2014-08-26 17:33:55 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Lynis
|
|
|
|
# ------------------
|
|
|
|
#
|
2016-03-13 16:00:39 +01:00
|
|
|
# Copyright 2007-2013, Michael Boelen
|
2017-02-09 13:35:40 +01:00
|
|
|
# Copyright 2007-2017, CISOfy
|
2016-03-13 16:00:39 +01:00
|
|
|
#
|
|
|
|
# Website : https://cisofy.com
|
|
|
|
# Blog : http://linux-audit.com
|
|
|
|
# GitHub : https://github.com/CISOfy/lynis
|
2014-08-26 17:33:55 +02:00
|
|
|
#
|
|
|
|
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
|
|
|
|
# welcome to redistribute it under the terms of the GNU General Public License.
|
|
|
|
# See LICENSE file for usage of this software.
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Read profile/template
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
2016-08-13 10:03:33 +02:00
|
|
|
# Set default values (should be equal to default.prf)
|
|
|
|
SETTING_LOG_TESTS_INCORRECT_OS=1
|
|
|
|
SETTING_SHOW_REPORT_SOLUTION=0
|
2016-08-13 09:45:38 +02:00
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
2016-04-07 16:25:11 +02:00
|
|
|
for PROFILE in ${PROFILES}; do
|
2016-04-19 17:43:33 +02:00
|
|
|
LogText "Reading profile/configuration ${PROFILE}"
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(egrep "^config:|^[a-z-].*=" ${PROFILE} | sed 's/ /!space!/g')
|
|
|
|
for CONFIGOPTION in ${FIND}; do
|
|
|
|
if ContainsString "config:" "${CONFIGOPTION}"; then
|
2016-04-13 11:49:11 +02:00
|
|
|
# Old style configuration
|
2016-07-31 15:58:20 +02:00
|
|
|
OPTION=$(echo ${CONFIGOPTION} | cut -d ':' -f2)
|
|
|
|
VALUE=$(echo ${CONFIGOPTION} | cut -d ':' -f3 | sed 's/!space!/ /g')
|
2016-04-13 11:49:11 +02:00
|
|
|
else
|
2016-07-31 15:58:20 +02:00
|
|
|
OPTION=$(echo ${CONFIGOPTION} | cut -d '=' -f1)
|
|
|
|
VALUE=$(echo ${CONFIGOPTION} | cut -d '=' -f2 | sed 's/!space!/ /g')
|
2016-04-13 11:49:11 +02:00
|
|
|
fi
|
2016-04-19 12:38:00 +02:00
|
|
|
Debug "Profile option set: ${OPTION} (with value ${VALUE})"
|
2016-04-07 16:25:11 +02:00
|
|
|
|
|
|
|
case ${OPTION} in
|
|
|
|
|
|
|
|
# Define which compliance standards are enabled
|
2016-08-13 09:47:50 +02:00
|
|
|
# For this to work, the Enterprise plugins are needed
|
2016-04-26 14:05:56 +02:00
|
|
|
compliance_standards | check-compliance)
|
2016-07-31 15:58:20 +02:00
|
|
|
COMPLIANCE_STANDARDS_ENABLED=$(echo ${VALUE} | tr ',' ' ')
|
|
|
|
for STANDARD in ${COMPLIANCE_STANDARDS_ENABLED}; do
|
|
|
|
case ${STANDARD} in
|
2016-04-07 16:25:11 +02:00
|
|
|
cis) COMPLIANCE_ENABLE_CIS=1 ; Debug "Compliance scanning for CIS Benchmarks is enabled" ;;
|
|
|
|
hipaa) COMPLIANCE_ENABLE_HIPAA=1 ; Debug "Compliance scanning for HIPAA is enabled" ;;
|
|
|
|
iso27001) COMPLIANCE_ENABLE_ISO27001=1 ; Debug "Compliance scanning for ISO27001 is enabled" ;;
|
|
|
|
pci-dss) COMPLIANCE_ENABLE_PCI_DSS=1 ; Debug "Compliance scanning for PCI DSS is enabled" ;;
|
2016-04-19 17:43:33 +02:00
|
|
|
*) LogText "Result: Unknown compliance standard configured" ;;
|
2016-04-07 16:25:11 +02:00
|
|
|
esac
|
|
|
|
done
|
|
|
|
;;
|
|
|
|
|
2016-05-04 21:39:13 +02:00
|
|
|
# Check for a specific value
|
|
|
|
check-value)
|
|
|
|
STRING=$(echo ${VALUE} | tr -d "[" | tr -d "]" | sed "s/, /,/g")
|
|
|
|
CHECK_VALUE_ARRAY="${CHECK_OPTION_ARRAY} ${STRING}"
|
|
|
|
;;
|
2016-08-18 14:35:20 +02:00
|
|
|
|
2017-02-16 10:27:54 +01:00
|
|
|
# Colored output
|
|
|
|
colors)
|
