tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-04-08 17:15:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Improve systemd detection

Browse Source
This commit is contained in:
Michael Boelen 2017-08-17 20:28:32 +02:00
parent c0a6aaf855
commit 00648a636c
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
include/binaries
View File

@ -238,8 +238,8 @@
sha256|sha256sum) SHA256SUMFOUND=1; SHA256SUMBINARY="${BINARY}"; LogText " Found known binary: sha256/sha256sum (crypto hashing) - ${BINARY}" ;;
ssh-keyscan) SSHKEYSCANFOUND=1; SSHKEYSCANBINARY="${BINARY}"; LogText " Found known binary: ssh-keyscan (scanner for SSH keys) - ${BINARY}" ;;
sysctl) SYSCTLFOUND=1; SYSCTLBINARY="${BINARY}"; LogText " Found known binary: sysctl (kernel parameters) - ${BINARY}" ;;
syslog-ng) SYSLOGNGFOUND=1; SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=$(${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'); LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
systemctl) SYSTEMCTLFOUND=1; SYSTEMCTLBINARY="${BINARY}"; SERVICE_MANAGER="systemd"; LogText " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
syslog-ng) SYSLOGNGFOUND=1; SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=$(${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'); LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
systemctl) SYSTEMCTLFOUND=1; SYSTEMCTLBINARY="${BINARY}"; SERVICE_MANAGER="systemd"; HAS_SYSTEMD=1; LogText " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
timedatectl) TIMEDATECTLFOUND=1; TIMEDATECTL="${BINARY}"; LogText " Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
tr) TRFOUND=1; TRBINARY="${BINARY}"; LogText " Found known binary: tr (text transformation) - ${BINARY}" ;;
tripwire) TRIPWIREFOUND=1; TRIPWIREBINARY="${BINARY}"; LogText " Found known binary: tripwire (file integrity) - ${BINARY}" ;;
@ -255,7 +255,7 @@
wc) WCBINARY="${BINARY}"
LogText " Found known binary: wc (word count) - ${BINARY}"
;;
wget) WGETFOUND=1; WGETBINARY="${BINARY}"; WGETVERSION=$(${BINARY} -V | grep "^GNU Wget" | awk '{ print $3 }'); LogText "Found ${BINARY} (version ${WGETVERSION})" ;;
wget) WGETFOUND=1; WGETBINARY="${BINARY}"; WGETVERSION=$(${BINARY} -V | grep "^GNU Wget" | awk '{ print $3 }'); LogText "Found ${BINARY} (version ${WGETVERSION})" ;;
yum) YUMFOUND=1; YUMBINARY="${BINARY}"; LogText " Found known binary: yum (package manager) - ${BINARY}" ;;
xargs) XARGSBINARY="${BINARY}"
LogText " Found known binary: xargs (command output redirection) - ${BINARY}"

15
lynis
View File

@ -783,13 +783,22 @@ ${NORMAL}
#
#################################################################################
#
# Check for systemd presence
if [ -d ${ROOTDIR}lib/systemd/system -a -f ${ROOTDIR}usr/lib/systemd/systemd ]; then
# Check for systemd presence (already tested via binaries: systemctl)
if [ ${HAS_SYSTEMD} -eq 0 ]; then
FOUND=0
# Backup option to do additional testing for systemd
LIST="${ROOTDIR}lib/systemd/system"; for ITEM in ${LIST}; do if [ -d ${ITEM} ]; then FOUND=1; break; fi; done
LIST="${ROOTDIR}usr/lib/systemd/systemd"
if [ ${FOUND} -eq 0 ]; then for ITEM in ${LIST}; do if [ -f ${ITEM} ]; then FOUND=1; break; fi; done; fi
else
FOUND=1
fi
if [ ${FOUND} -eq 1 ]; then
LogText "Result: systemd is using systemd"
HAS_SYSTEMD=1
Report "systemd=1"
else
LogText "Result: systemd not found, or partially"
LogText "Result: systemd not found"
Report "systemd=0"
fi
#