tyler.durden/lynis
1
0
Fork 0
mirror of https://github.com/CISOfy/lynis.git synced 2025-07-29 16:54:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/CISOfy/lynis

Browse Source
This commit is contained in:
Roland Smith 2015-05-02 10:06:55 +02:00
commit 121b467fc0
11 changed files with 400 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
default.prf
View File

@ -308,6 +308,38 @@ permdir:/root/.ssh:rwx------:root:-:WARN:
#config:custom_url_prepend:https://your-domain.example.org/control-info/: #config:custom_url_prepend:https://your-domain.example.org/control-info/:
#config:custom_url_append:/: #config:custom_url_append:/:
#################################################################################
#
# Automatic Updating
# -------------------
#
# These settings are required when using the lynis update functionality.
# By specifying local paths and your update server, the tool can do an update
# check, compare versions and download a new version.
#
#################################################################################
# Local directory (without slash at end) where lynis directory will be installed
# Note: do not add full path to lynis, as subdirectory is part of tarball
#config:update_local_directory:/usr/local:
# Full path to local file. Change local path if Lynis is installed on a different place
#config:update_local_version_info:/usr/local/lynis/client-version:
# Download information
# -----------------------------
# Protocol to use: http, https
#config:update_server_protocol:http:
# Address of update server
#config:update_server_address:192.168.1.125:
# Path to last stable release
#config:update_latest_version_download:/files/lynis-latest.tar.gz:
# Last part of URL (file to gather)
#config:update_latest_version_info:/files/lynis-latest-version:
################################################################################# #################################################################################
# #
# Lynis Enterprise # Lynis Enterprise

