tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-01 11:04:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added new test NETW-2400

Browse Source
This commit is contained in:
Michael Boelen 2020-04-04 15:28:04 +02:00
parent 4680f94d11
commit 032bb6988e
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
3 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -60,6 +60,7 @@ Using the relevant options, the scan will change base on the intended goal.
- New test: FINT-4341 - verify status of dm-verity (Linux) - New test: FINT-4341 - verify status of dm-verity (Linux)
- New test: INSE-8314 - test for NIS client - New test: INSE-8314 - test for NIS client
- New test: INSE-8316 - test for NIS server - New test: INSE-8316 - test for NIS server
- New test: NETW-2400 - test hostname for valid characters and length
- New test: NETW-2706 - check DNSSEC (systemd) - New test: NETW-2706 - check DNSSEC (systemd)
- New test: NETW-3200 - determine enabled network protocols - New test: NETW-3200 - determine enabled network protocols
- New test: PHP-2382 - detect listen option in PHP (FPM) - New test: PHP-2382 - detect listen option in PHP (FPM)

1
db/tests.db
View File

@ -287,6 +287,7 @@ NAME-4402:test:security:nameservices::Check duplicate line in /etc/hosts:
NAME-4404:test:security:nameservices::Check /etc/hosts contains an entry for this server name: NAME-4404:test:security:nameservices::Check /etc/hosts contains an entry for this server name:
NAME-4406:test:security:nameservices::Check server hostname mapping: NAME-4406:test:security:nameservices::Check server hostname mapping:
NAME-4408:test:security:nameservices::Check localhost to IP mapping: NAME-4408:test:security:nameservices::Check localhost to IP mapping:
NETW-2400:test:basics:networking::Test hostname for valid characters and length:
NETW-2600:test:security:networking:Linux:Checking IPv6 configuration: NETW-2600:test:security:networking:Linux:Checking IPv6 configuration:
NETW-2704:test:security:networking::Basic nameserver configuration tests: NETW-2704:test:security:networking::Basic nameserver configuration tests:
NETW-2705:test:security:networking::Check availability two nameservers: NETW-2705:test:security:networking::Check availability two nameservers:

48
include/tests_networking
View File

@ -34,6 +34,53 @@
InsertSection "Networking" InsertSection "Networking"
# #
################################################################################# #################################################################################
#
# Test : NETW-2400
# Description : Test hostname for valid characters and length
# Notes : FQDN: max 253 characters
# : component: a-z, 0-9, hyphen, not start with hyphen, max 63 characters
# dots allowed as separator
Register --test-no NETW-2400 --weight L --network YES --category basics --description "Hostname length and value check"
if [ ${SKIPTEST} -eq 0 ]; then
# Test first the fully qualified domain name
if [ ${#FQDN} -gt 253 ]; then
# Too long
LogText "Result: FQDN is more than 253 characters"
Display --indent 2 --text "- Hostname (FQDN length)" --result "${STATUS_WARNING}" --color RED
ReportWarning "${TEST_NO}" "Hostname is too long (more than 253 characters)"
elif [ ${#FQDN} -eq 0 ]; then
# FQDN not defined
LogText "Result: FQDN is not defined"
if IsVerbose; then Display --indent 2 --text "- Hostname (FQDN length)" --result "${STATUS_UNKNOWN}" --color YELLOW; fi
else
# Fine
LogText "Result: FQDN is defined and shorter than 253 characters (${#FQDN} characters)"
if IsVerbose; then Display --indent 2 --text "- Hostname (FQDN length)" --result "${STATUS_OK}" --color GREEN; fi
fi
# Now test short hostname
if [ ${#HOSTNAME} -eq 0 ]; then
if IsVerbose; then Display --indent 2 --text "- Hostname (FQDN length)" --result "${STATUS_NONE}" --color RED; fi
LogText "Result: hostname is not defined"
else
# Test length
if [ ${#HOSTNAME} -gt 63 ]; then
LogText "Result: hostname is more than 63 characters"
Display --indent 2 --text "- Hostname (length)" --result "${STATUS_WARNING}" --color RED
fi
# Test valid characters (normally a dot should not be in the name, but we can't be 100% sure we have short name)
FIND=$(echo "${HOSTNAME}" | ${TRBINARY} -d '[a-z0-9\.\-]')
if [ -z "${FIND}" ]; then
LogText "Result: good, no unexpected characters discovered in hostname"
if IsVerbose; then Display --indent 2 --text "- Hostname (allowed characters)" --result "${STATUS_OK}" --color GREEN; fi
else
LogText "Result: unexpected characters discovered in hostname (characters: ${FIND}), which may impact network connectivity"
Display --indent 2 --text "- Hostname (allowed characters)" --result "${STATUS_WARNING}" --color RED
ReportWarning "${TEST_NO}" "Hostname contains invalid characters" "hostname" "text:See log file for invalid characters"
fi
fi
fi
#
#################################################################################
# #
# Test : NETW-2600 # Test : NETW-2600
# Description : Gather IPv6 configuration # Description : Gather IPv6 configuration
@ -736,7 +783,6 @@
################################################################################# #################################################################################
# #
WaitForKeyPress WaitForKeyPress
# #