tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Pin svc mgr (#506) 

* systemctl does not mean systemd is used

* Check for systemd active

* determine service manager if not already set
This commit is contained in:
mslifcak 2018-01-17 09:56:19 -05:00 committed by Michael Boelen
parent bc571054c4
commit 173843bdfd
3 changed files with 29 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/binaries
View File

@ -213,7 +213,7 @@
ssh-keyscan) SSHKEYSCANBINARY="${BINARY}"; LogText " Found known binary: ssh-keyscan (scanner for SSH keys) - ${BINARY}" ;;
sysctl) SYSCTLBINARY="${BINARY}"; LogText " Found known binary: sysctl (kernel parameters) - ${BINARY}" ;;
syslog-ng) SYSLOGNGBINARY="${BINARY}"; SYSLOGNGVERSION=$(${BINARY} -V 2>&1 | grep "^syslog-ng" | awk '{ print $2 }'); LogText "Found ${BINARY} (version ${SYSLOGNGVERSION})" ;;
systemctl) SYSTEMCTLBINARY="${BINARY}"; SERVICE_MANAGER="systemd"; HAS_SYSTEMD=1; LogText " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
systemctl) SYSTEMCTLBINARY="${BINARY}"; SERVICE_MANAGER="systemd"; LogText " Found known binary: systemctl (client to systemd) - ${BINARY}" ;;
timedatectl) TIMEDATECTL="${BINARY}"; LogText " Found known binary: timedatectl (timedate client) - ${BINARY}" ;;
tr) TRBINARY="${BINARY}"; LogText " Found known binary: tr (text transformation) - ${BINARY}" ;;
tripwire) TRIPWIREBINARY="${BINARY}"; LogText " Found known binary: tripwire (file integrity) - ${BINARY}" ;;

46
include/tests_boot_services
View File

@ -30,7 +30,9 @@
BOOT_LOADER_FOUND=0
BOOT_LOADER_SEARCHED=0
GRUB_VERSION=0
SERVICE_MANAGER="unknown"
if [ -z "${SERVICE_MANAGER}" ]; then
SERVICE_MANAGER="unknown"
fi
#
#################################################################################
#
@ -85,27 +87,29 @@
if [ ! -z "${FILENAME}" ]; then
SHORTNAME=$(echo ${FILENAME} | ${AWKBINARY} -F/ '{ print $NF }')
LogText "Found: ${SHORTNAME}"
case ${SHORTNAME} in
"init" | "initsplash")
SERVICE_MANAGER="SysV Init"
;;
systemd)
SERVICE_MANAGER="systemd"
;;
upstart)
SERVICE_MANAGER="upstart"
;;
*)
CONTAINS_SYSTEMD=$(echo ${SHORTNAME} | ${GREPBINARY} "systemd")
if [ ! -z "${CONTAINS_SYSTEMD}" ]; then
if [ "${SERVICE_MANAGER}" = "unknown" ]; then
case ${SHORTNAME} in
"init" | "initsplash")
SERVICE_MANAGER="SysV Init"
;;
systemd)
SERVICE_MANAGER="systemd"
else
LogText "Found ${SHORTNAME}. Unclear what service manager this is"
ReportException "${TEST_NO}:001" "Unknown service manager"
fi
;;
esac
;;
upstart)
SERVICE_MANAGER="upstart"
;;
*)
CONTAINS_SYSTEMD=$(echo ${SHORTNAME} | ${GREPBINARY} "systemd")
if [ ! -z "${CONTAINS_SYSTEMD}" ]; then
SERVICE_MANAGER="systemd"
else
LogText "Found ${SHORTNAME}. Unclear what service manager this is"
ReportException "${TEST_NO}:001" "Unknown service manager"
fi
;;
esac
fi
else
LogText "Result: /proc/1/cmdline seems to be empty"
ReportException "${TEST_NO}:002" "No data found in /proc/1/cmdline"

14
lynis
View File

@ -788,22 +788,14 @@ ${NORMAL}
#
#################################################################################
#
# Check for systemd presence (already tested via binaries: systemctl)
if [ ${HAS_SYSTEMD} -eq 0 ]; then
FOUND=0
# Backup option to do additional testing for systemd
LIST="${ROOTDIR}lib/systemd/system"; for ITEM in ${LIST}; do if [ -d ${ITEM} ]; then FOUND=1; break; fi; done
LIST="${ROOTDIR}usr/lib/systemd/systemd"
if [ ${FOUND} -eq 0 ]; then for ITEM in ${LIST}; do if [ -f ${ITEM} ]; then FOUND=1; break; fi; done; fi
else
FOUND=1
fi
if [ ${FOUND} -eq 1 ]; then
# Check for systemd active
if [ -d /run/systemd/system ]; then
LogText "Result: system is using systemd"
HAS_SYSTEMD=1
Report "systemd=1"
else
LogText "Result: systemd not found"
HAS_SYSTEMD=0
Report "systemd=0"
fi
#