tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-23 13:54:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

Adjust counting and reporting of plugins

Browse Source
This commit is contained in:
mboelen 2016-01-19 12:09:42 +01:00
parent 6bab259a5e
commit 00ebad930a
1 changed files with 52 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
lynis
View File

@ -649,67 +649,68 @@
if [ ${RUN_PLUGINS} -eq 1 ]; then if [ ${RUN_PLUGINS} -eq 1 ]; then
# Plugins function
RunPlugins()
{
if [ $# -eq 0 ]; then echo "RunPlugins should be started with phase number"; ExitFatal; fi
PLUGIN_PHASE=$1
if [ ${PLUGIN_PHASE} -eq 0 -o ${PLUGIN_PHASE} -gt 2 ]; then echo "Incorrect phase number when calling RunPlugins"; ExitFatal; fi
logtextbreak
InsertPluginSection "Plugins (phase ${PLUGIN_PHASE})"
if [ ${PLUGIN_PHASE} -eq 1 ]; then
Display --text "Note: plugins have more extensive tests, which may take a few minutes to complete"
Display --text " "
logtext "Searching plugins..."
fi
N_PLUGIN=0 N_PLUGIN=0
N_PLUGIN_ENABLED=0 N_PLUGIN_ENABLED=0
# Search plugins # Plugins function
FIND_PLUGINS=`find ${PLUGINDIR} -type f -name "plugin_[a-z]*" -exec echo \{\} \; | sort` RunPlugins()
for PLUGIN_FILE in ${FIND_PLUGINS}; do {
logtext "Found plugin file: ${PLUGIN_FILE}" if [ $# -eq 0 ]; then echo "RunPlugins should be started with phase number"; ExitFatal; fi
# Double check if output is a valid file name PLUGIN_PHASE=$1
if [ -f ${PLUGIN_FILE} ]; then if [ ${PLUGIN_PHASE} -eq 0 -o ${PLUGIN_PHASE} -gt 2 ]; then echo "Incorrect phase number when calling RunPlugins"; ExitFatal; fi
FIND2=`grep "^# PLUGIN_NAME=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'` logtextbreak
if [ ! "${FIND2}" = "" -a ! "${FIND2}" = "[plugin_name]" ]; then InsertPluginSection "Plugins (phase ${PLUGIN_PHASE})"
N_PLUGIN=`expr ${N_PLUGIN} + 1` if [ ${PLUGIN_PHASE} -eq 1 ]; then
FIND3=`grep "^plugin=${FIND2}" ${PROFILE}` Display --text "Note: plugins have more extensive tests, which may take a few minutes to complete"
if [ ! "${FIND3}" = "" ]; then Display --text " "
logtext "Plugin ${FIND2} is enabled" logtext "Searching plugins..."
# Plugins should have at least a _phase1 part, _phase2 is optional at this moment fi
PLUGINFILE="${PLUGINDIR}/plugin_${FIND2}_phase${PLUGIN_PHASE}"
if [ -f ${PLUGINFILE} ]; then # Search plugins
PLUGIN_VERSION=`grep "^# PLUGIN_VERSION=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'` FIND_PLUGINS=`find ${PLUGINDIR} -type f -name "plugin_[a-z]*" -exec echo \{\} \; | sort`
PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'` for PLUGIN_FILE in ${FIND_PLUGINS}; do
FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10` logtext "Found plugin file: ${PLUGIN_FILE}"
if [ "${FIND4}" = "rw-r--r--" -o "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then # Double check if output is a valid file name
logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})" if [ -f ${PLUGIN_FILE} ]; then
report "plugin_enabled_phase1[]=${FIND2}|${PLUGIN_VERSION}|" FIND2=`grep "^# PLUGIN_NAME=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'`
N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1` if [ ! "${FIND2}" = "" -a ! "${FIND2}" = "[plugin_name]" ]; then
Display --indent 2 --text "- ${CYAN}Plugin${NORMAL}: ${WHITE}${FIND2}${NORMAL}" if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN=`expr ${N_PLUGIN} + 1`; fi
if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress " ["; fi FIND3=`grep "^plugin=${FIND2}" ${PROFILE}`
. ${PLUGINFILE} if [ ! "${FIND3}" = "" ]; then
if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress "]"; Progress --finish; fi logtext "Plugin ${FIND2} is enabled"
logtextbreak # Plugins should have at least a _phase1 part, _phase2 is optional at this moment
logtext "Result: ${FIND2} plugin (phase ${PLUGIN_PHASE}) finished" PLUGINFILE="${PLUGINDIR}/plugin_${FIND2}_phase${PLUGIN_PHASE}"
if [ -f ${PLUGINFILE} ]; then
PLUGIN_VERSION=`grep "^# PLUGIN_VERSION=" ${PLUGIN_FILE} | awk -F= '{ print $2 }'`
PLUGIN_VERSION_NODOTS=`echo ${PLUGIN_VERSION} | sed 's/.//g'`
FIND4=`ls -l ${PLUGINFILE} | cut -c 2-10`
if [ "${FIND4}" = "rw-r--r--" -o "${FIND4}" = "rw-r-----" -o "${FIND4}" = "rw-------" -o "${FIND4}" = "r--------" ]; then
logtext "Including plugin file: ${PLUGINFILE} (version: ${PLUGIN_VERSION})"
report "plugin_enabled_phase${PLUGIN_PHASE}[]=${FIND2}|${PLUGIN_VERSION}|"
if [ ${PLUGIN_PHASE} -eq 1 ]; then N_PLUGIN_ENABLED=`expr ${N_PLUGIN_ENABLED} + 1`; fi
Display --indent 2 --text "- ${CYAN}Plugin${NORMAL}: ${WHITE}${FIND2}${NORMAL}"
if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress " ["; fi
. ${PLUGINFILE}
if [ ${PLUGIN_PHASE} -eq 1 ]; then Progress "]"; Progress --finish; fi
logtextbreak
logtext "Result: ${FIND2} plugin (phase ${PLUGIN_PHASE}) finished"
else
logtext "Plugin ${FIND2}: Skipped (bad file permissions, should be 640, 600 or 400)"
fi
else else
logtext "Plugin ${FIND2}: Skipped (bad file permissions, should be 640, 600 or 400)" logtext "Plugin ${FIND2}: Skipped (can't find file ${PLUGINFILE})"
fi fi
else else
logtext "Plugin ${FIND2}: Skipped (can't find file ${PLUGINFILE})" logtext "Plugin ${FIND2}: Skipped (not enabled)"
fi fi
else else
logtext "Plugin ${FIND2}: Skipped (not enabled)" logtext "Skipping plugin file ${PLUGIN_FILE} (no valid plugin name found)"
fi fi
else
logtext "Skipping plugin file ${PLUGIN_FILE} (no valid plugin name found)"
fi fi
fi logtext "--"
logtext "--" done
done logtext "Result: Found ${N_PLUGIN} plugins of which ${N_PLUGIN_ENABLED} are enabled"
logtext "Result: Found ${N_PLUGIN} plugins of which ${N_PLUGIN_ENABLED} are enabled" logtext "Result: Plugins ${PLUGIN_PHASE} finished"
logtext "Result: Plugins ${PLUGIN_PHASE} finished"
} }
RunPlugins 1 RunPlugins 1