2014-08-26 17:33:55 +02:00
#!/bin/sh
#################################################################################
#
# Lynis
# ------------------
#
2016-03-13 16:00:39 +01:00
# Copyright 2007-2013, Michael Boelen
2021-01-07 15:22:19 +01:00
# Copyright 2007-2021, CISOfy
2016-03-13 16:00:39 +01:00
#
# Website : https://cisofy.com
# Blog : http://linux-audit.com
# GitHub : https://github.com/CISOfy/lynis
2014-08-26 17:33:55 +02:00
#
# Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
# welcome to redistribute it under the terms of the GNU General Public License.
# See LICENSE file for usage of this software.
#
#################################################################################
#
# E-mail and messaging
#
#################################################################################
#
2020-10-22 00:13:42 +02:00
InsertSection "${SECTION_EMAIL_AND_MESSAGING}"
2014-08-26 17:33:55 +02:00
#
#################################################################################
#
DOVECOT_RUNNING=0
EXIM_RUNNING=0
2018-06-26 11:27:26 +02:00
EXIM_TYPE=""
2016-09-10 16:12:44 +02:00
IMAP_DAEMON=""
OPENSMTPD_RUNNING=0
POP3_DAEMON=""
2014-08-26 17:33:55 +02:00
POSTFIX_RUNNING=0
QMAIL_RUNNING=0
SENDMAIL_RUNNING=0
2016-09-10 16:12:44 +02:00
SMTP_DAEMON=""
2014-08-26 17:33:55 +02:00
#
#################################################################################
#
# Test : MAIL-8802
# Description : Check Exim process status
2016-07-24 17:22:00 +02:00
Register --test-no MAIL-8802 --weight L --network NO --category security --description "Check Exim status"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2015-12-21 21:17:15 +01:00
LogText "Test: check Exim status"
2019-07-26 11:32:48 +02:00
if IsRunning "exim4" || IsRunning "exim"; then
2015-12-21 21:17:15 +01:00
LogText "Result: found running Exim process"
2017-02-28 20:17:01 +01:00
Display --indent 2 --text "- Exim status" --result "${STATUS_RUNNING}" --color GREEN
2014-08-26 17:33:55 +02:00
EXIM_RUNNING=1
SMTP_DAEMON="exim"
2017-02-28 20:17:01 +01:00
Report "smtp_daemon[]=exim"
2016-09-10 16:12:44 +02:00
else
2015-12-21 21:17:15 +01:00
LogText "Result: no running Exim processes found"
2017-02-28 20:17:01 +01:00
if IsVerbose; then Display --indent 2 --text "- Exim status" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
2014-08-26 17:33:55 +02:00
fi
fi
2018-06-26 11:34:09 +02:00
#
#################################################################################
#
# Test : MAIL-8804
2018-06-26 11:27:26 +02:00
# Description : Exim configuration options
if [ ${EXIM_RUNNING} -eq 1 -a ! "${EXIMBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
2020-03-04 15:04:54 +01:00
Register --test-no MAIL-8804 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Exim configuration options"
2018-06-26 11:27:26 +02:00
if [ ${SKIPTEST} -eq 0 -a ${EXIM_RUNNING} -eq 1 ]; then
LogText "Test: Exim configuration options"
2019-07-26 14:14:54 +02:00
EXIM_ROUTERS=$(${EXIMBINARY} -bP router_list)
2018-06-26 11:27:26 +02:00
unset FIND FIND2 FIND3 FIND4
# Local Only
2023-04-23 23:38:21 +02:00
FIND=$(echo "${EXIM_ROUTERS}" | ${GREPBINARY} -E '^nonlocal')
2018-06-26 11:27:26 +02:00
# Internet Host
2023-04-23 23:38:21 +02:00
FIND2=$(echo "${EXIM_ROUTERS}" | ${GREPBINARY} -E '^dnslookup_relay_to_domains')
2018-06-26 11:27:26 +02:00
# Smarthost or Satellite
2023-04-23 23:38:21 +02:00
FIND3=$(echo "${EXIM_ROUTERS}" | ${GREPBINARY} -E '^smarthost')
2018-06-26 11:27:26 +02:00
2019-07-16 13:20:30 +02:00