|
|
|
# Quick mode (SKIP_PLUGINS) might already be set outside profile, so store in different variable
|
|
|
|
SETTING_COLORS=1 # default is yes
|
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(0|false|no)$") && COLORS=0
|
|
|
|
if [ ! -z "${FIND}" ]; then SETTING_COLORS=0; RemoveColors; fi
|
|
|
|
Debug "Colors set to ${SETTING_COLORS}"
|
|
|
|
AddSetting "colors" "${SETTING_COLORS}" "Colored screen output"
|
|
|
|
unset SETTING_COLORS
|
|
|
|
;;
|
|
|
|
|
2016-08-18 14:35:20 +02:00
|
|
|
# Ignore configuration data
|
|
|
|
config-data)
|
|
|
|
Debug "Ignoring configuration option, as it will be used by a specific test"
|
|
|
|
;;
|
|
|
|
|
2016-04-07 16:25:11 +02:00
|
|
|
# Maximum number of WAITing connections
|
2016-08-13 09:47:50 +02:00
|
|
|
connections-max-wait-state | connections_max_wait_state)
|
2016-04-07 16:25:11 +02:00
|
|
|
OPTIONS_CONN_MAX_WAIT_STATE="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "connections-max-wait-state" "${OPTIONS_CONN_MAX_WAIT_STATE}" "Connections (max-wait-state)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Append something to URL for control information
|
2016-08-13 09:48:56 +02:00
|
|
|
control-url-append | control_url_append)
|
2016-04-07 16:25:11 +02:00
|
|
|
CONTROL_URL_APPEND="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "control-url-append" "${CONTROL_URL_APPEND}" "Control URL (append)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Prepend an URL before control information link
|
2016-08-13 09:48:56 +02:00
|
|
|
control-url-prepend | control_url_prepend)
|
2016-04-07 16:25:11 +02:00
|
|
|
CONTROL_URL_PREPEND="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "control-url-prepend" "${CONTROL_URL_PREPEND}" "Control URL (prepend)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Protocol to use for control information link
|
2016-08-13 09:48:56 +02:00
|
|
|
control-url-protocol | control_url_protocol)
|
2016-04-07 16:25:11 +02:00
|
|
|
CONTROL_URL_PROTOCOL="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "control-url-protocol" "${CONTROL_URL_PREPEND}" "Control URL (protocol)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Append something to URL for control information (only applies to CUST-*)
|
2016-07-05 16:49:36 +02:00
|
|
|
custom-url-append | custom_url_append)
|
2016-04-07 16:25:11 +02:00
|
|
|
CUSTOM_URL_APPEND="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "custom-url-append" "${CUSTOM_URL_APPEND}" "Custom URL (append)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Prepend an URL before control information link (only applies to CUST-*)
|
2016-07-05 16:49:36 +02:00
|
|
|
custom-url-prepend | custom_url_prepend)
|
2016-04-07 16:25:11 +02:00
|
|
|
CUSTOM_URL_PREPEND="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "custom-url-prepend" "${CUSTOM_URL_PREPEND}" "Custom URL (prepend)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Protocol to use for control information link
|
2016-07-05 16:49:36 +02:00
|
|
|
custom-url-protocol | custom_url_protocol)
|
2016-04-07 16:25:11 +02:00
|
|
|
CUSTOM_URL_PROTOCOL="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "custom-url-protocol" "${CUSTOM_URL_PREPEND}" "Custom URL (protocol)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Do not check security repository in sources.list (Debian/Ubuntu)
|
2016-08-13 09:53:14 +02:00
|
|
|