4
include/binaries
View File

@ -78,7 +78,6 @@
N=`expr ${N} + 1` N=`expr ${N} + 1`
BINARY="${SCANDIR}/${I}" BINARY="${SCANDIR}/${I}"
DISCOVERED_BINARIES="${DISCOVERED_BINARIES}${BINARY} " DISCOVERED_BINARIES="${DISCOVERED_BINARIES}${BINARY} "
logtext "Binary: ${BINARY}"
# Optimized, much quicker (limited file access needed) # Optimized, much quicker (limited file access needed)
case ${I} in case ${I} in
aa-status) APPARMORFOUND=1; AASTATUSBINARY=${BINARY}; logtext " Found known binary: aa-status (apparmor component) - ${BINARY}" ;; aa-status) APPARMORFOUND=1; AASTATUSBINARY=${BINARY}; logtext " Found known binary: aa-status (apparmor component) - ${BINARY}" ;;
@ -145,7 +144,7 @@
openssl) OPENSSLFOUND=1; OPENSSLBINARY="${BINARY}"; OPENSSLVERSION=`${BINARY} version 2> /dev/null | head -n 1 | awk '{ print $2 }' | xargs`; logtext "Found ${BINARY} (version ${OPENSSLVERSION})" ;; openssl) OPENSSLFOUND=1; OPENSSLBINARY="${BINARY}"; OPENSSLVERSION=`${BINARY} version 2> /dev/null | head -n 1 | awk '{ print $2 }' | xargs`; logtext "Found ${BINARY} (version ${OPENSSLVERSION})" ;;
pacman) PACMANFOUND=1; PACMANBINARY="${BINARY}"; logtext " Found known binary: pacman (package manager) - ${BINARY}" ;; pacman) PACMANFOUND=1; PACMANBINARY="${BINARY}"; logtext " Found known binary: pacman (package manager) - ${BINARY}" ;;
perl) PERLFOUND=1; PERLBINARY="${BINARY}"; PERLVERSION=`${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs`; logtext "Found ${BINARY} (version ${PERLVERSION})" ;; perl) PERLFOUND=1; PERLBINARY="${BINARY}"; PERLVERSION=`${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs`; logtext "Found ${BINARY} (version ${PERLVERSION})" ;;
php) PHPFOUND=1; PHPBINARY="${BINARY}"; PHPVERSION=`${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1`; logtext "Found known binary: php (programming language) - ${BINARY} (version ${PHPVERSION})" ;; php) PHPFOUND=1; PHPBINARY="${BINARY}"; PHPVERSION=`${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1`; logtext "Found known binary: php (programming language intrepreter) - ${BINARY} (version ${PHPVERSION})" ;;
pkg_admin) PKGADMINBINARY="${BINARY}"; logtext " Found known binary: pkg_admin (software package administration) - ${BINARY}" ;; pkg_admin) PKGADMINBINARY="${BINARY}"; logtext " Found known binary: pkg_admin (software package administration) - ${BINARY}" ;;
postconf) POSTCONFFOUND=1; POSTCONFBINARY="${BINARY}"; logtext " Found known binary: postconf (postfix configuration) - ${BINARY}" ;; postconf) POSTCONFFOUND=1; POSTCONFBINARY="${BINARY}"; logtext " Found known binary: postconf (postfix configuration) - ${BINARY}" ;;
postfix) POSTFIXFOUND=1; POSTFIXBINARY="${BINARY}"; logtext " Found known binary: postfix (postfix binary) - ${BINARY}" ;; postfix) POSTFIXFOUND=1; POSTFIXBINARY="${BINARY}"; logtext " Found known binary: postfix (postfix binary) - ${BINARY}" ;;
@ -154,6 +153,7 @@
ps) PSFOUND=1; PSBINARY="${BINARY}"; logtext " Found known binary: ps (process listing) - ${BINARY}" ;; ps) PSFOUND=1; PSBINARY="${BINARY}"; logtext " Found known binary: ps (process listing) - ${BINARY}" ;;
puppet) PUPPETFOUND=1; PUPPETBINARY="${BINARY}"; logtext " Found known binary: puppet (automation tooling) - ${BINARY}" ;; puppet) PUPPETFOUND=1; PUPPETBINARY="${BINARY}"; logtext " Found known binary: puppet (automation tooling) - ${BINARY}" ;;
puppetmasterd) PUPPETMASTERDFOUND=1; PUPPETMASTERDBINARY="${BINARY}"; logtext " Found known binary: puppetmasterd (puppet master daemon) - ${BINARY}" ;; puppetmasterd) PUPPETMASTERDFOUND=1; PUPPETMASTERDBINARY="${BINARY}"; logtext " Found known binary: puppetmasterd (puppet master daemon) - ${BINARY}" ;;
python) PYTHONBINARY="${BINARY}"; logtext " Found known binary: python (programming language intepreter) - ${BINARY}" ;;
readlink) READLINKFOUND=1; READLINKBINARY="${BINARY}"; logtext " Found known binary: readlink (follows symlinks) - ${BINARY}" ;; readlink) READLINKFOUND=1; READLINKBINARY="${BINARY}"; logtext " Found known binary: readlink (follows symlinks) - ${BINARY}" ;;
rkhunter) RKHUNTERFOUND=1; RKHUNTERBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; logtext " Found known binary: rkhunter (malware scanner) - ${BINARY}" ;; rkhunter) RKHUNTERFOUND=1; RKHUNTERBINARY="${BINARY}"; MALWARE_SCANNER_INSTALLED=1; logtext " Found known binary: rkhunter (malware scanner) - ${BINARY}" ;;
rootsh) ROOTSHFOUND=1; ROOTSHBINARY="${BINARY}"; logtext " Found known binary: rootsh (wrapper for shells) - ${BINARY}" ;; rootsh) ROOTSHFOUND=1; ROOTSHBINARY="${BINARY}"; logtext " Found known binary: rootsh (wrapper for shells) - ${BINARY}" ;;

2
include/consts
View File

@ -129,6 +129,7 @@ unset LANG
SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW="" SCAN_TEST_HEAVY=""; SCAN_TEST_MEDIUM=""; SCAN_TEST_LOW=""
SESTATUSBINARY="" SESTATUSBINARY=""
SERVICE_MANAGER="" SERVICE_MANAGER=""
SHOW_PROGRAM_DETAILS=1
SHOW_REPORT=1 SHOW_REPORT=1
SKIPPED_TESTS_ROOTONLY="" SKIPPED_TESTS_ROOTONLY=""
SSHKEYSCANBINARY="" SSHKEYSCANBINARY=""
@ -166,7 +167,6 @@ unset LANG
TOTAL_TESTS=0 # Total amount of tests (counter) TOTAL_TESTS=0 # Total amount of tests (counter)
UPLOAD_DATA=0 # Upload of data to central node UPLOAD_DATA=0 # Upload of data to central node
VIEWHELP=0 # Show help VIEWHELP=0 # Show help
VIEWUPDATEINFO=0 # View program/database version
WRONGOPTION=0 # A wrong option is used WRONGOPTION=0 # A wrong option is used
# #
################################################################################# #################################################################################

2
include/functions
View File

@ -778,6 +778,8 @@
NGINX_ACCESS_LOG_DISABLED=1 NGINX_ACCESS_LOG_DISABLED=1
else else
if [ ! "${VALUE}" = "" ]; then if [ ! "${VALUE}" = "" ]; then
# If multiple values follow, select first one
VALUE=`echo ${VALUE} | awk '{ print $1 }'`
if [ ! -f ${VALUE} ]; then if [ ! -f ${VALUE} ]; then
logtext "Result: could not find referenced log file ${VALUE} in nginx configuration" logtext "Result: could not find referenced log file ${VALUE} in nginx configuration"
NGINX_ACCESS_LOG_MISSING=1 NGINX_ACCESS_LOG_MISSING=1