if [ -n "${FIND}" ]; then
2018-06-26 11:27:26 +02:00
EXIM_TYPE="LOCAL ONLY"
2019-07-16 13:20:30 +02:00
elif [ -n "${FIND2}" ]; then
2018-06-26 11:27:26 +02:00
EXIM_TYPE="INTERNET HOST"
2019-07-16 13:20:30 +02:00
elif [ -n "${FIND3}" ]; then
2023-04-23 23:38:21 +02:00
FIND4=$(echo "${EXIM_ROUTERS}" | ${GREPBINARY} -E '^hub_user_smarthost')
2019-07-16 13:20:30 +02:00
if [ -n "${FIND4}" ]; then
2018-06-26 11:27:26 +02:00
EXIM_TYPE="SATELLITE"
else
EXIM_TYPE="SMARTHOST"
fi
fi
2019-07-16 13:20:30 +02:00
if [ -n "${EXIM_TYPE}" ]; then
2018-06-26 11:27:26 +02:00
LogText "Result: Exim Type - ${EXIM_TYPE}"
Display --indent 4 --text "- Type" --result "${EXIM_TYPE}" --color GREEN
else
LogText "Result: Exim Type - Not Configured"
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- Type" --result "${STATUS_NOT_CONFIGURED}" --color WHITE
2018-06-26 11:27:26 +02:00
fi
if [ "${EXIM_TYPE}" = "INTERNET HOST" -o "${EXIM_TYPE}" = "SMARTHOST" ]; then
LogText "Test: Exim Public Interfaces"
2019-07-26 14:14:54 +02:00
EXIM_IP=$(${EXIMBINARY} -bP local_interfaces | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/\s*<\s*\;\?//' -e 's/\s*::0\s*\;\?//' -e 's/\s*127.0.0.1\s*\;\?//' -e 's/^\s*//' -e 's/\s*$//')
2019-07-16 13:20:30 +02:00
if [ -n "${EXIM_IP}" ]; then
2018-06-26 11:27:26 +02:00
LogText "Result: ${EXIM_IP}"
Display --indent 4 --text "- Public Interface(s)" --result "${EXIM_IP}" --color GREEN
else
LogText "Result: None"
Display --indent 4 --text "- Public Interface(s)" --result "NONE" --color WHITE
fi
LogText "Test: Exim TLS State"
2019-07-26 14:14:54 +02:00
EXIM_TLS=$(${EXIMBINARY} -bP tls_advertise_hosts | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
2019-07-16 13:20:30 +02:00
if [ -n "${EXIM_TLS}" ]; then
2018-06-26 11:27:26 +02:00
LogText "Result: Enabled"
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- TLS" --result "${STATUS_ENABLED}" --color GREEN
2018-06-26 11:27:26 +02:00
else
LogText "Result: Not enabled"
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- TLS" --result "${STATUS_DISABLED}" --color WHITE
2018-06-26 11:27:26 +02:00
fi
fi
2019-07-16 13:20:30 +02:00
if [ -n "${EXIM_TYPE}" -a "${EXIM_TYPE}" != "LOCAL ONLY" ]; then
2018-06-26 11:27:26 +02:00
LogText "Test: Exim Certificate and Private Key"
case "${EXIM_TYPE}" in
"INTERNET HOST" | "SMARTHOST" )
2019-07-26 14:14:54 +02:00
EXIM_CERTIFICATE=$(${EXIMBINARY} -bP tls_certificate | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
EXIM_PRIVATEKEY=$(${EXIMBINARY} -bP tls_privatekey | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
2018-06-26 11:27:26 +02:00
;;
"SATELLITE" )
2019-07-26 14:14:54 +02:00
EXIM_CERTIFICATE=$(${EXIMBINARY} -bP transport remote_smtp_smarthost | ${GREPBINARY} tls_certificate | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
EXIM_PRIVATEKEY=$(${EXIMBINARY} -bP transport remote_smtp_smarthost | ${GREPBINARY} tls_privatekey | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
2018-06-26 11:27:26 +02:00
;;
esac
2019-07-16 13:20:30 +02:00
if [ -n "${EXIM_CERTIFICATE}" ]; then
2018-06-26 11:27:26 +02:00
LogText "Result: ${EXIM_CERTIFICATE}"
if [ -f "${EXIM_CERTIFICATE}" ]; then
Display --indent 4 --text "- Certificate" --result "${STATUS_FOUND}" --color GREEN
2019-09-11 18:47:28 +02:00
LogText "Result: Certificate found"
2018-06-26 11:27:26 +02:00
else
Display --indent 4 --text "- Certificate" --result "${STATUS_NOT_FOUND}" --color YELLOW
2019-09-11 18:47:28 +02:00
LogText "Result: Certificate not found"
2018-06-26 11:27:26 +02:00
