tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-24 22:34:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Migration to new profile names and store the related settings

Browse Source
This commit is contained in:
Michael Boelen 2016-07-05 16:49:36 +02:00
parent bdf9a5cf04
commit 0c5387f1fe
1 changed files with 48 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
include/profiles
View File

@ -61,36 +61,43 @@
# Maximum number of WAITing connections # Maximum number of WAITing connections
connections_max_wait_state) connections_max_wait_state)
OPTIONS_CONN_MAX_WAIT_STATE="${VALUE}" OPTIONS_CONN_MAX_WAIT_STATE="${VALUE}"
AddSetting "connections-max-wait-state" "${OPTIONS_CONN_MAX_WAIT_STATE}" "Connections (max-wait-state)"
;; ;;
# Append something to URL for control information # Append something to URL for control information
control_url_append) control_url_append)
CONTROL_URL_APPEND="${VALUE}" CONTROL_URL_APPEND="${VALUE}"
AddSetting "control-url-append" "${CONTROL_URL_APPEND}" "Control URL (append)"
;; ;;
# Prepend an URL before control information link # Prepend an URL before control information link
control_url_prepend) control_url_prepend)
CONTROL_URL_PREPEND="${VALUE}" CONTROL_URL_PREPEND="${VALUE}"
AddSetting "control-url-prepend" "${CONTROL_URL_PREPEND}" "Control URL (prepend)"
;; ;;
# Protocol to use for control information link # Protocol to use for control information link
control_url_protocol) control_url_protocol)
CONTROL_URL_PROTOCOL="${VALUE}" CONTROL_URL_PROTOCOL="${VALUE}"
AddSetting "control-url-protocol" "${CONTROL_URL_PREPEND}" "Control URL (protocol)"
;; ;;
# Append something to URL for control information (only applies to CUST-*) # Append something to URL for control information (only applies to CUST-*)
custom_url_append) custom-url-append | custom_url_append)
CUSTOM_URL_APPEND="${VALUE}" CUSTOM_URL_APPEND="${VALUE}"
AddSetting "custom-url-append" "${CUSTOM_URL_APPEND}" "Custom URL (append)"
;; ;;
# Prepend an URL before control information link (only applies to CUST-*) # Prepend an URL before control information link (only applies to CUST-*)
custom_url_prepend) custom-url-prepend | custom_url_prepend)
CUSTOM_URL_PREPEND="${VALUE}" CUSTOM_URL_PREPEND="${VALUE}"
AddSetting "custom-url-prepend" "${CUSTOM_URL_PREPEND}" "Custom URL (prepend)"
;; ;;
# Protocol to use for control information link # Protocol to use for control information link
custom_url_protocol) custom-url-protocol | custom_url_protocol)
CUSTOM_URL_PROTOCOL="${VALUE}" CUSTOM_URL_PROTOCOL="${VALUE}"
AddSetting "custom-url-protocol" "${CUSTOM_URL_PREPEND}" "Custom URL (protocol)"
;; ;;
# Do not check security repository in sources.list (Debian/Ubuntu) # Do not check security repository in sources.list (Debian/Ubuntu)
@ -100,18 +107,21 @@
debug) debug)
FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && DEBUG=1 FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && DEBUG=1
Debug "Debug mode set to ${DEBUG}" Debug "Debug mode set to ${DEBUG}"
AddSetting "debug" "${DEBUG}" "Debugging mode"
;; ;;
# Development mode (--developer) # Development mode (--developer)
developer-mode) developer-mode)
FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && DEVELOPER_MODE=1 FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && DEVELOPER_MODE=1
Debug "Developer mode set to ${DEVELOPER_MODE}" Debug "Developer mode set to ${DEVELOPER_MODE}"
AddSetting "developer" "${DEVELOPER_MODE}" "Developer mode"
;; ;;
# Show non-zero exit code when errors are found # Show non-zero exit code when errors are found
error-on-warnings) error-on-warnings)
FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && ERROR_ON_WARNINGS=1 FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && ERROR_ON_WARNINGS=1
Debug "Exit with different code on warnings is set to ${ERROR_ON_WARNINGS}" Debug "Exit with different code on warnings is set to ${ERROR_ON_WARNINGS}"
AddSetting "error-on-warnings" "${ERROR_ON_WARNINGS}" "Use non-zero exit code if one or more warnings were found"
;; ;;
