tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Extended virtualization tests and logging

This commit is contained in:
mboelen 2015-09-09 20:24:48 +02:00
parent 5f2ef483f6
commit 090bb2d4eb
1 changed files with 87 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
include/functions
View File

@ -592,41 +592,92 @@
SHORT="" SHORT=""
# facter # facter
if [ -x /usr/bin/facter ]; then if [ "${SHORT}" = "" ]; then
case "`facter is_virtual`" in if [ -x /usr/bin/facter ]; then
"true") case "`facter is_virtual`" in
VMTYPE=`facter virtual` "true")
logtext "Result: found virtual machine (type: ${VMTYPE})" SHORT=`facter virtual`
report "vm=1" logtext "Result: found ${SHORT}"
report "vmtype=${VMTYPE}" ;;
return ;; "false")
"false") return ;; logtext "Result: facter says this machine is not a virtual"
esac ;;
esac
else
logtext "Result: facter utility not found"
fi
else
logtext "Result: skipped facter test, as we already found machine type"
fi fi
# systemd # systemd
if [ "${SHORT}" = "" -a -x /usr/bin/systemd-detect-virt ]; then if [ "${SHORT}" = "" ]; then
logtext "Test: trying to guess virtualization technology with systemd-detect-virt" if [ -x /usr/bin/systemd-detect-virt ]; then
FIND=`/usr/bin/systemd-detect-virt` logtext "Test: trying to guess virtualization technology with systemd-detect-virt"
if [ ! "${FIND}" = "" ]; then FIND=`/usr/bin/systemd-detect-virt`
SHORT="${FIND}" if [ ! "${FIND}" = "" ]; then
logtext "Result: found ${FIND}"
SHORT="${FIND}"
fi
else
logtext "Result: systemd-detect-virt not found"
fi fi
else
logtext "Result: skipped systemd test, as we already found machine type"
fi
# lscpu
# Values: VMware
if [ "${SHORT}" = "" ]; then
if [ -x /usr/bin/lscpu ]; then
logtext "Test: trying to guess virtualization with lscpu"
FIND=`lscpu | grep "^Hypervisor Vendor" | awk -F: '{ print $2 }' | sed 's/ //g'`
if [ ! "${FIND}" = "" ]; then
logtext "Result: found ${FIND}"
SHORT="${FIND}"
else
logtext "Result: can't find hypervisor vendor with lscpu"
fi
else
logtext "Result: lscpu not found"
fi
else
logtext "Result: skipped lscpu test, as we already found machine type"
fi fi
# dmidecode # dmidecode
# Values: VMware Virtual Platform / VirtualBox # Values: VMware Virtual Platform / VirtualBox
if [ "${SHORT}" = "" ]; then if [ "${SHORT}" = "" ]; then
logtext "Test: trying to guess virtualization with dmidecode"
if [ -x /usr/sbin/dmidecode ]; then if [ -x /usr/sbin/dmidecode ]; then
SHORT=`dmidecode -s system-product-name | awk '{ print $1 }'` logtext "Test: trying to guess virtualization with dmidecode"
FIND=`dmidecode -s system-product-name | awk '{ print $1 }'`
if [ ! "${FIND}" = "" ]; then
logtext "Result: found ${FIND}"
SHORT="${FIND}"
else
logtext "Result: can't find product name with dmidecode"
fi
else
logtext "Result: dmidecode not found"
fi fi
else
logtext "Result: skipped dmidecode test, as we already found machine type"
fi fi
# lshw # lshw
if [ "${SHORT}" = "" ]; then if [ "${SHORT}" = "" ]; then
if [ -x /usr/bin/lshw ]; then if [ -x /usr/bin/lshw ]; then
SHORT=`lshw -quiet -class system | awk '{ if ($1=="product:") { print $2 }}'` logtext "Test: trying to guess virtualization with lshw"
FIND=`lshw -quiet -class system | awk '{ if ($1=="product:") { print $2 }}'`
if [ ! "${FIND}" = "" ]; then
logtext "Result: found ${FIND}"
SHORT="${FIND}"
fi
else
logtext "Result: lshw not found"
fi fi
else
logtext "Result: skipped lshw test, as we already found machine type"
fi fi
# Try common guest processes # Try common guest processes
@ -644,12 +695,20 @@
if [ ${RUNNING} -eq 1 ]; then SHORT="virtualbox"; fi if [ ${RUNNING} -eq 1 ]; then SHORT="virtualbox"; fi
IsRunning VBoxClient IsRunning VBoxClient
if [ ${RUNNING} -eq 1 ]; then SHORT="virtualbox"; fi if [ ${RUNNING} -eq 1 ]; then SHORT="virtualbox"; fi
else
logtext "Result: skipped processes test, as we already found platform"
fi fi
# Amazon EC2 # Amazon EC2
if [ "${SHORT}" = "" ]; then if [ "${SHORT}" = "" ]; then
logtext "Test: checking specific files for Amazon" logtext "Test: checking specific files for Amazon"
if [ -f /etc/ec2_version -a ! -z /etc/ec2_version ]; then SHORT="amazon-ec2"; fi if [ -f /etc/ec2_version -a ! -z /etc/ec2_version ]; then
SHORT="amazon-ec2"
else
logtext "Result: system not hosted on Amazon"
fi
else
logtext "Result: skipped Amazon EC2 test, as we already found platform"
fi fi
# sysctl values # sysctl values
@ -658,7 +717,12 @@
# NetBSD: machdep.dmi.system-product # NetBSD: machdep.dmi.system-product
# OpenBSD: hw.product # OpenBSD: hw.product
SHORT=`sysctl -a 2> /dev/null | egrep "(hw.product|machdep.dmi.system-product)" | head -1 | sed 's/ = /=/' | awk -F= '{ print $2 }'` FIND=`sysctl -a 2> /dev/null | egrep "(hw.product|machdep.dmi.system-product)" | head -1 | sed 's/ = /=/' | awk -F= '{ print $2 }'`
if [ ! "${FIND}" = "" ]; then
SHORT="${FIND}"
fi
else
logtext "Result: skipped sysctl test, as we already found platform"
fi fi
# Check if we catched some string along all tests # Check if we catched some string along all tests
@ -691,9 +755,11 @@
logtext "Result: found virtual machine (type: ${VMTYPE}, ${VMFULLTYPE})" logtext "Result: found virtual machine (type: ${VMTYPE}, ${VMFULLTYPE})"
report "vm=1" report "vm=1"
report "vmtype=${VMTYPE}" report "vmtype=${VMTYPE}"
elif [ ${ISVIRTUALMACHINE} -eq 2 ]; then elif [ ${ISVIRTUALMACHINE} -eq 2 ]; then
logtext "Result: unknown if this system is a virtual machine" logtext "Result: unknown if this system is a virtual machine"
report "vm=2" report "vm=2"
else
logtext "Result: system seems to be non-virtual"
fi fi
} }