lynis/include/tests_squid

329 lines
17 KiB
Plaintext
Raw Normal View History

2014-08-26 17:33:55 +02:00
#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
2016-03-13 16:00:39 +01:00
# Copyright 2007-2013, Michael Boelen
2021-01-07 15:22:19 +01:00
# Copyright 2007-2021, CISOfy
2016-03-13 16:00:39 +01:00
#
# Website : https://cisofy.com
# Blog : http://linux-audit.com
# GitHub : https://github.com/CISOfy/lynis
2014-08-26 17:33:55 +02:00
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# Squid
#
#################################################################################
#
2017-04-23 20:06:54 +02:00
SQUID_DAEMON_CONFIG_LOCS="${ROOTDIR}etc ${ROOTDIR}etc/squid ${ROOTDIR}etc/squid3 ${ROOTDIR}usr/local/etc/squid ${ROOTDIR}usr/local/squid/etc"
2014-08-26 17:33:55 +02:00
SQUID_DAEMON_CONFIG=""
SQUID_DAEMON_UNSAFE_PORTS_LIST="22 23 25"
SQUID_DAEMON_RUNNING=0
#
#################################################################################
#
InsertSection "${SECTION_SQUID_SUPPORT}"
2014-08-26 17:33:55 +02:00
#
#################################################################################
#
# Test : SQD-3602
# Description : Check for a running Squid daemon
# Notes : Search for squid(3) with a space, to avoid SquidGuard and other
# programs.
Register --test-no SQD-3602 --weight L --network NO --category security --description "Check for running Squid daemon"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Searching for a Squid daemon"
2014-08-26 17:33:55 +02:00
FOUND=0
# Check running processes
FIND=$(${PSBINARY} ax | ${EGREPBINARY} "(squid|squid3) " | ${GREPBINARY} -v "grep")
2019-07-16 13:20:30 +02:00
if [ -n "${FIND}" ]; then
2014-08-26 17:33:55 +02:00
SQUID_DAEMON_RUNNING=1
LogText "Result: Squid daemon is running"
Display --indent 2 --text "- Checking running Squid daemon" --result "${STATUS_FOUND}" --color GREEN
2017-04-23 20:06:54 +02:00
else
LogText "Result: No running Squid daemon found"
Display --indent 2 --text "- Checking running Squid daemon" --result "${STATUS_NOT_FOUND}" --color WHITE
2014-08-26 17:33:55 +02:00
fi
fi
#
#################################################################################
#
# Test : SQD-3604
# Description : Determine Squid daemon configuration file location
if [ ${SQUID_DAEMON_RUNNING} -eq 1 ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no SQD-3604 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid daemon file location"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: searching for squid.conf or squid3.conf file"
2014-08-26 17:33:55 +02:00
for I in ${SQUID_DAEMON_CONFIG_LOCS}; do
# Checking squid.conf
if [ -f "${I}/squid.conf" ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
LogText "Result: ${I}/squid.conf exists"
SQUID_DAEMON_CONFIG="${I}/squid.conf"
2014-08-26 17:33:55 +02:00
fi
# Checking squid3.conf
if [ -f "${I}/squid3.conf" ]; then
Lots of cleanups (#366) * Description fix: SafePerms works on files not dirs. All uses of SafePerms are on files (and indeed, it would reject directories which would have +x set). * Lots of whitespace cleanups. Enforce everywhere(?) the same indentations for if/fi blocks. The standard for the Lynis codebase is 4 spaces. But sometimes it's 1, sometimes 3, sometimes 8. These patches standardize all(?) if blocks but _not_ else's (which are usually indented 2, but sometimes zero); I was too lazy to identify those (see below). This diff is giant, but should not change code behavior at all; diff -w shows no changes apart from whitespace. FWIW I identified instances to check by using: perl -ne 'if ($oldfile ne $ARGV) { $.