# Skip FreeBSD port audit # Skip FreeBSD port audit
@ -123,18 +133,21 @@
# Lynis Enterprise: group name # Lynis Enterprise: group name
group) group)
GROUP_NAME="${VALUE}" GROUP_NAME="${VALUE}"
AddSetting "group" "${GROUP_NAME}" "Group"
;; ;;
# Language # Language
language | lang) language | lang)
LogText "Language set via profile to ${VALUE}" LogText "Language set via profile to ${VALUE}"
LANGUAGE="${VALUE}" LANGUAGE="${VALUE}"
AddSetting "language" "${LANGUAGE}" "Language"
;; ;;
# Lynis Enterprise license key # Lynis Enterprise license key
license_key | license-key) license_key | license-key)
LICENSE_KEY="${VALUE}" LICENSE_KEY="${VALUE}"
Report "license_key=${LICENSE_KEY}" Report "license_key=${LICENSE_KEY}"
AddSetting "license-key" "${LICENSE_KEY}" "License key"
;; ;;
# Do (not) log tests if they have an different operating system # Do (not) log tests if they have an different operating system
@ -144,18 +157,21 @@
;; ;;
# What type of machine we are scanning (eg. desktop, server, server with storage) # What type of machine we are scanning (eg. desktop, server, server with storage)
machine_role) machine-role | machine_role)
MACHINE_ROLE="${VALUE}" MACHINE_ROLE="${VALUE}"
AddSetting "machine-role" "${MACHINE_ROLE}" "Machine role (server or desktop)"
;; ;;
# Define if any found NTP daemon instance is configured as a server or client # Define if any found NTP daemon instance is configured as a server or client
ntpd_role) ntpd-role | ntpd_role)
NTPD_ROLE="${VALUE}" NTPD_ROLE="${VALUE}"
AddSetting "ntpd-role" "${NTPD_ROLE}" "NTP role (server or client)"
;; ;;
# How much seconds to wait between tests # How much seconds to wait between tests
pause_between_tests | pause-between-tests) pause_between_tests | pause-between-tests)
TEST_PAUSE_TIME="${VALUE}" TEST_PAUSE_TIME="${VALUE}"
AddSetting "pause-between-tests" "${TEST_PAUSE_TIME}" "Pause between tests"
;; ;;
# Plugin # Plugin
@ -170,10 +186,11 @@
else else
LogText "Plugin directory was already set to ${PLUGINDIR} before (most likely as a program argument), not overwriting" LogText "Plugin directory was already set to ${PLUGINDIR} before (most likely as a program argument), not overwriting"
fi fi
AddSetting "plugin-dir" "${PLUGINDIR}" "Plugin directory"
;; ;;
# Profile name # Profile name
profile_name) profile-name | profile_name)
PROFILE_NAME="${VALUE}" PROFILE_NAME="${VALUE}"
;; ;;
@ -201,6 +218,14 @@
skip-plugins) skip-plugins)
FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && RUN_PLUGINS=0 FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && RUN_PLUGINS=0
Debug "Run plugins is set to ${RUN_PLUGINS}" Debug "Run plugins is set to ${RUN_PLUGINS}"
AddSetting "run-plugins" "${RUN_PLUGINS}" "Run plugins"
;;
# SSL paths
ssl-certificate-paths)
SSL_CERTIFICATE_PATHS="${VALUE}"
Debug "SSL paths set to ${SSL_CERTIFICATE_PATHS}"
AddSetting "ssl-certificate-paths" "${SSL_CERTIFICATE_PATHS}" "Paths for SSL certificates"
;; ;;
# Which tests to skip (skip-test=ABCD-1234 or skip-test=ABCD-1234:subtest) # Which tests to skip (skip-test=ABCD-1234 or skip-test=ABCD-1234:subtest)
@ -219,6 +244,7 @@
skip_upgrade_test | skip-upgrade-test) skip_upgrade_test | skip-upgrade-test)
FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && SKIP_UPGRADE_TEST=1 FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && SKIP_UPGRADE_TEST=1
Debug "Skip upgrade test set to ${SKIP_UPGRADE_TEST}" Debug "Skip upgrade test set to ${SKIP_UPGRADE_TEST}"
AddSetting "skip-upgrade-test" "${SKIP_UPGRADE_TEST}" "Skip upgrade test"
;; ;;
# Define what kind of scan we are performing # Define what kind of scan we are performing
@ -231,73 +257,88 @@
# Server IP or hostname # Server IP or hostname
update_server_address) update_server_address)
UPDATE_SERVER_ADDRESS="${VALUE}" UPDATE_SERVER_ADDRESS="${VALUE}"
AddSetting "update-server-address" "${UPDATE_SERVER_ADDRESS}" "Update server (address)"
;; ;;
# Protocol (http, https) # Protocol (http, https)
update_server_protocol) update_server_protocol)
UPDATE_SERVER_PROTOCOL="${VALUE}" UPDATE_SERVER_PROTOCOL="${VALUE}"
