tyler.durden
/
lynis
mirror of https://github.com/CISOfy/lynis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Test if loghost is not localhost 

On Solaris, the name loghost can be used to point to remote log servers.
By default loghost is configured to 127.0.0.1, logging to the local
machine.

Thus a new test - LOGG-2153 - is created to test if loghost is not
localhost and LOGG-2154 is modified to ignore @loghost lines if loghost
is localhost.
This commit is contained in:
Simon Biewald 2020-08-09 02:35:26 +00:00
parent 7df0b8618b
commit 1f3d0956a7
2 changed files with 32 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
db/tests.db
View File

@ -228,6 +228,7 @@ LOGG-2146:test:security:logging::Checking logrotate.conf and logrotate.d:
LOGG-2148:test:security:logging::Checking logrotated files: LOGG-2148:test:security:logging::Checking logrotated files:
LOGG-2150:test:security:logging::Checking directories in logrotate configuration: LOGG-2150:test:security:logging::Checking directories in logrotate configuration:
LOGG-2152:test:security:logging::Checking loghost: LOGG-2152:test:security:logging::Checking loghost:
LOGG-2153:test:security:logging::Checking loghost is not localhost:
LOGG-2154:test:security:logging::Checking syslog configuration file: LOGG-2154:test:security:logging::Checking syslog configuration file:
LOGG-2160:test:security:logging::Checking /etc/newsyslog.conf: LOGG-2160:test:security:logging::Checking /etc/newsyslog.conf:
LOGG-2162:test:security:logging::Checking directories in /etc/newsyslog.conf: LOGG-2162:test:security:logging::Checking directories in /etc/newsyslog.conf:

33
include/tests_logging
View File

@ -28,7 +28,9 @@
METALOG_RUNNING=0 METALOG_RUNNING=0
RFC3195D_RUNNING=0 RFC3195D_RUNNING=0
RSYSLOG_RUNNING=0 RSYSLOG_RUNNING=0
SOLARIS_LOGHOST=""
SOLARIS_LOGHOST_FOUND=0 SOLARIS_LOGHOST_FOUND=0
SOLARIS_LOGHOST_LOCALHOST=0
SYSLOG_DAEMON_PRESENT=0 SYSLOG_DAEMON_PRESENT=0
SYSLOG_DAEMON_RUNNING=0 SYSLOG_DAEMON_RUNNING=0
SYSLOG_NG_RUNNING=0 SYSLOG_NG_RUNNING=0
@ -305,6 +307,7 @@
LogText "Result: Checking for loghost in /etc/inet/hosts" LogText "Result: Checking for loghost in /etc/inet/hosts"
FIND=$(${GREPBINARY} loghost /etc/inet/hosts | ${GREPBINARY} -v "^#") FIND=$(${GREPBINARY} loghost /etc/inet/hosts | ${GREPBINARY} -v "^#")
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
SOLARIS_LOGHOST="${FIND}"
SOLARIS_LOGHOST_FOUND=1 SOLARIS_LOGHOST_FOUND=1
LogText "Result: Found loghost entry in /etc/inet/hosts" LogText "Result: Found loghost entry in /etc/inet/hosts"
else else
@ -314,6 +317,7 @@
LogText "Result: Checking for loghost via name resolving" LogText "Result: Checking for loghost via name resolving"
FIND=$(getent hosts loghost | ${GREPBINARY} loghost) FIND=$(getent hosts loghost | ${GREPBINARY} loghost)
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
SOLARIS_LOGHOST="${FIND"
SOLARIS_LOGHOST_FOUND=1 SOLARIS_LOGHOST_FOUND=1
LogText "Result: name resolving was successful" LogText "Result: name resolving was successful"
LogText "Output: ${FIND}" LogText "Output: ${FIND}"
@ -334,6 +338,26 @@
fi fi
# #
################################################################################# #################################################################################
#
# Test : LOGG-2153
# Description : Check Solaris 'loghost' entry is not localhost, meaning
# remote logging is not configured.
if [ ${SOLARIS_LOGHOST_FOUND} -eq 1 ] && [ -n "${SOLARIS_LOGHOST}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
Register --test-no LOGG-2153 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Checking loghost is localhost"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(echo "${SOLARIS_LOGHOST}" | ${AWKBINARY} '{ print $1 }' | ${EGREPBINARY} "::1|127.0.0.1|127.1")
if [ -n "${FIND}" ]; then
SOLARIS_LOGHOST_LOCALHOST=1
LogText "Result: loghost entry is localhost (default)"
Display --indent 4 --text "- Checking loghost entry is localhost" --result "${STATUS_YES}" --color YELLOW
ReportSuggestion "${TEST_NO}" "Set loghost entry to a remote location to enable remote logging."
else
Display --indent 4 --text "- Checking loghost entry is localhost" --result "${STATUS_NO}" --color GREEN
fi
fi
#
#################################################################################
# #
# Test : LOGG-2154 # Test : LOGG-2154
# Description : Check to see if remote logging is enabled # Description : Check to see if remote logging is enabled
@ -402,8 +426,13 @@
LogText "Test: check if logs are also logged to a remote logging host" LogText "Test: check if logs are also logged to a remote logging host"
FIND=$(${EGREPBINARY} "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@") FIND=$(${EGREPBINARY} "@[a-zA-Z0-9]|destination\s.+(udp|tcp).+\sport" ${SYSLOGD_CONF} | ${GREPBINARY} -v "^#" | ${GREPBINARY} -v "[a-zA-Z0-9]@")
if [ -n "${FIND}" ]; then if [ -n "${FIND}" ]; then
LogText "Result: remote logging enabled" FIND2=$(echo "${FIND}" | ${GREPBINARY} -v "@loghost")
REMOTE_LOGGING_ENABLED=1 if [ SOLARIS_LOGHOST_LOCALHOST -eq 1 ] && [ -z "${FIND2}" ]; then
LogText "Result: remote logging enabled to loghost, but loghost is localhost"
else
LogText "Result: remote logging enabled"
REMOTE_LOGGING_ENABLED=1
fi
else else
# Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination # Search for configured destinations with an IP address or hostname, then determine which ones are used as a log destination
DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${EGREPBINARY} "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}') DESTINATIONS=$(${GREPBINARY} "^destination" ${SYSLOGD_CONF} | ${EGREPBINARY} "(udp|tcp)" | ${GREPBINARY} "port" | ${AWKBINARY} '{print $2}')