mirror of https://github.com/CISOfy/lynis.git
Test for presence of /etc/hosts (e.g. Clear Linux OS), changed screen and log output
This commit is contained in:
Michael Boelen
parent
06f015fbae
commit
04d2cb838b
|
|
@ -559,27 +559,27 @@
|
|||
#
|
||||
#################################################################################
|
||||
#
|
||||
if [ -f ${ROOTDIR}etc/hosts ]; then Display --indent 2 --text "- Checking ${ROOTDIR}etc/hosts"; fi
|
||||
if [ -f ${ROOTDIR}etc/hosts ]; then
|
||||
Display --indent 2 --text "- Checking /etc/hosts"
|
||||
else
|
||||
LogText "Result: no /etc/hosts file found"
|
||||
fi
|
||||
|
||||
# Test : NAME-4402
|
||||
# Description : Check /etc/hosts configuration
|
||||
Register --test-no NAME-4402 --weight L --network NO --category security --description "Check duplicate line in /etc/hosts"
|
||||
if [ -f ${ROOTDIR}etc/hosts ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
||||
Register --test-no NAME-4402 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check duplicate line in /etc/hosts"
|
||||
if [ ${SKIPTEST} -eq 0 ]; then
|
||||
LogText "Test: check duplicate line in ${ROOTDIR}etc/hosts"
|
||||
if [ -f ${ROOTDIR}etc/hosts ]; then
|
||||
OUTPUT=$(${AWKBINARY} '{ print $1, $2 }' ${ROOTDIR}etc/hosts | ${EGREPBINARY} -v '^(#|$)' | ${EGREPBINARY} "[a-f0-9]" | ${SORTBINARY} | ${UNIQBINARY} -d)
|
||||
if [ -z "${OUTPUT}" ]; then
|
||||
LogText "Result: OK, no duplicate lines found"
|
||||
Display --indent 4 --text "- Checking ${ROOTDIR}etc/hosts (duplicates)" --result "${STATUS_OK}" --color GREEN
|
||||
else
|
||||
LogText "Found duplicate line: ${OUTPUT}"
|
||||
LogText "Result: found duplicate line"
|
||||
Display --indent 4 --text "- Checking ${ROOTDIR}etc/hosts (duplicates)" --result "${STATUS_SUGGESTION}" --color YELLOW
|
||||
ReportSuggestion "${TEST_NO}" "Remove duplicate lines in ${ROOTDIR}etc/hosts"
|
||||
fi
|
||||
OUTPUT=$(${AWKBINARY} '{ print $1, $2 }' ${ROOTDIR}etc/hosts | ${EGREPBINARY} -v '^(#|$)' | ${EGREPBINARY} "[a-f0-9]" | ${SORTBINARY} | ${UNIQBINARY} -d)
|
||||
if [ -z "${OUTPUT}" ]; then
|
||||
LogText "Result: OK, no duplicate lines found"
|
||||
Display --indent 4 --text "- Duplicate entries in hosts file" --result "${STATUS_NONE}" --color GREEN
|
||||
else
|
||||
LogText "Result: ${ROOTDIR}etc/hosts not found, test skipped"
|
||||
Display --indent 4 --text "Searching duplicate line" --result "${STATUS_SKIPPED}" --color YELLOW
|
||||
LogText "Found duplicate line: ${OUTPUT}"
|
||||
LogText "Result: found duplicate line"
|
||||
Display --indent 4 --text "- Duplicate entries in hosts file" --result "$STATUS_FOUND}" --color YELLOW
|
||||
ReportSuggestion "${TEST_NO}" "Remove duplicate lines in ${ROOTDIR}etc/hosts"
|
||||
fi
|
||||
fi
|
||||
#
|
||||
|
|
@ -587,21 +587,23 @@
|
|||
#
|
||||
# Test : NAME-4404
|
||||
# Description : Check /etc/hosts contains an entry for this server name
|
||||
if [ ! "${HOSTNAME}" = "" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
||||
if [ -f ${ROOTDIR}etc/hosts ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
||||
Register --test-no NAME-4404 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check /etc/hosts contains an entry for this server name"
|
||||
if [ ${SKIPTEST} -eq 0 ]; then
|
||||
LogText "Test: Check /etc/hosts contains an entry for this server name"
|
||||
if [ -f /etc/hosts ]; then
|
||||
sFIND=$(${EGREPBINARY} -v '^(#|$|^::1\s|localhost)' /etc/hosts | ${GREPBINARY} -i ${HOSTNAME})
|
||||
if [ "${sFIND}" != "" ]; then
|
||||
LogText "Result: Found entry for ${HOSTNAME} in /etc/hosts"
|
||||
Display --indent 4 --text "- Checking /etc/hosts (hostname)" --result "${STATUS_OK}" --color GREEN
|
||||
if [ -n "${HOSTNAME}" ]; then
|
||||
DATA=$(${EGREPBINARY} -v '^(#|$|^::1\s|localhost)' ${ROOTDIR}etc/hosts | ${GREPBINARY} -i ${HOSTNAME})
|
||||
if [ -n "${DATA}" ]; then
|
||||
LogText "Result: Found entry for ${HOSTNAME} in ${ROOTDIR}etc/hosts"
|
||||
Display --indent 4 --text "- Presence of configured hostname in /etc/hosts" --result "${STATUS_FOUND}" --color GREEN
|
||||
else
|
||||
LogText "Result: No entry found for ${HOSTNAME} in /etc/hosts"
|
||||
Display --indent 4 --text "- Checking /etc/hosts (hostname)" --result "${STATUS_SUGGESTION}" --color YELLOW
|
||||
LogText "Result: No entry found for ${HOSTNAME} in ${ROOTDIR}etc/hosts"
|
||||
