mirror of https://github.com/CISOfy/lynis.git
[NETW-3200] corrected test
This commit is contained in:
parent
9b978a3581
commit
04c969752a
|
@ -669,37 +669,39 @@
|
|||
Register --test-no NETW-3200 --weight L --network YES --category security --description "Determine available network protocols"
|
||||
if [ ${SKIPTEST} -eq 0 ]; then
|
||||
TESTED=0
|
||||
FOUND_UNCOMMON_PROTOCOL_ENABLED=0
|
||||
case ${OS} in
|
||||
Linux)
|
||||
TESTED=1
|
||||
LogText "Test: checking the status of some network protocols that typically are not used"
|
||||
UNCOMMON_PROTOCOLS="dccp sctp rds tipc"
|
||||
for P in ${UNCOMMON_PROTOCOLS}; do
|
||||
LogText "Test: now checking module '${P}'"
|
||||
if ! SkipAtomicTest "${TEST_NO}:${P}"; then
|
||||
FOUND_UNCOMMON_PROTOCOL=0
|
||||
UNCOMMON_PROTOCOL_DISABLED=0
|
||||
# First check modprobe.conf
|
||||
if [ -f ${ROOTDIR}etc/modprobe.conf ]; then
|
||||
DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf)
|
||||
if [ -n "${DATA}" ]; then
|
||||
LogText "Result: found ${P} module loaded via modprobe.conf"
|
||||
FOUND_UNCOMMON_PROTOCOL=1
|
||||
LogText "Result: found ${P} module disabled via modprobe.conf"
|
||||
UNCOMMON_PROTOCOL_DISABLED=1
|
||||
fi
|
||||
fi
|
||||
# Then additional modprobe configuration files
|
||||
if [ -d ${ROOTDIR}etc/modprobe.d ]; then
|
||||
DATA=$(${GREPBINARY} --files-with-matches --no-messages "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*)
|
||||
if [ -n "${DATA}" ]; then
|
||||
FOUND_UNCOMMON_PROTOCOL=1
|
||||
UNCOMMON_PROTOCOL_DISABLED=1
|
||||
for F in ${DATA}; do
|
||||
LogText "Result: found ${P} module loaded via ${F}"
|
||||
LogText "Result: found ${P} module disabled via ${F}"
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
# Although a protocol may not been enabled using install, it can be loaded. This may be revealed using /proc
|
||||
#/proc/sys/net/
|
||||
|
||||
if [ ${FOUND_UNCOMMON_PROTOCOL} -eq 1 ]; then
|
||||
ReportSuggestion "${TEST_NO}" "Determine if network protocol ${P} needs to be used on this system"
|
||||
if [ ${UNCOMMON_PROTOCOL_DISABLED} -eq 0 ]; then
|
||||
ReportSuggestion "${TEST_NO}" "Determine if protocol '${P}' is really needed on this system"
|
||||
Report "uncommon_network_protocol_enabled=${P}"
|
||||
FOUND_UNCOMMON_PROTOCOL_ENABLED=1
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
@ -711,7 +713,7 @@
|
|||
;;
|
||||
esac
|
||||
if [ ${TESTED} -eq 1 ]; then
|
||||
if [ ${FOUND_UNCOMMON_PROTOCOL} -eq 1 ]; then
|
||||
if [ ${FOUND_UNCOMMON_PROTOCOL_ENABLED} -eq 1 ]; then
|
||||
Display --indent 2 --text "- Uncommon network protocols" --result "${FOUND}" --color YELLOW
|
||||
else
|
||||
Display --indent 2 --text "- Uncommon network protocols" --result "${STATUS_NOT_FOUND}" --color GREEN
|
||||
|
|
Loading…
Reference in New Issue