3
include/helper_audit_dockerfile
View File

@ -4,7 +4,6 @@ if [ $# -eq 0 ]; then
Display --indent 2 --text "${RED}Error: ${WHITE}Provide URL or file${NORMAL}" Display --indent 2 --text "${RED}Error: ${WHITE}Provide URL or file${NORMAL}"
Display --text " "; Display --text " " Display --text " "; Display --text " "
ExitFatal ExitFatal
else else
FILE=`echo $1 | egrep "^http|https"` FILE=`echo $1 | egrep "^http|https"`
@ -18,7 +17,7 @@ if [ $# -eq 0 ]; then
if [ -f ${TMP_FILE} ]; then if [ -f ${TMP_FILE} ]; then
rm -f ${TMP_FILE} rm -f ${TMP_FILE}
fi fi
Dislpay --indent 2 --text "${RED}Error: ${WHITE}can not download file${NORMAL}" Display --indent 2 --text "${RED}Error: ${WHITE}can not download file${NORMAL}"
ExitFatal ExitFatal
fi fi
else else

266
include/helper_update Normal file
View File

@ -0,0 +1,266 @@
#!/bin/sh
######################################################################
#
# Helper program to support automatic updates of Lynis
#
######################################################################
#
# Options:
# ---------
# 1) lynis update info - Show version information (external)
# 2) lynis update release - Check and install new release (internal)
#
# How to use:
# ------------
# Run option 1 to know about current and latest release information.
# Run option 2 to query internal server for possible upgrade of Lynis.
#
# Steps for updating to new release:
# 1) Run Lynis with: lynis update release
# 2) Lynis will use this helper and check the profile
# 3) The configured web server will be queried (lynis-latest-version)
# 4) The contents of this file will be compared with a local file
# 5) If there is a difference, download package
# 6) Check paths and extract files
# 7) Quit program
#
# Suggested documentation if you want to use this functionality:
# https://cisofy.com/documentation/lynis/upgrading/
#
######################################################################
LOCAL_VERSION="-"
SERVER_VERSION=""
PERFORM_UPGRADE=0
WGET_EXISTS=`which wget 2> /dev/null`
CURL_EXISTS=`which curl 2> /dev/null`
FETCH_EXISTS=`which fetch 2> /dev/null`
# Update version
if [ "$1" = "release" ]; then
if [ "${UPDATE_SERVER_PROTOCOL}" = "" ] ; then
Display --indent 2 --text "Error: Unknown protocol, please specify (http, https) in profile (update_server_protocol)"
ExitFatal
fi
if [ "${UPDATE_SERVER_ADDRESS}" = "" ] ; then
Display --indent 2 --text "Error: Unknown download address, please specify in profile (update_server_address)"
ExitFatal
fi
if [ "${UPDATE_LATEST_VERSION_DOWNLOAD}" = "" ] ; then
Display --indent 2 --text "Error: No URL to latest download has been specifiedrsion on the server, please specify in profile (update_latest_version_download)"
ExitFatal
fi
if [ "${UPDATE_LATEST_VERSION_INFO}" = "" ] ; then
Display --indent 2 --text "Error: No URL has been specified to know the latest version on the server, please specify in profile (update_latest_version_info)"
ExitFatal
fi
if [ "${UPDATE_LOCAL_DIRECTORY}" = "" ] ; then
Display --indent 2 --text "Error: No local directory has been specified to store Lynis files. Please specify in profile (update_local_directory)"
ExitFatal
else
if [ ! -d ${UPDATE_LOCAL_DIRECTORY} ]; then
Display --indent 2 --text "Error: Directory ${UPDATE_LOCAL_DIRECTORY} does not exist"
ExitFatal
fi
fi
if [ "${UPDATE_LOCAL_VERSION_INFO}" = "" ] ; then
Display --indent 2 --text "Error: No data file has been specified to determine local Lynis version, please specify in profile (update_local_version_info)"
ExitFatal
fi
if [ ! -f ${UPDATE_LOCAL_VERSION_INFO} ]; then
Display --indent 2 --text "Note: local data file ${UPDATE_LOCAL_VERSION_INFO} does not exist. It will be created after updating. (update_local_version_info)"
else
LOCAL_VERSION=`cat ${UPDATE_LOCAL_VERSION_INFO}`
fi
# Normal update
FULLPATH="${UPDATE_SERVER_PROTOCOL}://${UPDATE_SERVER_ADDRESS}${UPDATE_LATEST_VERSION_INFO}"
TMP_FILE=`mktemp /tmp/audit.XXXXXXXXXX`
if [ "${TMP_FILE}" = "" ]; then
Display --indent 2 --text "Could not create a temporary file in /tmp with mktemp. Aborting.."
ExitFatal
fi
Display --indent 2 --text "${CYAN}[Phase 1] Downloading details${NORMAL}"
if [ ! "${WGET_EXISTS}" = "" ]; then
logtext "Using wget to download release information"
LAST_COMMAND_HELP="wget --output-document ${TMP_FILE} ${FULLPATH}"
wget --output-document ${TMP_FILE} ${FULLPATH} 2> /dev/null
EXIT_CODE=$?
elif [ ! "${CURL_EXISTS}" = "" ]; then
logtext "Using curl to download release information"
LAST_COMMAND_HELP="curl --fail -o ${TMP_FILE} ${FULLPATH}"
curl --fail -o ${TMP_FILE} ${FULLPATH} 2> /dev/null
EXIT_CODE=$?
else
Display --indent 2 --text "No download tool available to perform download"
ExitFatal
fi
if [ ! "${TMP_FILE}" = "" ]; then
if [ -f ${TMP_FILE} ]; then
SERVER_VERSION=`cat ${TMP_FILE}`
rm -f ${TMP_FILE}
fi
else
Display --indent 2 --text "Temporary file variable is empty, which is unexpected. Aborting.."
ExitFatal
