tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Zypper enhancements

This commit is contained in:
mboelen 2015-04-16 19:59:51 +02:00
parent 3bce5191ef
commit 017c145357
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
include/tests_ports_packages
View File

@ -280,6 +280,8 @@
Register --test-no PKGS-7328 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Zypper for installed packages" Register --test-no PKGS-7328 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Zypper for installed packages"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
N=0 N=0
PACKAGE_AUDIT_TOOL_FOUND=1
PACKAGE_AUDIT_TOOL="zypper"
FIND=`${ZYPPERBINARY} se -i | awk '{ if ($1=="i") { print $3 } }'` FIND=`${ZYPPERBINARY} se -i | awk '{ if ($1=="i") { print $3 } }'`
if [ ! "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
for I in ${FIND}; do for I in ${FIND}; do
@ -301,14 +303,16 @@
if [ ! "${ZYPPERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi if [ ! "${ZYPPERBINARY}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no PKGS-7330 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Zypper for vulnerable packages" Register --test-no PKGS-7330 --preqs-met ${PREQS_MET} --weight L --network NO --description "Querying Zypper for vulnerable packages"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FIND=`${ZYPPERBINARY} lp | ${AWKBINARY} '{ if ($7=="security") { if ($11=="update") { print $13 } else { print $11 } } }' | sed 's/:$//' | grep -v "^$" | sort | uniq` FIND=`${ZYPPERBINARY} pchk | grep "(0 security patches)"`
if [ "${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
logtext "Result: No security updates found with Zypper" logtext "Result: No security updates found with Zypper"
Display --indent 2 --text "- Using Zypper to obtain vulnerable packages" --result NONE --color GREEN Display --indent 2 --text "- Using Zypper to obtain vulnerable packages" --result NONE --color GREEN
else else
Display --indent 2 --text "- Using Zypper to obtain vulnerabilities" --result WARNING --color RED Display --indent 2 --text "- Using Zypper to obtain vulnerabilities" --result WARNING --color RED
logtext "Result: Zypper found one or more installed packages which are vulnerable." logtext "Result: Zypper found one or more installed packages which are vulnerable."
ReportWarning ${TEST_NO} "H" "Found one or more vulnerable packages installed" ReportWarning ${TEST_NO} "H" "Found one or more vulnerable packages installed"
# Unfortunately zypper does not properly give back which package it is. Usually best guess is last word on the line
FIND=`${ZYPPERBINARY} lp | ${AWKBINARY} '{ if ($5=="security" || $7=="security") { print $NF }}' | sed 's/:$//' | grep -v "^$" | sort | uniq`
logtext "List of vulnerable packages/version:" logtext "List of vulnerable packages/version:"
for I in ${FIND}; do for I in ${FIND}; do
report "vulnerable_package[]=${I}" report "vulnerable_package[]=${I}"