fi
else
2019-09-11 18:47:28 +02:00
LogText "Result: Certificate not set"
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- Certificate" --result "${STATUS_NOT_CONFIGURED}" --color WHITE
2018-06-26 11:27:26 +02:00
fi
2019-07-16 13:20:30 +02:00
if [ -n "${EXIM_PRIVATEKEY}" ]; then
2018-06-26 11:27:26 +02:00
LogText "Result: ${EXIM_PRIVATEKEY}"
if [ -f "${EXIM_PRIVATEKEY}" ]; then
2019-09-11 18:47:28 +02:00
LogText "Result: Private Key found"
2018-06-26 11:27:26 +02:00
Display --indent 4 --text "- Private Key" --result "${STATUS_FOUND}" --color GREEN
else
Display --indent 4 --text "- Private Key" --result "${STATUS_NOT_FOUND}" --color YELLOW
2019-09-11 18:47:28 +02:00
LogText "Result: Private Key not found"
2018-06-26 11:27:26 +02:00
fi
else
2019-09-11 18:47:28 +02:00
LogText "Result: Private Key not set"
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- Private Key" --result "${STATUS_NOT_CONFIGURED}" --color WHITE
2018-06-26 11:27:26 +02:00
fi
2019-05-23 22:31:36 +02:00
LogText "Test: Exim Verify Certificates"
case "${EXIM_TYPE}" in
"INTERNET HOST" | "SMARTHOST" )
2019-07-26 14:14:54 +02:00
EXIM_CERTIFICATES=$(${EXIMBINARY} -bP tls_verify_certificate | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
2019-05-23 22:31:36 +02:00
;;
"SATELLITE" )
2019-07-26 14:14:54 +02:00
EXIM_CERTIFICATES=$(${EXIMBINARY} -bP transport remote_smtp_smarthost | ${GREPBINARY} tls_verify_certificate | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
2019-05-23 22:31:36 +02:00
;;
esac
case "${EXIM_CERTIFICATES}" in
"")
2019-07-26 14:14:54 +02:00
# This condition results in a RED warning because it should never be hit
2019-05-23 22:31:36 +02:00
LogText "Result: Verify Certificates not set"
Display --indent 4 --text "- Verify Certificates not set" --result "${STATUS_WARNING}" --color RED
;;
"system")
2019-07-26 14:14:54 +02:00
# This is the default setting and should be the most common
2019-05-23 22:31:36 +02:00
LogText "Result: Verify Certificates set to system default"
Display --indent 4 --text "- Verify Certificates" --result "DEFAULT" --color WHITE
;;
*)
2019-07-26 14:14:54 +02:00
# This condition should only be hit when it has been set to a custom value
2019-05-23 22:31:36 +02:00
LogText "Result: Verify Certificates set to \"${EXIM_CERTIFICATES}\""
Display --indent 4 --text "- Verify Certificates" --result "CUSTOM" --color GREEN
;;
esac
case "${EXIM_TYPE}" in
"INTERNET HOST" | "SMARTHOST" )
2019-07-26 14:14:54 +02:00
EXIM_VERIFY_HOSTS=$(${EXIMBINARY} -bP tls_verify_hosts | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
EXIM_TRY_VERIFY_HOSTS=$(${EXIMBINARY} -bP tls_try_verify_hosts | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
2019-05-23 22:31:36 +02:00
;;
"SATELLITE" )
2019-07-26 14:14:54 +02:00
EXIM_VERIFY_HOSTS=$(${EXIMBINARY} -bP transport remote_smtp_smarthost | ${GREPBINARY} tls_verify_hosts | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
EXIM_TRY_VERIFY_HOSTS=$(${EXIMBINARY} -bP transport remote_smtp_smarthost | ${GREPBINARY} tls_try_verify_hosts | ${CUTBINARY} -d '=' -f2 | ${SEDBINARY} -e 's/^\s*//' -e 's/\s*$//')
2019-05-23 22:31:36 +02:00
;;
esac
LogText "Test: Exim Try Verify Hosts"
2019-09-19 14:05:15 +02:00
if [ -n "${EXIM_TRY_VERIFY_HOSTS}" ]; then
2019-09-11 18:47:28 +02:00
LogText "Result: Try Verify Hosts enabled"
2019-05-23 22:31:36 +02:00
case "${EXIM_TYPE}" in
"INTERNET HOST" )
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- Try Verify Hosts" --result "${STATUS_ENABLED}" --color GREEN