fi
# Determine if downloading meta data was successful
if [ ${EXIT_CODE} -eq 0 ]; then
if [ "${SERVER_VERSION}" = "" ]; then
Display --indent 2 --text "No version found on the server. Aborting.."
ExitFatal
else
Display --indent 2 --text "Version found on server: ${SERVER_VERSION}"
Display --indent 2 --text "Local version found: ${LOCAL_VERSION}"
fi
else
Display --indent 2 --text "${RED}Error: ${WHITE}Download utility returned an unexpected error code.${NORMAL} Aborting.."
Display --indent 2 --text "Error code: ${EXIT_CODE}"
Display --indent 2 --text "Suggested command: ${LAST_COMMAND_HELP}"
ExitFatal
fi
#==========================================================================================================================================
Display --indent 2 --text " "
Display --indent 2 --text "${CYAN}[Phase 2] Compare results${NORMAL}"
if [ ! "${LOCAL_VERSION}" = "${SERVER_VERSION}" ]; then
Display --indent 2 --text "Different version available, moving to upgrade phase"
PERFORM_UPGRADE=1
else
Display --indent 2 --text "${GREEN}No upgrade needed${NORMAL}"
fi
# Go to phase 3 if upgrade is needed
if [ ${PERFORM_UPGRADE} -eq 1 ]; then
FULLPATH="${UPDATE_SERVER_PROTOCOL}://${UPDATE_SERVER_ADDRESS}${UPDATE_LATEST_VERSION_DOWNLOAD}"
Display --indent 2 --text " "
Display --indent 2 --text "[Phase 3] Downloading latest release"
Display --indent 2 --text "Download location: ${FULLPATH}"
if [ ! "${WGET_EXISTS}" = "" ]; then
logtext "Using wget to download latest release"
LAST_COMMAND_HELP="wget --output-document ${TMP_FILE} ${FULLPATH}"
wget --output-document ${TMP_FILE} ${FULLPATH} 2> /dev/null
EXIT_CODE=$?
elif [ ! "${CURL_EXISTS}" = "" ]; then
logtext "Using curl to download latest release"
LAST_COMMAND_HELP="curl --fail -o ${TMP_FILE} ${FULLPATH}"
curl --fail -o ${TMP_FILE} ${FULLPATH} 2> /dev/null
EXIT_CODE=$?
fi
if [ ${EXIT_CODE} -eq 0 ]; then
if [ -f ${TMP_FILE} ]; then
Display --indent 2 --text "Download successful"
# Extract the file to the related path, with 'lynis' appended
# Note: by default the tarball includes 'lynis' as directory
if [ ! -d ${UPDATE_LOCAL_DIRECTORY} ]; then
Display --indent 2 --text "Error: directory ${UPDATE_LOCAL_DIRECTORY} does not exist"
ExitFatal
fi
Display --indent 2 --text "Extracting latest version to path ${UPDATE_LOCAL_DIRECTORY}"
if [ ! -d ${UPDATE_LOCAL_DIRECTORY}/lynis ]; then
Display --indent 2 --text "Creating 'lynis' directory in ${UPDATE_LOCAL_DIRECTORY}"
mkdir ${UPDATE_LOCAL_DIRECTORY}/lynis
if [ $? -gt 0 ]; then
Display --indent 2 --text "Error: could not create directory ${UPDATE_LOCAL_DIRECTORY}/lynis"
ExitFatal
fi
fi
if [ -d ${UPDATE_LOCAL_DIRECTORY}/lynis ]; then
Display --indent 2 --text "Extracting files to ${UPDATE_LOCAL_DIRECTORY}"
tar xzf ${TMP_FILE} -C ${UPDATE_LOCAL_DIRECTORY}
if [ $? -eq 0 ]; then
# Check if we can find the Lynis binary (in the created 'lynis' directory)
if [ -f ${UPDATE_LOCAL_DIRECTORY}/lynis/lynis ]; then
# If version was downloaded, update local version
echo ${SERVER_VERSION} > ${UPDATE_LOCAL_VERSION_INFO}
else
Display --indent 2 --text "Error: could not find downloaded file on disk"
fi
else
Display --indent 2 --text "Error: File extraction failed"
ExitFatal
fi
else
Display --indent 2 --text "Error: could not find lynis directory"
fi
else
Display --indent 2 --text "Error: could not find downloaded file on disk"
ExitFatal
fi
else
Display --indent 2 --text "Error: could not download latest release"
Display --indent 2 --text "Suggestion: ${LAST_COMMAND_HELP}"
ExitFatal
fi
fi
# Removing temp file
logtext "Action: Removing temporary file ${TMP_FILE}"
if [ "${TMP_FILE}" = "" ]; then
if [ -f ${TMP_FILE} ]; then
rm -f ${TMP_FILE}
fi
fi
Display --indent 2 --text " "
Display --indent 2 --text "Done"
Display --indent 2 --text " "
ExitClean
# Update check
elif [ "$1" = "info" ]; then
# CV - Current Version
PROGRAM_AC=`echo ${PROGRAM_version} | awk '{ print $1 }' | sed 's/[.]//g'`
PROGRAM_LV=0
CheckUpdates
# Reset everything if we can't determine our current version or the latest
# available version (due lack of internet connectivity for example)
if [ "${PROGRAM_AC}" = "" -o "${PROGRAM_LV}" = "" ]; then
# Set both to safe values
PROGRAM_AC=0; PROGRAM_LV=0
fi
echo ""; echo " == ${WHITE}${PROGRAM_name}${NORMAL} =="
echo ""
echo " Version : ${PROGRAM_version}"
echo -n " Status : "
if [ ${PROGRAM_LV} -eq 0 ]; then
echo "${RED}Unknown${NORMAL}";
elif [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
echo "${YELLOW}Outdated${NORMAL}";
echo " Current version : ${PROGRAM_AC}"
echo " Latest version : ${PROGRAM_LV}"
else
echo "${GREEN}Up-to-date${NORMAL}"
fi
echo " Release date : ${PROGRAM_releasedate}"
echo " Update location : ${PROGRAM_website}"
echo ""; echo ""
echo "${PROGRAM_copyright}"
echo ""
# Quit program
ExitClean
else
Display --indent 2 --text "${RED}Error: ${WHITE}Unknown parameter $1.${NORMAL} Aborting.."
ExitFatal
fi
# The End

