tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[NETW-3200] corrected test

This commit is contained in:
Michael Boelen 2020-03-25 15:15:42 +01:00
parent 9b978a3581
commit 04c969752a
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
include/tests_networking
View File

@ -669,37 +669,39 @@
Register --test-no NETW-3200 --weight L --network YES --category security --description "Determine available network protocols" Register --test-no NETW-3200 --weight L --network YES --category security --description "Determine available network protocols"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
TESTED=0 TESTED=0
FOUND_UNCOMMON_PROTOCOL_ENABLED=0
case ${OS} in case ${OS} in
Linux) Linux)
TESTED=1 TESTED=1
LogText "Test: checking the status of some network protocols that typically are not used" LogText "Test: checking the status of some network protocols that typically are not used"
UNCOMMON_PROTOCOLS="dccp sctp rds tipc" UNCOMMON_PROTOCOLS="dccp sctp rds tipc"
for P in ${UNCOMMON_PROTOCOLS}; do for P in ${UNCOMMON_PROTOCOLS}; do
LogText "Test: now checking module '${P}'"
if ! SkipAtomicTest "${TEST_NO}:${P}"; then if ! SkipAtomicTest "${TEST_NO}:${P}"; then
FOUND_UNCOMMON_PROTOCOL=0 UNCOMMON_PROTOCOL_DISABLED=0
# First check modprobe.conf
if [ -f ${ROOTDIR}etc/modprobe.conf ]; then if [ -f ${ROOTDIR}etc/modprobe.conf ]; then
DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf) DATA=$(${GREPBINARY} "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.conf)
if [ -n "${DATA}" ]; then if [ -n "${DATA}" ]; then
LogText "Result: found ${P} module loaded via modprobe.conf" LogText "Result: found ${P} module disabled via modprobe.conf"
FOUND_UNCOMMON_PROTOCOL=1 UNCOMMON_PROTOCOL_DISABLED=1
fi fi
fi fi
# Then additional modprobe configuration files
if [ -d ${ROOTDIR}etc/modprobe.d ]; then if [ -d ${ROOTDIR}etc/modprobe.d ]; then
DATA=$(${GREPBINARY} --files-with-matches --no-messages "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*) DATA=$(${GREPBINARY} --files-with-matches --no-messages "^install ${P} /bin/true" ${ROOTDIR}etc/modprobe.d/*)
if [ -n "${DATA}" ]; then if [ -n "${DATA}" ]; then
FOUND_UNCOMMON_PROTOCOL=1 UNCOMMON_PROTOCOL_DISABLED=1
for F in ${DATA}; do for F in ${DATA}; do
LogText "Result: found ${P} module loaded via ${F}" LogText "Result: found ${P} module disabled via ${F}"
done done
fi fi
fi fi
# Although a protocol may not been enabled using install, it can be loaded. This may be revealed using /proc if [ ${UNCOMMON_PROTOCOL_DISABLED} -eq 0 ]; then
#/proc/sys/net/ ReportSuggestion "${TEST_NO}" "Determine if protocol '${P}' is really needed on this system"
if [ ${FOUND_UNCOMMON_PROTOCOL} -eq 1 ]; then
ReportSuggestion "${TEST_NO}" "Determine if network protocol ${P} needs to be used on this system"
Report "uncommon_network_protocol_enabled=${P}" Report "uncommon_network_protocol_enabled=${P}"
FOUND_UNCOMMON_PROTOCOL_ENABLED=1
fi fi
fi fi
done done
@ -711,7 +713,7 @@
;; ;;
esac esac
if [ ${TESTED} -eq 1 ]; then if [ ${TESTED} -eq 1 ]; then
if [ ${FOUND_UNCOMMON_PROTOCOL} -eq 1 ]; then if [ ${FOUND_UNCOMMON_PROTOCOL_ENABLED} -eq 1 ]; then
Display --indent 2 --text "- Uncommon network protocols" --result "${FOUND}" --color YELLOW Display --indent 2 --text "- Uncommon network protocols" --result "${FOUND}" --color YELLOW
else else
Display --indent 2 --text "- Uncommon network protocols" --result "${STATUS_NOT_FOUND}" --color GREEN Display --indent 2 --text "- Uncommon network protocols" --result "${STATUS_NOT_FOUND}" --color GREEN