2019-05-23 22:31:36 +02:00
;;
"SATELLITE" | "SMARTHOST" )
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- Try Verify Hosts" --result "${STATUS_ENABLED}" --color YELLOW
2019-05-23 22:31:36 +02:00
;;
esac
else
2019-09-11 18:47:28 +02:00
LogText "Result: Try Verify Hosts not enabled"
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- Try Verify Hosts" --result "${STATUS_DISABLED}" --color WHITE
2019-05-23 22:31:36 +02:00
fi
LogText "Test: Exim Verify Hosts"
2019-09-19 14:05:15 +02:00
if [ -n "${EXIM_VERIFY_HOSTS}" ]; then
2019-09-11 18:47:28 +02:00
LogText "Result: Verify Hosts enabled"
2019-05-23 22:31:36 +02:00
case "${EXIM_TYPE}" in
"INTERNET HOST" )
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- Verify Hosts" --result "${STATUS_ENABLED}" --color YELLOW
2019-05-23 22:31:36 +02:00
;;
"SATELLITE" | "SMARTHOST" )
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- Verify Hosts" --result "${STATUS_ENABLED}" --color GREEN
2019-05-23 22:31:36 +02:00
;;
esac
else
2019-09-11 18:47:28 +02:00
LogText "Result: Verify Hosts not enabled"
2019-09-12 11:13:39 +02:00
Display --indent 4 --text "- Verify Hosts" --result "${STATUS_DISABLED}" --color WHITE
2019-05-23 22:31:36 +02:00
fi
2018-06-26 11:27:26 +02:00
fi
fi
2014-08-26 17:33:55 +02:00
#
#################################################################################
#
# Test : MAIL-8814
# Description : Check Postfix process
# Notes : qmgr and pickup run under postfix uid, without full path to binary
2016-07-24 17:22:00 +02:00
Register --test-no MAIL-8814 --weight L --network NO --category security --description "Check postfix process status"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2015-12-21 21:17:15 +01:00
LogText "Test: check Postfix status"
2014-08-26 17:33:55 +02:00
# Some other processes also use master, therefore it should include both master and postfix
2016-09-10 16:12:44 +02:00
FIND1=$(${PSBINARY} ax | ${GREPBINARY} "master" | ${GREPBINARY} "postfix" | ${GREPBINARY} -v "grep")
2019-07-16 13:20:30 +02:00
if [ -n "${FIND1}" ]; then
2015-12-21 21:17:15 +01:00
LogText "Result: found running Postfix process"
2017-02-28 20:17:01 +01:00
Display --indent 2 --text "- Postfix status" --result "${STATUS_RUNNING}" --color GREEN
2014-08-26 17:33:55 +02:00
POSTFIX_RUNNING=1
SMTP_DAEMON="postfix"
2017-02-28 20:17:01 +01:00
Report "smtp_daemon[]=postfix"
2016-09-10 16:12:44 +02:00
else
2015-12-21 21:17:15 +01:00
LogText "Result: no running Postfix processes found"
2017-02-28 20:17:01 +01:00
if IsVerbose; then Display --indent 2 --text "- Postfix status" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
2014-08-26 17:33:55 +02:00
fi
fi
#
#################################################################################
#
# Test : MAIL-8816
# Description : Check Postfix configuration
if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
2016-07-24 17:22:00 +02:00
Register --test-no MAIL-8816 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Postfix configuration"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2017-02-28 20:17:01 +01:00
Display --indent 4 --text "- Postfix configuration" --result "${STATUS_FOUND}" --color GREEN
2016-09-10 16:12:44 +02:00
POSTFIX_CONFIGDIR=$(${POSTCONFBINARY} 2> /dev/null | ${GREPBINARY} '^config_directory' | ${AWKBINARY} '{ print $3 }')
2014-08-26 17:33:55 +02:00
POSTFIX_CONFIGFILE="${POSTFIX_CONFIGDIR}/main.cf"
2015-12-21 21:17:15 +01:00
LogText "Postfix configuration directory: ${POSTFIX_CONFIGDIR}"
