tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[AUTH-9308] Test systemd targets

This commit is contained in:
mboelen 2016-03-24 16:46:54 +01:00
parent 95df056ca8
commit 0d2be381f9
1 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
include/tests_authentication
View File

@ -823,9 +823,12 @@
Register --test-no AUTH-9308 --os Linux --weight L --network NO --description "Check single user login configuration" Register --test-no AUTH-9308 --os Linux --weight L --network NO --description "Check single user login configuration"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
FOUND=0 FOUND=0
# Check if file exists TEST_PERFORMED=0
# Check inittab
LogText "Test: Searching /etc/inittab" LogText "Test: Searching /etc/inittab"
if [ -f /etc/inittab ]; then if [ -f /etc/inittab ]; then
TEST_PERFORMED=1
LogText "Result: file /etc/inittab exists" LogText "Result: file /etc/inittab exists"
LogText "Test: checking presence sulogin for single user mode" LogText "Test: checking presence sulogin for single user mode"
FIND=`egrep "^~~:S:(respawn|wait):/sbin/sulogin" /etc/inittab` FIND=`egrep "^~~:S:(respawn|wait):/sbin/sulogin" /etc/inittab`
@ -838,9 +841,10 @@
LogText "Result: file /etc/inittab does not exist" LogText "Result: file /etc/inittab does not exist"
fi fi
# Check if file exists # Check init
LogText "Test: Searching /etc/sysconfig/init" LogText "Test: Searching /etc/sysconfig/init"
if [ -f /etc/sysconfig/init ]; then if [ -f /etc/sysconfig/init ]; then
TEST_PERFORMED=1
LogText "Result: file /etc/sysconfig/init exists" LogText "Result: file /etc/sysconfig/init exists"
LogText "Test: checking presence sulogin for single user mode" LogText "Test: checking presence sulogin for single user mode"
FIND=`grep "^SINGLE=/sbin/sulogin" /etc/sysconfig/init` FIND=`grep "^SINGLE=/sbin/sulogin" /etc/sysconfig/init`
@ -851,7 +855,33 @@
else else
LogText "Result: file /etc/sysconfig/init does not exist" LogText "Result: file /etc/sysconfig/init does not exist"
fi fi
if [ -f /etc/inittab -o -f /etc/sysconfig/init ]; then
# Systemd support
SYTEMD_DIRECTORY="/lib/systemd/system"
if [ -d ${SYSTEMD_DIRECTORY} ]; then
FILES="console-shell.service emergency.service rescue.service"
LogText "Test: going to check several systemd targets now"
for I in ${FILES}; do
LogText "Test: checking if target ${I} is available"
FILE=${SYSTEMD_DIRECTORY}/${I}
if [ -f ${FILE} ]; then
# Mark test as performed only when at least 1 target exists (e.g. Ubuntu 14.04 has limited systemd support)
TEST_PERFORMED=1
LogText "Result: found target ${I}"
FIND=`egrep "^ExecStart=" ${FILE} | grep "/sulogin"`
if [ "${FIND}" = "" ]; then
LogText "Result: did not find sulogin specified, possible risk of getting into single user mode without authentication"
else
LogText "Result: sulogin was found, which is a good measure to protect single user mode"
FOUND=1
fi
else
LogText "Result: target ${I} not found"
fi
done
fi
if [ ${TEST_PERFORMED} -eq 1 ]; then
if [ ${FOUND} -eq 0 ]; then if [ ${FOUND} -eq 0 ]; then
LogText "Result: option not set, no password needed at single user mode boot" LogText "Result: option not set, no password needed at single user mode boot"
Display --indent 2 --text "- Checking Linux single user mode authentication" --result WARNING --color RED Display --indent 2 --text "- Checking Linux single user mode authentication" --result WARNING --color RED