=1; $oldfile=$ARGV; }; chomp; if ($spaces) { next unless /^( *)([^ ]+)/; $newspaces=length($1); $firsttok = $2; next unless defined($firsttok); $offset = ($firsttok eq "elif" ? 0 : 4); if ($newspaces != $spaces + $offset) { print "$ARGV:$ifline\n$ARGV:$.:$_\n\n" }; $ifline=""; $spaces=""; } if (/^( *)if (?!.*[; ]fi)/) { $ifline = "$.:$_"; $spaces = length($1); }' $(find . -type f -print0 | xargs -0 file | egrep shell | cut -d: -f1) Which produced output like: ./extras/build-lynis.sh:217: if [ ${VERSION_IN_SPECFILE} = "" -o ! "${VERSION_IN_SPECFILE}" = "${LYNIS_VERSION}" ]; then ./extras/build-lynis.sh:218: echo "[X] Version in specfile is outdated" ./plugins/plugin_pam_phase1:69: if [ -d ${PAM_DIRECTORY} ]; then ./plugins/plugin_pam_phase1:70: LogText "Result: /etc/pam.d exists" ...There's probably formal shellscript-beautification tools that I'm oblivious about. * More whitespace standardization. * Fix a syntax error. This looks like an if [ foo -o bar ]; was converted to if .. elif, but incompletely. * Add whitespace before closing ]. Without it, the shell thinks the ] is part of the last string, and emits warnings like: .../lynis/include/tests_authentication: line 1028: [: missing `]'
2017-03-07 20:23:08 +01:00
LogText "Result: ${I}/squid3.conf exists"
SQUID_DAEMON_CONFIG="${I}/squid3.conf"
2014-08-26 17:33:55 +02:00
fi
done
2017-04-23 20:06:54 +02:00
if [ -z "${SQUID_DAEMON_CONFIG}" ]; then
LogText "Result: No Squid configuration file found"
Display --indent 4 --text "- Searching Squid configuration file" --result "${STATUS_NOT_FOUND}" --color YELLOW
2017-04-23 20:06:54 +02:00
else
LogText "Result: using last found configuration file: ${SQUID_DAEMON_CONFIG}"
Display --indent 4 --text "- Searching Squid configuration" --result "${STATUS_FOUND}" --color GREEN
2014-08-26 17:33:55 +02:00
fi
fi
#
#################################################################################
#
# Test : SQD-3606
# Description : Check Squid version
2019-07-16 13:20:30 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a -n "${SQUID_DAEMON_CONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no SQD-3606 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid version"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2019-07-16 13:20:30 +02:00
if [ -n "${SQUIDBINARY}" ]; then
LogText "Result: Squid binary found (${SQUIDBINARY})"
2014-09-15 12:01:09 +02:00
# Skip check if a setuid/setgid bit is found
2017-04-23 20:06:54 +02:00
FIND=$(${FINDBINARY} ${SQUIDBINARY} \( -perm 4000 -o -perm 2000 \) -print)
if [ -z "${FIND}" ]; then
FIND2=$(${SQUIDBINARY} -v | ${AWKBINARY} '{ if ($3=="Version") { print $4 } }')
Display --indent 4 --text "- Checking Squid version" --result "${STATUS_FOUND}" --color GREEN
2014-09-15 12:01:09 +02:00
SQUID_VERSION="${FIND2}"
2017-04-23 20:06:54 +02:00
else
LogText "Result: test skipped for security reasons, setuid/setgid bit set"
Display --indent 4 --text "- Checking Squid version" --result "${STATUS_SKIPPED}" --color RED
2014-09-15 12:01:09 +02:00
fi
2017-04-23 20:06:54 +02:00
else
LogText "Result: no Squid binary found"
2014-09-15 12:01:09 +02:00
fi
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
# Test : SQD-3610
# Description : Check Squid configuration options
2019-07-16 13:20:30 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a -n "${SQUID_DAEMON_CONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
2019-03-15 13:52:55 +01:00
Register --test-no SQD-3610 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Gather Squid settings"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking all specific defined options in ${SQUID_DAEMON_CONFIG}"
FIND=$(${GREPBINARY} -v "^#" ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} -v "^$" | ${AWKBINARY} '{gsub("\t"," ");print}' | ${SEDBINARY} 's/ /!space!/g')