LogText "Postfix configuration file: ${POSTFIX_CONFIGFILE}"
2014-08-26 17:33:55 +02:00
fi
#
#################################################################################
2017-02-28 20:17:01 +01:00
#
# Test : MAIL-8817
# Description : Check Postfix configuration for error
if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no MAIL-8817 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Postfix configuration errors"
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: using postconf to see if Postfix configuration has errors"
FIND=$(${POSTCONFBINARY} 2>&1 | ${GREPBINARY} "warning:")
2019-07-16 13:20:30 +02:00
if [ -n "${FIND}" ]; then
2017-02-28 20:17:01 +01:00
Report "postfix_config_error=1"
Display --indent 6 --text "- Postfix configuration errors" --result "${STATUS_WARNING}" --color RED
LogText "Result: found an error or warning in the Postfix configuration. Manual check suggested."
2019-12-18 12:17:46 +01:00
ReportSuggestion "${TEST_NO}" "Found a configuration error in Postfix" "${POSTFIX_CONFIGFILE}" "text:run postconf > /dev/null"
2017-02-28 20:17:01 +01:00
else
LogText "Result: all looks to be fine with Postfix configuration"
if IsVerbose; then Display --indent 6 --text "- Postfix configuration errors" --result "${STATUS_OK}" --color GREEN; fi
fi
fi
#
#################################################################################
2014-08-26 17:33:55 +02:00
#
# Test : MAIL-8818
# Description : Check Postfix configuration
if [ ${POSTFIX_RUNNING} -eq 1 -a ! "${POSTFIXBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
2016-07-24 17:22:00 +02:00
Register --test-no MAIL-8818 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check Postfix configuration: banner"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2015-12-21 21:17:15 +01:00
LogText "Test: Checking Postfix banner"
2016-08-25 15:31:33 +02:00
FIND1=$(${POSTCONFBINARY} 2> /dev/null | ${GREPBINARY} '^smtpd_banner' | ${GREPBINARY} 'postfix')
FIND2=$(${POSTCONFBINARY} 2> /dev/null | ${GREPBINARY} '^smtpd_banner' | ${GREPBINARY} '$mail_name')
FIND3=$(${POSTCONFBINARY} 2> /dev/null | ${GREPBINARY} '^mail_name' | ${GREPBINARY} -i 'postfix')
2017-02-21 15:25:48 +01:00
FIND4=$(${POSTCONFBINARY} 2> /dev/null | ${GREPBINARY} '^smtpd_banner' | ${GREPBINARY} -i "${OS}")
2019-07-16 13:20:30 +02:00
if [ -n "${LINUX_VERSION}" ]; then
2017-02-21 15:25:48 +01:00
FIND5=$(${POSTCONFBINARY} 2> /dev/null | ${GREPBINARY} '^smtpd_banner' | ${GREPBINARY} -i "${LINUX_VERSION}")
fi
2014-08-26 17:33:55 +02:00
SHOWWARNING=0
2017-01-28 15:48:26 +01:00
2019-07-16 13:20:30 +02:00
if [ -n "${FIND1}" ]; then
2014-08-26 17:33:55 +02:00
SHOWWARNING=1
2017-01-28 15:48:26 +01:00
Report "banner_software_disclosure[]=${FIND1}"
2019-07-16 13:20:30 +02:00
elif [ -n "${FIND2}" -a -n "${FIND3}" ]; then
2017-01-28 15:48:26 +01:00
SHOWWARNING=1
Report "banner_software_disclosure[]=${FIND2}"
2019-07-16 13:20:30 +02:00
elif [ -n "${FIND4}" ]; then
2017-01-28 15:48:26 +01:00
SHOWWARNING=1
Report "banner_os_disclosure[]=${FIND4}"
2019-07-16 13:20:30 +02:00
elif [ -n "${FIND5}" ]; then
2017-02-21 15:25:48 +01:00
SHOWWARNING=1
Report "banner_os_disclosure[]=${FIND5}"
2014-08-26 17:33:55 +02:00
fi
2017-01-28 15:48:26 +01:00
2014-08-26 17:33:55 +02:00
if [ ${SHOWWARNING} -eq 1 ]; then
2017-02-28 20:17:01 +01:00
Display --indent 6 --text "- Postfix banner" --result "${STATUS_WARNING}" --color RED
2017-01-28 15:48:26 +01:00
LogText "Result: found OS, or mail_name in SMTP banner, and/or mail_name contains 'Postfix'."