27
include/parameters
View File

@ -23,6 +23,7 @@
PARAMCOUNT=$# PARAMCOUNT=$#
while [ $# -ge 1 ]; do while [ $# -ge 1 ]; do
case $1 in case $1 in
# Helpers first
audit) audit)
CHECK_BINARIES=0 CHECK_BINARIES=0
RUN_HELPERS=1 RUN_HELPERS=1
@ -63,6 +64,28 @@
#break #break
;; ;;
# Helpers first
update)
CHECK_BINARIES=0
RUN_HELPERS=1
HELPER="update"
RUN_PLUGINS=0
RUN_TESTS=0
SHOW_PROGRAM_DETAILS=0
if [ ! $2 = "" ]; then
shift
HELPER_PARAMS="$1 $2"
break
else
Display --text "${RED}Error: ${WHITE}Need a target for update${NORMAL}"
Display --text " "
Display --text "Examples:"
Display --text "lynis update info"
Display --text "lynis update release"
ExitFatal
fi
;;
# Assign auditor to report # Assign auditor to report
--auditor) --auditor)
shift shift
@ -102,7 +125,9 @@
# View program/database information # View program/database information
--check-update | --check-updates | --info) --check-update | --check-updates | --info)
VIEWUPDATEINFO=1 echo "This option is deprecated"
echo "Use: lynis update info"
ExitClean
;; ;;
# License key for Lynis Enterprise # License key for Lynis Enterprise