AddSetting "update-server-protocol" "${UPDATE_SERVER_PROTOCOL}" "Update server (protocol)"
;; ;;
# File path to tarball on server # File path to tarball on server
update_latest_version_download) update_latest_version_download)
UPDATE_LATEST_VERSION_DOWNLOAD="${VALUE}" UPDATE_LATEST_VERSION_DOWNLOAD="${VALUE}"
AddSetting "update-latest-version-download" "${UPDATE_LATEST_VERSION_DOWNLOAD}" "Update information: file path to latest update"
;; ;;
# File path to information file # File path to information file
update_latest_version_info) update_latest_version_info)
UPDATE_LATEST_VERSION_INFO="${VALUE}" UPDATE_LATEST_VERSION_INFO="${VALUE}"
AddSetting "update-latest-version-info" "${UPDATE_LATEST_VERSION_INFO}" "Update information: file path to information file"
;; ;;
# Local directory where lynis directory will be placed # Local directory where lynis directory will be placed
update_local_directory) update_local_directory)
UPDATE_LOCAL_DIRECTORY="${VALUE}" UPDATE_LOCAL_DIRECTORY="${VALUE}"
AddSetting "update-local-directory" "${UPDATE_LOCAL_DIRECTORY}" "Update information: local directory for updates"
;; ;;
# Local file to maintain current version # Local file to maintain current version
update_local_version_info) update_local_version_info)
UPDATE_LOCAL_VERSION_INFO="${VALUE}" UPDATE_LOCAL_VERSION_INFO="${VALUE}"
AddSetting "update-local-version-info" "${UPDATE_LOCAL_VERSION_INFO}" "Update information: local file for latest release"
;; ;;
# Compression of uploads (enabled by default) # Compression of uploads (enabled by default)
upload_compressed | compressed-uploads) upload_compressed | compressed-uploads)
if [ "${VALUE}" = "0" ]; then COMPRESSED_UPLOADS=0; fi if [ "${VALUE}" = "0" ]; then COMPRESSED_UPLOADS=0; fi
AddSetting "compressed-uploads" "${COMPRESSED_UPLOADS}" "Compressed uploads"
;; ;;
# Options during upload of data # Options during upload of data
upload_options | upload-options) upload_options | upload-options)
UPLOAD_OPTIONS="${VALUE}" UPLOAD_OPTIONS="${VALUE}"
AddSetting "upload-options" "${UPLOAD_OPTIONS}" "Upload options"
;; ;;
# Proxy settings # Proxy settings
upload_proxy_port | proxy-port) upload_proxy_port | proxy-port | upload-proxy-port)
UPLOAD_PROXY_PORT="${VALUE}" UPLOAD_PROXY_PORT="${VALUE}"
AddSetting "upload-proxy-port" "${UPLOAD_PROXY_PORT}" "Proxy port"
;; ;;
upload_proxy_protocol | proxy-protocol) upload_proxy_protocol | proxy-protocol)
UPLOAD_PROXY_PROTOCOL="${VALUE}" UPLOAD_PROXY_PROTOCOL="${VALUE}"
AddSetting "upload-proxy-protocol" "${UPLOAD_PROXY_PROTOCOL}" "Proxy protocol"
;; ;;
upload_proxy_server | proxy-server) upload_proxy_server | proxy-server)
UPLOAD_PROXY_SERVER="${VALUE}" UPLOAD_PROXY_SERVER="${VALUE}"
AddSetting "upload-proxy-server" "${UPLOAD_PROXY_PORT}" "Proxy server"
;; ;;
# Receiving system (IP address or hostname) # Receiving system (IP address or hostname)
upload_server | upload-server) upload_server | upload-server)
UPLOAD_SERVER="${VALUE}" UPLOAD_SERVER="${VALUE}"
AddSetting "upload-server" "${UPLOAD_SERVER}" "Upload server (ip or hostname)"
;; ;;
# Specify an alternative upload tool # Specify an alternative upload tool
upload-tool) upload-tool)
if [ -f "${VALUE}" ]; then UPLOAD_TOOL="${VALUE}"; fi if [ -f "${VALUE}" ]; then UPLOAD_TOOL="${VALUE}"; fi
AddSetting "upload-tool" "${UPLOAD_TOOL}" "Upload tool"
;; ;;
# Specify arguments for an alternative upload tool # Specify arguments for an alternative upload tool
upload-tool-arguments) upload-tool-arguments)
UPLOAD_TOOL_ARGS="${VALUE}" UPLOAD_TOOL_ARGS="${VALUE}"
AddSetting "upload-tool-arguments" "${UPLOAD_TOOL_ARGS}" "Upload tool (arguments)"
;; ;;
# Verbose output (--verbose) # Verbose output (--verbose)
verbose) verbose)
FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && VERBOSE=1 FIND=`echo "${VALUE}" | egrep "^(1|true|yes)"` && VERBOSE=1
Debug "Verbose set to ${VERBOSE}" Debug "Verbose set to ${VERBOSE}"
AddSetting "verbose" "${VERBOSE}" "Verbose output"
;; ;;
# Catch all bad options and bail out # Catch all bad options and bail out