2016-05-15 20:37:10 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
#################################################################################
|
|
|
|
#
|
|
|
|
# Lynis
|
|
|
|
# ------------------
|
|
|
|
#
|
|
|
|
# Copyright 2007-2013, Michael Boelen
|
2020-03-20 14:50:25 +01:00
|
|
|
# Copyright 2007-2020, CISOfy
|
2016-05-15 20:37:10 +02:00
|
|
|
#
|
|
|
|
# Website : https://cisofy.com
|
|
|
|
# Blog : http://linux-audit.com
|
|
|
|
# GitHub : https://github.com/CISOfy/lynis
|
|
|
|
#
|
|
|
|
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
|
|
|
|
# welcome to redistribute it under the terms of the GNU General Public License.
|
|
|
|
# See LICENSE file for usage of this software.
|
|
|
|
#
|
|
|
|
######################################################################
|
|
|
|
#
|
|
|
|
# Helper program to configure Lynis
|
|
|
|
#
|
|
|
|
######################################################################
|
|
|
|
#
|
|
|
|
# How to use:
|
|
|
|
# ------------
|
|
|
|
#
|
|
|
|
# Run:
|
|
|
|
# lynis configure settings quick
|
|
|
|
# lynis configure settings quick=yes:debug=yes
|
|
|
|
#
|
|
|
|
######################################################################
|
|
|
|
|
|
|
|
CONFIGURE_CRONJOB=0
|
|
|
|
CONFIGURE_SETTINGS=0
|
|
|
|
|
|
|
|
# Check configure mode
|
|
|
|
if [ "${HELPER_PARAMS}" = "" ]; then
|
|
|
|
${ECHOCMD} "${YELLOW}Provide one or more configuration settings${NORMAL}"
|
|
|
|
${ECHOCMD} ""
|
|
|
|
${ECHOCMD} "Examples:"
|
|
|
|
${ECHOCMD} " $0 configure cronjob"
|
|
|
|
${ECHOCMD} ""
|
|
|
|
${ECHOCMD} " $0 configure settings quick"
|
|
|
|
${ECHOCMD} " $0 configure settings debug:developer-mode:quick"
|
|
|
|
${ECHOCMD} " $0 configure settings debug=yes:developer-mode=no:quick=yes"
|
|
|
|
${ECHOCMD} ""
|
|
|
|
ExitClean
|
|
|
|
elif [ "$1" = "cronjob" ]; then
|
|
|
|
CONFIGURE_CRONJOB=1
|
|
|
|
elif [ "$1" = "settings" ]; then
|
|
|
|
CONFIGURE_SETTINGS=1
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
# Perform activities depending on requested task
|
|
|
|
if [ ${CONFIGURE_CRONJOB} -eq 1 ]; then
|
|
|
|
|
|
|
|
${ECHOCMD} "Automatic configuration for cronjobs is not implemented yet."
|
|
|
|
ExitClean
|
|
|
|
|
|
|
|
elif [ ${CONFIGURE_SETTINGS} -eq 1 ]; then
|
|
|
|
|
|
|
|
# Determine where profiles are stored
|
2016-10-27 09:30:25 +02:00
|
|
|
if [ -z "${PROFILEDIR}" ]; then
|
2016-05-15 20:37:10 +02:00
|
|
|
${ECHOCMD} "Can not configure Lynis, as profile directory is unknown"
|
|
|
|
ExitFatal
|
|
|
|
fi
|
2016-10-27 09:30:25 +02:00
|
|
|
if [ -z "${CUSTOM_PROFILE}" ]; then
|
|
|
|
${ECHOCMD} "No custom profile found yet."
|
|
|
|
${ECHOCMD} "Suggestion: create one with 'touch custom.prf' or 'touch /etc/lynis/custom.prf'"
|
|
|
|
ExitFatal
|
|
|
|
fi
|
2016-05-15 20:37:10 +02:00
|
|
|
|
|
|
|
FIND=$(echo ${HELPER_PARAMERS} | grep " ")
|
|
|
|
if [ ! "${FIND}" = "" ]; then ${ECHOCMD} "Found invalid character (space) in configuration string"; ExitFatal; fi
|
|
|
|
|
2016-05-17 21:39:02 +02:00
|
|
|
CONFIGURE_SETTINGS=$(echo $2 | sed 's/:/ /g')
|
|
|
|
for I in ${CONFIGURE_SETTINGS}; do
|
|
|
|
SETTING=$(echo ${I} | awk -F= '{print $1}')
|
|
|
|
VALUE=$(echo ${I} | awk -F= '{print $2}')
|
|
|
|
if [ "${VALUE}" = "" ]; then
|
2016-05-25 13:29:01 +02:00
|
|
|
${ECHOCMD} "Profile: ${CUSTOM_PROFILE}"
|
2016-05-17 21:39:02 +02:00
|
|
|
Debug "Did not find a value configured on the command line for setting ${SETTING}"
|
|
|
|
#read VALUE
|
|
|
|
else
|
|
|
|
Debug "Setting '${SETTING}' should be configured with value '${VALUE}'"
|
2016-05-24 20:49:36 +02:00
|
|
|
FIND=$(grep "^${SETTING}" ${CUSTOM_PROFILE})
|
|
|
|
if [ "${FIND}" = "" ]; then
|
|
|
|
${ECHOCMD} "Configuring setting '${CYAN}${SETTING}${NORMAL}'"
|
|
|
|
echo "${SETTING}=${VALUE}" >> ${CUSTOM_PROFILE}
|
2016-05-25 13:29:01 +02:00
|
|
|
if [ $? -eq 0 ]; then ${ECHOCMD} "${GREEN}Setting changed${NORMAL}"; fi
|
2016-05-24 20:49:36 +02:00
|
|
|
else
|
2016-05-25 13:29:01 +02:00
|
|
|
${ECHOCMD} "${YELLOW}Notice${NORMAL}: Setting '${CYAN}${SETTING}${NORMAL}' was already configured (not changed)${NORMAL}"
|
|
|
|
${ECHOCMD} " Current value: ${WHITE}${FIND}${NORMAL}"
|
2016-05-24 20:53:16 +02:00
|
|
|
${ECHOCMD} ""
|
2016-05-24 20:49:36 +02:00
|
|
|
fi
|
2016-05-17 21:39:02 +02:00
|
|
|
fi
|
|
|
|
# Now check if value is in line with expected type (boolean, integer, string)
|
|
|
|
# =To be implemented=
|
|
|
|
done
|
|
|
|
${ECHOCMD} ""
|
|
|
|
${ECHOCMD} ""
|
2016-05-15 20:37:10 +02:00
|
|
|
ExitClean
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
ExitClean
|
|
|
|
|
|
|
|
# The End
|