2019-12-18 12:17:46 +01:00
ReportWarning "${TEST_NO}" "Found some information disclosure in SMTP banner (OS or software name)"
ReportSuggestion "${TEST_NO}" "You are advised to hide the mail_name (option: smtpd_banner) from your postfix configuration. Use postconf -e or change your main.cf file (${POSTFIX_CONFIGFILE})"
2017-01-28 15:48:26 +01:00
else
2017-02-28 20:17:01 +01:00
if IsVerbose; then Display --indent 6 --text "- Postfix banner" --result "${STATUS_OK}" --color GREEN; fi
2014-08-26 17:33:55 +02:00
fi
fi
#
#################################################################################
2017-03-27 17:14:11 +02:00
#
# Test : MAIL-8820
Register --test-no MAIL-8820 --weight L --network NO --category security --description "Postfix configuration scan"
if [ ${SKIPTEST} -eq 0 ]; then
if [ "$(postconf -h inet_interfaces 2> /dev/null)" = "all" ]; then
if ! SkipAtomicTest "${TEST_NO}:disable_vrfy_command"; then
if [ "$(postconf -h disable_vrfy_command 2> /dev/null)" = "no" ]; then
ReportSuggestion "${TEST_NO}:disable_vrfy_command" "Disable the 'VRFY' command" "disable_vrfy_command=no" "text:run postconf -e disable_vrfy_command=yes to change the value"
fi
fi
fi
fi
#
#################################################################################
2014-08-26 17:33:55 +02:00
#
# Test : MAIL-8838
# Description : Check Dovecot process
2016-07-24 17:22:00 +02:00
Register --test-no MAIL-8838 --weight L --network NO --category security --description "Check dovecot process"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2015-12-21 21:17:15 +01:00
LogText "Test: check dovecot status"
2019-07-26 11:32:48 +02:00
if IsRunning "dovecot"; then
2015-12-21 21:17:15 +01:00
LogText "Result: found running dovecot process"
2017-02-28 20:17:01 +01:00
Display --indent 2 --text "- Dovecot status" --result "${STATUS_RUNNING}" --color GREEN
2014-08-26 17:33:55 +02:00
DOVECOT_RUNNING=1
IMAP_DAEMON="dovecot"
POP3_DAEMON="dovecot"
2017-02-28 20:17:01 +01:00
Report "pop3_daemon[]=dovecot"
Report "imap_daemon[]=dovecot"
2016-09-10 16:12:44 +02:00
else
2015-12-21 21:17:15 +01:00
LogText "Result: dovecot not found"
2017-02-28 20:17:01 +01:00
if IsVerbose; then Display --indent 2 --text "- Dovecot status" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
2014-08-26 17:33:55 +02:00
fi
fi
#
#################################################################################
#
# Test : MAIL-8860
# Description : Check Qmail process status
2016-07-24 17:22:00 +02:00
Register --test-no MAIL-8860 --weight L --network NO --category security --description "Check Qmail status"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2015-12-21 21:17:15 +01:00
LogText "Test: check Qmail status"
2019-07-26 11:32:48 +02:00
if IsRunning "qmail-smtpd"; then
2015-12-21 21:17:15 +01:00
LogText "Result: found running Qmail process"
2017-02-28 20:17:01 +01:00
Display --indent 2 --text "- Qmail status" --result "${STATUS_RUNNING}" --color GREEN
2014-08-26 17:33:55 +02:00
QMAIL_RUNNING=1
2014-08-28 14:03:31 +02:00
SMTP_DAEMON="qmail"
2017-02-28 20:17:01 +01:00
Report "smtp_daemon[]=qmail"
2016-09-10 16:12:44 +02:00
else