debian-skip-security-repository | debian_skip_security_repository)
|
2016-07-30 16:40:44 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY=1
|
|
|
|
AddSetting "debian-skip-security-repository" "OPTION_DEBIAN_SKIP_SECURITY_REPOSITORY" "Skip checking for a security repository (Debian and others)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
2016-08-13 09:51:02 +02:00
|
|
|
|
|
|
|
# Debug status to show more details while running program
|
2016-04-07 16:25:11 +02:00
|
|
|
debug)
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && DEBUG=1
|
2016-07-31 20:58:29 +02:00
|
|
|
Debug "Debug mode set to '${DEBUG}'"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "debug" "${DEBUG}" "Debugging mode"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
2016-04-25 10:18:09 +02:00
|
|
|
|
2016-04-26 13:51:54 +02:00
|
|
|
# Development mode (--developer)
|
|
|
|
developer-mode)
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && DEVELOPER_MODE=1
|
2016-04-26 13:51:54 +02:00
|
|
|
Debug "Developer mode set to ${DEVELOPER_MODE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "developer" "${DEVELOPER_MODE}" "Developer mode"
|
2016-04-26 13:51:54 +02:00
|
|
|
;;
|
|
|
|
|
2016-04-25 10:18:09 +02:00
|
|
|
# Show non-zero exit code when errors are found
|
|
|
|
error-on-warnings)
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && ERROR_ON_WARNINGS=1
|
2016-04-26 14:05:56 +02:00
|
|
|
Debug "Exit with different code on warnings is set to ${ERROR_ON_WARNINGS}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "error-on-warnings" "${ERROR_ON_WARNINGS}" "Use non-zero exit code if one or more warnings were found"
|
2016-04-25 10:18:09 +02:00
|
|
|
;;
|
2016-04-07 16:25:11 +02:00
|
|
|
|
|
|
|
# Skip FreeBSD port audit
|
2016-08-13 09:53:14 +02:00
|
|
|
freebsd-skip-portaudit | freebsd_skip_portaudit)
|
2016-04-19 17:43:33 +02:00
|
|
|
LogText "Option set: Skip FreeBSD portaudit"
|
2016-04-07 16:25:11 +02:00
|
|
|
OPTION_FREEBSD_SKIP_PORTAUDIT="${VALUE}"
|
|
|
|
;;
|
|
|
|
|
|
|
|
# Lynis Enterprise: group name
|
|
|
|
group)
|
|
|
|
GROUP_NAME="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "group" "${GROUP_NAME}" "Group"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
2016-12-02 13:19:29 +01:00
|
|
|
hostid)
|
|
|
|
HOSTID="${VALUE}"
|
|
|
|
;;
|
|
|
|
|
|
|
|
hostid2)
|
|
|
|
HOSTID2="${VALUE}"
|
|
|
|
;;
|
|
|
|
|
2016-06-11 14:09:41 +02:00
|
|
|
# Language
|
|
|
|
language | lang)
|
2016-07-31 20:58:29 +02:00
|
|
|
LogText "Language set via profile to '${VALUE}'"
|
2016-07-12 20:32:49 +02:00
|
|
|
if [ ! -z "${VALUE}" ]; then LANGUAGE="${VALUE}"; fi
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "language" "${LANGUAGE}" "Language"
|
2016-06-11 14:09:41 +02:00
|
|
|
;;
|
|
|
|
|
2016-04-07 16:25:11 +02:00
|
|
|
# Lynis Enterprise license key
|
2016-08-13 09:53:14 +02:00
|
|
|
license-key | license_key)
|
2016-07-14 15:26:46 +02:00
|
|
|
if [ ! "${VALUE}" = "" ]; then
|
|
|
|
LICENSE_KEY="${VALUE}"
|
|
|
|
Report "license_key=${VALUE}"
|
|
|
|
fi
|
|
|
|
AddSetting "license-key" "${VALUE}" "License key"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Do (not) log tests if they have an different operating system
|
2016-08-13 09:53:14 +02:00
|
|
|
log-tests-incorrect-os | log_tests_incorrect_os)
|
2016-08-13 10:03:33 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(0|false|no)") && SETTING_LOG_TESTS_INCORRECT_OS=0
