2014-08-26 17:33:55 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
# Lynis
|
|
|
|
|
# ------------------
|
|
|
|
|
#
|
2016-03-13 16:00:39 +01:00
|
|
|
# Copyright 2007-2013, Michael Boelen
|
|
|
|
|
# Copyright 2013-2016, CISOfy
|
|
|
|
|
#
|
|
|
|
|
# Website : https://cisofy.com
|
|
|
|
|
# Blog : http://linux-audit.com
|
|
|
|
|
# GitHub : https://github.com/CISOfy/lynis
|
2014-08-26 17:33:55 +02:00
|
|
|
#
|
|
|
|
|
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
|
|
|
|
|
# welcome to redistribute it under the terms of the GNU General Public License.
|
|
|
|
|
# See LICENSE file for usage of this software.
|
|
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
# Banners and identification
|
|
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
InsertSection "Banners and identification"
|
|
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
BANNER_FILES="/etc/issue /etc/issue.net /etc/motd"
|
2015-06-11 13:57:37 +02:00
|
|
|
LEGAL_BANNER_STRINGS="audit access authori connect enforce evidence intrusion law legal monitor owner policy policies private prohibited restricted subject terms this unauthorized"
|
2014-08-26 17:33:55 +02:00
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
# Test : BANN-7113
|
|
|
|
|
# Description : Check FreeBSD COPYRIGHT banner file
|
2016-07-24 17:22:00 +02:00
|
|
|
Register --test-no BANN-7113 --os FreeBSD --weight L --network NO --category security --description "Check COPYRIGHT banner file"
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Test: Testing existence /COPYRIGHT or /etc/COPYRIGHT"
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ -f /COPYRIGHT ]; then
|
2016-06-18 11:14:01 +02:00
|
|
|
Display --indent 2 --text "- /COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ -s /COPYRIGHT ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: /COPYRIGHT available and contains text"
|
2014-08-26 17:33:55 +02:00
|
|
|
else
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: /COPYRIGHT available, but empty"
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
|
else
|
2016-06-18 11:14:01 +02:00
|
|
|
Display --indent 2 --text "- /COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: /COPYRIGHT not found"
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -f /etc/COPYRIGHT ]; then
|
2016-06-18 11:14:01 +02:00
|
|
|
Display --indent 2 --text "- /etc/COPYRIGHT" --result "${STATUS_FOUND}" --color GREEN
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ -s /etc/COPYRIGHT ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: /etc/COPYRIGHT available and contains text"
|
2014-08-26 17:33:55 +02:00
|
|
|
else
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: /etc/COPYRIGHT available, but empty"
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
|
else
|
2016-06-18 11:14:01 +02:00
|
|
|
Display --indent 2 --text "- /etc/COPYRIGHT" --result "${STATUS_NOT_FOUND}" --color WHITE
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: /etc/COPYRIGHT not found"
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
# Test : BANN-7119
|
|
|
|
|
# Description : Check MOTD banner file
|
2016-07-24 17:22:00 +02:00
|
|
|
#Register --test-no BANN-7119 --weight L --network NO --category security --description "Check MOTD banner file"