30
include/profiles
View File

@ -147,6 +147,36 @@
if [ "${VALUE}" = "full" ]; then SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="YES"; SCAN_TEST_HEAVY="YES"; fi if [ "${VALUE}" = "full" ]; then SCAN_TEST_LIGHT="YES"; SCAN_TEST_MEDIUM="YES"; SCAN_TEST_HEAVY="YES"; fi
;; ;;
# Server IP or hostname
update_server_address)
UPDATE_SERVER_ADDRESS="${VALUE}"
;;
# Protocol (http, https)
update_server_protocol)
UPDATE_SERVER_PROTOCOL="${VALUE}"
;;
# File path to tarball on server
update_latest_version_download)
UPDATE_LATEST_VERSION_DOWNLOAD="${VALUE}"
;;
# File path to information file
update_latest_version_info)
UPDATE_LATEST_VERSION_INFO="${VALUE}"
;;
# Local directory where lynis directory will be placed
update_local_directory)
UPDATE_LOCAL_DIRECTORY="${VALUE}"
;;
# Local file to maintain current version
update_local_version_info)
UPDATE_LOCAL_VERSION_INFO="${VALUE}"
;;
# Options during upload of data # Options during upload of data
upload_options) upload_options)
UPLOAD_OPTIONS="${VALUE}" UPLOAD_OPTIONS="${VALUE}"

2
include/tests_accounting
View File

@ -226,7 +226,7 @@
if [ -f /etc/ld.so.preload ]; then if [ -f /etc/ld.so.preload ]; then
logtext "Result: found /etc/ld.so.preload, testing if snoopy.so is listed" logtext "Result: found /etc/ld.so.preload, testing if snoopy.so is listed"
FIND=`grep ${FILE} /etc/ld.so.preload` FIND=`grep ${FILE} /etc/ld.so.preload`
if [ !"${FIND}" = "" ]; then if [ ! "${FIND}" = "" ]; then
logtext "Result: found snoopy in ld.so.preload" logtext "Result: found snoopy in ld.so.preload"
logtext "Output: ${FIND}" logtext "Output: ${FIND}"
Display --indent 6 --text "- Library in ld.so.preload" --result "LOADED" --color GREEN Display --indent 6 --text "- Library in ld.so.preload" --result "LOADED" --color GREEN