|
|
|
|
Debug "Logging of tests with incorrect operating system set to ${SETTING_LOG_TESTS_INCORRECT_OS}"
|
|
|
|
LOG_INCORRECT_OS=${SETTING_LOG_TESTS_INCORRECT_OS}
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
2016-10-26 12:35:47 +02:00
|
|
|
# What type of machine we are scanning (eg. personal, workstation or server)
|
2016-07-05 16:49:36 +02:00
|
|
|
machine-role | machine_role)
|
2016-04-07 16:25:11 +02:00
|
|
|
MACHINE_ROLE="${VALUE}"
|
2016-10-26 12:35:47 +02:00
|
|
|
AddSetting "machine-role" "${MACHINE_ROLE}" "Machine role (personal, workstation or server)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Define if any found NTP daemon instance is configured as a server or client
|
2016-07-05 16:49:36 +02:00
|
|
|
ntpd-role | ntpd_role)
|
2016-04-07 16:25:11 +02:00
|
|
|
NTPD_ROLE="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "ntpd-role" "${NTPD_ROLE}" "NTP role (server or client)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# How much seconds to wait between tests
|
2016-04-26 14:05:56 +02:00
|
|
|
pause_between_tests | pause-between-tests)
|
2016-04-07 16:25:11 +02:00
|
|
|
TEST_PAUSE_TIME="${VALUE}"
|
2016-07-05 17:26:27 +02:00
|
|
|
AddSetting "pause-between-tests" "${TEST_PAUSE_TIME}" "Pause between tests (in seconds)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
2016-04-13 11:49:11 +02:00
|
|
|
# Plugin
|
|
|
|
plugin)
|
2016-07-31 20:58:29 +02:00
|
|
|
LogText "Plugin '${VALUE}' enabled according profile (${PROFILE})"
|
2016-04-13 11:49:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Plugin directory
|
2016-04-26 14:05:56 +02:00
|
|
|
plugindir | plugin-dir)
|
2016-04-13 12:07:46 +02:00
|
|
|
if [ "${PLUGINDIR}" = "" ]; then
|
|
|
|
PLUGINDIR="${VALUE}"
|
|
|
|
else
|
|
|
|
LogText "Plugin directory was already set to ${PLUGINDIR} before (most likely as a program argument), not overwriting"
|
|
|
|
fi
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "plugin-dir" "${PLUGINDIR}" "Plugin directory"
|
2016-04-13 11:49:11 +02:00
|
|
|
;;
|
|
|
|
|
2016-04-07 16:25:11 +02:00
|
|
|
# Profile name
|
2016-07-05 16:49:36 +02:00
|
|
|
profile-name | profile_name)
|
2016-04-07 16:25:11 +02:00
|
|
|
PROFILE_NAME="${VALUE}"
|
|
|
|
;;
|
|
|
|
|
2016-04-19 12:03:48 +02:00
|
|
|
# Quick (no waiting for keypresses)
|
|
|
|
quick)
|
2016-07-05 17:26:27 +02:00
|
|
|
# Quick mode (SKIP_PLUGINS) might already be set outside profile, so store in different variable
|
|
|
|
SETTING_QUICK_MODE=0 # default is no
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)$") && QUICKMODE=1
|
2016-07-05 17:26:27 +02:00
|
|
|
if [ ! -z "${FIND}" ]; then SETTING_QUICK_MODE=1; fi
|
|
|
|
Debug "Quickmode set to ${SETTING_QUICK_MODE}"
|
|
|
|
AddSetting "quick" "${SETTING_QUICK_MODE}" "Quick mode (non-interactive)"
|
2016-04-19 12:03:48 +02:00
|
|
|
;;
|
|
|
|
|
2016-08-11 10:01:29 +02:00
|
|
|
# Refresh software repositories
|
|
|
|
refresh-repositories)
|
|
|
|
SETTING_REFRESH_REPOSITORIES=1 # default is yes
|
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(0|false|no)$") && REFRESH_REPOSITORIES=0
|
|
|
|
if [ ! -z "${FIND}" ]; then SETTING_REFRESH_REPOSITORIES=0; fi
|
|
|
|
Debug "Refreshing repositories set to ${SETTING_REFRESH_REPOSITORIES}"
|
|
|
|
AddSetting "refresh-repositories" "${SETTING_REFRESH_REPOSITORIES}" "Refresh repositories (for vulnerable package detection)"
