any found NTP daemon instance is configured as a server or client
ntpd_role)
NTPD_ROLE="${VALUE}"
;;
# How much seconds to wait between tests
pause_between_tests)
TEST_PAUSE_TIME="${VALUE}"
;;
# Profile name
profile_name)
2014-11-29 16:25:18 +01:00
PROFILE_NAME="${VALUE}"
2014-08-26 17:33:55 +02:00
;;
# Inline tips about tool
show_tool_tips)
SHOW_TOOL_TIPS="${VALUE}"
;;
# Tests to always skip (useful for false positives or problematic tests)
test_skip_always)
TEST_SKIP_ALWAYS="${VALUE}"
logtext "Tests to be skipped: ${VALUE}"
;;
# Do not check the latest version on the internet
skip_upgrade_test)
if [ "${VALUE}" = "yes" -o "${VALUE}" = "YES" ]; then SKIP_UPGRADE_TEST=1; else SKIP_UPGRADE_TEST=0; fi
;;
# Define what kind of scan we are performing
test_scan_mode)
2014-11-29 16:25:18 +01:00
if [ "${VALUE}" = "light" ]; then SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="NO"; SCAN_TEST_HEAVY="NO"; fi
if [ "${VALUE}" = "normal" ]; then SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="YES"; SCAN_TEST_HEAVY="NO"; fi
if [ "${VALUE}" = "full" ]; then SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="YES"; SCAN_TEST_HEAVY="YES"; fi
2014-08-26 17:33:55 +02:00
;;
# Server IP or hostname
update_server_address)
UPDATE_SERVER_ADDRESS="${VALUE}"
;;
# Protocol (http, https)
update_server_protocol)
UPDATE_SERVER_PROTOCOL="${VALUE}"
;;
# File path to tarball on server
update_latest_version_download)
UPDATE_LATEST_VERSION_DOWNLOAD="${VALUE}"
;;
# File path to information file
update_latest_version_info)
UPDATE_LATEST_VERSION_INFO="${VALUE}"
;;
# Local directory where lynis directory will be placed
update_local_directory)
UPDATE_LOCAL_DIRECTORY="${VALUE}"
;;
# Local file to maintain current version
update_local_version_info)
UPDATE_LOCAL_VERSION_INFO="${VALUE}"
;;
# Options during upload of data
upload_options)
UPLOAD_OPTIONS="${VALUE}"
;;
# Receiving system (IP address or hostname)
upload_server)
UPLOAD_SERVER="${VALUE}"
;;
2014-08-26 17:33:55 +02:00
# Catch all bad options and bail out
*)
logtext "Unknown option ${OPTION} (with value: ${VALUE})"
echo "Fatal error: found errors in profile"
echo "Unknown option '${OPTION}' found (with value: ${VALUE})"
2014-11-29 16:25:18 +01:00
ExitFatal
2014-08-26 17:33:55 +02:00
;;
esac
done
#
#################################################################################
#
# Add group name to report
if [ ! "${GROUP_NAME}" = "" ]; then
report "group=${GROUP_NAME}"
fi
#
#################################################################################
#
# Set default values (only if not configured in profile)
if [ "${MACHINE_ROLE}" = "" ]; then
MACHINE_ROLE="server"
logtext "Set option to default value: MACHINE_ROLE --> ${MACHINE_ROLE}"
fi
if [ "${NTPD_ROLE}" = "" ]; then
NTPD_ROLE="client"
logtext "Set option to default value: NTPD_ROLE --> ${NTPD_ROLE}"
fi
#
#################################################################################
#
logtextbreak
#================================================================================
# Lynis - Copyright 2007-2015, Michael Boelen - CISOfy, https://cisofy.com