63
lynis
View File

@ -23,7 +23,7 @@
# Program information # Program information
PROGRAM_name="Lynis" PROGRAM_name="Lynis"
PROGRAM_version="2.1.1" PROGRAM_version="2.1.1"
PROGRAM_releasedate="19 April 2015" PROGRAM_releasedate="29 April 2015"
PROGRAM_author="CISOfy" PROGRAM_author="CISOfy"
PROGRAM_author_contact="lynis-dev@cisofy.com" PROGRAM_author_contact="lynis-dev@cisofy.com"
PROGRAM_website="https://cisofy.com" PROGRAM_website="https://cisofy.com"
@ -134,7 +134,7 @@
echo "" echo ""
echo " Why do I see this error?" echo " Why do I see this error?"
echo " -------------------------------" echo " -------------------------------"
echo " This error is a protection mechanism, to prevent root user from executing user created files." echo " This is a protection mechanism, to prevent the root user from executing user created files."
echo ""; echo "" echo ""; echo ""
echo " What can I do?" echo " What can I do?"
echo " ---------------------" echo " ---------------------"
@ -226,55 +226,6 @@
# CV - Current Version # CV - Current Version
PROGRAM_AC=`echo ${PROGRAM_version} | awk '{ print $1 }' | sed 's/[.]//g'` PROGRAM_AC=`echo ${PROGRAM_version} | awk '{ print $1 }' | sed 's/[.]//g'`
PROGRAM_LV=0 PROGRAM_LV=0
#DB_MALWARE_CV=`grep "^#version=" ${DBDIR}/malware.db | cut -d '=' -f2`
#DB_FILEPERMS_CV=`grep "^#version=" ${DBDIR}/fileperms.db | cut -d '=' -f2`
# Number of signatures
#DB_MALWARE_IC=`grep -v "^#" ${DBDIR}/malware.db | wc -l | tr -s ' ' | tr -d ' '`
if [ ${VIEWUPDATEINFO} -eq 1 ]; then
CheckUpdates
# Reset everything if we can't determine our current version or the latest
# available version (due lack of internet connectivity for example)
if [ "${PROGRAM_AC}" = "" -o "${PROGRAM_LV}" = "" ]; then
# Set both to safe values
PROGRAM_AC=0; PROGRAM_LV=0
#DB_MALWARE_LV=0; DB_MALWARE_CV=0
#DB_FILEPERMS_LV=0; DB_FILEPERMS_CV=0
fi
echo ""; echo " == ${WHITE}${PROGRAM_name}${NORMAL} =="; echo ""
echo " Version : ${PROGRAM_version}"
echo -n " Status : "
if [ ${PROGRAM_LV} -eq 0 ]; then
echo "${RED}Unknown${NORMAL}";
elif [ ${PROGRAM_LV} -gt ${PROGRAM_AC} ]; then
echo "${YELLOW}Outdated${NORMAL}";
echo " Current version : ${PROGRAM_AC}"
echo " Latest version : ${PROGRAM_LV}"
else
echo "${GREEN}Up-to-date${NORMAL}"
fi
echo " Release date : ${PROGRAM_releasedate}"
echo " Update location : ${PROGRAM_website}"
# echo ""
# echo " == ${WHITE}Plugins${NORMAL} =="
# echo ""
# echo " == ${WHITE}Databases${NORMAL} =="
# echo " Current Latest Status"
# echo " -----------------------------------------------------------------------------"
# echo -n " Malware : ${DB_MALWARE_CV} ${DB_MALWARE_LV} "
# if [ ${DB_MALWARE_LV} -gt ${DB_MALWARE_CV} ]; then echo "${WARNING}Outdated${NORMAL}"; else echo "${OK}Up-to-date${NORMAL}"; fi
# echo -n " File perms : ${DB_FILEPERMS_CV} ${DB_FILEPERMS_LV} "
# if [ ${DB_FILEPERMS_LV} -gt ${DB_FILEPERMS_CV} ]; then echo "${WARNING}Outdated${NORMAL}"; else echo "${OK}Up-to-date${NORMAL}"; fi
echo ""; echo ""
echo "${PROGRAM_copyright}"; echo ""
# Quit program
ExitClean
fi
# #
################################################################################# #################################################################################
# #
@ -394,8 +345,11 @@
echo " audit system : Perform security scan" echo " audit system : Perform security scan"
echo " audit dockerfile <file> : Analyze Dockerfile" echo " audit dockerfile <file> : Analyze Dockerfile"
echo "" echo ""
echo " ${GREEN}update${NORMAL}"
echo " update info : Show update details"
echo " update release : Update Lynis release"
echo ""
echo "" echo ""
echo " ${WHITE}Scan options:${NORMAL}" echo " ${WHITE}Scan options:${NORMAL}"
echo " --auditor \"<name>\" : Auditor name" echo " --auditor \"<name>\" : Auditor name"
echo " --dump-options : See all available options" echo " --dump-options : See all available options"
@ -412,7 +366,6 @@
echo " --reverse-colors : Optimize color display for light backgrounds" echo " --reverse-colors : Optimize color display for light backgrounds"
echo "" echo ""
echo " ${WHITE}Misc options:${NORMAL}" echo " ${WHITE}Misc options:${NORMAL}"
echo " --check-update : Check for updates"
echo " --debug : Debug logging to screen" echo " --debug : Debug logging to screen"
echo " --view-manpage (--man) : View man page" echo " --view-manpage (--man) : View man page"
echo " --version (-V) : Display version number and quit" echo " --version (-V) : Display version number and quit"
@ -529,7 +482,7 @@
# #
################################################################################# #################################################################################
# #
if [ ${QUIET} -eq 0 ]; then if [ ${QUIET} -eq 0 -a ${SHOW_PROGRAM_DETAILS} -eq 1 ]; then
echo "" echo ""
echo " ---------------------------------------------------" echo " ---------------------------------------------------"
echo " Program version: ${PROGRAM_version}" echo " Program version: ${PROGRAM_version}"
@ -834,12 +787,12 @@
################################################################################# #################################################################################
# #
if [ ${RUN_HELPERS} -eq 1 ]; then if [ ${RUN_HELPERS} -eq 1 ]; then
InsertPluginSection "Audit Module"
if [ ! "${HELPER}" = "" ]; then if [ ! "${HELPER}" = "" ]; then
logtext "Helper tool is $HELPER" logtext "Helper tool is $HELPER"
if [ -f ${INCLUDEDIR}/helper_${HELPER} ]; then if [ -f ${INCLUDEDIR}/helper_${HELPER} ]; then
SafePerms ${INCLUDEDIR}/helper_${HELPER} SafePerms ${INCLUDEDIR}/helper_${HELPER}
logtext "Running helper tool ${HELPER} with params: ${HELPER_PARAMS}" logtext "Running helper tool ${HELPER} with params: ${HELPER_PARAMS}"
InsertPluginSection "Helper: ${HELPER}"
. ${INCLUDEDIR}/helper_${HELPER} ${HELPER_PARAMS} . ${INCLUDEDIR}/helper_${HELPER} ${HELPER_PARAMS}
else else
echo "Error, could not find helper" echo "Error, could not find helper"