|
|
|
|
;;
|
|
|
|
|
2016-08-13 09:45:38 +02:00
|
|
|
# Show more details in report
|
|
|
|
show-report-solution)
|
2016-09-24 15:51:05 +02:00
|
|
|
SETTING_SHOW_REPORT_SOLUTION=${SHOW_REPORT_SOLUTION}
|
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(0|false|no)$") && SHOW_REPORT_SOLUTION=0
|
|
|
|
if [ ! -z "${FIND}" ]; then SETTING_SHOW_REPORT_SOLUTION=0; fi
|
2016-08-13 09:45:38 +02:00
|
|
|
Debug "Show report details (solution) set to ${SETTING_SHOW_REPORT_SOLUTION}"
|
|
|
|
;;
|
|
|
|
|
2016-04-26 14:05:56 +02:00
|
|
|
# Inline tips about tool (default enabled)
|
|
|
|
show_tool_tips | show-tool-tips)
|
2016-07-12 20:09:10 +02:00
|
|
|
SETTING_SHOW_TOOL_TIPS=1 # default is yes
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(0|false|no)$") && SHOW_TOOL_TIPS=0
|
2016-08-13 11:15:48 +02:00
|
|
|
if [ ! -z "${FIND}" ]; then SETTING_SHOW_TOOL_TIPS=0; fi
|
2016-07-12 20:09:10 +02:00
|
|
|
Debug "Show tool tips set to ${SETTING_SHOW_TOOL_TIPS}"
|
|
|
|
AddSetting "show-tool-tips" "${SETTING_SHOW_TOOL_TIPS}" "Show tool tips"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
2016-04-25 11:10:23 +02:00
|
|
|
# Show warnings only
|
|
|
|
show-warnings-only)
|
2016-04-25 11:51:37 +02:00
|
|
|
QUIET=1
|
|
|
|
QUICKMODE=1
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)$") && SHOW_WARNINGS_ONLY=1
|
2016-04-25 11:10:23 +02:00
|
|
|
Debug "Show warnings only set to ${SHOW_WARNINGS_ONLY}"
|
2016-07-05 17:26:27 +02:00
|
|
|
AddSetting "show-warnings-only" "${SHOW_WARNINGS_ONLY}" "Show only warnings"
|
2016-04-25 11:10:23 +02:00
|
|
|
;;
|
|
|
|
|
2016-04-25 16:00:10 +02:00
|
|
|
# Skip plugins
|
|
|
|
skip-plugins)
|
2016-07-05 17:26:27 +02:00
|
|
|
# Skip plugins (SKIP_PLUGINS) might already be set, so store in different variable
|
|
|
|
SETTING_SKIP_PLUGINS=0 # default is no
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)$") && SKIP_PLUGINS=1
|
2016-07-05 17:26:27 +02:00
|
|
|
if [ ! -z "${FIND}" ]; then SETTING_SKIP_PLUGINS=1; fi
|
|
|
|
Debug "Skip plugins is set to ${SETTING_SKIP_PLUGINS}"
|
|
|
|
AddSetting "skip-plugins" "${SETTING_SKIP_PLUGINS}" "Skip plugins"
|
2016-07-05 16:49:36 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# SSL paths
|
|
|
|
ssl-certificate-paths)
|
|
|
|
SSL_CERTIFICATE_PATHS="${VALUE}"
|
|
|
|
Debug "SSL paths set to ${SSL_CERTIFICATE_PATHS}"
|
|
|
|
AddSetting "ssl-certificate-paths" "${SSL_CERTIFICATE_PATHS}" "Paths for SSL certificates"
|
2016-04-25 16:00:10 +02:00
|
|
|
;;
|
|
|
|
|
2016-04-19 12:38:00 +02:00
|
|
|
# Which tests to skip (skip-test=ABCD-1234 or skip-test=ABCD-1234:subtest)
|
|
|
|
skip-test)
|
2016-07-31 15:58:20 +02:00
|
|
|
STRING=$(echo ${VALUE} | tr '[:lower:]' '[:upper:]')
|
2016-04-25 15:49:00 +02:00
|
|
|
SKIP_TESTS="${SKIP_TESTS} ${STRING}"
|
2016-04-19 12:38:00 +02:00
|
|
|
;;
|
|
|
|
|
2016-04-07 16:25:11 +02:00
|
|
|
# Do not check the latest version on the internet
|
2016-04-26 14:05:56 +02:00
|
|
|
skip_upgrade_test | skip-upgrade-test)
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && SKIP_UPGRADE_TEST=1
|
2016-04-26 14:05:56 +02:00
|
|
|
Debug "Skip upgrade test set to ${SKIP_UPGRADE_TEST}"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
2016-07-28 11:39:10 +02:00
|
|
|
# Set strict mode for development and quality purposes
|
|
|
|
strict)
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && SET_STRICT=1