2014-09-15 12:01:09 +02:00
for I in ${FIND}; do
I=$(echo ${I} | ${SEDBINARY} 's/!space!/ /g')
LogText "Found Squid option: ${I}"
Report "squid_option=${I}"
2014-09-15 12:01:09 +02:00
done
Display --indent 4 --text "- Checking defined Squid options" --result "${STATUS_DONE}" --color GREEN
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
# Test : SQD-3613
2019-03-15 13:52:55 +01:00
# Description : Check Squid configuration file permissions
2019-07-16 13:20:30 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a -n "${SQUID_DAEMON_CONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no SQD-3613 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid file permissions"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Checking file permissions of ${SQUID_DAEMON_CONFIG}"
FIND=$(find -L ${SQUID_DAEMON_CONFIG} -type f -a \( -perm -004 -o -perm -002 -o -perm -001 \))
2019-07-16 13:20:30 +02:00
if [ -n "${FIND}" ]; then
LogText "Result: file ${SQUID_DAEMON_CONFIG} is world readable, writable or executable and could leak information or passwords"
Display --indent 4 --text "- Checking Squid configuration file permissions" --result "${STATUS_WARNING}" --color RED
2019-12-18 12:17:46 +01:00
ReportSuggestion "${TEST_NO}" "Check file permissions of ${SQUID_DAEMON_CONFIG} to limit access"
ReportWarning "${TEST_NO}" "File permissions of ${SQUID_DAEMON_CONFIG} are not restrictive"
2014-08-26 17:33:55 +02:00
AddHP 0 2
2017-04-23 20:06:54 +02:00
else
LogText "Result: file ${SQUID_DAEMON_CONFIG} has proper file permissions"
Display --indent 4 --text "- Checking Squid configuration file permissions" --result "${STATUS_OK}" --color GREEN
2014-08-26 17:33:55 +02:00
AddHP 2 2
fi
fi
#
#################################################################################
#
2019-07-16 13:20:30 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a -n "${SQUID_DAEMON_CONFIG}" ]; then
2014-09-15 12:01:09 +02:00
Display --indent 4 --text "- Checking Squid access control"
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
# Test : SQD-3614
# Description : Check Squid authentication
2019-07-16 13:20:30 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a -n "${SQUID_DAEMON_CONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no SQD-3614 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid authentication methods"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: check auth_param option for authentication methods"
FIND=$(${GREPBINARY} "^auth_param" ${SQUID_DAEMON_CONFIG} | ${AWKBINARY} '{ print $2 }')
2017-04-23 20:06:54 +02:00
if [ -z "${FIND}" ]; then
LogText "No auth_param option found, proxy access anonymous or based on other methods (like ACLs)"
Display --indent 6 --text "- Checking Squid authentication methods" --result "${STATUS_NONE}" --color YELLOW
2017-04-23 20:06:54 +02:00
else
Display --indent 6 --text "- Checking Squid authentication methods" --result "${STATUS_FOUND}" --color GREEN
2014-09-15 12:01:09 +02:00
for I in ${FIND}; do
LogText "Result: found authentication method ${I}"
Report "squid_auth_method=${I}"
2014-09-15 12:01:09 +02:00
done
fi
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
# Test : SQD-3616
# Description : Check external Squid authentication
2019-07-16 13:20:30 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a -n "${SQUID_DAEMON_CONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no SQD-3616 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check external Squid authentication"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: check external_acl_type option for external authentication helpers"