|
2016-04-25 20:04:23 +02:00
|
|
|
#if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
|
# LogText "Test: Testing existence /etc/motd"
|
|
|
|
|
# if [ -f /etc/motd ]; then
|
|
|
|
|
# LogText "Result: file /etc/motd exists"
|
2016-06-18 11:14:01 +02:00
|
|
|
# Display --indent 2 --text "- /etc/motd" --result "${STATUS_FOUND}" --color GREEN
|
2016-04-25 20:04:23 +02:00
|
|
|
# if [ ! -L /etc/motd ]; then
|
|
|
|
|
# if IsWorldWritable /etc/motd; then
|
2016-06-18 11:14:01 +02:00
|
|
|
# Display --indent 4 --text "- /etc/motd permissions" --result "${STATUS_WARNING}" --color RED
|
2016-04-25 20:04:23 +02:00
|
|
|
# LogText "Result: /etc/motd is world writable. Users can change this file!"
|
2016-08-10 07:24:10 +02:00
|
|
|
# ReportWarning ${TEST_NO} "/etc/motd is world writable"
|
2016-04-25 20:04:23 +02:00
|
|
|
# else
|
2016-06-18 11:14:01 +02:00
|
|
|
# Display --indent 4 --text "- /etc/motd permissions" --result "${STATUS_OK}" --color GREEN
|
2016-04-25 20:04:23 +02:00
|
|
|
# LogText "Result: /etc/motd is not world writable."
|
|
|
|
|
# fi
|
|
|
|
|
# else
|
|
|
|
|
# LogText "Result: file /etc/motd is symlink"
|
|
|
|
|
# fi
|
|
|
|
|
# else
|
|
|
|
|
# LogText "Result: File /etc/motd not found"
|
2016-06-18 11:14:01 +02:00
|
|
|
# Display --indent 2 --text "- /etc/motd" --result "${STATUS_NOT_FOUND}" --color WHITE
|
2016-04-25 20:04:23 +02:00
|
|
|
# fi
|
|
|
|
|
#fi
|
2014-08-26 17:33:55 +02:00
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
# Test : BANN-7122
|
|
|
|
|
# Description : Check motd file to see if it contains some form of message
|
|
|
|
|
# to discourage unauthorized users to leave the system alone
|
2016-04-25 20:04:23 +02:00
|
|
|
#if [ -f /etc/motd -a ! -L /etc/motd ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
2016-07-24 17:22:00 +02:00
|
|
|
#Register --test-no BANN-7122 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check /etc/motd banner file contents"
|
2016-04-25 20:04:23 +02:00
|
|
|
#if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
|
# N=0
|
|
|
|
|
# LogText "Test: Checking file /etc/motd contents for legal key words"
|
|
|
|
|
# for I in ${LEGAL_BANNER_STRINGS}; do
|
2016-08-25 15:31:33 +02:00
|
|
|
# FIND=`${GREPBINARY} -i "${I}" /etc/motd`
|
2016-04-25 20:04:23 +02:00
|
|
|
# if [ ! "${FIND}" = "" ]; then
|
|
|
|
|
# LogText "Result: found string '${I}'"
|
2016-05-03 14:57:53 +02:00
|
|
|
# N=$((N + 1))
|
2016-04-25 20:04:23 +02:00
|
|
|
# fi
|
|
|
|
|
# done
|
|
|
|
|
# # Check if we have 5 or more key words
|
|
|
|
|
# if [ ${N} -gt 4 ]; then
|
|
|
|
|
# LogText "Result: Found ${N} key words, to warn unauthorized users"
|
2016-06-18 11:14:01 +02:00
|
|
|
# Display --indent 4 --text "- /etc/motd contents" --result "${STATUS_OK}" --color GREEN
|
2016-04-25 20:04:23 +02:00
|
|
|
# AddHP 2 2
|
|
|
|
|
# else
|
|
|
|
|
# LogText "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
|
|
|
|
|
# Display --indent 4 --text "- /etc/motd contents" --result WEAK --color YELLOW
|
|
|
|
|
# ReportSuggestion ${TEST_NO} "Add legal banner to /etc/motd, to warn unauthorized users"
|
|
|
|
|
# AddHP 0 1
|
|
|
|
|
# fi
|
|
|
|
|
#fi
|
2014-08-26 17:33:55 +02:00
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
# Test : BANN-7124
|
|
|
|
|
# Description : Check issue banner file
|
2016-07-24 17:22:00 +02:00
|
|
|
Register --test-no BANN-7124 --weight L --network NO --category security --description "Check issue banner file"
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Test: Checking file /etc/issue"
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ -f /etc/issue ]; then
|
2014-09-15 12:01:09 +02:00
|
|
|
# Check for symlink
|
|
|
|
|
if [ -L /etc/issue ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: file /etc/issue exists (symlink)"
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 2 --text "- /etc/issue" --result SYMLINK --color GREEN
|
|
|
|
|
else
|
2016-06-18 11:14:01 +02:00
|
|
|
Display --indent 2 --text "- /etc/issue" --result "${STATUS_FOUND}" --color GREEN
|
2014-09-15 12:01:09 +02:00
|
|
|
fi
|
|
|
|
|
else
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: file /etc/issue does not exist"
|
2016-06-18 11:14:01 +02:00
|
|
|
Display --indent 2 --text "- /etc/issue" --result "${STATUS_NOT_FOUND}" --color WHITE
|
2014-09-15 12:01:09 +02:00
|
|
|
fi
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
# Test : BANN-7126
|
|
|
|
|
# Description : Check issue file to see if it contains some form of message
|
|
|
|
|
# to discourage unauthorized users to leave the system alone
|
|
|
|
|
if [ -f /etc/issue ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
2016-07-24 17:22:00 +02:00
|
|
|
Register --test-no BANN-7126 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue banner file contents"
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
|
N=0