|
2016-07-28 11:39:10 +02:00
|
|
|
;;
|
|
|
|
|
2016-04-07 16:25:11 +02:00
|
|
|
# Define what kind of scan we are performing
|
2016-04-26 14:05:56 +02:00
|
|
|
test_scan_mode | test-scan-mode)
|
2016-04-07 16:25:11 +02:00
|
|
|
if [ "${VALUE}" = "light" ]; then SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="NO"; SCAN_TEST_HEAVY="NO"; fi
|
|
|
|
if [ "${VALUE}" = "normal" ]; then SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="YES"; SCAN_TEST_HEAVY="NO"; fi
|
|
|
|
if [ "${VALUE}" = "full" ]; then SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="YES"; SCAN_TEST_HEAVY="YES"; fi
|
2016-07-05 19:56:13 +02:00
|
|
|
AddSetting "test-scan-mode" "${VALUE}" "Scan mode"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Server IP or hostname
|
|
|
|
update_server_address)
|
|
|
|
UPDATE_SERVER_ADDRESS="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "update-server-address" "${UPDATE_SERVER_ADDRESS}" "Update server (address)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Protocol (http, https)
|
|
|
|
update_server_protocol)
|
|
|
|
UPDATE_SERVER_PROTOCOL="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "update-server-protocol" "${UPDATE_SERVER_PROTOCOL}" "Update server (protocol)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# File path to tarball on server
|
|
|
|
update_latest_version_download)
|
|
|
|
UPDATE_LATEST_VERSION_DOWNLOAD="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "update-latest-version-download" "${UPDATE_LATEST_VERSION_DOWNLOAD}" "Update information: file path to latest update"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# File path to information file
|
|
|
|
update_latest_version_info)
|
|
|
|
UPDATE_LATEST_VERSION_INFO="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "update-latest-version-info" "${UPDATE_LATEST_VERSION_INFO}" "Update information: file path to information file"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Local directory where lynis directory will be placed
|
|
|
|
update_local_directory)
|
|
|
|
UPDATE_LOCAL_DIRECTORY="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "update-local-directory" "${UPDATE_LOCAL_DIRECTORY}" "Update information: local directory for updates"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Local file to maintain current version
|
|
|
|
update_local_version_info)
|
|
|
|
UPDATE_LOCAL_VERSION_INFO="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "update-local-version-info" "${UPDATE_LOCAL_VERSION_INFO}" "Update information: local file for latest release"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
2017-02-21 15:40:06 +01:00
|
|
|
# Colored output
|
|
|
|
upload)
|
|
|
|
SETTING_UPLOAD=no # default
|
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)$") && COLORS=0
|
|
|
|
if [ ! -z "${FIND}" ]; then SETTING_UPLOAD=1; UPLOAD_DATA=1; fi
|
|
|
|
Debug "Upload set to ${SETTING_UPLOAD}"
|
|
|
|
AddSetting "upload" "${SETTING_UPLOAD}" "Data upload after scanning"
|
|
|
|
unset SETTING_UPLOAD
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
2016-04-07 16:25:11 +02:00
|
|
|
# Compression of uploads (enabled by default)
|
2016-04-26 14:05:56 +02:00
|
|
|
upload_compressed | compressed-uploads)
|
2016-04-07 16:25:11 +02:00
|
|
|
if [ "${VALUE}" = "0" ]; then COMPRESSED_UPLOADS=0; fi