Display --indent 4 --text "- Presence of configured hostname in /etc/hosts" --result "${STATUS_NOT_FOUND}" --color YELLOW
|
||||
ReportSuggestion ${TEST_NO} "Add the IP name and FQDN to /etc/hosts for proper name resolving"
|
||||
LogText "Risk: No entry for the server name [hostname] in /etc/hosts may cause unexpected performance problems for local connections"
|
||||
fi
|
||||
else
|
||||
LogText "Result: Skipping test, no hostname configured"
|
||||
fi
|
||||
fi
|
||||
#
|
||||
|
|
@ -609,20 +611,20 @@
|
|||
#
|
||||
# Test : NAME-4406
|
||||
# Description : Check server hostname mapping
|
||||
if HasData "${HOSTNAME}"; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
||||
if [ -n "${HOSTNAME}" -a -f ${ROOTDIR}etc/hosts ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
|
||||
Register --test-no NAME-4406 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check server hostname mapping"
|
||||
if [ ${SKIPTEST} -eq 0 ]; then
|
||||
LogText "Test: Check server hostname not locally mapped in /etc/hosts"
|
||||
sFIND=$(${EGREPBINARY} -v '^(#|$)' /etc/hosts | ${EGREPBINARY} '^(localhost|::1)\s' | ${GREPBINARY} -w ${HOSTNAME})
|
||||
if [ ! "${sFIND}" = "" ]; then
|
||||
LogText "Test: Check server hostname not locally mapped in ${ROOTDIR}etc/hosts"
|
||||
DATA=$(${EGREPBINARY} -v '^(#|$)' ${ROOTDIR}etc/hosts | ${EGREPBINARY} '^(localhost|::1)\s' | ${GREPBINARY} -w ${HOSTNAME})
|
||||
if [ -n "${DATA}" ]; then
|
||||
LogText "Result: Found this server hostname mapped to a local address"
|
||||
LogText "Output: ${sFIND}"
|
||||
Display --indent 4 --text "- Checking /etc/hosts (localhost)" --result "${STATUS_SUGGESTION}" --color YELLOW
|
||||
Display --indent 4 --text "- Hostname mapped to localhost" --result "${STATUS_FOUND}" --color YELLOW
|
||||
LogText "Information: Linking the hostname to the localhost entry may break some resolving. Split resolving so that localhost resolves back to 127.0.0.1 (and ::1) and the hostname of the machine to the real IP address on the network interface."
|
||||
ReportSuggestion ${TEST_NO} "Split resolving between localhost and the hostname of the system"
|
||||
else
|
||||
LogText "Result: this server hostname is not mapped to a local address"
|
||||
Display --indent 4 --text "- Checking /etc/hosts (localhost)" --result "${STATUS_OK}" --color GREEN
|
||||
Display --indent 4 --text "- Hostname mapped to localhost" --result "${STATUS_NOT_FOUND}" --color GREEN
|
||||
fi
|
||||
fi
|
||||
#
|
||||
|
|
@ -637,20 +639,20 @@
|
|||
FIND=$(${GETENT_BINARY} hosts localhost | ${AWKBINARY} '{print $1}' | ${SORTBINARY} | ${TRBINARY} -d '\n')
|
||||
if [ "${FIND}" = "127.0.0.1" ]; then
|
||||
LogText "Result: localhost mapped to 127.0.0.1"
|
||||
Display --indent 4 --text "- Checking /etc/hosts (localhost to IP)" --result "${STATUS_OK}" --color GREEN
|
||||
Display --indent 4 --text "- Localhost mapping to IP address" --result "${STATUS_OK}" --color GREEN
|
||||
Report "localhost-mapped-to=${FIND}"
|
||||
elif [ "${FIND}" = "::1" ]; then
|
||||
LogText "Result: localhost mapped to ::1"
|
||||
Display --indent 4 --text "- Checking /etc/hosts (localhost to IP)" --result "${STATUS_OK}" --color GREEN
|
||||
Display --indent 4 --text "- Localhost mapping to IP address" --result "${STATUS_OK}" --color GREEN
|
||||
Report "localhost-mapped-to=${FIND}"
|
||||
elif [ "${FIND}" = "127.0.0.1::1" ]; then
|
||||
LogText "Result: localhost mapped to 127.0.0.1 and ::1"
|
||||
Display --indent 4 --text "- Checking /etc/hosts (localhost to IP)" --result "${STATUS_OK}" --color GREEN
|
||||
Display --indent 4 --text "- Localhost mapping to IP address" --result "${STATUS_OK}" --color GREEN
|
||||
Report "localhost-mapped-to=${FIND}"
|
||||
else
|
||||
LogText "Output: ${FIND}"
|
||||
LogText "Result: this server hostname is not mapped to a local address"
|
||||
Display --indent 4 --text "- Checking /etc/hosts (localhost to IP)" --result "${STATUS_SUGGESTION}" --color YELLOW
|
||||
Display --indent 4 --text "- Localhost mapping to IP address" --result "${STATUS_SUGGESTION}" --color YELLOW
|
||||
LogText "Information: Ensure that localhost resolves back to 127.0.0.1 (and/or ::1)."
|
||||
ReportSuggestion ${TEST_NO} "Split resolving between localhost and the hostname of the system" "/etc/hosts" "text:Check your localhost line"
|
||||
fi
|
||||
|
|
|
|||
Loading…
Reference in New Issue