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Test: Checking file /etc/issue contents for legal key words"
|
2014-08-26 17:33:55 +02:00
|
|
|
for I in ${LEGAL_BANNER_STRINGS}; do
|
2016-08-25 15:31:33 +02:00
|
|
|
FIND=`${GREPBINARY} -i "${I}" /etc/issue`
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ ! "${FIND}" = "" ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: found string '${I}'"
|
2016-05-03 14:57:53 +02:00
|
|
|
N=$((N + 1))
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
# Check if we have 5 or more key words
|
|
|
|
|
if [ ${N} -gt 4 ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: Found ${N} key words (5 or more suggested), to warn unauthorized users"
|
2016-06-18 11:14:01 +02:00
|
|
|
Display --indent 4 --text "- /etc/issue contents" --result "${STATUS_OK}" --color GREEN
|
2014-08-26 17:33:55 +02:00
|
|
|
AddHP 2 2
|
|
|
|
|
else
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: Found only ${N} key words (5 or more suggested), to warn unauthorized users and could be increased"
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 4 --text "- /etc/issue contents" --result WEAK --color YELLOW
|
2014-08-26 17:33:55 +02:00
|
|
|
ReportSuggestion ${TEST_NO} "Add a legal banner to /etc/issue, to warn unauthorized users"
|
|
|
|
|
AddHP 0 1
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
# Test : BANN-7128
|
|
|
|
|
# Description : Check issue.net banner file
|
2016-07-24 17:22:00 +02:00
|
|
|
Register --test-no BANN-7128 --weight L --network NO --category security --description "Check issue.net banner file"
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Test: Checking file /etc/issue.net"
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ -f /etc/issue.net ]; then
|
2014-09-15 12:01:09 +02:00
|
|
|
# Check for symlink
|
|
|
|
|
if [ -L /etc/issue.net ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: file /etc/issue.net exists (symlink)"
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 2 --text "- /etc/issue.net" --result SYMLINK --color GREEN
|
|
|
|
|
else
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: file /etc/issue.net exists"
|
2016-06-18 11:14:01 +02:00
|
|
|
Display --indent 2 --text "- /etc/issue.net" --result "${STATUS_FOUND}" --color GREEN
|
2014-09-15 12:01:09 +02:00
|
|
|
fi
|
|
|
|
|
else
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: file /etc/issue.net does not exist"
|
2016-06-18 11:14:01 +02:00
|
|
|
Display --indent 2 --text "- /etc/issue.net" --result "${STATUS_NOT_FOUND}" --color WHITE
|
2014-09-15 12:01:09 +02:00
|
|
|
fi
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
# Test : BANN-7130
|
|
|
|
|
# Description : Check issue.net file to see if it contains some form of message
|
|
|
|
|
# to discourage unauthorized users to leave the system alone
|
|
|
|
|
if [ -f /etc/issue.net ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
2016-07-24 17:22:00 +02:00
|
|
|
Register --test-no BANN-7130 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check issue.net banner file contents"
|
2014-08-26 17:33:55 +02:00
|
|
|
if [ ${SKIPTEST} -eq 0 ]; then
|
|
|
|
|
N=0
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Test: Checking file /etc/issue.net contents for legal key words"
|
2014-08-26 17:33:55 +02:00
|
|
|
for I in ${LEGAL_BANNER_STRINGS}; do
|
2016-08-25 15:31:33 +02:00
|
|
|
FIND=`${GREPBINARY} -i "${I}" /etc/issue.net`
|
2014-09-15 12:01:09 +02:00
|
|
|
if [ ! "${FIND}" = "" ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: found string '${I}'"
|
2016-05-03 14:57:53 +02:00
|
|
|
N=$((N + 1))
|
2014-09-15 12:01:09 +02:00
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
# Check if we have 5 or more key words
|
|
|
|
|
if [ ${N} -gt 4 ]; then
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: Found ${N} key words, to warn unauthorized users"
|
2016-06-18 11:14:01 +02:00
|
|
|
Display --indent 4 --text "- /etc/issue.net contents" --result "${STATUS_OK}" --color GREEN
|
2014-09-15 12:01:09 +02:00
|
|
|
AddHP 2 2
|
|
|
|
|
else
|
2015-12-21 21:17:15 +01:00
|
|
|
LogText "Result: Found only ${N} key words, to warn unauthorized users and could be increased"
|
2014-09-15 12:01:09 +02:00
|
|
|
Display --indent 4 --text "- /etc/issue.net contents" --result WEAK --color YELLOW
|
|
|
|
|
ReportSuggestion ${TEST_NO} "Add legal banner to /etc/issue.net, to warn unauthorized users"
|
|
|
|
|
AddHP 0 1
|
|
|
|
|
fi
|
2014-08-26 17:33:55 +02:00
|
|
|
fi
|
|
|
|
|
#
|
|
|
|
|
#################################################################################
|
|
|
|
|
#
|
|
|
|
|
|
2016-04-28 12:31:57 +02:00
|
|
|
WaitForKeyPress
|
2014-08-26 17:33:55 +02:00
|
|
|
|
|
|
|
|
#
|
|
|
|
|
#================================================================================
|
2016-03-13 16:03:46 +01:00
|
|
|
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com
|