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "compressed-uploads" "${COMPRESSED_UPLOADS}" "Compressed uploads"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Options during upload of data
|
2016-04-26 14:05:56 +02:00
|
|
|
upload_options | upload-options)
|
2016-04-07 16:25:11 +02:00
|
|
|
UPLOAD_OPTIONS="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "upload-options" "${UPLOAD_OPTIONS}" "Upload options"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Proxy settings
|
2016-07-05 16:49:36 +02:00
|
|
|
upload_proxy_port | proxy-port | upload-proxy-port)
|
2016-04-07 16:25:11 +02:00
|
|
|
UPLOAD_PROXY_PORT="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "upload-proxy-port" "${UPLOAD_PROXY_PORT}" "Proxy port"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
2016-04-26 14:05:56 +02:00
|
|
|
upload_proxy_protocol | proxy-protocol)
|
2016-04-07 16:25:11 +02:00
|
|
|
UPLOAD_PROXY_PROTOCOL="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "upload-proxy-protocol" "${UPLOAD_PROXY_PROTOCOL}" "Proxy protocol"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
2016-04-26 14:05:56 +02:00
|
|
|
upload_proxy_server | proxy-server)
|
2016-04-07 16:25:11 +02:00
|
|
|
UPLOAD_PROXY_SERVER="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "upload-proxy-server" "${UPLOAD_PROXY_PORT}" "Proxy server"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Receiving system (IP address or hostname)
|
2016-07-05 19:56:13 +02:00
|
|
|
upload-server)
|
2016-04-07 16:25:11 +02:00
|
|
|
UPLOAD_SERVER="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "upload-server" "${UPLOAD_SERVER}" "Upload server (ip or hostname)"
|
2016-04-07 16:25:11 +02:00
|
|
|
;;
|
|
|
|
|
2016-06-07 17:01:16 +02:00
|
|
|
# Specify an alternative upload tool
|
|
|
|
upload-tool)
|
|
|
|
if [ -f "${VALUE}" ]; then UPLOAD_TOOL="${VALUE}"; fi
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "upload-tool" "${UPLOAD_TOOL}" "Upload tool"
|
2016-06-07 17:01:16 +02:00
|
|
|
;;
|
|
|
|
|
|
|
|
# Specify arguments for an alternative upload tool
|
|
|
|
upload-tool-arguments)
|
|
|
|
UPLOAD_TOOL_ARGS="${VALUE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "upload-tool-arguments" "${UPLOAD_TOOL_ARGS}" "Upload tool (arguments)"
|
2016-06-07 17:01:16 +02:00
|
|
|
;;
|
|
|
|
|
2016-04-19 19:47:50 +02:00
|
|
|
# Verbose output (--verbose)
|
|
|
|
verbose)
|
2016-07-31 15:58:20 +02:00
|
|
|
FIND=$(echo "${VALUE}" | egrep "^(1|true|yes)") && VERBOSE=1
|
2016-04-19 19:47:50 +02:00
|
|
|
Debug "Verbose set to ${VERBOSE}"
|
2016-07-05 16:49:36 +02:00
|
|
|
AddSetting "verbose" "${VERBOSE}" "Verbose output"
|
2016-04-19 19:47:50 +02:00
|
|
|
;;
|
|
|
|
|
2016-07-05 19:56:13 +02:00
|
|
|
########################################################################################################
|
|
|
|
## DEPRECATED ITEMS
|
|
|
|
########################################################################################################
|
|
|
|
|
|
|
|
# Deprecated: skip tests
|
|
|
|
test_skip_always)
|
2016-07-31 15:58:20 +02:00
|
|
|
STRING=$(echo ${VALUE} | tr '[:lower:]' '[:upper:]')
|
2016-07-05 19:56:13 +02:00
|
|
|
SKIP_TESTS="${SKIP_TESTS} ${STRING}"
|
|
|
|
LogText "[deprecated option] Tests to be skipped: ${VALUE}"
|
|
|
|
DisplayToolTip "Replace deprecated option 'test_skip_always' and replace with 'skip-test' (add to custom.prf)"
|
|
|
|
;;
|
|
|
|
|
|
|
|
# Deprecated: receiving system (IP address or hostname)
|