2015-12-21 21:17:15 +01:00
LogText "Result: no running Qmail processes found"
2017-02-28 20:17:01 +01:00
if IsVerbose; then Display --indent 2 --text "- Qmail status" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
2014-08-26 17:33:55 +02:00
fi
fi
#
#################################################################################
#
# Test : MAIL-8880
# Description : Check Sendmail process status
2016-07-24 17:22:00 +02:00
Register --test-no MAIL-8880 --weight L --network NO --category security --description "Check Sendmail status"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2015-12-21 21:17:15 +01:00
LogText "Test: check sendmail status"
2019-07-26 11:32:48 +02:00
if IsRunning "sendmail"; then
2015-12-21 21:17:15 +01:00
LogText "Result: found running Sendmail process"
2017-02-28 20:17:01 +01:00
Display --indent 2 --text "- Sendmail status" --result "${STATUS_RUNNING}" --color GREEN
2014-08-26 17:33:55 +02:00
SENDMAIL_RUNNING=1
SMTP_DAEMON="sendmail"
2017-02-28 20:17:01 +01:00
Report "smtp_daemon[]=sendmail"
2016-09-10 16:12:44 +02:00
else
2015-12-21 21:17:15 +01:00
LogText "Result: no running Sendmail processes found"
2017-02-28 20:17:01 +01:00
if IsVerbose; then Display --indent 2 --text "- Sendmail status" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
2014-08-26 17:33:55 +02:00
fi
fi
#
#################################################################################
#
# Test : MAIL-8920
2014-11-29 16:20:20 +01:00
# Description : Check OpenSMTPD process status
2019-07-16 13:20:30 +02:00
if [ -n "${SMTPCTLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
2016-07-24 17:22:00 +02:00
Register --test-no MAIL-8920 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check OpenSMTPD status"
2014-08-26 17:33:55 +02:00
if [ ${SKIPTEST} -eq 0 ]; then
2015-12-21 21:17:15 +01:00
LogText "Test: check smtpd status"
2023-04-23 23:38:21 +02:00
FIND=$(${PSBINARY} ax | ${GREPBINARY} -E "(/smtpd|smtpd: \[priv\]|smtpd: smtp)" | ${GREPBINARY} -v "grep")
2014-08-26 17:33:55 +02:00
if [ ! "${FIND}" = "" ]; then
2015-12-21 21:17:15 +01:00
LogText "Result: found running smtpd process"
2017-02-28 20:17:01 +01:00
Display --indent 2 --text "- OpenSMTPD status" --result "${STATUS_RUNNING}" --color GREEN
2014-11-29 16:20:20 +01:00
OPENSMTPD_RUNNING=1
2017-02-28 20:17:01 +01:00
Report "smtp_daemon[]=opensmtpd"
2016-09-10 16:12:44 +02:00
else
2015-12-21 21:17:15 +01:00
LogText "Result: smtpd not found"
2017-02-28 20:17:01 +01:00
if IsVerbose; then Display --indent 2 --text "- OpenSMTPD status" --result "${STATUS_NOT_FOUND}" --color WHITE; fi
2014-08-26 17:33:55 +02:00
fi
fi
#
#################################################################################
#
2015-12-21 21:17:15 +01:00
Report "imap_daemon=${IMAP_DAEMON}"
Report "pop3_daemon=${POP3_DAEMON}"
Report "smtp_daemon=${SMTP_DAEMON}"
2014-08-26 17:33:55 +02:00
2016-04-28 12:31:57 +02:00
WaitForKeyPress
2014-08-26 17:33:55 +02:00
#
#================================================================================
2016-03-13 16:03:46 +01:00
# Lynis - Security Auditing and System Hardening for Linux and UNIX - https://cisofy.com