47
lynis.8
View File

@ -1,4 +1,4 @@
.TH Lynis 8 "30 January 2015" "1.17" "Unix System Administrator's Manual" .TH Lynis 8 "30 April 2015" "1.18" "Unix System Administrator's Manual"
.SH "NAME" .SH "NAME"
@ -16,13 +16,13 @@ Lynis \fP\- Run an system and security audit on the system
.fi .fi
.SH "DESCRIPTION" .SH "DESCRIPTION"
\fBLynis\fP is an auditing tool for Unix (specialists). It checks the system \fBLynis\fP is a security auditing tool for Linux and Unix systems. It checks
and software configuration and logs all the found information into a log file the system and software configurations, to determine any improvements.
for debugging purposes, and in a report file suitable to create fancy looking All details are logged in a log file. Findings and other data is stored in a
auditing reports. report file, which can be used to create auditing reports.
\fBLynis\fP can be run as a cronjob, or from the command line. It needs to have \fBLynis\fP can be run as a cronjob, or from the command line. Lynis prefers
full access to the system, so running it as root (or with sudo rights) is root permissions (or sudo), so it can access all parts of the system, however it
required. not required (see pentest mode).
.PP .PP
The following system areas may be checked: The following system areas may be checked:
.IP .IP
@ -30,7 +30,7 @@ The following system areas may be checked:
.IP .IP
\- Configuration files \- Configuration files
.IP .IP
\- Common files by software packages \- Files part of software packages
.IP .IP
\- Directories and files related to logging and auditing \- Directories and files related to logging and auditing
.SH "OPTIONS" .SH "OPTIONS"
@ -39,7 +39,6 @@ The following system areas may be checked:
.B \-\-auditor <full name> .B \-\-auditor <full name>
Define the name of the auditor/pen-tester. When a full name is used, add double Define the name of the auditor/pen-tester. When a full name is used, add double
quotes, like "Your Name". quotes, like "Your Name".
.TP .TP
.B \-\-checkall (or \-c) .B \-\-checkall (or \-c)
\fBLynis\fP performs a full check of the system, printing out the results of \fBLynis\fP performs a full check of the system, printing out the results of
@ -48,9 +47,6 @@ each test to stdout. Additional information will be saved into a log file
.IP .IP
In case the outcome of a scan needs to be automated, use the report file. In case the outcome of a scan needs to be automated, use the report file.
.TP .TP
.B \-\-check\-update (or \-\-info)
Show program, database and update information.
.TP
.B \-\-cronjob .B \-\-cronjob
Perform automatic scan with cron safe options (no colors, no questions, no Perform automatic scan with cron safe options (no colors, no questions, no
breaks). breaks).
@ -115,14 +111,33 @@ with others. When running Lynis without any parameters, help will be shown and
the program will exit. the program will exit.
.RE .RE
.PP .PP
.SH "HELPERS"
Lynis has special helpers to do certain tasks. This way the framework of Lynis is
used, while at the same time storing most of the functionality in a separated
file. This speeds up execution and keeps the code clean.
.TP
.B audit
Run audit on the system or on other targets
.TP
.B update
Run updater utility
.TP
To use a helper, run Lynis followed by the helper name
.RE
.PP
.SH "BUGS" .SH "BUGS"
Discovered a bug? Please report them via e-mail (lynis-dev@cisofy.com) or via GitHub: https://github.com/CISOfy/Lynis Discovered a bug? Please report them via GitHub: https://github.com/CISOfy/lynis
.RE
.PP
.SH "Documentation"
Supporting documentation can be found via https://cisofy.com/documentation/lynis/
.RE .RE
.PP .PP
.SH "LICENSING" .SH "LICENSING"
Lynis is licensed with the GPL v3 license and under development by CISOfy and Michael Boelen. Plugins have their own license. Lynis is licensed as GPL v3, written by Michael Boelen and supported by CISOfy. Plugins may have their own license.
.RE .RE
.PP .PP
.SH "CONTACT INFORMATION" .SH "CONTACT INFORMATION"
Support and project related questions are addressed via https://cisofy.com/support/. Support requests and project related questions can be addressed via e-mail: lynis-dev@cisofy.com.