|
|
|
upload_server)
|
|
|
|
UPLOAD_SERVER="${VALUE}"
|
|
|
|
AddSetting "upload-server" "${UPLOAD_SERVER}" "Upload server (ip or hostname)"
|
|
|
|
DisplayToolTip "Replace deprecated option 'upload_server' and replace with 'upload-server' (add to custom.prf)"
|
|
|
|
;;
|
|
|
|
|
|
|
|
|
2016-04-07 16:25:11 +02:00
|
|
|
# Catch all bad options and bail out
|
|
|
|
*)
|
2016-04-19 17:43:33 +02:00
|
|
|
LogText "Unknown option ${OPTION} (with value: ${VALUE})"
|
2016-05-16 20:56:42 +02:00
|
|
|
${ECHOCMD} ""
|
|
|
|
${ECHOCMD} "${RED}Error${NORMAL}: found one or more errors in profile ${PROFILE}"
|
|
|
|
${ECHOCMD} "${WHITE}Details${NORMAL}: Unknown option '${YELLOW}${OPTION}${NORMAL}' found (with value: ${VALUE})"
|
|
|
|
${ECHOCMD} ""
|
2016-04-07 16:25:11 +02:00
|
|
|
ExitFatal
|
|
|
|
;;
|
|
|
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
done
|
2014-08-26 17:33:55 +02:00
|
|
|
done
|
|
|
|
#
|
|
|
|
#################################################################################
|
2016-04-19 12:38:00 +02:00
|
|
|
#
|
2016-07-13 13:21:35 +02:00
|
|
|
SKIP_TESTS=$(echo ${SKIP_TESTS} | sed "s/^ //")
|
2016-07-31 20:58:29 +02:00
|
|
|
if [ ! -z "${SKIP_TESTS}" ]; then LogText "Skip tests: ${SKIP_TESTS}"; fi
|
2016-04-19 12:38:00 +02:00
|
|
|
#
|
|
|
|
#################################################################################
|
2014-08-26 17:33:55 +02:00
|
|
|
#
|
|
|
|
# Add group name to report
|
|
|
|
if [ ! "${GROUP_NAME}" = "" ]; then
|
2016-04-19 17:43:33 +02:00
|
|
|
Report "group=${GROUP_NAME}"
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Set default values (only if not configured in profile)
|
|
|
|
if [ "${MACHINE_ROLE}" = "" ]; then
|
|
|
|
MACHINE_ROLE="server"
|
2016-04-19 17:43:33 +02:00
|
|
|
LogText "Set option to default value: MACHINE_ROLE --> ${MACHINE_ROLE}"
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "${NTPD_ROLE}" = "" ]; then
|
|
|
|
NTPD_ROLE="client"
|
2016-04-19 17:43:33 +02:00
|
|
|
LogText "Set option to default value: NTPD_ROLE --> ${NTPD_ROLE}"
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
2016-08-13 09:45:38 +02:00
|
|
|
# Register the discovered settings
|
2016-08-13 10:06:09 +02:00
|
|
|
AddSetting "log-tests-incorrect-os" "${SETTING_LOG_TESTS_INCORRECT_OS}" "Logging of tests that have a different OS"
|
2016-08-13 09:45:38 +02:00
|
|
|
AddSetting "show-report-solution" "${SETTING_SHOW_REPORT_SOLUTION}" "Show more details in report (solution)"
|
2016-08-13 11:16:08 +02:00
|
|
|
AddSetting "skip-upgrade-test" "${SKIP_UPGRADE_TEST}" "Skip upgrade test"
|
2016-08-13 11:13:44 +02:00
|
|
|
AddSetting "strict" "${SET_STRICT}" "Perform strict code test of scripts"
|
|
|
|
|
2016-08-13 10:03:33 +02:00
|
|
|
unset SETTING_LOG_TESTS_INCORRECT_OS SETTING_SHOW_REPORT_SOLUTION
|
2016-08-13 09:45:38 +02:00
|
|
|
#
|
|
|
|
#################################################################################
|
|
|
|
#
|
2016-06-18 11:15:39 +02:00
|
|
|
Display --indent 2 --text "- Checking profiles..." --result "DONE" --color GREEN
|
|
|
|
|
|
|
|
|
2016-04-28 12:32:18 +02:00
|
|
|
LogTextBreak
|
2014-08-26 17:33:55 +02:00
|
|
|
|
|
|
|
#================================================================================
|
2017-02-09 13:35:40 +01:00
|
|
|
# Lynis - Copyright 2007-2017, Michael Boelen - CISOfy, https://cisofy.com
|