FIND=$(${GREPBINARY} "^external_acl_type" ${SQUID_DAEMON_CONFIG})
2017-04-23 20:06:54 +02:00
if [ -z "${FIND}" ]; then
LogText "No external_acl_type found"
Display --indent 6 --text "- Checking Squid external authentication methods" --result "${STATUS_NONE}" --color YELLOW
2017-04-23 20:06:54 +02:00
else
Display --indent 6 --text "- Checking Squid external authentication methods" --result "${STATUS_FOUND}" --color GREEN
2014-09-15 12:01:09 +02:00
for I in ${FIND}; do
LogText "Result: found external authentication method helper"
LogText "Output: ${FIND}"
#Report "squid_external_acl_type=TRUE"
2014-09-15 12:01:09 +02:00
done
fi
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
# Test : SQD-3620
# Description : Check ACLs
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no SQD-3620 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid access control lists"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
COUNT=0
LogText "Test: checking ACLs"
FIND=$(${GREPBINARY} "^acl " ${SQUID_DAEMON_CONFIG} | ${SEDBINARY} 's/ /!space!/g')
2014-09-15 12:01:09 +02:00
if [ "${FIND}" = "" ]; then
LogText "Result: No ACLs found"
Display --indent 6 --text "- Checking Access Control Lists" --result "${STATUS_NONE}" --color RED
2017-04-23 20:06:54 +02:00
else
for ITEM in ${FIND}; do
COUNT=$((COUNT + 1))
ITEM=$(echo ${ITEM} | ${SEDBINARY} 's/!space!/ /g')
LogText "Found ACL: ${ITEM}"
#Report "squid_acl=${ITEM}" # TODO
2014-09-15 12:01:09 +02:00
done
LogText "Result: Found ${COUNT} ACLs"
Display --indent 6 --text "- Checking Access Control Lists" --result "${COUNT} ACLs FOUND" --color GREEN
2014-09-15 12:01:09 +02:00
fi
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
# Test : SQD-3624
2019-09-21 16:31:06 +02:00
# Description : Check insecure ports in Safe_ports list
2014-08-26 17:33:55 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a ! "${SQUID_DAEMON_CONFIG}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no SQD-3624 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid safe ports"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: checking ACL Safe_ports http_access option"
FIND=$(${GREPBINARY} "^http_access" ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} "Safe_ports")
if IsEmpty "${FIND}"; then
LogText "Result: no Safe_ports found"
Display --indent 6 --text "- Checking ACL 'Safe_ports' http_access option" --result "${STATUS_NOT_FOUND}" --color YELLOW
2019-12-18 12:17:46 +01:00
ReportSuggestion "${TEST_NO}" "Check if Squid has been configured to restrict access to all safe ports"
2017-04-23 20:06:54 +02:00
else
LogText "Result: checking ACL safe ports"
FIND2=$(${GREPBINARY} "^acl Safe_ports port" ${SQUID_DAEMON_CONFIG} | ${AWKBINARY} '{ print $4 }')
if IsEmpty "${FIND2}"; then
2014-09-15 12:01:09 +02:00
Display --indent 6 --text "- Checking ACL 'Safe_ports' ports" --result "NONE FOUND" --color YELLOW
2019-12-18 12:17:46 +01:00
ReportSuggestion "${TEST_NO}" "Check if Squid has been configured for which ports it can allow outgoing traffic (Safe_ports)"
2014-09-15 12:01:09 +02:00
AddHP 0 1
2017-04-23 20:06:54 +02:00
else
LogText "Result: Safe_ports found"
for ITEM in ${FIND}; do
LogText "Found safe port: ${ITEM}"
2014-09-15 12:01:09 +02:00
done
Display --indent 6 --text "- Checking ACL 'Safe_ports' ports" --result "${STATUS_FOUND}" --color GREEN
2014-09-15 12:01:09 +02:00
AddHP 1 1
fi
for ITEM in ${SQUID_DAEMON_UNSAFE_PORTS_LIST}; do
LogText "Test: Checking port ${ITEM} in Safe_ports list"
FIND2=$(${GREPBINARY} -w "^acl Safe_ports port ${ITEM}" ${SQUID_DAEMON_CONFIG})
if IsEmpty "${FIND2}"; then
Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${ITEM})" --result "${STATUS_NOT_FOUND}" --color GREEN
2014-09-15 12:01:09 +02:00
