tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-28 00:04:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

[CRYP-7902] add a test to filter out non-certificate files

Browse Source
This commit is contained in:
Michael Boelen 2017-08-18 19:19:15 +02:00
parent 4a673aebc7
commit 1190efac2b
No known key found for this signature in database
GPG Key ID: 26141F77A09D7F04
1 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
include/tests_crypto
View File

@ -52,7 +52,9 @@
# Only check the files that are not installed by a package # Only check the files that are not installed by a package
if ! FileInstalledByPackage ${FILE}; then if ! FileInstalledByPackage ${FILE}; then
COUNT_DIR=$((COUNT_DIR + 1)) COUNT_DIR=$((COUNT_DIR + 1))
LogText "Test: checking certificate ${FILE}" LogText "Test: checking file and determining if it is certificate ${FILE}"
FIND=$(${OPENSSLBINARY} x509 -noout -in ${FILE} -enddate 2> /dev/null | ${GREPBINARY} "^notAfter")
if [ $? -eq 0 ]; then
# Check certificate where 'end date' has been expired # Check certificate where 'end date' has been expired
FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in ${FILE} -enddate 2> /dev/null) FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in ${FILE} -enddate 2> /dev/null)
EXIT_CODE=$? EXIT_CODE=$?
@ -65,6 +67,9 @@
FOUNDPROBLEM=1 FOUNDPROBLEM=1
LogText "Result: certificate ${FILE} has been expired" LogText "Result: certificate ${FILE} has been expired"
fi fi
else
LogText "Result: skipping tests for this file (${FILE}) as it is most likely not a certificate (a key file?)"
fi
fi fi
else else
LogText "Result: can not read file ${FILE} (no permission)" LogText "Result: can not read file ${FILE} (no permission)"