AddHP 1 1
2017-04-23 20:06:54 +02:00
else
Display --indent 6 --text "- Checking ACL 'Safe_ports' (port ${ITEM})" --result "${STATUS_FOUND}" --color RED
2019-12-18 12:17:46 +01:00
ReportWarning "${TEST_NO}" "Squid configuration possibly allows relaying traffic via configured Safe_port ${ITEM}"
2014-09-15 12:01:09 +02:00
AddHP 0 1
fi
done
fi
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
2019-07-16 13:20:30 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a -n "${SQUID_DAEMON_CONFIG}" ]; then
2014-09-15 12:01:09 +02:00
Display --indent 4 --text "- Checking Squid Denial of Service tuning options"
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
# Test : SQD-3630 [T]
# Description : Check reply_body_max_size value
2019-07-16 13:20:30 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a -n "${SQUID_DAEMON_CONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no SQD-3630 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid reply_body_max_size option"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: checking option reply_body_max_size"
FIND=$(${GREPBINARY} "^reply_body_max_size " ${SQUID_DAEMON_CONFIG} | ${SEDBINARY} 's/ /!space!/g')
if IsEmpty "${FIND}"; then
LogText "Result: option reply_body_max_size not configured"
Display --indent 6 --text "- Checking option: reply_body_max_size" --result "${STATUS_NONE}" --color RED
2014-08-26 17:33:55 +02:00
AddHP 1 2
2019-12-18 12:17:46 +01:00
ReportSuggestion "${TEST_NO}" "Configure Squid option reply_body_max_size to limit the upper size of requests."
2017-04-23 20:06:54 +02:00
else
LogText "Result: option reply_body_max_size configured"
LogText "Output: ${FIND}"
Display --indent 6 --text "- Checking option: reply_body_max_size" --result "${STATUS_FOUND}" --color GREEN
2014-08-26 17:33:55 +02:00
AddHP 2 2
fi
fi
#
#################################################################################
#
2019-07-16 13:20:30 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a -n "${SQUID_DAEMON_CONFIG}" ]; then
2014-09-15 12:01:09 +02:00
Display --indent 4 --text "- Checking Squid general options"
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
#
# Test : SQD-3680
# Description : Check httpd_suppress_version_string
2019-07-16 13:20:30 +02:00
if [ ${SQUID_DAEMON_RUNNING} -eq 1 -a -n "${SQUID_DAEMON_CONFIG}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
2018-04-23 10:54:44 +02:00
Register --test-no SQD-3680 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Squid version suppression"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(${GREPBINARY} "^httpd_suppress_version_string " ${SQUID_DAEMON_CONFIG} | ${GREPBINARY} " on")
2017-04-23 20:06:54 +02:00
if [ -z "${FIND}" ]; then
LogText "Result: option httpd_suppress_version_string not configured"
Display --indent 6 --text "- Checking option: httpd_suppress_version_string" --result "${STATUS_NOT_FOUND}" --color YELLOW
2014-08-26 17:33:55 +02:00
AddHP 1 2
2019-12-18 12:17:46 +01:00
ReportSuggestion "${TEST_NO}" "Configure Squid option httpd_suppress_version_string (on) to suppress the version."
2017-04-23 20:06:54 +02:00
else
LogText "Result: option httpd_suppress_version_string configured"
LogText "Output: ${FIND}"
Display --indent 6 --text "- Checking option: httpd_suppress_version_string" --result "${STATUS_FOUND}" --color GREEN
2014-08-26 17:33:55 +02:00
AddHP 2 2
fi
fi
#
#################################################################################
#
WaitForKeyPress
2014-08-26 17:33:55 +02:00
#
#================================================================================
2021-01-07 15:22:19 +01:00
# Lynis - Copyright 2007-2021 Michael Boelen, CISOfy - https://cisofy.com